[Git][security-tracker-team/security-tracker][master] automatic update

Salvatore Bonaccorso (@carnil) Tue, 19 Mar 2024 13:14:23 -0700


Salvatore Bonaccorso pushed to branch master at Debian Security Tracker / 
security-tracker



Commits:
e34bca1c by security tracker role at 2024-03-19T20:12:33+00:00
automatic update

- - - - -


1 changed file:

- data/CVE/list


Changes:

=====================================
data/CVE/list
=====================================
@@ -1,67 +1,235 @@
-CVE-2024-27439
+CVE-2024-2639 (A vulnerability was found in Bdtask Wholesale Inventory 
Management Sys ...)
+       TODO: check
+CVE-2024-2636 (An Unrestricted Upload of File vulnerability has been found on 
Cegid M ...)
+       TODO: check
+CVE-2024-2635 (The configuration pages available are not intended to be placed 
on an  ...)
+       TODO: check
+CVE-2024-2634 (A Cross-Site Scripting Vulnerability has been found on Meta4 HR 
affect ...)
+       TODO: check
+CVE-2024-2633 (A Cross-Site Scripting Vulnerability has been found on Meta4 HR 
affect ...)
+       TODO: check
+CVE-2024-2632 (A Information Exposure Vulnerability has been found on Meta4 
HR. This  ...)
+       TODO: check
+CVE-2024-2545
+       REJECTED
+CVE-2024-2442 (Franklin Fueling System EVO 550 and EVO 5000 are vulnerable to 
a Path  ...)
+       TODO: check
+CVE-2024-2307 (A flaw was found in osbuild-composer. A condition can be 
triggered tha ...)
+       TODO: check
+CVE-2024-2169 (Implementations of UDP application protocol are vulnerable to 
network  ...)
+       TODO: check
+CVE-2024-29143 (Improper Neutralization of Input During Web Page Generation 
('Cross-si ...)
+       TODO: check
+CVE-2024-29142 (Improper Neutralization of Input During Web Page Generation 
('Cross-si ...)
+       TODO: check
+CVE-2024-29141 (Improper Neutralization of Input During Web Page Generation 
('Cross-si ...)
+       TODO: check
+CVE-2024-29140 (Improper Neutralization of Input During Web Page Generation 
('Cross-si ...)
+       TODO: check
+CVE-2024-29139 (Improper Neutralization of Input During Web Page Generation 
('Cross-si ...)
+       TODO: check
+CVE-2024-29138 (Improper Neutralization of Input During Web Page Generation 
('Cross-si ...)
+       TODO: check
+CVE-2024-29137 (Improper Neutralization of Input During Web Page Generation 
('Cross-si ...)
+       TODO: check
+CVE-2024-29136 (Deserialization of Untrusted Data vulnerability in Themefic 
Tourfic.Th ...)
+       TODO: check
+CVE-2024-29135 (Unrestricted Upload of File with Dangerous Type vulnerability 
in Tourf ...)
+       TODO: check
+CVE-2024-29134 (Improper Neutralization of Input During Web Page Generation 
('Cross-si ...)
+       TODO: check
+CVE-2024-29130 (Improper Neutralization of Input During Web Page Generation 
('Cross-si ...)
+       TODO: check
+CVE-2024-29129 (Improper Neutralization of Input During Web Page Generation 
('Cross-si ...)
+       TODO: check
+CVE-2024-29128 (Improper Neutralization of Input During Web Page Generation 
('Cross-si ...)
+       TODO: check
+CVE-2024-29127 (Improper Neutralization of Input During Web Page Generation 
('Cross-si ...)
+       TODO: check
+CVE-2024-29126 (Improper Neutralization of Input During Web Page Generation 
('Cross-si ...)
+       TODO: check
+CVE-2024-29125 (Improper Neutralization of Input During Web Page Generation 
('Cross-si ...)
+       TODO: check
+CVE-2024-29124 (Improper Neutralization of Input During Web Page Generation 
('Cross-si ...)
+       TODO: check
+CVE-2024-29123 (Improper Neutralization of Input During Web Page Generation 
('Cross-si ...)
+       TODO: check
+CVE-2024-29122 (Improper Neutralization of Input During Web Page Generation 
('Cross-si ...)
+       TODO: check
+CVE-2024-29121 (Improper Neutralization of Input During Web Page Generation 
('Cross-si ...)
+       TODO: check
+CVE-2024-29118 (Improper Neutralization of Input During Web Page Generation 
('Cross-si ...)
+       TODO: check
