[Git][security-tracker-team/security-tracker][master] automatic update
Salvatore Bonaccorso (@carnil)
carnil at debian.org
Tue Feb 6 08:12:17 GMT 2024
Salvatore Bonaccorso pushed to branch master at Debian Security Tracker / security-tracker
Commits:
2c1acf21 by security tracker role at 2024-02-06T08:11:59+00:00
automatic update
- - - - -
1 changed file:
- data/CVE/list
Changes:
=====================================
data/CVE/list
=====================================
@@ -1,3 +1,313 @@
+CVE-2024-24808 (pyLoad is an open-source Download Manager written in pure Python. Ther ...)
+ TODO: check
+CVE-2024-24807 (Sulu is a highly extensible open-source PHP content management system ...)
+ TODO: check
+CVE-2024-24595 (Allegro AI\u2019s open-source version of ClearML stores passwords in p ...)
+ TODO: check
+CVE-2024-24574 (phpMyFAQ is an open source FAQ web application for PHP 8.1+ and MySQL, ...)
+ TODO: check
+CVE-2024-24559 (Vyper is a Pythonic Smart Contract Language for the EVM. There is an e ...)
+ TODO: check
+CVE-2024-24543 (Buffer Overflow vulnerability in the function setSchedWifi in Tenda AC ...)
+ TODO: check
+CVE-2024-24398 (Directory Traversal vulnerability in Stimulsoft GmbH Stimulsoft Dashbo ...)
+ TODO: check
+CVE-2024-24112 (xmall v1.1 was discovered to contain a SQL injection vulnerability via ...)
+ TODO: check
+CVE-2024-23304 (Cybozu KUNAI for Android 3.0.20 to 3.0.21 allows a remote unauthentica ...)
+ TODO: check
+CVE-2024-23049 (An issue in symphony v.3.6.3 and before allows a remote attacker to ex ...)
+ TODO: check
+CVE-2024-22853 (D-LINK Go-RT-AC750 GORTAC750_A1_FW_v101b03 has a hardcoded password fo ...)
+ TODO: check
+CVE-2024-22852 (D-Link Go-RT-AC750 GORTAC750_A1_FW_v101b03 contains a stack-based buff ...)
+ TODO: check
+CVE-2024-22773 (Intelbras Roteador ACtion RF 1200 1.2.2 esposes the Password in Cookie ...)
+ TODO: check
+CVE-2024-22208 (phpMyFAQ is an Open Source FAQ web application for PHP 8.1+ and MySQL, ...)
+ TODO: check
+CVE-2024-20828 (Improper authorization verification vulnerability in Samsung Internet ...)
+ TODO: check
+CVE-2024-20827 (Improper access control vulnerability in Samsung Gallery prior to vers ...)
+ TODO: check
+CVE-2024-20826 (Implicit intent hijacking vulnerability in UPHelper library prior to v ...)
+ TODO: check
+CVE-2024-20825 (Implicit intent hijacking vulnerability in IAP of Galaxy Store prior t ...)
+ TODO: check
+CVE-2024-20824 (Implicit intent hijacking vulnerability in VoiceSearch of Galaxy Store ...)
+ TODO: check
+CVE-2024-20823 (Implicit intent hijacking vulnerability in SamsungAccount of Galaxy St ...)
+ TODO: check
+CVE-2024-20822 (Implicit intent hijacking vulnerability in AccountActivity of Galaxy S ...)
+ TODO: check
+CVE-2024-20820 (Improper input validation in bootloader prior to SMR Feb-2024 Release ...)
+ TODO: check
+CVE-2024-20819 (Out out bounds Write vulnerabilities in svc1td_vld_plh_ap of libsthmbc ...)
+ TODO: check
+CVE-2024-20818 (Out out bounds Write vulnerabilities in svc1td_vld_elh of libsthmbc.so ...)
+ TODO: check
+CVE-2024-20817 (Out out bounds Write vulnerabilities in svc1td_vld_slh of libsthmbc.so ...)
