[Git][security-tracker-team/security-tracker][master] automatic update
Salvatore Bonaccorso (@carnil)
carnil at debian.org
Fri Feb 9 08:11:45 GMT 2024
Salvatore Bonaccorso pushed to branch master at Debian Security Tracker / security-tracker
Commits:
115ec7bf by security tracker role at 2024-02-09T08:11:33+00:00
automatic update
- - - - -
1 changed file:
- data/CVE/list
Changes:
=====================================
data/CVE/list
=====================================
@@ -1,3 +1,101 @@
+CVE-2024-25107 (WikiDiscover is an extension designed for use with a CreateWiki manage ...)
+ TODO: check
+CVE-2024-25106 (OpenObserve is a observability platform built specifically for logs, m ...)
+ TODO: check
+CVE-2024-25004 (KiTTY versions 0.76.1.13 and before is vulnerable to a stack-based buf ...)
+ TODO: check
+CVE-2024-25003 (KiTTY versions 0.76.1.13 and before is vulnerable to a stack-based buf ...)
+ TODO: check
+CVE-2024-24830 (OpenObserve is a observability platform built specifically for logs, m ...)
+ TODO: check
+CVE-2024-24829 (Sentry is an error tracking and performance monitoring platform. Sentr ...)
+ TODO: check
+CVE-2024-24825 (DIRAC is a distributed resource framework. In affected versions any us ...)
+ TODO: check
+CVE-2024-24821 (Composer is a dependency Manager for the PHP language. In affected ver ...)
+ TODO: check
+CVE-2024-24820 (Icinga Director is a tool designed to make Icinga 2 configuration hand ...)
+ TODO: check
+CVE-2024-24819 (icingaweb2-module-incubator is a working project of bleeding edge Icin ...)
+ TODO: check
+CVE-2024-24499 (SQL Injection vulnerability in Employee Management System v.1.0 allows ...)
+ TODO: check
+CVE-2024-24498 (Unrestricted File Upload vulnerability in Employee Management System 1 ...)
+ TODO: check
+CVE-2024-24497 (SQL Injection vulnerability in Employee Management System v.1.0 allows ...)
+ TODO: check
+CVE-2024-24496 (An issue in Daily Habit Tracker v.1.0 allows a remote attacker to mani ...)
+ TODO: check
+CVE-2024-24495 (SQL Injection vulnerability in delete-tracker.php in Daily Habit Track ...)
+ TODO: check
+CVE-2024-24494 (Cross Site Scripting vulnerability in Daily Habit Tracker v.1.0 allows ...)
+ TODO: check
+CVE-2024-24393 (File Upload vulnerability index.php in Pichome v.1.1.01 allows a remot ...)
+ TODO: check
+CVE-2024-24308 (SQL Injection vulnerability in Boostmyshop (boostmyshopagent) module f ...)
+ TODO: check
+CVE-2024-23756 (The HTTP PUT and DELETE methods are enabled in the Plone official Dock ...)
+ TODO: check
+CVE-2024-23749 (KiTTY versions 0.76.1.13 and before is vulnerable to command injection ...)
+ TODO: check
+CVE-2024-23639 (Micronaut Framework is a modern, JVM-based, full stack Java framework ...)
+ TODO: check
+CVE-2024-22332 (The IBM Integration Bus for z/OS 10.1 through 10.1.0.2 AdminAPI is vul ...)
+ TODO: check
+CVE-2024-22318 (IBM i Access Client Solutions (ACS) 1.1.2 through 1.1.4 and 1.1.4.3 th ...)
+ TODO: check
+CVE-2024-1353 (A vulnerability, which was classified as critical, has been found in P ...)
+ TODO: check
+CVE-2024-1122 (The Event Manager, Events Calendar, Events Tickets for WooCommerce \u2 ...)
+ TODO: check
+CVE-2024-0842 (The Backuply \u2013 Backup, Restore, Migrate and Clone plugin for Word ...)
+ TODO: check
+CVE-2024-0657 (The Internal Link Juicer: SEO Auto Linker for WordPress plugin for Wor ...)
+ TODO: check
+CVE-2023-51761 (In Emerson Rosemount GC370XA, GC700XA, and GC1500XA products, an unaut ...)
+ TODO: check
+CVE-2023-51630 (Paessler PRTG Network Monitor Cross-Site Scripting Authentication Bypa ...)
+ TODO: check
+CVE-2023-50026 (SQL injection vulnerability in Presta Monster "Multi Accessories Pro" ...)
+ TODO: check
+CVE-2023-49716 (In Emerson Rosemount GC370XA, GC700XA, and GC1500XA products, an authe ...)
