[Git][security-tracker-team/security-tracker][master] automatic update

Salvatore Bonaccorso (@carnil) carnil at debian.org
Thu Feb 8 08:12:13 GMT 2024 


Salvatore Bonaccorso pushed to branch master at Debian Security Tracker / security-tracker


Commits:
b91383ac by security tracker role at 2024-02-08T08:12:02+00:00
automatic update

- - - - -


1 changed file:

- data/CVE/list


Changes:

=====================================
data/CVE/list
=====================================
@@ -1,3 +1,51 @@
+CVE-2024-25148 (In Liferay Portal 7.2.0 through 7.4.1, and older unsupported versions, ...)
+	TODO: check
+CVE-2024-25146 (Liferay Portal 7.2.0 through 7.4.1, and older unsupported versions, an ...)
+	TODO: check
+CVE-2024-25144 (The IFrame widget in Liferay Portal 7.2.0 through 7.4.3.26, and older  ...)
+	TODO: check
+CVE-2024-24806 (libuv is a multi-platform support library with a focus on asynchronous ...)
+	TODO: check
+CVE-2024-24350 (File Upload vulnerability in Software Publico e-Sic Livre v.2.0 and be ...)
+	TODO: check
+CVE-2024-24216 (Zentao v18.0 to v18.10 was discovered to contain a remote code executi ...)
+	TODO: check
+CVE-2024-24202 (An arbitrary file upload vulnerability in /upgrade/control.php of ZenT ...)
+	TODO: check
+CVE-2024-24091 (Yealink Meeting Server before v26.0.0.66 was discovered to contain an  ...)
+	TODO: check
+CVE-2024-24026 (An arbitrary File upload vulnerability exists in Novel-Plus v4.3.0-RC1 ...)
+	TODO: check
+CVE-2024-24025 (An arbitrary File upload vulnerability exists in Novel-Plus v4.3.0-RC1 ...)
+	TODO: check
+CVE-2024-24024 (An arbitrary File download vulnerability exists in Novel-Plus v4.3.0-R ...)
+	TODO: check
+CVE-2024-24023 (A SQL injection vulnerability exists in Novel-Plus v4.3.0-RC1 and prio ...)
+	TODO: check
+CVE-2024-24021 (A SQL injection vulnerability exists in Novel-Plus v4.3.0-RC1 and prio ...)
+	TODO: check
+CVE-2024-24018 (A SQL injection vulnerability exists in Novel-Plus v4.3.0-RC1 and prio ...)
+	TODO: check
+CVE-2024-24017 (A SQL injection vulnerability exists in Novel-Plus v4.3.0-RC1 and prio ...)
+	TODO: check
+CVE-2024-24014 (A SQL injection vulnerability exists in Novel-Plus v4.3.0-RC1 and prio ...)
+	TODO: check
+CVE-2024-24003 (jshERP v3.3 is vulnerable to SQL Injection. The com.jsh.erp.controller ...)
+	TODO: check
+CVE-2024-23448 (An issue was discovered whereby APM Server could log at ERROR level, a ...)
+	TODO: check
+CVE-2024-22394 (An improper authentication vulnerability has been identified in SonicW ...)
+	TODO: check
+CVE-2024-0511 (The Royal Elementor Addons and Templates plugin for WordPress is vulne ...)
+	TODO: check
+CVE-2023-6736 (An issue has been discovered in GitLab EE affecting all versions start ...)
+	TODO: check
+CVE-2023-5665 (The Payment Forms for Paystack plugin for WordPress is vulnerable to S ...)
+	TODO: check
+CVE-2023-48974 (Cross Site Scripting vulnerability in Axigen WebMail v.10.5.7 and befo ...)
+	TODO: check
+CVE-2023-47798 (Account lockout in Liferay Portal 7.2.0 through 7.3.0, and older unsup ...)
+	TODO: check
 CVE-2024-1312 [mm: lock_vma_under_rcu() must check vma->anon_vma under vma lock]
 	- linux 6.4.11-1
 	[bookworm] - linux <not-affected> (Vulnerable code not present)
@@ -6,13 +54,13 @@ CVE-2024-1312 [mm: lock_vma_under_rcu() must check vma->anon_vma under vma lock]
 	NOTE: https://git.kernel.org/linus/657b5146955eba331e01b9a6ae89ce2e716ba306 (6.5-rc4)
 CVE-2024-1300
 	NOT-FOR-US: Eclipse Vertx
-CVE-2024-1066 [Resource exhaustion using GraphQL vulnerabilitiesCountByDay]
+CVE-2024-1066 (An issue has been discovered in GitLab EE affecting all versions from  ...)
 	- gitlab <unfixed>
 	NOTE: https://about.gitlab.com/releases/2024/02/07/security-release-gitlab-16-8-2-released/#resource-exhaustion-using-graphql-vulnerabilitiescountbyday
 CVE-2023-6386 [ReDoS in CI/CD Pipeline Editor while verifying Pipeline syntax]
 	- gitlab <unfixed>
 	NOTE: https://about.gitlab.com/releases/2024/02/07/security-release-gitlab-16-8-2-released/#redos-in-ci/cd-pipeline-editor-while-verifying-pipeline-syntax
-CVE-2023-6840 [Project maintainers can bypass group's scan result policy block_branch_modification setting]
+CVE-2023-6840 (An issue has been discovered in GitLab EE affecting all versions from  ...)
 	- gitlab <unfixed>
 	NOTE: https://about.gitlab.com/releases/2024/02/07/security-release-gitlab-16-8-2-released/#project-maintainers-can-bypass-groups-scan-result-policy-block_branch_modification-setting
 CVE-2024-1250 [Restrict group access token creation for custom roles]
@@ -11474,13 +11522,13 @@ CVE-2023-XXXX [RCE vulnerability in WP_HTML_Token class]
 	[buster] - wordpress <not-affected> (Vulnerable code not present)
 	NOTE: https://wordpress.org/documentation/wordpress-version/version-6-4-2/#installation-update-information
 	NOTE: https://www.wordfence.com/blog/2023/12/psa-critical-pop-chain-allowing-remote-code-execution-patched-in-wordpress-6-4-2/
-CVE-2023-6536 [NULL pointer dereference in __nvmet_req_complete]
+CVE-2023-6536 (A flaw was found in the Linux kernel's NVMe driver. This issue may all ...)
 	- linux <unfixed>
 	NOTE: https://bugzilla.redhat.com/show_bug.cgi?id=2254052
-CVE-2023-6535 [NULL pointer dereference in nvmet_tcp_execute_request]
+CVE-2023-6535 (A flaw was found in the Linux kernel's NVMe driver. This issue may all ...)
 	- linux <unfixed>
 	NOTE: https://bugzilla.redhat.com/show_bug.cgi?id=2254053
-CVE-2023-6356 [NULL pointer dereference in nvmet_tcp_build_iovec]
+CVE-2023-6356 (A flaw was found in the Linux kernel's NVMe driver. This issue may all ...)
 	- linux <unfixed>
 	NOTE: https://bugzilla.redhat.com/show_bug.cgi?id=2254054
 CVE-2023-39804 [Incorrectly handled extension attributes in PAX archives can lead to a crash]



View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/b91383ac0e24f3e0eefecbdb0bd26dce74cab3d4

-- 
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/b91383ac0e24f3e0eefecbdb0bd26dce74cab3d4
You're receiving this email because of your account on salsa.debian.org.


-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://alioth-lists.debian.net/pipermail/debian-security-tracker-commits/attachments/20240208/dd829c75/attachment.htm>

More information about the debian-security-tracker-commits mailing list