[Git][security-tracker-team/security-tracker][master] automatic update

Salvatore Bonaccorso (@carnil) Fri, 09 Feb 2024 00:21:11 -0800


Salvatore Bonaccorso pushed to branch master at Debian Security Tracker / 
security-tracker



Commits:
115ec7bf by security tracker role at 2024-02-09T08:11:33+00:00
automatic update

- - - - -


1 changed file:

- data/CVE/list


Changes:

=====================================
data/CVE/list
=====================================
@@ -1,3 +1,101 @@
+CVE-2024-25107 (WikiDiscover is an extension designed for use with a 
CreateWiki manage ...)
+       TODO: check
+CVE-2024-25106 (OpenObserve is a observability platform built specifically for 
logs, m ...)
+       TODO: check
+CVE-2024-25004 (KiTTY versions 0.76.1.13 and before is vulnerable to a 
stack-based buf ...)
+       TODO: check
+CVE-2024-25003 (KiTTY versions 0.76.1.13 and before is vulnerable to a 
stack-based buf ...)
+       TODO: check
+CVE-2024-24830 (OpenObserve is a observability platform built specifically for 
logs, m ...)
+       TODO: check
+CVE-2024-24829 (Sentry is an error tracking and performance monitoring 
platform. Sentr ...)
+       TODO: check
+CVE-2024-24825 (DIRAC is a distributed resource framework. In affected 
versions any us ...)
+       TODO: check
+CVE-2024-24821 (Composer is a dependency Manager for the PHP language. In 
affected ver ...)
+       TODO: check
+CVE-2024-24820 (Icinga Director is a tool designed to make Icinga 2 
configuration hand ...)
+       TODO: check
+CVE-2024-24819 (icingaweb2-module-incubator is a working project of bleeding 
edge Icin ...)
+       TODO: check
+CVE-2024-24499 (SQL Injection vulnerability in Employee Management System 
v.1.0 allows ...)
+       TODO: check
+CVE-2024-24498 (Unrestricted File Upload vulnerability in Employee Management 
System 1 ...)
+       TODO: check
+CVE-2024-24497 (SQL Injection vulnerability in Employee Management System 
v.1.0 allows ...)
+       TODO: check
+CVE-2024-24496 (An issue in Daily Habit Tracker v.1.0 allows a remote attacker 
to mani ...)
+       TODO: check
+CVE-2024-24495 (SQL Injection vulnerability in delete-tracker.php in Daily 
Habit Track ...)
+       TODO: check
+CVE-2024-24494 (Cross Site Scripting vulnerability in Daily Habit Tracker 
v.1.0 allows ...)
+       TODO: check
+CVE-2024-24393 (File Upload vulnerability index.php in Pichome v.1.1.01 allows 
a remot ...)
+       TODO: check
+CVE-2024-24308 (SQL Injection vulnerability in Boostmyshop (boostmyshopagent) 
module f ...)
+       TODO: check
+CVE-2024-23756 (The HTTP PUT and DELETE methods are enabled in the Plone 
official Dock ...)
+       TODO: check
+CVE-2024-23749 (KiTTY versions 0.76.1.13 and before is vulnerable to command 
injection ...)
+       TODO: check
+CVE-2024-23639 (Micronaut Framework is a modern, JVM-based, full stack Java 
framework  ...)
+       TODO: check
+CVE-2024-22332 (The IBM Integration Bus for z/OS 10.1 through 10.1.0.2 
AdminAPI is vul ...)
+       TODO: check
+CVE-2024-22318 (IBM i Access Client Solutions (ACS) 1.1.2 through 1.1.4 and 
1.1.4.3 th ...)
+       TODO: check
+CVE-2024-1353 (A vulnerability, which was classified as critical, has been 
found in P ...)
+       TODO: check
+CVE-2024-1122 (The Event Manager, Events Calendar, Events Tickets for 
WooCommerce \u2 ...)
+       TODO: check
+CVE-2024-0842 (The Backuply \u2013 Backup, Restore, Migrate and Clone plugin 
for Word ...)
+       TODO: check
+CVE-2024-0657 (The Internal Link Juicer: SEO Auto Linker for WordPress plugin 
for Wor ...)
+       TODO: check
+CVE-2023-51761 (In Emerson Rosemount GC370XA, GC700XA, and GC1500XA products, 
an unaut ...)
+       TODO: check
+CVE-2023-51630 (Paessler PRTG Network Monitor Cross-Site Scripting 
Authentication Bypa ...)
+       TODO: check
+CVE-2023-50026 (SQL injection vulnerability in Presta Monster "Multi 
