[Git][security-tracker-team/security-tracker][master] automatic update

Salvatore Bonaccorso (@carnil) carnil at debian.org
Thu Feb 1 08:11:47 GMT 2024 


Salvatore Bonaccorso pushed to branch master at Debian Security Tracker / security-tracker


Commits:
1b048c42 by security tracker role at 2024-02-01T08:11:31+00:00
automatic update

- - - - -


1 changed file:

- data/CVE/list


Changes:

=====================================
data/CVE/list
=====================================
@@ -1,3 +1,39 @@
+CVE-2024-24747 (MinIO is a High Performance Object Storage. When someone creates an ac ...)
+	TODO: check
+CVE-2024-24573 (facileManager is a modular suite of web apps built with the sysadmin i ...)
+	TODO: check
+CVE-2024-24572 (facileManager is a modular suite of web apps built with the sysadmin i ...)
+	TODO: check
+CVE-2024-24571 (facileManager is a modular suite of web apps built with the sysadmin i ...)
+	TODO: check
+CVE-2024-24548 (Payment EX Ver1.1.5b and earlier allows a remote unauthenticated attac ...)
+	TODO: check
+CVE-2024-23941 (Cross-site scripting vulnerability exists in Group Office prior to v6. ...)
+	TODO: check
+CVE-2024-23653 (BuildKit is a toolkit for converting source code to build artifacts in ...)
+	TODO: check
+CVE-2024-23652 (BuildKit is a toolkit for converting source code to build artifacts in ...)
+	TODO: check
+CVE-2024-23651 (BuildKit is a toolkit for converting source code to build artifacts in ...)
+	TODO: check
+CVE-2024-23650 (BuildKit is a toolkit for converting source code to build artifacts in ...)
+	TODO: check
+CVE-2024-22859 (Cross-Site Request Forgery (CSRF) vulnerability in livewire before v3. ...)
+	TODO: check
+CVE-2024-1130 (The NEX-Forms \u2013 Ultimate Form Builder \u2013 Contact forms and mu ...)
+	TODO: check
+CVE-2024-1129 (The NEX-Forms \u2013 Ultimate Form Builder \u2013 Contact forms and mu ...)
+	TODO: check
+CVE-2024-1117 (A vulnerability was found in openBI up to 1.0.8. It has been declared  ...)
+	TODO: check
+CVE-2024-0907 (The NEX-Forms \u2013 Ultimate Form Builder \u2013 Contact forms and mu ...)
+	TODO: check
+CVE-2024-0831 (Vault and Vault Enterprise (\u201cVault\u201d) may expose sensitive in ...)
+	TODO: check
+CVE-2023-7069 (The Advanced iFrame plugin for WordPress is vulnerable to Stored Cross ...)
+	TODO: check
+CVE-2023-51939 (An issue in the cp_bbs_sig function in relic/src/cp/relic_cp_bbs.c of  ...)
+	TODO: check
 CVE-2024-0853 [OCSP verification bypass with TLS session reuse]
 	- curl 8.6.0-1
 	[bookworm] - curl <not-affected> (Vulnerable code introduced later)
@@ -6,7 +42,7 @@ CVE-2024-0853 [OCSP verification bypass with TLS session reuse]
 	NOTE: https://curl.se/docs/CVE-2024-0853.html
 	NOTE: Introduced by: https://github.com/curl/curl/commit/395365ad2d9a6c3f1a35d5e268a6af2824129832 (curl-8_5_0)
 	NOTE: Fixed by: https://github.com/curl/curl/commit/c28e9478cb2548848eca9b765d0d409bfb18668c (curl-8_6_0)
-CVE-2024-21626
+CVE-2024-21626 (runc is a CLI tool for spawning and running containers on Linux accord ...)
 	- runc <unfixed>
 	NOTE: https://www.openwall.com/lists/oss-security/2024/01/31/6
 	NOTE: https://github.com/opencontainers/runc/security/advisories/GHSA-xr7r-f8xq-vfvv
@@ -1965,7 +2001,7 @@ CVE-2023-51892 (An issue in weaver e-cology v.10.0.2310.01 allows a remote attac
 	NOT-FOR-US: weaver e-cology
 CVE-2023-49329 (Anomali Match before 4.6.2 allows OS Command Injection. An authenticat ...)
 	NOT-FOR-US: Anomali Match
-CVE-2023-47024 (Cross Site Request Forgery vulnerability in NCR Terminal Handler v.1.5 ...)
+CVE-2023-47024 (Cross-Site Request Forgery (CSRF) in NCR Terminal Handler v.1.5.1 lead ...)
 	NOT-FOR-US: NCR Terminal Handler
 CVE-2023-46447 (The POPS! Rebel application 5.0 for Android, in POPS! Rebel Bluetooth  ...)
 	NOT-FOR-US: POPS! Rebel
@@ -8084,7 +8120,7 @@ CVE-2023-32725 (The website configured in the URL widget will receive a session
 CVE-2023-32230 (An improper handling of a malformed API request to an API server in Bo ...)
 	NOT-FOR-US: Bosch
 CVE-2023-48795 (The SSH transport protocol with certain OpenSSH extensions, found in O ...)
-	{DSA-5601-1 DSA-5600-1 DSA-5599-1 DSA-5591-1 DSA-5588-1 DSA-5586-1 DLA-3719-1 DLA-3718-1 DLA-3694-1}
+	{DSA-5601-1 DSA-5600-1 DSA-5599-1 DSA-5591-1 DSA-5588-1 DSA-5586-1 DLA-3730-1 DLA-3719-1 DLA-3718-1 DLA-3694-1}
 	- dropbear 2022.83-4 (bug #1059001)
 	[bookworm] - dropbear <no-dsa> (Minor issue)
 	[bullseye] - dropbear <no-dsa> (Minor issue)
@@ -73867,8 +73903,8 @@ CVE-2022-47074
 	RESERVED
 CVE-2022-47073 (A cross-site scripting (XSS) vulnerability in the Create Ticket page o ...)
 	NOT-FOR-US: Small CRM
-CVE-2022-47072
-	RESERVED
+CVE-2022-47072 (SQL injection vulnerability in Enterprise Architect 16.0.1605 32-bit a ...)
+	TODO: check
 CVE-2022-47071 (In NVS365 V01, the background network test function can trigger comman ...)
 	NOT-FOR-US: NVS365 V01
 CVE-2022-47070 (NVS365 V01 is vulnerable to Incorrect Access Control. After entering a ...)



View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/1b048c42ac1065103415d6d128125c54a23e9e07

-- 
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/1b048c42ac1065103415d6d128125c54a23e9e07
You're receiving this email because of your account on salsa.debian.org.


-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://alioth-lists.debian.net/pipermail/debian-security-tracker-commits/attachments/20240201/8e04b4e6/attachment-0001.htm>

More information about the debian-security-tracker-commits mailing list