+ TODO: check
+CVE-2024-20816 (Improper authentication vulnerability in onCharacteristicWriteRequest ...)
+ TODO: check
+CVE-2024-20815 (Improper authentication vulnerability in onCharacteristicReadRequest i ...)
+ TODO: check
+CVE-2024-20814 (Out-of-bounds Read in padmd_vld_ac_prog_refine of libpadm.so prior to ...)
+ TODO: check
+CVE-2024-20813 (Out-of-bounds Write in padmd_vld_qtbl of libpadm.so prior to SMR Feb-2 ...)
+ TODO: check
+CVE-2024-20812 (Out-of-bounds Write in padmd_vld_htbl of libpadm.so prior to SMR Feb-2 ...)
+ TODO: check
+CVE-2024-20811 (Improper caller verification in GameOptimizer prior to SMR Feb-2024 Re ...)
+ TODO: check
+CVE-2024-20810 (Implicit intent hijacking vulnerability in Smart Suggestions prior to ...)
+ TODO: check
+CVE-2024-1210 (The LearnDash LMS plugin for WordPress is vulnerable to Sensitive Info ...)
+ TODO: check
+CVE-2024-1209 (The LearnDash LMS plugin for WordPress is vulnerable to Sensitive Info ...)
+ TODO: check
+CVE-2024-1208 (The LearnDash LMS plugin for WordPress is vulnerable to Sensitive Info ...)
+ TODO: check
+CVE-2024-1177 (The WP Club Manager \u2013 WordPress Sports Club Plugin plugin for Wor ...)
+ TODO: check
+CVE-2024-1121 (The Advanced Forms for ACF plugin for WordPress is vulnerable to unaut ...)
+ TODO: check
+CVE-2024-1092 (The RSS Aggregator by Feedzy \u2013 Feed to Post, Autoblogging, News & ...)
+ TODO: check
+CVE-2024-1075 (The Minimal Coming Soon \u2013 Coming Soon Page plugin for WordPress i ...)
+ TODO: check
+CVE-2024-1072 (The Website Builder by SeedProd \u2014 Theme Builder, Landing Page Bui ...)
+ TODO: check
+CVE-2024-1052 (Boundary and Boundary Enterprise (\u201cBoundary\u201d) is vulnerable ...)
+ TODO: check
+CVE-2024-1046 (The Paid Membership Plugin, Ecommerce, User Registration Form, Login F ...)
+ TODO: check
+CVE-2024-0969 (The ARMember plugin for WordPress is vulnerable to Sensitive Informati ...)
+ TODO: check
+CVE-2024-0964 (A local file include could be remotely triggered in Gradio due to a vu ...)
+ TODO: check
+CVE-2024-0961 (The SiteOrigin Widgets Bundle plugin for WordPress is vulnerable to St ...)
+ TODO: check
+CVE-2024-0954 (The Essential Addons for Elementor \u2013 Best Elementor Templates, Wi ...)
+ TODO: check
+CVE-2024-0869 (The Instant Images \u2013 One Click Image Uploads from Unsplash, Openv ...)
+ TODO: check
+CVE-2024-0859 (The Affiliates Manager plugin for WordPress is vulnerable to Cross-Sit ...)
+ TODO: check
+CVE-2024-0835 (The Royal Elementor Kit theme for WordPress is vulnerable to unauthori ...)
+ TODO: check
+CVE-2024-0834 (The Elementor Addon Elements plugin for WordPress is vulnerable to Sto ...)
+ TODO: check
+CVE-2024-0823 (The Exclusive Addons for Elementor plugin for WordPress is vulnerable ...)
+ TODO: check
+CVE-2024-0797 (The Active Products Tables for WooCommerce. Professional products tabl ...)
+ TODO: check
+CVE-2024-0796 (The Active Products Tables for WooCommerce. Professional products tabl ...)
