Salvatore Bonaccorso pushed to branch master at Debian Security Tracker /
security-tracker
Commits:
ce231a62 by security tracker role at 2024-02-21T20:12:33+00:00
automatic update
- - - - -
1 changed file:
- data/CVE/list
Changes:
=====================================
data/CVE/list
=====================================
@@ -1,3 +1,103 @@
+CVE-2024-27215
+ REJECTED
+CVE-2024-26311 (Archer Platform 6.x before 6.14 P2 HF1 (6.14.0.2.1) contains a
reflect ...)
+ TODO: check
+CVE-2024-26310 (Archer Platform 6.8 before 6.14 P2 (6.14.0.2) contains an
improper acc ...)
+ TODO: check
+CVE-2024-26145 (Discourse Calendar adds the ability to create a dynamic
calendar in th ...)
+ TODO: check
+CVE-2024-26138 (The XWiki licensor application, which manages and enforce
application ...)
+ TODO: check
+CVE-2024-26133 (EventStoreDB (ESDB) is an operational database built to store
events. ...)
+ TODO: check
+CVE-2024-26130 (cryptography is a package designed to expose cryptographic
primitives ...)
+ TODO: check
+CVE-2024-25898 (A XSS vulnerability was found in the ChurchCRM v.5.5.0
functionality, ...)
+ TODO: check
+CVE-2024-25897 (ChurchCRM 5.5.0 FRCatalog.php is vulnerable to Blind SQL
Injection (Ti ...)
+ TODO: check
+CVE-2024-25896 (ChurchCRM 5.5.0 EventEditor.php is vulnerable to Blind SQL
Injection ( ...)
+ TODO: check
+CVE-2024-25895 (A reflected cross-site scripting (XSS) vulnerability in
ChurchCRM 5.5. ...)
+ TODO: check
+CVE-2024-25894 (ChurchCRM 5.5.0 /EventEditor.php is vulnerable to Blind SQL
Injection ...)
+ TODO: check
+CVE-2024-25893 (ChurchCRM 5.5.0 FRCertificates.php is vulnerable to Blind SQL
Injectio ...)
+ TODO: check
+CVE-2024-25892 (ChurchCRM 5.5.0 ConfirmReport.php is vulnerable to Blind SQL
Injection ...)
+ TODO: check
+CVE-2024-25891 (ChurchCRM 5.5.0 FRBidSheets.php is vulnerable to Blind SQL
Injection ( ...)
+ TODO: check
+CVE-2024-25461 (Directory Traversal vulnerability in Terrasoft, Creatio
Terrasoft CRM ...)
+ TODO: check
+CVE-2024-25381 (There is a Stored XSS Vulnerability in Emlog Pro 2.2.8 Article
Publish ...)
+ TODO: check
+CVE-2024-25288 (SLIMS (Senayan Library Management Systems) 9 Bulian v9.6.1 is
vulnerab ...)
+ TODO: check
+CVE-2024-25249 (An issue in He3 App for macOS version 2.0.17, allows remote
attackers ...)
+ TODO: check
+CVE-2024-25117 (php-svg-lib is a scalable vector graphics (SVG) file
parsing/rendering ...)
+ TODO: check
+CVE-2024-24479 (Buffer Overflow vulnerability in Wireshark team Wireshark
before v.4.2 ...)
+ TODO: check
+CVE-2024-24478 (An issue in Wireshark team Wireshark before v.4.2.0 allows a
remote at ...)
+ TODO: check
+CVE-2024-24476 (Buffer Overflow vulnerability in Wireshark team Wireshark
before v.4.2 ...)
+ TODO: check
+CVE-2024-23346 (Pymatgen (Python Materials Genomics) is an open-source Python
library ...)
+ TODO: check
+CVE-2024-22778 (HackMD CodiMD <2.5.2 is vulnerable to Denial of Service.)
+ TODO: check
+CVE-2024-22473 (TRNG is used before initialization by ECDSA signing driver
when exitin ...)
+ TODO: check
+CVE-2024-22220 (An issue was discovered in Terminalfour 7.4 through 7.4.0004
QP3 and 8 ...)
+ TODO: check
+CVE-2024-20325 (A vulnerability in the Live Data server of Cisco Unified
Intelligence ...)
