[Git][security-tracker-team/security-tracker][master] automatic update
Salvatore Bonaccorso (@carnil)
carnil at debian.org
Tue Feb 20 20:12:43 GMT 2024
Salvatore Bonaccorso pushed to branch master at Debian Security Tracker / security-tracker
Commits:
17cd7980 by security tracker role at 2024-02-20T20:12:29+00:00
automatic update
- - - - -
1 changed file:
- data/CVE/list
Changes:
=====================================
data/CVE/list
=====================================
@@ -1,11 +1,345 @@
-CVE-2023-52434 [smb: client: fix potential OOBs in smb2_parse_contexts()]
+CVE-2024-26270 (The Account Settings page in Liferay Portal 7.4.3.76 through 7.4.3.99, ...)
+ TODO: check
+CVE-2024-26268 (User enumeration vulnerability in Liferay Portal 7.2.0 through 7.4.3.2 ...)
+ TODO: check
+CVE-2024-26267 (In Liferay Portal 7.2.0 through 7.4.3.25, and older unsupported versio ...)
+ TODO: check
+CVE-2024-26265 (The Image Uploader module in Liferay Portal 7.2.0 through 7.4.3.15, an ...)
+ TODO: check
+CVE-2024-26135 (MeshCentral is a full computer management web site. Versions prior to ...)
+ TODO: check
+CVE-2024-26132 (Element Android is an Android Matrix Client. A third-party malicious a ...)
+ TODO: check
+CVE-2024-26131 (Element Android is an Android Matrix Client. Element Android version 1 ...)
+ TODO: check
+CVE-2024-25631 (Cilium is a networking, observability, and security solution with an e ...)
+ TODO: check
+CVE-2024-25630 (Cilium is a networking, observability, and security solution with an e ...)
+ TODO: check
+CVE-2024-25610 (In Liferay Portal 7.2.0 through 7.4.3.12, and older unsupported versio ...)
+ TODO: check
+CVE-2024-25609 (HtmlUtil.escapeRedirect in Liferay Portal 7.2.0 through 7.4.3.12, and ...)
+ TODO: check
+CVE-2024-25608 (HtmlUtil.escapeRedirect in Liferay Portal 7.2.0 through 7.4.3.18, and ...)
+ TODO: check
+CVE-2024-25607 (The default password hashing algorithm (PBKDF2-HMAC-SHA1) in Liferay P ...)
+ TODO: check
+CVE-2024-25606 (XXE vulnerability in Liferay Portal 7.2.0 through 7.4.3.7, and older u ...)
+ TODO: check
+CVE-2024-25605 (The Journal module in Liferay Portal 7.2.0 through 7.4.3.4, and older ...)
+ TODO: check
+CVE-2024-25604 (Liferay Portal 7.2.0 through 7.4.3.4, and older unsupported versions, ...)
+ TODO: check
+CVE-2024-25366 (Buffer Overflow vulnerability in mz-automation.de libiec61859 v.1.4.0 ...)
+ TODO: check
+CVE-2024-25274 (An arbitrary file upload vulnerability in the component /sysFile/uploa ...)
+ TODO: check
+CVE-2024-25262 (texlive-bin commit c515e was discovered to contain heap buffer overflo ...)
+ TODO: check
+CVE-2024-25260 (elfutils v0.189 was discovered to contain a NULL pointer dereference v ...)
+ TODO: check
+CVE-2024-25199 (Inappropriate pointer order of map_sub_ and map_free(map_) (amcl_node. ...)
+ TODO: check
+CVE-2024-25198 (Inappropriate pointer order of laser_scan_filter_.reset() and tf_liste ...)
+ TODO: check
+CVE-2024-25197 (Open Robotics Robotic Operating Sytstem 2 (ROS2) and Nav2 humble versi ...)
+ TODO: check
+CVE-2024-25196 (Open Robotics Robotic Operating Sytstem 2 (ROS2) and Nav2 humble versi ...)
+ TODO: check
+CVE-2024-25150 (Information disclosure vulnerability in the Control Panel in Liferay P ...)
+ TODO: check
+CVE-2024-24794 (A use-after-free vulnerability exists in the DICOM Element Parsing as ...)
