Salvatore Bonaccorso pushed to branch master at Debian Security Tracker /
security-tracker
Commits:
3e8cb44e by security tracker role at 2024-03-06T20:28:05+00:00
automatic update
- - - - -
1 changed file:
- data/CVE/list
Changes:
=====================================
data/CVE/list
=====================================
@@ -1,38 +1,122 @@
-CVE-2024-28160
+CVE-2024-2211 (Cross-Site Scripting stored vulnerability in Gophish affecting
version ...)
+ TODO: check
+CVE-2024-28174 (In JetBrains TeamCity before 2023.11.4 presigned URL
generation reques ...)
+ TODO: check
+CVE-2024-28173 (In JetBrains TeamCity between 2023.11 and 2023.11.4 custom
build param ...)
+ TODO: check
+CVE-2024-27917 (Shopware is an open commerce platform based on Symfony
Framework and V ...)
+ TODO: check
+CVE-2024-27916 (Minder is a software supply chain security platform. Prior to
version ...)
+ TODO: check
+CVE-2024-27915 (Sulu is a PHP content management system. Starting in verson
2.2.0 and ...)
+ TODO: check
+CVE-2024-27307 (JSONata is a JSON query and transformation language. Starting
in versi ...)
+ TODO: check
+CVE-2024-27304 (pgx is a PostgreSQL driver and toolkit for Go. SQL injection
can occur ...)
+ TODO: check
+CVE-2024-27303 (electron-builder is a solution to package and build a ready
for distri ...)
+ TODO: check
+CVE-2024-27302 (go-zero is a web and rpc framework. Go-zero allows user to
specify a C ...)
+ TODO: check
+CVE-2024-27289 (pgx is a PostgreSQL driver and toolkit for Go. Prior to
version 4.18.2 ...)
+ TODO: check
+CVE-2024-27288 (1Panel is an open source Linux server operation and
maintenance manage ...)
+ TODO: check
+CVE-2024-27287 (ESPHome is a system to control your ESP8266/ESP32 for Home
Automation ...)
+ TODO: check
+CVE-2024-25359 (An issue in zuoxingdong lagom v.0.1.2 allows a local attacker
to execu ...)
+ TODO: check
+CVE-2024-25103 (This vulnerability exists in AppSamvid software due to the
usage of vu ...)
+ TODO: check
+CVE-2024-25102 (This vulnerability exists in AppSamvid software due to the
usage of a ...)
+ TODO: check
+CVE-2024-24767 (CasaOS-UserService provides user management functionalities to
CasaOS. ...)
+ TODO: check
+CVE-2024-24766 (CasaOS-UserService provides user management functionalities to
CasaOS. ...)
+ TODO: check
+CVE-2024-24765 (CasaOS-UserService provides user management functionalities to
CasaOS. ...)
+ TODO: check
+CVE-2024-24761 (Galette is a membership management web application for non
profit orga ...)
+ TODO: check
+CVE-2024-20346 (A vulnerability in the web-based management interface of Cisco
AppDyna ...)
+ TODO: check
+CVE-2024-20345 (A vulnerability in the file upload functionality of Cisco
AppDynamics ...)
+ TODO: check
+CVE-2024-20338 (A vulnerability in the ISE Posture (System Scan) module of
Cisco Secur ...)
+ TODO: check
+CVE-2024-20337 (A vulnerability in the SAML authentication process of Cisco
Secure Cli ...)
+ TODO: check
+CVE-2024-20336 (A vulnerability in the web-based user interface of Cisco Small
Busines ...)
+ TODO: check
+CVE-2024-20335 (A vulnerability in the web-based management interface of Cisco
Small B ...)
+ TODO: check
+CVE-2024-20301 (A vulnerability in Cisco Duo Authentication for Windows Logon
and RDP ...)
+ TODO: check
+CVE-2024-20292 (A vulnerability in the logging component of Cisco Duo
Authentication f ...)
+ TODO: check
+CVE-2024-1224 (This vulnerability exists in USB Pratirodh due to the usage of
a weake ...)
+ TODO: check
+CVE-2024-1142 (Path Traversal in Sonatype IQ Server from version 143 allows
remote au ...)
+ TODO: check
+CVE-2023-50716 (eProsima Fast DDS (formerly Fast RTPS) is a C++ implementation
of the ...)
