Salvatore Bonaccorso pushed to branch master at Debian Security Tracker /
security-tracker
Commits:
3aad530e by security tracker role at 2024-03-02T08:11:48+00:00
automatic update
- - - - -
1 changed file:
- data/CVE/list
Changes:
=====================================
data/CVE/list
=====================================
@@ -1,46 +1,98 @@
-CVE-2021-47081 [habanalabs/gaudi: Fix a potential use after free in
gaudi_memset_device_memory]
+CVE-2024-27747 (File Upload vulnerability in Petrol Pump Mangement Software
v.1.0 allo ...)
+ TODO: check
+CVE-2024-27746 (SQL Injection vulnerability in Petrol Pump Mangement Software
v.1.0 al ...)
+ TODO: check
+CVE-2024-27744 (Cross Site Scripting vulnerability in Petrol Pump Mangement
Software v ...)
+ TODO: check
+CVE-2024-27743 (Cross Site Scripting vulnerability in Petrol Pump Mangement
Software v ...)
+ TODO: check
+CVE-2024-27101 (SpiceDB is an open source, Google Zanzibar-inspired database
for creat ...)
+ TODO: check
+CVE-2024-25438 (A cross-site scripting (XSS) vulnerability in the Submission
module of ...)
+ TODO: check
+CVE-2024-25436 (A cross-site scripting (XSS) vulnerability in the Production
module of ...)
+ TODO: check
+CVE-2024-25434 (A cross-site scripting (XSS) vulnerability in Pkp Ojs v3.3
allows atta ...)
+ TODO: check
+CVE-2024-25064 (Due to insufficient server-side validation, an attacker with
login pri ...)
+ TODO: check
+CVE-2024-25063 (Due to insufficient server-side validation, a successful
exploit of th ...)
+ TODO: check
+CVE-2024-24512 (Cross Site Scripting vulnerability in Pkp OJS v.3.4 allows an
attacker ...)
+ TODO: check
+CVE-2024-24511 (Cross Site Scripting vulnerability in Pkp OJS v.3.4 allows an
attacker ...)
+ TODO: check
+CVE-2024-23492 (A weak encoding is used to transmit credentials for WS203VICM.)
+ TODO: check
+CVE-2024-22182 (A remote, unauthenticated attacker may be able to send crafted
message ...)
+ TODO: check
+CVE-2024-21767 (A remote attacker may be able to bypass access control of
Commend WS20 ...)
+ TODO: check
+CVE-2024-1869 (Certain HP DesignJet print products are potentially vulnerable
to info ...)
+ TODO: check
+CVE-2024-1775 (The Nextend Social Login and Register plugin for WordPress is
vulnerab ...)
+ TODO: check
+CVE-2024-1592 (The Complianz \u2013 GDPR/CCPA Cookie Consent plugin for
WordPress is ...)
+ TODO: check
+CVE-2023-7244 (Industrial Control Systems Network Protocol Parsers (ICSNPP) -
Etherca ...)
+ TODO: check
+CVE-2023-7243 (Industrial Control Systems Network Protocol Parsers (ICSNPP) -
Etherca ...)
+ TODO: check
+CVE-2023-7242 (Industrial Control Systems Network Protocol Parsers (ICSNPP) -
Etherca ...)
+ TODO: check
+CVE-2023-49545 (A directory listing vulnerability in Customer Support System
v1 allows ...)
+ TODO: check
+CVE-2023-49544 (A local file inclusion (LFI) in Customer Support System v1
allows atta ...)
+ TODO: check
+CVE-2023-49543 (Incorrect access control in Book Store Management System v1
allows att ...)
+ TODO: check
+CVE-2023-49540 (Book Store Management System v1.0 was discovered to contain a
cross-si ...)
+ TODO: check
+CVE-2023-49539 (Book Store Management System v1.0 was discovered to contain a
cross-si ...)
