Salvatore Bonaccorso pushed to branch master at Debian Security Tracker /
security-tracker
Commits:
aa328881 by security tracker role at 2024-02-29T08:12:15+00:00
automatic update
- - - - -
1 changed file:
- data/CVE/list
Changes:
=====================================
data/CVE/list
=====================================
@@ -1,46 +1,192 @@
-CVE-2023-52484 [iommu/arm-smmu-v3: Fix soft lockup triggered by
arm_smmu_mm_invalidate_range]
+CVE-2024-26559 (An issue in uverif v.2.0 allows a remote attacker to obtain
sensitive ...)
+ TODO: check
+CVE-2024-26476 (An issue in open-emr before v.7.0.2 allows a remote attacker
to escala ...)
+ TODO: check
+CVE-2024-26450 (Cross Site Scripting vulnerability in Piwigo before v.14.2.0
allows a ...)
+ TODO: check
+CVE-2024-25869 (An Unrestricted File Upload vulnerability in CodeAstro
Membership Mana ...)
+ TODO: check
+CVE-2024-25868 (A Cross Site Scripting (XSS) vulnerability in CodeAstro
Membership Man ...)
+ TODO: check
+CVE-2024-25867 (A SQL Injection vulnerability in CodeAstro Membership
Management Syste ...)
+ TODO: check
+CVE-2024-25866 (A SQL Injection vulnerability in CodeAstro Membership
Management Syste ...)
+ TODO: check
+CVE-2024-25594 (Improper Neutralization of Input During Web Page Generation
('Cross-si ...)
+ TODO: check
+CVE-2024-25579 (OS command injection vulnerability in ELECOM wireless LAN
routers allo ...)
+ TODO: check
+CVE-2024-25422 (SQL Injection vulnerability in SEMCMS v.4.8 allows a remote
attacker t ...)
+ TODO: check
+CVE-2024-25351 (SQL Injection vulnerability in /zms/admin/changeimage.php in
PHPGuruku ...)
+ TODO: check
+CVE-2024-25350 (SQL Injection vulnerability in /zms/admin/edit-ticket.php in
PHPGuruku ...)
+ TODO: check
+CVE-2024-25292 (Cross-site scripting (XSS) vulnerability in RenderTune v1.1.4
allows a ...)
+ TODO: check
+CVE-2024-25291 (Deskfiler v1.2.3 allows attackers to execute arbitrary code
via upload ...)
+ TODO: check
+CVE-2024-25098 (Improper Neutralization of Input During Web Page Generation
('Cross-si ...)
+ TODO: check
+CVE-2024-25094 (Improper Neutralization of Input During Web Page Generation
('Cross-si ...)
+ TODO: check
+CVE-2024-25093 (Improper Neutralization of Input During Web Page Generation
('Cross-si ...)
+ TODO: check
+CVE-2024-24988 (Mattermost fails to properly validate the length of the emoji
value in ...)
+ TODO: check
+CVE-2024-24525 (An issue in EpointWebBuilder 5.1.0-sp1, 5.2.1-sp1, 5.4.1 and
5.4.2 all ...)
+ TODO: check
+CVE-2024-24155 (Bento4 v1.5.1-628 contains a Memory leak on
AP4_Movie::AP4_Movie, pars ...)
+ TODO: check
+CVE-2024-24150 (A memory leak issue discovered in parseSWF_TEXTRECORD in
libming v0.4. ...)
+ TODO: check
+CVE-2024-24149 (A memory leak issue discovered in parseSWF_GLYPHENTRY in
libming v0.4. ...)
+ TODO: check
+CVE-2024-24147 (A memory leak issue discovered in parseSWF_FILLSTYLEARRAY in
libming v ...)
+ TODO: check
+CVE-2024-24146 (A memory leak issue discovered in parseSWF_DEFINEBUTTON in
libming v0. ...)
+ TODO: check
+CVE-2024-23910 (Cross-site request forgery (CSRF) vulnerability in ELECOM
wireless LAN ...)
+ TODO: check
+CVE-2024-23501 (Improper Neutralization of Input During Web Page Generation
('Cross-si ...)
+ TODO: check
+CVE-2024-23493 (Mattermost fails to properly authorize the requests
fetchingteam assoc ...)
+ TODO: check
+CVE-2024-23488 (Mattermost fails to properly restrict the access of files
attached to ...)
+ TODO: check
+CVE-2024-23302 (Couchbase Server before 7.2.4 has a private key leak in
goxdcr.log.)
