Salvatore Bonaccorso pushed to branch master at Debian Security Tracker /
security-tracker
Commits:
17cd7980 by security tracker role at 2024-02-20T20:12:29+00:00
automatic update
- - - - -
1 changed file:
- data/CVE/list
Changes:
=====================================
data/CVE/list
=====================================
@@ -1,11 +1,345 @@
-CVE-2023-52434 [smb: client: fix potential OOBs in smb2_parse_contexts()]
+CVE-2024-26270 (The Account Settings page in Liferay Portal 7.4.3.76 through
7.4.3.99, ...)
+ TODO: check
+CVE-2024-26268 (User enumeration vulnerability in Liferay Portal 7.2.0 through
7.4.3.2 ...)
+ TODO: check
+CVE-2024-26267 (In Liferay Portal 7.2.0 through 7.4.3.25, and older
unsupported versio ...)
+ TODO: check
+CVE-2024-26265 (The Image Uploader module in Liferay Portal 7.2.0 through
7.4.3.15, an ...)
+ TODO: check
+CVE-2024-26135 (MeshCentral is a full computer management web site. Versions
prior to ...)
+ TODO: check
+CVE-2024-26132 (Element Android is an Android Matrix Client. A third-party
malicious a ...)
+ TODO: check
+CVE-2024-26131 (Element Android is an Android Matrix Client. Element Android
version 1 ...)
+ TODO: check
+CVE-2024-25631 (Cilium is a networking, observability, and security solution
with an e ...)
+ TODO: check
+CVE-2024-25630 (Cilium is a networking, observability, and security solution
with an e ...)
+ TODO: check
+CVE-2024-25610 (In Liferay Portal 7.2.0 through 7.4.3.12, and older
unsupported versio ...)
+ TODO: check
+CVE-2024-25609 (HtmlUtil.escapeRedirect in Liferay Portal 7.2.0 through
7.4.3.12, and ...)
+ TODO: check
+CVE-2024-25608 (HtmlUtil.escapeRedirect in Liferay Portal 7.2.0 through
7.4.3.18, and ...)
+ TODO: check
+CVE-2024-25607 (The default password hashing algorithm (PBKDF2-HMAC-SHA1) in
Liferay P ...)
+ TODO: check
+CVE-2024-25606 (XXE vulnerability in Liferay Portal 7.2.0 through 7.4.3.7, and
older u ...)
+ TODO: check
+CVE-2024-25605 (The Journal module in Liferay Portal 7.2.0 through 7.4.3.4,
and older ...)
+ TODO: check
+CVE-2024-25604 (Liferay Portal 7.2.0 through 7.4.3.4, and older unsupported
versions, ...)
+ TODO: check
+CVE-2024-25366 (Buffer Overflow vulnerability in mz-automation.de libiec61859
v.1.4.0 ...)
+ TODO: check
+CVE-2024-25274 (An arbitrary file upload vulnerability in the component
/sysFile/uploa ...)
+ TODO: check
+CVE-2024-25262 (texlive-bin commit c515e was discovered to contain heap buffer
overflo ...)
+ TODO: check
+CVE-2024-25260 (elfutils v0.189 was discovered to contain a NULL pointer
dereference v ...)
+ TODO: check
+CVE-2024-25199 (Inappropriate pointer order of map_sub_ and map_free(map_)
(amcl_node. ...)
+ TODO: check
+CVE-2024-25198 (Inappropriate pointer order of laser_scan_filter_.reset() and
tf_liste ...)
+ TODO: check
+CVE-2024-25197 (Open Robotics Robotic Operating Sytstem 2 (ROS2) and Nav2
humble versi ...)
+ TODO: check
+CVE-2024-25196 (Open Robotics Robotic Operating Sytstem 2 (ROS2) and Nav2
humble versi ...)
+ TODO: check
+CVE-2024-25150 (Information disclosure vulnerability in the Control Panel in
Liferay P ...)
+ TODO: check
+CVE-2024-24794 (A use-after-free vulnerability exists in the DICOM Element
Parsing as ...)
+ TODO: check
+CVE-2024-24793 (A use-after-free vulnerability exists in the DICOM Element
Parsing as ...)
