Salvatore Bonaccorso pushed to branch master at Debian Security Tracker /
security-tracker
Commits:
ce1ff5ff by security tracker role at 2024-02-18T20:12:16+00:00
automatic update
- - - - -
1 changed file:
- data/CVE/list
Changes:
=====================================
data/CVE/list
=====================================
@@ -1,3 +1,171 @@
+CVE-2024-25628 (Alf.io is a free and open source event attendance management
system. I ...)
+ TODO: check
+CVE-2024-25627 (Alf.io is a free and open source event attendance management
system. A ...)
+ TODO: check
+CVE-2024-25468 (An issue in TOTOLINK X5000R V.9.1.0u.6369_B20230113 allows a
remote at ...)
+ TODO: check
+CVE-2024-25298 (An issue was discovered in REDAXO version 5.15.1, allows
attackers to ...)
+ TODO: check
+CVE-2024-25297 (Cross Site Scripting (XSS) vulnerability in Bludit CMS version
3.15, a ...)
+ TODO: check
+CVE-2024-25113
+ REJECTED
+CVE-2024-25083 (An issue was discovered in BeyondTrust Privilege Management
for Window ...)
+ TODO: check
+CVE-2024-24758 (Undici is an HTTP/1.1 client, written from scratch for
Node.js. Undici ...)
+ TODO: check
+CVE-2024-24750 (Undici is an HTTP/1.1 client, written from scratch for
Node.js. In aff ...)
+ TODO: check
+CVE-2024-22727 (Teltonika TRB1-series devices with firmware before
TRB1_R_00.07.05.2 a ...)
+ TODO: check
+CVE-2024-22337 (IBM QRadar Suite 1.10.12.0 through 1.10.17.0 and IBM Cloud Pak
for Sec ...)
+ TODO: check
+CVE-2024-22336 (IBM QRadar Suite 1.10.12.0 through 1.10.17.0 and IBM Cloud Pak
for Sec ...)
+ TODO: check
+CVE-2024-22335 (IBM QRadar Suite 1.10.12.0 through 1.10.17.0 and IBM Cloud Pak
for Sec ...)
+ TODO: check
+CVE-2024-21987 (SnapCenter versions 4.8 prior to 5.0 are susceptible to a
vulnerabili ...)
+ TODO: check
+CVE-2024-21984 (StorageGRID (formerly StorageGRID Webscale) versions prior to
11.8 ar ...)
+ TODO: check
+CVE-2024-21983 (StorageGRID (formerly StorageGRID Webscale) versions prior to
11.8 ar ...)
+ TODO: check
+CVE-2024-21500 (All versions of the package github.com/greenpau/caddy-security
are vul ...)
+ TODO: check
+CVE-2024-21499 (All versions of the package github.com/greenpau/caddy-security
are vul ...)
+ TODO: check
+CVE-2024-21498 (All versions of the package github.com/greenpau/caddy-security
are vul ...)
+ TODO: check
+CVE-2024-21497 (All versions of the package github.com/greenpau/caddy-security
are vul ...)
+ TODO: check
+CVE-2024-21496 (All versions of the package github.com/greenpau/caddy-security
are vul ...)
+ TODO: check
+CVE-2024-21495 (Versions of the package github.com/greenpau/caddy-security
before 1.0. ...)
+ TODO: check
+CVE-2024-21494 (All versions of the package github.com/greenpau/caddy-security
are vul ...)
+ TODO: check
+CVE-2024-21493 (All versions of the package github.com/greenpau/caddy-security
are vul ...)
+ TODO: check
+CVE-2024-21492 (All versions of the package github.com/greenpau/caddy-security
are vul ...)
+ TODO: check
+CVE-2024-20986 (Vulnerability in the Oracle WebLogic Server product of Oracle
Fusion M ...)
+ TODO: check
+CVE-2024-20980 (Vulnerability in the Oracle BI Publisher product of Oracle
Analytics ( ...)
+ TODO: check
+CVE-2024-20958 (Vulnerability in the Oracle Installed Base product of Oracle
E-Busines ...)
+ TODO: check
+CVE-2024-20956 (Vulnerability in the Oracle Agile Product Lifecycle Management
for Pro ...)
+ TODO: check
+CVE-2024-20953 (Vulnerability in the Oracle Agile PLM product of Oracle Supply
Chain ( ...)
+ TODO: check
+CVE-2024-20951 (Vulnerability in the Oracle Customer Interaction History
product of Or ...)