+ TODO: check
+CVE-2024-1714
+ REJECTED
+CVE-2024-1709 (ConnectWise ScreenConnect 23.9.7 and prior are affected by an
Authenti ...)
+ TODO: check
+CVE-2024-1708 (ConnectWise ScreenConnect 23.9.7 and prior are affected by
path-traver ...)
+ TODO: check
+CVE-2024-1707 (A vulnerability, which was classified as problematic, was found
in GAR ...)
+ TODO: check
+CVE-2024-1706 (A vulnerability, which was classified as problematic, has been
found i ...)
+ TODO: check
+CVE-2024-1705 (A vulnerability was found in Shopwind up to 4.6. It has been
rated as ...)
+ TODO: check
+CVE-2024-1704 (A vulnerability was found in ZhongBangKeJi CRMEB 5.2.2. It has
been de ...)
+ TODO: check
+CVE-2024-1703 (A vulnerability was found in ZhongBangKeJi CRMEB 5.2.2. It has
been cl ...)
+ TODO: check
+CVE-2024-1702 (A vulnerability was found in keerti1924
PHP-MYSQL-User-Login-System 1. ...)
+ TODO: check
+CVE-2024-1701 (A vulnerability has been found in keerti1924
PHP-MYSQL-User-Login-Syst ...)
+ TODO: check
+CVE-2024-1700 (A vulnerability, which was classified as problematic, was found
in kee ...)
+ TODO: check
+CVE-2024-1474 (In WS_FTP Server versions before 8.8.5, reflected cross-site
scripting ...)
+ TODO: check
+CVE-2024-1212 (Unauthenticated remote attackers can access the system through
the Loa ...)
+ TODO: check
+CVE-2023-7235 (The OpenVPN GUI installer before version 2.6.9 did not set the
proper ...)
+ TODO: check
+CVE-2023-6640 (Malformed S2 Nonce Get Command Class packets can be sent to
crash PC C ...)
+ TODO: check
+CVE-2023-6533 (Malformed Device Reset Locally Command Class packets can be
sent to th ...)
+ TODO: check
+CVE-2023-50975 (The TD Bank TD Advanced Dashboard client through 3.0.3 for
macOS allow ...)
+ TODO: check
+CVE-2023-50955 (IBM InfoSphere Information Server 11.7 could allow an
authenticated pr ...)
+ TODO: check
+CVE-2023-49100 (Trusted Firmware-A (TF-A) before 2.10 has a potential read
out-of-boun ...)
+ TODO: check
+CVE-2023-47795 (Stored cross-site scripting (XSS) vulnerability in the
Document and Me ...)
+ TODO: check
+CVE-2023-46241 (`discourse-microsoft-auth` is a plugin that enables
authentication via ...)
+ TODO: check
+CVE-2023-33843 (IBM InfoSphere Information Server 11.7 is vulnerable to
cross-site scr ...)
+ TODO: check
CVE-2024-0410
- gitlab <unfixed>
CVE-2023-3509
@@ -12,18 +112,18 @@ CVE-2023-6477
- gitlab <not-affected> (Specific to EE)
CVE-2024-1451
- gitlab <not-affected> (Only affects 16.9)
-CVE-2024-26585 [tls: fix race between tx work scheduling and socket close]
+CVE-2024-26585 (In the Linux kernel, the following vulnerability has been
resolved: t ...)
- linux <unfixed>
[buster] - linux <not-affected> (Vulnerable code not present)
NOTE:
https://git.kernel.org/linus/e01e3934a1b2d122919f73bc6ddbe1cdafc4bbdb (6.8-rc5)
-CVE-2024-26584 [net: tls: handle backlogging of crypto requests]
+CVE-2024-26584 (In the Linux kernel, the following vulnerability has been
resolved: n ...)
- linux <unfixed>
NOTE:
https://git.kernel.org/linus/8590541473188741055d27b955db0777569438e3 (6.8-rc5)
-CVE-2024-26583 [tls: fix race between async notify and socket close]
+CVE-2024-26583 (In the Linux kernel, the following vulnerability has been
resolved: t ...)
- linux <unfixed>
[buster] - linux <not-affected> (Vulnerable code not present)
NOTE:
https://git.kernel.org/linus/aec7961916f3f9e88766e2688992da6980f11b8d (6.8-rc5)
-CVE-2024-26582 [net: tls: fix use-after-free with partial reads and async
decrypt]
+CVE-2024-26582 (In the Linux kernel, the following vulnerability has been
resolved: n ...)