+ TODO: check
+CVE-2024-24763 (JumpServer is an open source bastion host and an operation and
mainten ...)
+ TODO: check
+CVE-2024-24475 (An issue in Qemu before v.8.2.0 allows a remote attacker to
execute ar ...)
+ TODO: check
+CVE-2024-24474 (Buffer Overflow vulnerability in Qemu before v.8.2.0 allows a
remote a ...)
+ TODO: check
+CVE-2024-23809 (A double-free vulnerability exists in the BrainVision ASCII
Header Par ...)
+ TODO: check
+CVE-2024-23606 (An out-of-bounds write vulnerability exists in the
sopen_FAMOS_read fu ...)
+ TODO: check
+CVE-2024-23313 (An integer underflow vulnerability exists in the
sopen_FAMOS_read func ...)
+ TODO: check
+CVE-2024-23310 (A use-after-free vulnerability exists in the sopen_FAMOS_read
function ...)
+ TODO: check
+CVE-2024-23305 (An out-of-bounds write vulnerability exists in the
BrainVisionMarker P ...)
+ TODO: check
+CVE-2024-22824 (An issue in Timo v.2.0.3 allows a remote attacker to execute
arbitrary ...)
+ TODO: check
+CVE-2024-22250 (Session Hijack vulnerability in Deprecated VMware Enhanced
Authenticat ...)
+ TODO: check
+CVE-2024-22245 (Arbitrary Authentication Relay and Session Hijack
vulnerabilities in t ...)
+ TODO: check
+CVE-2024-22097 (A double-free vulnerability exists in the BrainVision Header
Parsing f ...)
+ TODO: check
+CVE-2024-22054 (A malformed discovery packet sent by a malicious actor with
preexistin ...)
+ TODO: check
+CVE-2024-21812 (An integer overflow vulnerability exists in the
sopen_FAMOS_read funct ...)
+ TODO: check
+CVE-2024-21795 (A heap-based buffer overflow vulnerability exists in the .egi
parsing ...)
+ TODO: check
+CVE-2024-21726 (Inadequate content filtering leads to XSS vulnerabilities in
various c ...)
+ TODO: check
+CVE-2024-21725 (Inadequate escaping of mail addresses lead to XSS
vulnerabilities in v ...)
+ TODO: check
+CVE-2024-21724 (Inadequate input validation for media selection fields lead to
XSS vul ...)
+ TODO: check
+CVE-2024-21723 (Inadequate parsing of URLs could result into an open redirect.)
+ TODO: check
+CVE-2024-21722 (The MFA management features did not properly terminate
existing user s ...)
+ TODO: check
+CVE-2024-21682 (This High severity Injection vulnerability was introduced in
Assets Di ...)
+ TODO: check
+CVE-2024-21678 (This High severity Stored XSS vulnerability was introduced in
version ...)
+ TODO: check
+CVE-2024-1661 (A vulnerability classified as problematic was found in Totolink
X6000R ...)
+ TODO: check
+CVE-2024-1608 (In OPPO Usercenter Credit SDK, there's a possible escalation of
privil ...)
+ TODO: check
+CVE-2024-1586 (The Schema & Structured Data for WP & AMP plugin for WordPress
is vuln ...)
+ TODO: check
+CVE-2024-1570 (The Paid Membership Plugin, Ecommerce, User Registration Form,
Login F ...)
+ TODO: check
+CVE-2024-1557 (Memory safety bugs present in Firefox 122. Some of these bugs
showed e ...)
+ TODO: check
+CVE-2024-1556 (The incorrect object was checked for NULL in the built-in
profiler, po ...)
+ TODO: check
+CVE-2024-1555 (When opening a website using the `firefox://` protocol handler,
SameSi ...)
+ TODO: check
+CVE-2024-1554 (The `fetch()` API and navigation incorrectly shared the same
cache, as ...)
+ TODO: check
+CVE-2024-1553 (Memory safety bugs present in Firefox 122, Firefox ESR 115.7,
and Thun ...)
+ TODO: check
+CVE-2024-1552 (Incorrect code generation could have led to unexpected numeric
convers ...)
+ TODO: check
+CVE-2024-1551 (Set-Cookie response headers were being incorrectly honored in
multipar ...)
