[Git][security-tracker-team/security-tracker][master] automatic update
Salvatore Bonaccorso (@carnil)
carnil at debian.org
Wed Feb 7 21:05:16 GMT 2024
Salvatore Bonaccorso pushed to branch master at Debian Security Tracker / security-tracker
Commits:
8fcaa299 by security tracker role at 2024-02-07T20:11:41+00:00
automatic update
- - - - -
1 changed file:
- data/CVE/list
Changes:
=====================================
data/CVE/list
=====================================
@@ -1,3 +1,87 @@
+CVE-2024-25201 (Espruino 2v20 (commit fcc9ba4) was discovered to contain an Out-of-bou ...)
+ TODO: check
+CVE-2024-25200 (Espruino 2v20 (commit fcc9ba4) was discovered to contain a Stack Overf ...)
+ TODO: check
+CVE-2024-25145 (Stored cross-site scripting (XSS) vulnerability in the Portal Search m ...)
+ TODO: check
+CVE-2024-25143 (The Document and Media widget In Liferay Portal 7.2.0 through 7.3.6, a ...)
+ TODO: check
+CVE-2024-24824 (Graylog is a free and open log management platform. Starting in versio ...)
+ TODO: check
+CVE-2024-24823 (Graylog is a free and open log management platform. Starting in versio ...)
+ TODO: check
+CVE-2024-24822 (Pimcore's Admin Classic Bundle provides a backend user interface for P ...)
+ TODO: check
+CVE-2024-24816 (CKEditor4 is an open source what-you-see-is-what-you-get HTML editor. ...)
+ TODO: check
+CVE-2024-24815 (CKEditor4 is an open source what-you-see-is-what-you-get HTML editor. ...)
+ TODO: check
+CVE-2024-24812 (Frappe is a full-stack web application framework that uses Python and ...)
+ TODO: check
+CVE-2024-24811 (SQLAlchemyDA is a generic database adapter for ZSQL methods. A vulnera ...)
+ TODO: check
+CVE-2024-24771 (Open Forms allows users create and publish smart forms. Versions prior ...)
+ TODO: check
+CVE-2024-24706 (Cross-Site Request Forgery (CSRF) vulnerability in Forum One WP-CFM wp ...)
+ TODO: check
+CVE-2024-24563 (Vyper is a Pythonic Smart Contract Language for the Ethereum Virtual M ...)
+ TODO: check
+CVE-2024-24488 (An issue in Shenzen Tenda Technology CP3V2.0 V11.10.00.2311090948 allo ...)
+ TODO: check
+CVE-2024-24311 (Path Traversal vulnerability in Linea Grafica "Multilingual and Multis ...)
+ TODO: check
+CVE-2024-24304 (In the module "Mailjet" (mailjet) from Mailjet for PrestaShop before v ...)
+ TODO: check
+CVE-2024-24303 (SQL Injection vulnerability in HiPresta "Gift Wrapping Pro" (hiadvance ...)
+ TODO: check
+CVE-2024-24189 (Jsish v3.5.0 (commit 42c694c) was discovered to contain a use-after-fr ...)
+ TODO: check
+CVE-2024-24188 (Jsish v3.5.0 was discovered to contain a heap-buffer-overflow in ./src ...)
+ TODO: check
+CVE-2024-24186 (Jsish v3.5.0 (commit 42c694c) was discovered to contain a stack-overfl ...)
+ TODO: check
+CVE-2024-24133 (Atmail v6.6.0 was discovered to contain a SQL injection vulnerability ...)
+ TODO: check
+CVE-2024-24131 (SuperWebMailer v9.31.0.01799 was discovered to contain a reflected cro ...)
+ TODO: check
+CVE-2024-24130 (Mail2World v12 Business Control Center was discovered to contain a ref ...)
+ TODO: check
+CVE-2024-23806 (Sensitive data can be extracted from HID iCLASS SE reader configuratio ...)
+ TODO: check
+CVE-2024-23769 (Improper privilege control for the named pipe in Samsung Magician PC S ...)
+ TODO: check
+CVE-2024-22984
+ REJECTED
+CVE-2024-22012 (In TBD of TBD, there is a possible out of bounds write due to a missin ...)
+ TODO: check
+CVE-2024-20290 (A vulnerability in the OLE2 file format parser of ClamAV could allow a ...)
+ TODO: check
+CVE-2024-20255 (A vulnerability in the SOAP API of Cisco Expressway Series and Cisco T ...)
+ TODO: check
+CVE-2024-20254 (Multiple vulnerabilities in Cisco Expressway Series and Cisco TelePres ...)
+ TODO: check
+CVE-2024-20252 (Multiple vulnerabilities in Cisco Expressway Series and Cisco TelePres ...)
