[Git][security-tracker-team/security-tracker][master] automatic update

Salvatore Bonaccorso (@carnil) Fri, 09 Feb 2024 12:13:19 -0800


Salvatore Bonaccorso pushed to branch master at Debian Security Tracker / 
security-tracker



Commits:
de94d575 by security tracker role at 2024-02-09T20:11:58+00:00
automatic update

- - - - -


1 changed file:

- data/CVE/list


Changes:

=====================================
data/CVE/list
=====================================
@@ -1,3 +1,95 @@
+CVE-2024-25679 (In PQUIC before 5bde5bb, retention of unused initial 
encryption keys a ...)
+       TODO: check
+CVE-2024-25678 (In LiteSpeed QUIC (LSQUIC) Library before 4.0.4, DCID 
validation is mi ...)
+       TODO: check
+CVE-2024-25677 (In Min before 1.31.0, local files are not correctly treated as 
unique  ...)
+       TODO: check
+CVE-2024-25675 (An issue was discovered in MISP before 2.4.184. A client does 
not need ...)
+       TODO: check
+CVE-2024-25674 (An issue was discovered in MISP before 2.4.184. Organisation 
logo uplo ...)
+       TODO: check
+CVE-2024-25454 (Bento4 v1.6.0-640 was discovered to contain a NULL pointer 
dereference ...)
+       TODO: check
+CVE-2024-25453 (Bento4 v1.6.0-640 was discovered to contain a NULL pointer 
dereference ...)
+       TODO: check
+CVE-2024-25452 (Bento4 v1.6.0-640 was discovered to contain an out-of-memory 
bug via t ...)
+       TODO: check
+CVE-2024-25451 (Bento4 v1.6.0-640 was discovered to contain an out-of-memory 
bug via t ...)
+       TODO: check
+CVE-2024-25450 (imlib2 v1.9.1 was discovered to mishandle memory allocation in 
the fun ...)
+       TODO: check
+CVE-2024-25448 (An issue in the imlib_free_image_and_decache function of 
imlib2 v1.9.1 ...)
+       TODO: check
+CVE-2024-25447 (An issue in the imlib_load_image_with_error_return function of 
imlib2  ...)
+       TODO: check
+CVE-2024-25446 (An issue in the HuginBase::PTools::setDestImage function of 
Hugin v202 ...)
+       TODO: check
+CVE-2024-25445 (Improper handling of values in 
HuginBase::PTools::Transform::transform ...)
+       TODO: check
+CVE-2024-25443 (An issue in the HuginBase::ImageVariable<double>::linkWith 
function of ...)
+       TODO: check
+CVE-2024-25442 (An issue in the HuginBase::PanoramaMemento::loadPTScript 
function of H ...)
+       TODO: check
+CVE-2024-25318 (Code-projects Hotel Managment System 1.0 allows SQL Injection 
via the  ...)
+       TODO: check
+CVE-2024-25316 (Code-projects Hotel Managment System 1.0 allows SQL Injection 
via the  ...)
+       TODO: check
+CVE-2024-25315 (Code-projects Hotel Managment System 1.0, allows SQL Injection 
via the ...)
+       TODO: check
+CVE-2024-25314 (Code-projects Hotel Managment System 1.0, allows SQL Injection 
via the ...)
+       TODO: check
+CVE-2024-25313 (Code-projects Simple School Managment System 1.0 allows 
Authentication ...)
+       TODO: check
+CVE-2024-25312 (Code-projects Simple School Managment System 1.0 allows SQL 
Injection  ...)
+       TODO: check
+CVE-2024-25310 (Code-projects Simple School Managment System 1.0 allows SQL 
Injection  ...)
+       TODO: check
+CVE-2024-25309 (Code-projects Simple School Managment System 1.0 allows SQL 
Injection  ...)
+       TODO: check
+CVE-2024-25308 (Code-projects Simple School Managment System 1.0 allows SQL 
Injection  ...)
+       TODO: check
+CVE-2024-25307 (Code-projects Cinema Seat Reservation System 1.0 allows SQL 
Injection  ...)
+       TODO: check
+CVE-2024-25306 (Code-projects Simple School Managment System 1.0 allows SQL 
Injection  ...)
+       TODO: check
+CVE-2024-25305 (Code-projects Simple School Managment System 1.0 allows 
Authentication ...)
+       TODO: check
+CVE-2024-25304 (Code-projects Simple School Managment System 1.0 allows SQL 
Injection  ...)
+       TODO: check
