Salvatore Bonaccorso pushed to branch master at Debian Security Tracker /
security-tracker
Commits:
b2e733d0 by security tracker role at 2024-03-22T20:12:27+00:00
automatic update
- - - - -
1 changed file:
- data/CVE/list
Changes:
=====================================
data/CVE/list
=====================================
@@ -1,3 +1,87 @@
+CVE-2024-2828 (A vulnerability, which was classified as critical, was found in
lakern ...)
+ TODO: check
+CVE-2024-2827 (A vulnerability, which was classified as critical, has been
found in l ...)
+ TODO: check
+CVE-2024-2826 (A vulnerability classified as problematic was found in
lakernote EasyA ...)
+ TODO: check
+CVE-2024-2825 (A vulnerability classified as critical has been found in
lakernote Eas ...)
+ TODO: check
+CVE-2024-2824 (A vulnerability was found in Matthias-Wandel jhead 3.08 and
classified ...)
+ TODO: check
+CVE-2024-2823 (A vulnerability has been found in DedeCMS 5.7 and classified as
proble ...)
+ TODO: check
+CVE-2024-2822 (A vulnerability, which was classified as problematic, was found
in Ded ...)
+ TODO: check
+CVE-2024-2821 (A vulnerability, which was classified as problematic, has been
found i ...)
+ TODO: check
+CVE-2024-2820 (A vulnerability classified as problematic was found in DedeCMS
5.7. Af ...)
+ TODO: check
+CVE-2024-2728 (Information exposure vulnerability in the CIGESv2 system. This
vulnera ...)
+ TODO: check
+CVE-2024-2727 (HTML injection vulnerability affecting the CIGESv2 system,
which allow ...)
+ TODO: check
+CVE-2024-2726 (Stored Cross-Site Scripting (Stored-XSS) vulnerability
affecting the C ...)
+ TODO: check
+CVE-2024-2725 (Information exposure vulnerability in the CIGESv2 system. A
remote att ...)
+ TODO: check
+CVE-2024-2724 (SQL injection vulnerability in the CIGESv2 system,
through/ajaxServici ...)
+ TODO: check
+CVE-2024-2723 (SQL injection vulnerability in the CIGESv2 system,
through/ajaxSubServ ...)
+ TODO: check
+CVE-2024-2722 (SQL injection vulnerability in the CIGESv2 system,
through/ajaxConfigT ...)
+ TODO: check
+CVE-2024-2449 (A cross-site request forgery vulnerability has been identified
in Load ...)
+ TODO: check
+CVE-2024-2448 (An OS command injection vulnerability has been identified in
LoadMaste ...)
+ TODO: check
+CVE-2024-2228 (This vulnerability allows an authenticated user to perform a
Lifecycle ...)
+ TODO: check
+CVE-2024-2227 (This vulnerability allows access to arbitrary files in the
application ...)
+ TODO: check
+CVE-2024-29944 (An attacker was able to inject an event handler into a
privileged obje ...)
+ TODO: check
+CVE-2024-29943 (An attacker was able to perform an out-of-bounds read or write
on a Ja ...)
+ TODO: check
+CVE-2024-29865 (Logpoint before 7.1.0 allows Self-XSS on the LDAP
authentication page ...)
+ TODO: check
+CVE-2024-29499 (Anchor CMS v0.12.7 was discovered to contain a Cross-Site
Request Forg ...)
+ TODO: check
+CVE-2024-29385 (DIR-845L router <= v1.01KRb03 has an Unauthenticated remote
code execu ...)
+ TODO: check
+CVE-2024-29366 (A command injection vulnerability exists in the cgibin binary
in DIR-8 ...)
+ TODO: check
+CVE-2024-29338 (Anchor CMS v0.12.7 was discovered to contain a Cross-Site
Request Forg ...)
+ TODO: check
+CVE-2024-29186 (Bref is an open-source project that helps users go serverless
on Amazo ...)
+ TODO: check
+CVE-2024-29185 (FreeScout is a self-hosted help desk and shared mailbox.
Versions prio ...)
+ TODO: check
+CVE-2024-29184 (FreeScout is a self-hosted help desk and shared mailbox. A
Stored Cros ...)
+ TODO: check
+CVE-2024-29042 (Translate is a package that allows users to convert text to
different ...)
+ TODO: check
+CVE-2024-28861 (Symfony 1 is a community-driven fork of the 1.x branch of
Symfony, a P ...)
