Salvatore Bonaccorso pushed to branch master at Debian Security Tracker /
security-tracker
Commits:
eb60c7f7 by security tracker role at 2024-03-27T08:11:53+00:00
automatic update
- - - - -
1 changed file:
- data/CVE/list
Changes:
=====================================
data/CVE/list
=====================================
@@ -1,3 +1,283 @@
+CVE-2024-30201 (Improper Neutralization of Input During Web Page Generation
('Cross-si ...)
+ TODO: check
+CVE-2024-30199 (Improper Neutralization of Input During Web Page Generation
('Cross-si ...)
+ TODO: check
+CVE-2024-30198 (Improper Neutralization of Input During Web Page Generation
('Cross-si ...)
+ TODO: check
+CVE-2024-30197 (Improper Neutralization of Input During Web Page Generation
('Cross-si ...)
+ TODO: check
+CVE-2024-30196 (Improper Neutralization of Input During Web Page Generation
('Cross-si ...)
+ TODO: check
+CVE-2024-30195 (Improper Neutralization of Input During Web Page Generation
('Cross-si ...)
+ TODO: check
+CVE-2024-30194 (Improper Neutralization of Input During Web Page Generation
('Cross-si ...)
+ TODO: check
+CVE-2024-30193 (Improper Neutralization of Input During Web Page Generation
('Cross-si ...)
+ TODO: check
+CVE-2024-30192 (Improper Neutralization of Input During Web Page Generation
('Cross-si ...)
+ TODO: check
+CVE-2024-2971 (Out-of-bounds array write in Xpdf 4.05 and earlier, triggered
by negat ...)
+ TODO: check
+CVE-2024-2956 (The Simple Ajax Chat \u2013 Add a Fast, Secure Chat Box plugin
for Wor ...)
+ TODO: check
+CVE-2024-2954 (The Action Network plugin for WordPress is vulnerable to SQL
Injection ...)
+ TODO: check
+CVE-2024-2945 (A vulnerability was found in Campcodes Online Examination
System 1.0. ...)
+ TODO: check
+CVE-2024-2944 (A vulnerability was found in Campcodes Online Examination
System 1.0 a ...)
+ TODO: check
+CVE-2024-2943 (A vulnerability has been found in Campcodes Online Examination
System ...)
+ TODO: check
+CVE-2024-2942 (A vulnerability, which was classified as critical, was found in
Campco ...)
+ TODO: check
+CVE-2024-2941 (A vulnerability, which was classified as critical, has been
found in C ...)
+ TODO: check
+CVE-2024-2940 (A vulnerability classified as problematic was found in
Campcodes Onlin ...)
+ TODO: check
+CVE-2024-2939 (A vulnerability classified as problematic has been found in
Campcodes ...)
+ TODO: check
+CVE-2024-2938 (A vulnerability was found in Campcodes Online Examination
System 1.0. ...)
+ TODO: check
+CVE-2024-2935 (A vulnerability, which was classified as problematic, has been
found i ...)
+ TODO: check
+CVE-2024-2934 (A vulnerability classified as critical was found in
SourceCodester Tod ...)
+ TODO: check
+CVE-2024-2932 (A vulnerability classified as critical has been found in
SourceCodeste ...)
+ TODO: check
+CVE-2024-2930 (A vulnerability was found in SourceCodester Music Gallery Site
1.0. It ...)
+ TODO: check
+CVE-2024-2927 (A vulnerability was found in code-projects Mobile Shop 1.0. It
has bee ...)
+ TODO: check
+CVE-2024-2917 (A vulnerability was found in Campcodes House Rental Management
System ...)
+ TODO: check
+CVE-2024-2916 (A vulnerability was found in Campcodes House Rental Management
System ...)
+ TODO: check
+CVE-2024-2911 (A vulnerability, which was classified as problematic, was found
in Tia ...)
+ TODO: check
+CVE-2024-2910 (A vulnerability, which was classified as critical, has been
found in R ...)