+ TODO: check
+CVE-2024-20949 (Vulnerability in the Oracle Customer Interaction History
product of Or ...)
+ TODO: check
+CVE-2024-20947 (Vulnerability in the Oracle Common Applications product of
Oracle E-Bu ...)
+ TODO: check
+CVE-2024-20943 (Vulnerability in the Oracle Knowledge Management product of
Oracle E-B ...)
+ TODO: check
+CVE-2024-20941 (Vulnerability in the Oracle Installed Base product of Oracle
E-Busines ...)
+ TODO: check
+CVE-2024-20939 (Vulnerability in the Oracle CRM Technical Foundation product
of Oracle ...)
+ TODO: check
+CVE-2024-20937 (Vulnerability in the JD Edwards EnterpriseOne Tools product of
Oracle ...)
+ TODO: check
+CVE-2024-20935 (Vulnerability in the Oracle Installed Base product of Oracle
E-Busines ...)
+ TODO: check
+CVE-2024-20933 (Vulnerability in the Oracle Installed Base product of Oracle
E-Busines ...)
+ TODO: check
+CVE-2024-20931 (Vulnerability in the Oracle WebLogic Server product of Oracle
Fusion M ...)
+ TODO: check
+CVE-2024-20929 (Vulnerability in the Oracle Application Object Library product
of Orac ...)
+ TODO: check
+CVE-2024-20927 (Vulnerability in the Oracle WebLogic Server product of Oracle
Fusion M ...)
+ TODO: check
+CVE-2024-20917 (Vulnerability in the Oracle Enterprise Manager Base Platform
product o ...)
+ TODO: check
+CVE-2024-20915 (Vulnerability in the Oracle Application Object Library product
of Orac ...)
+ TODO: check
+CVE-2024-20913 (Vulnerability in the Oracle Business Intelligence Enterprise
Edition p ...)
+ TODO: check
+CVE-2024-20911 (Vulnerability in Oracle Audit Vault and Database Firewall
(component: ...)
+ TODO: check
+CVE-2024-20909 (Vulnerability in Oracle Audit Vault and Database Firewall
(component: ...)
+ TODO: check
+CVE-2024-20907 (Vulnerability in the Oracle Web Applications Desktop
Integrator produc ...)
+ TODO: check
+CVE-2024-20905 (Vulnerability in the JD Edwards EnterpriseOne Tools product of
Oracle ...)
+ TODO: check
+CVE-2024-20903 (Vulnerability in the Java VM component of Oracle Database
Server. Sup ...)
+ TODO: check
+CVE-2024-1512 (The MasterStudy LMS WordPress Plugin \u2013 for Online Courses
and Edu ...)
+ TODO: check
+CVE-2024-0610 (The Piraeus Bank WooCommerce Payment Gateway plugin for
WordPress is v ...)
+ TODO: check
+CVE-2023-6749 (Unchecked length coming from user input in settings shell)
+ TODO: check
+CVE-2023-6249 (Signed to unsigned conversion esp32_ipm_send)
+ TODO: check
+CVE-2023-5779 (can: out of bounds in remove_rx_filter function)
+ TODO: check
+CVE-2023-52387 (Resource reuse vulnerability in the GPU module. Successful
exploitatio ...)
+ TODO: check
+CVE-2023-52381 (Script injection vulnerability in the email module.Successful
exploita ...)
+ TODO: check
+CVE-2023-52380 (Vulnerability of improper access control in the email
module.Successfu ...)
+ TODO: check
+CVE-2023-52379 (Permission control vulnerability in the calendarProvider
module.Succes ...)
+ TODO: check
+CVE-2023-52378 (Vulnerability of incorrect service logic in the
WindowManagerServices ...)
+ TODO: check
+CVE-2023-52377 (Vulnerability of input data not being verified in the cellular
data mo ...)
+ TODO: check
+CVE-2023-52376 (Information management vulnerability in the Gallery
module.Successful ...)
+ TODO: check
+CVE-2023-52375 (Permission control vulnerability in the WindowManagerServices
module.S ...)
+ TODO: check
+CVE-2023-52374 (Permission control vulnerability in the package management
module.Succ ...)
+ TODO: check
+CVE-2023-52373 (Vulnerability of permission verification in the content
sharing pop-up ...)
+ TODO: check
+CVE-2023-52372 (Vulnerability of input parameter verification in the motor
module.Succ ...)
+ TODO: check
+CVE-2023-52371 (Vulnerability of null references in the motor
module.Successful exploi ...)
