Salvatore Bonaccorso pushed to branch master at Debian Security Tracker /
security-tracker
Commits:
43f1d5cf by security tracker role at 2024-02-10T08:11:56+00:00
automatic update
- - - - -
1 changed file:
- data/CVE/list
Changes:
=====================================
data/CVE/list
=====================================
@@ -1,3 +1,57 @@
+CVE-2024-25109 (ManageWiki is a MediaWiki extension allowing users to manage
wikis. Sp ...)
+ TODO: check
+CVE-2024-24831 (Improper Neutralization of Input During Web Page Generation
('Cross-si ...)
+ TODO: check
+CVE-2024-24828 (pkg is tool design to bundle Node.js projects into an
executables. Any ...)
+ TODO: check
+CVE-2024-24804 (Improper Neutralization of Input During Web Page Generation
('Cross-si ...)
+ TODO: check
+CVE-2024-24803 (Improper Neutralization of Input During Web Page Generation
('Cross-si ...)
+ TODO: check
+CVE-2024-24801 (Improper Neutralization of Input During Web Page Generation
('Cross-si ...)
+ TODO: check
+CVE-2024-24717 (Improper Neutralization of Input During Web Page Generation
('Cross-si ...)
+ TODO: check
+CVE-2024-24713 (Improper Neutralization of Input During Web Page Generation
('Cross-si ...)
+ TODO: check
+CVE-2024-24712 (Improper Neutralization of Input During Web Page Generation
('Cross-si ...)
+ TODO: check
+CVE-2024-23327 (Envoy is a high-performance edge/middle/service proxy. When
PPv2 is en ...)
+ TODO: check
+CVE-2024-23325 (Envoy is a high-performance edge/middle/service proxy. Envoy
crashes i ...)
+ TODO: check
+CVE-2024-23324 (Envoy is a high-performance edge/middle/service proxy.
External authen ...)
+ TODO: check
+CVE-2024-23323 (Envoy is a high-performance edge/middle/service proxy. The
regex expre ...)
+ TODO: check
+CVE-2024-23322 (Envoy is a high-performance edge/middle/service proxy. Envoy
will cras ...)
+ TODO: check
+CVE-2024-21624 (nonebot2 is a cross-platform Python asynchronous chatbot
framework wri ...)
+ TODO: check
+CVE-2024-21490 (This affects versions of the package angular from 1.3.0. A
regular exp ...)
+ TODO: check
+CVE-2024-1406 (A vulnerability was found in Linksys WRT54GL 4.30.18. It has
been decl ...)
+ TODO: check
+CVE-2024-1405 (A vulnerability was found in Linksys WRT54GL 4.30.18. It has
been clas ...)
+ TODO: check
+CVE-2024-1404 (A vulnerability was found in Linksys WRT54GL 4.30.18 and
classified as ...)
+ TODO: check
+CVE-2024-0596 (The Awesome Support \u2013 WordPress HelpDesk & Support Plugin
plugin ...)
+ TODO: check
+CVE-2024-0595 (The Awesome Support \u2013 WordPress HelpDesk & Support Plugin
plugin ...)
+ TODO: check
+CVE-2024-0594 (The Awesome Support \u2013 WordPress HelpDesk & Support Plugin
plugin ...)
+ TODO: check
+CVE-2023-50349 (Sametime is impacted by a Cross Site Request Forgery (CSRF)
vulnerabil ...)
+ TODO: check
+CVE-2023-45718 (Sametime is impacted by a failure to invalidate sessions. The
applica ...)
+ TODO: check
+CVE-2023-45716 (Sametime is impacted by sensitive information passed in URL.)
+ TODO: check
+CVE-2023-45698 (Sametime is impacted by lack of clickjacking protection in
Outlook add ...)
+ TODO: check
+CVE-2023-45696 (Sametime is impacted by sensitive fields with autocomplete
enabled in ...)
+ TODO: check
CVE-2024-XXXX [potential information disclosure vulnerability]
- diffoscope 256
NOTE:
https://salsa.debian.org/reproducible-builds/diffoscope/-/issues/361
@@ -80,7 +134,7 @@ CVE-2024-1402 (Mattermost fails to check if a custom emoji
reaction exists when
- mattermost-server <itp> (bug #823556)
CVE-2024-1247 (Concrete CMS version 9 before 9.2.5 is vulnerable tostored XSS
via the ...)
NOT-FOR-US: Concrete CMS
-CVE-2024-1246 (Concrete CMSin version 9 before 9.2.5is vulnerable to reflected
XSS vi ...)
+CVE-2024-1246 (Concrete CMS in version 9 before 9.2.5 is vulnerable to
reflected XSS ...)
NOT-FOR-US: Concrete CMS
CVE-2024-1245 (Concrete CMSversion 9 before 9.2.5 is vulnerable to stored XSS
in file ...)
NOT-FOR-US: Concrete CMS
@@ -8736,7 +8790,7 @@ CVE-2023-6936
[bookworm] - wolfssl <no-dsa> (Minor issue)
[bullseye] - wolfssl <no-dsa> (Minor issue)
NOTE:
https://github.com/wolfSSL/wolfssl/blob/v5.6.6-stable/ChangeLog.md#vulnerabilities
-CVE-2023-6935
+CVE-2023-6935 (wolfSSL SP Math All RSA implementation is vulnerable to the
Marvin Att ...)
[experimental] - wolfssl 5.6.6-1
- wolfssl 5.6.6-1.2 (bug #1059357)
[bookworm] - wolfssl <no-dsa> (Minor issue)
@@ -53150,8 +53204,8 @@ CVE-2023-28079 (PowerPath for Windows, versions 7.0,
7.1 & 7.2 contains Insecure
NOT-FOR-US: PowerPath
CVE-2023-28078
RESERVED
-CVE-2023-28077
- RESERVED
+CVE-2023-28077 (Dell BSAFE SSL-J, versions prior to 6.5, and versions 7.0 and
7.1 cont ...)
+ TODO: check
CVE-2023-28076 (CloudLink 7.1.2 and all prior versions contain a broken or
risky crypt ...)
NOT-FOR-US: Dell
CVE-2023-28075 (Dell BIOS contain a Time-of-check Time-of-use vulnerability in
BIOS. A ...)
View it on GitLab:
https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/43f1d5cf0bb97983f98708f60aa35cc3fb621b1f
--
View it on GitLab:
https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/43f1d5cf0bb97983f98708f60aa35cc3fb621b1f
You're receiving this email because of your account on salsa.debian.org.
_______________________________________________
debian-security-tracker-commits mailing list
[email protected]
https://alioth-lists.debian.net/cgi-bin/mailman/listinfo/debian-security-tracker-commits