+CVE-2024-29117 (Improper Neutralization of Input During Web Page Generation 
('Cross-si ...)
+       TODO: check
+CVE-2024-29116 (Improper Neutralization of Input During Web Page Generation 
('Cross-si ...)
+       TODO: check
+CVE-2024-29115 (Improper Neutralization of Input During Web Page Generation 
('Cross-si ...)
+       TODO: check
+CVE-2024-29114 (Improper Neutralization of Input During Web Page Generation 
('Cross-si ...)
+       TODO: check
+CVE-2024-29113 (Improper Neutralization of Input During Web Page Generation 
('Cross-si ...)
+       TODO: check
+CVE-2024-29112 (Improper Neutralization of Input During Web Page Generation 
('Cross-si ...)
+       TODO: check
+CVE-2024-29111 (Improper Neutralization of Input During Web Page Generation 
('Cross-si ...)
+       TODO: check
+CVE-2024-29110 (Improper Neutralization of Input During Web Page Generation 
('Cross-si ...)
+       TODO: check
+CVE-2024-29109 (Improper Neutralization of Input During Web Page Generation 
('Cross-si ...)
+       TODO: check
+CVE-2024-29108 (Improper Neutralization of Input During Web Page Generation 
('Cross-si ...)
+       TODO: check
+CVE-2024-29107 (Improper Neutralization of Input During Web Page Generation 
('Cross-si ...)
+       TODO: check
+CVE-2024-29106 (Improper Neutralization of Input During Web Page Generation 
('Cross-si ...)
+       TODO: check
+CVE-2024-29105 (Improper Neutralization of Input During Web Page Generation 
('Cross-si ...)
+       TODO: check
+CVE-2024-29104 (Improper Neutralization of Input During Web Page Generation 
('Cross-si ...)
+       TODO: check
+CVE-2024-29103 (Improper Neutralization of Input During Web Page Generation 
('Cross-si ...)
+       TODO: check
+CVE-2024-29102 (Improper Neutralization of Input During Web Page Generation 
('Cross-si ...)
+       TODO: check
+CVE-2024-29101 (Improper Neutralization of Input During Web Page Generation 
('Cross-si ...)
+       TODO: check
+CVE-2024-29099 (Improper Neutralization of Input During Web Page Generation 
('Cross-si ...)
+       TODO: check
+CVE-2024-29098 (Improper Neutralization of Input During Web Page Generation 
('Cross-si ...)
+       TODO: check
+CVE-2024-29097 (Improper Neutralization of Input During Web Page Generation 
('Cross-si ...)
+       TODO: check
+CVE-2024-29096 (Improper Neutralization of Input During Web Page Generation 
('Cross-si ...)
+       TODO: check
+CVE-2024-29095 (Improper Neutralization of Input During Web Page Generation 
('Cross-si ...)
+       TODO: check
+CVE-2024-29094 (Improper Neutralization of Input During Web Page Generation 
('Cross-si ...)
+       TODO: check
+CVE-2024-29093 (Cross-Site Request Forgery (CSRF) vulnerability in Tobias 
Conrad Build ...)
+       TODO: check
+CVE-2024-29092 (Improper Neutralization of Input During Web Page Generation 
('Cross-si ...)
+       TODO: check
+CVE-2024-29091 (Improper Neutralization of Input During Web Page Generation 
('Cross-si ...)
+       TODO: check
+CVE-2024-29089 (Improper Neutralization of Input During Web Page Generation 
('Cross-si ...)
+       TODO: check
+CVE-2024-29027 (Parse Server is an open source backend that can be deployed to 
any inf ...)
+       TODO: check
+CVE-2024-28734 (Cross Site Scripting vulnerability in Unit4 Financials by Coda 
v.2024Q ...)
+       TODO: check
+CVE-2024-28595 (SQL Injection vulnerability in Employee Management System v1.0 
allows  ...)
+       TODO: check
+CVE-2024-28394 (An issue in Advanced Plugins reportsstatistics v1.3.20 and 
before allo ...)
+       TODO: check
+CVE-2024-28303 (Open Source Medicine Ordering System v1.0 was discovered to 
contain a  ...)
+       TODO: check
+CVE-2024-27998 (Improper Neutralization of Input During Web Page Generation 
('Cross-si ...)
+       TODO: check
+CVE-2024-27997 (Improper Neutralization of Input During Web Page Generation 
('Cross-si ...)
+       TODO: check
+CVE-2024-27996 (Improper Neutralization of Input During Web Page Generation 