+ TODO: check
+CVE-2024-22983 (SQL injection vulnerability in Projectworlds Visitor
Management System ...)
+ TODO: check
+CVE-2024-22871 (An issue in Clojure versions 1.20 to 1.12.0-alpha5 allows an
attacker ...)
+ TODO: check
+CVE-2024-22532 (Buffer Overflow vulnerability in XNSoft NConvert 7.163 (for
Windows x8 ...)
+ TODO: check
+CVE-2024-21798 (ELECOM wireless LAN routers contain a cross-site scripting
vulnerabili ...)
+ TODO: check
+CVE-2024-21752 (Cross-Site Request Forgery (CSRF) vulnerability in Ernest
Marcinko Aja ...)
+ TODO: check
+CVE-2024-1982 (The Migration, Backup, Staging \u2013 WPvivid plugin for
WordPress is ...)
+ TODO: check
+CVE-2024-1981 (The Migration, Backup, Staging \u2013 WPvivid plugin for
WordPress is ...)
+ TODO: check
+CVE-2024-1978 (The Friends plugin for WordPress is vulnerable to Server-Side
Request ...)
+ TODO: check
+CVE-2024-1977 (The Restaurant Solutions \u2013 Checklist plugin for WordPress
is vuln ...)
+ TODO: check
+CVE-2024-1976 (The Marketing Optimizer plugin for WordPress is vulnerable to
Cross-Si ...)
+ TODO: check
+CVE-2024-1972 (A vulnerability was found in SourceCodester Online Job Portal
1.0 and ...)
+ TODO: check
+CVE-2024-1971 (A vulnerability has been found in Surya2Developer Online
Shopping Syst ...)
+ TODO: check
+CVE-2024-1970 (A vulnerability, which was classified as problematic, was found
in Sou ...)
+ TODO: check
+CVE-2024-1887 (Mattermost fails to check if compliance export is enabled when
fetchin ...)
+ TODO: check
+CVE-2024-1468 (The Avada | Website Builder For WordPress & WooCommerce theme
for Word ...)
+ TODO: check
+CVE-2024-1437 (Improper Neutralization of Input During Web Page Generation
('Cross-si ...)
+ TODO: check
+CVE-2024-1435 (Exposure of Sensitive Information to an Unauthorized Actor
vulnerabili ...)
+ TODO: check
+CVE-2024-1434 (Improper Neutralization of Input During Web Page Generation
('Cross-si ...)
+ TODO: check
+CVE-2024-1341 (The Advanced iFrame plugin for WordPress is vulnerable to
Stored Cross ...)
+ TODO: check
+CVE-2024-0689 (The Custom Field Suite plugin for WordPress is vulnerable to
Stored Cr ...)
+ TODO: check
+CVE-2023-6090 (Unrestricted Upload of File with Dangerous Type vulnerability
in Molli ...)
+ TODO: check
+CVE-2023-5617 (Hitachi Vantara Pentaho Data Integration & Analytics versions
before 1 ...)
+ TODO: check
+CVE-2023-51802 (Cross Site Scripting (XSS) vulnerability in the Simple Student
Attenda ...)
+ TODO: check
+CVE-2023-51801 (SQL Injection vulnerability in the Simple Student Attendance
System v. ...)
+ TODO: check
+CVE-2023-51800 (Cross Site Scripting (XSS) vulnerability in School Fees
Management Sys ...)
+ TODO: check
+CVE-2023-51696 (Cross-Site Request Forgery (CSRF) vulnerability in
\u0421leanTalk - An ...)
+ TODO: check
+CVE-2023-51531 (Cross-Site Request Forgery (CSRF) vulnerability in Thrive
Themes Thriv ...)
+ TODO: check
+CVE-2023-51530 (Cross-Site Request Forgery (CSRF) vulnerability in GS Plugins
Logo Sli ...)
+ TODO: check
+CVE-2023-51529 (Cross-Site Request Forgery (CSRF) vulnerability in HasThemes
HT Mega \ ...)
+ TODO: check
+CVE-2023-51528 (Cross-Site Request Forgery (CSRF) vulnerability in Senol Sahin
AI Powe ...)
+ TODO: check
+CVE-2023-50905 (Improper Neutralization of Input During Web Page Generation
('Cross-si ...)
+ TODO: check
+CVE-2023-50437 (An issue was discovered in Couchbase Server before 7.2.x
before 7.2.4. ...)
+ TODO: check
+CVE-2023-50436 (An issue was discovered in Couchbase Server before 7.2.4.
ns_server ad ...)
