[Git][security-tracker-team/security-tracker][master] automatic update

Salvatore Bonaccorso (@carnil) Tue, 20 Feb 2024 00:19:09 -0800


Salvatore Bonaccorso pushed to branch master at Debian Security Tracker / 
security-tracker



Commits:
5253d98d by security tracker role at 2024-02-20T08:12:05+00:00
automatic update

- - - - -


1 changed file:

- data/CVE/list


Changes:

=====================================
data/CVE/list
=====================================
@@ -1,4 +1,52 @@
-CVE-2024-1635
+CVE-2024-26134 (cbor2 provides encoding and decoding for the Concise Binary 
Object Rep ...)
+       TODO: check
+CVE-2024-26129 (PrestaShop is an open-source e-commerce platform. Starting in 
version  ...)
+       TODO: check
+CVE-2024-25974 (The Frentix GmbH OpenOlat LMS is affected by stored a 
Cross-Site Scrip ...)
+       TODO: check
+CVE-2024-25973 (The Frentix GmbH OpenOlat LMS is affected by multiple stored 
Cross-Sit ...)
+       TODO: check
+CVE-2024-25149 (Liferay Portal 7.2.0 through 7.4.1, and older unsupported 
versions, an ...)
+       TODO: check
+CVE-2024-22234 (In Spring Security, versions 6.1.x prior to 6.1.7 and versions 
6.2.x p ...)
+       TODO: check
+CVE-2024-1651 (Torrentpier version 2.4.1 allows executing arbitrary commands 
on the s ...)
+       TODO: check
+CVE-2024-1648 (electron-pdf version 20.0.0 allows an external attacker to 
remotely ob ...)
+       TODO: check
+CVE-2024-1647 (Pyhtml2pdf version 0.0.6 allows an external attacker to 
remotely obtai ...)
+       TODO: check
+CVE-2024-1644 (Suite CRM version 7.14.2 allows including local php files. This 
is pos ...)
+       TODO: check
+CVE-2024-1638 (The documentation specifies that the BT_GATT_PERM_READ_LESC and 
BT_GAT ...)
+       TODO: check
+CVE-2024-1559 (The Link Library plugin for WordPress is vulnerable to Stored 
Cross-Si ...)
+       TODO: check
+CVE-2024-1510 (The WP Shortcodes Plugin \u2014 Shortcodes Ultimate plugin for 
WordPre ...)
+       TODO: check
+CVE-2024-1297 (Loomio version 2.22.0 allows executing arbitrary commands on 
the serve ...)
+       TODO: check
+CVE-2024-0715 (Expression Language Injection vulnerability in Hitachi Global 
Link Man ...)
+       TODO: check
+CVE-2023-6764 (A format string vulnerability in a function of the IPSec VPN 
feature i ...)
+       TODO: check
+CVE-2023-6399 (A format string vulnerability in Zyxel ATP series firmware 
versions fr ...)
+       TODO: check
+CVE-2023-6398 (A post-authentication command injection vulnerability in the 
file uplo ...)
+       TODO: check
+CVE-2023-6397 (A null pointer dereference vulnerability in Zyxel ATP series 
firmware  ...)
+       TODO: check
+CVE-2023-6260 (Improper Neutralization of Special Elements used in an OS 
Command ('OS ...)
+       TODO: check
+CVE-2023-6259 (Insufficiently Protected Credentials, : Improper Access Control 
vulner ...)
+       TODO: check
+CVE-2023-5190 (Open redirect vulnerability in the Countries Management\u2019s 
edit re ...)
+       TODO: check
+CVE-2023-44308 (Open redirect vulnerability in adaptive media administration 
page in L ...)
+       TODO: check
+CVE-2022-48625 (Yealink Config Encrypt Tool add RSA before 1.2 has a built-in 
RSA key  ...)
+       TODO: check
+CVE-2024-1635 (A vulnerability was found in Undertow. This vulnerability 
impacts a se ...)
        - undertow <unfixed>
        NOTE: https://bugzilla.redhat.com/show_bug.cgi?id=2264928
 CVE-2024-25983 (Insufficient checks in a web service made it possible to add 
comments  ...)
@@ -385,11 +433,11 @@ CVE-2023-40093 (In multiple files, there is a possible 
way that trimmed content
        NOT-FOR-US: Android
 CVE-2023-40057 (The SolarWinds Access Rights Manager was found to be 
susceptible to a  ...)