+ TODO: check
+CVE-2024-24793 (A use-after-free vulnerability exists in the DICOM Element Parsing as ...)
+ TODO: check
+CVE-2024-24763 (JumpServer is an open source bastion host and an operation and mainten ...)
+ TODO: check
+CVE-2024-24475 (An issue in Qemu before v.8.2.0 allows a remote attacker to execute ar ...)
+ TODO: check
+CVE-2024-24474 (Buffer Overflow vulnerability in Qemu before v.8.2.0 allows a remote a ...)
+ TODO: check
+CVE-2024-23809 (A double-free vulnerability exists in the BrainVision ASCII Header Par ...)
+ TODO: check
+CVE-2024-23606 (An out-of-bounds write vulnerability exists in the sopen_FAMOS_read fu ...)
+ TODO: check
+CVE-2024-23313 (An integer underflow vulnerability exists in the sopen_FAMOS_read func ...)
+ TODO: check
+CVE-2024-23310 (A use-after-free vulnerability exists in the sopen_FAMOS_read function ...)
+ TODO: check
+CVE-2024-23305 (An out-of-bounds write vulnerability exists in the BrainVisionMarker P ...)
+ TODO: check
+CVE-2024-22824 (An issue in Timo v.2.0.3 allows a remote attacker to execute arbitrary ...)
+ TODO: check
+CVE-2024-22250 (Session Hijack vulnerability in Deprecated VMware Enhanced Authenticat ...)
+ TODO: check
+CVE-2024-22245 (Arbitrary Authentication Relay and Session Hijack vulnerabilities in t ...)
+ TODO: check
+CVE-2024-22097 (A double-free vulnerability exists in the BrainVision Header Parsing f ...)
+ TODO: check
+CVE-2024-22054 (A malformed discovery packet sent by a malicious actor with preexistin ...)
+ TODO: check
+CVE-2024-21812 (An integer overflow vulnerability exists in the sopen_FAMOS_read funct ...)
+ TODO: check
+CVE-2024-21795 (A heap-based buffer overflow vulnerability exists in the .egi parsing ...)
+ TODO: check
+CVE-2024-21726 (Inadequate content filtering leads to XSS vulnerabilities in various c ...)
+ TODO: check
+CVE-2024-21725 (Inadequate escaping of mail addresses lead to XSS vulnerabilities in v ...)
+ TODO: check
+CVE-2024-21724 (Inadequate input validation for media selection fields lead to XSS vul ...)
+ TODO: check
+CVE-2024-21723 (Inadequate parsing of URLs could result into an open redirect.)
+ TODO: check
+CVE-2024-21722 (The MFA management features did not properly terminate existing user s ...)
+ TODO: check
+CVE-2024-21682 (This High severity Injection vulnerability was introduced in Assets Di ...)
+ TODO: check
+CVE-2024-21678 (This High severity Stored XSS vulnerability was introduced in version ...)
+ TODO: check
+CVE-2024-1661 (A vulnerability classified as problematic was found in Totolink X6000R ...)
+ TODO: check
+CVE-2024-1608 (In OPPO Usercenter Credit SDK, there's a possible escalation of privil ...)
+ TODO: check
+CVE-2024-1586 (The Schema & Structured Data for WP & AMP plugin for WordPress is vuln ...)
+ TODO: check
+CVE-2024-1570 (The Paid Membership Plugin, Ecommerce, User Registration Form, Login F ...)
+ TODO: check
+CVE-2024-1557 (Memory safety bugs present in Firefox 122. Some of these bugs showed e ...)
+ TODO: check
+CVE-2024-1556 (The incorrect object was checked for NULL in the built-in profiler, po ...)
+ TODO: check
+CVE-2024-1555 (When opening a website using the `firefox://` protocol handler, SameSi ...)
+ TODO: check
+CVE-2024-1554 (The `fetch()` API and navigation incorrectly shared the same cache, as ...)
+ TODO: check
+CVE-2024-1553 (Memory safety bugs present in Firefox 122, Firefox ESR 115.7, and Thun ...)
+ TODO: check
+CVE-2024-1552 (Incorrect code generation could have led to unexpected numeric convers ...)