+ TODO: check
+CVE-2023-52370 (Stack overflow vulnerability in the network acceleration
module.Succes ...)
+ TODO: check
+CVE-2023-52369 (Stack overflow vulnerability in the NFC module.Successful
exploitation ...)
+ TODO: check
+CVE-2023-52368 (Input verification vulnerability in the account
module.Successful expl ...)
+ TODO: check
+CVE-2023-52367 (Vulnerability of improper access control in the media library
module.S ...)
+ TODO: check
+CVE-2023-52366 (Out-of-bounds read vulnerability in the smart activity
recognition mod ...)
+ TODO: check
+CVE-2023-52365 (Out-of-bounds read vulnerability in the smart activity
recognition mod ...)
+ TODO: check
+CVE-2023-52363 (Vulnerability of defects introduced in the design process in
the Contr ...)
+ TODO: check
+CVE-2023-52362 (Permission management vulnerability in the lock screen
module.Successf ...)
+ TODO: check
+CVE-2023-52361 (The VerifiedBoot module has a vulnerability that may cause
authenticat ...)
+ TODO: check
+CVE-2023-52360 (Logic vulnerabilities in the baseband.Successful exploitation
of this ...)
+ TODO: check
+CVE-2023-52358 (Vulnerability of configuration defects in some APIs of the
audio modul ...)
+ TODO: check
+CVE-2023-52357 (Vulnerability of serialization/deserialization mismatch in the
vibrati ...)
+ TODO: check
+CVE-2023-52097 (Vulnerability of foreground service restrictions being
bypassed in the ...)
+ TODO: check
+CVE-2023-50951 (IBM QRadar Suite 1.10.12.0 through 1.10.17.0 and IBM Cloud Pak
for Sec ...)
+ TODO: check
+CVE-2023-45918 (ncurses 6.4-20230610 has a NULL pointer dereference in tgetstr
in tinf ...)
+ TODO: check
+CVE-2023-31728 (Teltonika RUT240 devices with firmware before 07.04.2, when
bridge mod ...)
+ TODO: check
+CVE-2022-48621 (Vulnerability of missing authentication for critical functions
in the ...)
+ TODO: check
CVE-2024-25466 (Directory Traversal vulnerability in React Native Document
Picker befo ...)
NOT-FOR-US: React Native Document Picker
CVE-2024-25320 (Tongda OA v2017 and up to v11.9 was discovered to contain a
SQL inject ...)
@@ -985,7 +1153,7 @@ CVE-2023-6516 (To keep its cache database efficient,
`named` running as a recurs
NOTE: Issue is specific to 9.16.y. Mark the first version from 9.17.y
series
NOTE: which entered unstable as the fixed version as workaround.
CVE-2023-50387 (Certain DNSSEC aspects of the DNS protocol (in RFC 4033, 4034,
4035, 6 ...)
- {DSA-5621-1 DSA-5620-1}
+ {DSA-5626-1 DSA-5621-1 DSA-5620-1}
- bind9 1:9.19.21-1
- dnsmasq 2.90-1
- knot-resolver 5.7.1-1
@@ -999,7 +1167,7 @@ CVE-2023-50387 (Certain DNSSEC aspects of the DNS protocol
(in RFC 4033, 4034, 4
NOTE:
https://nlnetlabs.nl/downloads/unbound/CVE-2023-50387_CVE-2023-50868.txt
NOTE: Fixed by:
https://github.com/NLnetLabs/unbound/commit/882903f2fa800c4cb6f5e225b728e2887bb7b9ae
(release-1.19.1)
CVE-2023-50868 (The Closest Encloser Proof aspect of the DNS protocol (in RFC
5155 whe ...)
- {DSA-5621-1 DSA-5620-1}
+ {DSA-5626-1 DSA-5621-1 DSA-5620-1}
- bind9 1:9.19.21-1
- dnsmasq 2.90-1
- knot-resolver 5.7.1-1
@@ -2505,7 +2673,7 @@ CVE-2023-32451 (Dell Display Manager application, version
2.1.1.17, contains a v
NOT-FOR-US: Dell
CVE-2024-24768 (1Panel is an open source Linux server operation and
maintenance manage ...)
NOT-FOR-US: 1Panel
-CVE-2024-24762 (FastAPI is a web framework for building APIs with Python 3.8+
based on ...)
+CVE-2024-24762 (`python-multipart` is a streaming multipart parser for Python.
When us ...)
