Salvatore Bonaccorso pushed to branch master at Debian Security Tracker /
security-tracker
Commits:
02c5a1ae by security tracker role at 2024-01-31T20:12:07+00:00
automatic update
- - - - -
1 changed file:
- data/CVE/list
Changes:
=====================================
data/CVE/list
=====================================
@@ -1,3 +1,133 @@
+CVE-2024-24579 (stereoscope is a go library for processing container images
and simula ...)
+ TODO: check
+CVE-2024-24566 (Lobe Chat is a chatbot framework that supports speech
synthesis, multi ...)
+ TODO: check
+CVE-2024-23637 (OctoPrint is a web interface for 3D printer.s OctoPrint
versions up un ...)
+ TODO: check
+CVE-2024-23508 (Improper Neutralization of Input During Web Page Generation
('Cross-si ...)
+ TODO: check
+CVE-2024-23507 (Improper Neutralization of Special Elements used in an SQL
Command ('S ...)
+ TODO: check
+CVE-2024-23505 (Improper Neutralization of Input During Web Page Generation
('Cross-si ...)
+ TODO: check
+CVE-2024-23502 (Improper Neutralization of Input During Web Page Generation
('Cross-si ...)
+ TODO: check
+CVE-2024-22310 (Improper Neutralization of Input During Web Page Generation
('Cross-si ...)
+ TODO: check
+CVE-2024-22307 (Improper Neutralization of Input During Web Page Generation
('Cross-si ...)
+ TODO: check
+CVE-2024-22306 (Improper Neutralization of Input During Web Page Generation
('Cross-si ...)
+ TODO: check
+CVE-2024-22305 (Authorization Bypass Through User-Controlled Key vulnerability
in ali ...)
+ TODO: check
+CVE-2024-22304 (Cross-Site Request Forgery (CSRF) vulnerability in Borbis
Media FreshM ...)
+ TODO: check
+CVE-2024-22302 (Improper Neutralization of Input During Web Page Generation
('Cross-si ...)
+ TODO: check
+CVE-2024-22297 (Improper Neutralization of Input During Web Page Generation
('Cross-si ...)
+ TODO: check
+CVE-2024-22295 (Improper Neutralization of Input During Web Page Generation
('Cross-si ...)
+ TODO: check
+CVE-2024-22293 (Improper Neutralization of Input During Web Page Generation
('Cross-si ...)
+ TODO: check
+CVE-2024-22292 (Improper Neutralization of Input During Web Page Generation
('Cross-si ...)
+ TODO: check
+CVE-2024-22291 (Cross-Site Request Forgery (CSRF) vulnerability in Marco
Milesi Browse ...)
+ TODO: check
+CVE-2024-22290 (Cross-Site Request Forgery (CSRF) vulnerability in
AboZain,O7abeeb,Uni ...)
+ TODO: check
+CVE-2024-22289 (Improper Neutralization of Input During Web Page Generation
('Cross-si ...)
+ TODO: check
+CVE-2024-22287 (Cross-Site Request Forgery (CSRF) vulnerability in Lud\u011bk
Melichar ...)
+ TODO: check
+CVE-2024-22286 (Improper Neutralization of Input During Web Page Generation
('Cross-si ...)
+ TODO: check
+CVE-2024-22285 (Cross-Site Request Forgery (CSRF) vulnerability in Elise Bosse
Frontpa ...)
+ TODO: check
+CVE-2024-22282 (Improper Neutralization of Input During Web Page Generation
('Cross-si ...)
+ TODO: check
+CVE-2024-22163 (Improper Neutralization of Input During Web Page Generation
('Cross-si ...)
+ TODO: check
+CVE-2024-22162 (Improper Neutralization of Input During Web Page Generation
('Cross-si ...)
+ TODO: check
+CVE-2024-22161 (Improper Neutralization of Input During Web Page Generation
('Cross-si ...)
+ TODO: check
+CVE-2024-22160 (Improper Neutralization of Input During Web Page Generation
('Cross-si ...)
+ TODO: check
+CVE-2024-22159 (Improper Neutralization of Input During Web Page Generation
('Cross-si ...)
+ TODO: check
+CVE-2024-22158 (Improper Neutralization of Input During Web Page Generation
('Cross-si ...)
+ TODO: check
+CVE-2024-22153 (Improper Neutralization of Input During Web Page Generation
('Cross-si ...)