+ TODO: check
+CVE-2024-28824 (Least privilege violation and reliance on untrusted inputs in
the mk_i ...)
+ TODO: check
+CVE-2024-28593 (The Chat activity in Moodle 4.3.3 allows students to insert a
potentia ...)
+ TODO: check
+CVE-2024-28560 (SQL injection vulnerability in Niushop B2B2C v.5.3.3 and
before allows ...)
+ TODO: check
+CVE-2024-28559 (SQL injection vulnerability in Niushop B2B2C v.5.3.3 and
before allows ...)
+ TODO: check
+CVE-2024-25168 (SQL injection vulnerability in snow snow v.2.0.0 allows a
remote attac ...)
+ TODO: check
+CVE-2024-1848 (Heap-based Buffer Overflow, Memory Corruption, Out-Of-Bounds
Read, Out ...)
+ TODO: check
+CVE-2024-1742 (Invocation of the sqlplus command with sensitive information in
the co ...)
+ TODO: check
+CVE-2024-0638 (Least privilege violation in the Checkmk agent plugins
mk_oracle, mk_o ...)
+ TODO: check
+CVE-2023-4063 (Certain HP OfficeJet Pro printers are potentially vulnerable to
a Deni ...)
+ TODO: check
+CVE-2023-41099 (In the Windows installer in Atos Eviden CardOS API before
5.5.5.2811, ...)
+ TODO: check
CVE-2024-2817 (A vulnerability, which was classified as problematic, has been
found i ...)
NOT-FOR-US: Tenda
CVE-2024-2816 (A vulnerability classified as problematic was found in Tenda
AC15 15.0 ...)
@@ -4150,7 +4234,7 @@ CVE-2024-24783 (Verifying a certificate chain which
contains a certificate with
NOTE:
https://github.com/golang/go/commit/be5b52bea674190ef7de272664be6c7ae93ec5a0
(go1.21.8)
CVE-2024-1979 (A vulnerability was found in Quarkus. In certain conditions
related to ...)
NOT-FOR-US: Quarkus
-CVE-2023-5685 [StackOverflowException when the chain of notifier states
becomes problematically big]
+CVE-2023-5685 (A flaw was found in XNIO. The XNIO NotifierState that can cause
a Stac ...)
- jboss-xnio <unfixed> (bug #1065847)
[bookworm] - jboss-xnio <no-dsa> (Minor issue)
[bullseye] - jboss-xnio <no-dsa> (Minor issue)
@@ -28619,6 +28703,7 @@ CVE-2023-46352 (In the module "Pixel Plus: Events +
CAPI + Pixel Catalog for Fac
CVE-2023-46176 (IBM MQ Appliance 9.3 CD could allow a local attacker to gain
elevated ...)
NOT-FOR-US: IBM
CVE-2023-44271 (An issue was discovered in Pillow before 10.0.0. It is a
Denial of Ser ...)
+ {DLA-3768-1}
- pillow 10.0.0-1
[bookworm] - pillow <no-dsa> (Minor issue)
[bullseye] - pillow <no-dsa> (Minor issue)
@@ -45185,7 +45270,8 @@ CVE-2023-3577 (Mattermost fails to properly restrict
requests tolocalhost/intran
- mattermost-server <itp> (bug #823556)
CVE-2023-3459 (The Export and Import Users and Customers plugin for WordPress
is vuln ...)
NOT-FOR-US: WordPress plugin
-CVE-2023-3418 (The Querlo Chatbot WordPress plugin through 1.2.4 does not
escape or s ...)
+CVE-2023-3418
+ REJECTED
NOT-FOR-US: WordPress plugin
CVE-2023-3403 (The ProfileGrid plugin for WordPress is vulnerable to
unauthorized mod ...)
NOT-FOR-US: WordPress plugin
@@ -58406,7 +58492,7 @@ CVE-2023-29582 (yasm 1.3.0.55.g101bc was discovered to
contain a stack overflow
- yasm <unfixed> (unimportant)
NOTE: https://github.com/yasm/yasm/issues/217
NOTE: Crash in CLI tool, no security impact
-CVE-2023-29581 (yasm 1.3.0.55.g101bc was discovered to contain a segmentation
violatio ...)
+CVE-2023-29581 (yasm 1.3.0.55.g101bc has a segmentation violation in the
function dele ...)