- python-multipart <unfixed> (bug #1063538)
NOTE: Original report at fastapi:
https://github.com/tiangolo/fastapi/security/advisories/GHSA-qf9m-vfgh-m389
NOTE: But the fix is within python-multipart:
@@ -5800,29 +5968,29 @@ CVE-2023-34379 (Missing Authorization vulnerability in
MagneticOne Cart2Cart: Ma
NOT-FOR-US: WordPress plugin
CVE-2021-4434 (The Social Warfare plugin for WordPress is vulnerable to Remote
Code E ...)
NOT-FOR-US: WordPress plugin
-CVE-2024-20968
+CVE-2024-20968 (Vulnerability in the MySQL Server product of Oracle MySQL
(component: ...)
- mysql-8.0 8.0.35-1
-CVE-2024-20984
+CVE-2024-20984 (Vulnerability in the MySQL Server product of Oracle MySQL
(component: ...)
- mysql-8.0 8.0.36-1 (bug #1061126)
-CVE-2024-20982
+CVE-2024-20982 (Vulnerability in the MySQL Server product of Oracle MySQL
(component: ...)
- mysql-8.0 8.0.36-1 (bug #1061126)
-CVE-2024-20978
+CVE-2024-20978 (Vulnerability in the MySQL Server product of Oracle MySQL
(component: ...)
- mysql-8.0 8.0.36-1 (bug #1061126)
-CVE-2024-20976
+CVE-2024-20976 (Vulnerability in the MySQL Server product of Oracle MySQL
(component: ...)
- mysql-8.0 8.0.36-1 (bug #1061126)
-CVE-2024-20974
+CVE-2024-20974 (Vulnerability in the MySQL Server product of Oracle MySQL
(component: ...)
- mysql-8.0 8.0.36-1 (bug #1061126)
-CVE-2024-20972
+CVE-2024-20972 (Vulnerability in the MySQL Server product of Oracle MySQL
(component: ...)
- mysql-8.0 8.0.36-1 (bug #1061126)
-CVE-2024-20970
+CVE-2024-20970 (Vulnerability in the MySQL Server product of Oracle MySQL
(component: ...)
- mysql-8.0 8.0.36-1 (bug #1061126)
-CVE-2024-20966
+CVE-2024-20966 (Vulnerability in the MySQL Server product of Oracle MySQL
(component: ...)
- mysql-8.0 8.0.36-1 (bug #1061126)
-CVE-2024-20964
+CVE-2024-20964 (Vulnerability in the MySQL Server product of Oracle MySQL
(component: ...)
- mysql-8.0 8.0.36-1 (bug #1061126)
-CVE-2024-20960
+CVE-2024-20960 (Vulnerability in the MySQL Server product of Oracle MySQL
(component: ...)
- mysql-8.0 8.0.36-1 (bug #1061126)
-CVE-2024-20962
+CVE-2024-20962 (Vulnerability in the MySQL Server product of Oracle MySQL
(component: ...)
- mysql-8.0 8.0.36-1 (bug #1061126)
CVE-2024-22916 (In D-LINK Go-RT-AC750 v101b03, the sprintf function in the
sub_40E700 ...)
NOT-FOR-US: D-LINK
@@ -6012,11 +6180,11 @@ CVE-2024-0517 (Out of bounds write in V8 in Google
Chrome prior to 120.0.6099.22
[buster] - chromium <end-of-life> (see DSA 5046)
CVE-2024-20922 (Vulnerability in the Oracle Java SE, Oracle GraalVM Enterprise
Edition ...)
- openjfx <not-affected> (Only affects JavaFX 8)
-CVE-2024-20923
+CVE-2024-20923 (Vulnerability in the Oracle Java SE, Oracle GraalVM Enterprise
Edition ...)
- openjfx <not-affected> (Only affects JavaFX 8)
-CVE-2024-20925
+CVE-2024-20925 (Vulnerability in the Oracle Java SE, Oracle GraalVM Enterprise
Edition ...)
- openjfx <not-affected> (Only affects JavaFX 8)
-CVE-2024-20945
+CVE-2024-20945 (Vulnerability in the Oracle Java SE, Oracle GraalVM for JDK,
Oracle Gr ...)
{DSA-5613-1 DSA-5604-1 DLA-3728-1}
- openjdk-8 8u402-ga-1
- openjdk-11 11.0.22+7-1
@@ -6028,13 +6196,13 @@ CVE-2024-20926 (Vulnerability in the Oracle Java SE,
Oracle GraalVM for JDK, Ora
- openjdk-11 11.0.22+7-1
- openjdk-17 17.0.10+7-1
- openjdk-21 21.0.2+13-1
-CVE-2024-20921
+CVE-2024-20921 (Vulnerability in the Oracle Java SE, Oracle GraalVM for JDK,
Oracle Gr ...)