+ TODO: check
+CVE-2024-2909 (A vulnerability classified as critical was found in Ruijie
RG-EG350 up ...)
+ TODO: check
+CVE-2024-2903 (A vulnerability was found in Tenda AC7 15.03.06.44. It has been
classi ...)
+ TODO: check
+CVE-2024-2781 (The Elementor Website Builder Pro plugin for WordPress is
vulnerable t ...)
+ TODO: check
+CVE-2024-2466 (libcurl did not check the server certificate of TLS connections
done t ...)
+ TODO: check
+CVE-2024-2398 (When an application tells libcurl it wants to allow HTTP/2
server push ...)
+ TODO: check
+CVE-2024-2379 (libcurl skips the certificate verification for a QUIC
connection under ...)
+ TODO: check
+CVE-2024-2244 (REST service authentication anomaly with \u201cvalid
username/no passw ...)
+ TODO: check
+CVE-2024-2210 (The The Plus Addons for Elementor plugin for WordPress is
vulnerable t ...)
+ TODO: check
+CVE-2024-2209 (A user with administrative privileges can create a compromised
dll fil ...)
+ TODO: check
+CVE-2024-2206 (The /proxy route allows a user to proxy arbitrary urls
including poten ...)
+ TODO: check
+CVE-2024-2203 (The The Plus Addons for Elementor plugin for WordPress is
vulnerable t ...)
+ TODO: check
+CVE-2024-2139 (The Master Addons for Elementor plugin for WordPress is
vulnerable to ...)
+ TODO: check
+CVE-2024-2121 (The Elementor Website Builder Pro plugin for WordPress is
vulnerable t ...)
+ TODO: check
+CVE-2024-2120 (The Elementor Website Builder \u2013 More than Just a Page
Builder plu ...)
+ TODO: check
+CVE-2024-2097 (Authenticated List control client can execute the LINQ query in
SCM Se ...)
+ TODO: check
+CVE-2024-2004 (When a protocol selection parameter option disables all
protocols with ...)
+ TODO: check
+CVE-2024-29928 (Improper Neutralization of Input During Web Page Generation
('Cross-si ...)
+ TODO: check
+CVE-2024-29927 (Improper Neutralization of Input During Web Page Generation
('Cross-si ...)
+ TODO: check
+CVE-2024-29926 (Improper Neutralization of Input During Web Page Generation
('Cross-si ...)
+ TODO: check
+CVE-2024-29925 (Improper Neutralization of Input During Web Page Generation
('Cross-si ...)
+ TODO: check
+CVE-2024-29924 (Improper Neutralization of Input During Web Page Generation
('Cross-si ...)
+ TODO: check
+CVE-2024-29923 (Improper Neutralization of Input During Web Page Generation
('Cross-si ...)
+ TODO: check
+CVE-2024-29922 (Improper Neutralization of Input During Web Page Generation
('Cross-si ...)
+ TODO: check
+CVE-2024-29921 (Improper Neutralization of Input During Web Page Generation
('Cross-si ...)
+ TODO: check
+CVE-2024-29920 (Improper Neutralization of Input During Web Page Generation
('Cross-si ...)
+ TODO: check
+CVE-2024-29919 (Improper Neutralization of Input During Web Page Generation
('Cross-si ...)
+ TODO: check
+CVE-2024-29918 (Improper Neutralization of Input During Web Page Generation
('Cross-si ...)
+ TODO: check
+CVE-2024-29917 (Improper Neutralization of Input During Web Page Generation
('Cross-si ...)
+ TODO: check
+CVE-2024-29915 (Improper Neutralization of Input During Web Page Generation
('Cross-si ...)
+ TODO: check
+CVE-2024-29914 (Improper Neutralization of Input During Web Page Generation
('Cross-si ...)
+ TODO: check
+CVE-2024-29913 (Improper Neutralization of Input During Web Page Generation
('Cross-si ...)
+ TODO: check
+CVE-2024-29912 (Improper Neutralization of Input During Web Page Generation
('Cross-si ...)
