[Git][security-tracker-team/security-tracker][master] automatic update
Salvatore Bonaccorso (@carnil)
carnil at debian.org
Sun Feb 18 20:14:09 GMT 2024
Salvatore Bonaccorso pushed to branch master at Debian Security Tracker / security-tracker
Commits:
ce1ff5ff by security tracker role at 2024-02-18T20:12:16+00:00
automatic update
- - - - -
1 changed file:
- data/CVE/list
Changes:
=====================================
data/CVE/list
=====================================
@@ -1,3 +1,171 @@
+CVE-2024-25628 (Alf.io is a free and open source event attendance management system. I ...)
+ TODO: check
+CVE-2024-25627 (Alf.io is a free and open source event attendance management system. A ...)
+ TODO: check
+CVE-2024-25468 (An issue in TOTOLINK X5000R V.9.1.0u.6369_B20230113 allows a remote at ...)
+ TODO: check
+CVE-2024-25298 (An issue was discovered in REDAXO version 5.15.1, allows attackers to ...)
+ TODO: check
+CVE-2024-25297 (Cross Site Scripting (XSS) vulnerability in Bludit CMS version 3.15, a ...)
+ TODO: check
+CVE-2024-25113
+ REJECTED
+CVE-2024-25083 (An issue was discovered in BeyondTrust Privilege Management for Window ...)
+ TODO: check
+CVE-2024-24758 (Undici is an HTTP/1.1 client, written from scratch for Node.js. Undici ...)
+ TODO: check
+CVE-2024-24750 (Undici is an HTTP/1.1 client, written from scratch for Node.js. In aff ...)
+ TODO: check
+CVE-2024-22727 (Teltonika TRB1-series devices with firmware before TRB1_R_00.07.05.2 a ...)
+ TODO: check
+CVE-2024-22337 (IBM QRadar Suite 1.10.12.0 through 1.10.17.0 and IBM Cloud Pak for Sec ...)
+ TODO: check
+CVE-2024-22336 (IBM QRadar Suite 1.10.12.0 through 1.10.17.0 and IBM Cloud Pak for Sec ...)
+ TODO: check
+CVE-2024-22335 (IBM QRadar Suite 1.10.12.0 through 1.10.17.0 and IBM Cloud Pak for Sec ...)
+ TODO: check
+CVE-2024-21987 (SnapCenter versions 4.8 prior to 5.0 are susceptible to a vulnerabili ...)
+ TODO: check
+CVE-2024-21984 (StorageGRID (formerly StorageGRID Webscale) versions prior to 11.8 ar ...)
+ TODO: check
+CVE-2024-21983 (StorageGRID (formerly StorageGRID Webscale) versions prior to 11.8 ar ...)
+ TODO: check
+CVE-2024-21500 (All versions of the package github.com/greenpau/caddy-security are vul ...)
+ TODO: check
+CVE-2024-21499 (All versions of the package github.com/greenpau/caddy-security are vul ...)
+ TODO: check
+CVE-2024-21498 (All versions of the package github.com/greenpau/caddy-security are vul ...)
+ TODO: check
+CVE-2024-21497 (All versions of the package github.com/greenpau/caddy-security are vul ...)
+ TODO: check
+CVE-2024-21496 (All versions of the package github.com/greenpau/caddy-security are vul ...)
+ TODO: check
+CVE-2024-21495 (Versions of the package github.com/greenpau/caddy-security before 1.0. ...)
+ TODO: check
+CVE-2024-21494 (All versions of the package github.com/greenpau/caddy-security are vul ...)
+ TODO: check
+CVE-2024-21493 (All versions of the package github.com/greenpau/caddy-security are vul ...)
+ TODO: check
+CVE-2024-21492 (All versions of the package github.com/greenpau/caddy-security are vul ...)
+ TODO: check
+CVE-2024-20986 (Vulnerability in the Oracle WebLogic Server product of Oracle Fusion M ...)
+ TODO: check
+CVE-2024-20980 (Vulnerability in the Oracle BI Publisher product of Oracle Analytics ( ...)
+ TODO: check
+CVE-2024-20958 (Vulnerability in the Oracle Installed Base product of Oracle E-Busines ...)
+ TODO: check
+CVE-2024-20956 (Vulnerability in the Oracle Agile Product Lifecycle Management for Pro ...)
+ TODO: check
+CVE-2024-20953 (Vulnerability in the Oracle Agile PLM product of Oracle Supply Chain ( ...)