+ TODO: check
+CVE-2024-0791 (The WOLF \u2013 WordPress Posts Bulk Editor and Manager Professional p ...)
+ TODO: check
+CVE-2024-0790 (The WOLF \u2013 WordPress Posts Bulk Editor and Manager Professional p ...)
+ TODO: check
+CVE-2024-0761 (The File Manager plugin for WordPress is vulnerable to Sensitive Infor ...)
+ TODO: check
+CVE-2024-0709 (The Cryptocurrency Widgets \u2013 Price Ticker & Coins List plugin for ...)
+ TODO: check
+CVE-2024-0701 (The UserPro plugin for WordPress is vulnerable to Security Feature Byp ...)
+ TODO: check
+CVE-2024-0699 (The AI Engine: Chatbots, Generators, Assistants, GPT 4 and more! plugi ...)
+ TODO: check
+CVE-2024-0691 (The FileBird plugin for WordPress is vulnerable to Stored Cross-Site S ...)
+ TODO: check
+CVE-2024-0678 (The Order Delivery Date for WP e-Commerce plugin for WordPress is vuln ...)
+ TODO: check
+CVE-2024-0668 (The Advanced Database Cleaner plugin for WordPress is vulnerable to PH ...)
+ TODO: check
+CVE-2024-0660 (The Formidable Forms \u2013 Contact Form, Survey, Quiz, Payment, Calcu ...)
+ TODO: check
+CVE-2024-0659 (The Easy Digital Downloads \u2013 Sell Digital Files (eCommerce Store ...)
+ TODO: check
+CVE-2024-0630 (The WP RSS Aggregator plugin for WordPress is vulnerable to Stored Cro ...)
+ TODO: check
+CVE-2024-0612 (The Content Views \u2013 Post Grid, Slider, Accordion (Gutenberg Block ...)
+ TODO: check
+CVE-2024-0597 (The SEO Plugin by Squirrly SEO plugin for WordPress is vulnerable to S ...)
+ TODO: check
+CVE-2024-0586 (The Essential Addons for Elementor \u2013 Best Elementor Templates, Wi ...)
+ TODO: check
+CVE-2024-0585 (The Essential Addons for Elementor \u2013 Best Elementor Templates, Wi ...)
+ TODO: check
+CVE-2024-0509 (The WP 404 Auto Redirect to Similar Post plugin for WordPress is vulne ...)
+ TODO: check
+CVE-2024-0508 (The Orbit Fox by ThemeIsle plugin for WordPress is vulnerable to Store ...)
+ TODO: check
+CVE-2024-0448 (The Elementor Addons by Livemesh plugin for WordPress is vulnerable to ...)
+ TODO: check
+CVE-2024-0428 (The Index Now plugin for WordPress is vulnerable to Cross-Site Request ...)
+ TODO: check
+CVE-2024-0384 (The WP Recipe Maker plugin for WordPress is vulnerable to Stored Cross ...)
+ TODO: check
+CVE-2024-0382 (The WP Recipe Maker plugin for WordPress is vulnerable to Stored Cross ...)
+ TODO: check
+CVE-2024-0380 (The WP Recipe Maker plugin for WordPress is vulnerable to Directory Tr ...)
+ TODO: check
+CVE-2024-0374 (The Views for WPForms \u2013 Display & Edit WPForms Entries on your si ...)
+ TODO: check
+CVE-2024-0373 (The Views for WPForms \u2013 Display & Edit WPForms Entries on your si ...)
+ TODO: check
+CVE-2024-0372 (The Views for WPForms \u2013 Display & Edit WPForms Entries on your si ...)
+ TODO: check
+CVE-2024-0371 (The Views for WPForms \u2013 Display & Edit WPForms Entries on your si ...)
+ TODO: check
+CVE-2024-0370 (The Views for WPForms \u2013 Display & Edit WPForms Entries on your si ...)
+ TODO: check
+CVE-2024-0366 (The Starbox \u2013 the Author Box for Humans plugin for WordPress is v ...)
