Salvatore Bonaccorso pushed to branch master at Debian Security Tracker /
security-tracker
Commits:
86f41086 by security tracker role at 2024-03-21T20:12:29+00:00
automatic update
- - - - -
1 changed file:
- data/CVE/list
Changes:
=====================================
data/CVE/list
=====================================
@@ -1,30 +1,162 @@
-CVE-2024-26643 [netfilter: nf_tables: mark set as dead when unbinding
anonymous set with timeout]
+CVE-2024-2742 (Operating system command injection vulnerability in Planet
IGS-4215-16 ...)
+ TODO: check
+CVE-2024-2741 (Cross-Site Request Forgery (CSRF) vulnerability in Planet
IGS-4215-16T ...)
+ TODO: check
+CVE-2024-2740 (Information exposure vulnerability in Planet IGS-4215-16T2S,
affecting ...)
+ TODO: check
+CVE-2024-2580 (Improper Neutralization of Input During Web Page Generation
('Cross-si ...)
+ TODO: check
+CVE-2024-2579 (Improper Neutralization of Input During Web Page Generation
('Cross-si ...)
+ TODO: check
+CVE-2024-2578 (Improper Neutralization of Input During Web Page Generation
('Cross-si ...)
+ TODO: check
+CVE-2024-2494 (A flaw was found in the RPC library APIs of libvirt. The RPC
server de ...)
+ TODO: check
+CVE-2024-2465 (Open redirection vulnerability in CDeX applicationallows to
redirect u ...)
+ TODO: check
+CVE-2024-2464 (This issue occurs during password recovery, where a difference
in mess ...)
+ TODO: check
+CVE-2024-2463 (Weak password recovery mechanism in CDeX application allows to
retriev ...)
+ TODO: check
+CVE-2024-29937 (NFS in a BSD derived codebase, as used in OpenBSD through 7.4
and Free ...)
+ TODO: check
+CVE-2024-29916 (The dormakaba Saflok system before the November 2023 software
update a ...)
+ TODO: check
+CVE-2024-29880 (In JetBrains TeamCity before 2023.11 users with access to the
agent ma ...)
+ TODO: check
+CVE-2024-29879 (Cross-Site Scripting (XSS) vulnerability in Sentrifugo 3.2,
through / ...)
+ TODO: check
+CVE-2024-29878 (Cross-Site Scripting (XSS) vulnerability in Sentrifugo 3.2,
through / ...)
+ TODO: check
+CVE-2024-29877 (Cross-Site Scripting (XSS) vulnerability in Sentrifugo 3.2,
through / ...)
+ TODO: check
+CVE-2024-29876 (SQL injection vulnerability in Sentrifugo 3.2, through
/sentrifugo/in ...)
+ TODO: check
+CVE-2024-29875 (SQL injection vulnerability in Sentrifugo 3.2, through
/sentrifugo/ind ...)
+ TODO: check
+CVE-2024-29874 (SQL injection vulnerability in Sentrifugo 3.2,
through/sentrifugo/inde ...)
+ TODO: check
+CVE-2024-29873 (SQL injection vulnerability in Sentrifugo 3.2,
through/sentrifugo/inde ...)
+ TODO: check
+CVE-2024-29872 (SQL injection vulnerability in Sentrifugo 3.2,
through/sentrifugo/inde ...)
+ TODO: check
+CVE-2024-29871 (SQL injection vulnerability in Sentrifugo 3.2, through
/sentrifugo/ind ...)
+ TODO: check
+CVE-2024-29870 (SQL injection vulnerability in Sentrifugo 3.2, through
/sentrifugo/ind ...)
+ TODO: check
+CVE-2024-29866 (Datalust Seq before 2023.4.11151 and 2024 before 2024.1.11146
has Inco ...)
+ TODO: check
+CVE-2024-29732 (A SQL Injection has been found on SCAN_VISIO eDocument Suite
Web Viewe ...)
+ TODO: check
+CVE-2024-29374 (A Cross-Site Scripting (XSS) vulnerability exists in the way
MOODLE 3. ...)
+ TODO: check
+CVE-2024-29244 (Shenzhen Libituo Technology Co., Ltd LBT-T300-mini v1.2.9 was
discover ...)
+ TODO: check
+CVE-2024-29243 (Shenzhen Libituo Technology Co., Ltd LBT-T300-mini v1.2.9 was
discover ...)
+ TODO: check
+CVE-2024-29180 (Prior to versions 7.1.0, 6.1.2, and 5.3.4, the
webpack-dev-middleware ...)
