[Git][security-tracker-team/security-tracker][master] automatic update

Salvatore Bonaccorso (@carnil) carnil at debian.org
Thu Feb 15 08:12:50 GMT 2024 


Salvatore Bonaccorso pushed to branch master at Debian Security Tracker / security-tracker


Commits:
beb99bf1 by security tracker role at 2024-02-15T08:12:08+00:00
automatic update

- - - - -


1 changed file:

- data/CVE/list


Changes:

=====================================
data/CVE/list
=====================================
@@ -1,4 +1,56 @@
-CVE-2024-1488 [unrestricted reconfiguration enabled to anyone that may lead to local privilege escalation]
+CVE-2024-26264 (EBM Technologies RISWEB's specific query function parameter does not p ...)
+	TODO: check
+CVE-2024-26263 (EBM Technologies RISWEB's specific URL path is not properly controlled ...)
+	TODO: check
+CVE-2024-26262 (EBM Technologies Uniweb/SoliPACS WebServer's query functionality lacks ...)
+	TODO: check
+CVE-2024-26261 (The functionality for file download in HGiga OAKlouds' certain modules ...)
+	TODO: check
+CVE-2024-26260 (The functionality for synchronization in HGiga OAKlouds' certain moudu ...)
+	TODO: check
+CVE-2024-25941 (The jail(2) system call has not limited a visiblity of allocated TTYs  ...)
+	TODO: check
+CVE-2024-25940 (`bhyveload -h <host-path>` may be used to grant loader access to the < ...)
+	TODO: check
+CVE-2024-25620 (Helm is a tool for managing Charts. Charts are packages of pre-configu ...)
+	TODO: check
+CVE-2024-25619 (Mastodon is a free, open-source social network server based on Activit ...)
+	TODO: check
+CVE-2024-25618 (Mastodon is a free, open-source social network server based on Activit ...)
+	TODO: check
+CVE-2024-25617 (Squid is an open source caching proxy for the Web supporting HTTP, HTT ...)
+	TODO: check
+CVE-2024-25559 (URL spoofing vulnerability exists in a-blog cms Ver.3.1.0 to Ver.3.1.8 ...)
+	TODO: check
+CVE-2024-24386 (An issue in VitalPBX v.3.2.4-5 allows an attacker to execute arbitrary ...)
+	TODO: check
+CVE-2024-24301 (Command Injection vulnerability discovered in 4ipnet EAP-767 device v3 ...)
+	TODO: check
+CVE-2024-24300 (4ipnet EAP-767 v3.42.00 is vulnerable to Incorrect Access Control. The ...)
+	TODO: check
+CVE-2024-24256 (SQL Injection vulnerability in Yonyou space-time enterprise informatio ...)
+	TODO: check
+CVE-2024-21727 (XSS vulnerability in DP Calendar component for Joomla.)
+	TODO: check
+CVE-2024-1523 (EC-WEB FS-EZViewer(Web)'s query functionality lacks proper restriction ...)
+	TODO: check
+CVE-2024-1482 (An incorrect authorization vulnerability was identified in GitHub Ente ...)
+	TODO: check
+CVE-2024-1471 (An HTML injection vulnerability exists where an authenticated, remote  ...)
+	TODO: check
+CVE-2024-1367 (A command injection vulnerability exists where an authenticated, remot ...)
+	TODO: check
+CVE-2024-0708 (The Landing Page Cat \u2013 Coming Soon Page, Maintenance Page & Squee ...)
+	TODO: check
+CVE-2024-0353 (Local privilege escalation vulnerability potentially allowed an attack ...)
+	TODO: check
+CVE-2023-6138 (A potential security vulnerability has been identified in the system B ...)
+	TODO: check
