Salvatore Bonaccorso pushed to branch master at Debian Security Tracker /
security-tracker
Commits:
80a89ccd by security tracker role at 2024-02-26T20:12:16+00:00
automatic update
- - - - -
1 changed file:
- data/CVE/list
Changes:
=====================================
data/CVE/list
=====================================
@@ -1,31 +1,131 @@
+CVE-2024-27092 (Hoppscotch is an API development ecosystem. Due to lack of
validation ...)
+ TODO: check
+CVE-2024-27088 (es5-ext contains ECMAScript 5 extensions. Passing functions
with very ...)
+ TODO: check
+CVE-2024-27087 (Kirby is a content management system. The new link field
introduced in ...)
+ TODO: check
+CVE-2024-27084
+ REJECTED
+CVE-2024-27081 (ESPHome is a system to control your ESP8266/ESP32. A security
misconfi ...)
+ TODO: check
+CVE-2024-26468 (A DOM based cross-site scripting (XSS) vulnerability in the
component ...)
+ TODO: check
+CVE-2024-26467 (A DOM based cross-site scripting (XSS) vulnerability in the
component ...)
+ TODO: check
+CVE-2024-26466 (A DOM based cross-site scripting (XSS) vulnerability in the
component ...)
+ TODO: check
+CVE-2024-26465 (A DOM based cross-site scripting (XSS) vulnerability in the
component ...)
+ TODO: check
+CVE-2024-26462 (Kerberos 5 (aka krb5) 1.21.2 contains a memory leak
vulnerability in / ...)
+ TODO: check
+CVE-2024-26461 (Kerberos 5 (aka krb5) 1.21.2 contains a memory leak
vulnerability in / ...)
+ TODO: check
+CVE-2024-26458 (Kerberos 5 (aka krb5) 1.21.2 contains a memory leak in
/krb5/src/lib/r ...)
+ TODO: check
+CVE-2024-26455 (fluent-bit 2.2.2 contains a Use-After-Free vulnerability in
/fluent-bi ...)
+ TODO: check
+CVE-2024-25925 (Unrestricted Upload of File with Dangerous Type vulnerability
in SYSBA ...)
+ TODO: check
+CVE-2024-25913 (Unrestricted Upload of File with Dangerous Type vulnerability
in Skymo ...)
+ TODO: check
+CVE-2024-25909 (Unrestricted Upload of File with Dangerous Type vulnerability
in JoomU ...)
+ TODO: check
+CVE-2024-25770 (libming 0.4.8 contains a memory leak vulnerability in
/libming/src/act ...)
+ TODO: check
+CVE-2024-25768 (OpenDMARC 1.4.2 contains a null pointer dereference
vulnerability in / ...)
+ TODO: check
+CVE-2024-25767 (nanomq 0.21.2 contains a Use-After-Free vulnerability in
/nanomq/nng/s ...)
+ TODO: check
+CVE-2024-25763 (openNDS 10.2.0 is vulnerable to Use-After-Free via
/openNDS/src/auth.c ...)
+ TODO: check
+CVE-2024-25760 (yasm 1.3.0 contains a memory leak via
/yasm/tools/genmacro/genmacro.c.)
+ TODO: check
+CVE-2024-25410 (flusity-CMS 2.33 is vulnerable to Unrestricted Upload of File
with Dan ...)
+ TODO: check
+CVE-2024-25344 (Cross Site Scripting vulnerability in ITFlow.org before commit
v.43248 ...)
+ TODO: check
+CVE-2024-25082 (Splinefont in FontForge through 20230101 allows command
injection via ...)
+ TODO: check
+CVE-2024-25081 (Splinefont in FontForge through 20230101 allows command
injection via ...)
+ TODO: check
+CVE-2024-24714 (Unrestricted Upload of File with Dangerous Type vulnerability
in bPlug ...)
+ TODO: check
+CVE-2024-24568 (Suricata is a network Intrusion Detection System, Intrusion
Prevention ...)
+ TODO: check
+CVE-2024-24528
+ REJECTED
+CVE-2024-24402 (An issue in Nagios XI 2024R1.01 allows a remote attacker to
escalate p ...)
+ TODO: check
+CVE-2024-24401 (SQL Injection vulnerability in Nagios XI 2024R1.01 allows a
remote att ...)
+ TODO: check
+CVE-2024-23839 (Suricata is a network Intrusion Detection System, Intrusion
Prevention ...)
+ TODO: check
+CVE-2024-23837 (LibHTP is a security-aware parser for the HTTP protocol.
Crafted traff ...)
+ TODO: check
+CVE-2024-23836 (Suricata is a network Intrusion Detection System, Intrusion
Prevention ...)
+ TODO: check
+CVE-2024-23835 (Suricata is a network Intrusion Detection System, Intrusion
Prevention ...)