+ TODO: check
+CVE-2024-20951 (Vulnerability in the Oracle Customer Interaction History product of Or ...)
+ TODO: check
+CVE-2024-20949 (Vulnerability in the Oracle Customer Interaction History product of Or ...)
+ TODO: check
+CVE-2024-20947 (Vulnerability in the Oracle Common Applications product of Oracle E-Bu ...)
+ TODO: check
+CVE-2024-20943 (Vulnerability in the Oracle Knowledge Management product of Oracle E-B ...)
+ TODO: check
+CVE-2024-20941 (Vulnerability in the Oracle Installed Base product of Oracle E-Busines ...)
+ TODO: check
+CVE-2024-20939 (Vulnerability in the Oracle CRM Technical Foundation product of Oracle ...)
+ TODO: check
+CVE-2024-20937 (Vulnerability in the JD Edwards EnterpriseOne Tools product of Oracle ...)
+ TODO: check
+CVE-2024-20935 (Vulnerability in the Oracle Installed Base product of Oracle E-Busines ...)
+ TODO: check
+CVE-2024-20933 (Vulnerability in the Oracle Installed Base product of Oracle E-Busines ...)
+ TODO: check
+CVE-2024-20931 (Vulnerability in the Oracle WebLogic Server product of Oracle Fusion M ...)
+ TODO: check
+CVE-2024-20929 (Vulnerability in the Oracle Application Object Library product of Orac ...)
+ TODO: check
+CVE-2024-20927 (Vulnerability in the Oracle WebLogic Server product of Oracle Fusion M ...)
+ TODO: check
+CVE-2024-20917 (Vulnerability in the Oracle Enterprise Manager Base Platform product o ...)
+ TODO: check
+CVE-2024-20915 (Vulnerability in the Oracle Application Object Library product of Orac ...)
+ TODO: check
+CVE-2024-20913 (Vulnerability in the Oracle Business Intelligence Enterprise Edition p ...)
+ TODO: check
+CVE-2024-20911 (Vulnerability in Oracle Audit Vault and Database Firewall (component: ...)
+ TODO: check
+CVE-2024-20909 (Vulnerability in Oracle Audit Vault and Database Firewall (component: ...)
+ TODO: check
+CVE-2024-20907 (Vulnerability in the Oracle Web Applications Desktop Integrator produc ...)
+ TODO: check
+CVE-2024-20905 (Vulnerability in the JD Edwards EnterpriseOne Tools product of Oracle ...)
+ TODO: check
+CVE-2024-20903 (Vulnerability in the Java VM component of Oracle Database Server. Sup ...)
+ TODO: check
+CVE-2024-1512 (The MasterStudy LMS WordPress Plugin \u2013 for Online Courses and Edu ...)
+ TODO: check
+CVE-2024-0610 (The Piraeus Bank WooCommerce Payment Gateway plugin for WordPress is v ...)
+ TODO: check
+CVE-2023-6749 (Unchecked length coming from user input in settings shell)
+ TODO: check
+CVE-2023-6249 (Signed to unsigned conversion esp32_ipm_send)
+ TODO: check
+CVE-2023-5779 (can: out of bounds in remove_rx_filter function)
+ TODO: check
+CVE-2023-52387 (Resource reuse vulnerability in the GPU module. Successful exploitatio ...)
+ TODO: check
+CVE-2023-52381 (Script injection vulnerability in the email module.Successful exploita ...)
+ TODO: check
+CVE-2023-52380 (Vulnerability of improper access control in the email module.Successfu ...)
+ TODO: check
+CVE-2023-52379 (Permission control vulnerability in the calendarProvider module.Succes ...)
+ TODO: check
+CVE-2023-52378 (Vulnerability of incorrect service logic in the WindowManagerServices ...)
+ TODO: check
+CVE-2023-52377 (Vulnerability of input data not being verified in the cellular data mo ...)
+ TODO: check
+CVE-2023-52376 (Information management vulnerability in the Gallery module.Successful ...)
+ TODO: check
+CVE-2023-52375 (Permission control vulnerability in the WindowManagerServices module.S ...)
+ TODO: check
+CVE-2023-52374 (Permission control vulnerability in the package management module.Succ ...)
+ TODO: check
+CVE-2023-52373 (Vulnerability of permission verification in the content sharing pop-up ...)
+ TODO: check
+CVE-2023-52372 (Vulnerability of input parameter verification in the motor module.Succ ...)