+ TODO: check
+CVE-2024-1550 (A malicious website could have used a combination of exiting
fullscree ...)
+ TODO: check
+CVE-2024-1549 (If a website set a large custom cursor, portions of the cursor
could h ...)
+ TODO: check
+CVE-2024-1548 (A website could have obscured the fullscreen notification by
using a d ...)
+ TODO: check
+CVE-2024-1547 (Through a series of API calls and redirects, an
attacker-controlled al ...)
+ TODO: check
+CVE-2024-1546 (When storing and re-accessing data on a networking channel, the
length ...)
+ TODO: check
+CVE-2024-1519 (The Paid Membership Plugin, Ecommerce, User Registration Form,
Login F ...)
+ TODO: check
+CVE-2024-1496 (The Featured Image from URL (FIFU) plugin for WordPress is
vulnerable ...)
+ TODO: check
+CVE-2024-1492 (The WPify Woo Czech plugin for WordPress is vulnerable to
unauthorized ...)
+ TODO: check
+CVE-2024-1475 (The Coming Soon Maintenance Mode plugin for WordPress is
vulnerable to ...)
+ TODO: check
+CVE-2024-1472 (The WP Maintenance plugin for WordPress is vulnerable to
Information E ...)
+ TODO: check
+CVE-2024-1470 (Authorization Bypass Through User-Controlled Key vulnerability
in NetI ...)
+ TODO: check
+CVE-2024-1448 (The Social Sharing Plugin \u2013 Sassy Social Share plugin for
WordPre ...)
+ TODO: check
+CVE-2024-1447 (The Sydney Toolbox plugin for WordPress is vulnerable to Stored
Cross- ...)
+ TODO: check
+CVE-2024-1445 (The Page scroll to id plugin for WordPress is vulnerable to
Stored Cro ...)
+ TODO: check
+CVE-2024-1425 (The EmbedPress \u2013 Embed PDF, YouTube, Google Docs, Vimeo,
Wistia V ...)
+ TODO: check
+CVE-2024-1411 (The PowerPack Addons for Elementor plugin for WordPress is
vulnerable ...)
+ TODO: check
+CVE-2024-1408 (The Paid Membership Plugin, Ecommerce, User Registration Form,
Login F ...)
+ TODO: check
+CVE-2024-1390 (The Paid Membership Subscriptions \u2013 Effortless
Memberships, Recur ...)
+ TODO: check
+CVE-2024-1389 (The Paid Membership Subscriptions \u2013 Effortless
Memberships, Recur ...)
+ TODO: check
+CVE-2024-1349 (The EmbedPress \u2013 Embed PDF, YouTube, Google Docs, Vimeo,
Wistia V ...)
+ TODO: check
+CVE-2024-1340 (The Login Lockdown \u2013 Protect Login Form plugin for
WordPress is v ...)
+ TODO: check
+CVE-2024-1339 (The ImageRecycle pdf & image compression plugin for WordPress
is vulne ...)
+ TODO: check
+CVE-2024-1338 (The ImageRecycle pdf & image compression plugin for WordPress
is vulne ...)
+ TODO: check
+CVE-2024-1337 (The SKT Page Builder plugin for WordPress is vulnerable to
unauthorize ...)
+ TODO: check
+CVE-2024-1336 (The ImageRecycle pdf & image compression plugin for WordPress
is vulne ...)
+ TODO: check
+CVE-2024-1335 (The ImageRecycle pdf & image compression plugin for WordPress
is vulne ...)
+ TODO: check
+CVE-2024-1334 (The ImageRecycle pdf & image compression plugin for WordPress
is vulne ...)
+ TODO: check
+CVE-2024-1322 (The Directorist \u2013 WordPress Business Directory Plugin with
Classi ...)
+ TODO: check
+CVE-2024-1318 (The RSS Aggregator by Feedzy \u2013 Feed to Post, Autoblogging,
News & ...)
+ TODO: check
+CVE-2024-1317 (The RSS Aggregator by Feedzy \u2013 Feed to Post, Autoblogging,
News & ...)
+ TODO: check
+CVE-2024-1294 (The Sunshine Photo Cart: Free Client Galleries for
Photographers plugi ...)