- linux <unfixed>
[bullseye] - linux <not-affected> (Vulnerable code not present)
[buster] - linux <not-affected> (Vulnerable code not present)
@@ -348,6 +448,7 @@ CVE-2024-1554 (The `fetch()` API and navigation incorrectly
shared the same cach
- firefox 123.0-1
NOTE:
https://www.mozilla.org/en-US/security/advisories/mfsa2024-05/#CVE-2024-1554
CVE-2024-1553 (Memory safety bugs present in Firefox 122, Firefox ESR 115.7,
and Thun ...)
+ {DSA-5627-1}
- firefox 123.0-1
- firefox-esr 115.8.0esr-1
- thunderbird <unfixed>
@@ -355,6 +456,7 @@ CVE-2024-1553 (Memory safety bugs present in Firefox 122,
Firefox ESR 115.7, and
NOTE:
https://www.mozilla.org/en-US/security/advisories/mfsa2024-06/#CVE-2024-1553
NOTE:
https://www.mozilla.org/en-US/security/advisories/mfsa2024-07/#CVE-2024-1553
CVE-2024-1552 (Incorrect code generation could have led to unexpected numeric
convers ...)
+ {DSA-5627-1}
- firefox 123.0-1
- firefox-esr 115.8.0esr-1
- thunderbird <unfixed>
@@ -362,6 +464,7 @@ CVE-2024-1552 (Incorrect code generation could have led to
unexpected numeric co
NOTE:
https://www.mozilla.org/en-US/security/advisories/mfsa2024-06/#CVE-2024-1552
NOTE:
https://www.mozilla.org/en-US/security/advisories/mfsa2024-07/#CVE-2024-1552
CVE-2024-1551 (Set-Cookie response headers were being incorrectly honored in
multipar ...)
+ {DSA-5627-1}
- firefox 123.0-1
- firefox-esr 115.8.0esr-1
- thunderbird <unfixed>
@@ -369,6 +472,7 @@ CVE-2024-1551 (Set-Cookie response headers were being
incorrectly honored in mul
NOTE:
https://www.mozilla.org/en-US/security/advisories/mfsa2024-06/#CVE-2024-1551
NOTE:
https://www.mozilla.org/en-US/security/advisories/mfsa2024-07/#CVE-2024-1551
CVE-2024-1550 (A malicious website could have used a combination of exiting
fullscree ...)
+ {DSA-5627-1}
- firefox 123.0-1
- firefox-esr 115.8.0esr-1
- thunderbird <unfixed>
@@ -376,6 +480,7 @@ CVE-2024-1550 (A malicious website could have used a
combination of exiting full
NOTE:
https://www.mozilla.org/en-US/security/advisories/mfsa2024-06/#CVE-2024-1550
NOTE:
https://www.mozilla.org/en-US/security/advisories/mfsa2024-07/#CVE-2024-1550
CVE-2024-1549 (If a website set a large custom cursor, portions of the cursor
could h ...)
+ {DSA-5627-1}
- firefox 123.0-1
- firefox-esr 115.8.0esr-1
- thunderbird <unfixed>
@@ -383,6 +488,7 @@ CVE-2024-1549 (If a website set a large custom cursor,
portions of the cursor co
NOTE:
https://www.mozilla.org/en-US/security/advisories/mfsa2024-06/#CVE-2024-1549
NOTE:
https://www.mozilla.org/en-US/security/advisories/mfsa2024-07/#CVE-2024-1549
CVE-2024-1548 (A website could have obscured the fullscreen notification by
using a d ...)
+ {DSA-5627-1}
- firefox 123.0-1
- firefox-esr 115.8.0esr-1
- thunderbird <unfixed>
@@ -390,6 +496,7 @@ CVE-2024-1548 (A website could have obscured the fullscreen
notification by usin
NOTE:
https://www.mozilla.org/en-US/security/advisories/mfsa2024-06/#CVE-2024-1548
NOTE:
https://www.mozilla.org/en-US/security/advisories/mfsa2024-07/#CVE-2024-1548
CVE-2024-1547 (Through a series of API calls and redirects, an
attacker-controlled al ...)