+ TODO: check
+CVE-2021-47081 (In the Linux kernel, the following vulnerability has been
resolved: h ...)
- linux <not-affected> (Vulnerable code not present)
NOTE:
https://git.kernel.org/linus/115726c5d312b462c9d9931ea42becdfa838a076 (5.13-rc3)
-CVE-2021-47080 [RDMA/core: Prevent divide-by-zero error triggered by the user]
+CVE-2021-47080 (In the Linux kernel, the following vulnerability has been
resolved: R ...)
- linux 5.10.40-1
[buster] - linux <not-affected> (Vulnerable code not present)
NOTE:
https://git.kernel.org/linus/54d87913f147a983589923c7f651f97de9af5be1 (5.13-rc3)
-CVE-2021-47079 [platform/x86: ideapad-laptop: fix a NULL pointer dereference]
+CVE-2021-47079 (In the Linux kernel, the following vulnerability has been
resolved: p ...)
- linux <not-affected> (Vulnerable code not present)
NOTE:
https://git.kernel.org/linus/ff67dbd554b2aaa22be933eced32610ff90209dd (5.13-rc3)
-CVE-2021-47078 [RDMA/rxe: Clear all QP fields if creation failed]
+CVE-2021-47078 (In the Linux kernel, the following vulnerability has been
resolved: R ...)
- linux 5.10.40-1
[buster] - linux 4.19.194-1
NOTE:
https://git.kernel.org/linus/67f29896fdc83298eed5a6576ff8f9873f709228 (5.13-rc3)
-CVE-2021-47077 [scsi: qedf: Add pointer checks in qedf_update_link_speed()]
+CVE-2021-47077 (In the Linux kernel, the following vulnerability has been
resolved: s ...)
- linux 5.10.40-1
NOTE:
https://git.kernel.org/linus/73578af92a0fae6609b955fcc9113e50e413c80f (5.13-rc3)
-CVE-2021-47076 [RDMA/rxe: Return CQE error if invalid lkey was supplied]
+CVE-2021-47076 (In the Linux kernel, the following vulnerability has been
resolved: R ...)
- linux 5.14.6-1
NOTE:
https://git.kernel.org/linus/dc07628bd2bbc1da768e265192c28ebd301f509d (5.13-rc3)
-CVE-2021-47075 [nvmet: fix memory leak in nvmet_alloc_ctrl()]
+CVE-2021-47075 (In the Linux kernel, the following vulnerability has been
resolved: n ...)
- linux 5.10.40-1
[buster] - linux <not-affected> (Vulnerable code not present)
NOTE:
https://git.kernel.org/linus/fec356a61aa3d3a66416b4321f1279e09e0f256f (5.13-rc3)
-CVE-2021-47074 [nvme-loop: fix memory leak in nvme_loop_create_ctrl()]
+CVE-2021-47074 (In the Linux kernel, the following vulnerability has been
resolved: n ...)
- linux 5.10.40-1
NOTE:
https://git.kernel.org/linus/03504e3b54cc8118cc26c064e60a0b00c2308708 (5.13-rc3)
-CVE-2021-47073 [platform/x86: dell-smbios-wmi: Fix oops on rmmod dell_smbios]
+CVE-2021-47073 (In the Linux kernel, the following vulnerability has been
resolved: p ...)
- linux 5.10.40-1
[buster] - linux 4.19.194-1
NOTE:
https://git.kernel.org/linus/3a53587423d25c87af4b4126a806a0575104b45e (5.13-rc3)
-CVE-2021-47072 [btrfs: fix removed dentries still existing after log is synced]
+CVE-2021-47072 (In the Linux kernel, the following vulnerability has been
resolved: b ...)
- linux <not-affected> (Vulnerable code not present)
NOTE:
https://git.kernel.org/linus/54a40fc3a1da21b52dbf19f72fdc27a2ec740760 (5.13-rc3)
-CVE-2021-47071 [uio_hv_generic: Fix a memory leak in error handling paths]
+CVE-2021-47071 (In the Linux kernel, the following vulnerability has been
resolved: u ...)