+ TODO: check
+CVE-2024-0324 (The User Profile Builder \u2013 Beautiful User Registration Forms, Use ...)
+ TODO: check
+CVE-2024-0255 (The WP Recipe Maker plugin for WordPress is vulnerable to Stored Cross ...)
+ TODO: check
+CVE-2024-0254 (The (Simply) Guest Author Name plugin for WordPress is vulnerable to S ...)
+ TODO: check
+CVE-2024-0244 (Buffer overflow in CPCA PCFAX number process of Office Multifunction P ...)
+ TODO: check
+CVE-2024-0221 (The Photo Gallery by 10Web \u2013 Mobile-Friendly Image Gallery plugin ...)
+ TODO: check
+CVE-2024-0202 (A security vulnerability has been identified in the cryptlib cryptogra ...)
+ TODO: check
+CVE-2023-7029 (The WordPress Button Plugin MaxButtons plugin for WordPress is vulnera ...)
+ TODO: check
+CVE-2023-7014 (The Author Box, Guest Author and Co-Authors for Your Posts \u2013 Molo ...)
+ TODO: check
+CVE-2023-6996 (The Display custom fields in the frontend \u2013 Post and User Profile ...)
+ TODO: check
+CVE-2023-6989 (The Shield Security \u2013 Smart Bot Blocking & Intrusion Prevention S ...)
+ TODO: check
+CVE-2023-6985 (The 10Web AI Assistant \u2013 AI content writing assistant plugin for ...)
+ TODO: check
+CVE-2023-6983 (The Display custom fields in the frontend \u2013 Post and User Profile ...)
+ TODO: check
+CVE-2023-6982 (The Display custom fields in the frontend \u2013 Post and User Profile ...)
+ TODO: check
+CVE-2023-6963 (The Getwid \u2013 Gutenberg Blocks plugin for WordPress is vulnerable ...)
+ TODO: check
+CVE-2023-6959 (The Getwid \u2013 Gutenberg Blocks plugin for WordPress is vulnerable ...)
+ TODO: check
+CVE-2023-6953 (The PDF Generator For Fluent Forms \u2013 The Contact Form Plugin plug ...)
+ TODO: check
+CVE-2023-6933 (The Better Search Replace plugin for WordPress is vulnerable to PHP Ob ...)
+ TODO: check
+CVE-2023-6925 (The Unlimited Addons for WPBakery Page Builder plugin for WordPress is ...)
+ TODO: check
+CVE-2023-6884 (This plugin for WordPress is vulnerable to Stored Cross-Site Scripting ...)
+ TODO: check
+CVE-2023-6846 (The File Manager Pro plugin for WordPress is vulnerable to Arbitrary F ...)
+ TODO: check
+CVE-2023-6808 (The Booking for Appointments and Events Calendar \u2013 Amelia plugin ...)
+ TODO: check
+CVE-2023-6807 (The GeneratePress Premium plugin for WordPress is vulnerable to Stored ...)
+ TODO: check
+CVE-2023-6701 (The Advanced Custom Fields (ACF) plugin for WordPress is vulnerable to ...)
+ TODO: check
+CVE-2023-6700 (The Cookie Information | Free GDPR Consent Solution plugin for WordPre ...)
+ TODO: check
+CVE-2023-6635 (The EditorsKit plugin for WordPress is vulnerable to arbitrary file up ...)
+ TODO: check
+CVE-2023-6557 (The The Events Calendar plugin for WordPress is vulnerable to Sensitiv ...)
+ TODO: check
+CVE-2023-6526 (The Meta Box \u2013 WordPress Custom Fields Framework plugin for WordP ...)
+ TODO: check
+CVE-2023-6234 (Buffer overflow in CPCA Color LUT Resource Download process of Office ...)
+ TODO: check
+CVE-2023-6233 (Buffer overflow in SLP attribute request process of Office Multifuncti ...)