+ TODO: check
+CVE-2024-29911 (Improper Neutralization of Input During Web Page Generation
('Cross-si ...)
+ TODO: check
+CVE-2024-29910 (Improper Neutralization of Input During Web Page Generation
('Cross-si ...)
+ TODO: check
+CVE-2024-29909 (Improper Neutralization of Input During Web Page Generation
('Cross-si ...)
+ TODO: check
+CVE-2024-29908 (Improper Neutralization of Input During Web Page Generation
('Cross-si ...)
+ TODO: check
+CVE-2024-29907 (Improper Neutralization of Input During Web Page Generation
('Cross-si ...)
+ TODO: check
+CVE-2024-29906 (Improper Neutralization of Input During Web Page Generation
('Cross-si ...)
+ TODO: check
+CVE-2024-29820 (Improper Neutralization of Input During Web Page Generation
('Cross-si ...)
+ TODO: check
+CVE-2024-28815 (A vulnerability in the BluStar component of Mitel InAttend 2.6
SP4 thr ...)
+ TODO: check
+CVE-2024-28551 (Tenda AC18 V15.03.05.05 has a stack overflow vulnerability in
the ssid ...)
+ TODO: check
+CVE-2024-28545 (Tenda AC18 V15.03.05.05 contains a command injection
vulnerablility in ...)
+ TODO: check
+CVE-2024-28335 (Lektor before 3.3.11 does not sanitize DB path traversal.
Thus, shell ...)
+ TODO: check
+CVE-2024-27521 (TOTOLINK A3300R V17.0.0cu.557_B20221024 was discovered to
contain an u ...)
+ TODO: check
+CVE-2024-27188 (Improper Neutralization of Input During Web Page Generation
('Cross-si ...)
+ TODO: check
+CVE-2024-26577 (VSeeFace through 1.13.38.c2 allows attackers to cause a denial
of serv ...)
+ TODO: check
+CVE-2024-26303 (Authenticated Denial of Service Vulnerability in
ArubaOS-Switch SSH Da ...)
+ TODO: check
+CVE-2024-25926 (Improper Neutralization of Input During Web Page Generation
('Cross-si ...)
+ TODO: check
+CVE-2024-25920 (Improper Neutralization of Input During Web Page Generation
('Cross-si ...)
+ TODO: check
+CVE-2024-25736 (An issue was discovered on WyreStorm Apollo VX20 devices
before 1.3.58 ...)
+ TODO: check
+CVE-2024-25735 (An issue was discovered on WyreStorm Apollo VX20 devices
before 1.3.58 ...)
+ TODO: check
+CVE-2024-25734 (An issue was discovered on WyreStorm Apollo VX20 devices
before 1.3.58 ...)
+ TODO: check
+CVE-2024-25421 (An issue in Ignite Realtime Openfire v.4.9.0 and before allows
a remot ...)
+ TODO: check
+CVE-2024-25420 (An issue in Ignite Realtime Openfire v.4.9.0 and before allows
a remot ...)
+ TODO: check
+CVE-2024-25138 (In AutomationDirect C-MORE EA9 HMI, credentials used by the
platform ...)
+ TODO: check
+CVE-2024-25137 (In AutomationDirect C-MORE EA9 HMI there is a program that
copies a bu ...)
+ TODO: check
+CVE-2024-25136 (There is a function in AutomationDirect C-MORE EA9 HMI that
allows an ...)
+ TODO: check
+CVE-2024-24842 (Deserialization of Untrusted Data vulnerability in Echo
Plugins Knowle ...)
+ TODO: check
+CVE-2024-24800 (Improper Neutralization of Input During Web Page Generation
('Cross-si ...)
+ TODO: check
+CVE-2024-24700 (Improper Neutralization of Input During Web Page Generation
('Cross-si ...)
+ TODO: check
+CVE-2024-22311 (Improper Neutralization of Input During Web Page Generation
('Cross-si ...)
+ TODO: check
+CVE-2024-22300 (Improper Neutralization of Input During Web Page Generation
('Cross-si ...)