+CVE-2023-51787 (An issue was discovered in Wind River VxWorks 7 22.09 and 23.03. If a  ...)
+	TODO: check
+CVE-2023-46596 (Improper input validation in Algosec FireFlow VisualFlow workflow edit ...)
+	TODO: check
+CVE-2024-1488 (A vulnerability was found in Unbound due to incorrect default permissi ...)
 	- unbound <not-affected> (RedHat specific patch vulnerability)
 	NOTE: https://bugzilla.redhat.com/show_bug.cgi?id=2264183
 CVE-2024-25301 (Redaxo v5.15.1 was discovered to contain a remote code execution (RCE) ...)
@@ -326,11 +378,11 @@ CVE-2023-28374 (Improper input validation for some Intel(R) PROSet/Wireless and
 	[bullseye] - firmware-nonfree <no-dsa> (Non-free not supported)
 	NOTE: https://www.intel.com/content/www/us/en/security-center/advisory/intel-sa-00947.html
 	NOTE: Fixed upstream in linux-firmware/20231211
-CVE-2023-49721
+CVE-2023-49721 (An insecure default to allow UEFI Shell in EDK2 was left enabled in LX ...)
 	- lxd <unfixed>
 	NOTE: https://www.openwall.com/lists/oss-security/2024/02/14/4
 	NOTE: https://bugs.launchpad.net/ubuntu/+source/lxd/+bug/2040139
-CVE-2023-48733
+CVE-2023-48733 (An insecure default to allow UEFI Shell in EDK2 was left enabled in Ub ...)
 	{DSA-5624-1}
 	- edk2 2023.11-7
 	NOTE: https://www.openwall.com/lists/oss-security/2024/02/14/4
@@ -363,7 +415,7 @@ CVE-2024-24142 (Sourcecodester School Task Manager 1.0 allows SQL Injection via
 	NOT-FOR-US: Sourcecodester School Task Manager
 CVE-2024-22455 (Dell E-Lab Navigator, [3.1.9, 3.2.0], contains an Insecure Direct Obje ...)
 	NOT-FOR-US: Dell
-CVE-2024-1485 (A vulnerability was found in the decompression function of registry-su ...)
+CVE-2024-1485 (A flaw was found in the decompression function of registry-support. Th ...)
 	NOT-FOR-US: OpenShift
 CVE-2023-6152 (A user changing their email after signing up and verifying it can chan ...)
 	- grafana <removed>
@@ -19240,7 +19292,7 @@ CVE-2023-5910 (A vulnerability was found in PopojiCMS 2.0.1 and classified as pr
 	NOT-FOR-US: PopojiCMS
 CVE-2023-47204 (Unsafe YAML deserialization in yaml.Loader in transmute-core before 1. ...)
 	NOT-FOR-US: transmute-core
-CVE-2023-46595 (Net-NTLM leak via stored HTML injection in FireFlow's VisualFlow workf ...)
+CVE-2023-46595 (Net-NTLM leak via HTML injection in FireFlow VisualFlow workflow edito ...)
 	NOT-FOR-US: Fireflow
 CVE-2023-46448 (Reflected Cross-Site Scripting (XSS) vulnerability in dmpop Mejiro Com ...)
 	NOT-FOR-US: dmpop Mejiro
@@ -70962,10 +71014,10 @@ CVE-2023-0077 (Integer overflow or wraparound vulnerability in CGI component in
 	NOT-FOR-US: Synology
 CVE-2022-4877 (A vulnerability has been found in snoyberg keter up to 1.8.1 and class ...)
 	NOT-FOR-US: snoyberg keter
-CVE-2022-48220
-	RESERVED
-CVE-2022-48219
-	RESERVED
+CVE-2022-48220 (Potential vulnerabilities have been identified in certain HP Desktop P ...)
+	TODO: check
+CVE-2022-48219 (Potential vulnerabilities have been identified in certain HP Desktop P ...)
+	TODO: check
 CVE-2022-48218
 	RESERVED
 CVE-2021-4305 (A vulnerability was found in Woorank robots-txt-guard. It has been rat ...)