+ TODO: check
+CVE-2023-49932 (An issue was discovered in Couchbase Server before 7.2.4. An
attacker ...)
+ TODO: check
+CVE-2023-49931 (An issue was discovered in Couchbase Server before 7.2.4.
SQL++ cURL c ...)
+ TODO: check
+CVE-2023-49930 (An issue was discovered in Couchbase Server before 7.2.4. cURL
calls t ...)
+ TODO: check
+CVE-2023-49338 (Couchbase Server 7.1.x and 7.2.x before 7.2.4 does not require
authent ...)
+ TODO: check
+CVE-2023-47874 (Missing Authorization vulnerability in Perfmatters.This issue
affects ...)
+ TODO: check
+CVE-2023-45874 (An issue was discovered in Couchbase Server through 7.2.2. A
data read ...)
+ TODO: check
+CVE-2023-45873 (An issue was discovered in Couchbase Server through 7.2.2. A
data read ...)
+ TODO: check
+CVE-2023-45859 (In Hazelcast through 4.1.10, 4.2 through 4.2.8, 5.0 through
5.0.5, 5.1 ...)
+ TODO: check
+CVE-2023-43769 (An issue was discovered in Couchbase Server through 7.1.4
before 7.1.5 ...)
+ TODO: check
+CVE-2023-38372 (An unauthorized attacker who has obtained an IBM Watson IoT
Platform 1 ...)
+ TODO: check
+CVE-2023-38367 (IBM Cloud Pak Foundational Services Identity Provider (idP)
API (IBM C ...)
+ TODO: check
+CVE-2023-52484 (In the Linux kernel, the following vulnerability has been
resolved: i ...)
- linux 6.5.6-1
[bookworm] - linux 6.1.64-1
NOTE:
https://git.kernel.org/linus/d5afb4b47e13161b3f33904d45110f9e6463bad6 (6.6-rc5)
-CVE-2023-52483 [mctp: perform route lookups under a RCU read-side lock]
+CVE-2023-52483 (In the Linux kernel, the following vulnerability has been
resolved: m ...)
- linux 6.5.8-1
[bookworm] - linux 6.1.64-1
[bullseye] - linux <not-affected> (Vulnerable code not present)
[buster] - linux <not-affected> (Vulnerable code not present)
NOTE:
https://git.kernel.org/linus/5093bbfc10ab6636b32728e35813cbd79feb063c (6.6-rc6)
-CVE-2023-52482 [x86/srso: Add SRSO mitigation for Hygon processors]
+CVE-2023-52482 (In the Linux kernel, the following vulnerability has been
resolved: x ...)
- linux 6.5.6-1
[bookworm] - linux 6.1.64-1
NOTE:
https://git.kernel.org/linus/a5ef7d68cea1344cf524f04981c2b3f80bedbb0d (6.6-rc4)
-CVE-2023-52481 [arm64: errata: Add Cortex-A520 speculative unprivileged load
workaround]
+CVE-2023-52481 (In the Linux kernel, the following vulnerability has been
resolved: a ...)
- linux 6.5.8-1
[bookworm] - linux 6.1.64-1
NOTE:
https://git.kernel.org/linus/471470bc7052d28ce125901877dd10e4c048e513 (6.6-rc5)
-CVE-2023-52480 [ksmbd: fix race condition between session lookup and expire]
+CVE-2023-52480 (In the Linux kernel, the following vulnerability has been
resolved: k ...)
- linux 6.5.8-1
[bookworm] - linux 6.1.64-1
NOTE:
https://git.kernel.org/linus/53ff5cf89142b978b1a5ca8dc4d4425e6a09745f (6.6-rc5)
-CVE-2023-52479 [ksmbd: fix uaf in smb20_oplock_break_ack]
+CVE-2023-52479 (In the Linux kernel, the following vulnerability has been
resolved: k ...)
- linux 6.5.8-1
[bookworm] - linux 6.1.64-1
NOTE:
https://git.kernel.org/linus/c69813471a1ec081a0b9bf0c6bd7e8afd818afce (6.6-rc5)
-CVE-2023-52478 [HID: logitech-hidpp: Fix kernel crash on receiver USB
disconnect]
+CVE-2023-52478 (In the Linux kernel, the following vulnerability has been
resolved: H ...)