+ TODO: check
+CVE-2024-1118 (The Podlove Subscribe button plugin for WordPress is vulnerable to UNI ...)
+ TODO: check
+CVE-2024-1110 (The Podlove Podcast Publisher plugin for WordPress is vulnerable to un ...)
+ TODO: check
+CVE-2024-1109 (The Podlove Podcast Publisher plugin for WordPress is vulnerable to un ...)
+ TODO: check
+CVE-2023-47700 (IBM SAN Volume Controller, IBM Storwize, IBM FlashSystem and IBM Stora ...)
+ TODO: check
+CVE-2023-46914 (SQL Injection vulnerability in RM bookingcalendar module for PrestaSho ...)
+ TODO: check
+CVE-2023-43017 (IBM Security Verify Access 10.0.0.0 through 10.0.6.1 could allow a pri ...)
+ TODO: check
+CVE-2023-38995 (An issue in SCHUHFRIED v.8.22.00 allows remote attacker to obtain the ...)
+ TODO: check
+CVE-2023-38369 (IBM Security Access Manager Container 10.0.0.0 through 10.0.6.1 does n ...)
+ TODO: check
+CVE-2023-32330 (IBM Security Verify Access 10.0.0.0 through 10.0.6.1 uses insecure cal ...)
+ TODO: check
+CVE-2023-32328 (IBM Security Verify Access 10.0.0.0 through 10.0.6.1 uses insecure pro ...)
+ TODO: check
CVE-2024-25140 (A default installation of RustDesk 1.2.3 on Windows places a WDKTestCe ...)
NOT-FOR-US: RustDesk
CVE-2024-24943 (In JetBrains Toolbox App before 2.2 a DoS attack was possible via a ma ...)
@@ -7579,7 +7663,7 @@ CVE-2023-52084 (Winter is a free, open-source content management system. Prior t
NOT-FOR-US: Winter CMS
CVE-2023-52083 (Winter is a free, open-source content management system. Prior to 1.2 ...)
NOT-FOR-US: Winter CMS
-CVE-2023-51437
+CVE-2023-51437 (Observable timing discrepancy vulnerability in Apache Pulsar SASL Auth ...)
NOT-FOR-US: Apache Pulsar
CVE-2023-51435 (Some Honor products are affected by incorrect privilege assignment vul ...)
NOT-FOR-US: Honor
@@ -23778,7 +23862,7 @@ CVE-2023-40375 (Integrated application server for IBM i 7.2, 7.3, 7.4, and 7.5 c
NOT-FOR-US: IBM
CVE-2023-40307 (An attacker with standard privileges on macOS when requesting administ ...)
NOT-FOR-US: SAP
-CVE-2023-39196
+CVE-2023-39196 (Improper Authentication vulnerability in Apache Ozone. The vulnerabil ...)
NOT-FOR-US: Apache Ozone
CVE-2023-39195
REJECTED
@@ -43171,8 +43255,8 @@ CVE-2023-31004 (IBM Security Access Manager Container (IBM Security Verify Acces
NOT-FOR-US: IBM
CVE-2023-31003 (IBM Security Access Manager Container (IBM Security Verify Access Appl ...)
NOT-FOR-US: IBM
-CVE-2023-31002
- RESERVED
+CVE-2023-31002 (IBM Security Access Manager Container 10.0.0.0 through 10.0.6.1 tempor ...)
+ TODO: check
CVE-2023-31001 (IBM Security Access Manager Container (IBM Security Verify Access Appl ...)
NOT-FOR-US: IBM
CVE-2023-31000
@@ -74075,7 +74159,7 @@ CVE-2022-47438 (Auth. (editor+) Stored Cross-Site Scripting (XSS) vulnerability
NOT-FOR-US: WordPress plugin
CVE-2022-47437 (Auth. (admin+) Stored Cross-Site Scripting (XSS) vulnerability in Bran ...)
NOT-FOR-US: WordPress plugin
-CVE-2022-47436 (Auth. (admin+) Stored Cross-Site Scripting (XSS) vulnerability in Mant ...)
+CVE-2022-47436 (Improper Neutralization of Input During Web Page Generation ('Cross-si ...)
NOT-FOR-US: WordPress plugin
CVE-2022-47435 (Auth. (admin+) Stored Cross-Site Scripting (XSS) vulnerability in Oliv ...)
NOT-FOR-US: WordPress plugin
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/8fcaa299747bf49998d2ba4ad513ee22d5fb969f
--
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/8fcaa299747bf49998d2ba4ad513ee22d5fb969f
You're receiving this email because of your account on salsa.debian.org.
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://alioth-lists.debian.net/pipermail/debian-security-tracker-commits/attachments/20240207/28e8c0e5/attachment.htm>
More information about the debian-security-tracker-commits
mailing list