+ TODO: check
+CVE-2023-50167 (Pega Platform from 7.1.7 to 23.1.1 is affected by an XSS issue
with ed ...)
+ TODO: check
+CVE-2023-49985 (A cross-site scripting (XSS) vulnerability in the component
/managemen ...)
+ TODO: check
+CVE-2023-49984 (A cross-site scripting (XSS) vulnerability in the component
/managemen ...)
+ TODO: check
+CVE-2023-49983 (A cross-site scripting (XSS) vulnerability in the component
/managemen ...)
+ TODO: check
+CVE-2023-49982 (Broken access control in the component /admin/management/users
of Scho ...)
+ TODO: check
+CVE-2023-49981 (A directory listing vulnerability in School Fees Management
System v1. ...)
+ TODO: check
+CVE-2023-49980 (A directory listing vulnerability in Best Student Result
Management Sy ...)
+ TODO: check
+CVE-2023-49979 (A directory listing vulnerability in Customer Support System
v1 allows ...)
+ TODO: check
+CVE-2023-49978 (Incorrect access control in Customer Support System v1 allows
non-admi ...)
+ TODO: check
+CVE-2023-48703 (RobotsAndPencils go-saml, a SAML client library written in Go,
contain ...)
+ TODO: check
+CVE-2023-38825 (SQL injection vulnerability in Vanderbilt REDCap before
v.13.8.0 allow ...)
+ TODO: check
+CVE-2024-28160 (Jenkins iceScrum Plugin 1.1.6 and earlier does not sanitize
iceScrum p ...)
NOT-FOR-US: Jenkins plugin
-CVE-2024-28159
+CVE-2024-28159 (A missing permission check in Jenkins Subversion Partial
Release Manag ...)
NOT-FOR-US: Jenkins plugin
-CVE-2024-28158
+CVE-2024-28158 (A cross-site request forgery (CSRF) vulnerability in Jenkins
Subversio ...)
NOT-FOR-US: Jenkins plugin
-CVE-2024-28157
+CVE-2024-28157 (Jenkins GitBucket Plugin 0.8 and earlier does not sanitize
Gitbucket U ...)
NOT-FOR-US: Jenkins plugin
-CVE-2024-28156
+CVE-2024-28156 (Jenkins Build Monitor View Plugin 1.14-860.vd06ef2568b_3f and
earlier ...)
NOT-FOR-US: Jenkins plugin
-CVE-2024-2215
+CVE-2024-2215 (A cross-site request forgery (CSRF) vulnerability in Jenkins
docker-bu ...)
NOT-FOR-US: Jenkins plugin
-CVE-2024-2216
+CVE-2024-2216 (A missing permission check in an HTTP endpoint in Jenkins
docker-build ...)
NOT-FOR-US: Jenkins plugin
-CVE-2024-28161
+CVE-2024-28161 (In Jenkins Delphix Plugin 3.0.1, a global option for
administrators to ...)
NOT-FOR-US: Jenkins plugin
-CVE-2024-28162
+CVE-2024-28162 (In Jenkins Delphix Plugin 3.0.1 through 3.1.0 (both inclusive)
a globa ...)
NOT-FOR-US: Jenkins plugin
-CVE-2024-28155
+CVE-2024-28155 (Jenkins AppSpider Plugin 1.0.16 and earlier does not perform
permissio ...)
NOT-FOR-US: Jenkins plugin
-CVE-2024-28154
+CVE-2024-28154 (Jenkins MQ Notifier Plugin 1.4.0 and earlier logs potentially
sensitiv ...)
NOT-FOR-US: Jenkins plugin
-CVE-2024-28153
+CVE-2024-28153 (Jenkins OWASP Dependency-Check Plugin 5.4.5 and earlier does
not escap ...)
NOT-FOR-US: Jenkins plugin
-CVE-2024-28152
+CVE-2024-28152 (In Jenkins Bitbucket Branch Source Plugin 866.vdea_7dcd3008e
and earli ...)
NOT-FOR-US: Jenkins plugin
-CVE-2024-28151
+CVE-2024-28151 (Jenkins HTML Publisher Plugin 1.32 and earlier archives
invalid symbol ...)
