Salvatore Bonaccorso pushed to branch master at Debian Security Tracker /
security-tracker
Commits:
beb99bf1 by security tracker role at 2024-02-15T08:12:08+00:00
automatic update
- - - - -
1 changed file:
- data/CVE/list
Changes:
=====================================
data/CVE/list
=====================================
@@ -1,4 +1,56 @@
-CVE-2024-1488 [unrestricted reconfiguration enabled to anyone that may lead to
local privilege escalation]
+CVE-2024-26264 (EBM Technologies RISWEB's specific query function parameter
does not p ...)
+ TODO: check
+CVE-2024-26263 (EBM Technologies RISWEB's specific URL path is not properly
controlled ...)
+ TODO: check
+CVE-2024-26262 (EBM Technologies Uniweb/SoliPACS WebServer's query
functionality lacks ...)
+ TODO: check
+CVE-2024-26261 (The functionality for file download in HGiga OAKlouds' certain
modules ...)
+ TODO: check
+CVE-2024-26260 (The functionality for synchronization in HGiga OAKlouds'
certain moudu ...)
+ TODO: check
+CVE-2024-25941 (The jail(2) system call has not limited a visiblity of
allocated TTYs ...)
+ TODO: check
+CVE-2024-25940 (`bhyveload -h <host-path>` may be used to grant loader access
to the < ...)
+ TODO: check
+CVE-2024-25620 (Helm is a tool for managing Charts. Charts are packages of
pre-configu ...)
+ TODO: check
+CVE-2024-25619 (Mastodon is a free, open-source social network server based on
Activit ...)
+ TODO: check
+CVE-2024-25618 (Mastodon is a free, open-source social network server based on
Activit ...)
+ TODO: check
+CVE-2024-25617 (Squid is an open source caching proxy for the Web supporting
HTTP, HTT ...)
+ TODO: check
+CVE-2024-25559 (URL spoofing vulnerability exists in a-blog cms Ver.3.1.0 to
Ver.3.1.8 ...)
+ TODO: check
+CVE-2024-24386 (An issue in VitalPBX v.3.2.4-5 allows an attacker to execute
arbitrary ...)
+ TODO: check
+CVE-2024-24301 (Command Injection vulnerability discovered in 4ipnet EAP-767
device v3 ...)
+ TODO: check
+CVE-2024-24300 (4ipnet EAP-767 v3.42.00 is vulnerable to Incorrect Access
Control. The ...)
+ TODO: check
+CVE-2024-24256 (SQL Injection vulnerability in Yonyou space-time enterprise
informatio ...)
+ TODO: check
+CVE-2024-21727 (XSS vulnerability in DP Calendar component for Joomla.)
+ TODO: check
+CVE-2024-1523 (EC-WEB FS-EZViewer(Web)'s query functionality lacks proper
restriction ...)
+ TODO: check
+CVE-2024-1482 (An incorrect authorization vulnerability was identified in
GitHub Ente ...)
+ TODO: check
+CVE-2024-1471 (An HTML injection vulnerability exists where an authenticated,
remote ...)
+ TODO: check
+CVE-2024-1367 (A command injection vulnerability exists where an
authenticated, remot ...)
+ TODO: check
+CVE-2024-0708 (The Landing Page Cat \u2013 Coming Soon Page, Maintenance Page
& Squee ...)
+ TODO: check
+CVE-2024-0353 (Local privilege escalation vulnerability potentially allowed an
attack ...)
+ TODO: check
+CVE-2023-6138 (A potential security vulnerability has been identified in the
system B ...)
+ TODO: check
+CVE-2023-51787 (An issue was discovered in Wind River VxWorks 7 22.09 and
23.03. If a ...)
+ TODO: check
+CVE-2023-46596 (Improper input validation in Algosec FireFlow VisualFlow
workflow edit ...)
+ TODO: check
+CVE-2024-1488 (A vulnerability was found in Unbound due to incorrect default
permissi ...)
