Salvatore Bonaccorso pushed to branch master at Debian Security Tracker /
security-tracker
Commits:
6acad771 by security tracker role at 2024-03-05T20:12:27+00:00
automatic update
- - - - -
1 changed file:
- data/CVE/list
Changes:
=====================================
data/CVE/list
=====================================
@@ -1,9 +1,101 @@
-CVE-2022-48630 [crypto: qcom-rng - fix infinite loop on requests not multiple
of WORD_SZ]
+CVE-2024-2188 (Cross-Site Scripting (XSS) vulnerability stored in TP-Link
Archer AX50 ...)
+ TODO: check
+CVE-2024-2056 (Services that are running and bound to the loopback interface
on the A ...)
+ TODO: check
+CVE-2024-2055 (The "Rich Filemanager" feature of Artica Proxy provides a
web-based in ...)
+ TODO: check
+CVE-2024-2054 (The Artica-Proxy administrative web application will
deserialize arbit ...)
+ TODO: check
+CVE-2024-2053 (The Artica Proxy administrative web application will
deserialize arbit ...)
+ TODO: check
+CVE-2024-2005 (Blue Planet\xae has released software updates that address this
vulner ...)
+ TODO: check
+CVE-2024-27931 (Deno is a JavaScript, TypeScript, and WebAssembly runtime with
secure ...)
+ TODO: check
+CVE-2024-27929 (ImageSharp is a managed, cross-platform, 2D graphics library.
A heap-u ...)
+ TODO: check
+CVE-2024-27627 (A reflected cross-site scripting (XSS) vulnerability exists in
SuperCa ...)
+ TODO: check
+CVE-2024-27626 (A Reflected Cross-Site Scripting (XSS) vulnerability has been
identifi ...)
+ TODO: check
+CVE-2024-27625 (CMS Made Simple Version 2.2.19 is vulnerable to Cross Site
Scripting ( ...)
+ TODO: check
+CVE-2024-27623 (CMS Made Simple version 2.2.19 is vulnerable to Server-Side
Template I ...)
+ TODO: check
+CVE-2024-27622 (A remote code execution vulnerability has been identified in
the User ...)
+ TODO: check
+CVE-2024-27565 (A Server-Side Request Forgery (SSRF) in weixin.php of
ChatGPT-wechat-p ...)
+ TODO: check
+CVE-2024-27564 (A Server-Side Request Forgery (SSRF) in pictureproxy.php of
ChatGPT co ...)
+ TODO: check
+CVE-2024-27563 (A Server-Side Request Forgery (SSRF) in the getFileFromRepo
function o ...)
+ TODO: check
+CVE-2024-27561 (A Server-Side Request Forgery (SSRF) in the
installUpdateThemePluginAc ...)
+ TODO: check
+CVE-2024-26339 (swftools v0.9.2 was discovered to contain a strcpy parameter
overlap v ...)
+ TODO: check
+CVE-2024-26337 (swftools v0.9.2 was discovered to contain a segmentation
violation via ...)
+ TODO: check
+CVE-2024-26335 (swftools v0.9.2 was discovered to contain a segmentation
violation via ...)
+ TODO: check
+CVE-2024-26334 (swftools v0.9.2 was discovered to contain a segmentation
violation via ...)
+ TODO: check
+CVE-2024-24098 (Code-projects Scholars Tracking System 1.0 is vulnerable to
SQL Inject ...)
+ TODO: check
+CVE-2024-23296 (A memory corruption issue was addressed with improved
validation. This ...)
+ TODO: check
+CVE-2024-23256 (A logic issue was addressed with improved state management.
This issue ...)
+ TODO: check
+CVE-2024-23243 (A privacy issue was addressed with improved private data
redaction for ...)
+ TODO: check
+CVE-2024-23225 (A memory corruption issue was addressed with improved
validation. This ...)
+ TODO: check
+CVE-2024-22352 (IBM InfoSphere Information Server 11.7 stores potentially
sensitive in ...)
+ TODO: check
+CVE-2024-22255 (VMware ESXi, Workstation, and Fusion contain an information
disclosure ...)
+ TODO: check
+CVE-2024-22254 (VMware ESXi contains an out-of-bounds write vulnerability.A
malicious ...)
