[Git][security-tracker-team/security-tracker][master] automatic update
Salvatore Bonaccorso (@carnil)
carnil at debian.org
Fri Feb 2 20:12:44 GMT 2024
Salvatore Bonaccorso pushed to branch master at Debian Security Tracker / security-tracker
Commits:
4ccccfdb by security tracker role at 2024-02-02T20:12:32+00:00
automatic update
- - - - -
1 changed file:
- data/CVE/list
Changes:
=====================================
data/CVE/list
=====================================
@@ -1,3 +1,165 @@
+CVE-2024-25006 (XenForo before 2.2.14 allows Directory Traversal (with write access) b ...)
+ TODO: check
+CVE-2024-25001
+ REJECTED
+CVE-2024-24760 (mailcow is a dockerized email package, with multiple containers linked ...)
+ TODO: check
+CVE-2024-24757 (open-irs is an issue response robot that reponds to issues in the inst ...)
+ TODO: check
+CVE-2024-24560 (Vyper is a Pythonic Smart Contract Language for the Ethereum Virtual M ...)
+ TODO: check
+CVE-2024-24470 (Cross Site Request Forgery vulnerability in flusity-CMS v.2.33 allows ...)
+ TODO: check
+CVE-2024-24388 (Cross-site scripting (XSS) vulnerability in XunRuiCMS versions v4.6.2 ...)
+ TODO: check
+CVE-2024-24161 (MRCMS 3.0 contains an Arbitrary File Read vulnerability in /admin/file ...)
+ TODO: check
+CVE-2024-24160 (MRCMS 3.0 contains a Cross-Site Scripting (XSS) vulnerability via /adm ...)
+ TODO: check
+CVE-2024-24029 (JFinalCMS 5.0.0 is vulnerable to SQL injection via /admin/content/data ...)
+ TODO: check
+CVE-2024-23895 (A vulnerability has been reported in Cups Easy (Purchase & Inventory), ...)
+ TODO: check
+CVE-2024-23831 (LedgerSMB is a free web-based double-entry accounting system. When a L ...)
+ TODO: check
+CVE-2024-23824 (mailcow is a dockerized email package, with multiple containers linked ...)
+ TODO: check
+CVE-2024-23635 (AntiSamy is a library for performing fast, configurable cleansing of H ...)
+ TODO: check
+CVE-2024-22851 (Directory Traversal Vulnerability in LiveConfig before v.2.5.2 allows ...)
+ TODO: check
+CVE-2024-22108 (An issue was discovered in GTB Central Console 15.17.1-30814.NG. The m ...)
+ TODO: check
+CVE-2024-22107 (An issue was discovered in GTB Central Console 15.17.1-30814.NG. The m ...)
+ TODO: check
+CVE-2024-1201 (Search path or unquoted item vulnerability in HDD Health affecting ver ...)
+ TODO: check
+CVE-2024-1192 (A vulnerability was found in South River WebDrive 18.00.5057. It has b ...)
+ TODO: check
+CVE-2024-1191 (A vulnerability was found in Hyper CdCatalog 2.3.1. It has been classi ...)
+ TODO: check
+CVE-2024-1190 (A vulnerability was found in Global Scape CuteFTP 9.3.0.3 and classifi ...)
+ TODO: check
+CVE-2024-1189 (A vulnerability has been found in AMPPS 2.7 and classified as problema ...)
+ TODO: check
+CVE-2024-1188 (A vulnerability, which was classified as problematic, was found in Riz ...)
+ TODO: check
+CVE-2024-1187 (A vulnerability, which was classified as problematic, has been found i ...)
+ TODO: check
+CVE-2024-1186 (A vulnerability classified as problematic was found in Munsoft Easy Ar ...)
+ TODO: check
+CVE-2024-1185 (A vulnerability classified as problematic has been found in Nsasoft NB ...)
+ TODO: check
+CVE-2024-1184 (A vulnerability was found in Nsasoft Network Sleuth 3.0.0.0. It has be ...)
+ TODO: check
+CVE-2024-0963 (The Calculated Fields Form plugin for WordPress is vulnerable to Store ...)
+ TODO: check
+CVE-2024-0844 (The Popup More Popups, Lightboxes, and more popup modules plugin for W ...)
+ TODO: check
+CVE-2024-0338 (A buffer overflow vulnerability has been found in XAMPP affecting vers ...)
+ TODO: check
+CVE-2024-0269 (ManageEngine ADAudit Plus versions7270and below are vulnerable to the ...)
+ TODO: check
+CVE-2024-0253 (ManageEngine ADAudit Plus versions7270and below are vulnerable to the ...)
+ TODO: check
+CVE-2023-6676 (Cross-Site Request Forgery (CSRF) vulnerability in National Keep Cyber ...)
+ TODO: check
+CVE-2023-6675 (Unrestricted Upload of File with Dangerous Type vulnerability in Natio ...)