+ TODO: check
+CVE-2023-6232 (Buffer overflow in the Address Book username process in authentication ...)
+ TODO: check
+CVE-2023-6231 (Buffer overflow in WSD probe request process of Office Multifunction P ...)
+ TODO: check
+CVE-2023-6230 (Buffer overflow in the Address Book password process in authentication ...)
+ TODO: check
+CVE-2023-6229 (Buffer overflow in CPCA PDL Resource Download process of Office Multif ...)
+ TODO: check
+CVE-2023-52239 (The XML parser in Magic xpi Integration Platform 4.13.4 allows XXE att ...)
+ TODO: check
+CVE-2023-51951 (SQL Injection vulnerability in Stock Management System 1.0 allows a re ...)
+ TODO: check
+CVE-2023-4637 (The WPvivid plugin for WordPress is vulnerable to unauthorized access ...)
+ TODO: check
+CVE-2023-47889 (The Android application BINHDRM26 com.bdrm.superreboot 1.0.3, exposes ...)
+ TODO: check
+CVE-2023-47354 (An issue in the PowerOffWidgetReceiver function of Super Reboot (Root) ...)
+ TODO: check
+CVE-2023-47353 (An issue in the com.oneed.dvr.service.DownloadFirmwareService componen ...)
+ TODO: check
+CVE-2023-47022 (An issue in NCR Terminal Handler v.1.5.1 allows a remote attacker to e ...)
+ TODO: check
+CVE-2023-46360 (Hardy Barth cPH2 eCharge Ladestation v1.87.0 and earlier is vulnerable ...)
+ TODO: check
+CVE-2023-46359 (An OS command injection vulnerability in Hardy Barth cPH2 eCharge Lade ...)
+ TODO: check
+CVE-2023-43536 (Transient DOS while parse fils IE with length equal to 1.)
+ TODO: check
+CVE-2023-43535 (Memory corruption when negative display IDs are sent as input while pr ...)
+ TODO: check
+CVE-2023-43534 (Memory corruption while validating the TID to Link Mapping action requ ...)
+ TODO: check
+CVE-2023-43533 (Transient DOS in WLAN Firmware when the length of received beacon is l ...)
+ TODO: check
+CVE-2023-43532 (Memory corruption while reading ACPI config through the user mode app.)
+ TODO: check
+CVE-2023-43523 (Transient DOS while processing 11AZ RTT management action frame receiv ...)
+ TODO: check
+CVE-2023-43522 (Transient DOS while key unwrapping process, when the given encrypted k ...)
+ TODO: check
+CVE-2023-43520 (Memory corruption when AP includes TID to link mapping IE in the beaco ...)
+ TODO: check
+CVE-2023-43519 (Memory corruption in video while parsing the Videoinfo, when the size ...)
+ TODO: check
+CVE-2023-43518 (Memory corruption in video while parsing invalid mp2 clip.)
+ TODO: check
+CVE-2023-43517 (Memory corruption in Automotive Multimedia due to improper access cont ...)
+ TODO: check
+CVE-2023-43516 (Memory corruption when malformed message payload is received from firm ...)
+ TODO: check
+CVE-2023-43513 (Memory corruption while processing the event ring, the context read po ...)
+ TODO: check
+CVE-2023-34042 (The spring-security.xsd file inside the spring-security-config jar is ...)
+ TODO: check
+CVE-2023-33077 (Memory corruption in HLOS while converting from authorization token to ...)
+ TODO: check
+CVE-2023-33076 (Memory corruption in Core when updating rollback version for TA and OT ...)
+ TODO: check
+CVE-2023-33072 (Memory corruption in Core while processing control functions.)
+ TODO: check
+CVE-2023-33069 (Memory corruption in Audio while processing the calibration data retur ...)
+ TODO: check
+CVE-2023-33068 (Memory corruption in Audio while processing IIR config data from AFE c ...)
+ TODO: check
+CVE-2023-33067 (Memory corruption in Audio while calling START command on host voice P ...)