+ TODO: check
+CVE-2024-29019 (ESPHome is a system to control microcontrollers remotely
through Home ...)
+ TODO: check
+CVE-2024-28402 (TOTOLINK X2000R before V1.0.0-B20231213.1013 contains a Stored
Cross-s ...)
+ TODO: check
+CVE-2024-27995 (Improper Neutralization of Input During Web Page Generation
('Cross-si ...)
+ TODO: check
+CVE-2024-27994 (Improper Neutralization of Input During Web Page Generation
('Cross-si ...)
+ TODO: check
+CVE-2024-27993 (Improper Neutralization of Input During Web Page Generation
('Cross-si ...)
+ TODO: check
+CVE-2024-27992 (Improper Neutralization of Input During Web Page Generation
('Cross-si ...)
+ TODO: check
+CVE-2024-27991 (Improper Neutralization of Input During Web Page Generation
('Cross-si ...)
+ TODO: check
+CVE-2024-27990 (Improper Neutralization of Input During Web Page Generation
('Cross-si ...)
+ TODO: check
+CVE-2024-27989 (Improper Neutralization of Input During Web Page Generation
('Cross-si ...)
+ TODO: check
+CVE-2024-27988 (Improper Neutralization of Input During Web Page Generation
('Cross-si ...)
+ TODO: check
+CVE-2024-27985 (Deserialization of Untrusted Data vulnerability in
PropertyHive.This i ...)
+ TODO: check
+CVE-2024-27970 (Missing Authorization vulnerability in BogdanFix WP
SendFox.This issue ...)
+ TODO: check
+CVE-2024-27969 (Improper Neutralization of Input During Web Page Generation
('Cross-si ...)
+ TODO: check
+CVE-2024-27968 (Cross-Site Request Forgery (CSRF) vulnerability in Optimole
Super Page ...)
+ TODO: check
+CVE-2024-27967 (Cross-Site Request Forgery (CSRF) vulnerability in Michael
Leithold DS ...)
+ TODO: check
+CVE-2024-27966 (Improper Neutralization of Input During Web Page Generation
('Cross-si ...)
+ TODO: check
+CVE-2024-27965 (Improper Neutralization of Input During Web Page Generation
('Cross-si ...)
+ TODO: check
+CVE-2024-27964 (Unrestricted Upload of File with Dangerous Type vulnerability
in Gesun ...)
+ TODO: check
+CVE-2024-27963 (Improper Neutralization of Input During Web Page Generation
('Cross-si ...)
+ TODO: check
+CVE-2024-27962 (Improper Neutralization of Input During Web Page Generation
('Cross-si ...)
+ TODO: check
+CVE-2024-27956 (Improper Neutralization of Special Elements used in an SQL
Command ('S ...)
+ TODO: check
+CVE-2024-27683 (D-Link Go-RT-AC750 GORTAC750_A1_FW_v101b03 contains a
stack-based buff ...)
+ TODO: check
+CVE-2024-27277 (The private key for the IBM Storage Protect Plus Server 10.1.0
through ...)
+ TODO: check
+CVE-2024-27190 (Missing Authorization vulnerability in Jean-David Daviet
Download Medi ...)
+ TODO: check
+CVE-2024-25935 (Missing Authorization vulnerability in Metagauss
RegistrationMagic.Thi ...)
+ TODO: check
+CVE-2024-25922 (Missing Authorization vulnerability in Peach Payments Peach
Payments G ...)
+ TODO: check
+CVE-2024-25912 (Missing Authorization vulnerability in Skymoonlabs MoveTo.This
issue a ...)
+ TODO: check
+CVE-2024-25908 (Missing Authorization vulnerability in JoomUnited WP Media
folder.This ...)
+ TODO: check
+CVE-2024-25907 (Missing Authorization vulnerability in JoomUnited WP Media
folder.This ...)
+ TODO: check
+CVE-2024-24883 (Missing Authorization vulnerability in BdThemes Prime Slider
\u2013 Ad ...)
+ TODO: check
+CVE-2024-24850 (Missing Authorization vulnerability in Mark Stockton Quicksand
Post Fi ...)
+ TODO: check
+CVE-2024-1727 (To prevent malicious 3rd party websites from making requests to
Gradio ...)
+ TODO: check
+CVE-2023-51672 (Missing Authorization vulnerability in FunnelKit FunnelKit
Checkout.Th ...)
