[Git][security-tracker-team/security-tracker][master] automatic update

Salvatore Bonaccorso (@carnil) carnil at debian.org
Wed Feb 21 20:58:35 GMT 2024 


Salvatore Bonaccorso pushed to branch master at Debian Security Tracker / security-tracker


Commits:
ce231a62 by security tracker role at 2024-02-21T20:12:33+00:00
automatic update

- - - - -


1 changed file:

- data/CVE/list


Changes:

=====================================
data/CVE/list
=====================================
@@ -1,3 +1,103 @@
+CVE-2024-27215
+	REJECTED
+CVE-2024-26311 (Archer Platform 6.x before 6.14 P2 HF1 (6.14.0.2.1) contains a reflect ...)
+	TODO: check
+CVE-2024-26310 (Archer Platform 6.8 before 6.14 P2 (6.14.0.2) contains an improper acc ...)
+	TODO: check
+CVE-2024-26145 (Discourse Calendar adds the ability to create a dynamic calendar in th ...)
+	TODO: check
+CVE-2024-26138 (The XWiki licensor application, which manages and enforce application  ...)
+	TODO: check
+CVE-2024-26133 (EventStoreDB (ESDB) is an operational database built to store events.  ...)
+	TODO: check
+CVE-2024-26130 (cryptography is a package designed to expose cryptographic primitives  ...)
+	TODO: check
+CVE-2024-25898 (A XSS vulnerability was found in the ChurchCRM v.5.5.0 functionality,  ...)
+	TODO: check
+CVE-2024-25897 (ChurchCRM 5.5.0 FRCatalog.php is vulnerable to Blind SQL Injection (Ti ...)
+	TODO: check
+CVE-2024-25896 (ChurchCRM 5.5.0 EventEditor.php is vulnerable to Blind SQL Injection ( ...)
+	TODO: check
+CVE-2024-25895 (A reflected cross-site scripting (XSS) vulnerability in ChurchCRM 5.5. ...)
+	TODO: check
+CVE-2024-25894 (ChurchCRM 5.5.0 /EventEditor.php is vulnerable to Blind SQL Injection  ...)
+	TODO: check
+CVE-2024-25893 (ChurchCRM 5.5.0 FRCertificates.php is vulnerable to Blind SQL Injectio ...)
+	TODO: check
+CVE-2024-25892 (ChurchCRM 5.5.0 ConfirmReport.php is vulnerable to Blind SQL Injection ...)
+	TODO: check
+CVE-2024-25891 (ChurchCRM 5.5.0 FRBidSheets.php is vulnerable to Blind SQL Injection ( ...)
+	TODO: check
+CVE-2024-25461 (Directory Traversal vulnerability in Terrasoft, Creatio Terrasoft CRM  ...)
+	TODO: check
+CVE-2024-25381 (There is a Stored XSS Vulnerability in Emlog Pro 2.2.8 Article Publish ...)
+	TODO: check
+CVE-2024-25288 (SLIMS (Senayan Library Management Systems) 9 Bulian v9.6.1 is vulnerab ...)
+	TODO: check
+CVE-2024-25249 (An issue in He3 App for macOS version 2.0.17, allows remote attackers  ...)
+	TODO: check
+CVE-2024-25117 (php-svg-lib is a scalable vector graphics (SVG) file parsing/rendering ...)
+	TODO: check
+CVE-2024-24479 (Buffer Overflow vulnerability in Wireshark team Wireshark before v.4.2 ...)
+	TODO: check
+CVE-2024-24478 (An issue in Wireshark team Wireshark before v.4.2.0 allows a remote at ...)
+	TODO: check
+CVE-2024-24476 (Buffer Overflow vulnerability in Wireshark team Wireshark before v.4.2 ...)
+	TODO: check
+CVE-2024-23346 (Pymatgen (Python Materials Genomics) is an open-source Python library  ...)
+	TODO: check
+CVE-2024-22778 (HackMD CodiMD <2.5.2 is vulnerable to Denial of Service.)
+	TODO: check
+CVE-2024-22473 (TRNG is used before initialization by ECDSA signing driver when exitin ...)
+	TODO: check
+CVE-2024-22220 (An issue was discovered in Terminalfour 7.4 through 7.4.0004 QP3 and 8 ...)
+	TODO: check
