[Git][security-tracker-team/security-tracker][master] automatic update
Salvatore Bonaccorso (@carnil)
carnil at debian.org
Wed Feb 14 08:12:05 GMT 2024
Salvatore Bonaccorso pushed to branch master at Debian Security Tracker / security-tracker
Commits:
d1394f1d by security tracker role at 2024-02-14T08:11:52+00:00
automatic update
- - - - -
1 changed file:
- data/CVE/list
Changes:
=====================================
data/CVE/list
=====================================
@@ -1,3 +1,43 @@
+CVE-2024-25125 (Digdag is an open source tool that to build, run, schedule, and monito ...)
+ TODO: check
+CVE-2024-25121 (TYPO3 is an open source PHP based web content management system releas ...)
+ TODO: check
+CVE-2024-25120 (TYPO3 is an open source PHP based web content management system releas ...)
+ TODO: check
+CVE-2024-25119 (TYPO3 is an open source PHP based web content management system releas ...)
+ TODO: check
+CVE-2024-25118 (TYPO3 is an open source PHP based web content management system releas ...)
+ TODO: check
+CVE-2024-24699 (Business logic error in some Zoom clients may allow an authenticated u ...)
+ TODO: check
+CVE-2024-24698 (Improper authentication in some Zoom clients may allow a privileged us ...)
+ TODO: check
+CVE-2024-24697 (Untrusted search path in some Zoom 32 bit Windows clients may allow an ...)
+ TODO: check
+CVE-2024-24696 (Improper input validation in Zoom Desktop Client for Windows, Zoom VDI ...)
+ TODO: check
+CVE-2024-24695 (Improper input validation in Zoom Desktop Client for Windows, Zoom VDI ...)
+ TODO: check
+CVE-2024-24691 (Improper input validation in Zoom Desktop Client for Windows, Zoom VDI ...)
+ TODO: check
+CVE-2024-24690 (Improper input validation in some Zoom clients may allow an authentica ...)
+ TODO: check
+CVE-2024-24142 (Sourcecodester School Task Manager 1.0 allows SQL Injection via the 's ...)
+ TODO: check
+CVE-2024-22455 (Dell E-Lab Navigator, [3.1.9, 3.2.0], contains an Insecure Direct Obje ...)
+ TODO: check
+CVE-2024-1485 (A vulnerability was found in the decompression function of registry-su ...)
+ TODO: check
+CVE-2023-6152 (A user changing their email after signing up and verifying it can chan ...)
+ TODO: check
+CVE-2023-44293 (In Dell Secure Connect Gateway Application and Secure Connect Gateway ...)
+ TODO: check
+CVE-2023-44283 (In Dell SupportAssist for Home PCs (between v3.0 and v3.14.1) and Supp ...)
+ TODO: check
+CVE-2023-39249 (Dell SupportAssist for Business PCs version 3.4.0 contains a local Aut ...)
+ TODO: check
+CVE-2023-38960 (Insecure Permissions issue in Raiden Professional Server RaidenFTPD v. ...)
+ TODO: check
CVE-2024-1342
NOT-FOR-US: Red Hat OpenShift
CVE-2024-25122 (sidekiq-unique-jobs is an open source project which prevents simultane ...)
@@ -271,12 +311,15 @@ CVE-2023-31347 (Due to a code bug in Secure_TSC, SEV firmware may allow an attac
CVE-2023-31346 (Failure to initialize memory in SEV Firmware may allow a privileged at ...)
TODO: check
CVE-2023-4408 (The DNS message parsing code in `named` includes a section whose compu ...)
+ {DSA-5621-1}
- bind9 <unfixed>
NOTE: https://kb.isc.org/docs/cve-2023-4408
CVE-2023-5517 (A flaw in query-handling code can cause `named` to exit prematurely wi ...)
+ {DSA-5621-1}
- bind9 <unfixed>
NOTE: https://kb.isc.org/docs/cve-2023-5517
CVE-2023-5679 (A bad interaction between DNS64 and serve-stale may cause `named` to c ...)
+ {DSA-5621-1}
- bind9 <unfixed>
NOTE: https://kb.isc.org/docs/cve-2023-5679
CVE-2023-6516 (To keep its cache database efficient, `named` running as a recursive r ...)
@@ -287,6 +330,7 @@ CVE-2023-6516 (To keep its cache database efficient, `named` running as a recurs
NOTE: Issue is specific to 9.16.y. Mark the first version from 9.17.y series
NOTE: which entered unstable as the fixed version as workaround.