+ TODO: check
+CVE-2023-49101 (WebAdmin in Axigen 10.3.x before 10.3.3.61, 10.4.x before 10.4.24, and ...)
+ TODO: check
+CVE-2023-47132 (An issue discovered in N-able N-central before 2023.6 and earlier allo ...)
+ TODO: check
+CVE-2023-47131 (The N-able PassPortal extension before 3.29.2 for Chrome inserts sensi ...)
+ TODO: check
+CVE-2023-46687 (In Emerson Rosemount GC370XA, GC700XA, and GC1500XA products, an unaut ...)
+ TODO: check
+CVE-2023-46350 (SQL injection vulnerability in InnovaDeluxe "Manufacturer or supplier ...)
+ TODO: check
+CVE-2023-45191 (IBM Engineering Lifecycle Optimization 7.0.2 and 7.0.3 uses an inadequ ...)
+ TODO: check
+CVE-2023-45190 (IBM Engineering Lifecycle Optimization 7.0.2 and 7.0.3 is vulnerable t ...)
+ TODO: check
+CVE-2023-45187 (IBM Engineering Lifecycle Optimization - Publishing 7.0.2 and 7.0.3 do ...)
+ TODO: check
+CVE-2023-43609 (In Emerson Rosemount GC370XA, GC700XA, and GC1500XA products, an unaut ...)
+ TODO: check
+CVE-2023-42016 (IBM Sterling B2B Integrator Standard Edition 6.0.0.0 through 6.0.3.8 a ...)
+ TODO: check
+CVE-2023-40266 (An issue was discovered in Atos Unify OpenScape Xpressions WebAssistan ...)
+ TODO: check
+CVE-2023-40265 (An issue was discovered in Atos Unify OpenScape Xpressions WebAssistan ...)
+ TODO: check
+CVE-2023-40264 (An issue was discovered in Atos Unify OpenScape Voice Trace Manager V8 ...)
+ TODO: check
+CVE-2023-40263 (An issue was discovered in Atos Unify OpenScape Voice Trace Manager V8 ...)
+ TODO: check
+CVE-2023-40262 (An issue was discovered in Atos Unify OpenScape Voice Trace Manager V8 ...)
+ TODO: check
+CVE-2023-39683 (Cross Site Scripting (XSS) vulnerability in EasyEmail v.4.12.2 and bef ...)
+ TODO: check
+CVE-2023-32341 (IBM Sterling B2B Integrator 6.0.0.0 through 6.0.3.8 and 6.1.0.0 throug ...)
+ TODO: check
+CVE-2023-31506 (A cross-site scripting (XSS) vulnerability in Grav versions 1.7.44 and ...)
+ TODO: check
CVE-2023-4639 [Cookie Smuggling/Spoofing]
- undertow <unfixed>
NOTE: https://bugzilla.redhat.com/show_bug.cgi?id=2166022
@@ -739,7 +837,7 @@ CVE-2023-47354 (An issue in the PowerOffWidgetReceiver function of Super Reboot
NOT-FOR-US: Super Reboot (Root) Recovery
CVE-2023-47353 (An issue in the com.oneed.dvr.service.DownloadFirmwareService componen ...)
NOT-FOR-US: com.oneed.dvr.service.DownloadFirmwareService component of IMOU GO
-CVE-2023-47022 (An issue in NCR Terminal Handler v.1.5.1 allows a remote attacker to e ...)
+CVE-2023-47022 (Insecure Direct Object Reference in NCR Terminal Handler v.1.5.1 allow ...)
NOT-FOR-US: NCR Terminal Handler
CVE-2023-46360 (Hardy Barth cPH2 eCharge Ladestation v1.87.0 and earlier is vulnerable ...)
NOT-FOR-US: Hardy Barth cPH2 eCharge Ladestation
@@ -3277,6 +3375,7 @@ CVE-2024-23224 (The issue was addressed with improved checks. This issue is fixe
CVE-2024-23223 (A privacy issue was addressed with improved handling of files. This is ...)
NOT-FOR-US: Apple
CVE-2024-23222 (A type confusion issue was addressed with improved checks. This issue ...)
+ {DSA-5618-1}
- webkit2gtk 2.42.5-1
[buster] - webkit2gtk <end-of-life> (EOL in buster LTS)
- wpewebkit 2.42.5-1
@@ -3294,6 +3393,7 @@ CVE-2024-23215 (An issue was addressed with improved handling of temporary files
CVE-2024-23214 (Multiple memory corruption issues were addressed with improved memory ...)
NOT-FOR-US: Apple
CVE-2024-23213 (The issue was addressed with improved memory handling. This issue is f ...)