('Cross-si ...)
+       TODO: check
+CVE-2024-21677 (This High severity Path Traversal vulnerability was introduced 
in vers ...)
+       TODO: check
+CVE-2024-1401 (The Profile Box Shortcode And Widget WordPress plugin before 
1.2.1 doe ...)
+       TODO: check
+CVE-2024-1146 (Cross-Site Scripting vulnerability in Devklan's Alma Blog that 
affects ...)
+       TODO: check
+CVE-2024-1145 (User enumeration vulnerability in Devklan's Alma Blog that 
affects ver ...)
+       TODO: check
+CVE-2024-1144 (Improper access control vulnerability in Devklan's Alma Blog 
that affe ...)
+       TODO: check
+CVE-2024-0450 (An issue was found in the CPython `zipfile` module affecting 
versions  ...)
+       TODO: check
+CVE-2023-6597 (An issue was found in the CPython `tempfile.TemporaryDirectory` 
class  ...)
+       TODO: check
+CVE-2023-50966 (erlang-jose (aka JOSE for Erlang and Elixir) through 1.11.6 
allow atta ...)
+       TODO: check
+CVE-2023-4426
+       REJECTED
+CVE-2023-44092 (Improper Neutralization of Special Elements used in an OS 
Command ('OS ...)
+       TODO: check
+CVE-2023-44091 (Improper Neutralization of Special Elements used in an SQL 
Command ('S ...)
+       TODO: check
+CVE-2023-44090 (Improper Neutralization of Special Elements used in an SQL 
Command ('S ...)
+       TODO: check
+CVE-2023-42920 (Claris International has fixed a dylib hijacking vulnerability 
in the  ...)
+       TODO: check
+CVE-2023-41793 (: Path Traversal vulnerability in Pandora FMS on all allows 
Path Trave ...)
+       TODO: check
+CVE-2023-40279 (An issue was discovered in OpenClinic GA 5.247.01. An attacker 
can per ...)
+       TODO: check
+CVE-2023-40278 (An issue was discovered in OpenClinic GA 5.247.01. An 
Information Disc ...)
+       TODO: check
+CVE-2023-32260 (Misinterpretation of Input vulnerability in OpenText\u2122 
Service Man ...)
+       TODO: check
+CVE-2023-32259 (Insufficient Granularity of Access Control vulnerability in 
OpenText\u ...)
+       TODO: check
+CVE-2024-27439 (An error in the evaluation of the fetch metadata headers could 
allow a ...)
        NOT-FOR-US: Apache Wicket
-CVE-2024-24683
+CVE-2024-24683 (Improper Input Validation vulnerability in Apache Hop 
Engine.This issu ...)
        NOT-FOR-US: Apache Hop Engine
-CVE-2024-2616
+CVE-2024-2616 (To harden ICU against exploitation, the behavior for 
out-of-memory con ...)
        - firefox-esr <unfixed>
        - thunderbird 1:115.9.0-1
        NOTE: 
https://www.mozilla.org/en-US/security/advisories/mfsa2024-13/#CVE-2024-2616
        NOTE: 
https://www.mozilla.org/en-US/security/advisories/mfsa2024-14/#CVE-2024-2616
-CVE-2024-2615
+CVE-2024-2615 (Memory safety bugs present in Firefox 123. Some of these bugs 
showed e ...)
        - firefox <unfixed>
        NOTE: 
https://www.mozilla.org/en-US/security/advisories/mfsa2024-12/#CVE-2024-2615
-CVE-2024-2614
+CVE-2024-2614 (Memory safety bugs present in Firefox 123, Firefox ESR 115.8, 
and Thun ...)
        - firefox <unfixed>
        - firefox-esr <unfixed>
        - thunderbird 1:115.9.0-1
        NOTE: 
https://www.mozilla.org/en-US/security/advisories/mfsa2024-12/#CVE-2024-2614
        NOTE: 
https://www.mozilla.org/en-US/security/advisories/mfsa2024-13/#CVE-2024-2614
        NOTE: 
https://www.mozilla.org/en-US/security/advisories/mfsa2024-14/#CVE-2024-2614
-CVE-2024-2613
+CVE-2024-2613 (Data was not properly sanitized when decoding a QUIC ACK frame; 
this c ...)
        - firefox <unfixed>
        NOTE: 
https://www.mozilla.org/en-US/security/advisories/mfsa2024-12/#CVE-2024-2613
-CVE-2024-2612
+CVE-2024-2612 (If an attacker could find a way to trigger a particular code 
path in ` ...)
        - firefox <unfixed>
        - firefox-esr <unfixed>
        - thunderbird 1:115.9.0-1
        NOTE: 
https://www.mozilla.org/en-US/security/advisories/mfsa2024-12/#CVE-2024-2612
        NOTE: 
https://www.mozilla.org/en-US/security/advisories/mfsa2024-13/#CVE-2024-2612