+ TODO: check
+CVE-2024-1288 (The Schema & Structured Data for WP & AMP plugin for WordPress
is vuln ...)
+ TODO: check
+CVE-2024-1282 (The Email Encoder \u2013 Protect Email Addresses and Phone
Numbers plu ...)
+ TODO: check
+CVE-2024-1277 (The Ocean Extra plugin for WordPress is vulnerable to Stored
Cross-Sit ...)
+ TODO: check
+CVE-2024-1276 (The Essential Addons for Elementor \u2013 Best Elementor
Templates, Wi ...)
+ TODO: check
+CVE-2024-1242 (The Premium Addons for Elementor plugin for WordPress is
vulnerable to ...)
+ TODO: check
+CVE-2024-1236 (The Essential Addons for Elementor \u2013 Best Elementor
Templates, Wi ...)
+ TODO: check
+CVE-2024-1235 (The Elementor Addons by Livemesh plugin for WordPress is
vulnerable to ...)
+ TODO: check
+CVE-2024-1218 (The Contact Form builder with drag & drop for WordPress \u2013
Kali Fo ...)
+ TODO: check
+CVE-2024-1217 (The Contact Form builder with drag & drop for WordPress \u2013
Kali Fo ...)
+ TODO: check
+CVE-2024-1206 (The WP Recipe Maker plugin for WordPress is vulnerable to SQL
Injectio ...)
+ TODO: check
+CVE-2024-1172 (The Essential Addons for Elementor \u2013 Best Elementor
Templates, Wi ...)
+ TODO: check
+CVE-2024-1171 (The Essential Addons for Elementor \u2013 Best Elementor
Templates, Wi ...)
+ TODO: check
+CVE-2024-1156 (Incorrect directory permissions for the shared NI RabbitMQ
service may ...)
+ TODO: check
+CVE-2024-1155 (Incorrect permissions in the installation directories for
shared Syste ...)
+ TODO: check
+CVE-2024-1133 (The Tutor LMS \u2013 eLearning and online course solution
plugin for W ...)
+ TODO: check
+CVE-2024-1128 (The Tutor LMS \u2013 eLearning and online course solution
plugin for W ...)
+ TODO: check
+CVE-2024-1091 (The ImageRecycle pdf & image compression plugin for WordPress
is vulne ...)
+ TODO: check
+CVE-2024-1090 (The ImageRecycle pdf & image compression plugin for WordPress
is vulne ...)
+ TODO: check
+CVE-2024-1089 (The ImageRecycle pdf & image compression plugin for WordPress
is vulne ...)
+ TODO: check
+CVE-2024-1070 (The SiteOrigin Widgets Bundle plugin for WordPress is
vulnerable to St ...)
+ TODO: check
+CVE-2024-1058 (The SiteOrigin Widgets Bundle plugin for WordPress is
vulnerable to St ...)
+ TODO: check
+CVE-2024-1054 (The Booster for WooCommerce plugin for WordPress is vulnerable
to Stor ...)
+ TODO: check
+CVE-2024-1044 (The Customer Reviews for WooCommerce plugin for WordPress is
vulnerabl ...)
+ TODO: check
+CVE-2024-1043 (The AMP for WP \u2013 Accelerated Mobile Pages plugin for
WordPress is ...)
+ TODO: check
+CVE-2024-0984 (The ImageRecycle pdf & image compression plugin for WordPress
is vulne ...)
+ TODO: check
+CVE-2024-0983 (The ImageRecycle pdf & image compression plugin for WordPress
is vulne ...)
+ TODO: check
+CVE-2024-0978 (The My Private Site plugin for WordPress is vulnerable to
Sensitive In ...)
+ TODO: check
+CVE-2024-0838 (The Happy Addons for Elementor plugin for WordPress is
vulnerable to S ...)
+ TODO: check
+CVE-2024-0821 (The Cost of Goods Sold (COGS): Cost & Profit Calculator for
WooCommerc ...)
+ TODO: check
+CVE-2024-0794 (Certain HP LaserJet Pro, HP Enterprise LaserJet, and HP
LaserJet Manag ...)
+ TODO: check
+CVE-2024-0792 (The WP Shortcodes Plugin \u2014 Shortcodes Ultimate plugin for
WordPre ...)