+ TODO: check
+CVE-2024-1551 (Set-Cookie response headers were being incorrectly honored in multipar ...)
+ TODO: check
+CVE-2024-1550 (A malicious website could have used a combination of exiting fullscree ...)
+ TODO: check
+CVE-2024-1549 (If a website set a large custom cursor, portions of the cursor could h ...)
+ TODO: check
+CVE-2024-1548 (A website could have obscured the fullscreen notification by using a d ...)
+ TODO: check
+CVE-2024-1547 (Through a series of API calls and redirects, an attacker-controlled al ...)
+ TODO: check
+CVE-2024-1546 (When storing and re-accessing data on a networking channel, the length ...)
+ TODO: check
+CVE-2024-1519 (The Paid Membership Plugin, Ecommerce, User Registration Form, Login F ...)
+ TODO: check
+CVE-2024-1496 (The Featured Image from URL (FIFU) plugin for WordPress is vulnerable ...)
+ TODO: check
+CVE-2024-1492 (The WPify Woo Czech plugin for WordPress is vulnerable to unauthorized ...)
+ TODO: check
+CVE-2024-1475 (The Coming Soon Maintenance Mode plugin for WordPress is vulnerable to ...)
+ TODO: check
+CVE-2024-1472 (The WP Maintenance plugin for WordPress is vulnerable to Information E ...)
+ TODO: check
+CVE-2024-1470 (Authorization Bypass Through User-Controlled Key vulnerability in NetI ...)
+ TODO: check
+CVE-2024-1448 (The Social Sharing Plugin \u2013 Sassy Social Share plugin for WordPre ...)
+ TODO: check
+CVE-2024-1447 (The Sydney Toolbox plugin for WordPress is vulnerable to Stored Cross- ...)
+ TODO: check
+CVE-2024-1445 (The Page scroll to id plugin for WordPress is vulnerable to Stored Cro ...)
+ TODO: check
+CVE-2024-1425 (The EmbedPress \u2013 Embed PDF, YouTube, Google Docs, Vimeo, Wistia V ...)
+ TODO: check
+CVE-2024-1411 (The PowerPack Addons for Elementor plugin for WordPress is vulnerable ...)
+ TODO: check
+CVE-2024-1408 (The Paid Membership Plugin, Ecommerce, User Registration Form, Login F ...)
+ TODO: check
+CVE-2024-1390 (The Paid Membership Subscriptions \u2013 Effortless Memberships, Recur ...)
+ TODO: check
+CVE-2024-1389 (The Paid Membership Subscriptions \u2013 Effortless Memberships, Recur ...)
+ TODO: check
+CVE-2024-1349 (The EmbedPress \u2013 Embed PDF, YouTube, Google Docs, Vimeo, Wistia V ...)
+ TODO: check
+CVE-2024-1340 (The Login Lockdown \u2013 Protect Login Form plugin for WordPress is v ...)
+ TODO: check
+CVE-2024-1339 (The ImageRecycle pdf & image compression plugin for WordPress is vulne ...)
+ TODO: check
+CVE-2024-1338 (The ImageRecycle pdf & image compression plugin for WordPress is vulne ...)
+ TODO: check
+CVE-2024-1337 (The SKT Page Builder plugin for WordPress is vulnerable to unauthorize ...)
+ TODO: check
+CVE-2024-1336 (The ImageRecycle pdf & image compression plugin for WordPress is vulne ...)
+ TODO: check
+CVE-2024-1335 (The ImageRecycle pdf & image compression plugin for WordPress is vulne ...)
+ TODO: check
+CVE-2024-1334 (The ImageRecycle pdf & image compression plugin for WordPress is vulne ...)
+ TODO: check
+CVE-2024-1322 (The Directorist \u2013 WordPress Business Directory Plugin with Classi ...)
+ TODO: check
+CVE-2024-1318 (The RSS Aggregator by Feedzy \u2013 Feed to Post, Autoblogging, News & ...)
+ TODO: check
+CVE-2024-1317 (The RSS Aggregator by Feedzy \u2013 Feed to Post, Autoblogging, News & ...)
+ TODO: check
+CVE-2024-1294 (The Sunshine Photo Cart: Free Client Galleries for Photographers plugi ...)