+CVE-2024-20325 (A vulnerability in the Live Data server of Cisco Unified Intelligence  ...)
+	TODO: check
+CVE-2024-1714
+	REJECTED
+CVE-2024-1709 (ConnectWise ScreenConnect 23.9.7 and prior are affected by an Authenti ...)
+	TODO: check
+CVE-2024-1708 (ConnectWise ScreenConnect 23.9.7 and prior are affected by path-traver ...)
+	TODO: check
+CVE-2024-1707 (A vulnerability, which was classified as problematic, was found in GAR ...)
+	TODO: check
+CVE-2024-1706 (A vulnerability, which was classified as problematic, has been found i ...)
+	TODO: check
+CVE-2024-1705 (A vulnerability was found in Shopwind up to 4.6. It has been rated as  ...)
+	TODO: check
+CVE-2024-1704 (A vulnerability was found in ZhongBangKeJi CRMEB 5.2.2. It has been de ...)
+	TODO: check
+CVE-2024-1703 (A vulnerability was found in ZhongBangKeJi CRMEB 5.2.2. It has been cl ...)
+	TODO: check
+CVE-2024-1702 (A vulnerability was found in keerti1924 PHP-MYSQL-User-Login-System 1. ...)
+	TODO: check
+CVE-2024-1701 (A vulnerability has been found in keerti1924 PHP-MYSQL-User-Login-Syst ...)
+	TODO: check
+CVE-2024-1700 (A vulnerability, which was classified as problematic, was found in kee ...)
+	TODO: check
+CVE-2024-1474 (In WS_FTP Server versions before 8.8.5, reflected cross-site scripting ...)
+	TODO: check
+CVE-2024-1212 (Unauthenticated remote attackers can access the system through the Loa ...)
+	TODO: check
+CVE-2023-7235 (The OpenVPN GUI installer before version 2.6.9 did not set the proper  ...)
+	TODO: check
+CVE-2023-6640 (Malformed S2 Nonce Get Command Class packets can be sent to crash PC C ...)
+	TODO: check
+CVE-2023-6533 (Malformed Device Reset Locally Command Class packets can be sent to th ...)
+	TODO: check
+CVE-2023-50975 (The TD Bank TD Advanced Dashboard client through 3.0.3 for macOS allow ...)
+	TODO: check
+CVE-2023-50955 (IBM InfoSphere Information Server 11.7 could allow an authenticated pr ...)
+	TODO: check
+CVE-2023-49100 (Trusted Firmware-A (TF-A) before 2.10 has a potential read out-of-boun ...)
+	TODO: check
+CVE-2023-47795 (Stored cross-site scripting (XSS) vulnerability in the Document and Me ...)
+	TODO: check
+CVE-2023-46241 (`discourse-microsoft-auth` is a plugin that enables authentication via ...)
+	TODO: check
+CVE-2023-33843 (IBM InfoSphere Information Server 11.7 is vulnerable to cross-site scr ...)
+	TODO: check
 CVE-2024-0410
 	- gitlab <unfixed>
 CVE-2023-3509
@@ -12,18 +112,18 @@ CVE-2023-6477
 	- gitlab <not-affected> (Specific to EE)
 CVE-2024-1451
 	- gitlab <not-affected> (Only affects 16.9)
-CVE-2024-26585 [tls: fix race between tx work scheduling and socket close]
+CVE-2024-26585 (In the Linux kernel, the following vulnerability has been resolved:  t ...)
 	- linux <unfixed>
 	[buster] - linux <not-affected> (Vulnerable code not present)
 	NOTE: https://git.kernel.org/linus/e01e3934a1b2d122919f73bc6ddbe1cdafc4bbdb (6.8-rc5)
-CVE-2024-26584 [net: tls: handle backlogging of crypto requests]
+CVE-2024-26584 (In the Linux kernel, the following vulnerability has been resolved:  n ...)
 	- linux <unfixed>
 	NOTE: https://git.kernel.org/linus/8590541473188741055d27b955db0777569438e3 (6.8-rc5)
-CVE-2024-26583 [tls: fix race between async notify and socket close]
+CVE-2024-26583 (In the Linux kernel, the following vulnerability has been resolved:  t ...)
