Salvatore Bonaccorso pushed to branch master at Debian Security Tracker /
security-tracker
Commits:
b7fb9bfa by security tracker role at 2024-01-25T20:22:56+00:00
automatic update
- - - - -
1 changed file:
- data/CVE/list
Changes:
=====================================
data/CVE/list
=====================================
@@ -1,3 +1,39 @@
+CVE-2024-23855 (A vulnerability has been reported in Cups Easy (Purchase &
Inventory), ...)
+ TODO: check
+CVE-2024-23817 (Dolibarr is an enterprise resource planning (ERP) and customer
relatio ...)
+ TODO: check
+CVE-2024-23656 (Dex is an identity service that uses OpenID Connect to drive
authentic ...)
+ TODO: check
+CVE-2024-23655 (Tuta is an encrypted email service. Starting in version
3.118.12 and p ...)
+ TODO: check
+CVE-2024-22749 (GPAC v2.3 was detected to contain a buffer overflow via the
function g ...)
+ TODO: check
+CVE-2024-22729 (NETIS SYSTEMS MW5360 V1.0.1.3031 was discovered to contain a
command i ...)
+ TODO: check
+CVE-2024-22529 (TOTOLINK X2000R_V2 V2.0.0-B20230727.10434 has a command
injection vuln ...)
+ TODO: check
+CVE-2024-22432 (Networker 19.9 and all prior versions contains a Plain-text
Password s ...)
+ TODO: check
+CVE-2024-21630 (Zulip is an open-source team collaboration tool. A
vulnerability in ve ...)
+ TODO: check
+CVE-2024-0883 (A vulnerability was found in SourceCodester Online Tours &
Travels Man ...)
+ TODO: check
+CVE-2024-0882 (A vulnerability was found in qwdigital LinkWechat 5.1.0. It has
been c ...)
+ TODO: check
+CVE-2024-0880 (A vulnerability was found in Qidianbang qdbcrm 1.1.0 and
classified as ...)
+ TODO: check
+CVE-2024-0879 (Authentication bypass in vector-admin allows a user to register
to a v ...)
+ TODO: check
+CVE-2023-7227 (SystemK NVR 504/508/516 versions 2.3.5SK.30084998 and prior are
vulner ...)
+ TODO: check
+CVE-2023-6282 (IceHrm 23.0.0.OS does not sufficiently encode user-controlled
input, w ...)
+ TODO: check
+CVE-2023-52076 (Atril Document Viewer is the default document reader of the
MATE deskt ...)
+ TODO: check
+CVE-2023-41474 (Directory Traversal vulnerability in Ivanti Avalanche
6.3.4.153 allows ...)
+ TODO: check
+CVE-2023-3181 (The C:\Program Files (x86)\Splashtop\Splashtop Software
Updater\uninst ...)
+ TODO: check
CVE-2024-23985 (EzServer 6.4.017 allows a denial of service (daemon crash) via
a long ...)
NOT-FOR-US: EzServer
CVE-2024-23307 (Integer Overflow or Wraparound vulnerability in Linux Linux
kernel ker ...)
@@ -26,7 +62,7 @@ CVE-2023-33758 (Splicecom Maximiser Soft PBX v1.5 and before
was discovered to c
NOT-FOR-US: SpliceCom
CVE-2023-33757 (A lack of SSL certificate validation in Splicecom iPCS (iOS
App) v1.3. ...)
NOT-FOR-US: SpliceCom
-CVE-2024-0822
+CVE-2024-0822 (An authentication bypass vulnerability was found in
overt-engine. This ...)
NOT-FOR-US: ovirt-engine
CVE-2024-0727 [Add NULL checks where ContentInfo data can be NULL]
- openssl <unfixed>
@@ -37,16 +73,16 @@ CVE-2024-0727 [Add NULL checks where ContentInfo data can
be NULL]
NOTE:
https://github.com/openssl/openssl/commit/8a85df7c60ba1372ee98acc5982e902d75f52130
(master)
NOTE:
https://github.com/openssl/openssl/commit/d135eeab8a5dbf72b3da5240bab9ddb7678dbd2c
(openssl-3.1)
NOTE:
https://github.com/openssl/openssl/commit/d135eeab8a5dbf72b3da5240bab9ddb7678dbd2c
(openssl-3.1)
-CVE-2023-6267
+CVE-2023-6267 (A flaw was found in the json payload. If annotation based
security is ...)
NOT-FOR-US: Quarkus
CVE-2023-5675
NOT-FOR-US: Quarkus
-CVE-2023-52356
+CVE-2023-52356 (A segment fault (SEGV) flaw was found in libtiff that could be
trigger ...)
- tiff <unfixed>
NOTE: https://gitlab.com/libtiff/libtiff/-/issues/622
NOTE: https://gitlab.com/libtiff/libtiff/-/merge_requests/546
NOTE:
https://gitlab.com/libtiff/libtiff/-/commit/51558511bdbbcffdce534db21dbaf5d54b31638a
-CVE-2023-52355
+CVE-2023-52355 (An out-of-memory flaw was found in libtiff that could be
triggered by ...)