+ TODO: check
+CVE-2024-22253 (VMware ESXi, Workstation, and Fusion contain a use-after-free
vulnerab ...)
+ TODO: check
+CVE-2024-22252 (VMware ESXi, Workstation, and Fusion contain a use-after-free
vulnerab ...)
+ TODO: check
+CVE-2024-1202 (Authentication Bypass by Primary Weakness vulnerability in
XPodas Octo ...)
+ TODO: check
+CVE-2023-7103 (Authentication Bypass by Primary Weakness vulnerability in
ZKSoftware ...)
+ TODO: check
+CVE-2023-5457 (A CWE-1269 \u201cProduct Released in Non-Release
Configuration\u201d v ...)
+ TODO: check
+CVE-2023-5456 (A CWE-798 \u201cUse of Hard-coded Credentials\u201d
vulnerability in t ...)
+ TODO: check
+CVE-2023-45600 (A CWE-613 \u201cInsufficient Session Expiration\u201d
vulnerability in ...)
+ TODO: check
+CVE-2023-45599 (A CWE-646 \u201cReliance on File Name or Extension of
Externally-Suppl ...)
+ TODO: check
+CVE-2023-45598 (A CWE-862 \u201cMissing Authorization\u201d vulnerability in
the \u201 ...)
+ TODO: check
+CVE-2023-45597 (A CWE-1236 \u201cImproper Neutralization of Formula Elements
in a CSV ...)
+ TODO: check
+CVE-2023-45596 (A CWE-862 \u201cMissing Authorization\u201d vulnerability in
the \u201 ...)
+ TODO: check
+CVE-2023-45595 (A CWE-434 \u201cUnrestricted Upload of File with Dangerous
Type\u201d ...)
+ TODO: check
+CVE-2023-45594 (A CWE-552 \u201cFiles or Directories Accessible to External
Parties\u2 ...)
+ TODO: check
+CVE-2023-45593 (A CWE-693 \u201cProtection Mechanism Failure\u201d
vulnerability in th ...)
+ TODO: check
+CVE-2023-45592 (A CWE-250 \u201cExecution with Unnecessary Privileges\u201d
vulnerabil ...)
+ TODO: check
+CVE-2023-45591 (A CWE-122 \u201cHeap-based Buffer Overflow\u201d vulnerability
in the ...)
+ TODO: check
+CVE-2023-35899 (IBM Cloud Pak for Automation 18.0.0, 18.0.1, 18.0.2, 19.0.1,
19.0.2, 1 ...)
+ TODO: check
+CVE-2022-48630 (In the Linux kernel, the following vulnerability has been
resolved: c ...)
- linux 5.17.11-1
[bullseye] - linux 5.10.120-1
[buster] - linux 4.19.249-1
NOTE:
https://git.kernel.org/linus/16287397ec5c08aa58db6acf7dbc55470d78087d (5.18)
-CVE-2022-48629 [crypto: qcom-rng - ensure buffer for generate is completely
filled]
+CVE-2022-48629 (In the Linux kernel, the following vulnerability has been
resolved: c ...)
- linux 5.16.18-1
[bullseye] - linux 5.10.113-1
[buster] - linux 4.19.249-1
@@ -2520,6 +2612,7 @@ CVE-2023-48679 (Stored cross-site scripting (XSS)
vulnerability due to missing o
CVE-2023-48678 (Sensitive information disclosure due to insecure folder
permissions. T ...)
NOT-FOR-US: Acronis
CVE-2024-27354 (An issue was discovered in phpseclib 1.x before 1.0.23, 2.x
before 2.0 ...)
+ {DLA-3750-1 DLA-3749-1}
- phpseclib 1.0.23-1
[bookworm] - phpseclib <no-dsa> (Minor issue; can be fixed via pu)
[bullseye] - phpseclib <no-dsa> (Minor issue; can be fixed via pu)
@@ -2530,6 +2623,7 @@ CVE-2024-27354 (An issue was discovered in phpseclib 1.x
before 1.0.23, 2.x befo
[bookworm] - php-phpseclib3 <no-dsa> (Minor issue; can be fixed via pu)
NOTE:
https://github.com/phpseclib/phpseclib/commit/ad5dbdf2129f5e0fb644637770b7f33de8ca8575
CVE-2024-27355 (An issue was discovered in phpseclib 1.x before 1.0.23, 2.x
before 2.0 ...)