+ TODO: check
+CVE-2024-0702 (The Oliver POS \u2013 A WooCommerce Point of Sale (POS) plugin
for Wor ...)
+ TODO: check
+CVE-2024-0658 (The Insert PHP Code Snippet plugin for WordPress is vulnerable
to Stor ...)
+ TODO: check
+CVE-2024-0656 (The Password Protected \u2013 Ultimate Plugin to Password
Protect Your ...)
+ TODO: check
+CVE-2024-0621 (The Simple Share Buttons Adder plugin for WordPress is
vulnerable to S ...)
+ TODO: check
+CVE-2024-0620 (The PPWP \u2013 Password Protect Pages plugin for WordPress is
vulnera ...)
+ TODO: check
+CVE-2024-0616 (The Passster \u2013 Password Protect Pages and Content plugin
for Word ...)
+ TODO: check
+CVE-2024-0604 (The Best WordPress Gallery Plugin \u2013 FooGallery plugin for
WordPre ...)
+ TODO: check
+CVE-2024-0602 (The YARPP \u2013 Yet Another Related Posts Plugin plugin for
WordPress ...)
+ TODO: check
+CVE-2024-0590 (The Microsoft Clarity plugin for WordPress is vulnerable to
Cross-Site ...)
+ TODO: check
+CVE-2024-0516 (The Royal Elementor Addons and Templates plugin for WordPress
is vulne ...)
+ TODO: check
+CVE-2024-0515 (The Royal Elementor Addons and Templates plugin for WordPress
is vulne ...)
+ TODO: check
+CVE-2024-0514 (The Royal Elementor Addons and Templates plugin for WordPress
is vulne ...)
+ TODO: check
+CVE-2024-0513 (The Royal Elementor Addons and Templates plugin for WordPress
is vulne ...)
+ TODO: check
+CVE-2024-0512 (The Royal Elementor Addons and Templates plugin for WordPress
is vulne ...)
+ TODO: check
+CVE-2024-0506 (The Elementor Website Builder \u2013 More than Just a Page
Builder plu ...)
+ TODO: check
+CVE-2024-0442 (The Royal Elementor Addons and Templates plugin for WordPress
is vulne ...)
+ TODO: check
+CVE-2024-0438 (The Happy Addons for Elementor plugin for WordPress is
vulnerable to S ...)
+ TODO: check
+CVE-2024-0407 (Certain HP Enterprise LaserJet, and HP LaserJet Managed
Printers are p ...)
+ TODO: check
+CVE-2024-0379 (The Custom Twitter Feeds \u2013 A Tweets Widget or X Feed
Widget plugi ...)
+ TODO: check
+CVE-2023-7245 (The nodejs framework in OpenVPN Connect 3.0 through 3.4.3
(Windows)/3. ...)
+ TODO: check
+CVE-2023-6923 (The Matomo Analytics \u2013 Ethical Stats. Powerful Insights.
plugin f ...)
+ TODO: check
+CVE-2023-6881 (Possible buffer overflow in is_mount_point)
+ TODO: check
+CVE-2023-6806 (The Starbox plugin for WordPress is vulnerable to Stored
Cross-Site Sc ...)
+ TODO: check
+CVE-2023-6565 (The InfiniteWP Client plugin for WordPress is vulnerable to
Sensitive ...)
+ TODO: check
+CVE-2023-6247 (The PKCS#7 parser in OpenVPN 3 Core Library versions through
3.8.3 did ...)
+ TODO: check
+CVE-2023-52439 (In the Linux kernel, the following vulnerability has been
resolved: u ...)
+ TODO: check
+CVE-2023-52438 (In the Linux kernel, the following vulnerability has been
resolved: b ...)
+ TODO: check
+CVE-2023-52437 (In the Linux kernel, the following vulnerability has been
resolved: R ...)
+ TODO: check
+CVE-2023-52436 (In the Linux kernel, the following vulnerability has been
resolved: f ...)
+ TODO: check
+CVE-2023-52435 (In the Linux kernel, the following vulnerability has been
resolved: n ...)
+ TODO: check
+CVE-2023-51770 (Arbitrary File Read Vulnerability in Apache Dolphinscheduler.
This is ...)