- tiff <unfixed>
NOTE: https://gitlab.com/libtiff/libtiff/-/issues/621
NOTE: https://gitlab.com/libtiff/libtiff/-/merge_requests/553
@@ -65,7 +101,7 @@ CVE-2023-40549
CVE-2023-40548
- shim <unfixed>
NOTE: https://bugzilla.redhat.com/show_bug.cgi?id=2241782
-CVE-2023-40547
+CVE-2023-40547 (A remote code execution vulnerability was found in Shim. The
Shim boot ...)
- shim <unfixed>
NOTE: https://bugzilla.redhat.com/show_bug.cgi?id=2234589
CVE-2023-40546
@@ -480,7 +516,7 @@ CVE-2023-44401 (The Silverstripe CMS GraphQL Server serves
Silverstripe data as
CVE-2023-42143 (Missing Integrity Check in Shelly TRV
20220811-152343/v2.1.8@5afc928c ...)
NOT-FOR-US: Shelly
CVE-2024-0755 (Memory safety bugs present in Firefox 121, Firefox ESR 115.6,
and Thun ...)
- {DSA-5606-1 DSA-5605-1}
+ {DSA-5606-1 DSA-5605-1 DLA-3720-1}
- firefox 122.0-1
- firefox-esr 115.7.0esr-1
- thunderbird 1:115.7.0-1
@@ -491,7 +527,7 @@ CVE-2024-0754 (Some WASM source files could have caused a
crash when loaded in d
- firefox 122.0-1
NOTE:
https://www.mozilla.org/en-US/security/advisories/mfsa2024-01/#CVE-2024-0754
CVE-2024-0753 (In specific HSTS configurations an attacker could have bypassed
HSTS o ...)
- {DSA-5606-1 DSA-5605-1}
+ {DSA-5606-1 DSA-5605-1 DLA-3720-1}
- firefox 122.0-1
- firefox-esr 115.7.0esr-1
- thunderbird 1:115.7.0-1
@@ -502,7 +538,7 @@ CVE-2024-0752 (A use-after-free crash could have occurred
on macOS if a Firefox
- firefox <not-affected> (Only affects Firefox on MacOS)
NOTE:
https://www.mozilla.org/en-US/security/advisories/mfsa2024-01/#CVE-2024-0752
CVE-2024-0751 (A malicious devtools extension could have been used to escalate
privil ...)
- {DSA-5606-1 DSA-5605-1}
+ {DSA-5606-1 DSA-5605-1 DLA-3720-1}
- firefox 122.0-1
- firefox-esr 115.7.0esr-1
- thunderbird 1:115.7.0-1
@@ -510,7 +546,7 @@ CVE-2024-0751 (A malicious devtools extension could have
been used to escalate p
NOTE:
https://www.mozilla.org/en-US/security/advisories/mfsa2024-02/#CVE-2024-0751
NOTE:
https://www.mozilla.org/en-US/security/advisories/mfsa2024-04/#CVE-2024-0751
CVE-2024-0750 (A bug in popup notifications delay calculation could have made
it poss ...)
- {DSA-5606-1 DSA-5605-1}
+ {DSA-5606-1 DSA-5605-1 DLA-3720-1}
- firefox 122.0-1
- firefox-esr 115.7.0esr-1
- thunderbird 1:115.7.0-1
@@ -518,7 +554,7 @@ CVE-2024-0750 (A bug in popup notifications delay
calculation could have made it
NOTE:
https://www.mozilla.org/en-US/security/advisories/mfsa2024-02/#CVE-2024-0750
NOTE:
https://www.mozilla.org/en-US/security/advisories/mfsa2024-04/#CVE-2024-0750
CVE-2024-0749 (A phishing site could have repurposed an `about:` dialog to
show phish ...)
- {DSA-5606-1 DSA-5605-1}
+ {DSA-5606-1 DSA-5605-1 DLA-3720-1}
- firefox 122.0-1
- firefox-esr 115.7.0esr-1
- thunderbird 1:115.7.0-1
@@ -529,7 +565,7 @@ CVE-2024-0748 (A compromised content process could have
updated the document URI
- firefox 122.0-1
NOTE:
https://www.mozilla.org/en-US/security/advisories/mfsa2024-01/#CVE-2024-0748
CVE-2024-0747 (When a parent page loaded a child in an iframe with
`unsafe-inline`, t ...)
- {DSA-5606-1 DSA-5605-1}
+ {DSA-5606-1 DSA-5605-1 DLA-3720-1}
- firefox 122.0-1
- firefox-esr 115.7.0esr-1
- thunderbird 1:115.7.0-1
@@ -537,7 +573,7 @@ CVE-2024-0747 (When a parent page loaded a child in an
iframe with `unsafe-inlin
NOTE:
https://www.mozilla.org/en-US/security/advisories/mfsa2024-02/#CVE-2024-0747
NOTE:
https://www.mozilla.org/en-US/security/advisories/mfsa2024-04/#CVE-2024-0747
CVE-2024-0746 (A Linux user opening the print preview dialog could have caused
the br ...)
