[Git][security-tracker-team/security-tracker][master] automatic update

Salvatore Bonaccorso (@carnil) carnil at debian.org
Sat Feb 10 08:12:08 GMT 2024 


Salvatore Bonaccorso pushed to branch master at Debian Security Tracker / security-tracker


Commits:
43f1d5cf by security tracker role at 2024-02-10T08:11:56+00:00
automatic update

- - - - -


1 changed file:

- data/CVE/list


Changes:

=====================================
data/CVE/list
=====================================
@@ -1,3 +1,57 @@
+CVE-2024-25109 (ManageWiki is a MediaWiki extension allowing users to manage wikis. Sp ...)
+	TODO: check
+CVE-2024-24831 (Improper Neutralization of Input During Web Page Generation ('Cross-si ...)
+	TODO: check
+CVE-2024-24828 (pkg is tool design to bundle Node.js projects into an executables. Any ...)
+	TODO: check
+CVE-2024-24804 (Improper Neutralization of Input During Web Page Generation ('Cross-si ...)
+	TODO: check
+CVE-2024-24803 (Improper Neutralization of Input During Web Page Generation ('Cross-si ...)
+	TODO: check
+CVE-2024-24801 (Improper Neutralization of Input During Web Page Generation ('Cross-si ...)
+	TODO: check
+CVE-2024-24717 (Improper Neutralization of Input During Web Page Generation ('Cross-si ...)
+	TODO: check
+CVE-2024-24713 (Improper Neutralization of Input During Web Page Generation ('Cross-si ...)
+	TODO: check
+CVE-2024-24712 (Improper Neutralization of Input During Web Page Generation ('Cross-si ...)
+	TODO: check
+CVE-2024-23327 (Envoy is a high-performance edge/middle/service proxy. When PPv2 is en ...)
+	TODO: check
+CVE-2024-23325 (Envoy is a high-performance edge/middle/service proxy. Envoy crashes i ...)
+	TODO: check
+CVE-2024-23324 (Envoy is a high-performance edge/middle/service proxy. External authen ...)
+	TODO: check
+CVE-2024-23323 (Envoy is a high-performance edge/middle/service proxy. The regex expre ...)
+	TODO: check
+CVE-2024-23322 (Envoy is a high-performance edge/middle/service proxy. Envoy will cras ...)
+	TODO: check
+CVE-2024-21624 (nonebot2 is a cross-platform Python asynchronous chatbot framework wri ...)
+	TODO: check
+CVE-2024-21490 (This affects versions of the package angular from 1.3.0. A regular exp ...)
+	TODO: check
+CVE-2024-1406 (A vulnerability was found in Linksys WRT54GL 4.30.18. It has been decl ...)
+	TODO: check
+CVE-2024-1405 (A vulnerability was found in Linksys WRT54GL 4.30.18. It has been clas ...)
+	TODO: check
+CVE-2024-1404 (A vulnerability was found in Linksys WRT54GL 4.30.18 and classified as ...)
+	TODO: check
+CVE-2024-0596 (The Awesome Support \u2013 WordPress HelpDesk & Support Plugin plugin  ...)
+	TODO: check
+CVE-2024-0595 (The Awesome Support \u2013 WordPress HelpDesk & Support Plugin plugin  ...)
+	TODO: check
+CVE-2024-0594 (The Awesome Support \u2013 WordPress HelpDesk & Support Plugin plugin  ...)
+	TODO: check
+CVE-2023-50349 (Sametime is impacted by a Cross Site Request Forgery (CSRF) vulnerabil ...)
+	TODO: check
+CVE-2023-45718 (Sametime is impacted by a failure to invalidate sessions.  The applica ...)
+	TODO: check
+CVE-2023-45716 (Sametime is impacted by sensitive information passed in URL.)
+	TODO: check
+CVE-2023-45698 (Sametime is impacted by lack of clickjacking protection in Outlook add ...)
+	TODO: check
+CVE-2023-45696 (Sametime is impacted by sensitive fields with autocomplete enabled in  ...)
+	TODO: check
 CVE-2024-XXXX [potential information disclosure vulnerability]
 	- diffoscope 256
 	NOTE: https://salsa.debian.org/reproducible-builds/diffoscope/-/issues/361
@@ -80,7 +134,7 @@ CVE-2024-1402 (Mattermost fails to check if a custom emoji reaction exists when
 	- mattermost-server <itp> (bug #823556)
 CVE-2024-1247 (Concrete CMS version 9 before 9.2.5 is vulnerable tostored XSS via the ...)
 	NOT-FOR-US: Concrete CMS
-CVE-2024-1246 (Concrete CMSin version 9 before 9.2.5is vulnerable to reflected XSS vi ...)
+CVE-2024-1246 (Concrete CMS in version 9 before 9.2.5 is vulnerable to reflected XSS  ...)
 	NOT-FOR-US: Concrete CMS
 CVE-2024-1245 (Concrete CMSversion 9 before 9.2.5 is vulnerable to stored XSS in file ...)
 	NOT-FOR-US: Concrete CMS
@@ -8736,7 +8790,7 @@ CVE-2023-6936
 	[bookworm] - wolfssl <no-dsa> (Minor issue)
 	[bullseye] - wolfssl <no-dsa> (Minor issue)
 	NOTE: https://github.com/wolfSSL/wolfssl/blob/v5.6.6-stable/ChangeLog.md#vulnerabilities
-CVE-2023-6935
+CVE-2023-6935 (wolfSSL SP Math All RSA implementation is vulnerable to the Marvin Att ...)
 	[experimental] - wolfssl 5.6.6-1
 	- wolfssl 5.6.6-1.2 (bug #1059357)
 	[bookworm] - wolfssl <no-dsa> (Minor issue)
@@ -53150,8 +53204,8 @@ CVE-2023-28079 (PowerPath for Windows, versions 7.0, 7.1 & 7.2 contains Insecure
 	NOT-FOR-US: PowerPath
 CVE-2023-28078
 	RESERVED
-CVE-2023-28077
-	RESERVED
+CVE-2023-28077 (Dell BSAFE SSL-J, versions prior to 6.5, and versions 7.0 and 7.1 cont ...)
+	TODO: check
 CVE-2023-28076 (CloudLink 7.1.2 and all prior versions contain a broken or risky crypt ...)
 	NOT-FOR-US: Dell
 CVE-2023-28075 (Dell BIOS contain a Time-of-check Time-of-use vulnerability in BIOS. A ...)



View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/43f1d5cf0bb97983f98708f60aa35cc3fb621b1f

-- 
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/43f1d5cf0bb97983f98708f60aa35cc3fb621b1f
You're receiving this email because of your account on salsa.debian.org.


-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://alioth-lists.debian.net/pipermail/debian-security-tracker-commits/attachments/20240210/66c90151/attachment.htm>

More information about the debian-security-tracker-commits mailing list