+CVE-2024-25302 (Sourcecodester Event Student Attendance System 1.0, allows SQL 
Injecti ...)
+       TODO: check
+CVE-2024-24776 (Mattermost fails to check the required permissions in thePOST 
/api/v4/ ...)
+       TODO: check
+CVE-2024-24774 (Mattermost Jira Plugin handling subscriptions fails to check 
the secur ...)
+       TODO: check
+CVE-2024-23319 (Mattermost Jira Plugin fails to protect against logout CSRF 
allowing a ...)
+       TODO: check
+CVE-2024-22119 (The cause of vulnerability is improper validation of form 
input field  ...)
+       TODO: check
+CVE-2024-21762 (A out-of-bounds write in Fortinet FortiOS versions 7.4.0 
through 7.4.2 ...)
+       TODO: check
+CVE-2024-1402 (Mattermost fails to check if a custom emoji reaction exists 
when sendi ...)
+       TODO: check
+CVE-2024-1247 (Concrete CMS version 9 before 9.2.5 is vulnerable tostored XSS 
via the ...)
+       TODO: check
+CVE-2024-1246 (Concrete CMSin version 9 before 9.2.5is vulnerable to reflected 
XSS vi ...)
+       TODO: check
+CVE-2024-1245 (Concrete CMSversion 9 before 9.2.5 is vulnerable to stored XSS 
in file ...)
+       TODO: check
+CVE-2023-6724 (Authorization Bypass Through User-Controlled Key vulnerability 
in Soft ...)
+       TODO: check
+CVE-2023-6716
+       REJECTED
+CVE-2023-6677 (Improper Neutralization of Special Elements used in an SQL 
Command ('S ...)
+       TODO: check
+CVE-2023-50386 (Improper Control of Dynamically-Managed Code Resources, 
Unrestricted U ...)
+       TODO: check
+CVE-2023-50298 (Exposure of Sensitive Information to an Unauthorized Actor 
vulnerabili ...)
+       TODO: check
+CVE-2023-50292 (Incorrect Permission Assignment for Critical Resource, 
Improper Contro ...)
+       TODO: check
+CVE-2023-50291 (Insufficiently Protected Credentials vulnerability in Apache 
Solr.  Th ...)
+       TODO: check
 CVE-2024-25107 (WikiDiscover is an extension designed for use with a 
CreateWiki manage ...)
        NOT-FOR-US: MediaWiki extension
 CVE-2024-25106 (OpenObserve is a observability platform built specifically for 
logs, m ...)
@@ -577,6 +669,7 @@ CVE-2024-1271 [privileges escalation from root to domain 
admin]
        NOTE: https://bugzilla.redhat.com/show_bug.cgi?id=2262978
        TODO: only little information in RHBZ#2262978
 CVE-2024-24577 (libgit2 is a portable C implementation of the Git core methods 
provide ...)
+       {DSA-5619-1}
        - libgit2 1.7.2+ds-1 (bug #1063416)
        NOTE: 
https://github.com/libgit2/libgit2/security/advisories/GHSA-j2v7-4f6v-gpg8
        NOTE: Fixed by: 
https://github.com/libgit2/libgit2/commit/eb4c1716cd92bf56f2770653a915d5fc01eab8f3
 (v1.6.5)
@@ -1566,7 +1659,7 @@ CVE-2024-1141 (A vulnerability was found in 
python-glance-store. The issue occur
        [bullseye] - python-glance-store <no-dsa> (Minor issue)
        NOTE: https://bugzilla.redhat.com/show_bug.cgi?id=2258836
        TODO: check, missing details in RHBZ#2258836
-CVE-2024-0935 (An insertion of Sensitive Information into Log File 
vulnerability is a ...)
+CVE-2024-0935 (Insertion of Sensitive Information into Log File 
vulnerabilities are a ...)
        NOT-FOR-US: DELMIA Apriso
 CVE-2024-0704
        REJECTED



View it on GitLab: 
https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/de94d575afc50297f5b880d79c06b8e4070c2894

-- 
View it on GitLab: 
https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/de94d575afc50297f5b880d79c06b8e4070c2894
You're receiving this email because of your account on salsa.debian.org.

_______________________________________________
debian-security-tracker-commits mailing list
[email protected]
https://alioth-lists.debian.net/cgi-bin/mailman/listinfo/debian-security-tracker-commits

[Git][security-tracker-team/security-tracker][master] automatic update

Reply via email to