- {DSA-5606-1 DSA-5605-1}
+ {DSA-5606-1 DSA-5605-1 DLA-3720-1}
- firefox 122.0-1
- firefox-esr 115.7.0esr-1
- thunderbird 1:115.7.0-1
@@ -555,7 +591,7 @@ CVE-2024-0743 (An unchecked return value in TLS handshake
code could have caused
NOTE:
https://www.mozilla.org/en-US/security/advisories/mfsa2024-01/#CVE-2024-0743
TODO: check src:nss
CVE-2024-0742 (It was possible for certain browser prompts and dialogs to be
activate ...)
- {DSA-5606-1 DSA-5605-1}
+ {DSA-5606-1 DSA-5605-1 DLA-3720-1}
- firefox 122.0-1
- firefox-esr 115.7.0esr-1
- thunderbird 1:115.7.0-1
@@ -563,7 +599,7 @@ CVE-2024-0742 (It was possible for certain browser prompts
and dialogs to be act
NOTE:
https://www.mozilla.org/en-US/security/advisories/mfsa2024-02/#CVE-2024-0742
NOTE:
https://www.mozilla.org/en-US/security/advisories/mfsa2024-04/#CVE-2024-0742
CVE-2024-0741 (An out of bounds write in ANGLE could have allowed an attacker
to corr ...)
- {DSA-5606-1 DSA-5605-1}
+ {DSA-5606-1 DSA-5605-1 DLA-3720-1}
- firefox 122.0-1
- firefox-esr 115.7.0esr-1
- thunderbird 1:115.7.0-1
@@ -659,7 +695,7 @@ CVE-2024-22895 (DedeCMS 5.7.112 has a File Upload
vulnerability via uploads/dede
CVE-2024-22233 (In Spring Framework versions 6.0.15 and 6.1.2, it is possible
for a us ...)
- libspring-java <not-affected> (Only affects 6.x)
NOTE: https://spring.io/security/cve-2024-22233/
-CVE-2024-0784 (A vulnerability was found in biantaibao octopus 1.0. It has
been class ...)
+CVE-2024-0784 (A vulnerability was found in hongmaple octopus 1.0. It has been
classi ...)
NOT-FOR-US: biantaibao octopus
CVE-2024-0783 (A vulnerability was found in Project Worlds Online Admission
System 1. ...)
NOT-FOR-US: Project Worlds Online Admission System
@@ -3145,7 +3181,7 @@ CVE-2023-47996 (An integer overflow vulnerability in
Exif.cpp::jpeg_read_exif_di
[bookworm] - freeimage <postponed> (Revisit when fixed upstream)
[bullseye] - freeimage <postponed> (Revisit when fixed upstream)
NOTE:
https://github.com/thelastede/FreeImage-cve-poc/tree/master/CVE-2023-47996
-CVE-2023-47995 (Buffer Overflow vulnerability in
BitmapAccess.cpp::FreeImage_AllocateB ...)
+CVE-2023-47995 (Memory Allocation with Excessive Size Value discovered in
BitmapAccess ...)
- freeimage <unfixed> (bug #1060862)
[bookworm] - freeimage <postponed> (Revisit when fixed upstream)
[bullseye] - freeimage <postponed> (Revisit when fixed upstream)
@@ -57816,7 +57852,7 @@ CVE-2023-25531 (NVIDIA DGX H100 BMC contains a
vulnerability in IPMI, where an a
NOT-FOR-US: NVIDIA DGX H100 BMC
CVE-2023-25530 (NVIDIA DGX H100 BMC contains a vulnerability in the KVM
service, where ...)
NOT-FOR-US: NVIDIA DGX H100 BMC
-CVE-2023-25529 (NVIDIA DGX H100 BMC contains a vulnerability in the host KVM
daemon, w ...)
+CVE-2023-25529 (NVIDIA DGX H100 BMC and DGX A100 BMC contains a vulnerability
in the h ...)
NOT-FOR-US: NVIDIA DGX H100 BMC
CVE-2023-25528 (NVIDIA DGX H100 baseboard management controller (BMC) contains
a vulne ...)
NOT-FOR-US: NVIDIA DGX H100 BMC
View it on GitLab:
https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/b7fb9bfa67ab072fff27a7120c12abf336afbfd1
--
View it on GitLab:
https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/b7fb9bfa67ab072fff27a7120c12abf336afbfd1
You're receiving this email because of your account on salsa.debian.org.
_______________________________________________
debian-security-tracker-commits mailing list
[email protected]
https://alioth-lists.debian.net/cgi-bin/mailman/listinfo/debian-security-tracker-commits