+ TODO: check
+CVE-2024-1288 (The Schema & Structured Data for WP & AMP plugin for WordPress is vuln ...)
+ TODO: check
+CVE-2024-1282 (The Email Encoder \u2013 Protect Email Addresses and Phone Numbers plu ...)
+ TODO: check
+CVE-2024-1277 (The Ocean Extra plugin for WordPress is vulnerable to Stored Cross-Sit ...)
+ TODO: check
+CVE-2024-1276 (The Essential Addons for Elementor \u2013 Best Elementor Templates, Wi ...)
+ TODO: check
+CVE-2024-1242 (The Premium Addons for Elementor plugin for WordPress is vulnerable to ...)
+ TODO: check
+CVE-2024-1236 (The Essential Addons for Elementor \u2013 Best Elementor Templates, Wi ...)
+ TODO: check
+CVE-2024-1235 (The Elementor Addons by Livemesh plugin for WordPress is vulnerable to ...)
+ TODO: check
+CVE-2024-1218 (The Contact Form builder with drag & drop for WordPress \u2013 Kali Fo ...)
+ TODO: check
+CVE-2024-1217 (The Contact Form builder with drag & drop for WordPress \u2013 Kali Fo ...)
+ TODO: check
+CVE-2024-1206 (The WP Recipe Maker plugin for WordPress is vulnerable to SQL Injectio ...)
+ TODO: check
+CVE-2024-1172 (The Essential Addons for Elementor \u2013 Best Elementor Templates, Wi ...)
+ TODO: check
+CVE-2024-1171 (The Essential Addons for Elementor \u2013 Best Elementor Templates, Wi ...)
+ TODO: check
+CVE-2024-1156 (Incorrect directory permissions for the shared NI RabbitMQ service may ...)
+ TODO: check
+CVE-2024-1155 (Incorrect permissions in the installation directories for shared Syste ...)
+ TODO: check
+CVE-2024-1133 (The Tutor LMS \u2013 eLearning and online course solution plugin for W ...)
+ TODO: check
+CVE-2024-1128 (The Tutor LMS \u2013 eLearning and online course solution plugin for W ...)
+ TODO: check
+CVE-2024-1091 (The ImageRecycle pdf & image compression plugin for WordPress is vulne ...)
+ TODO: check
+CVE-2024-1090 (The ImageRecycle pdf & image compression plugin for WordPress is vulne ...)
+ TODO: check
+CVE-2024-1089 (The ImageRecycle pdf & image compression plugin for WordPress is vulne ...)
+ TODO: check
+CVE-2024-1070 (The SiteOrigin Widgets Bundle plugin for WordPress is vulnerable to St ...)
+ TODO: check
+CVE-2024-1058 (The SiteOrigin Widgets Bundle plugin for WordPress is vulnerable to St ...)
+ TODO: check
+CVE-2024-1054 (The Booster for WooCommerce plugin for WordPress is vulnerable to Stor ...)
+ TODO: check
+CVE-2024-1044 (The Customer Reviews for WooCommerce plugin for WordPress is vulnerabl ...)
+ TODO: check
+CVE-2024-1043 (The AMP for WP \u2013 Accelerated Mobile Pages plugin for WordPress is ...)
+ TODO: check
+CVE-2024-0984 (The ImageRecycle pdf & image compression plugin for WordPress is vulne ...)
+ TODO: check
+CVE-2024-0983 (The ImageRecycle pdf & image compression plugin for WordPress is vulne ...)
+ TODO: check
+CVE-2024-0978 (The My Private Site plugin for WordPress is vulnerable to Sensitive In ...)
+ TODO: check
+CVE-2024-0838 (The Happy Addons for Elementor plugin for WordPress is vulnerable to S ...)
+ TODO: check
+CVE-2024-0821 (The Cost of Goods Sold (COGS): Cost & Profit Calculator for WooCommerc ...)
+ TODO: check
+CVE-2024-0794 (Certain HP LaserJet Pro, HP Enterprise LaserJet, and HP LaserJet Manag ...)
+ TODO: check
+CVE-2024-0792 (The WP Shortcodes Plugin \u2014 Shortcodes Ultimate plugin for WordPre ...)
