Salvatore Bonaccorso pushed to branch master at Debian Security Tracker / security-tracker
Commits: 6d8ae53b by security tracker role at 2024-01-30T20:12:15+00:00 automatic update - - - - - 1 changed file: - data/CVE/list Changes: ===================================== data/CVE/list ===================================== @@ -1,4 +1,105 @@ +CVE-2024-24565 (CrateDB is a distributed SQL database that makes it simple to store an ...) + TODO: check +CVE-2024-24558 (TanStack Query supplies asynchronous state management, server-state ut ...) + TODO: check +CVE-2024-24556 (urql is a GraphQL client that exposes a set of helpers for several fra ...) + TODO: check +CVE-2024-24333 (TOTOLINK A3300R V17.0.0cu.557_B20221024 was discovered to contain a co ...) + TODO: check +CVE-2024-24332 (TOTOLINK A3300R V17.0.0cu.557_B20221024 was discovered to contain a co ...) + TODO: check +CVE-2024-24331 (TOTOLINK A3300R V17.0.0cu.557_B20221024 was discovered to contain a co ...) + TODO: check +CVE-2024-24330 (TOTOLINK A3300R V17.0.0cu.557_B20221024 was discovered to contain a co ...) + TODO: check +CVE-2024-24329 (TOTOLINK A3300R V17.0.0cu.557_B20221024 was discovered to contain a co ...) + TODO: check +CVE-2024-24328 (TOTOLINK A3300R V17.0.0cu.557_B20221024 was discovered to contain a co ...) + TODO: check +CVE-2024-24327 (TOTOLINK A3300R V17.0.0cu.557_B20221024 was discovered to contain a co ...) + TODO: check +CVE-2024-24326 (TOTOLINK A3300R V17.0.0cu.557_B20221024 was discovered to contain a co ...) + TODO: check +CVE-2024-24325 (TOTOLINK A3300R V17.0.0cu.557_B20221024 was discovered to contain a co ...) + TODO: check +CVE-2024-24324 (TOTOLINK A8000RU v7.1cu.643_B20200521 was discovered to contain a hard ...) + TODO: check +CVE-2024-23841 (apollo-client-nextjs is the Apollo Client support for the Next.js App ...) + TODO: check +CVE-2024-23840 (GoReleaser builds Go binaries for several platforms, creates a GitHub ...) + TODO: check +CVE-2024-23838 (TrueLayer.NET is the .Net client for TrueLayer. The vulnerability cou ...) + TODO: check +CVE-2024-23825 (TablePress is a table plugin for Wordpress. For importing tables, Tabl ...) + TODO: check +CVE-2024-23647 (Authentik is an open-source Identity Provider. There is a bug in our i ...) + TODO: check +CVE-2024-22894 (An issue in AIT-Deutschland Alpha Innotec Heatpumps wp2reg-V.3.88.0-90 ...) + TODO: check +CVE-2024-22523 (Directory Traversal vulnerability in Qiyu iFair version 23.8_ad0 and b ...) + TODO: check +CVE-2024-22200 (vantage6-UI is the User Interface for vantage6. The docker image used ...) + TODO: check +CVE-2024-22193 (The vantage6 technology enables to manage and deploy privacy enhancing ...) + TODO: check +CVE-2024-21671 (The vantage6 technology enables to manage and deploy privacy enhancing ...) + TODO: check +CVE-2024-21653 (The vantage6 technology enables to manage and deploy privacy enhancing ...) + TODO: check +CVE-2024-21649 (The vantage6 technology enables to manage and deploy privacy enhancing ...) + TODO: check +CVE-2024-21388 (Microsoft Edge (Chromium-based) Elevation of Privilege Vulnerability) + TODO: check +CVE-2024-1063 (Appwrite <= v1.4.13 is affected by a Server-Side Request Forgery (SSRF ...) + TODO: check +CVE-2024-1061 (The 'HTML5 Video Player' WordPress Plugin, version < 2.5.25 is affecte ...) + TODO: check +CVE-2024-1036 (A vulnerability was found in openBI up to 1.0.8 and classified as crit ...) + TODO: check +CVE-2024-1035 (A vulnerability has been found in openBI up to 1.0.8 and classified as ...) + TODO: check +CVE-2024-1034 (A vulnerability, which was classified as critical, was found in openBI ...) + TODO: check +CVE-2024-1033 (A vulnerability, which was classified as problematic, has been found i ...) + TODO: check +CVE-2024-1032 (A vulnerability classified as critical was found in openBI up to 1.0.8 ...) + TODO: check +CVE-2024-1031 (A vulnerability was found in CodeAstro Expense Management System 1.0. ...) + TODO: check +CVE-2024-1030 (A vulnerability was found in Cogites eReserv 7.7.58. It has been class ...) + TODO: check +CVE-2024-1019 (ModSecurity / libModSecurity 3.0.0 to 3.0.11 is affected by a WAF bypa ...) + TODO: check +CVE-2024-0676 (Weak password requirement vulnerability in Lamassu Bitcoin ATM Douro ...) + TODO: check +CVE-2024-0675 (Vulnerability of improper checking for unusual or exceptional conditio ...) + TODO: check +CVE-2024-0674 (Privilege escalation vulnerability in Lamassu Bitcoin ATM Douro machin ...) + TODO: check +CVE-2024-0564 (A flaw was found in the Linux kernel's memory deduplication mechanism. ...) + TODO: check +CVE-2023-6943 (Use of Externally-Controlled Input to Select Classes or Code ('Unsafe ...) + TODO: check +CVE-2023-6942 (Missing Authentication for Critical Function vulnerability in Mitsubis ...) + TODO: check +CVE-2023-6374 (Authentication Bypass by Capture-replay vulnerability in Mitsubishi El ...) + TODO: check +CVE-2023-6258 (A security vulnerability has been identified in the pkcs11-provider, w ...) + TODO: check +CVE-2023-5389 (An attacker could potentially exploit this vulnerability, leading to t ...) + TODO: check +CVE-2023-46231 (In Splunk Add-on Builder versions below 4.1.4, the application writes ...) + TODO: check +CVE-2023-46230 (In Splunk Add-on Builder versions below 4.1.4, the app writes sensitiv ...) + TODO: check +CVE-2023-37518 (HCL BigFix ServiceNow is vulnerable to arbitrary code injection. A ma ...) + TODO: check +CVE-2023-36260 (An issue discovered in Craft CMS version 4.6.1. allows remote attacker ...) + TODO: check +CVE-2023-36259 (Cross Site Scripting (XSS) vulnerability in Craft CMS Audit Plugin bef ...) + TODO: check CVE-2023-6246 [syslog: Fix heap buffer overflow in __vsyslog_internal] + {DSA-5611-1} - glibc 2.37-15 [bullseye] - glibc <not-affected> (Vulnerable code not present) [buster] - glibc <not-affected> (Vulnerable code not present) @@ -6,11 +107,13 @@ CVE-2023-6246 [syslog: Fix heap buffer overflow in __vsyslog_internal] NOTE: Introducecd by: https://sourceware.org/git?p=glibc.git;a=commit;h=52a5be0df411ef3ff45c10c7c308cb92993d15b1 NOTE: Fixed by: https://sourceware.org/git?p=glibc.git;a=commit;h=6bd0e4efcc78f3c0115e5ea9739a1642807450da CVE-2023-6779 [syslog: Fix heap buffer overflow in __vsyslog_internal] + {DSA-5611-1} - glibc 2.37-15 [bullseye] - glibc <not-affected> (Vulnerable code not present) [buster] - glibc <not-affected> (Vulnerable code not present) NOTE: Fixed by: https://sourceware.org/git/?p=glibc.git;a=commit;h=7e5a0c286da33159d47d0122007aac016f3e02cd CVE-2023-6780 [syslog: Fix integer overflow in __vsyslog_internal] + {DSA-5611-1} - glibc 2.37-15 [bullseye] - glibc <not-affected> (Vulnerable code not present) [buster] - glibc <not-affected> (Vulnerable code not present) @@ -6458,6 +6561,7 @@ CVE-2023-51765 (sendmail through 8.17.2 allows SMTP smuggling in certain configu NOTE: https://www.openwall.com/lists/oss-security/2023/12/21/6 NOTE: https://www.openwall.com/lists/oss-security/2023/12/26/5 CVE-2023-51764 (Postfix through 3.8.5 allows SMTP smuggling unless configured with smt ...) + {DLA-3725-1} - postfix 3.8.4-1 (bug #1059230) [bookworm] - postfix <no-dsa> (Minor issue; mitigations exist) [bullseye] - postfix <no-dsa> (Minor issue; mitigations exist) @@ -23529,7 +23633,7 @@ CVE-2023-4236 (A flaw in the networking code handling DNS-over-TLS queries may c NOTE: https://kb.isc.org/docs/cve-2023-4236 NOTE: https://gitlab.isc.org/isc-projects/bind9/-/commit/18efa454a98759bf4f3ca806d9a6ef881ff9648d (v9.18.19) CVE-2023-3341 (The code that processes control channel messages sent to `named` calls ...) - {DSA-5504-1} + {DSA-5504-1 DLA-3726-1} - bind9 1:9.19.17-1 (bug #1052416) NOTE: https://kb.isc.org/docs/cve-2023-3341 NOTE: https://gitlab.isc.org/isc-projects/bind9/-/commit/432a49a7b089da6340e56d402034a586bc69f80e (v9.18.19) View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/6d8ae53b14bef6143a631a10ddf1433543c878cf -- View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/6d8ae53b14bef6143a631a10ddf1433543c878cf You're receiving this email because of your account on salsa.debian.org.
_______________________________________________ debian-security-tracker-commits mailing list debian-security-tracker-commits@alioth-lists.debian.net https://alioth-lists.debian.net/cgi-bin/mailman/listinfo/debian-security-tracker-commits