- linux 6.5.8-1
[bookworm] - linux 6.1.64-1
[bullseye] - linux 5.10.205-1
[buster] - linux 4.19.304-1
NOTE:
https://git.kernel.org/linus/dac501397b9d81e4782232c39f94f4307b137452 (6.6-rc6)
-CVE-2023-52477 [usb: hub: Guard against accesses to uninitialized BOS
descriptors]
+CVE-2023-52477 (In the Linux kernel, the following vulnerability has been
resolved: u ...)
- linux 6.5.8-1
[bookworm] - linux 6.1.64-1
[bullseye] - linux 5.10.205-1
[buster] - linux 4.19.304-1
NOTE:
https://git.kernel.org/linus/f74a7afc224acd5e922c7a2e52244d891bbe44ee (6.6-rc6)
-CVE-2023-52476 [perf/x86/lbr: Filter vsyscall addresses]
+CVE-2023-52476 (In the Linux kernel, the following vulnerability has been
resolved: p ...)
- linux 6.5.8-1
[bookworm] - linux 6.1.64-1
NOTE:
https://git.kernel.org/linus/e53899771a02f798d436655efbd9d4b46c0f9265 (6.6-rc6)
-CVE-2023-52475 [Input: powermate - fix use-after-free in
powermate_config_complete]
+CVE-2023-52475 (In the Linux kernel, the following vulnerability has been
resolved: I ...)
- linux 6.5.8-1
[bookworm] - linux 6.1.64-1
[bullseye] - linux 5.10.205-1
@@ -1762,14 +1908,14 @@ CVE-2023-44379 (baserCMS is a website development
framework. Prior to version 5.
NOT-FOR-US: baserCMS
CVE-2023-37540 (Sametime Connect desktop chat client includes, but does not
use or req ...)
NOT-FOR-US: Sametime Connect
-CVE-2024-26141 [Reject Range headers which are too large]
+CVE-2024-26141 (Rack is a modular Ruby web server interface. Carefully crafted
Range h ...)
- ruby-rack <unfixed> (bug #1064516)
NOTE: https://github.com/rack/rack/releases/tag/v2.2.8.1
NOTE:
https://github.com/rack/rack/commit/62457686b26d33a15a254c7768c2076e8e02b48b
(v2.2.8.1)
-CVE-2024-25126 [Fixed ReDoS in Content Type header parsing]
+CVE-2024-25126 (Rack is a modular Ruby web server interface. Carefully crafted
content ...)
- ruby-rack <unfixed> (bug #1064516)
NOTE: https://github.com/rack/rack/releases/tag/v2.2.8.1
-CVE-2024-26146 [Fixed ReDoS in Accept header parsing]
+CVE-2024-26146 (Rack is a modular Ruby web server interface. Carefully crafted
headers ...)
- ruby-rack <unfixed> (bug #1064516)
NOTE: https://github.com/rack/rack/releases/tag/v2.2.8.1
NOTE:
https://github.com/rack/rack/commit/e4c117749ba24a66f8ec5a08eddf68deeb425ccd
(v2.2.8.1)
@@ -2254,12 +2400,12 @@ CVE-2023-42496 (Reflected cross-site scripting (XSS)
vulnerability on the add as
NOT-FOR-US: Liferay
CVE-2023-40191 (Reflected cross-site scripting (XSS) vulnerability in the
instance set ...)
NOT-FOR-US: Liferay
-CVE-2024-1939
+CVE-2024-1939 (Type Confusion in V8 in Google Chrome prior to 122.0.6261.94
allowed a ...)
{DSA-5634-1}
- chromium 122.0.6261.94-1
[bullseye] - chromium <end-of-life> (see #1061268)
[buster] - chromium <end-of-life> (see DSA 5046)
-CVE-2024-1938
+CVE-2024-1938 (Type Confusion in V8 in Google Chrome prior to 122.0.6261.94
allowed a ...)
{DSA-5634-1}
- chromium 122.0.6261.94-1
[bullseye] - chromium <end-of-life> (see #1061268)
@@ -3907,7 +4053,7 @@ CVE-2024-21376 (Microsoft Azure Kubernetes Service
Confidential Container Remote
NOT-FOR-US: Microsoft
CVE-2024-21375 (Microsoft WDAC OLE DB provider for SQL Server Remote Code
Execution Vu ...)