+ {DSA-5618-1}
- webkit2gtk 2.42.5-1
[buster] - webkit2gtk <end-of-life> (EOL in buster LTS)
- wpewebkit 2.42.5-1
@@ -3313,6 +3413,7 @@ CVE-2024-23208 (The issue was addressed with improved memory handling. This issu
CVE-2024-23207 (This issue was addressed with improved redaction of sensitive informat ...)
NOT-FOR-US: Apple
CVE-2024-23206 (An access issue was addressed with improved access restrictions. This ...)
+ {DSA-5618-1}
- webkit2gtk 2.42.5-1
[buster] - webkit2gtk <end-of-life> (EOL in buster LTS)
- wpewebkit 2.42.5-1
@@ -4603,7 +4704,7 @@ CVE-2024-21885 [Heap buffer overflow in XISendDeviceHierarchyEvent]
[bookworm] - xwayland <no-dsa> (Minor issue; Xwayland shouldn't be running as root)
NOTE: https://lists.x.org/archives/xorg/2024-January/061525.html
NOTE: https://gitlab.freedesktop.org/xorg/xserver/-/commit/4a5e9b1895627d40d26045bd0b7ef3dce503cbd1
-CVE-2024-0229 [Reattaching to different master device may lead to out-of-bounds memory access]
+CVE-2024-0229 (An out-of-bounds memory access flaw was found in the X.Org server. Thi ...)
{DSA-5603-1 DLA-3721-1}
- xorg-server 2:21.1.11-1
- xwayland 2:23.2.4-1
@@ -45082,7 +45183,7 @@ CVE-2023-30561 (The data flowing between the PCU and its modules is insecure. A
NOT-FOR-US: Alarisa
CVE-2023-30560 (The configuration from the PCU can be modified without authentication ...)
NOT-FOR-US: Alarisa
-CVE-2023-30559 (The configuration from the PCU can be modified without authentication ...)
+CVE-2023-30559 (The firmware update package for the wireless card is not properly sign ...)
NOT-FOR-US: Alarisa
CVE-2023-30558 (Archery is an open source SQL audit platform. The Archery project cont ...)
NOT-FOR-US: Archery
@@ -56108,8 +56209,8 @@ CVE-2023-27003
RESERVED
CVE-2023-27002
RESERVED
-CVE-2023-27001
- RESERVED
+CVE-2023-27001 (An issue discovered in Egerie Risk Manager v4.0.5 allows attackers to ...)
+ TODO: check
CVE-2023-27000 (Cross Site Scripting vulnerability found in NetScoutnGeniusOne v.6.3.4 ...)
NOT-FOR-US: NetScoutnGeniusOne
CVE-2023-26999 (An issue found in NetScout nGeniusOne v.6.3.4 allows a remote attacker ...)
@@ -61070,8 +61171,8 @@ CVE-2023-25367 (Siglent SDS 1104X-E SDS1xx4X-E_V6.1.37R9.ADS allows unfiltered u
NOT-FOR-US: Siglent SDS 1104X-E SDS1xx4X-E_V6.1.37R9.ADS
CVE-2023-25366 (In Siglent SDS 1104X-E SDS1xx4X-E_V6.1.37R9.ADS, insecure SCPI interfa ...)
NOT-FOR-US: Siglent SDS 1104X-E SDS1xx4X-E_V6.1.37R9.ADS
-CVE-2023-25365
- RESERVED
+CVE-2023-25365 (Cross Site Scripting vulnerability found in October CMS v.3.2.0 allows ...)
+ TODO: check
CVE-2023-25364
RESERVED
CVE-2023-25363 (A use-after-free vulnerability in WebCore::RenderLayer::updateDescenda ...)
@@ -135911,7 +136012,7 @@ CVE-2022-0933
CVE-2022-0932 (Missing Authorization in GitHub repository saleor/saleor prior to 3.1. ...)
NOT-FOR-US: saleor
CVE-2022-0931
- RESERVED
+ REJECTED
NOT-FOR-US: Red Hat 3scale API gateway
CVE-2022-0930 (File upload filter bypass leading to stored XSS in GitHub repository m ...)
NOT-FOR-US: microweber
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/115ec7bf14c5548ad341715497543d7522ffc1f8
--
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/115ec7bf14c5548ad341715497543d7522ffc1f8
You're receiving this email because of your account on salsa.debian.org.
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://alioth-lists.debian.net/pipermail/debian-security-tracker-commits/attachments/20240209/f83772ee/attachment-0001.htm>
More information about the debian-security-tracker-commits
mailing list