NOT-FOR-US: Jenkins plugin
-CVE-2024-28150
+CVE-2024-28150 (Jenkins HTML Publisher Plugin 1.32 and earlier does not escape
job nam ...)
NOT-FOR-US: Jenkins plugin
-CVE-2024-28149
+CVE-2024-28149 (Jenkins HTML Publisher Plugin 1.16 through 1.32 (both
inclusive) does ...)
NOT-FOR-US: Jenkins plugin
-CVE-2023-50740
+CVE-2023-50740 (In Apache Linkis <=1.4.0, The password is printed to the log
when usin ...)
NOT-FOR-US: Apache Linkis
-CVE-2024-26580
+CVE-2024-26580 (Deserialization of Untrusted Data vulnerability in Apache
InLong.This ...)
NOT-FOR-US: Apache InLong
CVE-2024-2179 (Concrete CMS version 9 before 9.2.7 is vulnerable to Stored XSS
via th ...)
NOT-FOR-US: Concrete CMS
@@ -108,15 +192,18 @@ CVE-2023-38944 (An issue in Multilaser RE160V firmware
v12.03.01.09_pt and Multi
NOT-FOR-US: Multilaser
CVE-2023-33677 (Sourcecodester Lost and Found Information System's Version 1.0
is vuln ...)
NOT-FOR-US: Sourcecodester Lost and Found Information System
-CVE-2024-2176
+CVE-2024-2176 (Use after free in FedCM in Google Chrome prior to
122.0.6261.111 allow ...)
+ {DSA-5636-1}
- chromium 122.0.6261.111-1
[bullseye] - chromium <end-of-life> (see #1061268)
[buster] - chromium <end-of-life> (see DSA 5046)
-CVE-2024-2174
+CVE-2024-2174 (Inappropriate implementation in V8 in Google Chrome prior to
122.0.626 ...)
+ {DSA-5636-1}
- chromium 122.0.6261.111-1
[bullseye] - chromium <end-of-life> (see #1061268)
[buster] - chromium <end-of-life> (see DSA 5046)
-CVE-2024-2173
+CVE-2024-2173 (Out of bounds memory access in V8 in Google Chrome prior to
122.0.6261 ...)
+ {DSA-5636-1}
- chromium 122.0.6261.111-1
[bullseye] - chromium <end-of-life> (see #1061268)
[buster] - chromium <end-of-life> (see DSA 5046)
@@ -285,7 +372,7 @@ CVE-2024-2054 (The Artica-Proxy administrative web
application will deserialize
NOT-FOR-US: Artica Proxy
CVE-2024-2053 (The Artica Proxy administrative web application will
deserialize arbit ...)
NOT-FOR-US: Artica Proxy
-CVE-2024-2005 (Blue Planet\xae has released software updates that address this
vulner ...)
+CVE-2024-2005 (In Blue Planet\xae products through 22.12, a misconfiguration
in the ...)
NOT-FOR-US: Blue Planet
CVE-2024-27931 (Deno is a JavaScript, TypeScript, and WebAssembly runtime with
secure ...)
NOT-FOR-US: Deno
@@ -377,14 +464,14 @@ CVE-2022-48629 (In the Linux kernel, the following
vulnerability has been resolv
[bullseye] - linux 5.10.113-1
[buster] - linux 4.19.249-1
NOTE:
https://git.kernel.org/linus/a680b1832ced3b5fa7c93484248fd221ea0d614b (5.17)
-CVE-2024-27308 [RUSTSEC-2024-0019]
+CVE-2024-27308 (Mio is a Metal I/O library for Rust. When using named pipes on
Windows ...)
- rust-mio <not-affected> (Windows-specific)
- rust-mio-0.6 <not-affected> (Vulnerable code not present)
NOTE: https://rustsec.org/advisories/RUSTSEC-2024-0019.html
CVE-2024-XXXX [RUSTSEC-2024-0020]
- rust-whoami <not-affected> (Specific to Solaris)
NOTE: https://rustsec.org/advisories/RUSTSEC-2024-0020.html
-CVE-2024-25111 [SQUID-2024:1 Denial of Service in HTTP Chunked Decoding]
+CVE-2024-25111 (Squid is a web proxy cache. Starting in version 3.5.27 and
prior to ve ...)
