Salvatore Bonaccorso pushed to branch master at Debian Security Tracker /
security-tracker
Commits:
3e2f4d37 by security tracker role at 2024-03-19T08:12:15+00:00
automatic update
- - - - -
1 changed file:
- data/CVE/list
Changes:
=====================================
data/CVE/list
=====================================
@@ -1,3 +1,61 @@
+CVE-2024-2622 (A vulnerability was found in Fujian Kelixin Communication
Command and ...)
+ TODO: check
+CVE-2024-2621 (A vulnerability was found in Fujian Kelixin Communication
Command and ...)
+ TODO: check
+CVE-2024-2620 (A vulnerability has been found in Fujian Kelixin Communication
Command ...)
+ TODO: check
+CVE-2024-2604 (A vulnerability was found in SourceCodester File Manager App
1.0. It h ...)
+ TODO: check
+CVE-2024-28865 (django-wiki is a wiki system for Django. Installations of
django-wiki ...)
+ TODO: check
+CVE-2024-28864 (SecureProps is a PHP library designed to simplify the
encryption and d ...)
+ TODO: check
+CVE-2024-28855 (ZITADEL, open source authentication management software, uses
Go templ ...)
+ TODO: check
+CVE-2024-28447 (Shenzhen Libituo Technology Co., Ltd LBT-T300-mini1 v1.2.9 was
discove ...)
+ TODO: check
+CVE-2024-28446 (Shenzhen Libituo Technology Co., Ltd LBT-T300-mini1 v1.2.9 was
discove ...)
+ TODO: check
+CVE-2024-28250 (Cilium is a networking, observability, and security solution
with an e ...)
+ TODO: check
+CVE-2024-28249 (Cilium is a networking, observability, and security solution
with an e ...)
+ TODO: check
+CVE-2024-28248 (Cilium is a networking, observability, and security solution
with an e ...)
+ TODO: check
+CVE-2024-28237 (OctoPrint provides a web interface for controlling consumer 3D
printer ...)
+ TODO: check
+CVE-2024-26369 (An issue in the HistoryQosPolicy component of FastDDS v2.12.x,
v2.11.x ...)
+ TODO: check
+CVE-2024-25942 (Dell PowerEdge Server BIOS contains an Improper SMM
communication buff ...)
+ TODO: check
+CVE-2024-24578 (RaspberryMatic is an open-source operating system for
HomeMatic intern ...)
+ TODO: check
+CVE-2024-24043 (Directory Traversal vulnerability in Speedy11CZ MCRPX v.1.4.0
and befo ...)
+ TODO: check
+CVE-2024-24042 (Directory Traversal vulnerability in Devan-Kerman ARRP v.0.8.1
and bef ...)
+ TODO: check
+CVE-2024-23333 (LDAP Account Manager (LAM) is a webfrontend for managing
entries store ...)
+ TODO: check
+CVE-2024-22453 (Dell PowerEdge Server BIOS contains a heap-based buffer
overflow vulne ...)
+ TODO: check
+CVE-2024-22412 (ClickHouse is an open-source column-oriented database
management syste ...)
+ TODO: check
+CVE-2024-21504 (Versions of the package livewire/livewire from 3.3.5 and
before 3.4.9 ...)
+ TODO: check
+CVE-2024-21503 (Versions of the package black before 24.3.0 are vulnerable to
Regular ...)
+ TODO: check
+CVE-2024-0055 (Sandro Poppi, member of the AXIS OS Bug Bounty Program, has
found that ...)
+ TODO: check
+CVE-2024-0054 (Sandro Poppi, member of the AXIS OS Bug Bounty Program, has
found that ...)
+ TODO: check
+CVE-2023-40280 (An issue was discovered in OpenClinic GA 5.247.01. An attacker
can per ...)
+ TODO: check
+CVE-2023-40277 (An issue was discovered in OpenClinic GA 5.247.01. A Reflected
Cross-S ...)