+ TODO: check
+CVE-2024-0702 (The Oliver POS \u2013 A WooCommerce Point of Sale (POS) plugin for Wor ...)
+ TODO: check
+CVE-2024-0658 (The Insert PHP Code Snippet plugin for WordPress is vulnerable to Stor ...)
+ TODO: check
+CVE-2024-0656 (The Password Protected \u2013 Ultimate Plugin to Password Protect Your ...)
+ TODO: check
+CVE-2024-0621 (The Simple Share Buttons Adder plugin for WordPress is vulnerable to S ...)
+ TODO: check
+CVE-2024-0620 (The PPWP \u2013 Password Protect Pages plugin for WordPress is vulnera ...)
+ TODO: check
+CVE-2024-0616 (The Passster \u2013 Password Protect Pages and Content plugin for Word ...)
+ TODO: check
+CVE-2024-0604 (The Best WordPress Gallery Plugin \u2013 FooGallery plugin for WordPre ...)
+ TODO: check
+CVE-2024-0602 (The YARPP \u2013 Yet Another Related Posts Plugin plugin for WordPress ...)
+ TODO: check
+CVE-2024-0590 (The Microsoft Clarity plugin for WordPress is vulnerable to Cross-Site ...)
+ TODO: check
+CVE-2024-0516 (The Royal Elementor Addons and Templates plugin for WordPress is vulne ...)
+ TODO: check
+CVE-2024-0515 (The Royal Elementor Addons and Templates plugin for WordPress is vulne ...)
+ TODO: check
+CVE-2024-0514 (The Royal Elementor Addons and Templates plugin for WordPress is vulne ...)
+ TODO: check
+CVE-2024-0513 (The Royal Elementor Addons and Templates plugin for WordPress is vulne ...)
+ TODO: check
+CVE-2024-0512 (The Royal Elementor Addons and Templates plugin for WordPress is vulne ...)
+ TODO: check
+CVE-2024-0506 (The Elementor Website Builder \u2013 More than Just a Page Builder plu ...)
+ TODO: check
+CVE-2024-0442 (The Royal Elementor Addons and Templates plugin for WordPress is vulne ...)
+ TODO: check
+CVE-2024-0438 (The Happy Addons for Elementor plugin for WordPress is vulnerable to S ...)
+ TODO: check
+CVE-2024-0407 (Certain HP Enterprise LaserJet, and HP LaserJet Managed Printers are p ...)
+ TODO: check
+CVE-2024-0379 (The Custom Twitter Feeds \u2013 A Tweets Widget or X Feed Widget plugi ...)
+ TODO: check
+CVE-2023-7245 (The nodejs framework in OpenVPN Connect 3.0 through 3.4.3 (Windows)/3. ...)
+ TODO: check
+CVE-2023-6923 (The Matomo Analytics \u2013 Ethical Stats. Powerful Insights. plugin f ...)
+ TODO: check
+CVE-2023-6881 (Possible buffer overflow in is_mount_point)
+ TODO: check
+CVE-2023-6806 (The Starbox plugin for WordPress is vulnerable to Stored Cross-Site Sc ...)
+ TODO: check
+CVE-2023-6565 (The InfiniteWP Client plugin for WordPress is vulnerable to Sensitive ...)
+ TODO: check
+CVE-2023-6247 (The PKCS#7 parser in OpenVPN 3 Core Library versions through 3.8.3 did ...)
+ TODO: check
+CVE-2023-52439 (In the Linux kernel, the following vulnerability has been resolved: u ...)
+ TODO: check
+CVE-2023-52438 (In the Linux kernel, the following vulnerability has been resolved: b ...)
+ TODO: check
+CVE-2023-52437 (In the Linux kernel, the following vulnerability has been resolved: R ...)
+ TODO: check
+CVE-2023-52436 (In the Linux kernel, the following vulnerability has been resolved: f ...)
+ TODO: check
+CVE-2023-52435 (In the Linux kernel, the following vulnerability has been resolved: n ...)
+ TODO: check
+CVE-2023-51770 (Arbitrary File Read Vulnerability in Apache Dolphinscheduler. This is ...)