+ TODO: check
+CVE-2024-22150 (Improper Neutralization of Input During Web Page Generation
('Cross-si ...)
+ TODO: check
+CVE-2024-22146 (Improper Neutralization of Input During Web Page Generation
('Cross-si ...)
+ TODO: check
+CVE-2024-22143 (Cross-Site Request Forgery (CSRF) vulnerability in WP Spell
Check.This ...)
+ TODO: check
+CVE-2024-22140 (Cross-Site Request Forgery (CSRF) vulnerability in Cozmoslabs
Profile ...)
+ TODO: check
+CVE-2024-22136 (Cross-Site Request Forgery (CSRF) vulnerability in DroitThemes
Droit E ...)
+ TODO: check
+CVE-2024-21917 (A vulnerability exists in Rockwell Automation FactoryTalk\xae
Service ...)
+ TODO: check
+CVE-2024-21916 (A denial-of-service vulnerability exists in specific Rockwell
Automati ...)
+ TODO: check
+CVE-2024-21893 (A server-side request forgery vulnerability in the SAML
component of I ...)
+ TODO: check
+CVE-2024-21888 (A privilege escalation vulnerability in web component of
Ivanti Connec ...)
+ TODO: check
+CVE-2024-1116 (A vulnerability was found in openBI up to 1.0.8. It has been
classifie ...)
+ TODO: check
+CVE-2024-1115 (A vulnerability was found in openBI up to 1.0.8 and classified
as crit ...)
+ TODO: check
+CVE-2024-1114 (A vulnerability has been found in openBI up to 1.0.8 and
classified as ...)
+ TODO: check
+CVE-2024-1113 (A vulnerability, which was classified as critical, was found in
openBI ...)
+ TODO: check
+CVE-2024-1112 (Heap-based buffer overflow vulnerability in Resource Hacker,
developed ...)
+ TODO: check
+CVE-2024-1111 (A vulnerability, which was classified as problematic, has been
found i ...)
+ TODO: check
+CVE-2024-1103 (A vulnerability was found in CodeAstro Real Estate Management
System 1 ...)
+ TODO: check
+CVE-2024-1099 (A vulnerability was found in Rebuild up to 3.5.5. It has been
classifi ...)
+ TODO: check
+CVE-2024-1098 (A vulnerability was found in Rebuild up to 3.5.5 and classified
as pro ...)
+ TODO: check
+CVE-2024-1087
+ REJECTED
+CVE-2024-1086 (A use-after-free vulnerability in the Linux kernel's netfilter:
nf_tab ...)
+ TODO: check
+CVE-2024-1085 (A use-after-free vulnerability in the Linux kernel's netfilter:
nf_tab ...)
+ TODO: check
+CVE-2024-0833 (In Telerik Test Studio versions prior to v2023.3.1330, a
privilege e ...)
+ TODO: check
+CVE-2024-0832 (In Telerik Reporting versions prior to 2024 R1, a privilege
elevation ...)
+ TODO: check
+CVE-2024-0589 (Cross-site scripting (XSS) vulnerability in the entry overview
tab in ...)
+ TODO: check
+CVE-2024-0219 (In Telerik JustDecompile versions prior to 2024 R1, a privilege
elevat ...)
+ TODO: check
+CVE-2023-7043 (Unquoted service path in ESET products allows to drop a
prepared pro ...)
+ TODO: check
+CVE-2023-5390 (An attacker could potentially exploit this vulnerability,
leading to f ...)
+ TODO: check
+CVE-2023-50357 (A cross site scripting vulnerability in the AREAL SAS Websrv1
ASP webs ...)
+ TODO: check
+CVE-2023-50356 (SSL connections to NOVELL and Synology LDAP server are
vulnerable to a ...)
+ TODO: check
+CVE-2023-50166 (Pega Platform from 8.5.4 to 8.8.3 is affected by an XSS issue
with an ...)
+ TODO: check
+CVE-2023-50165 (Pega Platform versions 8.2.1 to Infinity 23.1.0 are affected
by an Gen ...)
+ TODO: check
+CVE-2023-47116 (Label Studio is a popular open source data labeling tool. The
vulnerab ...)
+ TODO: check
+CVE-2023-44313 (Server-Side Request Forgery (SSRF) vulnerability in Apache
ServiceComb ...)
+ TODO: check
+CVE-2023-44312 (Exposure of Sensitive Information to an Unauthorized Actor in
Apache S ...)