 	- linux <unfixed>
 	[buster] - linux <not-affected> (Vulnerable code not present)
 	NOTE: https://git.kernel.org/linus/aec7961916f3f9e88766e2688992da6980f11b8d (6.8-rc5)
-CVE-2024-26582 [net: tls: fix use-after-free with partial reads and async decrypt]
+CVE-2024-26582 (In the Linux kernel, the following vulnerability has been resolved:  n ...)
 	- linux <unfixed>
 	[bullseye] - linux <not-affected> (Vulnerable code not present)
 	[buster] - linux <not-affected> (Vulnerable code not present)
@@ -348,6 +448,7 @@ CVE-2024-1554 (The `fetch()` API and navigation incorrectly shared the same cach
 	- firefox 123.0-1
 	NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2024-05/#CVE-2024-1554
 CVE-2024-1553 (Memory safety bugs present in Firefox 122, Firefox ESR 115.7, and Thun ...)
+	{DSA-5627-1}
 	- firefox 123.0-1
 	- firefox-esr 115.8.0esr-1
 	- thunderbird <unfixed>
@@ -355,6 +456,7 @@ CVE-2024-1553 (Memory safety bugs present in Firefox 122, Firefox ESR 115.7, and
 	NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2024-06/#CVE-2024-1553
 	NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2024-07/#CVE-2024-1553
 CVE-2024-1552 (Incorrect code generation could have led to unexpected numeric convers ...)
+	{DSA-5627-1}
 	- firefox 123.0-1
 	- firefox-esr 115.8.0esr-1
 	- thunderbird <unfixed>
@@ -362,6 +464,7 @@ CVE-2024-1552 (Incorrect code generation could have led to unexpected numeric co
 	NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2024-06/#CVE-2024-1552
 	NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2024-07/#CVE-2024-1552
 CVE-2024-1551 (Set-Cookie response headers were being incorrectly honored in multipar ...)
+	{DSA-5627-1}
 	- firefox 123.0-1
 	- firefox-esr 115.8.0esr-1
 	- thunderbird <unfixed>
@@ -369,6 +472,7 @@ CVE-2024-1551 (Set-Cookie response headers were being incorrectly honored in mul
 	NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2024-06/#CVE-2024-1551
 	NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2024-07/#CVE-2024-1551
 CVE-2024-1550 (A malicious website could have used a combination of exiting fullscree ...)
+	{DSA-5627-1}
 	- firefox 123.0-1
 	- firefox-esr 115.8.0esr-1
 	- thunderbird <unfixed>
@@ -376,6 +480,7 @@ CVE-2024-1550 (A malicious website could have used a combination of exiting full
 	NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2024-06/#CVE-2024-1550
 	NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2024-07/#CVE-2024-1550
 CVE-2024-1549 (If a website set a large custom cursor, portions of the cursor could h ...)
+	{DSA-5627-1}
 	- firefox 123.0-1
 	- firefox-esr 115.8.0esr-1
 	- thunderbird <unfixed>
@@ -383,6 +488,7 @@ CVE-2024-1549 (If a website set a large custom cursor, portions of the cursor co
 	NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2024-06/#CVE-2024-1549
 	NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2024-07/#CVE-2024-1549
 CVE-2024-1548 (A website could have obscured the fullscreen notification by using a d ...)
+	{DSA-5627-1}
 	- firefox 123.0-1
 	- firefox-esr 115.8.0esr-1
 	- thunderbird <unfixed>
@@ -390,6 +496,7 @@ CVE-2024-1548 (A website could have obscured the fullscreen notification by usin
 	NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2024-06/#CVE-2024-1548
 	NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2024-07/#CVE-2024-1548