@@ -149899,26 +149951,26 @@ CVE-2022-23094 (Libreswan 4.2 through 4.5 allows remote attackers to cause a den
 	NOTE: https://libreswan.org/security/CVE-2022-23094/CVE-2022-23094.txt
 	NOTE: https://libreswan.org/security/CVE-2022-23094/CVE-2022-23094-libreswan-4.2-4.3.patch (4.2-4.3)
 	NOTE: https://libreswan.org/security/CVE-2022-23094/CVE-2022-23094-libreswan-4.4-4.5.patch (4.4-4.5)
-CVE-2022-23093
-	RESERVED
-CVE-2022-23092
-	RESERVED
-CVE-2022-23091
-	RESERVED
-CVE-2022-23090
-	RESERVED
-CVE-2022-23089
-	RESERVED
-CVE-2022-23088
-	RESERVED
-CVE-2022-23087
-	RESERVED
-CVE-2022-23086
-	RESERVED
-CVE-2022-23085
-	RESERVED
-CVE-2022-23084
-	RESERVED
+CVE-2022-23093 (ping reads raw IP packets from the network to process responses in the ...)
+	TODO: check
+CVE-2022-23092 (The implementation of lib9p's handling of RWALK messages was missing a ...)
+	TODO: check
+CVE-2022-23091 (A particular case of memory sharing is mishandled in the virtual memor ...)
+	TODO: check
+CVE-2022-23090 (The aio_aqueue function, used by the lio_listio system call, fails to  ...)
+	TODO: check
+CVE-2022-23089 (When dumping core and saving process information, proc_getargv() might ...)
+	TODO: check
+CVE-2022-23088 (The 802.11 beacon handling routine failed to validate the length of an ...)
+	TODO: check
+CVE-2022-23087 (The e1000 network adapters permit a variety of modifications to an Eth ...)
+	TODO: check
+CVE-2022-23086 (Handlers for *_CFG_PAGE read / write ioctls in the mpr, mps, and mpt d ...)
+	TODO: check
+CVE-2022-23085 (A user-provided integer option was passed to nmreq_copyin() without ch ...)
+	TODO: check
+CVE-2022-23084 (The total size of the user-provided nmreq to nmreq_copyin() was first  ...)
+	TODO: check
 CVE-2022-23083 (NetMaster 12.2 Network Management for TCP/IP and NetMaster File Transf ...)
 	NOT-FOR-US: NetMaster
 CVE-2022-23082 (In CureKit versions v1.0.1 through v1.1.3 are vulnerable to path trave ...)
@@ -201090,21 +201142,21 @@ CVE-2021-29642 (GistPad before 0.2.7 allows a crafted workspace folder to change
 CVE-2021-29641 (Directus 8 before 8.8.2 allows remote authenticated users to execute a ...)
 	NOT-FOR-US: Directus
 CVE-2021-29640
-	RESERVED
+	REJECTED
 CVE-2021-29639
-	RESERVED
+	REJECTED
 CVE-2021-29638
-	RESERVED
+	REJECTED
 CVE-2021-29637
-	RESERVED
+	REJECTED
 CVE-2021-29636
-	RESERVED
+	REJECTED
 CVE-2021-29635
-	RESERVED
+	REJECTED
 CVE-2021-29634
-	RESERVED
+	REJECTED
 CVE-2021-29633
-	RESERVED
+	REJECTED
 CVE-2021-29632 (In FreeBSD 13.0-STABLE before n247428-9352de39c3dc, 12.2-STABLE before ...)
 	- kfreebsd-10 <removed> (unimportant)
 	NOTE: https://www.freebsd.org/security/advisories/FreeBSD-SA-22:01.vt.asc



View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/beb99bf1cb702eb5bb9f08e03aad91bb9a1e2b5e

-- 
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/beb99bf1cb702eb5bb9f08e03aad91bb9a1e2b5e
You're receiving this email because of your account on salsa.debian.org.


-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://alioth-lists.debian.net/pipermail/debian-security-tracker-commits/attachments/20240215/7ac5010c/attachment-0001.htm>

More information about the debian-security-tracker-commits mailing list