{DSA-5613-1 DSA-5604-1 DLA-3728-1}
- openjdk-8 8u402-ga-1
- openjdk-11 11.0.22+7-1
- openjdk-17 17.0.10+7-1
- openjdk-21 21.0.2+13-1
-CVE-2024-20919
+CVE-2024-20919 (Vulnerability in the Oracle Java SE, Oracle GraalVM for JDK,
Oracle Gr ...)
{DSA-5613-1 DSA-5604-1 DLA-3728-1}
- openjdk-8 8u402-ga-1
- openjdk-11 11.0.22+7-1
@@ -24991,6 +25159,7 @@ CVE-2023-33269 (An issue was discovered in DTS
Monitoring 3.57.0. The parameter
CVE-2023-33268 (An issue was discovered in DTS Monitoring 3.57.0. The
parameter port w ...)
NOT-FOR-US: DTS Monitoring
CVE-2023-5366 (A flaw was found in Open vSwitch that allows ICMPv6 Neighbor
Advertise ...)
+ {DLA-3734-1}
- openvswitch 3.1.2-1
[bookworm] - openvswitch <no-dsa> (Minor issue)
[bullseye] - openvswitch <no-dsa> (Minor issue)
@@ -75587,8 +75756,8 @@ CVE-2023-21835 (Vulnerability in the Oracle Java SE,
Oracle GraalVM Enterprise E
- openjdk-21 21~7ea-1
CVE-2023-21834 (Vulnerability in the Oracle Self-Service Human Resources
product of Or ...)
NOT-FOR-US: Oracle
-CVE-2023-21833
- RESERVED
+CVE-2023-21833 (Vulnerability in the Oracle ZFS Storage Appliance Kit product
of Oracl ...)
+ TODO: check
CVE-2023-21832 (Vulnerability in the Oracle BI Publisher product of Oracle
Fusion Midd ...)
NOT-FOR-US: Oracle
CVE-2023-21831 (Vulnerability in the PeopleSoft Enterprise CS Academic
Advisement prod ...)
@@ -93834,8 +94003,8 @@ CVE-2022-42445 (HCL Launch could allow a user with
administrative privileges, in
NOT-FOR-US: HCL
CVE-2022-42444 (IBM App Connect Enterprise 11.0.0.8 through 11.0.0.19 and
12.0.1.0 thr ...)
NOT-FOR-US: IBM
-CVE-2022-42443
- RESERVED
+CVE-2022-42443 (An undisclosed issue in Trusteer iOS SDK for mobile versions
prior to ...)
+ TODO: check
CVE-2022-42442 (IBM Robotic Process Automation for Cloud Pak 21.0.1, 21.0.2,
21.0.3, 2 ...)
NOT-FOR-US: IBM
CVE-2022-42441
@@ -95803,10 +95972,10 @@ CVE-2022-41740 (IBM Robotic Process Automation 20.12
through 21.0.6 could allow
NOT-FOR-US: IBM
CVE-2022-41739 (IBM Spectrum Scale (IBM Spectrum Scale Container Native
Storage Access ...)
NOT-FOR-US: IBM
-CVE-2022-41738
- RESERVED
-CVE-2022-41737
- RESERVED
+CVE-2022-41738 (IBM Storage Scale Container Native Storage Access 5.1.2.1
-through 5.1 ...)
+ TODO: check
+CVE-2022-41737 (IBM Storage Scale Container Native Storage Access 5.1.2.1
through 5.1. ...)
+ TODO: check
CVE-2022-41736 (IBM Spectrum Scale Container Native Storage Access 5.1.2.1
through 5 ...)
NOT-FOR-US: IBM
CVE-2022-41735 (IBM Business Process Manager 21.0.1 through 21.0.3.1, 20.0.0.1
through ...)
View it on GitLab:
https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/ce1ff5ffa918c061c4d198b2e23f96e57c618b1c
--
View it on GitLab:
https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/ce1ff5ffa918c061c4d198b2e23f96e57c618b1c
You're receiving this email because of your account on salsa.debian.org.
_______________________________________________
debian-security-tracker-commits mailing list
[email protected]
https://alioth-lists.debian.net/cgi-bin/mailman/listinfo/debian-security-tracker-commits