+ {DSA-5627-1}
- firefox 123.0-1
- firefox-esr 115.8.0esr-1
- thunderbird <unfixed>
@@ -397,6 +504,7 @@ CVE-2024-1547 (Through a series of API calls and redirects,
an attacker-controll
NOTE:
https://www.mozilla.org/en-US/security/advisories/mfsa2024-06/#CVE-2024-1547
NOTE:
https://www.mozilla.org/en-US/security/advisories/mfsa2024-07/#CVE-2024-1547
CVE-2024-1546 (When storing and re-accessing data on a networking channel, the
length ...)
+ {DSA-5627-1}
- firefox 123.0-1
- firefox-esr 115.8.0esr-1
- thunderbird <unfixed>
@@ -1939,7 +2047,7 @@ CVE-2023-6516 (To keep its cache database efficient,
`named` running as a recurs
NOTE: Issue is specific to 9.16.y. Mark the first version from 9.17.y
series
NOTE: which entered unstable as the fixed version as workaround.
CVE-2023-50387 (Certain DNSSEC aspects of the DNS protocol (in RFC 4033, 4034,
4035, 6 ...)
- {DSA-5626-1 DSA-5621-1 DSA-5620-1}
+ {DSA-5626-1 DSA-5621-1 DSA-5620-1 DLA-3736-1}
- bind9 1:9.19.21-1
- dnsmasq 2.90-1
- knot-resolver 5.7.1-1
@@ -1953,7 +2061,7 @@ CVE-2023-50387 (Certain DNSSEC aspects of the DNS
protocol (in RFC 4033, 4034, 4
NOTE:
https://nlnetlabs.nl/downloads/unbound/CVE-2023-50387_CVE-2023-50868.txt
NOTE: Fixed by:
https://github.com/NLnetLabs/unbound/commit/882903f2fa800c4cb6f5e225b728e2887bb7b9ae
(release-1.19.1)
CVE-2023-50868 (The Closest Encloser Proof aspect of the DNS protocol (in RFC
5155 whe ...)
- {DSA-5626-1 DSA-5621-1 DSA-5620-1}
+ {DSA-5626-1 DSA-5621-1 DSA-5620-1 DLA-3736-1}
- bind9 1:9.19.21-1
- dnsmasq 2.90-1
- knot-resolver 5.7.1-1
@@ -84293,12 +84401,12 @@ CVE-2022-45181
RESERVED
CVE-2022-45180 (An issue was discovered in LIVEBOX Collaboration vDesk through
v018. B ...)
NOT-FOR-US: LIVEBOX
-CVE-2022-45179
- RESERVED
+CVE-2022-45179 (An issue was discovered in LIVEBOX Collaboration vDesk through
v031. A ...)
+ TODO: check
CVE-2022-45178 (An issue was discovered in LIVEBOX Collaboration vDesk through
v018. B ...)
NOT-FOR-US: LIVEBOX
-CVE-2022-45177
- RESERVED
+CVE-2022-45177 (An issue was discovered in LIVEBOX Collaboration vDesk through
v031. A ...)
+ TODO: check
CVE-2022-45176
RESERVED
CVE-2022-45175 (An issue was discovered in LIVEBOX Collaboration vDesk through
v018. A ...)
@@ -84313,8 +84421,8 @@ CVE-2022-45171
RESERVED
CVE-2022-45170 (An issue was discovered in LIVEBOX Collaboration vDesk through
v018. A ...)
NOT-FOR-US: LIVEBOX
-CVE-2022-45169
- RESERVED
+CVE-2022-45169 (An issue was discovered in LIVEBOX Collaboration vDesk through
v031. A ...)
+ TODO: check
CVE-2022-45168
RESERVED
CVE-2022-3962 (A content spoofing vulnerability was found in Kiali. It was
discovered ...)
View it on GitLab:
https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/ce231a627c2ca7d0a0db6a30af4aed59f533730d
--
View it on GitLab:
https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/ce231a627c2ca7d0a0db6a30af4aed59f533730d
You're receiving this email because of your account on salsa.debian.org.
_______________________________________________
debian-security-tracker-commits mailing list
[email protected]
https://alioth-lists.debian.net/cgi-bin/mailman/listinfo/debian-security-tracker-commits
