[Git][security-tracker-team/security-tracker][master] automatic update

Salvatore Bonaccorso (@carnil) carnil at debian.org
Fri Feb 2 08:12:11 GMT 2024



Salvatore Bonaccorso pushed to branch master at Debian Security Tracker / security-tracker


Commits:
8c74e04d by security tracker role at 2024-02-02T08:11:56+00:00
automatic update

- - - - -


1 changed file:

- data/CVE/list


Changes:

=====================================
data/CVE/list
=====================================
@@ -1,3 +1,163 @@
+CVE-2024-24945 (A stored cross-site scripting (XSS) vulnerability in Travel Journal Us ...)
+	TODO: check
+CVE-2024-24756 (Crafatar serves Minecraft avatars based on the skin for use in externa ...)
+	TODO: check
+CVE-2024-24755 (discourse-group-membership-ip-block is a discourse plugin that adds su ...)
+	TODO: check
+CVE-2024-24524 (Cross Site Request Forgery (CSRF) vulnerability in flusity-CMS v.2.33, ...)
+	TODO: check
+CVE-2024-24482 (Aprktool before 2.9.3 on Windows allows ../ and /.. directory traversa ...)
+	TODO: check
+CVE-2024-24041 (A stored cross-site scripting (XSS) vulnerability in Travel Journal Us ...)
+	TODO: check
+CVE-2024-23978 (Heap-based buffer overflow vulnerability exists in HOME SPOT CUBE2 V10 ...)
+	TODO: check
+CVE-2024-23746 (Miro Desktop 0.8.18 on macOS allows Electron code injection.)
+	TODO: check
+CVE-2024-23052 (An issue in WuKongOpenSource WukongCRM v.72crm_9.0.1_20191202 allows a ...)
+	TODO: check
+CVE-2024-23034 (Cross Site Scripting vulnerability in the input parameter in eyoucms v ...)
+	TODO: check
+CVE-2024-23033 (Cross Site Scripting vulnerability in the path parameter in eyoucms v. ...)
+	TODO: check
+CVE-2024-23032 (Cross Site Scripting vulnerability in num parameter in eyoucms v.1.6.5 ...)
+	TODO: check
+CVE-2024-23031 (Cross Site Scripting (XSS) vulnerability in is_water parameter in eyou ...)
+	TODO: check
+CVE-2024-22927 (Cross Site Scripting (XSS) vulnerability in the func parameter in eyou ...)
+	TODO: check
+CVE-2024-22903 (Vinchin Backup & Recovery v7.2 was discovered to contain an authentica ...)
+	TODO: check
+CVE-2024-22902 (Vinchin Backup & Recovery v7.2 was discovered to be configured with de ...)
+	TODO: check
+CVE-2024-22901 (Vinchin Backup & Recovery v7.2 was discovered to use default MYSQL cre ...)
+	TODO: check
+CVE-2024-22900 (Vinchin Backup & Recovery v7.2 was discovered to contain an authentica ...)
+	TODO: check
+CVE-2024-22899 (Vinchin Backup & Recovery v7.2 was discovered to contain an authentica ...)
+	TODO: check
+CVE-2024-22779 (Directory Traversal vulnerability in Kihron ServerRPExposer v.1.0.2 an ...)
+	TODO: check
+CVE-2024-22533 (Before Beetl v3.15.12, the rendering template has a server-side templa ...)
+	TODO: check
+CVE-2024-22320 (IBM Operational Decision Manager 8.10.3, 8.10.4, 8.10.5.1, 8.11, 8.11. ...)
+	TODO: check
+CVE-2024-22319 (IBM Operational Decision Manager 8.10.3, 8.10.4, 8.10.5.1, 8.11, 8.11. ...)
