Salvatore Bonaccorso pushed to branch master at Debian Security Tracker /
security-tracker
Commits:
683fa915 by security tracker role at 2024-01-18T20:12:03+00:00
automatic update
- - - - -
1 changed file:
- data/CVE/list
Changes:
=====================================
data/CVE/list
=====================================
@@ -1,3 +1,61 @@
+CVE-2024-22819 (FlyCms v1.0 contains a Cross-Site Request Forgery (CSRF)
vulnerability ...)
+ TODO: check
+CVE-2024-22818 (FlyCms v1.0 contains a Cross-Site Request Forgery (CSRF)
vulnerbility ...)
+ TODO: check
+CVE-2024-22817 (FlyCms v1.0 contains a Cross-Site Request Forgery (CSRF)
vulnerability ...)
+ TODO: check
+CVE-2024-22699 (FlyCms v1.0 contains a Cross-Site Request Forgery (CSRF)
vulnerability ...)
+ TODO: check
+CVE-2024-22603 (FlyCms v1.0 contains a Cross-Site Request Forgery (CSRF)
vulnerability ...)
+ TODO: check
+CVE-2024-22601 (FlyCms v1.0 contains a Cross-Site Request Forgery (CSRF)
vulnerability ...)
+ TODO: check
+CVE-2024-22593 (FlyCms v1.0 contains a Cross-Site Request Forgery (CSRF)
vulnerability ...)
+ TODO: check
+CVE-2024-22592 (FlyCms v1.0 contains a Cross-Site Request Forgery (CSRF)
vulnerability ...)
+ TODO: check
+CVE-2024-22591 (FlyCms v1.0 contains a Cross-Site Request Forgery (CSRF)
vulnerability ...)
+ TODO: check
+CVE-2024-22568 (FlyCms v1.0 contains a Cross-Site Request Forgery (CSRF)
vulnerability ...)
+ TODO: check
+CVE-2024-22549 (FlyCms 1.0 is vulnerable to Cross Site Scripting (XSS) in the
email se ...)
+ TODO: check
+CVE-2024-22548 (FlyCms 1.0 is vulnerable to Cross Site Scripting (XSS) in the
system w ...)
+ TODO: check
+CVE-2024-22419 (Vyper is a Pythonic Smart Contract Language for the Ethereum
Virtual M ...)
+ TODO: check
+CVE-2024-22400 (Nextcloud User Saml is an app for authenticating Nextcloud
users using ...)
+ TODO: check
+CVE-2024-22317 (IBM App Connect Enterprise 11.0.0.1 through 11.0.0.24 and
12.0.1.0 thr ...)
+ TODO: check
+CVE-2024-22213 (Deck is a kanban style organization tool aimed at personal
planning an ...)
+ TODO: check
+CVE-2024-22212 (Nextcloud Global Site Selector is a tool which allows you to
run multi ...)
+ TODO: check
+CVE-2024-0694
+ REJECTED
+CVE-2024-0669 (A Cross-Frame Scripting vulnerability has been found on Plone
CMS affe ...)
+ TODO: check
+CVE-2024-0580 (Omission of user-controlled key authorization in the
IDMSistemas platf ...)
+ TODO: check
+CVE-2023-7153 (Improper Neutralization of Input During Web Page Generation
('Cross-si ...)
+ TODO: check
+CVE-2023-5806 (Improper Neutralization of Special Elements used in an SQL
Command ('S ...)
+ TODO: check
+CVE-2023-51464 (Adobe Experience Manager versions 6.5.18 and earlier are
affected by a ...)
+ TODO: check
+CVE-2023-51463 (Adobe Experience Manager versions 6.5.18 and earlier are
affected by a ...)
+ TODO: check
+CVE-2023-49943 (Zoho ManageEngine ServiceDesk Plus MSP before 14504 allows
stored XSS ...)
+ TODO: check
+CVE-2023-40052 (This issue affects Progress Application Server (PAS) for
OpenEdge in v ...)
+ TODO: check
+CVE-2023-40051 (This issue affects Progress Application Server (PAS) for
OpenEdge in v ...)
+ TODO: check
+CVE-2023-34348 (AVEVA PI Server versions 2023 and 2018 SP3 P05 and prior
contain a vul ...)
+ TODO: check
+CVE-2023-31274 (AVEVA PI Server versions 2023 and 2018 SP3 P05 and prior
contain a vul ...)
+ TODO: check
CVE-2024-23525 (The Spreadsheet::ParseXLSX package before 0.30 for Perl allows
XXE att ...)
- libspreadsheet-parsexlsx-perl <unfixed> (bug #1061098)
NOTE: https://gist.github.com/phvietan/d1c95a88ab6e17047b0248d6bf9eac4a
@@ -340,7 +398,7 @@ CVE-2023-36236 (Cross Site Scripting vulnerability in
webkil Bagisto v.1.5.0 and
NOT-FOR-US: webkil Bagisto
CVE-2023-36235 (An issue in webkul qloapps before v1.6.0 allows an attacker to
obtain ...)