+ TODO: check
+CVE-2024-22299 (Improper Neutralization of Input During Web Page Generation
('Cross-si ...)
+ TODO: check
+CVE-2024-22288 (Improper Neutralization of Input During Web Page Generation
('Cross-si ...)
+ TODO: check
+CVE-2024-22149 (Improper Neutralization of Input During Web Page Generation
('Cross-si ...)
+ TODO: check
+CVE-2024-1532 (A vulnerability exists in the stb-language file handling that
affects ...)
+ TODO: check
+CVE-2024-1531 (A vulnerability exists in the stb-language file handling that
affects ...)
+ TODO: check
+CVE-2024-1521 (The Elementor Website Builder Pro plugin for WordPress is
vulnerable t ...)
+ TODO: check
+CVE-2024-1364 (The Elementor Website Builder Pro plugin for WordPress is
vulnerable t ...)
+ TODO: check
+CVE-2024-0400 (SCM Software is a client and server application. An
Authenticated Syst ...)
+ TODO: check
+CVE-2023-52228 (Improper Neutralization of Input During Web Page Generation
('Cross-si ...)
+ TODO: check
+CVE-2023-51148 (An issue in TRENDnet Trendnet AC1200 Dual Band PoE Indoor
Wireless Acc ...)
+ TODO: check
+CVE-2023-51147 (Buffer Overflow vulnerability in TRENDnet Trendnet AC1200
TEW-821DAP w ...)
+ TODO: check
+CVE-2023-51146 (Buffer Overflow vulnerability in TRENDnet AC1200 TEW-821DAP
with firmw ...)
+ TODO: check
+CVE-2023-50702 (Sikka SSCWindowsService 5 2023-09-14 executes a program as
LocalSystem ...)
+ TODO: check
+CVE-2023-49815 (Unrestricted Upload of File with Dangerous Type vulnerability
in WappP ...)
+ TODO: check
+CVE-2023-48777 (Unrestricted Upload of File with Dangerous Type vulnerability
in Eleme ...)
+ TODO: check
+CVE-2023-48275 (Unrestricted Upload of File with Dangerous Type vulnerability
in Trust ...)
+ TODO: check
+CVE-2023-47873 (Unrestricted Upload of File with Dangerous Type vulnerability
in WEN S ...)
+ TODO: check
+CVE-2023-47846 (Unrestricted Upload of File with Dangerous Type vulnerability
in Terry ...)
+ TODO: check
+CVE-2023-47842 (Unrestricted Upload of File with Dangerous Type vulnerability
in Zacha ...)
+ TODO: check
+CVE-2023-46052 (Sane 1.2.1 heap bounds overwrite in init_options() from
backend/test.c ...)
+ TODO: check
+CVE-2023-46051 (TeX Live 944e257 allows a NULL pointer dereference in
texk/web2c/pdfte ...)
+ TODO: check
+CVE-2023-46049 (LLVM 15.0.0 has a NULL pointer dereference in the
parseOneMetadata() f ...)
+ TODO: check
+CVE-2023-46048 (Tex Live 944e257 has a NULL pointer dereference in
texk/web2c/pdftexdi ...)
+ TODO: check
+CVE-2023-46047 (An issue in Sane 1.2.1 allows a local attacker to execute
arbitrary co ...)
+ TODO: check
+CVE-2023-46046 (An issue in MiniZinc before 2.8.0 allows a NULL pointer
dereference vi ...)
+ TODO: check
+CVE-2023-45935 (Qt 6 through 6.6 was discovered to contain a NULL pointer
dereference ...)
+ TODO: check
+CVE-2023-45931 (Mesa 23.0.4 was discovered to contain a NULL pointer
dereference in ch ...)
+ TODO: check
+CVE-2023-45929 (S-Lang 2.3.2 was discovered to contain a segmentation fault
via the fu ...)
+ TODO: check
+CVE-2023-45927 (S-Lang 2.3.2 was discovered to contain an arithmetic exception
via the ...)