+ TODO: check
CVE-2024-24567 (Vyper is a pythonic Smart Contract Language for the ethereum
virtual m ...)
NOT-FOR-US: Vyper
CVE-2024-23834 (Discourse is an open-source discussion platform. Improperly
sanitized ...)
@@ -34,7 +164,7 @@ CVE-2024-1062 [a heap overflow leading to denail-of-servce
while writing a value
NOTE: https://bugzilla.redhat.com/show_bug.cgi?id=2256711
NOTE: https://github.com/389ds/389-ds-base/issues/5647
TODO: check details
-CVE-2023-5992 [Side-channel leaks while stripping encryption PKCS#1 padding]
+CVE-2023-5992 (A vulnerability was found in OpenSC where PKCS#1 encryption
padding re ...)
- opensc <unfixed>
NOTE: https://bugzilla.redhat.com/show_bug.cgi?id=2248685
CVE-2024-1060 (Use after free in Canvas in Google Chrome prior to
121.0.6167.139 allo ...)
@@ -154,7 +284,7 @@ CVE-2023-36260 (An issue discovered in Craft CMS version
4.6.1. allows remote at
NOT-FOR-US: Craft CMS
CVE-2023-36259 (Cross Site Scripting (XSS) vulnerability in Craft CMS Audit
Plugin bef ...)
NOT-FOR-US: Craft CMS Audit Plugin
-CVE-2023-6246 [syslog: Fix heap buffer overflow in __vsyslog_internal]
+CVE-2023-6246 (A heap-based buffer overflow was found in the
__vsyslog_internal funct ...)
{DSA-5611-1}
- glibc 2.37-15
[bullseye] - glibc <not-affected> (Vulnerable code not present)
@@ -164,7 +294,7 @@ CVE-2023-6246 [syslog: Fix heap buffer overflow in
__vsyslog_internal]
NOTE: Fixed by:
https://sourceware.org/git?p=glibc.git;a=commit;h=6bd0e4efcc78f3c0115e5ea9739a1642807450da
NOTE: https://sourceware.org/pipermail/libc-announce/2024/000037.html
NOTE:
https://sourceware.org/git/?p=glibc.git;a=blob_plain;f=advisories/GLIBC-SA-2024-0001;hb=HEAD
-CVE-2023-6779 [syslog: Fix heap buffer overflow in __vsyslog_internal]
+CVE-2023-6779 (An off-by-one heap-based buffer overflow was found in the
__vsyslog_in ...)
{DSA-5611-1}
- glibc 2.37-15
[bullseye] - glibc <not-affected> (Vulnerable code not present)
@@ -172,7 +302,7 @@ CVE-2023-6779 [syslog: Fix heap buffer overflow in
__vsyslog_internal]
NOTE: Fixed by:
https://sourceware.org/git/?p=glibc.git;a=commit;h=7e5a0c286da33159d47d0122007aac016f3e02cd
NOTE: https://sourceware.org/pipermail/libc-announce/2024/000037.html
NOTE:
https://sourceware.org/git/?p=glibc.git;a=blob_plain;f=advisories/GLIBC-SA-2024-0002;hb=HEAD
-CVE-2023-6780 [syslog: Fix integer overflow in __vsyslog_internal]
+CVE-2023-6780 (An integer overflow was found in the __vsyslog_internal
function of th ...)
{DSA-5611-1}
- glibc 2.37-15
[bullseye] - glibc <not-affected> (Vulnerable code not present)
@@ -1415,7 +1545,7 @@ CVE-2023-44401 (The Silverstripe CMS GraphQL Server
serves Silverstripe data as
CVE-2023-42143 (Missing Integrity Check in Shelly TRV
20220811-152343/v2.1.8@5afc928c ...)
NOT-FOR-US: Shelly
CVE-2024-0755 (Memory safety bugs present in Firefox 121, Firefox ESR 115.6,
and Thun ...)
- {DSA-5606-1 DSA-5605-1 DLA-3720-1}
+ {DSA-5606-1 DSA-5605-1 DLA-3727-1 DLA-3720-1}
- firefox 122.0-1
- firefox-esr 115.7.0esr-1
- thunderbird 1:115.7.0-1
@@ -1426,7 +1556,7 @@ CVE-2024-0754 (Some WASM source files could have caused a
crash when loaded in d
- firefox 122.0-1
NOTE:
https://www.mozilla.org/en-US/security/advisories/mfsa2024-01/#CVE-2024-0754
CVE-2024-0753 (In specific HSTS configurations an attacker could have bypassed
HSTS o ...)
