[Git][security-tracker-team/security-tracker][master] automatic update

Salvatore Bonaccorso (@carnil) Mon, 15 Jan 2024 12:12:24 -0800


Salvatore Bonaccorso pushed to branch master at Debian Security Tracker / 
security-tracker



Commits:
f9718507 by security tracker role at 2024-01-15T20:12:03+00:00
automatic update

- - - - -


1 changed file:

- data/CVE/list


Changes:

=====================================
data/CVE/list
=====================================
@@ -1,3 +1,75 @@
+CVE-2024-22207 (fastify-swagger-ui is a Fastify plugin for serving Swagger UI. 
 Prior  ...)
+       TODO: check
+CVE-2024-20721 (Acrobat Reader T5 (MSFT Edge) versions 120.0.2210.91 and 
earlier are a ...)
+       TODO: check
+CVE-2024-20709 (Acrobat Reader T5 (MSFT Edge) versions 120.0.2210.91 and 
earlier are a ...)
+       TODO: check
+CVE-2024-0565 (An out-of-bounds memory read flaw was found in 
receive_encrypted_stand ...)
+       TODO: check
+CVE-2024-0562 (A use-after-free flaw was found in the Linux Kernel. When a 
disk is re ...)
+       TODO: check
+CVE-2024-0558 (A vulnerability has been found in DedeBIZ 6.3.0 and classified 
as crit ...)
+       TODO: check
+CVE-2024-0557 (A vulnerability, which was classified as problematic, was found 
in Ded ...)
+       TODO: check
+CVE-2024-0320 (Cross-Site Scripting in FireEye Malware Analysis (AX) affecting 
versio ...)
+       TODO: check
+CVE-2024-0319 (Open Redirect vulnerability in FireEye HXTool affecting version 
4.6, t ...)
+       TODO: check
+CVE-2024-0318 (Cross-Site Scripting in FireEye HXTool affecting version 4.6. 
This vul ...)
+       TODO: check
+CVE-2024-0317 (Cross-Site Scripting in FireEye EX, affecting version 
9.0.3.936727. Ex ...)
+       TODO: check
+CVE-2024-0316 (Improper cleanup vulnerability in exceptions thrown in FireEye 
Endpoin ...)
+       TODO: check
+CVE-2024-0315 (Remote file inclusion vulnerability in FireEye Central 
Management affe ...)
+       TODO: check
+CVE-2024-0314 (XSS vulnerability in FireEye Central Management affecting 
version 9.1. ...)
+       TODO: check
+CVE-2023-6991 (The JSM file_get_contents() Shortcode WordPress plugin before 
2.7.1 do ...)
+       TODO: check
+CVE-2023-6941 (The Keap Official Opt-in Forms WordPress plugin through 1.0.11 
does no ...)
+       TODO: check
+CVE-2023-6915 (A Null pointer dereference problem was found in ida_free in 
lib/idr.c  ...)
+       TODO: check
+CVE-2023-6843 (The easy.jobs- Best Recruitment Plugin for Job Board Listing, 
Manager, ...)
+       TODO: check
+CVE-2023-6623 (The Essential Blocks WordPress plugin before 4.4.3 does not 
prevent un ...)
+       TODO: check
+CVE-2023-6620 (The POST SMTP Mailer WordPress plugin before 2.8.7 does not 
properly s ...)
+       TODO: check
+CVE-2023-6163 (The WP Crowdfunding WordPress plugin before 2.1.10 does not 
sanitise a ...)
+       TODO: check
+CVE-2023-6066 (The WP Custom Widget area WordPress plugin through 1.2.5 does 
not prop ...)
+       TODO: check
+CVE-2023-6050 (The Estatik Real Estate Plugin WordPress plugin before 4.1.1 
does not  ...)
+       TODO: check
+CVE-2023-6049 (The Estatik Real Estate Plugin WordPress plugin before 4.1.1 
unseriali ...)
+       TODO: check
+CVE-2023-6048 (The Estatik Real Estate Plugin WordPress plugin before 4.1.1 
does not  ...)
+       TODO: check
+CVE-2023-6029 (The EazyDocs WordPress plugin before 2.3.6 does not have 
authorization ...)
+       TODO: check
+CVE-2023-5905 (The DeMomentSomTres WordPress Export Posts With Images 
WordPress plugi ...)
+       TODO: check
+CVE-2023-5253 (A missing authentication check in the WebSocket channel used 
for the C ...)
+       TODO: check
+CVE-2023-50729 (Traccar is an open source GPS tracking system. Prior to 5.11, 
Traccar  ...)
+       TODO: check
+CVE-2023-4925 (The Easy Forms for Mailchimp WordPress plugin through 6.8.10 
does not  ...)
+       TODO: check
+CVE-2023-4818 (PAX A920 device allows to downgrade bootloader due to a bug in 