+ TODO: check
+CVE-2023-33065 (Information disclosure in Audio while accessing AVCS services from ADS ...)
+ TODO: check
+CVE-2023-33064 (Transient DOS in Audio when invoking callback function of ASM driver.)
+ TODO: check
+CVE-2023-33060 (Transient DOS in Core when DDR memory check is called while DDR is not ...)
+ TODO: check
+CVE-2023-33058 (Information disclosure in Modem while processing SIB5.)
+ TODO: check
+CVE-2023-33057 (Transient DOS in Multi-Mode Call Processor while processing UE policy ...)
+ TODO: check
+CVE-2023-33049 (Transient DOS in Multi-Mode Call Processor due to UE failure because o ...)
+ TODO: check
+CVE-2023-33046 (Memory corruption in Trusted Execution Environment while deinitializin ...)
+ TODO: check
+CVE-2023-32479 (Dell Encryption, Dell Endpoint Security Suite Enterprise, and Dell Sec ...)
+ TODO: check
+CVE-2023-32474 (Dell Display Manager application, version 2.1.1.17 and prior, contain ...)
+ TODO: check
+CVE-2023-32454 (DUP framework version 4.9.4.36 and prior contains insecure operation o ...)
+ TODO: check
+CVE-2023-32451 (Dell Display Manager application, version 2.1.1.17, contains a vulnera ...)
+ TODO: check
CVE-2024-24768 (1Panel is an open source Linux server operation and maintenance manage ...)
NOT-FOR-US: 1Panel
CVE-2024-24762 (FastAPI is a web framework for building APIs with Python 3.8+ based on ...)
@@ -477,7 +787,7 @@ CVE-2024-21399 (Microsoft Edge (Chromium-based) Remote Code Execution Vulnerabil
NOT-FOR-US: Microsoft
CVE-2024-1162 (The Orbit Fox by ThemeIsle plugin for WordPress is vulnerable to Cross ...)
NOT-FOR-US: WordPress plugin
-CVE-2024-1143 (Central Dogma versions prior to 0.64.0 is vulnerable to Cross-Site Scr ...)
+CVE-2024-1143 (Central Dogma versions prior to 0.64.1 is vulnerable to Cross-Site Scr ...)
NOT-FOR-US: Central Dogma
CVE-2024-1073 (The SlimStat Analytics plugin for WordPress is vulnerable to Stored Cr ...)
NOT-FOR-US: WordPress plugin
@@ -1052,7 +1362,7 @@ CVE-2023-46230 (In Splunk Add-on Builder versions below 4.1.4, the app writes se
NOT-FOR-US: Splunk Add-on Builder
CVE-2023-37518 (HCL BigFix ServiceNow is vulnerable to arbitrary code injection. A ma ...)
NOT-FOR-US: HCL BigFix ServiceNow
-CVE-2023-36260 (An issue discovered in Craft CMS version 4.6.1. allows remote attacker ...)
+CVE-2023-36260 (An issue was discovered in the Feed Me plugin 4.6.1 for Craft CMS. It ...)
NOT-FOR-US: Craft CMS
CVE-2023-36259 (Cross Site Scripting (XSS) vulnerability in Craft CMS Audit Plugin bef ...)
NOT-FOR-US: Craft CMS Audit Plugin
@@ -3150,7 +3460,7 @@ CVE-2021-4435 (An untrusted search path vulnerability was found in Yarn. When a
TODO: check, too few details in RHBZ#2262284
CVE-2021-4433 (A vulnerability was found in Karjasoft Sami HTTP Server 2.0. It has be ...)
NOT-FOR-US: Karjasoft Sami HTTP Server
-CVE-2024-22365 [pam_namespace: protect_dir(): use O_DIRECTORY to prevent local DoS situations]
+CVE-2024-22365 (linux-pam (aka Linux PAM) before 1.6.0 allows attackers to cause a den ...)