+ TODO: check
+CVE-2023-52371 (Vulnerability of null references in the motor module.Successful exploi ...)
+ TODO: check
+CVE-2023-52370 (Stack overflow vulnerability in the network acceleration module.Succes ...)
+ TODO: check
+CVE-2023-52369 (Stack overflow vulnerability in the NFC module.Successful exploitation ...)
+ TODO: check
+CVE-2023-52368 (Input verification vulnerability in the account module.Successful expl ...)
+ TODO: check
+CVE-2023-52367 (Vulnerability of improper access control in the media library module.S ...)
+ TODO: check
+CVE-2023-52366 (Out-of-bounds read vulnerability in the smart activity recognition mod ...)
+ TODO: check
+CVE-2023-52365 (Out-of-bounds read vulnerability in the smart activity recognition mod ...)
+ TODO: check
+CVE-2023-52363 (Vulnerability of defects introduced in the design process in the Contr ...)
+ TODO: check
+CVE-2023-52362 (Permission management vulnerability in the lock screen module.Successf ...)
+ TODO: check
+CVE-2023-52361 (The VerifiedBoot module has a vulnerability that may cause authenticat ...)
+ TODO: check
+CVE-2023-52360 (Logic vulnerabilities in the baseband.Successful exploitation of this ...)
+ TODO: check
+CVE-2023-52358 (Vulnerability of configuration defects in some APIs of the audio modul ...)
+ TODO: check
+CVE-2023-52357 (Vulnerability of serialization/deserialization mismatch in the vibrati ...)
+ TODO: check
+CVE-2023-52097 (Vulnerability of foreground service restrictions being bypassed in the ...)
+ TODO: check
+CVE-2023-50951 (IBM QRadar Suite 1.10.12.0 through 1.10.17.0 and IBM Cloud Pak for Sec ...)
+ TODO: check
+CVE-2023-45918 (ncurses 6.4-20230610 has a NULL pointer dereference in tgetstr in tinf ...)
+ TODO: check
+CVE-2023-31728 (Teltonika RUT240 devices with firmware before 07.04.2, when bridge mod ...)
+ TODO: check
+CVE-2022-48621 (Vulnerability of missing authentication for critical functions in the ...)
+ TODO: check
CVE-2024-25466 (Directory Traversal vulnerability in React Native Document Picker befo ...)
NOT-FOR-US: React Native Document Picker
CVE-2024-25320 (Tongda OA v2017 and up to v11.9 was discovered to contain a SQL inject ...)
@@ -985,7 +1153,7 @@ CVE-2023-6516 (To keep its cache database efficient, `named` running as a recurs
NOTE: Issue is specific to 9.16.y. Mark the first version from 9.17.y series
NOTE: which entered unstable as the fixed version as workaround.
CVE-2023-50387 (Certain DNSSEC aspects of the DNS protocol (in RFC 4033, 4034, 4035, 6 ...)
- {DSA-5621-1 DSA-5620-1}
+ {DSA-5626-1 DSA-5621-1 DSA-5620-1}
- bind9 1:9.19.21-1
- dnsmasq 2.90-1
- knot-resolver 5.7.1-1
@@ -999,7 +1167,7 @@ CVE-2023-50387 (Certain DNSSEC aspects of the DNS protocol (in RFC 4033, 4034, 4
NOTE: https://nlnetlabs.nl/downloads/unbound/CVE-2023-50387_CVE-2023-50868.txt
NOTE: Fixed by: https://github.com/NLnetLabs/unbound/commit/882903f2fa800c4cb6f5e225b728e2887bb7b9ae (release-1.19.1)
CVE-2023-50868 (The Closest Encloser Proof aspect of the DNS protocol (in RFC 5155 whe ...)
- {DSA-5621-1 DSA-5620-1}
+ {DSA-5626-1 DSA-5621-1 DSA-5620-1}
- bind9 1:9.19.21-1
- dnsmasq 2.90-1
- knot-resolver 5.7.1-1
@@ -2505,7 +2673,7 @@ CVE-2023-32451 (Dell Display Manager application, version 2.1.1.17, contains a v
NOT-FOR-US: Dell
CVE-2024-24768 (1Panel is an open source Linux server operation and maintenance manage ...)
NOT-FOR-US: 1Panel
-CVE-2024-24762 (FastAPI is a web framework for building APIs with Python 3.8+ based on ...)
+CVE-2024-24762 (`python-multipart` is a streaming multipart parser for Python. When us ...)