NOT-FOR-US: Microsoft
-CVE-2024-21374 (Microsoft Teams for Android Information Disclosure)
+CVE-2024-21374 (Microsoft Teams for Android Information Disclosure
Vulnerability)
NOT-FOR-US: Microsoft
CVE-2024-21372 (Windows OLE Remote Code Execution Vulnerability)
NOT-FOR-US: Microsoft
@@ -4979,7 +5125,7 @@ CVE-2023-6736 (An issue has been discovered in GitLab EE
affecting all versions
- gitlab <not-affected> (Specific to EE)
CVE-2023-5665 (The Payment Forms for Paystack plugin for WordPress is
vulnerable to S ...)
NOT-FOR-US: WordPress plugin
-CVE-2023-48974 (Cross Site Scripting vulnerability in Axigen WebMail v.10.5.7
and befo ...)
+CVE-2023-48974 (Cross Site Scripting vulnerability in Axigen WebMail prior to
10.3.3.6 ...)
NOT-FOR-US: Axigen WebMail
CVE-2023-47798 (Account lockout in Liferay Portal 7.2.0 through 7.3.0, and
older unsup ...)
NOT-FOR-US: Liferay Portal
@@ -53572,8 +53718,8 @@ CVE-2023-1843 (The Metform Elementor Contact Form
Builder plugin for WordPress i
NOT-FOR-US: WordPress plugin
CVE-2023-1842
REJECTED
-CVE-2023-1841
- RESERVED
+CVE-2023-1841 (Improper Neutralization of Input During Web Page Generation
('Cross-si ...)
+ TODO: check
CVE-2023-29272
RESERVED
CVE-2023-29271
@@ -59569,8 +59715,8 @@ CVE-2023-27547
RESERVED
CVE-2023-27546
RESERVED
-CVE-2023-27545
- RESERVED
+CVE-2023-27545 (IBM Watson CloudPak for Data Data Stores information
disclosure 4.6.0 ...)
+ TODO: check
CVE-2023-27544
RESERVED
CVE-2023-27543
@@ -63989,18 +64135,18 @@ CVE-2023-25928 (IBM InfoSphere Information Server
11.7 is vulnerable to cross-si
NOT-FOR-US: IBM
CVE-2023-25927 (IBM Security Verify Access 10.0.0, 10.0.1, 10.0.2, 10.0.3,
10.0.4, and ...)
NOT-FOR-US: IBM
-CVE-2023-25926
- RESERVED
-CVE-2023-25925
- RESERVED
+CVE-2023-25926 (IBM Security Guardium Key Lifecycle Manager 3.0, 3.0.1, 4.0,
4.1, and ...)
+ TODO: check
+CVE-2023-25925 (IBM Security Guardium Key Lifecycle Manager 3.0, 3.0.1, 4.0,
4.1, and ...)
+ TODO: check
CVE-2023-25924 (IBM Security Guardium Key Lifecycle Manager 3.0, 3.0.1, 4.0,
4.1, and ...)
NOT-FOR-US: IBM
CVE-2023-25923 (IBM Security Guardium Key Lifecycle Manager 3.0, 3.0.1, 4.0,
4.1, and ...)
NOT-FOR-US: IBM
-CVE-2023-25922
- RESERVED
-CVE-2023-25921
- RESERVED
+CVE-2023-25922 (IBM Security Guardium Key Lifecycle Manager 3.0, 3.0.1, 4.0,
4.1, and ...)
+ TODO: check
+CVE-2023-25921 (IBM Security Guardium Key Lifecycle Manager 3.0, 3.0.1, 4.0,
4.1, and ...)
+ TODO: check
CVE-2023-25920
RESERVED
CVE-2023-25919
@@ -180234,8 +180380,8 @@ CVE-2021-39092
RESERVED
CVE-2021-39091
RESERVED
-CVE-2021-39090
- RESERVED
+CVE-2021-39090 (IBM Cloud Pak for Security (CP4S) 1.10.0.0 through 1.10.6.0
could allo ...)
+ TODO: check
CVE-2021-39089 (IBM Cloud Pak for Security (CP4S) 1.10.0.0 through 1.10.6.0
could allo ...)
NOT-FOR-US: IBM
CVE-2021-39088 (IBM QRadar SIEM 7.3, 7.4, and 7.5 is vulnerable to local
privilege esc ...)
View it on GitLab:
https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/aa328881df3da8f137a8cebb311d61f8d3e85469
--
View it on GitLab:
https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/aa328881df3da8f137a8cebb311d61f8d3e85469
You're receiving this email because of your account on salsa.debian.org.
_______________________________________________
debian-security-tracker-commits mailing list
[email protected]
https://alioth-lists.debian.net/cgi-bin/mailman/listinfo/debian-security-tracker-commits