+ TODO: check
+CVE-2023-51447 (Decidim is a participatory democracy framework. Starting in version 0. ...)
+ TODO: check
+CVE-2023-50306 (IBM Common Licensing 9.0 could allow a local user to enumerate usernam ...)
+ TODO: check
+CVE-2023-50270 (Session Fixation Apache DolphinScheduler before version 3.2.0, which s ...)
+ TODO: check
+CVE-2023-49250 (Because the HttpUtils class did not verify certificates, an attacker t ...)
+ TODO: check
+CVE-2023-49109 (Exposure of Remote Code Execution in Apache Dolphinscheduler. This is ...)
+ TODO: check
+CVE-2023-48220 (Decidim is a participatory democracy framework. Starting in version 0. ...)
+ TODO: check
+CVE-2023-47635 (Decidim is a participatory democracy framework. Starting in version 0. ...)
+ TODO: check
+CVE-2023-47634 (Decidim is a participatory democracy framework. Starting in version 0. ...)
+ TODO: check
+CVE-2023-45318 (A heap-based buffer overflow vulnerability exists in the HTTP Server f ...)
+ TODO: check
+CVE-2023-42791 (A relative path traversal in Fortinet FortiManager version 7.4.0 and 7 ...)
+ TODO: check
+CVE-2023-39541 (A denial of service vulnerability exists in the ICMP and ICMPv6 parsin ...)
+ TODO: check
+CVE-2023-39540 (A denial of service vulnerability exists in the ICMP and ICMPv6 parsin ...)
+ TODO: check
+CVE-2023-38562 (A double-free vulnerability exists in the IP header loopback parsing f ...)
+ TODO: check
+CVE-2023-37495 (Internet passwords stored in Person documents in the Domino\xae Direct ...)
+ TODO: check
+CVE-2023-52434 (In the Linux kernel, the following vulnerability has been resolved: s ...)
- linux 6.6.8-1
NOTE: https://git.kernel.org/linus/af1689a9b7701d9907dfc84d2a4b57c4bc907144 (6.7-rc6)
-CVE-2024-26581 [netfilter: nft_set_rbtree: skip end interval element from gc]
+CVE-2024-26581 (In the Linux kernel, the following vulnerability has been resolved: n ...)
- linux <unfixed>
[buster] - linux <not-affected> (Vulnerable code not present)
NOTE: https://git.kernel.org/linus/60c0c230c6f046da536d3df8b39a20b9a9fd6af0 (6.8-rc4)
-CVE-2023-52433 [netfilter: nft_set_rbtree: skip sync GC for new elements in this transaction]
+CVE-2023-52433 (In the Linux kernel, the following vulnerability has been resolved: n ...)
- linux 6.5.6-1
[bookworm] - linux <not-affected> (Vulnerable code not present)
[bullseye] - linux <not-affected> (Vulnerable code not present)
@@ -116,9 +450,9 @@ CVE-2024-25710 (Loop with Unreachable Exit Condition ('Infinite Loop') vulnerabi
[bookworm] - libcommons-compress-java <no-dsa> (Minor issue)
[bullseye] - libcommons-compress-java <no-dsa> (Minor issue)
NOTE: https://www.openwall.com/lists/oss-security/2024/02/19/1
-CVE-2024-23114
+CVE-2024-23114 (Deserialization of Untrusted Data vulnerability in Apache Camel Cassan ...)
NOT-FOR-US: Apache Camel
-CVE-2024-22369
+CVE-2024-22369 (Deserialization of Untrusted Data vulnerability in Apache Camel SQL Co ...)
NOT-FOR-US: Apache Camel
CVE-2024-26328 (An issue was discovered in QEMU 7.1.0 through 8.2.1. register_vfs in h ...)
- qemu <unfixed>
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/17cd7980c751281bfdd784a4f53973d382ee3f4a
--
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/17cd7980c751281bfdd784a4f53973d382ee3f4a
You're receiving this email because of your account on salsa.debian.org.
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://alioth-lists.debian.net/pipermail/debian-security-tracker-commits/attachments/20240220/b82baf42/attachment-0001.htm>
More information about the debian-security-tracker-commits
mailing list