+	TODO: check
+CVE-2024-22096 (In Rapid Software LLC's Rapid SCADA versions prior toVersion 5.8.4,an  ...)
+	TODO: check
+CVE-2024-22016 (In Rapid Software LLC's Rapid SCADA versions prior toVersion 5.8.4,an  ...)
+	TODO: check
+CVE-2024-21869 (In Rapid Software LLC's Rapid SCADA versions prior toVersion 5.8.4, th ...)
+	TODO: check
+CVE-2024-21866 (In Rapid Software LLC's Rapid SCADA versions prior toVersion 5.8.4, th ...)
+	TODO: check
+CVE-2024-21863 (in OpenHarmony v4.0.0 and prior versions allow a local attacker cause  ...)
+	TODO: check
+CVE-2024-21860 (in OpenHarmony v4.0.0 and prior versions  allow an adjacent attacker a ...)
+	TODO: check
+CVE-2024-21852 (In Rapid Software LLC's Rapid SCADA versions prior toVersion 5.8.4,an  ...)
+	TODO: check
+CVE-2024-21851 (in OpenHarmony v4.0.0 and prior versions allow a local attacker cause  ...)
+	TODO: check
+CVE-2024-21845 (in OpenHarmony v4.0.0 and prior versions allow a local attacker cause  ...)
+	TODO: check
+CVE-2024-21794 (In Rapid Software LLC's Rapid SCADA versions prior toVersion 5.8.4,an  ...)
+	TODO: check
+CVE-2024-21780 (Stack-based buffer overflow vulnerability exists in HOME SPOT CUBE2 V1 ...)
+	TODO: check
+CVE-2024-21764 (In Rapid Software LLC's Rapid SCADA versions prior toVersion 5.8.4, th ...)
+	TODO: check
+CVE-2024-21485 (Versions of the package dash-core-components before 2.13.0; all versio ...)
+	TODO: check
+CVE-2024-21399 (Microsoft Edge (Chromium-based) Remote Code Execution Vulnerability)
+	TODO: check
+CVE-2024-1162 (The Orbit Fox by ThemeIsle plugin for WordPress is vulnerable to Cross ...)
+	TODO: check
+CVE-2024-1143 (Central Dogma versions prior to 0.64.0 is vulnerable to Cross-Site Scr ...)
+	TODO: check
+CVE-2024-1073 (The SlimStat Analytics plugin for WordPress is vulnerable to Stored Cr ...)
+	TODO: check
+CVE-2024-1047 (The Orbit Fox by ThemeIsle plugin for WordPress is vulnerable to unaut ...)
+	TODO: check
+CVE-2024-1040 (Gessler GmbH WEB-MASTER user account is stored using a weak hashing al ...)
+	TODO: check
+CVE-2024-1039 (Gessler GmbH WEB-MASTER has a restoration account that uses weak hard  ...)
+	TODO: check
+CVE-2024-0685 (The Ninja Forms Contact Form \u2013 The Drag and Drop Form Builder for ...)
+	TODO: check
+CVE-2024-0325 (In Helix Sync versions prior to 2024.1, a local command injection was  ...)
+	TODO: check
+CVE-2024-0285 (in OpenHarmony v4.0.0 and prior versions allow a local attacker cause  ...)
+	TODO: check
+CVE-2023-6221 (The cloud provider MachineSense uses for integration and deployment fo ...)
+	TODO: check
+CVE-2023-50962 (IBM PowerSC 1.3, 2.0, and 2.1 MFA does not implement the "HTTP Strict  ...)
+	TODO: check
+CVE-2023-50941 (IBM PowerSC 1.3, 2.0, and 2.1 does not provide logout functionality, w ...)
+	TODO: check
+CVE-2023-50940 (IBM PowerSC 1.3, 2.0, and 2.1 uses Cross-Origin Resource Sharing (CORS ...)