+ TODO: check
+CVE-2023-51142 (An issue in ZKTeco BioTime v.8.5.4 and before allows a remote
attacker ...)
+ TODO: check
+CVE-2023-51141 (An issue in ZKTeko BioTime v.8.5.4 and before allows a remote
attacker ...)
+ TODO: check
+CVE-2023-49837 (Uncontrolled Resource Consumption vulnerability in David
Artiss Code E ...)
+ TODO: check
+CVE-2023-47715 (IBM Storage Protect Plus Server 10.1.0 through 10.1.16 could
allow an ...)
+ TODO: check
+CVE-2024-26643 (In the Linux kernel, the following vulnerability has been
resolved: n ...)
- linux <unfixed>
[buster] - linux <not-affected> (Vulnerable code not present)
NOTE:
https://git.kernel.org/linus/552705a3650bbf46a22b1adedc1b04181490fc36 (6.8)
-CVE-2024-26642 [netfilter: nf_tables: disallow anonymous set with timeout flag]
+CVE-2024-26642 (In the Linux kernel, the following vulnerability has been
resolved: n ...)
- linux <unfixed>
NOTE:
https://git.kernel.org/linus/16603605b667b70da974bea8216c93e7db043bf1 (6.8)
-CVE-2023-52620 [netfilter: nf_tables: disallow timeout for anonymous sets]
+CVE-2023-52620 (In the Linux kernel, the following vulnerability has been
resolved: n ...)
- linux 6.4.4-1
NOTE:
https://git.kernel.org/linus/e26d3009efda338f19016df4175f354a9bd0a4ab (6.4)
-CVE-2024-29131
+CVE-2024-29131 (Out-of-bounds Write vulnerability in Apache Commons
Configuration.This ...)
- commons-configuration2 <unfixed>
[bookworm] - commons-configuration2 <no-dsa> (Minor issue)
[bullseye] - commons-configuration2 <no-dsa> (Minor issue)
NOTE: https://www.openwall.com/lists/oss-security/2024/03/20/4
NOTE: https://issues.apache.org/jira/browse/CONFIGURATION-840
-CVE-2024-29133
+CVE-2024-29133 (Out-of-bounds Write vulnerability in Apache Commons
Configuration.This ...)
- commons-configuration2 <unfixed>
[bookworm] - commons-configuration2 <no-dsa> (Minor issue)
[bullseye] - commons-configuration2 <no-dsa> (Minor issue)
NOTE: https://issues.apache.org/jira/browse/CONFIGURATION-841
NOTE: https://www.openwall.com/lists/oss-security/2024/03/20/3
-CVE-2024-1394
+CVE-2024-1394 (A memory leak flaw was found in Golang in the RSA
encrypting/decryptin ...)
NOT-FOR-US: golang-fips
-CVE-2024-26307
+CVE-2024-26307 (Possible race condition vulnerability in Apache Doris. Some of
code us ...)
NOT-FOR-US: Apache Doris
-CVE-2024-27438
+CVE-2024-27438 (Download of Code Without Integrity Check vulnerability in
Apache Doris ...)
NOT-FOR-US: Apache Doris
CVE-2024-2754 (A vulnerability classified as critical has been found in
SourceCodeste ...)
NOT-FOR-US: SourceCodester Complete E-Commerce Site
@@ -87,7 +219,7 @@ CVE-2024-28835 (A flaw has been discovered in GnuTLS where
an application crash
NOTE: https://gitlab.com/gnutls/gnutls/-/issues/1527
NOTE:
https://lists.gnupg.org/pipermail/gnutls-help/2024-March/004845.html
NOTE: https://www.gnutls.org/security-new.html#GNUTLS-SA-2024-01-23
-CVE-2024-28834
+CVE-2024-28834 (A flaw was found in GnuTLS. The Minerva attack is a
cryptographic vuln ...)
- gnutls28 <unfixed>
NOTE: https://gitlab.com/gnutls/gnutls/-/issues/1516
NOTE:
https://lists.gnupg.org/pipermail/gnutls-help/2024-March/004845.html
@@ -660,6 +792,7 @@ CVE-2024-27439 (An error in the evaluation of the fetch
metadata headers could a
CVE-2024-24683 (Improper Input Validation vulnerability in Apache Hop
Engine.This issu ...)
NOT-FOR-US: Apache Hop Engine
CVE-2024-2616 (To harden ICU against exploitation, the behavior for
out-of-memory con ...)