- linux 5.10.40-1
[buster] - linux <not-affected> (Vulnerable code not present)
NOTE:
https://git.kernel.org/linus/3ee098f96b8b6c1a98f7f97915f8873164e6af9d (5.13-rc3)
-CVE-2021-47070 [uio_hv_generic: Fix another memory leak in error handling
paths]
+CVE-2021-47070 (In the Linux kernel, the following vulnerability has been
resolved: u ...)
- linux 5.14.6-1
[buster] - linux <not-affected> (Vulnerable code not present)
NOTE:
https://git.kernel.org/linus/0b0226be3a52dadd965644bc52a807961c2c26df (5.13-rc3)
-CVE-2021-47069 [ipc/mqueue, msg, sem: avoid relying on a stack reference past
its expiry]
+CVE-2021-47069 (In the Linux kernel, the following vulnerability has been
resolved: i ...)
- linux 5.10.40-1
[buster] - linux <not-affected> (Vulnerable code not present)
NOTE:
https://git.kernel.org/linus/a11ddb37bf367e6b5239b95ca759e5389bb46048 (5.13-rc3)
@@ -1635,7 +1687,7 @@ CVE-2023-48679 (Stored cross-site scripting (XSS)
vulnerability due to missing o
NOT-FOR-US: Acronis
CVE-2023-48678 (Sensitive information disclosure due to insecure folder
permissions. T ...)
NOT-FOR-US: Acronis
-CVE-2024-27354
+CVE-2024-27354 (An issue was discovered in phpseclib 1.x before 1.0.23, 2.x
before 2.0 ...)
- phpseclib 1.0.23-1
[bookworm] - phpseclib <no-dsa> (Minor issue; can be fixed via pu)
[bullseye] - phpseclib <no-dsa> (Minor issue; can be fixed via pu)
@@ -1645,7 +1697,7 @@ CVE-2024-27354
- php-phpseclib3 3.0.36-1
[bookworm] - php-phpseclib3 <no-dsa> (Minor issue; can be fixed via pu)
NOTE:
https://github.com/phpseclib/phpseclib/commit/ad5dbdf2129f5e0fb644637770b7f33de8ca8575
-CVE-2024-27355
+CVE-2024-27355 (An issue was discovered in phpseclib 1.x before 1.0.23, 2.x
before 2.0 ...)
- phpseclib 1.0.23-1
[bookworm] - phpseclib <no-dsa> (Minor issue; can be fixed via pu)
[bullseye] - phpseclib <no-dsa> (Minor issue; can be fixed via pu)
@@ -5850,7 +5902,7 @@ CVE-2024-20290 (A vulnerability in the OLE2 file format
parser of ClamAV could a
[bullseye] - clamav <not-affected> (Vulnerable code not present)
[buster] - clamav <not-affected> (Vulnerable code not present)
NOTE: https://blog.clamav.net/2023/11/clamav-130-122-105-released.html
-CVE-2024-20328
+CVE-2024-20328 (A vulnerability in the VirusEvent feature of ClamAV could
allow a loca ...)
- clamav 1.0.5+dfsg-1 (bug #1063479)
[bookworm] - clamav <no-dsa> (clamav is updated via -updates)
[bullseye] - clamav <not-affected> (Vulnerable code not present)
View it on GitLab:
https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/3aad530eaf0a32b8ccaee3c03610ad93d5b52f0f
--
View it on GitLab:
https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/3aad530eaf0a32b8ccaee3c03610ad93d5b52f0f
You're receiving this email because of your account on salsa.debian.org.
_______________________________________________
debian-security-tracker-commits mailing list
[email protected]
https://alioth-lists.debian.net/cgi-bin/mailman/listinfo/debian-security-tracker-commits