- python-multipart <unfixed> (bug #1063538)
NOTE: Original report at fastapi: https://github.com/tiangolo/fastapi/security/advisories/GHSA-qf9m-vfgh-m389
NOTE: But the fix is within python-multipart:
@@ -5800,29 +5968,29 @@ CVE-2023-34379 (Missing Authorization vulnerability in MagneticOne Cart2Cart: Ma
NOT-FOR-US: WordPress plugin
CVE-2021-4434 (The Social Warfare plugin for WordPress is vulnerable to Remote Code E ...)
NOT-FOR-US: WordPress plugin
-CVE-2024-20968
+CVE-2024-20968 (Vulnerability in the MySQL Server product of Oracle MySQL (component: ...)
- mysql-8.0 8.0.35-1
-CVE-2024-20984
+CVE-2024-20984 (Vulnerability in the MySQL Server product of Oracle MySQL (component: ...)
- mysql-8.0 8.0.36-1 (bug #1061126)
-CVE-2024-20982
+CVE-2024-20982 (Vulnerability in the MySQL Server product of Oracle MySQL (component: ...)
- mysql-8.0 8.0.36-1 (bug #1061126)
-CVE-2024-20978
+CVE-2024-20978 (Vulnerability in the MySQL Server product of Oracle MySQL (component: ...)
- mysql-8.0 8.0.36-1 (bug #1061126)
-CVE-2024-20976
+CVE-2024-20976 (Vulnerability in the MySQL Server product of Oracle MySQL (component: ...)
- mysql-8.0 8.0.36-1 (bug #1061126)
-CVE-2024-20974
+CVE-2024-20974 (Vulnerability in the MySQL Server product of Oracle MySQL (component: ...)
- mysql-8.0 8.0.36-1 (bug #1061126)
-CVE-2024-20972
+CVE-2024-20972 (Vulnerability in the MySQL Server product of Oracle MySQL (component: ...)
- mysql-8.0 8.0.36-1 (bug #1061126)
-CVE-2024-20970
+CVE-2024-20970 (Vulnerability in the MySQL Server product of Oracle MySQL (component: ...)
- mysql-8.0 8.0.36-1 (bug #1061126)
-CVE-2024-20966
+CVE-2024-20966 (Vulnerability in the MySQL Server product of Oracle MySQL (component: ...)
- mysql-8.0 8.0.36-1 (bug #1061126)
-CVE-2024-20964
+CVE-2024-20964 (Vulnerability in the MySQL Server product of Oracle MySQL (component: ...)
- mysql-8.0 8.0.36-1 (bug #1061126)
-CVE-2024-20960
+CVE-2024-20960 (Vulnerability in the MySQL Server product of Oracle MySQL (component: ...)
- mysql-8.0 8.0.36-1 (bug #1061126)
-CVE-2024-20962
+CVE-2024-20962 (Vulnerability in the MySQL Server product of Oracle MySQL (component: ...)
- mysql-8.0 8.0.36-1 (bug #1061126)
CVE-2024-22916 (In D-LINK Go-RT-AC750 v101b03, the sprintf function in the sub_40E700 ...)
NOT-FOR-US: D-LINK
@@ -6012,11 +6180,11 @@ CVE-2024-0517 (Out of bounds write in V8 in Google Chrome prior to 120.0.6099.22
[buster] - chromium <end-of-life> (see DSA 5046)
CVE-2024-20922 (Vulnerability in the Oracle Java SE, Oracle GraalVM Enterprise Edition ...)
- openjfx <not-affected> (Only affects JavaFX 8)
-CVE-2024-20923
+CVE-2024-20923 (Vulnerability in the Oracle Java SE, Oracle GraalVM Enterprise Edition ...)
- openjfx <not-affected> (Only affects JavaFX 8)
-CVE-2024-20925
+CVE-2024-20925 (Vulnerability in the Oracle Java SE, Oracle GraalVM Enterprise Edition ...)
- openjfx <not-affected> (Only affects JavaFX 8)
-CVE-2024-20945
+CVE-2024-20945 (Vulnerability in the Oracle Java SE, Oracle GraalVM for JDK, Oracle Gr ...)
{DSA-5613-1 DSA-5604-1 DLA-3728-1}
- openjdk-8 8u402-ga-1
- openjdk-11 11.0.22+7-1
@@ -6028,13 +6196,13 @@ CVE-2024-20926 (Vulnerability in the Oracle Java SE, Oracle GraalVM for JDK, Ora
- openjdk-11 11.0.22+7-1
- openjdk-17 17.0.10+7-1
- openjdk-21 21.0.2+13-1
-CVE-2024-20921
+CVE-2024-20921 (Vulnerability in the Oracle Java SE, Oracle GraalVM for JDK, Oracle Gr ...)