+ TODO: check
+CVE-2024-23605 (A heap-based buffer overflow vulnerability exists in the GGUF
library ...)
+ TODO: check
+CVE-2024-23496 (A heap-based buffer overflow vulnerability exists in the GGUF
library ...)
+ TODO: check
+CVE-2024-22873 (Tencent Blueking CMDB v3.2.x to v3.9.x was discovered to
contain a Ser ...)
+ TODO: check
+CVE-2024-22201 (Jetty is a Java based web server and servlet engine. An HTTP/2
SSL con ...)
+ TODO: check
+CVE-2024-21836 (A heap-based buffer overflow vulnerability exists in the GGUF
library ...)
+ TODO: check
+CVE-2024-21825 (A heap-based buffer overflow vulnerability exists in the GGUF
library ...)
+ TODO: check
+CVE-2024-21802 (A heap-based buffer overflow vulnerability exists in the GGUF
library ...)
+ TODO: check
+CVE-2024-1899 (An issue in the anchors subparser of Showdownjs versions <=
2.1.0 coul ...)
+ TODO: check
+CVE-2024-1890 (Vulnerability whereby an attacker could send a malicious link
to an au ...)
+ TODO: check
+CVE-2024-1889 (Cross-Site Request Forgery vulnerability in SMA Cluster
Controller, af ...)
+ TODO: check
+CVE-2024-1622 (Due to a mistake in error checking, Routinator will terminate
when an ...)
+ TODO: check
+CVE-2024-1436 (Exposure of Sensitive Information to an Unauthorized Actor
vulnerabili ...)
+ TODO: check
+CVE-2024-0387 (The EDS-4000/G4000 Series prior to version 3.2 includes IP
forwarding ...)
+ TODO: check
+CVE-2023-49960 (In Indo-Sol PROFINET-INspektor NT through 2.4.0, a path
traversal vuln ...)
+ TODO: check
+CVE-2023-49959 (In Indo-Sol PROFINET-INspektor NT through 2.4.0, a command
injection v ...)
+ TODO: check
+CVE-2023-49114 (A DLL hijacking vulnerability was identified in the Qognify
VMS Client ...)
+ TODO: check
CVE-2023-51518
NOT-FOR-US: Apache James
-CVE-2023-52474 [IB/hfi1: Fix bugs with non-PAGE_SIZE-end multi-iovec user SDMA
requests]
+CVE-2023-52474 (In the Linux kernel, the following vulnerability has been
resolved: I ...)
- linux 6.3.7-1
[bookworm] - linux 6.1.37-1
[bullseye] - linux 5.10.191-1
NOTE:
https://git.kernel.org/linus/00cbce5cbf88459cd1aa1d60d0f1df15477df127 (6.4-rc1)
-CVE-2021-46906 [HID: usbhid: fix info leak in hid_submit_ctrl]
+CVE-2021-46906 (In the Linux kernel, the following vulnerability has been
resolved: H ...)
- linux 5.14.6-1
[bullseye] - linux 5.10.46-1
[buster] - linux 4.19.208-1
NOTE:
https://git.kernel.org/linus/6be388f4a35d2ce5ef7dbf635a8964a5da7f799f (5.13-rc5)
-CVE-2020-36775 [f2fs: fix to avoid potential deadlock]
+CVE-2020-36775 (In the Linux kernel, the following vulnerability has been
resolved: f ...)
- linux 5.6.7-1
NOTE:
https://git.kernel.org/linus/df77fbd8c5b222c680444801ffd20e8bbc90a56e (5.7-rc1)
-CVE-2019-25162 [i2c: Fix a potential use after free]
+CVE-2019-25162 (In the Linux kernel, the following vulnerability has been
resolved: i ...)
- linux 5.19.6-1
[bullseye] - linux 5.10.140-1
[buster] - linux 4.19.260-1
NOTE:
https://git.kernel.org/linus/e4c72c06c367758a14f227c847f9d623f1994ecf (6.0-rc1)
-CVE-2019-25161 [drm/amd/display: prevent memory leak]
+CVE-2019-25161 (In the Linux kernel, the following vulnerability has been
resolved: d ...)
- linux 5.4.6-1
[buster] - linux 4.19.146-1
NOTE:
https://git.kernel.org/linus/104c307147ad379617472dd91a5bcb368d72bd6d (5.4-rc1)
-CVE-2019-25160 [netlabel: fix out-of-bounds memory accesses]
+CVE-2019-25160 (In the Linux kernel, the following vulnerability has been
resolved: n ...)
- linux 4.19.28-1
NOTE:
https://git.kernel.org/linus/5578de4834fe0f2a34fedc7374be691443396d1f (5.0)
-CVE-2024-26606 [binder: signal epoll threads of self-work]
+CVE-2024-26606 (In the Linux kernel, the following vulnerability has been
resolved: b ...)