- yasm <unfixed> (unimportant)
NOTE: https://github.com/yasm/yasm/issues/216
NOTE: Crash in CLI tool, no security impact
@@ -78180,8 +78266,8 @@ CVE-2023-23351
RESERVED
CVE-2023-23350
RESERVED
-CVE-2023-23349
- RESERVED
+CVE-2023-23349 (Kaspersky has fixed a security issue in Kaspersky Password
Manager (KP ...)
+ TODO: check
CVE-2023-0229 (A flaw was found in github.com/openshift/apiserver-library-go,
used in ...)
NOT-FOR-US: OpenShift
CVE-2023-0228 (Improper Authentication vulnerability in ABB Symphony Plus S+
Operatio ...)
@@ -129470,18 +129556,18 @@ CVE-2022-32758
RESERVED
CVE-2022-32757 (IBM Security Directory Suite VA 8.0.1 through 8.0.1.19 uses an
inadequ ...)
NOT-FOR-US: IBM
-CVE-2022-32756
- RESERVED
+CVE-2022-32756 (IBM Security Verify Directory 10.0.0 could allow a remote
attacker to ...)
+ TODO: check
CVE-2022-32755 (IBM Security Directory Server 6.4.0 is vulnerable to an XML
External E ...)
NOT-FOR-US: IBM
-CVE-2022-32754
- RESERVED
-CVE-2022-32753
- RESERVED
+CVE-2022-32754 (IBM Security Verify Directory 10.0.0 is vulnerable to
cross-site scrip ...)
+ TODO: check
+CVE-2022-32753 (IBM Security Verify Directory 10.0.0 uses weaker than expected
cryptog ...)
+ TODO: check
CVE-2022-32752 (IBM Security Directory Suite VA 8.0.1 through 8.0.1.19 could
allow a r ...)
NOT-FOR-US: IBM
-CVE-2022-32751
- RESERVED
+CVE-2022-32751 (IBM Security Verify Directory 10.0.0 could disclose sensitive
server i ...)
+ TODO: check
CVE-2022-32750 (IBM DataPower Gateway 10.0.2.0 through 10.0.4.0, 10.0.1.0
through 10.0 ...)
NOT-FOR-US: IBM
CVE-2022-32749 (Improper Check for Unusual or Exceptional Conditions
vulnerability han ...)
@@ -160673,7 +160759,7 @@ CVE-2022-22818 (The {% debug %} template tag in
Django 2.2 before 2.2.27, 3.2 be
NOTE:
https://github.com/django/django/commit/1a1e8278c46418bde24c86a65443b0674bae65e2
(3.2.12)
NOTE:
https://github.com/django/django/commit/c27a7eb9f40b64990398978152e62b6ff839c2e6
(2.2.27)
CVE-2022-22817 (PIL.ImageMath.eval in Pillow before 9.0.0 allows evaluation of
arbitra ...)
- {DSA-5053-1 DLA-2893-1}
+ {DSA-5053-1 DLA-3768-1 DLA-2893-1}
- pillow 9.0.0-1
NOTE:
https://pillow.readthedocs.io/en/stable/releasenotes/9.0.0.html#restrict-builtins-available-to-imagemath-eval
NOTE:
https://github.com/python-pillow/Pillow/commit/8531b01d6cdf0b70f256f93092caa2a5d91afc11
(9.0.0)
@@ -226091,6 +226177,7 @@ CVE-2021-23439 (This affects the package
file-upload-with-preview before 4.2.0.
CVE-2021-23438 (This affects the package mpath before 0.8.4. A type confusion
vulnerab ...)
NOT-FOR-US: Node mpath
CVE-2021-23437 (The package pillow 5.2.0 and before 8.3.2 are vulnerable to
Regular Ex ...)
+ {DLA-3768-1}
- pillow 8.3.2-1
[bullseye] - pillow <no-dsa> (Minor issue)
[stretch] - pillow <postponed> (Minor issue, can be fixed in the next
DLA)
View it on GitLab:
https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/b2e733d0724efaea32f12879744c0a62e83c363f
--
View it on GitLab:
https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/b2e733d0724efaea32f12879744c0a62e83c363f
You're receiving this email because of your account on salsa.debian.org.
_______________________________________________
debian-security-tracker-commits mailing list
[email protected]
https://alioth-lists.debian.net/cgi-bin/mailman/listinfo/debian-security-tracker-commits