- {DSA-5606-1 DSA-5605-1 DLA-3720-1}
+ {DSA-5606-1 DSA-5605-1 DLA-3727-1 DLA-3720-1}
- firefox 122.0-1
- firefox-esr 115.7.0esr-1
- thunderbird 1:115.7.0-1
@@ -1437,7 +1567,7 @@ CVE-2024-0752 (A use-after-free crash could have occurred
on macOS if a Firefox
- firefox <not-affected> (Only affects Firefox on MacOS)
NOTE:
https://www.mozilla.org/en-US/security/advisories/mfsa2024-01/#CVE-2024-0752
CVE-2024-0751 (A malicious devtools extension could have been used to escalate
privil ...)
- {DSA-5606-1 DSA-5605-1 DLA-3720-1}
+ {DSA-5606-1 DSA-5605-1 DLA-3727-1 DLA-3720-1}
- firefox 122.0-1
- firefox-esr 115.7.0esr-1
- thunderbird 1:115.7.0-1
@@ -1445,7 +1575,7 @@ CVE-2024-0751 (A malicious devtools extension could have
been used to escalate p
NOTE:
https://www.mozilla.org/en-US/security/advisories/mfsa2024-02/#CVE-2024-0751
NOTE:
https://www.mozilla.org/en-US/security/advisories/mfsa2024-04/#CVE-2024-0751
CVE-2024-0750 (A bug in popup notifications delay calculation could have made
it poss ...)
- {DSA-5606-1 DSA-5605-1 DLA-3720-1}
+ {DSA-5606-1 DSA-5605-1 DLA-3727-1 DLA-3720-1}
- firefox 122.0-1
- firefox-esr 115.7.0esr-1
- thunderbird 1:115.7.0-1
@@ -1453,7 +1583,7 @@ CVE-2024-0750 (A bug in popup notifications delay
calculation could have made it
NOTE:
https://www.mozilla.org/en-US/security/advisories/mfsa2024-02/#CVE-2024-0750
NOTE:
https://www.mozilla.org/en-US/security/advisories/mfsa2024-04/#CVE-2024-0750
CVE-2024-0749 (A phishing site could have repurposed an `about:` dialog to
show phish ...)
- {DSA-5606-1 DSA-5605-1 DLA-3720-1}
+ {DSA-5606-1 DSA-5605-1 DLA-3727-1 DLA-3720-1}
- firefox 122.0-1
- firefox-esr 115.7.0esr-1
- thunderbird 1:115.7.0-1
@@ -1464,7 +1594,7 @@ CVE-2024-0748 (A compromised content process could have
updated the document URI
- firefox 122.0-1
NOTE:
https://www.mozilla.org/en-US/security/advisories/mfsa2024-01/#CVE-2024-0748
CVE-2024-0747 (When a parent page loaded a child in an iframe with
`unsafe-inline`, t ...)
- {DSA-5606-1 DSA-5605-1 DLA-3720-1}
+ {DSA-5606-1 DSA-5605-1 DLA-3727-1 DLA-3720-1}
- firefox 122.0-1
- firefox-esr 115.7.0esr-1
- thunderbird 1:115.7.0-1
@@ -1472,7 +1602,7 @@ CVE-2024-0747 (When a parent page loaded a child in an
iframe with `unsafe-inlin
NOTE:
https://www.mozilla.org/en-US/security/advisories/mfsa2024-02/#CVE-2024-0747
NOTE:
https://www.mozilla.org/en-US/security/advisories/mfsa2024-04/#CVE-2024-0747
CVE-2024-0746 (A Linux user opening the print preview dialog could have caused
the br ...)
- {DSA-5606-1 DSA-5605-1 DLA-3720-1}
+ {DSA-5606-1 DSA-5605-1 DLA-3727-1 DLA-3720-1}
- firefox 122.0-1
- firefox-esr 115.7.0esr-1
- thunderbird 1:115.7.0-1
@@ -1492,7 +1622,7 @@ CVE-2024-0743 (An unchecked return value in TLS handshake
code could have caused
NOTE: https://bugzilla.mozilla.org/show_bug.cgi?id=1867408
NOTE:
https://hg.mozilla.org/projects/nss/rev/1bda168c0da97e19e5f14bc4227c15c0a9f493b
CVE-2024-0742 (It was possible for certain browser prompts and dialogs to be
activate ...)