- unbound <not-affected> (RedHat specific patch vulnerability)
NOTE: https://bugzilla.redhat.com/show_bug.cgi?id=2264183
CVE-2024-25301 (Redaxo v5.15.1 was discovered to contain a remote code
execution (RCE) ...)
@@ -326,11 +378,11 @@ CVE-2023-28374 (Improper input validation for some
Intel(R) PROSet/Wireless and
[bullseye] - firmware-nonfree <no-dsa> (Non-free not supported)
NOTE:
https://www.intel.com/content/www/us/en/security-center/advisory/intel-sa-00947.html
NOTE: Fixed upstream in linux-firmware/20231211
-CVE-2023-49721
+CVE-2023-49721 (An insecure default to allow UEFI Shell in EDK2 was left
enabled in LX ...)
- lxd <unfixed>
NOTE: https://www.openwall.com/lists/oss-security/2024/02/14/4
NOTE: https://bugs.launchpad.net/ubuntu/+source/lxd/+bug/2040139
-CVE-2023-48733
+CVE-2023-48733 (An insecure default to allow UEFI Shell in EDK2 was left
enabled in Ub ...)
{DSA-5624-1}
- edk2 2023.11-7
NOTE: https://www.openwall.com/lists/oss-security/2024/02/14/4
@@ -363,7 +415,7 @@ CVE-2024-24142 (Sourcecodester School Task Manager 1.0
allows SQL Injection via
NOT-FOR-US: Sourcecodester School Task Manager
CVE-2024-22455 (Dell E-Lab Navigator, [3.1.9, 3.2.0], contains an Insecure
Direct Obje ...)
NOT-FOR-US: Dell
-CVE-2024-1485 (A vulnerability was found in the decompression function of
registry-su ...)
+CVE-2024-1485 (A flaw was found in the decompression function of
registry-support. Th ...)
NOT-FOR-US: OpenShift
CVE-2023-6152 (A user changing their email after signing up and verifying it
can chan ...)
- grafana <removed>
@@ -19240,7 +19292,7 @@ CVE-2023-5910 (A vulnerability was found in PopojiCMS
2.0.1 and classified as pr
NOT-FOR-US: PopojiCMS
CVE-2023-47204 (Unsafe YAML deserialization in yaml.Loader in transmute-core
before 1. ...)
NOT-FOR-US: transmute-core
-CVE-2023-46595 (Net-NTLM leak via stored HTML injection in FireFlow's
VisualFlow workf ...)
+CVE-2023-46595 (Net-NTLM leak via HTML injection in FireFlow VisualFlow
workflow edito ...)
NOT-FOR-US: Fireflow
CVE-2023-46448 (Reflected Cross-Site Scripting (XSS) vulnerability in dmpop
Mejiro Com ...)
NOT-FOR-US: dmpop Mejiro
@@ -70962,10 +71014,10 @@ CVE-2023-0077 (Integer overflow or wraparound
vulnerability in CGI component in
NOT-FOR-US: Synology
CVE-2022-4877 (A vulnerability has been found in snoyberg keter up to 1.8.1
and class ...)
NOT-FOR-US: snoyberg keter
-CVE-2022-48220
- RESERVED
-CVE-2022-48219
- RESERVED
+CVE-2022-48220 (Potential vulnerabilities have been identified in certain HP
Desktop P ...)
+ TODO: check
+CVE-2022-48219 (Potential vulnerabilities have been identified in certain HP
Desktop P ...)
+ TODO: check
CVE-2022-48218
RESERVED
CVE-2021-4305 (A vulnerability was found in Woorank robots-txt-guard. It has
been rat ...)