 CVE-2024-1547 (Through a series of API calls and redirects, an attacker-controlled al ...)
+	{DSA-5627-1}
 	- firefox 123.0-1
 	- firefox-esr 115.8.0esr-1
 	- thunderbird <unfixed>
@@ -397,6 +504,7 @@ CVE-2024-1547 (Through a series of API calls and redirects, an attacker-controll
 	NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2024-06/#CVE-2024-1547
 	NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2024-07/#CVE-2024-1547
 CVE-2024-1546 (When storing and re-accessing data on a networking channel, the length ...)
+	{DSA-5627-1}
 	- firefox 123.0-1
 	- firefox-esr 115.8.0esr-1
 	- thunderbird <unfixed>
@@ -1939,7 +2047,7 @@ CVE-2023-6516 (To keep its cache database efficient, `named` running as a recurs
 	NOTE: Issue is specific to 9.16.y. Mark the first version from 9.17.y series
 	NOTE: which entered unstable as the fixed version as workaround.
 CVE-2023-50387 (Certain DNSSEC aspects of the DNS protocol (in RFC 4033, 4034, 4035, 6 ...)
-	{DSA-5626-1 DSA-5621-1 DSA-5620-1}
+	{DSA-5626-1 DSA-5621-1 DSA-5620-1 DLA-3736-1}
 	- bind9 1:9.19.21-1
 	- dnsmasq 2.90-1
 	- knot-resolver 5.7.1-1
@@ -1953,7 +2061,7 @@ CVE-2023-50387 (Certain DNSSEC aspects of the DNS protocol (in RFC 4033, 4034, 4
 	NOTE: https://nlnetlabs.nl/downloads/unbound/CVE-2023-50387_CVE-2023-50868.txt
 	NOTE: Fixed by: https://github.com/NLnetLabs/unbound/commit/882903f2fa800c4cb6f5e225b728e2887bb7b9ae (release-1.19.1)
 CVE-2023-50868 (The Closest Encloser Proof aspect of the DNS protocol (in RFC 5155 whe ...)
-	{DSA-5626-1 DSA-5621-1 DSA-5620-1}
+	{DSA-5626-1 DSA-5621-1 DSA-5620-1 DLA-3736-1}
 	- bind9 1:9.19.21-1
 	- dnsmasq 2.90-1
 	- knot-resolver 5.7.1-1
@@ -84293,12 +84401,12 @@ CVE-2022-45181
 	RESERVED
 CVE-2022-45180 (An issue was discovered in LIVEBOX Collaboration vDesk through v018. B ...)
 	NOT-FOR-US: LIVEBOX
-CVE-2022-45179
-	RESERVED
+CVE-2022-45179 (An issue was discovered in LIVEBOX Collaboration vDesk through v031. A ...)
+	TODO: check
 CVE-2022-45178 (An issue was discovered in LIVEBOX Collaboration vDesk through v018. B ...)
 	NOT-FOR-US: LIVEBOX
-CVE-2022-45177
-	RESERVED
+CVE-2022-45177 (An issue was discovered in LIVEBOX Collaboration vDesk through v031. A ...)
+	TODO: check
 CVE-2022-45176
 	RESERVED
 CVE-2022-45175 (An issue was discovered in LIVEBOX Collaboration vDesk through v018. A ...)
@@ -84313,8 +84421,8 @@ CVE-2022-45171
 	RESERVED
 CVE-2022-45170 (An issue was discovered in LIVEBOX Collaboration vDesk through v018. A ...)
 	NOT-FOR-US: LIVEBOX
-CVE-2022-45169
-	RESERVED
+CVE-2022-45169 (An issue was discovered in LIVEBOX Collaboration vDesk through v031. A ...)
+	TODO: check
 CVE-2022-45168
 	RESERVED
 CVE-2022-3962 (A content spoofing vulnerability was found in Kiali. It was discovered ...)



View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/ce231a627c2ca7d0a0db6a30af4aed59f533730d

-- 
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/ce231a627c2ca7d0a0db6a30af4aed59f533730d
You're receiving this email because of your account on salsa.debian.org.


-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://alioth-lists.debian.net/pipermail/debian-security-tracker-commits/attachments/20240221/0f97dc0e/attachment-0001.htm>

More information about the debian-security-tracker-commits mailing list