+ TODO: check
+CVE-2023-6673 (Improper Neutralization of Input During Web Page Generation ('Cross-si ...)
+ TODO: check
+CVE-2023-6672 (Improper Neutralization of Input During Web Page Generation ('Cross-si ...)
+ TODO: check
+CVE-2023-6387 (A potential buffer overflow exists in the Bluetooth LE HCI CPC sample ...)
+ TODO: check
+CVE-2023-51838 (Ylianst MeshCentral 1.1.16 suffers from Use of a Broken or Risky Crypt ...)
+ TODO: check
+CVE-2023-51820 (An issue in Blurams Lumi Security Camera (A31C) v.2.3.38.12558 allows ...)
+ TODO: check
+CVE-2023-51072 (A stored cross-site scripting (XSS) vulnerability in the NOC component ...)
+ TODO: check
+CVE-2023-50488 (An issue in Blurams Lumi Security Camera (A31C) v23.0406.435.4120 allo ...)
+ TODO: check
+CVE-2023-50359 (An unchecked return value vulnerability has been reported to affect se ...)
+ TODO: check
+CVE-2023-48645 (An issue was discovered in the Archibus app 4.0.3 for iOS. It uses a l ...)
+ TODO: check
+CVE-2023-47568 (A SQL injection vulnerability has been reported to affect several QNAP ...)
+ TODO: check
+CVE-2023-47567 (An OS command injection vulnerability has been reported to affect seve ...)
+ TODO: check
+CVE-2023-47566 (An OS command injection vulnerability has been reported to affect seve ...)
+ TODO: check
+CVE-2023-47564 (An incorrect permission assignment for critical resource vulnerability ...)
+ TODO: check
+CVE-2023-47562 (An OS command injection vulnerability has been reported to affect Phot ...)
+ TODO: check
+CVE-2023-47561 (A cross-site scripting (XSS) vulnerability has been reported to affect ...)
+ TODO: check
+CVE-2023-47148 (IBM Storage Protect Plus Server 10.1.0 through 10.1.15.2 Admin Console ...)
+ TODO: check
+CVE-2023-47144 (IBM Tivoli Application Dependency Discovery Manager 7.3.0.0 through 7. ...)
+ TODO: check
+CVE-2023-47143 (IBM Tivoli Application Dependency Discovery Manager 7.3.0.0 through 7. ...)
+ TODO: check
+CVE-2023-47142 (IBM Tivoli Application Dependency Discovery Manager 7.3.0.0 through 7. ...)
+ TODO: check
+CVE-2023-45037 (A buffer copy without checking size of input vulnerability has been re ...)
+ TODO: check
+CVE-2023-45036 (A buffer copy without checking size of input vulnerability has been re ...)
+ TODO: check
+CVE-2023-45035 (A buffer copy without checking size of input vulnerability has been re ...)
+ TODO: check
+CVE-2023-45028 (An uncontrolled resource consumption vulnerability has been reported t ...)
+ TODO: check
+CVE-2023-45027 (A path traversal vulnerability has been reported to affect several QNA ...)
+ TODO: check
+CVE-2023-45026 (A path traversal vulnerability has been reported to affect several QNA ...)
+ TODO: check
+CVE-2023-45025 (An OS command injection vulnerability has been reported to affect seve ...)
+ TODO: check
+CVE-2023-41292 (A buffer copy without checking size of input vulnerability has been re ...)
+ TODO: check
+CVE-2023-41283 (An OS command injection vulnerability has been reported to affect seve ...)
+ TODO: check
+CVE-2023-41282 (An OS command injection vulnerability has been reported to affect seve ...)
+ TODO: check
+CVE-2023-41281 (An OS command injection vulnerability has been reported to affect seve ...)
+ TODO: check
+CVE-2023-41280 (A buffer copy without checking size of input vulnerability has been re ...)
+ TODO: check
+CVE-2023-41279 (A buffer copy without checking size of input vulnerability has been re ...)
+ TODO: check
+CVE-2023-41278 (A buffer copy without checking size of input vulnerability has been re ...)
+ TODO: check
+CVE-2023-41277 (A buffer copy without checking size of input vulnerability has been re ...)
+ TODO: check
+CVE-2023-41276 (A buffer copy without checking size of input vulnerability has been re ...)
+ TODO: check
+CVE-2023-41275 (A buffer copy without checking size of input vulnerability has been re ...)
+ TODO: check
+CVE-2023-41274 (A NULL pointer dereference vulnerability has been reported to affect s ...)
+ TODO: check
+CVE-2023-41273 (A heap-based buffer overflow vulnerability has been reported to affect ...)
+ TODO: check
+CVE-2023-39611 (An issue in Software FX Chart FX 7 version 7.0.4962.20829 allows attac ...)
+ TODO: check
+CVE-2023-39303 (An improper authentication vulnerability has been reported to affect s ...)