+ TODO: check
+CVE-2023-45925 (GNU Midnight Commander 4.8.29-146-g299d9a2fb was discovered to
contain ...)
+ TODO: check
+CVE-2023-45924 (libglxproto.c in OpenGL libglvnd bb06db5a was discovered to
contain a ...)
+ TODO: check
+CVE-2023-45922 (glx_pbuffer.c in Mesa 23.0.4 was discovered to contain a
segmentation ...)
+ TODO: check
+CVE-2023-45920 (Xfig v3.2.8 was discovered to contain a NULL pointer
dereference when ...)
+ TODO: check
+CVE-2023-45919 (Mesa 23.0.4 was discovered to contain a buffer over-read in
glXQuerySe ...)
+ TODO: check
+CVE-2023-45913 (Mesa v23.0.4 was discovered to contain a NULL pointer
dereference via ...)
+ TODO: check
+CVE-2023-43768 (An issue was discovered in Couchbase Server 6.6.x through
7.2.0, befor ...)
+ TODO: check
+CVE-2023-40290 (An issue was discovered on Supermicro X11SSM-F, X11SAE-F, and
X11SSE-F ...)
+ TODO: check
+CVE-2023-40289 (A command injection issue was discovered on Supermicro
X11SSM-F, X11SA ...)
+ TODO: check
+CVE-2023-40288 (An issue was discovered on Supermicro X11SSM-F, X11SAE-F, and
X11SSE-F ...)
+ TODO: check
+CVE-2023-40287 (An issue was discovered on Supermicro X11SSM-F, X11SAE-F, and
X11SSE-F ...)
+ TODO: check
+CVE-2023-40286 (An issue was discovered on Supermicro X11SSM-F, X11SAE-F, and
X11SSE-F ...)
+ TODO: check
+CVE-2023-40285 (An issue was discovered on Supermicro X11SSM-F, X11SAE-F, and
X11SSE-F ...)
+ TODO: check
+CVE-2023-40284 (An issue was discovered on Supermicro X11SSM-F, X11SAE-F, and
X11SSE-F ...)
+ TODO: check
+CVE-2023-39307 (Unrestricted Upload of File with Dangerous Type vulnerability
in Theme ...)
+ TODO: check
+CVE-2023-39306 (Improper Neutralization of Input During Web Page Generation
('Cross-si ...)
+ TODO: check
+CVE-2023-38388 (Unrestricted Upload of File with Dangerous Type vulnerability
in Artbe ...)
+ TODO: check
+CVE-2023-31854 (std::bad_alloc is mishandled in Precomp 0.4.8. NOTE: this is
disputed ...)
+ TODO: check
+CVE-2023-31634 (In TeslaMate before 1.27.2, there is unauthorized access to
port 4000 ...)
+ TODO: check
+CVE-2017-20190 (Some Microsoft technologies as used in Windows 8 through 11
allow a te ...)
+ TODO: check
CVE-2024-22029
- tomcat10 <not-affected> (SUSE specfic packaging issue on
/usr/share/tomcat/tomcat-webapps permissions)
- tomcat9 <not-affected> (SUSE specfic packaging issue on
/usr/share/tomcat/tomcat-webapps permissions)
@@ -174,19 +454,19 @@ CVE-2023-33322 (Improper Neutralization of Input During
Web Page Generation ('Cr
NOT-FOR-US: WordPress plugin
CVE-2023-32237 (Improper Neutralization of Input During Web Page Generation
('Cross-si ...)
NOT-FOR-US: WordPress theme
-CVE-2024-2887
+CVE-2024-2887 (Type Confusion in WebAssembly in Google Chrome prior to
123.0.6312.86 ...)
- chromium <unfixed>
[bullseye] - chromium <end-of-life> (see #1061268)
[buster] - chromium <end-of-life> (see DSA 5046)
-CVE-2024-2886
+CVE-2024-2886 (Use after free in WebCodecs in Google Chrome prior to
123.0.6312.86 al ...)