Accessories Pro"  ...)
+       TODO: check
+CVE-2023-49716 (In Emerson Rosemount GC370XA, GC700XA, and GC1500XA products, 
an authe ...)
+       TODO: check
+CVE-2023-49101 (WebAdmin in Axigen 10.3.x before 10.3.3.61, 10.4.x before 
10.4.24, and ...)
+       TODO: check
+CVE-2023-47132 (An issue discovered in N-able N-central before 2023.6 and 
earlier allo ...)
+       TODO: check
+CVE-2023-47131 (The N-able PassPortal extension before 3.29.2 for Chrome 
inserts sensi ...)
+       TODO: check
+CVE-2023-46687 (In Emerson Rosemount GC370XA, GC700XA, and GC1500XA products, 
an unaut ...)
+       TODO: check
+CVE-2023-46350 (SQL injection vulnerability in InnovaDeluxe "Manufacturer or 
supplier  ...)
+       TODO: check
+CVE-2023-45191 (IBM Engineering Lifecycle Optimization 7.0.2 and 7.0.3 uses an 
inadequ ...)
+       TODO: check
+CVE-2023-45190 (IBM Engineering Lifecycle Optimization 7.0.2 and 7.0.3 is 
vulnerable t ...)
+       TODO: check
+CVE-2023-45187 (IBM Engineering Lifecycle Optimization - Publishing 7.0.2 and 
7.0.3 do ...)
+       TODO: check
+CVE-2023-43609 (In Emerson Rosemount GC370XA, GC700XA, and GC1500XA products, 
an unaut ...)
+       TODO: check
+CVE-2023-42016 (IBM Sterling B2B Integrator Standard Edition 6.0.0.0 through 
6.0.3.8 a ...)
+       TODO: check
+CVE-2023-40266 (An issue was discovered in Atos Unify OpenScape Xpressions 
WebAssistan ...)
+       TODO: check
+CVE-2023-40265 (An issue was discovered in Atos Unify OpenScape Xpressions 
WebAssistan ...)
+       TODO: check
+CVE-2023-40264 (An issue was discovered in Atos Unify OpenScape Voice Trace 
Manager V8 ...)
+       TODO: check
+CVE-2023-40263 (An issue was discovered in Atos Unify OpenScape Voice Trace 
Manager V8 ...)
+       TODO: check
+CVE-2023-40262 (An issue was discovered in Atos Unify OpenScape Voice Trace 
Manager V8 ...)
+       TODO: check
+CVE-2023-39683 (Cross Site Scripting (XSS) vulnerability in EasyEmail v.4.12.2 
and bef ...)
+       TODO: check
+CVE-2023-32341 (IBM Sterling B2B Integrator 6.0.0.0 through 6.0.3.8 and 
6.1.0.0 throug ...)
+       TODO: check
+CVE-2023-31506 (A cross-site scripting (XSS) vulnerability in Grav versions 
1.7.44 and ...)
+       TODO: check
 CVE-2023-4639 [Cookie Smuggling/Spoofing]
        - undertow <unfixed>
        NOTE: https://bugzilla.redhat.com/show_bug.cgi?id=2166022
@@ -739,7 +837,7 @@ CVE-2023-47354 (An issue in the PowerOffWidgetReceiver 
function of Super Reboot
        NOT-FOR-US: Super Reboot (Root) Recovery
 CVE-2023-47353 (An issue in the com.oneed.dvr.service.DownloadFirmwareService 
componen ...)
        NOT-FOR-US: com.oneed.dvr.service.DownloadFirmwareService component of 
IMOU GO
-CVE-2023-47022 (An issue in NCR Terminal Handler v.1.5.1 allows a remote 
attacker to e ...)
+CVE-2023-47022 (Insecure Direct Object Reference in NCR Terminal Handler 
v.1.5.1 allow ...)
        NOT-FOR-US: NCR Terminal Handler
 CVE-2023-46360 (Hardy Barth cPH2 eCharge Ladestation v1.87.0 and earlier is 
vulnerable ...)
        NOT-FOR-US: Hardy Barth cPH2 eCharge Ladestation
@@ -3277,6 +3375,7 @@ CVE-2024-23224 (The issue was addressed with improved 
checks. This issue is fixe
 CVE-2024-23223 (A privacy issue was addressed with improved handling of files. 
This is ...)
        NOT-FOR-US: Apple
 CVE-2024-23222 (A type confusion issue was addressed with improved checks. 
This issue  ...)
+       {DSA-5618-1}
        - webkit2gtk 2.42.5-1
        [buster] - webkit2gtk <end-of-life> (EOL in buster LTS)
        - wpewebkit 2.42.5-1
@@ -3294,6 +3393,7 @@ CVE-2024-23215 (An issue was addressed with improved 
handling of temporary files
 CVE-2024-23214 (Multiple memory corruption issues were addressed with improved 
memory  ...)
        NOT-FOR-US: Apple
 CVE-2024-23213 (The issue was addressed with improved memory handling. This 
issue is f ...)
+       {DSA-5618-1}
        - webkit2gtk 2.42.5-1