its ver ...)
+       TODO: check
+CVE-2023-46226 (Remote Code Execution vulnerability in Apache IoTDB.This issue 
affects ...)
+       TODO: check
+CVE-2023-42137 (PAX Android based POS devices with 
PayDroid_8.1.0_Sagittarius_V11.1.50 ...)
+       TODO: check
+CVE-2023-42136 (PAX Android based POS devices with 
PayDroid_8.1.0_Sagittarius_V11.1.50 ...)
+       TODO: check
+CVE-2023-42135 (PAX A920Pro/A50 devices with 
PayDroid_8.1.0_Sagittarius_V11.1.50_20230 ...)
+       TODO: check
+CVE-2023-42134 (PAX Android based POS devices with 
PayDroid_8.1.0_Sagittarius_V11.1.45 ...)
+       TODO: check
 CVE-2023-6237 [openssl: Checking excessively long invalid RSA public keys may 
take a long time]
        - openssl <unfixed> (bug #1060858)
        [bookworm] - openssl <no-dsa> (Minor issue)
@@ -233,9 +305,9 @@ CVE-2023-33472 (An issue was discovered in Scada-LTS 
v2.7.5.2 build 4551883606 a
        NOT-FOR-US: Scada-LTS
 CVE-2022-4962 (A vulnerability was found in Apollo 2.0.0/2.0.1 and classified 
as prob ...)
        NOT-FOR-US: Apollo
-CVE-2023-50290
+CVE-2023-50290 (Exposure of Sensitive Information to an Unauthorized Actor 
vulnerabili ...)
        - lucene-solr <not-affected> (Vulnerable code not yet present)
-CVE-2023-46749
+CVE-2023-46749 (Apache Shiro before 1.130 or 2.0.0-alpha-4, may be susceptible 
to a pa ...)
        - shiro <unfixed> (bug #1060754)
        NOTE: https://www.openwall.com/lists/oss-security/2024/01/12/2
 CVE-2024-0232 [use-after-free bug in jsonParseAddNodeArray]
@@ -860,7 +932,7 @@ CVE-2022-47965 (The issue was addressed with improved 
memory handling. This issu
        NOT-FOR-US: Apple
 CVE-2022-47915 (The issue was addressed with improved memory handling. This 
issue is f ...)
        NOT-FOR-US: Apple
-CVE-2023-4001 [bypass the GRUB password protection feature]
+CVE-2023-4001 (An authentication bypass flaw was found in GRUB due to the way 
that GR ...)
        - grub2 <not-affected> (Specific to a downstream patch in Red Hat)
        NOTE: https://bugzilla.redhat.com/show_bug.cgi?id=2224951
        NOTE: https://bugzilla.redhat.com/show_bug.cgi?id=2223437
@@ -188254,7 +188326,8 @@ CVE-2018-25014 (A use of uninitialized value was 
found in libwebp in versions be
        NOTE: https://bugs.chromium.org/p/oss-fuzz/issues/detail?id=9496
 CVE-2021-3534
        REJECTED
-CVE-2021-3533 (A flaw was found in Ansible if an ansible user sets 
ANSIBLE_ASYNC_DIR  ...)
+CVE-2021-3533
+       REJECTED
        - ansible <unfixed> (bug #1014857)
        [bookworm] - ansible <postponed> (Minor issue, revisit when/if fixed 
upstream)
        [bullseye] - ansible <postponed> (Minor issue, revisit when/if fixed 
upstream)
@@ -188292,7 +188365,8 @@ CVE-2021-32013 (SheetJS and SheetJS Pro through 
0.16.9 allows attackers to cause
        NOT-FOR-US: SheetJS
 CVE-2021-32012 (SheetJS and SheetJS Pro through 0.16.9 allows attackers to 
cause a den ...)
        NOT-FOR-US: SheetJS
-CVE-2021-3532 (A flaw was found in Ansible where the secret information 
present in as ...)
+CVE-2021-3532
+       REJECTED
        - ansible <unfixed> (bug #1014722)
        [bookworm] - ansible <postponed> (Minor issue, revisit when/if fixed 
upstream)
        [bullseye] - ansible <postponed> (Minor issue, revisit when/if fixed 
upstream)



View it on GitLab: 
https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/f971850781cda3fedb5908dc0b0a7a0f8f52cc6c

-- 
View it on GitLab: 
https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/f971850781cda3fedb5908dc0b0a7a0f8f52cc6c
You're receiving this email because of your account on salsa.debian.org.

_______________________________________________
debian-security-tracker-commits mailing list
[email protected]
https://alioth-lists.debian.net/cgi-bin/mailman/listinfo/debian-security-tracker-commits

[Git][security-tracker-team/security-tracker][master] automatic update

Reply via email to