        NOTE: 
https://www.mozilla.org/en-US/security/advisories/mfsa2024-14/#CVE-2024-2612
-CVE-2024-2611
+CVE-2024-2611 (A missing delay on when pointer lock was used could have 
allowed a mal ...)
        - firefox <unfixed>
        - firefox-esr <unfixed>
        - thunderbird 1:115.9.0-1
        NOTE: 
https://www.mozilla.org/en-US/security/advisories/mfsa2024-12/#CVE-2024-2611
        NOTE: 
https://www.mozilla.org/en-US/security/advisories/mfsa2024-13/#CVE-2024-2611
        NOTE: 
https://www.mozilla.org/en-US/security/advisories/mfsa2024-14/#CVE-2024-2611
-CVE-2024-2610
+CVE-2024-2610 (Using a markup injection an attacker could have stolen nonce 
values. T ...)
        - firefox <unfixed>
        - firefox-esr <unfixed>
        - thunderbird 1:115.9.0-1
        NOTE: 
https://www.mozilla.org/en-US/security/advisories/mfsa2024-12/#CVE-2024-2610
        NOTE: 
https://www.mozilla.org/en-US/security/advisories/mfsa2024-13/#CVE-2024-2610
        NOTE: 
https://www.mozilla.org/en-US/security/advisories/mfsa2024-14/#CVE-2024-2610
-CVE-2024-2609
+CVE-2024-2609 (The permission prompt input delay could have expired while the 
window  ...)
        - firefox <unfixed>
        NOTE: 
https://www.mozilla.org/en-US/security/advisories/mfsa2024-12/#CVE-2024-2609
-CVE-2024-2608
+CVE-2024-2608 (`AppendEncodedAttributeValue(), 
ExtraSpaceNeededForAttrEncoding()` and ...)
        - firefox <unfixed>
        - firefox-esr <unfixed>
        - thunderbird 1:115.9.0-1
        NOTE: 
https://www.mozilla.org/en-US/security/advisories/mfsa2024-12/#CVE-2024-2608
        NOTE: 
https://www.mozilla.org/en-US/security/advisories/mfsa2024-13/#CVE-2024-2608
        NOTE: 
https://www.mozilla.org/en-US/security/advisories/mfsa2024-14/#CVE-2024-2608
-CVE-2024-2607
+CVE-2024-2607 (Return registers were overwritten which could have allowed an 
attacker ...)
        - firefox <unfixed>
        - firefox-esr <unfixed>
        - thunderbird 1:115.9.0-1
        NOTE: 
https://www.mozilla.org/en-US/security/advisories/mfsa2024-12/#CVE-2024-2607
        NOTE: 
https://www.mozilla.org/en-US/security/advisories/mfsa2024-13/#CVE-2024-2607
        NOTE: 
https://www.mozilla.org/en-US/security/advisories/mfsa2024-14/#CVE-2024-2607
-CVE-2024-2606
+CVE-2024-2606 (Passing invalid data could have led to invalid wasm values 
being creat ...)
        - firefox <unfixed>
        NOTE: 
https://www.mozilla.org/en-US/security/advisories/mfsa2024-12/#CVE-2024-2606
-CVE-2024-2605
+CVE-2024-2605 (An attacker could have leveraged the Windows Error Reporter to 
run arb ...)
        - firefox <not-affected> (Only affects Firefox on Windows)
        - firefox-esr <not-affected> (Only affects Firefox ESR on Windows)
        - thunderbird <not-affected> (Only affects Thunderbird on Windows)
@@ -29903,7 +30071,7 @@ CVE-2023-39333
        [buster] - nodejs <not-affected> (Only affects 18.x and later)
        NOTE: 
https://nodejs.org/en/blog/vulnerability/october-2023-security-releases#code-injection-via-webassembly-export-names-low---cve-2023-39333
        NOTE: 
https://github.com/nodejs/node/commit/eaf9083cf1e43bd897ac8244dcc0f4e3500150ca
-CVE-2023-5388
+CVE-2023-5388 (NSS was susceptible to a timing side-channel attack when 
performing RS ...)
        {DLA-3757-1}
        - firefox <unfixed>
        - firefox-esr <unfixed>



View it on GitLab: 
https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/e34bca1c2dcf651bca7500690fe782a2bfe1be11

-- 
View it on GitLab: 
https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/e34bca1c2dcf651bca7500690fe782a2bfe1be11
You're receiving this email because of your account on salsa.debian.org.

_______________________________________________
debian-security-tracker-commits mailing list
[email protected]
https://alioth-lists.debian.net/cgi-bin/mailman/listinfo/debian-security-tracker-commits

[Git][security-tracker-team/security-tracker][master] automatic update

Reply via email to