+ TODO: check
+CVE-2023-51447 (Decidim is a participatory democracy framework. Starting in
version 0. ...)
+ TODO: check
+CVE-2023-50306 (IBM Common Licensing 9.0 could allow a local user to enumerate
usernam ...)
+ TODO: check
+CVE-2023-50270 (Session Fixation Apache DolphinScheduler before version 3.2.0,
which s ...)
+ TODO: check
+CVE-2023-49250 (Because the HttpUtils class did not verify certificates, an
attacker t ...)
+ TODO: check
+CVE-2023-49109 (Exposure of Remote Code Execution in Apache Dolphinscheduler.
This is ...)
+ TODO: check
+CVE-2023-48220 (Decidim is a participatory democracy framework. Starting in
version 0. ...)
+ TODO: check
+CVE-2023-47635 (Decidim is a participatory democracy framework. Starting in
version 0. ...)
+ TODO: check
+CVE-2023-47634 (Decidim is a participatory democracy framework. Starting in
version 0. ...)
+ TODO: check
+CVE-2023-45318 (A heap-based buffer overflow vulnerability exists in the HTTP
Server f ...)
+ TODO: check
+CVE-2023-42791 (A relative path traversal in Fortinet FortiManager version
7.4.0 and 7 ...)
+ TODO: check
+CVE-2023-39541 (A denial of service vulnerability exists in the ICMP and
ICMPv6 parsin ...)
+ TODO: check
+CVE-2023-39540 (A denial of service vulnerability exists in the ICMP and
ICMPv6 parsin ...)
+ TODO: check
+CVE-2023-38562 (A double-free vulnerability exists in the IP header loopback
parsing f ...)
+ TODO: check
+CVE-2023-37495 (Internet passwords stored in Person documents in the
Domino\xae Direct ...)
+ TODO: check
+CVE-2023-52434 (In the Linux kernel, the following vulnerability has been
resolved: s ...)
- linux 6.6.8-1
NOTE:
https://git.kernel.org/linus/af1689a9b7701d9907dfc84d2a4b57c4bc907144 (6.7-rc6)
-CVE-2024-26581 [netfilter: nft_set_rbtree: skip end interval element from gc]
+CVE-2024-26581 (In the Linux kernel, the following vulnerability has been
resolved: n ...)
- linux <unfixed>
[buster] - linux <not-affected> (Vulnerable code not present)
NOTE:
https://git.kernel.org/linus/60c0c230c6f046da536d3df8b39a20b9a9fd6af0 (6.8-rc4)
-CVE-2023-52433 [netfilter: nft_set_rbtree: skip sync GC for new elements in
this transaction]
+CVE-2023-52433 (In the Linux kernel, the following vulnerability has been
resolved: n ...)
- linux 6.5.6-1
[bookworm] - linux <not-affected> (Vulnerable code not present)
[bullseye] - linux <not-affected> (Vulnerable code not present)
@@ -116,9 +450,9 @@ CVE-2024-25710 (Loop with Unreachable Exit Condition
('Infinite Loop') vulnerabi
[bookworm] - libcommons-compress-java <no-dsa> (Minor issue)
[bullseye] - libcommons-compress-java <no-dsa> (Minor issue)
NOTE: https://www.openwall.com/lists/oss-security/2024/02/19/1
-CVE-2024-23114
+CVE-2024-23114 (Deserialization of Untrusted Data vulnerability in Apache
Camel Cassan ...)
NOT-FOR-US: Apache Camel
-CVE-2024-22369
+CVE-2024-22369 (Deserialization of Untrusted Data vulnerability in Apache
Camel SQL Co ...)
NOT-FOR-US: Apache Camel
CVE-2024-26328 (An issue was discovered in QEMU 7.1.0 through 8.2.1.
register_vfs in h ...)
- qemu <unfixed>
View it on GitLab:
https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/17cd7980c751281bfdd784a4f53973d382ee3f4a
--
View it on GitLab:
https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/17cd7980c751281bfdd784a4f53973d382ee3f4a
You're receiving this email because of your account on salsa.debian.org.
_______________________________________________
debian-security-tracker-commits mailing list
[email protected]
https://alioth-lists.debian.net/cgi-bin/mailman/listinfo/debian-security-tracker-commits
