Salvatore Bonaccorso pushed to branch master at Debian Security Tracker /
security-tracker
Commits:
b91383ac by security tracker role at 2024-02-08T08:12:02+00:00
automatic update
- - - - -
1 changed file:
- data/CVE/list
Changes:
=====================================
data/CVE/list
=====================================
@@ -1,3 +1,51 @@
+CVE-2024-25148 (In Liferay Portal 7.2.0 through 7.4.1, and older unsupported
versions, ...)
+ TODO: check
+CVE-2024-25146 (Liferay Portal 7.2.0 through 7.4.1, and older unsupported
versions, an ...)
+ TODO: check
+CVE-2024-25144 (The IFrame widget in Liferay Portal 7.2.0 through 7.4.3.26,
and older ...)
+ TODO: check
+CVE-2024-24806 (libuv is a multi-platform support library with a focus on
asynchronous ...)
+ TODO: check
+CVE-2024-24350 (File Upload vulnerability in Software Publico e-Sic Livre
v.2.0 and be ...)
+ TODO: check
+CVE-2024-24216 (Zentao v18.0 to v18.10 was discovered to contain a remote code
executi ...)
+ TODO: check
+CVE-2024-24202 (An arbitrary file upload vulnerability in /upgrade/control.php
of ZenT ...)
+ TODO: check
+CVE-2024-24091 (Yealink Meeting Server before v26.0.0.66 was discovered to
contain an ...)
+ TODO: check
+CVE-2024-24026 (An arbitrary File upload vulnerability exists in Novel-Plus
v4.3.0-RC1 ...)
+ TODO: check
+CVE-2024-24025 (An arbitrary File upload vulnerability exists in Novel-Plus
v4.3.0-RC1 ...)
+ TODO: check
+CVE-2024-24024 (An arbitrary File download vulnerability exists in Novel-Plus
v4.3.0-R ...)
+ TODO: check
+CVE-2024-24023 (A SQL injection vulnerability exists in Novel-Plus v4.3.0-RC1
and prio ...)
+ TODO: check
+CVE-2024-24021 (A SQL injection vulnerability exists in Novel-Plus v4.3.0-RC1
and prio ...)
+ TODO: check
+CVE-2024-24018 (A SQL injection vulnerability exists in Novel-Plus v4.3.0-RC1
and prio ...)
+ TODO: check
+CVE-2024-24017 (A SQL injection vulnerability exists in Novel-Plus v4.3.0-RC1
and prio ...)
+ TODO: check
+CVE-2024-24014 (A SQL injection vulnerability exists in Novel-Plus v4.3.0-RC1
and prio ...)
+ TODO: check
+CVE-2024-24003 (jshERP v3.3 is vulnerable to SQL Injection. The
com.jsh.erp.controller ...)
+ TODO: check
+CVE-2024-23448 (An issue was discovered whereby APM Server could log at ERROR
level, a ...)
+ TODO: check
+CVE-2024-22394 (An improper authentication vulnerability has been identified
in SonicW ...)
+ TODO: check
+CVE-2024-0511 (The Royal Elementor Addons and Templates plugin for WordPress
is vulne ...)
+ TODO: check
+CVE-2023-6736 (An issue has been discovered in GitLab EE affecting all
versions start ...)
+ TODO: check
+CVE-2023-5665 (The Payment Forms for Paystack plugin for WordPress is
vulnerable to S ...)
+ TODO: check
+CVE-2023-48974 (Cross Site Scripting vulnerability in Axigen WebMail v.10.5.7
and befo ...)
+ TODO: check
+CVE-2023-47798 (Account lockout in Liferay Portal 7.2.0 through 7.3.0, and
older unsup ...)
+ TODO: check
CVE-2024-1312 [mm: lock_vma_under_rcu() must check vma->anon_vma under vma
lock]
- linux 6.4.11-1
[bookworm] - linux <not-affected> (Vulnerable code not present)
@@ -6,13 +54,13 @@ CVE-2024-1312 [mm: lock_vma_under_rcu() must check
vma->anon_vma under vma lock]
NOTE:
https://git.kernel.org/linus/657b5146955eba331e01b9a6ae89ce2e716ba306 (6.5-rc4)
CVE-2024-1300
NOT-FOR-US: Eclipse Vertx
-CVE-2024-1066 [Resource exhaustion using GraphQL vulnerabilitiesCountByDay]
+CVE-2024-1066 (An issue has been discovered in GitLab EE affecting all
versions from ...)
- gitlab <unfixed>
NOTE:
https://about.gitlab.com/releases/2024/02/07/security-release-gitlab-16-8-2-released/#resource-exhaustion-using-graphql-vulnerabilitiescountbyday
CVE-2023-6386 [ReDoS in CI/CD Pipeline Editor while verifying Pipeline syntax]
- gitlab <unfixed>
NOTE:
https://about.gitlab.com/releases/2024/02/07/security-release-gitlab-16-8-2-released/#redos-in-ci/cd-pipeline-editor-while-verifying-pipeline-syntax
-CVE-2023-6840 [Project maintainers can bypass group's scan result policy
block_branch_modification setting]
+CVE-2023-6840 (An issue has been discovered in GitLab EE affecting all
versions from ...)
- gitlab <unfixed>
NOTE:
https://about.gitlab.com/releases/2024/02/07/security-release-gitlab-16-8-2-released/#project-maintainers-can-bypass-groups-scan-result-policy-block_branch_modification-setting
CVE-2024-1250 [Restrict group access token creation for custom roles]
@@ -11474,13 +11522,13 @@ CVE-2023-XXXX [RCE vulnerability in WP_HTML_Token
class]
[buster] - wordpress <not-affected> (Vulnerable code not present)
NOTE:
https://wordpress.org/documentation/wordpress-version/version-6-4-2/#installation-update-information
NOTE:
https://www.wordfence.com/blog/2023/12/psa-critical-pop-chain-allowing-remote-code-execution-patched-in-wordpress-6-4-2/
-CVE-2023-6536 [NULL pointer dereference in __nvmet_req_complete]
+CVE-2023-6536 (A flaw was found in the Linux kernel's NVMe driver. This issue
may all ...)
- linux <unfixed>
NOTE: https://bugzilla.redhat.com/show_bug.cgi?id=2254052
-CVE-2023-6535 [NULL pointer dereference in nvmet_tcp_execute_request]
+CVE-2023-6535 (A flaw was found in the Linux kernel's NVMe driver. This issue
may all ...)
- linux <unfixed>
NOTE: https://bugzilla.redhat.com/show_bug.cgi?id=2254053
-CVE-2023-6356 [NULL pointer dereference in nvmet_tcp_build_iovec]
+CVE-2023-6356 (A flaw was found in the Linux kernel's NVMe driver. This issue
may all ...)
- linux <unfixed>
NOTE: https://bugzilla.redhat.com/show_bug.cgi?id=2254054
CVE-2023-39804 [Incorrectly handled extension attributes in PAX archives can
lead to a crash]
View it on GitLab:
https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/b91383ac0e24f3e0eefecbdb0bd26dce74cab3d4
--
View it on GitLab:
https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/b91383ac0e24f3e0eefecbdb0bd26dce74cab3d4
You're receiving this email because of your account on salsa.debian.org.
_______________________________________________
debian-security-tracker-commits mailing list
[email protected]
https://alioth-lists.debian.net/cgi-bin/mailman/listinfo/debian-security-tracker-commits