- chromium <unfixed>
[bullseye] - chromium <end-of-life> (see #1061268)
[buster] - chromium <end-of-life> (see DSA 5046)
-CVE-2024-2885
+CVE-2024-2885 (Use after free in Dawn in Google Chrome prior to 123.0.6312.86
allowed ...)
- chromium <unfixed>
[bullseye] - chromium <end-of-life> (see #1061268)
[buster] - chromium <end-of-life> (see DSA 5046)
-CVE-2024-2883
+CVE-2024-2883 (Use after free in ANGLE in Google Chrome prior to 123.0.6312.86
allowe ...)
- chromium <unfixed>
[bullseye] - chromium <end-of-life> (see #1061268)
[buster] - chromium <end-of-life> (see DSA 5046)
@@ -2982,25 +3262,25 @@ CVE-2023-32633 (Improper input validation in the
Intel(R) CSME installer softwar
NOT-FOR-US: Intel
CVE-2023-28389 (Incorrect default permissions in some Intel(R) CSME installer
software ...)
NOT-FOR-US: Intel
-CVE-2024-25395
+CVE-2024-25395 (A buffer overflow occurs in utilities/rt-link/src/rtlink.c in
RT-Threa ...)
NOT-FOR-US: RT-Thread
-CVE-2024-25394
+CVE-2024-25394 (A buffer overflow occurs in utilities/ymodem/ry_sy.c in
RT-Thread thro ...)
NOT-FOR-US: RT-Thread
-CVE-2024-25393
+CVE-2024-25393 (A stack buffer overflow occurs in net/at/src/at_server.c in
RT-Thread ...)
NOT-FOR-US: RT-Thread
-CVE-2024-25392
+CVE-2024-25392 (An out-of-bounds access occurs in
utilities/var_export/var_export.c in ...)
NOT-FOR-US: RT-Thread
-CVE-2024-25391
+CVE-2024-25391 (A stack buffer overflow occurs in libc/posix/ipc/mqueue.c in
RT-Thread ...)
NOT-FOR-US: RT-Thread
-CVE-2024-25390
+CVE-2024-25390 (A heap buffer overflow occurs in finsh/msh_file.c and
finsh/msh.c in R ...)
NOT-FOR-US: RT-Thread
-CVE-2024-25388
+CVE-2024-25388 (drivers/wlan/wlan_mgmt,c in RT-Thread through 5.0.2 has an
integer sig ...)
NOT-FOR-US: RT-Thread
-CVE-2024-25389
+CVE-2024-25389 (RT-Thread through 5.0.2 generates random numbers with a weak
algorithm ...)
NOT-FOR-US: RT-Thread
-CVE-2024-24335
+CVE-2024-24335 (A heap buffer overflow occurs in the dfs_v2 romfs filesystem
RT-Thread ...)
NOT-FOR-US: RT-Thread
-CVE-2024-24334
+CVE-2024-24334 (A heap buffer overflow occurs in dfs_v2 dfs_file in RT-Thread
through ...)
NOT-FOR-US: RT-Thread
CVE-2024-28746 (Apache Airflow, versions 2.8.0 through 2.8.2, has a
vulnerability that ...)
- airflow <itp> (bug #819700)
@@ -4438,6 +4718,7 @@ CVE-2024-23254 (The issue was addressed with improved UI
handling. This issue is
CVE-2024-23253 (A permissions issue was addressed with additional
restrictions. This i ...)
NOT-FOR-US: Apple
CVE-2024-23252
+ REJECTED
- webkit2gtk 2.44.0-1
[buster] - webkit2gtk <end-of-life> (EOL in buster LTS)
- wpewebkit <unfixed>
@@ -8471,6 +8752,7 @@ CVE-2024-26594 (In the Linux kernel, the following
vulnerability has been resolv
[buster] - linux <not-affected> (Vulnerable code not present)
NOTE:
https://git.kernel.org/linus/92e470163d96df8db6c4fa0f484e4a229edb903d (6.8-rc1)
CVE-2024-22025 (A vulnerability in Node.js has been identified, allowing for a
Denial ...)
