Salvatore Bonaccorso pushed to branch master at Debian Security Tracker /
security-tracker
Commits:
09cbfae2 by security tracker role at 2024-02-26T08:12:02+00:00
automatic update
- - - - -
1 changed file:
- data/CVE/list
Changes:
=====================================
data/CVE/list
=====================================
@@ -1,3 +1,27 @@
+CVE-2024-27456 (rack-cors (aka Rack CORS Middleware) 2.0.1 has 0666
permissions for th ...)
+ TODO: check
+CVE-2024-27455 (In the Bentley ALIM Web application, certain configuration
settings ca ...)
+ TODO: check
+CVE-2024-27454 (orjson.loads in orjson before 3.9.15 does not limit recursion
for deep ...)
+ TODO: check
+CVE-2024-27447 (pretix before 2024.1.1 mishandles file validation.)
+ TODO: check
+CVE-2024-27444 (langchain_experimental (aka LangChain Experimental) in
LangChain befor ...)
+ TODO: check
+CVE-2024-1886 (This vulnerability allows remote attackers to traverse the
directory o ...)
+ TODO: check
+CVE-2024-1885 (This vulnerability allows remote attackers to execute arbitrary
code o ...)
+ TODO: check
+CVE-2024-1878 (A vulnerability was found in SourceCodester Employee Management
System ...)
+ TODO: check
+CVE-2024-1877 (A vulnerability was found in SourceCodester Employee Management
System ...)
+ TODO: check
+CVE-2024-1876 (A vulnerability was found in SourceCodester Employee Management
System ...)
+ TODO: check
+CVE-2024-1875 (A vulnerability was found in SourceCodester Complaint
Management Syste ...)
+ TODO: check
+CVE-2024-1735 (A vulnerability has been identified in armeria-saml versions
less than ...)
+ TODO: check
CVE-2024-0798 (A user with a `default` role given to them by the admin can
sent `DELE ...)
TODO: check
CVE-2024-0455 (The inclusion of the web scraper for AnythingLLM means that any
user w ...)
@@ -26097,7 +26121,7 @@ CVE-2023-44811 (Cross Site Request Forgery (CSRF)
vulnerability in MooSocial v.3
NOT-FOR-US: mooSocial
CVE-2023-44473 (Cross-Site Request Forgery (CSRF) vulnerability in Michael
Tran Table ...)
NOT-FOR-US: WordPress plugin
-CVE-2023-44467 (langchain_experimental 0.0.14 allows an attacker to bypass the
CVE-202 ...)
+CVE-2023-44467 (langchain_experimental (aka LangChain Experimental) in
LangChain befor ...)
NOT-FOR-US: langchain_experimental
CVE-2023-44400 (Uptime Kuma is a self-hosted monitoring tool. Prior to version
1.23.3, ...)
NOT-FOR-US: Uptime Kuma
@@ -40027,7 +40051,7 @@ CVE-2023-36291 (Cross Site Scripting vulnerability in
Maxsite CMS v.108.7 allows
NOT-FOR-US: Maxsite CMS
CVE-2023-36262
REJECTED
-CVE-2023-36258 (An issue in langchain v.0.0.199 allows an attacker to execute
arbitrar ...)
+CVE-2023-36258 (An issue in LangChain before 0.0.236 allows an attacker to
execute arb ...)
NOT-FOR-US: Langchain
CVE-2023-36223 (Cross Site Scripting vulnerability in mlogclub bbs-go v.
3.5.5. and be ...)
NOT-FOR-US: mlogclub bbs-go
View it on GitLab:
https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/09cbfae23404b46b70c1f12e80d3644f98cb051a
--
View it on GitLab:
https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/09cbfae23404b46b70c1f12e80d3644f98cb051a
You're receiving this email because of your account on salsa.debian.org.
_______________________________________________
debian-security-tracker-commits mailing list
[email protected]
https://alioth-lists.debian.net/cgi-bin/mailman/listinfo/debian-security-tracker-commits