- squid 6.8-1
- squid3 <removed>
NOTE:
https://lists.squid-cache.org/pipermail/squid-announce/2024-March/000165.html
@@ -2036,7 +2123,7 @@ CVE-2024-27516 (livehelperchat 4.28v is vulnerable to
Server-Side Template Injec
CVE-2024-27515 (Osclass 5.1.2 is vulnerable to SQL Injection.)
NOT-FOR-US: Osclass
CVE-2024-27285 (YARD is a Ruby Documentation tool. The "frames.html" file
within the Y ...)
- {DSA-5635-1}
+ {DSA-5635-1 DLA-3753-1}
- yard 0.9.36-1 (bug #1065118)
NOTE:
https://github.com/lsegal/yard/security/advisories/GHSA-8mq4-9jjh-9xrc
NOTE: Fixed by:
https://github.com/lsegal/yard/commit/d78fc393d603c4fc35975969296ed381146a29d4
(v0.9.35)
@@ -4054,8 +4141,8 @@ CVE-2024-22220 (An issue was discovered in Terminalfour
7.4 through 7.4.0004 QP3
NOT-FOR-US: Terminalfour
CVE-2024-20325 (A vulnerability in the Live Data server of Cisco Unified
Intelligence ...)
NOT-FOR-US: Cisco
-CVE-2024-1714
- REJECTED
+CVE-2024-1714 (An issue exists in all supported versions of IdentityIQ
Lifecycle Mana ...)
+ TODO: check
CVE-2024-1709 (ConnectWise ScreenConnect 23.9.7 and prior are affected by an
Authenti ...)
NOT-FOR-US: ConnectWise ScreenConnect
CVE-2024-1708 (ConnectWise ScreenConnect 23.9.7 and prior are affected by
path-traver ...)
@@ -8210,7 +8297,7 @@ CVE-2024-21780 (Stack-based buffer overflow vulnerability
exists in HOME SPOT CU
NOT-FOR-US: HOME SPOT CUBE2
CVE-2024-21764 (In Rapid Software LLC's Rapid SCADA versions prior toVersion
5.8.4, th ...)
NOT-FOR-US: Rapid SCADA
-CVE-2024-21485 (Versions of the package dash-core-components before 2.13.0;
all versio ...)
+CVE-2024-21485 (Versions of the package dash-core-components before 2.13.0;
versions o ...)
NOT-FOR-US: Node dash-core-components
CVE-2024-21399 (Microsoft Edge (Chromium-based) Remote Code Execution
Vulnerability)
NOT-FOR-US: Microsoft
@@ -245403,8 +245490,8 @@ CVE-2020-26944 (An issue was discovered in Aptean
Product Configurator 4.61.0000
NOT-FOR-US: Aptean
CVE-2020-26943 (An issue was discovered in OpenStack blazar-dashboard before
1.3.1, 2. ...)
NOT-FOR-US: blazar-dashboard
-CVE-2020-26942
- RESERVED
+CVE-2020-26942 (An issue discovered in Axigen Mail Server 10.3.x before
10.3.1.27 and ...)
+ TODO: check
CVE-2020-26941 (A local (authenticated) low-privileged user can exploit a
behavior in ...)
NOT-FOR-US: IBM
CVE-2020-26940
@@ -329064,6 +329151,7 @@ CVE-2019-1020003 (invenio-records before 1.2.2 allows
XSS.)
CVE-2019-1020002 (Pterodactyl before 0.7.14 with 2FA allows credential
sniffing.)
NOT-FOR-US: Pterodactyl
CVE-2019-1020001 (yard before 0.9.20 allows path traversal.)
+ {DLA-3753-1}
- yard 0.9.20-1 (low; bug #945369)
[stretch] - yard <no-dsa> (Minor issue)
[jessie] - yard <not-affected> (Bug was introduced in 0.9.6)
View it on GitLab:
https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/3e8cb44ebb69e8dc4c0f19697bed61c58f5323bf
--
View it on GitLab:
https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/3e8cb44ebb69e8dc4c0f19697bed61c58f5323bf
You're receiving this email because of your account on salsa.debian.org.
_______________________________________________
debian-security-tracker-commits mailing list
[email protected]
https://alioth-lists.debian.net/cgi-bin/mailman/listinfo/debian-security-tracker-commits