+ {DLA-3776-1}
- nodejs 18.19.1+dfsg-1
NOTE: https://nodejs.org/en/blog/release/v18.19.1
NOTE:
https://github.com/nodejs/node/commit/f31d47e135973746c4f490d5eb635eded8bb3dda
(v18.x)
@@ -9997,7 +10279,7 @@ CVE-2023-52161 (The Access Point functionality in
eapol_auth_key_handle in eapol
NOTE:
https://git.kernel.org/pub/scm/network/wireless/iwd.git/commit/?id=6415420f1c92012f64063c131480ffcef58e60ca
(2.14)
CVE-2024-0793
NOT-FOR-US: kube-controller-manager
-CVE-2024-25580 [QT KTX buffer overflow]
+CVE-2024-25580 (An issue was discovered in gui/util/qktxhandler.cpp in Qt
before 5.15. ...)
[experimental] - qt6-base 6.6.2+dfsg-1
- qt6-base <unfixed> (bug #1064052)
[bookworm] - qt6-base <no-dsa> (Minor issue)
@@ -10084,6 +10366,7 @@ CVE-2024-21891 (Node.js depends on multiple built-in
utility functions to normal
- nodejs <not-affected> (Only affects 20.x and later)
NOTE:
https://nodejs.org/en/blog/vulnerability/february-2024-security-releases/#multiple-permission-model-bypasses-due-to-improper-path-traversal-sequence-sanitization-cve-2024-21891---medium
CVE-2023-46809
+ {DLA-3776-1}
- nodejs 18.19.1+dfsg-1 (bug #1064055)
NOTE:
https://nodejs.org/en/blog/vulnerability/february-2024-security-releases/#nodejs-is-vulnerable-to-the-marvin-attack-timing-variant-of-the-bleichenbacher-attack-against-pkcs1-v15-padding-cve-2023-46809---medium
NOTE:
https://github.com/nodejs/node/commit/d3d357ab096884f10f5d2f164149727eea875635
(v18.x)
@@ -13785,7 +14068,7 @@ CVE-2023-45923
REJECTED
CVE-2023-37571 (Softing TH SCOPE through 3.70 allows XSS.)
NOT-FOR-US: Softing TH SCOPE
-CVE-2024-1023
+CVE-2024-1023 (A vulnerability in the Eclipse Vert.x toolkit results in a
memory leak ...)
NOT-FOR-US: Eclipse Vertx
CVE-2024-24141 (Sourcecodester School Task Manager App 1.0 allows SQL
Injection via th ...)
NOT-FOR-US: Sourcecodester School Task Manager App
@@ -23524,7 +23807,7 @@ CVE-2023-6356 (A flaw was found in the Linux kernel's
NVMe driver. This issue ma
[bookworm] - linux 6.1.76-1
[bullseye] - linux 5.10.209-1
NOTE: https://bugzilla.redhat.com/show_bug.cgi?id=2254054
-CVE-2023-39804 [Incorrectly handled extension attributes in PAX archives can
lead to a crash]
+CVE-2023-39804 (In GNU tar before 1.35, mishandled extension attributes in a
PAX archi ...)
{DLA-3755-1}
- tar 1.34+dfsg-1.3 (bug #1058079)
[bookworm] - tar 1.34+dfsg-1.2+deb12u1
@@ -56737,7 +57020,7 @@ CVE-2023-30592
CVE-2023-30591 (Denial-of-service in NodeBB <= v2.8.10 allows unauthenticated
attacker ...)
NOT-FOR-US: NodeBB
CVE-2023-30590 (The generateKeys() API function returned from
crypto.createDiffieHellm ...)