- {DSA-5606-1 DSA-5605-1 DLA-3720-1}
+ {DSA-5606-1 DSA-5605-1 DLA-3727-1 DLA-3720-1}
- firefox 122.0-1
- firefox-esr 115.7.0esr-1
- thunderbird 1:115.7.0-1
@@ -1500,7 +1630,7 @@ CVE-2024-0742 (It was possible for certain browser
prompts and dialogs to be act
NOTE:
https://www.mozilla.org/en-US/security/advisories/mfsa2024-02/#CVE-2024-0742
NOTE:
https://www.mozilla.org/en-US/security/advisories/mfsa2024-04/#CVE-2024-0742
CVE-2024-0741 (An out of bounds write in ANGLE could have allowed an attacker
to corr ...)
- {DSA-5606-1 DSA-5605-1 DLA-3720-1}
+ {DSA-5606-1 DSA-5605-1 DLA-3727-1 DLA-3720-1}
- firefox 122.0-1
- firefox-esr 115.7.0esr-1
- thunderbird 1:115.7.0-1
@@ -2503,37 +2633,37 @@ CVE-2024-20923
CVE-2024-20925
- openjfx <not-affected> (Only affects JavaFX 8)
CVE-2024-20945
- {DSA-5604-1}
+ {DSA-5604-1 DLA-3728-1}
- openjdk-8 8u402-ga-1
- openjdk-11 11.0.22+7-1
- openjdk-17 17.0.10+7-1
- openjdk-21 21.0.2+13-1
CVE-2024-20926 (Vulnerability in the Oracle Java SE, Oracle GraalVM for JDK,
Oracle Gr ...)
- {DSA-5604-1}
+ {DSA-5604-1 DLA-3728-1}
- openjdk-8 8u402-ga-1
- openjdk-11 11.0.22+7-1
- openjdk-17 17.0.10+7-1
- openjdk-21 21.0.2+13-1
CVE-2024-20921
- {DSA-5604-1}
+ {DSA-5604-1 DLA-3728-1}
- openjdk-8 8u402-ga-1
- openjdk-11 11.0.22+7-1
- openjdk-17 17.0.10+7-1
- openjdk-21 21.0.2+13-1
CVE-2024-20919
- {DSA-5604-1}
+ {DSA-5604-1 DLA-3728-1}
- openjdk-8 8u402-ga-1
- openjdk-11 11.0.22+7-1
- openjdk-17 17.0.10+7-1
- openjdk-21 21.0.2+13-1
CVE-2024-20952 (Vulnerability in the Oracle Java SE, Oracle GraalVM for JDK,
Oracle Gr ...)
- {DSA-5604-1}
+ {DSA-5604-1 DLA-3728-1}
- openjdk-8 8u402-ga-1
- openjdk-11 11.0.22+7-1
- openjdk-17 17.0.10+7-1
- openjdk-21 21.0.2+13-1
CVE-2024-20918 (Vulnerability in the Oracle Java SE, Oracle GraalVM for JDK,
Oracle Gr ...)
- {DSA-5604-1}
+ {DSA-5604-1 DLA-3728-1}
- openjdk-8 8u402-ga-1
- openjdk-11 11.0.22+7-1
- openjdk-17 17.0.10+7-1
@@ -48458,8 +48588,8 @@ CVE-2023-1615 (The Ultimate Addons for Contact Form 7
plugin for WordPress is vu
NOT-FOR-US: WordPress plugin
CVE-2023-1614 (The WP Custom Author URL WordPress plugin before 1.0.5 does not
saniti ...)
NOT-FOR-US: WordPress plugin
-CVE-2023-28807
- RESERVED
+CVE-2023-28807 (In Zscaler Internet Access (ZIA) a mismatch between Connect
Host and C ...)
+ TODO: check
CVE-2023-28806
RESERVED
CVE-2023-28805 (An Improper Input Validation vulnerability in Zscaler Client
Connector ...)
View it on GitLab:
https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/02c5a1ae29fbf96aed4c0b002a4c50260bc2f424
--
View it on GitLab:
https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/02c5a1ae29fbf96aed4c0b002a4c50260bc2f424
You're receiving this email because of your account on salsa.debian.org.
_______________________________________________
debian-security-tracker-commits mailing list
[email protected]
https://alioth-lists.debian.net/cgi-bin/mailman/listinfo/debian-security-tracker-commits