+ {DSA-5644-1 DSA-5643-1}
- firefox-esr 115.9.0esr-1
- thunderbird 1:115.9.0-1
NOTE:
https://www.mozilla.org/en-US/security/advisories/mfsa2024-13/#CVE-2024-2616
@@ -668,6 +801,7 @@ CVE-2024-2615 (Memory safety bugs present in Firefox 123.
Some of these bugs sho
- firefox 124.0-1
NOTE:
https://www.mozilla.org/en-US/security/advisories/mfsa2024-12/#CVE-2024-2615
CVE-2024-2614 (Memory safety bugs present in Firefox 123, Firefox ESR 115.8,
and Thun ...)
+ {DSA-5644-1 DSA-5643-1}
- firefox 124.0-1
- firefox-esr 115.9.0esr-1
- thunderbird 1:115.9.0-1
@@ -678,6 +812,7 @@ CVE-2024-2613 (Data was not properly sanitized when
decoding a QUIC ACK frame; t
- firefox 124.0-1
NOTE:
https://www.mozilla.org/en-US/security/advisories/mfsa2024-12/#CVE-2024-2613
CVE-2024-2612 (If an attacker could find a way to trigger a particular code
path in ` ...)
+ {DSA-5644-1 DSA-5643-1}
- firefox 124.0-1
- firefox-esr 115.9.0esr-1
- thunderbird 1:115.9.0-1
@@ -685,6 +820,7 @@ CVE-2024-2612 (If an attacker could find a way to trigger a
particular code path
NOTE:
https://www.mozilla.org/en-US/security/advisories/mfsa2024-13/#CVE-2024-2612
NOTE:
https://www.mozilla.org/en-US/security/advisories/mfsa2024-14/#CVE-2024-2612
CVE-2024-2611 (A missing delay on when pointer lock was used could have
allowed a mal ...)
+ {DSA-5644-1 DSA-5643-1}
- firefox 124.0-1
- firefox-esr 115.9.0esr-1
- thunderbird 1:115.9.0-1
@@ -692,6 +828,7 @@ CVE-2024-2611 (A missing delay on when pointer lock was
used could have allowed
NOTE:
https://www.mozilla.org/en-US/security/advisories/mfsa2024-13/#CVE-2024-2611
NOTE:
https://www.mozilla.org/en-US/security/advisories/mfsa2024-14/#CVE-2024-2611
CVE-2024-2610 (Using a markup injection an attacker could have stolen nonce
values. T ...)
+ {DSA-5644-1 DSA-5643-1}
- firefox 124.0-1
- firefox-esr 115.9.0esr-1
- thunderbird 1:115.9.0-1
@@ -702,6 +839,7 @@ CVE-2024-2609 (The permission prompt input delay could have
expired while the wi
- firefox 124.0-1
NOTE:
https://www.mozilla.org/en-US/security/advisories/mfsa2024-12/#CVE-2024-2609
CVE-2024-2608 (`AppendEncodedAttributeValue(),
ExtraSpaceNeededForAttrEncoding()` and ...)
+ {DSA-5644-1 DSA-5643-1}
- firefox 124.0-1
- firefox-esr 115.9.0esr-1
- thunderbird 1:115.9.0-1
@@ -709,6 +847,7 @@ CVE-2024-2608 (`AppendEncodedAttributeValue(),
ExtraSpaceNeededForAttrEncoding()
NOTE:
https://www.mozilla.org/en-US/security/advisories/mfsa2024-13/#CVE-2024-2608
NOTE:
https://www.mozilla.org/en-US/security/advisories/mfsa2024-14/#CVE-2024-2608
CVE-2024-2607 (Return registers were overwritten which could have allowed an
attacker ...)
+ {DSA-5644-1 DSA-5643-1}
- firefox 124.0-1
- firefox-esr 115.9.0esr-1
- thunderbird 1:115.9.0-1
@@ -4069,6 +4208,7 @@ CVE-2024-20830 (Incorrect default permission in AppLock
prior to SMR MAr-2024 Re
CVE-2024-20829 (Missing proper interaction for opening deeplink in Samsung
Internet pr ...)
NOT-FOR-US: Samsung
CVE-2024-1936 (The encrypted subject of an email message could be incorrectly
and per ...)
+ {DSA-5644-1}
- thunderbird 1:115.8.1-1
NOTE:
https://www.mozilla.org/en-US/security/advisories/mfsa2024-11/#CVE-2024-1936
CVE-2024-1782 (The Blue Triad EZAnalytics plugin for WordPress is vulnerable
to Refle ...)