+	TODO: check
+CVE-2023-50939 (IBM PowerSC 1.3, 2.0, and 2.1 uses weaker than expected cryptographic  ...)
+	TODO: check
+CVE-2023-50938 (IBM PowerSC 1.3, 2.0, and 2.1 could allow a remote attacker to hijack  ...)
+	TODO: check
+CVE-2023-50937 (IBM PowerSC 1.3, 2.0, and 2.1 uses weaker than expected cryptographic  ...)
+	TODO: check
+CVE-2023-50936 (IBM PowerSC 1.3, 2.0, and 2.1 does not invalidate session after logout ...)
+	TODO: check
+CVE-2023-50935 (IBM PowerSC 1.3, 2.0, and 2.1 fails to properly restrict access to a U ...)
+	TODO: check
+CVE-2023-50934 (IBM PowerSC 1.3, 2.0, and 2.1 uses single-factor authentication which  ...)
+	TODO: check
+CVE-2023-50933 (IBM PowerSC 1.3, 2.0, and 2.1 is vulnerable to HTML injection. A remot ...)
+	TODO: check
+CVE-2023-50328 (IBM PowerSC 1.3, 2.0, and 2.1 may allow a remote attacker to view sess ...)
+	TODO: check
+CVE-2023-50327 (IBM PowerSC 1.3, 2.0, and 2.1 uses insecure HTTP methods which could a ...)
+	TODO: check
+CVE-2023-50326 (IBM PowerSC 1.3, 2.0, and 2.1 uses an inadequate account lockout setti ...)
+	TODO: check
+CVE-2023-4472 (Objectplanet Opinio version 7.22 and prior uses a cryptographically we ...)
+	TODO: check
+CVE-2023-49617 (The MachineSense application programmable interface (API) is improperl ...)
+	TODO: check
+CVE-2023-49610 (MachineSense FeverWarn Raspberry Pi-based devices lack input sanitizat ...)
+	TODO: check
+CVE-2023-49118 (in OpenHarmony v3.2.4 and prior versions allow a local attacker causes ...)
+	TODO: check
+CVE-2023-49115 (MachineSense devices use unauthenticated MQTT messaging to monitor dev ...)
+	TODO: check
+CVE-2023-48793 (Zoho ManageEngine ADAudit Plus through 7250 allows SQL Injection in th ...)
+	TODO: check
+CVE-2023-48792 (Zoho ManageEngine ADAudit Plus through 7250 is vulnerable to SQL Injec ...)
+	TODO: check
+CVE-2023-47867 (MachineSense FeverWarn devices are configured as Wi-Fi hosts in a way  ...)
+	TODO: check
+CVE-2023-47257 (ConnectWise ScreenConnect through 23.8.4 allows man-in-the-middle atta ...)
+	TODO: check
+CVE-2023-47256 (ConnectWise ScreenConnect through 23.8.4 allows local users to connect ...)
+	TODO: check
+CVE-2023-46706 (Multiple MachineSense devices have credentials unable to be changed by ...)
+	TODO: check
+CVE-2023-46344 (A vulnerability in Solar-Log Base 15 Firmware 6.0.1 Build 161, and pos ...)
+	TODO: check
+CVE-2023-46159 (IBM Storage Ceph 5.3z1, 5.3z5, and 6.1z1 could allow an authenticated  ...)
+	TODO: check
+CVE-2023-45734 (in OpenHarmony v3.2.4 and prior versions allow an adjacent attacker ar ...)
+	TODO: check
+CVE-2023-43756 (in OpenHarmony v3.2.4 and prior versions allow a local attacker causes ...)
+	TODO: check
+CVE-2023-38263 (IBM SOAR QRadar Plugin App 1.0 through 5.0.3 could allow an authentica ...)
+	TODO: check
+CVE-2023-38020 (IBM SOAR QRadar Plugin App 1.0 through 5.0.3 could allow an authentica ...)