CVE-2023-50387
+ {DSA-5621-1 DSA-5620-1}
- dnsmasq 2.90-1
- bind9 <unfixed>
- pdns-recursor <unfixed> (bug #1063852)
@@ -297,6 +341,7 @@ CVE-2023-50387
NOTE: https://nlnetlabs.nl/downloads/unbound/CVE-2023-50387_CVE-2023-50868.txt
NOTE: Fixed by: https://github.com/NLnetLabs/unbound/commit/882903f2fa800c4cb6f5e225b728e2887bb7b9ae (release-1.19.1)
CVE-2023-50868
+ {DSA-5621-1 DSA-5620-1}
- dnsmasq 2.90-1
- bind9 <unfixed>
- pdns-recursor <unfixed> (bug #1063852)
@@ -1228,7 +1273,7 @@ CVE-2024-24810 (WiX toolset lets developers create installers for Windows Instal
NOT-FOR-US: WiX toolset
CVE-2024-24594 (A cross-site scripting (XSS) vulnerability in all versions of the web ...)
NOT-FOR-US: Allegro AI's ClearML platform
-CVE-2024-24593 (A cross-site request forgery (CSRF) vulnerability in all versions of t ...)
+CVE-2024-24593 (A cross-site request forgery (CSRF) vulnerability in all versions up t ...)
NOT-FOR-US: Allegro AI's ClearML platform
CVE-2024-24592 (Lack of authentication in all versions of the fileserver component of ...)
NOT-FOR-US: Allegro AI's ClearML platform
@@ -4317,7 +4362,8 @@ CVE-2023-42937 (A privacy issue was addressed with improved private data redacti
NOT-FOR-US: Apple
CVE-2023-42935 (An authentication issue was addressed with improved state management. ...)
NOT-FOR-US: Apple
-CVE-2023-42915 (Multiple issues were addressed by updating to curl version 8.4.0. This ...)
+CVE-2023-42915
+ REJECTED
NOT-FOR-US: Apple (bundling curl)
CVE-2023-42888 (The issue was addressed with improved checks. This issue is fixed in i ...)
NOT-FOR-US: Apple
@@ -5302,7 +5348,8 @@ CVE-2024-22491 (A Stored Cross Site Scripting (XSS) vulnerability in beetl-bbs 2
NOT-FOR-US: beetl-bbs
CVE-2024-0599 (A vulnerability was found in Jspxcms 10.2.0. It has been declared as p ...)
NOT-FOR-US: Jspxcms
-CVE-2024-0584 (A use-after-free issue was found in igmp_start_timer in net/ipv4/igmp. ...)
+CVE-2024-0584
+ REJECTED
- linux 6.6.8-1
[bookworm] - linux 6.1.66-1
[bullseye] - linux 5.10.205-1
@@ -61521,8 +61568,8 @@ CVE-2023-25537 (Dell PowerEdge 14G server BIOS versions prior to 2.18.1 and Dell
NOT-FOR-US: Dell
CVE-2023-25536 (Dell PowerScale OneFS 9.4.0.x contains exposure of sensitive informati ...)
NOT-FOR-US: Dell
-CVE-2023-25535
- RESERVED
+CVE-2023-25535 (Dell SupportAssist for Home PCs Installer Executable file version prio ...)
+ TODO: check
CVE-2023-22660 (A heap-based buffer overflow vulnerability exists in the way Ichitaro ...)
NOT-FOR-US: Ichitaro
CVE-2023-0731 (The Interactive Geo Maps plugin for WordPress is vulnerable to Stored ...)
@@ -78411,11 +78458,11 @@ CVE-2022-46423 (An exploitable firmware modification vulnerability was discovere
NOT-FOR-US: Netgear
CVE-2022-46422 (An issue in Netgear WNR2000 v1 1.2.3.7 and earlier allows authenticate ...)
NOT-FOR-US: Netgear
-CVE-2022-43486 (Hidden functionality vulnerability in Buffalo network devices WSR-3200 ...)
+CVE-2022-43486 (Hidden functionality vulnerability in Buffalo network devices allows a ...)
NOT-FOR-US: Buffalo network devices
-CVE-2022-43466 (Buffalo network devices WSR-3200AX4S firmware Ver. 1.26 and earlier, W ...)
+CVE-2022-43466 (OS command injection vulnerability in Buffalo network devices allows a ...)
NOT-FOR-US: Buffalo network devices
-CVE-2022-43443 (Buffalo network devices WSR-3200AX4S firmware Ver. 1.26 and earlier, W ...)
+CVE-2022-43443 (OS command injection vulnerability in Buffalo network devices allows a ...)
NOT-FOR-US: Buffalo network devices
CVE-2022-4294 (Norton, Avira, Avast and AVG Antivirus for Windows may be susceptible ...)
NOT-FOR-US: Norton
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/d1394f1d6f50e947b83b1db935b82af9ff3b7426
--
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/d1394f1d6f50e947b83b1db935b82af9ff3b7426
You're receiving this email because of your account on salsa.debian.org.
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://alioth-lists.debian.net/pipermail/debian-security-tracker-commits/attachments/20240214/a69d85d6/attachment-0001.htm>
More information about the debian-security-tracker-commits
mailing list