{DSA-5613-1 DSA-5604-1 DLA-3728-1}
- openjdk-8 8u402-ga-1
- openjdk-11 11.0.22+7-1
- openjdk-17 17.0.10+7-1
- openjdk-21 21.0.2+13-1
-CVE-2024-20919
+CVE-2024-20919 (Vulnerability in the Oracle Java SE, Oracle GraalVM for JDK, Oracle Gr ...)
{DSA-5613-1 DSA-5604-1 DLA-3728-1}
- openjdk-8 8u402-ga-1
- openjdk-11 11.0.22+7-1
@@ -24991,6 +25159,7 @@ CVE-2023-33269 (An issue was discovered in DTS Monitoring 3.57.0. The parameter
CVE-2023-33268 (An issue was discovered in DTS Monitoring 3.57.0. The parameter port w ...)
NOT-FOR-US: DTS Monitoring
CVE-2023-5366 (A flaw was found in Open vSwitch that allows ICMPv6 Neighbor Advertise ...)
+ {DLA-3734-1}
- openvswitch 3.1.2-1
[bookworm] - openvswitch <no-dsa> (Minor issue)
[bullseye] - openvswitch <no-dsa> (Minor issue)
@@ -75587,8 +75756,8 @@ CVE-2023-21835 (Vulnerability in the Oracle Java SE, Oracle GraalVM Enterprise E
- openjdk-21 21~7ea-1
CVE-2023-21834 (Vulnerability in the Oracle Self-Service Human Resources product of Or ...)
NOT-FOR-US: Oracle
-CVE-2023-21833
- RESERVED
+CVE-2023-21833 (Vulnerability in the Oracle ZFS Storage Appliance Kit product of Oracl ...)
+ TODO: check
CVE-2023-21832 (Vulnerability in the Oracle BI Publisher product of Oracle Fusion Midd ...)
NOT-FOR-US: Oracle
CVE-2023-21831 (Vulnerability in the PeopleSoft Enterprise CS Academic Advisement prod ...)
@@ -93834,8 +94003,8 @@ CVE-2022-42445 (HCL Launch could allow a user with administrative privileges, in
NOT-FOR-US: HCL
CVE-2022-42444 (IBM App Connect Enterprise 11.0.0.8 through 11.0.0.19 and 12.0.1.0 thr ...)
NOT-FOR-US: IBM
-CVE-2022-42443
- RESERVED
+CVE-2022-42443 (An undisclosed issue in Trusteer iOS SDK for mobile versions prior to ...)
+ TODO: check
CVE-2022-42442 (IBM Robotic Process Automation for Cloud Pak 21.0.1, 21.0.2, 21.0.3, 2 ...)
NOT-FOR-US: IBM
CVE-2022-42441
@@ -95803,10 +95972,10 @@ CVE-2022-41740 (IBM Robotic Process Automation 20.12 through 21.0.6 could allow
NOT-FOR-US: IBM
CVE-2022-41739 (IBM Spectrum Scale (IBM Spectrum Scale Container Native Storage Access ...)
NOT-FOR-US: IBM
-CVE-2022-41738
- RESERVED
-CVE-2022-41737
- RESERVED
+CVE-2022-41738 (IBM Storage Scale Container Native Storage Access 5.1.2.1 -through 5.1 ...)
+ TODO: check
+CVE-2022-41737 (IBM Storage Scale Container Native Storage Access 5.1.2.1 through 5.1. ...)
+ TODO: check
CVE-2022-41736 (IBM Spectrum Scale Container Native Storage Access 5.1.2.1 through 5 ...)
NOT-FOR-US: IBM
CVE-2022-41735 (IBM Business Process Manager 21.0.1 through 21.0.3.1, 20.0.0.1 through ...)
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/ce1ff5ffa918c061c4d198b2e23f96e57c618b1c
--
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/ce1ff5ffa918c061c4d198b2e23f96e57c618b1c
You're receiving this email because of your account on salsa.debian.org.
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://alioth-lists.debian.net/pipermail/debian-security-tracker-commits/attachments/20240218/6040935d/attachment-0001.htm>
More information about the debian-security-tracker-commits
mailing list