+	TODO: check
+CVE-2023-38019 (IBM SOAR QRadar Plugin App 1.0 through 5.0.3 could allow a remote atta ...)
+	TODO: check
+CVE-2023-36496 (Delegated Admin Privilege virtual attribute provider plugin, when enab ...)
+	TODO: check
+CVE-2023-32333 (IBM Maximo Asset Management 7.6.1.3 could allow a remote attacker to l ...)
+	TODO: check
 CVE-2024-24754 (Bref enable serverless PHP on AWS Lambda. When Bref is used with the E ...)
 	NOT-FOR-US: Bref
 CVE-2024-24753 (Bref enable serverless PHP on AWS Lambda. When Bref is used in combina ...)
@@ -867,7 +1027,7 @@ CVE-2024-0444 [GStreamer-SA-2024-0001: AV1 codec parser potential buffer overflo
 	NOTE: https://gstreamer.freedesktop.org/security/sa-2024-0001.html
 	NOTE: https://gitlab.freedesktop.org/gstreamer/gstreamer/-/merge_requests/5970
 	NOTE: Fixed by: https://gitlab.freedesktop.org/gstreamer/gstreamer/-/commit/394d5066f8a7b728df02fe9084e955b2f7d7f6fe (1.22.9)
-CVE-2023-46045 [buffer overflow via a crafted config6a file]
+CVE-2023-46045 (Graphviz 2.36 before 10.0.0 has an out-of-bounds read via a crafted co ...)
 	- graphviz 2.42.2-8 (unimportant)
 	NOTE: Crosses no security boundary, config files are under local control
 	NOTE: https://gitlab.com/graphviz/graphviz/-/issues/2441
@@ -2820,42 +2980,43 @@ CVE-2024-20923
 CVE-2024-20925
 	- openjfx <not-affected> (Only affects JavaFX 8)
 CVE-2024-20945
-	{DSA-5604-1 DLA-3728-1}
+	{DSA-5613-1 DSA-5604-1 DLA-3728-1}
 	- openjdk-8 8u402-ga-1
 	- openjdk-11 11.0.22+7-1
 	- openjdk-17 17.0.10+7-1
 	- openjdk-21 21.0.2+13-1
 CVE-2024-20926 (Vulnerability in the Oracle Java SE, Oracle GraalVM for JDK, Oracle Gr ...)
-	{DSA-5604-1 DLA-3728-1}
+	{DSA-5613-1 DSA-5604-1 DLA-3728-1}
 	- openjdk-8 8u402-ga-1
 	- openjdk-11 11.0.22+7-1
 	- openjdk-17 17.0.10+7-1
 	- openjdk-21 21.0.2+13-1
 CVE-2024-20921
-	{DSA-5604-1 DLA-3728-1}
+	{DSA-5613-1 DSA-5604-1 DLA-3728-1}
 	- openjdk-8 8u402-ga-1
 	- openjdk-11 11.0.22+7-1
 	- openjdk-17 17.0.10+7-1
 	- openjdk-21 21.0.2+13-1
 CVE-2024-20919
-	{DSA-5604-1 DLA-3728-1}
+	{DSA-5613-1 DSA-5604-1 DLA-3728-1}
 	- openjdk-8 8u402-ga-1
 	- openjdk-11 11.0.22+7-1
 	- openjdk-17 17.0.10+7-1
 	- openjdk-21 21.0.2+13-1
 CVE-2024-20952 (Vulnerability in the Oracle Java SE, Oracle GraalVM for JDK, Oracle Gr ...)
-	{DSA-5604-1 DLA-3728-1}
+	{DSA-5613-1 DSA-5604-1 DLA-3728-1}
 	- openjdk-8 8u402-ga-1
 	- openjdk-11 11.0.22+7-1
 	- openjdk-17 17.0.10+7-1
 	- openjdk-21 21.0.2+13-1
 CVE-2024-20918 (Vulnerability in the Oracle Java SE, Oracle GraalVM for JDK, Oracle Gr ...)
-	{DSA-5604-1 DLA-3728-1}
+	{DSA-5613-1 DSA-5604-1 DLA-3728-1}
 	- openjdk-8 8u402-ga-1
 	- openjdk-11 11.0.22+7-1
 	- openjdk-17 17.0.10+7-1
 	- openjdk-21 21.0.2+13-1
 CVE-2024-20932 (Vulnerability in the Oracle Java SE, Oracle GraalVM for JDK, Oracle Gr ...)
+	{DSA-5613-1}
 	- openjdk-17 17.0.10+7-1
 CVE-2024-23347 (Prior to v176, when opening a new project Meta Spark Studio would exec ...)