@@ -13825,7 +13965,7 @@ CVE-2024-0744 (In some circumstances, JIT compiled code
could have dereferenced
- firefox 122.0-1
NOTE:
https://www.mozilla.org/en-US/security/advisories/mfsa2024-01/#CVE-2024-0744
CVE-2024-0743 (An unchecked return value in TLS handshake code could have
caused a po ...)
- {DLA-3757-1}
+ {DSA-5644-1 DSA-5643-1 DLA-3757-1}
- firefox 122.0-1
- firefox-esr 115.9.0esr-1
- nss 2:3.96.1-1
@@ -30557,7 +30697,7 @@ CVE-2023-39333
NOTE:
https://nodejs.org/en/blog/vulnerability/october-2023-security-releases#code-injection-via-webassembly-export-names-low---cve-2023-39333
NOTE:
https://github.com/nodejs/node/commit/eaf9083cf1e43bd897ac8244dcc0f4e3500150ca
CVE-2023-5388 (NSS was susceptible to a timing side-channel attack when
performing RS ...)
- {DLA-3757-1}
+ {DSA-5644-1 DSA-5643-1 DLA-3757-1}
- firefox 124.0-1
- firefox-esr 115.9.0esr-1
- nss 2:3.98-1 (bug #1056284)
@@ -65148,8 +65288,8 @@ CVE-2023-27609
RESERVED
CVE-2023-27608
RESERVED
-CVE-2023-27607
- RESERVED
+CVE-2023-27607 (Missing Authorization vulnerability in WP Swings Points and
Rewards fo ...)
+ TODO: check
CVE-2023-27606 (Cross-Site Request Forgery (CSRF) vulnerability in Sajjad
Hossain WP R ...)
NOT-FOR-US: WordPress plugin
CVE-2023-27605 (Improper Neutralization of Special Elements used in an SQL
Command ('S ...)
@@ -83353,8 +83493,8 @@ CVE-2022-47606 (Auth. (admin+) Stored Cross-Site
Scripting (XSS) vulnerability i
NOT-FOR-US: WordPress plugin
CVE-2022-47605 (Auth. SQL Injection') vulnerability in Kunal Nagar Custom 404
Pro plug ...)
NOT-FOR-US: WordPress plugin
-CVE-2022-47604
- RESERVED
+CVE-2022-47604 (Missing Authorization vulnerability in junkcoder,
ristoniinemets AJAX ...)
+ TODO: check
CVE-2022-47603 (Unauth. Reflected Cross-Site Scripting (XSS) vulnerability in
wpdevart ...)
NOT-FOR-US: WordPress plugin
CVE-2022-47602 (Auth. (contributor+) Stored Cross-Site Scripting (XSS)
vulnerability i ...)
@@ -94854,8 +94994,8 @@ CVE-2022-44635 (Apache Fineract allowed an
authenticated user to perform remote
NOT-FOR-US: Apache Fineract
CVE-2022-44634 (Auth. (admin+) Arbitrary File Read vulnerability in S2W \u2013
Import ...)
NOT-FOR-US: WordPress plugin
-CVE-2022-44633
- RESERVED
+CVE-2022-44633 (Missing Authorization vulnerability in YITH YITH WooCommerce
Gift Card ...)
+ TODO: check
CVE-2022-44632 (Auth. (admin+) Stored Cross-Site Scripting (XSS) vulnerability
in Deni ...)
NOT-FOR-US: WordPress plugin
CVE-2022-44631 (Auth. (author+) Stored Cross-Site Scripting (XSS)
vulnerability in 1ap ...)
@@ -95113,8 +95253,8 @@ CVE-2022-44597
RESERVED
CVE-2022-44596
RESERVED
-CVE-2022-44595
- RESERVED
+CVE-2022-44595 (Improper Authentication vulnerability in Melapress WP 2FA
allows Authe ...)
+ TODO: check
CVE-2022-44594 (Auth. (admin+) Stored Cross-Site Scripting (XSS) vulnerability
in Code ...)
NOT-FOR-US: WordPress plugin
CVE-2022-44593
View it on GitLab:
https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/86f41086bbe254354de6f0bc53959c6576693cad
--
View it on GitLab:
https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/86f41086bbe254354de6f0bc53959c6576693cad
You're receiving this email because of your account on salsa.debian.org.
_______________________________________________
debian-security-tracker-commits mailing list
[email protected]
https://alioth-lists.debian.net/cgi-bin/mailman/listinfo/debian-security-tracker-commits