- linux <unfixed>
NOTE:
https://git.kernel.org/linus/97830f3c3088638ff90b20dfba2eb4d487bf14d7 (6.8-rc3)
CVE-2024-27456 (rack-cors (aka Rack CORS Middleware) 2.0.1 has 0666
permissions for th ...)
@@ -209,7 +309,7 @@ CVE-2024-21423 (Microsoft Edge (Chromium-based) Information
Disclosure Vulnerabi
NOT-FOR-US: Microsoft
CVE-2024-1810 (The Archivist \u2013 Custom Archive Templates plugin for
WordPress is ...)
NOT-FOR-US: WordPress plugin
-CVE-2024-22371
+CVE-2024-22371 (Exposure of sensitive data by by crafting a malicious
EventFactory and ...)
NOT-FOR-US: Apache Camel
CVE-2024-27319 (Versions of the package onnx before and including 1.15.0 are
vulnerabl ...)
NOT-FOR-US: onnx
@@ -622,9 +722,9 @@ CVE-2024-26484 (A stored cross-site scripting (XSS)
vulnerability in the Edit Co
NOT-FOR-US: Kirby CMS module
CVE-2024-26483 (An arbitrary file upload vulnerability in the Profile Image
module of ...)
NOT-FOR-US: Kirby CMS module
-CVE-2024-26482 (An HTML injection vulnerability in the Edit Content Layout
module of K ...)
+CVE-2024-26482 (An HTML injection vulnerability exists in the Edit Content
Layout modu ...)
NOT-FOR-US: Kirby CMS module
-CVE-2024-26481 (Kirby CMS v4.1.0 was discovered to contain a reflected
cross-site scri ...)
+CVE-2024-26481 (Kirby CMS v4.1.0 was discovered to contain a reflected
self-XSS vulner ...)
NOT-FOR-US: Kirby CMS
CVE-2024-26148 (Querybook is a user interface for querying big data. Prior to
version ...)
NOT-FOR-US: Querybook
@@ -3421,6 +3521,7 @@ CVE-2024-24829 (Sentry is an error tracking and
performance monitoring platform.
CVE-2024-24825 (DIRAC is a distributed resource framework. In affected
versions any us ...)
NOT-FOR-US: DIRAC
CVE-2024-24821 (Composer is a dependency Manager for the PHP language. In
affected ver ...)
+ {DSA-5632-1}
- composer 2.7.1-1 (bug #1063603)
NOTE:
https://github.com/composer/composer/security/advisories/GHSA-7c6p-848j-wh5h
NOTE:
https://github.com/composer/composer/commit/64e4eb356b159a30c766cd1ea83450a38dc23bf5
(2.7.0)
@@ -4432,7 +4533,7 @@ CVE-2023-5643 (Out-of-bounds Write vulnerability in Arm
Ltd Bifrost GPU Kernel D
CVE-2023-5249 (Use After Free vulnerability in Arm Ltd Bifrost GPU Kernel
Driver, Arm ...)
NOT-FOR-US: Arm
CVE-2023-52138 (Engrampa is an archive manager for the MATE environment.
Engrampa is f ...)
- {DSA-5625-1}
+ {DSA-5625-1 DLA-3741-1}
- engrampa 1.26.2-1 (bug #1063494)
NOTE:
https://github.com/mate-desktop/engrampa/security/advisories/GHSA-c98h-v39w-3r7v
NOTE:
https://github.com/mate-desktop/engrampa/commit/63d5dfa9005c6b16d0f0ccd888cc859fca78f970
@@ -7960,6 +8061,7 @@ CVE-2024-0555 (A Cross-Site Request Forgery (CSRF)
vulnerability has been found
CVE-2024-0554 (A Cross-site scripting (XSS) vulnerability has been found on
WIC1200, ...)
NOT-FOR-US: WIC200
CVE-2024-0553 (A vulnerability was found in GnuTLS. The response times to
malformed c ...)
+ {DLA-3740-1}
- gnutls28 3.8.3-1 (bug #1061046)
[bookworm] - gnutls28 3.7.9-2+deb12u2
[bullseye] - gnutls28 <not-affected> (Incomplete fix for CVE-2023-5981
not published officially in any Debian bullseye release)
View it on GitLab:
https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/80a89ccd4f9b3d0cfc7f49cb9884987b04f38080
--
View it on GitLab:
https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/80a89ccd4f9b3d0cfc7f49cb9884987b04f38080
You're receiving this email because of your account on salsa.debian.org.
_______________________________________________
debian-security-tracker-commits mailing list
[email protected]
https://alioth-lists.debian.net/cgi-bin/mailman/listinfo/debian-security-tracker-commits