 	NOT-FOR-US: Meta Spark Studio
@@ -21283,7 +21444,7 @@ CVE-2023-44766 (A Cross Site Scripting (XSS) vulnerability in Concrete CMS v.9.2
 	NOT-FOR-US: Concrete CMS
 CVE-2023-44765 (A Cross Site Scripting (XSS) vulnerability in Concrete CMS versions 8. ...)
 	NOT-FOR-US: Concrete CMS
-CVE-2023-44764 (A Cross Site Scripting (XSS) vulnerability in Concrete CMS v.9.2.1 all ...)
+CVE-2023-44764 (A Cross Site Scripting (XSS) vulnerability in Concrete CMS before 9.2. ...)
 	NOT-FOR-US: Concrete CMS
 CVE-2023-44762 (A Cross Site Scripting (XSS) vulnerability in Concrete CMS from versio ...)
 	NOT-FOR-US: Concrete CMS
@@ -95104,8 +95265,8 @@ CVE-2022-40746 (IBM i Access Family 1.1.2 through 1.1.4 and 1.1.4.3 through 1.1.
 	NOT-FOR-US: IBM
 CVE-2022-40745
 	RESERVED
-CVE-2022-40744
-	RESERVED
+CVE-2022-40744 (IBM Aspera Faspex 5.0.6 is vulnerable to stored cross-site scripting.  ...)
+	TODO: check
 CVE-2022-40743 (Improper Input Validation vulnerability for the xdebug plugin in Apach ...)
 	- trafficserver 9.1.4+ds-1
 	[bullseye] - trafficserver <not-affected> (Vulnerable code not present)
@@ -216208,10 +216369,10 @@ CVE-2021-22284 (Incorrect Permission Assignment for Critical Resource vulnerabil
 	NOT-FOR-US: ABB
 CVE-2021-22283 (Improper Initialization vulnerability in ABB Relion protection relays  ...)
 	NOT-FOR-US: ABB
-CVE-2021-22282
-	RESERVED
-CVE-2021-22281
-	RESERVED
+CVE-2021-22282 (Improper copy algorithm in the project extraction component in B&R Aut ...)
+	TODO: check
+CVE-2021-22281 (: Relative Path Traversal vulnerability in B&R Industrial Automation A ...)
+	TODO: check
 CVE-2021-22280
 	RESERVED
 CVE-2021-22279 (A Missing Authentication vulnerability in RobotWare for the OmniCore r ...)
@@ -242474,10 +242635,10 @@ CVE-2020-24684
 	RESERVED
 CVE-2020-24683 (The affected versions of S+ Operations (version 2.1 SP1 and earlier) u ...)
 	NOT-FOR-US: ABB
-CVE-2020-24682
-	RESERVED
-CVE-2020-24681
-	RESERVED
+CVE-2020-24682 (Unquoted Search Path or Element vulnerability in B&R Industrial Automa ...)
+	TODO: check
+CVE-2020-24681 (Incorrect Permission Assignment for Critical Resource vulnerability in ...)
+	TODO: check
 CVE-2020-24680 (In S+ Operations and S+ Historian, the passwords of internal users (no ...)
 	NOT-FOR-US: ABB
 CVE-2020-24679 (A S+ Operations and S+ Historian service is subject to a DoS by specia ...)



View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/8c74e04d93542ebeb4922d464982b48a3ee45f4e

-- 
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/8c74e04d93542ebeb4922d464982b48a3ee45f4e
You're receiving this email because of your account on salsa.debian.org.


-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://alioth-lists.debian.net/pipermail/debian-security-tracker-commits/attachments/20240202/884d75a2/attachment-0001.htm>


More information about the debian-security-tracker-commits mailing list