NOT-FOR-US: webkul qloapps
-CVE-2024-0607 [netfilter: nf_tables: fix pointer math issue in
nft_byteorder_eval()]
+CVE-2024-0607 (A flaw was found in the Netfilter subsystem in the Linux
kernel. The i ...)
- linux 6.5.13-1
[bookworm] - linux 6.1.64-1
NOTE:
https://git.kernel.org/linus/c301f0981fdd3fd1ffac6836b423c4d7a8e0eb63 (6.7-rc2)
@@ -633,13 +691,13 @@ CVE-2023-6395 (The Mock software contains a vulnerability
wherein an attacker co
NOTE: templated-dictionary spit up from mock project in:
https://github.com/rpm-software-management/mock/commit/c989e28ba92c571c0834e9b5d10ef29340e661f8
(mock-2.9)
NOTE: Fixed by:
https://github.com/xsuchy/templated-dictionary/commit/bcd90f0dafa365575c4b101e6f5d98c4ef4e4b69
(python-templated-dictionary-1.4-1)
NOTE: Fixed by:
https://github.com/xsuchy/templated-dictionary/commit/0740bd0ca8d487301881541028977d120f8b8933
(python-templated-dictionary-1.4-1)
-CVE-2024-0408 [SELinux unlabeled GLX PBuffer]
+CVE-2024-0408 (A flaw was found in the X.Org server. The GLX PBuffer code does
not ca ...)
- xorg-server 2:21.1.11-1
- xwayland 2:23.2.4-1
[bookworm] - xwayland <no-dsa> (Minor issue; Xwayland shouldn't be
running as root)
NOTE: https://lists.x.org/archives/xorg/2024-January/061525.html
NOTE:
https://gitlab.freedesktop.org/xorg/xserver/-/commit/e5e8586a12a3ec915673edffa10dc8fe5e15dac3
-CVE-2024-0409 [SELinux context corruption]
+CVE-2024-0409 (A flaw was found in the X.Org server. The cursor code in both
Xephyr a ...)
- xorg-server 2:21.1.11-1
- xwayland 2:23.2.4-1
[bookworm] - xwayland <no-dsa> (Minor issue; Xwayland shouldn't be
running as root)
@@ -1469,7 +1527,7 @@ CVE-2023-51748 (ScaleFusion 10.5.2 does not properly
limit users to the Edge app
CVE-2023-50671 (In exiftags 1.01, nikon_prop1 in nikon.c has a heap-based
buffer overf ...)
- exiftags <unfixed> (bug #1060753)
NOTE: https://blog.yulun.ac.cn/posts/2023/fuzzing-exiftags/
-CVE-2023-50159 (In ScaleFusion (Windows Desktop App) agent v10.5.2, Kiosk mode
applica ...)
+CVE-2023-50159 (In ScaleFusion (Windows Desktop App) agent 10.5.2, Kiosk mode
applicat ...)
NOT-FOR-US: ScaleFusion
CVE-2023-4962 (The Video PopUp plugin for WordPress is vulnerable to Stored
Cross-Sit ...)
NOT-FOR-US: WordPress plugin
@@ -45812,10 +45870,10 @@ CVE-2023-28903
RESERVED
CVE-2023-28902
RESERVED
-CVE-2023-28901
- RESERVED
-CVE-2023-28900
- RESERVED
+CVE-2023-28901 (The Skoda Automotive cloud contains a Broken Access Control
vulnerabil ...)
+ TODO: check
+CVE-2023-28900 (The Skoda Automotive cloud contains a Broken Access Control
vulnerabil ...)
+ TODO: check
CVE-2023-28899 (By sending a specific reset UDS request via OBDII port of
Skoda vehicl ...)
NOT-FOR-US: Skoda
CVE-2023-28898 (The Real-Time Streaming Protocol implementation in the MIB3
infotainme ...)
@@ -184698,10 +184756,10 @@ CVE-2021-33633
RESERVED
CVE-2021-33632
RESERVED
-CVE-2021-33631
- RESERVED
-CVE-2021-33630
- RESERVED
+CVE-2021-33631 (Integer Overflow or Wraparound vulnerability in openEuler
kernel on Li ...)
+ TODO: check
+CVE-2021-33630 (NULL Pointer Dereference vulnerability in openEuler kernel on
Linux (n ...)
+ TODO: check
CVE-2021-33629 (isula-build before 0.9.5-6 can cause a program crash, when
building co ...)
NOT-FOR-US: isula-build
CVE-2021-33628
View it on GitLab:
https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/683fa91515be2538894ce214b1614c20a3c1abfe
--
View it on GitLab:
https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/683fa91515be2538894ce214b1614c20a3c1abfe
You're receiving this email because of your account on salsa.debian.org.
_______________________________________________
debian-security-tracker-commits mailing list
[email protected]
https://alioth-lists.debian.net/cgi-bin/mailman/listinfo/debian-security-tracker-commits