@@ -149899,26 +149951,26 @@ CVE-2022-23094 (Libreswan 4.2 through 4.5 allows
remote attackers to cause a den
NOTE: https://libreswan.org/security/CVE-2022-23094/CVE-2022-23094.txt
NOTE:
https://libreswan.org/security/CVE-2022-23094/CVE-2022-23094-libreswan-4.2-4.3.patch
(4.2-4.3)
NOTE:
https://libreswan.org/security/CVE-2022-23094/CVE-2022-23094-libreswan-4.4-4.5.patch
(4.4-4.5)
-CVE-2022-23093
- RESERVED
-CVE-2022-23092
- RESERVED
-CVE-2022-23091
- RESERVED
-CVE-2022-23090
- RESERVED
-CVE-2022-23089
- RESERVED
-CVE-2022-23088
- RESERVED
-CVE-2022-23087
- RESERVED
-CVE-2022-23086
- RESERVED
-CVE-2022-23085
- RESERVED
-CVE-2022-23084
- RESERVED
+CVE-2022-23093 (ping reads raw IP packets from the network to process
responses in the ...)
+ TODO: check
+CVE-2022-23092 (The implementation of lib9p's handling of RWALK messages was
missing a ...)
+ TODO: check
+CVE-2022-23091 (A particular case of memory sharing is mishandled in the
virtual memor ...)
+ TODO: check
+CVE-2022-23090 (The aio_aqueue function, used by the lio_listio system call,
fails to ...)
+ TODO: check
+CVE-2022-23089 (When dumping core and saving process information,
proc_getargv() might ...)
+ TODO: check
+CVE-2022-23088 (The 802.11 beacon handling routine failed to validate the
length of an ...)
+ TODO: check
+CVE-2022-23087 (The e1000 network adapters permit a variety of modifications
to an Eth ...)
+ TODO: check
+CVE-2022-23086 (Handlers for *_CFG_PAGE read / write ioctls in the mpr, mps,
and mpt d ...)
+ TODO: check
+CVE-2022-23085 (A user-provided integer option was passed to nmreq_copyin()
without ch ...)
+ TODO: check
+CVE-2022-23084 (The total size of the user-provided nmreq to nmreq_copyin()
was first ...)
+ TODO: check
CVE-2022-23083 (NetMaster 12.2 Network Management for TCP/IP and NetMaster
File Transf ...)
NOT-FOR-US: NetMaster
CVE-2022-23082 (In CureKit versions v1.0.1 through v1.1.3 are vulnerable to
path trave ...)
@@ -201090,21 +201142,21 @@ CVE-2021-29642 (GistPad before 0.2.7 allows a
crafted workspace folder to change
CVE-2021-29641 (Directus 8 before 8.8.2 allows remote authenticated users to
execute a ...)
NOT-FOR-US: Directus
CVE-2021-29640
- RESERVED
+ REJECTED
CVE-2021-29639
- RESERVED
+ REJECTED
CVE-2021-29638
- RESERVED
+ REJECTED
CVE-2021-29637
- RESERVED
+ REJECTED
CVE-2021-29636
- RESERVED
+ REJECTED
CVE-2021-29635
- RESERVED
+ REJECTED
CVE-2021-29634
- RESERVED
+ REJECTED
CVE-2021-29633
- RESERVED
+ REJECTED
CVE-2021-29632 (In FreeBSD 13.0-STABLE before n247428-9352de39c3dc,
12.2-STABLE before ...)
- kfreebsd-10 <removed> (unimportant)
NOTE:
https://www.freebsd.org/security/advisories/FreeBSD-SA-22:01.vt.asc
View it on GitLab:
https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/beb99bf1cb702eb5bb9f08e03aad91bb9a1e2b5e
--
View it on GitLab:
https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/beb99bf1cb702eb5bb9f08e03aad91bb9a1e2b5e
You're receiving this email because of your account on salsa.debian.org.
_______________________________________________
debian-security-tracker-commits mailing list
[email protected]
https://alioth-lists.debian.net/cgi-bin/mailman/listinfo/debian-security-tracker-commits