[experimental] - pam 1.5.3-2
- pam <unfixed> (bug #1061097)
[bookworm] - pam <no-dsa> (Minor issue)
@@ -3549,9 +3859,9 @@ CVE-2024-0507 (An attacker with access to a Management Console user account with
NOT-FOR-US: GitHub Enterprise Server
CVE-2024-0239 (The Contact Form 7 Connector WordPress plugin before 1.2.3 does not sa ...)
NOT-FOR-US: WordPress plugin
-CVE-2024-0238 (The EventON WordPress plugin before 4.5.5, EventON WordPress plugin be ...)
+CVE-2024-0238 (The EventON Premium WordPress plugin before 4.5.6, EventON WordPress p ...)
NOT-FOR-US: WordPress plugin
-CVE-2024-0237 (The EventON WordPress plugin before 4.5.5, EventON WordPress plugin be ...)
+CVE-2024-0237 (The EventON WordPress plugin through 4.5.8, EventON WordPress plugin b ...)
NOT-FOR-US: WordPress plugin
CVE-2024-0236 (The EventON WordPress plugin before 4.5.5, EventON WordPress plugin be ...)
NOT-FOR-US: WordPress plugin
@@ -10040,7 +10350,7 @@ CVE-2023-40921 (SQL Injection vulnerability in functions/point_list.php in Commo
NOT-FOR-US: Common Services soliberte
CVE-2023-31546 (Cross Site Scripting (XSS) vulnerability in DedeBIZ v6.0.3 allows atta ...)
NOT-FOR-US: DedeBIZ
-CVE-2023-50782 [Bleichenbacher timing oracle attack against RSA decryption - incomplete fix for CVE-2020-25659]
+CVE-2023-50782 (A flaw was found in the python-cryptography package. This issue may al ...)
- python-cryptography <unfixed> (bug #1059308)
[bookworm] - python-cryptography <no-dsa> (Minor issue)
[bullseye] - python-cryptography <no-dsa> (Minor issue)
@@ -10049,7 +10359,7 @@ CVE-2023-50782 [Bleichenbacher timing oracle attack against RSA decryption - inc
NOTE: https://people.redhat.com/~hkario/marvin/
NOTE: https://github.com/openssl/openssl/pull/13817
NOTE: CVE is for incomplete fix of CVE-2020-25659
-CVE-2023-50781 [Bleichenbacher timing attacks in the RSA decryption API - incomplete fix for CVE-2020-25657]
+CVE-2023-50781 (A flaw was found in m2crypto. This issue may allow a remote attacker t ...)
- m2crypto <unfixed> (bug #1059292)
[bookworm] - m2crypto <no-dsa> (Minor issue)
[bullseye] - m2crypto <no-dsa> (Minor issue)
@@ -35206,7 +35516,7 @@ CVE-2023-36830 (SQLFluff is a SQL linter. Prior to version 2.1.2, in environment
NOTE: https://github.com/sqlfluff/sqlfluff/security/advisories/GHSA-jqhc-m2j3-fjrx
NOTE: https://github.com/sqlfluff/sqlfluff/pull/4925
CVE-2023-36823 (Sanitize is an allowlist-based HTML and CSS sanitizer. Using carefully ...)
- {DLA-3652-1}
+ {DSA-5616-1 DLA-3652-1}
- ruby-sanitize 6.0.2-1 (bug #1041430)
NOTE: https://github.com/rgrove/sanitize/commit/76ed46e6dc70820f38efe27de8dabd54dddb5220 (v6.0.2)
NOTE: https://github.com/rgrove/sanitize/security/advisories/GHSA-f5ww-cq3m-q3g7
@@ -52086,8 +52396,8 @@ CVE-2023-28065 (Dell Command | Update, Dell Update, and Alienware Update version
NOT-FOR-US: Dell
CVE-2023-28064 (Dell BIOS contains an Out-of-bounds Write vulnerability. An unauthenti ...)