        NOT-FOR-US: SolarWinds
-CVE-2024-21890
+CVE-2024-21890 (The Node.js Permission Model does not clarify in the 
documentation tha ...)
        [experimental] - nodejs <unfixed>
        - nodejs <not-affected> (Only affects 20.x and later)
        NOTE: 
https://nodejs.org/en/blog/vulnerability/february-2024-security-releases/#improper-handling-of-wildcards-in---allow-fs-read-and---allow-fs-write-cve-2024-21890---medium
-CVE-2024-21891
+CVE-2024-21891 (Node.js depends on multiple built-in utility functions to 
normalize pa ...)
        [experimental] - nodejs <unfixed>
        - nodejs <not-affected> (Only affects 20.x and later)
        NOTE: 
https://nodejs.org/en/blog/vulnerability/february-2024-security-releases/#multiple-permission-model-bypasses-due-to-improper-path-traversal-sequence-sanitization-cve-2024-21891---medium
@@ -400,14 +448,14 @@ CVE-2024-22017
        [experimental] - nodejs <unfixed>
        - nodejs <not-affected> (Only affects 20.x and later)
        NOTE: 
https://nodejs.org/en/blog/vulnerability/february-2024-security-releases/#setuid-does-not-drop-all-privileges-due-to-io_uring-cve-2024-22017---high
-CVE-2024-21896
+CVE-2024-21896 (The permission model protects itself against path traversal 
attacks by ...)
        [experimental] - nodejs <unfixed>
        - nodejs <not-affected> (Only affects 20.x and later)
        NOTE: 
https://nodejs.org/en/blog/vulnerability/february-2024-security-releases/#path-traversal-by-monkey-patching-buffer-internals-cve-2024-21896---high
-CVE-2024-22019
+CVE-2024-22019 (A vulnerability in Node.js HTTP servers allows an attacker to 
send a s ...)
        - nodejs 18.19.1+dfsg-1 (bug #1064055)
        NOTE: 
https://nodejs.org/en/blog/vulnerability/february-2024-security-releases/#reading-unprocessed-http-request-with-unbounded-chunk-extension-allows-dos-attacks-cve-2024-22019---high
-CVE-2024-21892
+CVE-2024-21892 (On Linux, Node.js ignores certain environment variables if 
those may h ...)
        - nodejs 18.19.1+dfsg-1 (bug #1064055)
        NOTE: 
https://nodejs.org/en/blog/vulnerability/february-2024-security-releases/#code-injection-and-privilege-escalation-through-linux-capabilities-cve-2024-21892---high
 CVE-2024-25502 (Directory Traversal vulnerability in flusity CMS v.2.4 allows 
a remote ...)
@@ -28251,7 +28299,7 @@ CVE-2023-36551 (A exposure of sensitive information to 
an unauthorized actor in
        NOT-FOR-US: FortiGuard
 CVE-2023-34984 (A protection mechanism failure in Fortinet FortiWeb 7.2.0 
through 7.2. ...)
        NOT-FOR-US: FortiGuard
-CVE-2023-4039 (A failure in the -fstack-protector feature in GCC-based 
toolchains  th ...)
+CVE-2023-4039 (**DISPUTED**A failure in the -fstack-protector feature in 
GCC-based to ...)
        - gcc-13 13.2.0-4
        - gcc-12 12.3.0-9
        [bookworm] - gcc-12 <no-dsa> (Minor issue)
@@ -83188,8 +83236,8 @@ CVE-2022-45322
        RESERVED
 CVE-2022-45321
        RESERVED
-CVE-2022-45320
-       RESERVED
+CVE-2022-45320 (Liferay Portal before 7.4.3.16 and Liferay DXP before 7.2 fix 
pack 19, ...)
+       TODO: check
 CVE-2022-45319
        RESERVED
 CVE-2022-45318



View it on GitLab: 
https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/5253d98da32fa7212aed52acded92fbe2aafe280

-- 
View it on GitLab: 
https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/5253d98da32fa7212aed52acded92fbe2aafe280
You're receiving this email because of your account on salsa.debian.org.

_______________________________________________
debian-security-tracker-commits mailing list
[email protected]
https://alioth-lists.debian.net/cgi-bin/mailman/listinfo/debian-security-tracker-commits

[Git][security-tracker-team/security-tracker][master] automatic update

Reply via email to