+ TODO: check
+CVE-2023-40276 (An issue was discovered in OpenClinic GA 5.247.01. An
Unauthenticated ...)
+ TODO: check
+CVE-2023-40275 (An issue was discovered in OpenClinic GA 5.247.01. It allows
retrieval ...)
+ TODO: check
CVE-2024-2599 (File upload restriction evasion vulnerability in AMSS++ version
4.31. ...)
NOT-FOR-US: AMSS++
CVE-2024-2598 (Vulnerability in AMSS++ version 4.31, which does not
sufficiently enco ...)
@@ -6502,7 +6560,7 @@ CVE-2024-26594 (In the Linux kernel, the following
vulnerability has been resolv
[bullseye] - linux <not-affected> (Vulnerable code not present)
[buster] - linux <not-affected> (Vulnerable code not present)
NOTE:
https://git.kernel.org/linus/92e470163d96df8db6c4fa0f484e4a229edb903d (6.8-rc1)
-CVE-2024-22025
+CVE-2024-22025 (A vulnerability in Node.js has been identified, allowing for a
Denial ...)
- nodejs 18.19.1+dfsg-1
NOTE: https://nodejs.org/en/blog/release/v18.19.1
NOTE:
https://github.com/nodejs/node/commit/f31d47e135973746c4f490d5eb635eded8bb3dda
(v18.x)
@@ -8112,7 +8170,7 @@ CVE-2023-46809
NOTE:
https://nodejs.org/en/blog/vulnerability/february-2024-security-releases/#nodejs-is-vulnerable-to-the-marvin-attack-timing-variant-of-the-bleichenbacher-attack-against-pkcs1-v15-padding-cve-2023-46809---medium
NOTE:
https://github.com/nodejs/node/commit/d3d357ab096884f10f5d2f164149727eea875635
(v18.x)
NOTE:
https://github.com/nodejs/node/commit/54cd268059626800dbe1e02a88b28d9538cf5587
(main)
-CVE-2024-22017
+CVE-2024-22017 (setuid() does not affect libuv's internal io_uring operations
if initi ...)
[experimental] - nodejs <unfixed>
- nodejs <not-affected> (Only affects 20.x and later)
NOTE:
https://nodejs.org/en/blog/vulnerability/february-2024-security-releases/#setuid-does-not-drop-all-privileges-due-to-io_uring-cve-2024-22017---high
@@ -24143,6 +24201,7 @@ CVE-2023-6274 (A vulnerability was found in Beijing
Baichuo Smart S80 up to 2023
CVE-2023-6251 (Cross-site Request Forgery (CSRF) in Checkmk < 2.2.0p15, <
2.1.0p37, < ...)
- check-mk <removed>
CVE-2023-49298 (OpenZFS through 2.1.13 and 2.2.x through 2.2.1, in certain
scenarios i ...)
+ {DLA-3766-1}
- zfs-linux 2.1.14-1 (bug #1056752)
[bookworm] - zfs-linux <no-dsa> (contrib not supported)
[bullseye] - zfs-linux <no-dsa> (contrib not supported)
@@ -215716,6 +215775,7 @@ CVE-2021-27207
CVE-2021-27206
RESERVED
CVE-2013-20001 (An issue was discovered in OpenZFS through 2.0.3. When an NFS
share is ...)
+ {DLA-3766-1}
[experimental] - zfs-linux 2.2.0-1~exp1
- zfs-linux 2.2.2-1 (bug #1059322)
[bookworm] - zfs-linux <no-dsa> (contrib not supported)
View it on GitLab:
https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/3e2f4d379a2914c18a75f01930c216c27958259b
--
View it on GitLab:
https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/3e2f4d379a2914c18a75f01930c216c27958259b
You're receiving this email because of your account on salsa.debian.org.
_______________________________________________
debian-security-tracker-commits mailing list
[email protected]
https://alioth-lists.debian.net/cgi-bin/mailman/listinfo/debian-security-tracker-commits