NOT-FOR-US: Dell
-CVE-2023-28063
- RESERVED
+CVE-2023-28063 (Dell BIOS contains a Signed to Unsigned Conversion Error vulnerability ...)
+ TODO: check
CVE-2023-28062 (Dell PPDM versions 19.12, 19.11 and 19.10, contain an improper access ...)
NOT-FOR-US: Dell
CVE-2023-28061 (Dell BIOS contains an improper input validation vulnerability. A local ...)
@@ -52114,8 +52424,8 @@ CVE-2023-28051 (Dell Power Manager, versions 3.10 and prior, contains an Imprope
NOT-FOR-US: Dell
CVE-2023-28050 (Dell BIOS contains an improper input validation vulnerability. A local ...)
NOT-FOR-US: Dell
-CVE-2023-28049
- RESERVED
+CVE-2023-28049 (Dell Command | Monitor, versions prior to 10.9, contain an arbitrary f ...)
+ TODO: check
CVE-2023-28048
RESERVED
CVE-2023-28047 (Dell Display Manager, versions 2.1.0 and prior, contains an arbitrary ...)
@@ -54436,8 +54746,8 @@ CVE-2023-27320 (Sudo before 1.9.13p2 has a double free in the per-command chroot
NOTE: https://github.com/sudo-project/sudo/commit/87ce69246869d9b9d69be278e29e0fc6a3cabdb9
CVE-2023-27319 (ONTAP Mediator versions prior to 1.7 are susceptible to a vulnerabili ...)
NOT-FOR-US: NetApp
-CVE-2023-27318
- RESERVED
+CVE-2023-27318 (StorageGRID (formerly StorageGRID Webscale) versions 11.6.0 through 1 ...)
+ TODO: check
CVE-2023-27317 (ONTAP 9 versions 9.12.1P8, 9.13.1P4, and 9.13.1P5 are susceptible to a ...)
NOT-FOR-US: ONTAP
CVE-2023-27316 (SnapCenter versions 4.8 through 4.9 are susceptible to a vulnerabilit ...)
@@ -59659,8 +59969,8 @@ CVE-2023-25547 (A CWE-863: Incorrect Authorization vulnerability exists that cou
NOT-FOR-US: Schneider
CVE-2023-25544 (Dell NetWorker versions 19.5 and earlier contain 'Apache Tomcat' versi ...)
NOT-FOR-US: Dell
-CVE-2023-25543
- RESERVED
+CVE-2023-25543 (Dell Power Manager, versions prior to 3.14, contain an Improper Author ...)
+ TODO: check
CVE-2023-25542 (Dell Trusted Device Agent, versions prior to 5.3.0, contain(s) an impr ...)
NOT-FOR-US: Dell
CVE-2023-25541
@@ -68135,12 +68445,12 @@ CVE-2023-22821
RESERVED
CVE-2023-22820
RESERVED
-CVE-2023-22819
- RESERVED
+CVE-2023-22819 (An uncontrolled resource consumption vulnerability issue that could ar ...)
+ TODO: check
CVE-2023-22818 (Multiple DLL Search Order Hijack vulnerabilities were addressed in the ...)
NOT-FOR-US: SanDisk Security Installer for Windows
-CVE-2023-22817
- RESERVED
+CVE-2023-22817 (Server-side request forgery (SSRF) vulnerability that could allow a ro ...)
+ TODO: check
CVE-2023-22816 (A post-authentication remote command injection vulnerability in a CGI ...)
NOT-FOR-US: Western Digital
CVE-2023-22815 (Post-authentication remote command injection vulnerability in Western ...)
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/2c1acf21017950024ea164192a6183a255c0bc64
--
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/2c1acf21017950024ea164192a6183a255c0bc64
You're receiving this email because of your account on salsa.debian.org.
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://alioth-lists.debian.net/pipermail/debian-security-tracker-commits/attachments/20240206/f7b08bcf/attachment-0001.htm>
More information about the debian-security-tracker-commits
mailing list