        [buster] - webkit2gtk <end-of-life> (EOL in buster LTS)
        - wpewebkit 2.42.5-1
@@ -3313,6 +3413,7 @@ CVE-2024-23208 (The issue was addressed with improved 
memory handling. This issu
 CVE-2024-23207 (This issue was addressed with improved redaction of sensitive 
informat ...)
        NOT-FOR-US: Apple
 CVE-2024-23206 (An access issue was addressed with improved access 
restrictions. This  ...)
+       {DSA-5618-1}
        - webkit2gtk 2.42.5-1
        [buster] - webkit2gtk <end-of-life> (EOL in buster LTS)
        - wpewebkit 2.42.5-1
@@ -4603,7 +4704,7 @@ CVE-2024-21885 [Heap buffer overflow in 
XISendDeviceHierarchyEvent]
        [bookworm] - xwayland <no-dsa> (Minor issue; Xwayland shouldn't be 
running as root)
        NOTE: https://lists.x.org/archives/xorg/2024-January/061525.html
        NOTE: 
https://gitlab.freedesktop.org/xorg/xserver/-/commit/4a5e9b1895627d40d26045bd0b7ef3dce503cbd1
-CVE-2024-0229 [Reattaching to different master device may lead to 
out-of-bounds memory access]
+CVE-2024-0229 (An out-of-bounds memory access flaw was found in the X.Org 
server. Thi ...)
        {DSA-5603-1 DLA-3721-1}
        - xorg-server 2:21.1.11-1
        - xwayland 2:23.2.4-1
@@ -45082,7 +45183,7 @@ CVE-2023-30561 (The data flowing between the PCU and 
its modules is insecure. A
        NOT-FOR-US: Alarisa
 CVE-2023-30560 (The configuration from the PCU can be modified without 
authentication  ...)
        NOT-FOR-US: Alarisa
-CVE-2023-30559 (The configuration from the PCU can be modified without 
authentication  ...)
+CVE-2023-30559 (The firmware update package for the wireless card is not 
properly sign ...)
        NOT-FOR-US: Alarisa
 CVE-2023-30558 (Archery is an open source SQL audit platform. The Archery 
project cont ...)
        NOT-FOR-US: Archery
@@ -56108,8 +56209,8 @@ CVE-2023-27003
        RESERVED
 CVE-2023-27002
        RESERVED
-CVE-2023-27001
-       RESERVED
+CVE-2023-27001 (An issue discovered in Egerie Risk Manager v4.0.5 allows 
attackers to  ...)
+       TODO: check
 CVE-2023-27000 (Cross Site Scripting vulnerability found in NetScoutnGeniusOne 
v.6.3.4 ...)
        NOT-FOR-US: NetScoutnGeniusOne
 CVE-2023-26999 (An issue found in NetScout nGeniusOne v.6.3.4 allows a remote 
attacker ...)
@@ -61070,8 +61171,8 @@ CVE-2023-25367 (Siglent SDS 1104X-E 
SDS1xx4X-E_V6.1.37R9.ADS allows unfiltered u
        NOT-FOR-US: Siglent SDS 1104X-E SDS1xx4X-E_V6.1.37R9.ADS
 CVE-2023-25366 (In Siglent SDS 1104X-E SDS1xx4X-E_V6.1.37R9.ADS, insecure SCPI 
interfa ...)
        NOT-FOR-US: Siglent SDS 1104X-E SDS1xx4X-E_V6.1.37R9.ADS
-CVE-2023-25365
-       RESERVED
+CVE-2023-25365 (Cross Site Scripting vulnerability found in October CMS 
v.3.2.0 allows ...)
+       TODO: check
 CVE-2023-25364
        RESERVED
 CVE-2023-25363 (A use-after-free vulnerability in 
WebCore::RenderLayer::updateDescenda ...)
@@ -135911,7 +136012,7 @@ CVE-2022-0933
 CVE-2022-0932 (Missing Authorization in GitHub repository saleor/saleor prior 
to 3.1. ...)
        NOT-FOR-US: saleor
 CVE-2022-0931
-       RESERVED
+       REJECTED
        NOT-FOR-US: Red Hat 3scale API gateway
 CVE-2022-0930 (File upload filter bypass leading to stored XSS in GitHub 
repository m ...)
        NOT-FOR-US: microweber



View it on GitLab: 
https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/115ec7bf14c5548ad341715497543d7522ffc1f8

-- 
View it on GitLab: 
https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/115ec7bf14c5548ad341715497543d7522ffc1f8
You're receiving this email because of your account on salsa.debian.org.

_______________________________________________
debian-security-tracker-commits mailing list
[email protected]
https://alioth-lists.debian.net/cgi-bin/mailman/listinfo/debian-security-tracker-commits

[Git][security-tracker-team/security-tracker][master] automatic update

Reply via email to