+ {DLA-3750-1 DLA-3749-1}
- phpseclib 1.0.23-1
[bookworm] - phpseclib <no-dsa> (Minor issue; can be fixed via pu)
[bullseye] - phpseclib <no-dsa> (Minor issue; can be fixed via pu)
@@ -5466,6 +5560,7 @@ CVE-2024-24921 (A vulnerability has been identified in
Simcenter Femap (All vers
CVE-2024-24920 (A vulnerability has been identified in Simcenter Femap (All
versions < ...)
NOT-FOR-US: Siemens
CVE-2024-24814 (mod_auth_openidc is an OpenID Certified\u2122 authentication
and autho ...)
+ {DLA-3751-1}
- libapache2-mod-auth-openidc <unfixed> (bug #1064183)
NOTE:
https://github.com/OpenIDC/mod_auth_openidc/security/advisories/GHSA-hxr6-w4gc-7vvv
NOTE:
https://github.com/OpenIDC/mod_auth_openidc/commit/4022c12f314bd89d127d1be008b1a80a08e1203d
(v2.4.15.2)
@@ -64602,8 +64697,8 @@ CVE-2023-26284 (IBM MQ Certified Container 9.3.0.1
through 9.3.0.3 and 9.3.1.0 t
NOT-FOR-US: IBM
CVE-2023-26283 (IBM WebSphere Application Server 9.0 is vulnerable to
cross-site scrip ...)
NOT-FOR-US: IBM
-CVE-2023-26282
- RESERVED
+CVE-2023-26282 (IBM Watson CP4D Data Stores 4.6.0 through 4.6.3 could allow a
user wit ...)
+ TODO: check
CVE-2023-26281 (IBM HTTP Server 8.5 used by IBM WebSphere Application Server
could all ...)
NOT-FOR-US: IBM
CVE-2023-26280
@@ -66685,8 +66780,8 @@ CVE-2023-25683 (IBM PowerVM Hypervisor FW950.00 through
FW950.71, FW1010.00 thro
NOT-FOR-US: IBM
CVE-2023-25682 (IBM Sterling B2B Integrator Standard Edition 6.0.0.0 through
6.0.3.8 a ...)
NOT-FOR-US: IBM
-CVE-2023-25681
- RESERVED
+CVE-2023-25681 (LDAP users on IBM Spectrum Virtualize 8.5 which are configured
to requ ...)
+ TODO: check
CVE-2023-25680 (IBM Robotic Process Automation 21.0.1 through 21.0.5 is
vulnerable to ...)
NOT-FOR-US: IBM
CVE-2023-25679
@@ -85479,8 +85574,8 @@ CVE-2022-46090
RESERVED
CVE-2022-46089
RESERVED
-CVE-2022-46088
- RESERVED
+CVE-2022-46088 (Online Flight Booking Management System v1.0 was discovered to
contain ...)
+ TODO: check
CVE-2022-46087 (CloudSchool v3.0.1 is vulnerable to Cross Site Scripting
(XSS). A norm ...)
NOT-FOR-US: CloudSchool
CVE-2022-46086
@@ -157585,8 +157680,8 @@ CVE-2022-22401 (IBM Aspera Faspex 5.0.5 could allow a
remote attacker to gather
NOT-FOR-US: IBM
CVE-2022-22400
RESERVED
-CVE-2022-22399
- RESERVED
+CVE-2022-22399 (IBM Aspera Faspex 5.0.0 and 5.0.1 is vulnerable to HTTP header
injecti ...)
+ TODO: check
CVE-2022-22398
RESERVED
CVE-2022-22397
View it on GitLab:
https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/6acad77195088ad5e8dea96c8994c243a5acb460
--
View it on GitLab:
https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/6acad77195088ad5e8dea96c8994c243a5acb460
You're receiving this email because of your account on salsa.debian.org.
_______________________________________________
debian-security-tracker-commits mailing list
[email protected]
https://alioth-lists.debian.net/cgi-bin/mailman/listinfo/debian-security-tracker-commits