+ TODO: check
+CVE-2023-39302 (An OS command injection vulnerability has been reported to affect seve ...)
+ TODO: check
+CVE-2023-39297 (An OS command injection vulnerability has been reported to affect seve ...)
+ TODO: check
+CVE-2023-38273 (IBM Cloud Pak System 2.3.1.1, 2.3.2.0, and 2.3.3.7 uses an inadequate ...)
+ TODO: check
+CVE-2023-37530 (A cross-site scripting (XSS) vulnerability in the Web Reports componen ...)
+ TODO: check
+CVE-2023-37529 (A cross-site scripting (XSS) vulnerability in the Web Reports componen ...)
+ TODO: check
+CVE-2023-37527 (A reflected cross-site scripting (XSS) vulnerability in the Web Report ...)
+ TODO: check
+CVE-2023-32967 (An incorrect authorization vulnerability has been reported to affect s ...)
+ TODO: check
CVE-2024-XXXX [GHSA-7g9j-g5jg-3vv3: Unauthenticated Nonce Increment in snow]
- rust-snow <unfixed> (bug #1062663)
NOTE: https://github.com/mcginty/snow/security/advisories/GHSA-7g9j-g5jg-3vv3
@@ -112953,8 +113115,8 @@ CVE-2022-34383 (Dell Edge Gateway 5200 (EGW) versions before 1.03.10 contain an
NOT-FOR-US: Dell
CVE-2022-34382 (Dell Command Update, Dell Update and Alienware Update versions prior t ...)
NOT-FOR-US: Dell
-CVE-2022-34381
- RESERVED
+CVE-2022-34381 (Dell BSAFE SSL-J version 7.0 and all versions prior to 6.5, and Dell B ...)
+ TODO: check
CVE-2022-34380 (Dell CloudLink 7.1.3 and all earlier versions contain an Authenticatio ...)
NOT-FOR-US: Dell
CVE-2022-34379 (Dell EMC CloudLink 7.1.2 and all prior versions contain an Authenticat ...)
@@ -216386,7 +216548,7 @@ CVE-2021-22284 (Incorrect Permission Assignment for Critical Resource vulnerabil
NOT-FOR-US: ABB
CVE-2021-22283 (Improper Initialization vulnerability in ABB Relion protection relays ...)
NOT-FOR-US: ABB
-CVE-2021-22282 (Improper copy algorithm in the project extraction component in B&R Aut ...)
+CVE-2021-22282 (Improper Control of Generation of Code ('Code Injection') vulnerabilit ...)
NOT-FOR-US: B&R Industrial Automation Automation Studio
CVE-2021-22281 (: Relative Path Traversal vulnerability in B&R Industrial Automation A ...)
NOT-FOR-US: B&R Industrial Automation Automation Studio
@@ -218173,8 +218335,8 @@ CVE-2021-21577 (Dell EMC iDRAC9 versions prior to 4.40.40.00 contain a DOM-based
NOT-FOR-US: EMC
CVE-2021-21576 (Dell EMC iDRAC9 versions prior to 4.40.40.00 contain a DOM-based cross ...)
NOT-FOR-US: EMC
-CVE-2021-21575
- RESERVED
+CVE-2021-21575 (Dell BSAFE Micro Edition Suite,versions before 4.5.2, contain an Obser ...)
+ TODO: check
CVE-2021-21574 (Dell BIOSConnect feature contains a buffer overflow vulnerability. An ...)
NOT-FOR-US: Dell
CVE-2021-21573 (Dell BIOSConnect feature contains a buffer overflow vulnerability. An ...)
@@ -227040,8 +227202,8 @@ CVE-2020-29506 (Dell BSAFE Crypto-C Micro Edition, versions before 4.1.5, and De
NOT-FOR-US: Dell
CVE-2020-29505 (Dell BSAFE Crypto-C Micro Edition, versions before 4.1.5, and Dell BSA ...)
NOT-FOR-US: Dell
-CVE-2020-29504
- RESERVED
+CVE-2020-29504 (Dell BSAFE Crypto-C Micro Edition, versions before 4.1.5, and Dell BSA ...)
+ TODO: check
CVE-2020-29503 (Dell EMC PowerStore versions prior to 1.0.3.0.5.xxx contain a file per ...)
NOT-FOR-US: EMC PowerStore
CVE-2020-29502 (Dell EMC PowerStore versions prior to 1.0.3.0.5.007 contain a Plain-Te ...)
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/4ccccfdb69b5dc1284a87401df633346df6f9399
--
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/4ccccfdb69b5dc1284a87401df633346df6f9399
You're receiving this email because of your account on salsa.debian.org.
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://alioth-lists.debian.net/pipermail/debian-security-tracker-commits/attachments/20240202/ba9886de/attachment.htm>
More information about the debian-security-tracker-commits
mailing list