- {DSA-5589-1}
+ {DSA-5589-1 DLA-3776-1}
- nodejs 18.13.0+dfsg1-1.1 (bug #1039990)
[bullseye] - nodejs <ignored> (Minor issue, only updates documentation
to clarify an API)
NOTE:
https://nodejs.org/en/blog/vulnerability/june-2023-security-releases#diffiehellman-do-not-generate-keys-after-setting-a-private-key-medium-cve-2023-30590
@@ -60250,8 +60533,8 @@ CVE-2023-29388 (Unauth. Reflected Cross-Site Scripting
(XSS) vulnerability in im
NOT-FOR-US: WordPress plugin
CVE-2023-29387 (Auth. (contributor+) Stored Cross-Site Scripting (XSS)
vulnerability i ...)
NOT-FOR-US: WordPress plugin
-CVE-2023-29386
- RESERVED
+CVE-2023-29386 (Unrestricted Upload of File with Dangerous Type vulnerability
in Julie ...)
+ TODO: check
CVE-2023-29385 (Unauth. Reflected Cross-Site Scripting (XSS) vulnerability in
Kevon Ad ...)
NOT-FOR-US: WordPress plugin
CVE-2023-29384 (Unrestricted Upload of File with Dangerous Type vulnerability
in HM Pl ...)
@@ -61071,8 +61354,7 @@ CVE-2023-29136
CVE-2023-29135
RESERVED
NOT-FOR-US: CheckUser MediaWiki extension
-CVE-2023-29134
- RESERVED
+CVE-2023-29134 (An issue was discovered in the Cargo extension for MediaWiki
through 1 ...)
NOT-FOR-US: Cargo MediaWiki extension
CVE-2023-29133
RESERVED
@@ -62317,8 +62599,8 @@ CVE-2023-28789 (Unauth. Reflected Cross-Site Scripting
(XSS) vulnerability in Ci
NOT-FOR-US: WordPress plugin
CVE-2023-28788 (Improper Neutralization of Special Elements used in an SQL
Command ('S ...)
NOT-FOR-US: WordPress plugin
-CVE-2023-28787
- RESERVED
+CVE-2023-28787 (Improper Neutralization of Special Elements used in an SQL
Command ('S ...)
+ TODO: check
CVE-2023-28786 (URL Redirection to Untrusted Site ('Open Redirect')
vulnerability in S ...)
NOT-FOR-US: WordPress plugin
CVE-2023-28785 (Auth. (contributor+) Stored Cross-Site Scripting (XSS)
vulnerability i ...)
@@ -62700,8 +62982,8 @@ CVE-2023-28689
RESERVED
CVE-2023-28688
RESERVED
-CVE-2023-28687
- RESERVED
+CVE-2023-28687 (Improper Neutralization of Input During Web Page Generation
('Cross-si ...)
+ TODO: check
CVE-2023-1551
RESERVED
CVE-2023-1550 (Insertion of Sensitive Information into log file vulnerability
in NGIN ...)
@@ -73105,8 +73387,8 @@ CVE-2023-25366 (In Siglent SDS 1104X-E
SDS1xx4X-E_V6.1.37R9.ADS, insecure SCPI i
NOT-FOR-US: Siglent SDS 1104X-E SDS1xx4X-E_V6.1.37R9.ADS
CVE-2023-25365 (Cross Site Scripting vulnerability found in October CMS
v.3.2.0 allows ...)
NOT-FOR-US: October CMS
-CVE-2023-25364
- RESERVED
+CVE-2023-25364 (Opswat Metadefender Core before 5.2.1 does not properly defend
against ...)
+ TODO: check
CVE-2023-25363 (A use-after-free vulnerability in
WebCore::RenderLayer::updateDescenda ...)
{DSA-5241-1 DSA-5240-1 DLA-3124-1}
- webkit2gtk 2.38.0-1
View it on GitLab:
https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/eb60c7f7affed1242de87a332fca030cc2432617
--
View it on GitLab:
https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/eb60c7f7affed1242de87a332fca030cc2432617
You're receiving this email because of your account on salsa.debian.org.
_______________________________________________
debian-security-tracker-commits mailing list
[email protected]
https://alioth-lists.debian.net/cgi-bin/mailman/listinfo/debian-security-tracker-commits
