[Git][security-tracker-team/security-tracker][master] automatic update

[Salvatore Bonaccorso (@carnil)]

Salvatore Bonaccorso pushed to branch master at Debian Security Tracker / security-tracker


Commits:
09cbfae2 by security tracker role at 2024-02-26T08:12:02+00:00
automatic update

- - - - -


1 changed file:

- data/CVE/list


Changes:

=====================================
data/CVE/list
=====================================
@@ -1,3 +1,27 @@
+CVE-2024-27456 (rack-cors (aka Rack CORS Middleware) 2.0.1 has 0666 permissions for th ...)
+	TODO: check
+CVE-2024-27455 (In the Bentley ALIM Web application, certain configuration settings ca ...)
+	TODO: check
+CVE-2024-27454 (orjson.loads in orjson before 3.9.15 does not limit recursion for deep ...)
+	TODO: check
+CVE-2024-27447 (pretix before 2024.1.1 mishandles file validation.)
+	TODO: check
+CVE-2024-27444 (langchain_experimental (aka LangChain Experimental) in LangChain befor ...)
+	TODO: check
+CVE-2024-1886 (This vulnerability allows remote attackers to traverse the directory o ...)
+	TODO: check
+CVE-2024-1885 (This vulnerability allows remote attackers to execute arbitrary code o ...)
+	TODO: check
+CVE-2024-1878 (A vulnerability was found in SourceCodester Employee Management System ...)
+	TODO: check
+CVE-2024-1877 (A vulnerability was found in SourceCodester Employee Management System ...)
+	TODO: check
+CVE-2024-1876 (A vulnerability was found in SourceCodester Employee Management System ...)
+	TODO: check
+CVE-2024-1875 (A vulnerability was found in SourceCodester Complaint Management Syste ...)
+	TODO: check
+CVE-2024-1735 (A vulnerability has been identified in armeria-saml versions less than ...)
+	TODO: check
 CVE-2024-0798 (A user with a `default` role given to them by the admin can sent `DELE ...)
 	TODO: check
 CVE-2024-0455 (The inclusion of the web scraper for AnythingLLM means that any user w ...)
@@ -26097,7 +26121,7 @@ CVE-2023-44811 (Cross Site Request Forgery (CSRF) vulnerability in MooSocial v.3
 	NOT-FOR-US: mooSocial
 CVE-2023-44473 (Cross-Site Request Forgery (CSRF) vulnerability in Michael Tran Table  ...)
 	NOT-FOR-US: WordPress plugin
-CVE-2023-44467 (langchain_experimental 0.0.14 allows an attacker to bypass the CVE-202 ...)
+CVE-2023-44467 (langchain_experimental (aka LangChain Experimental) in LangChain befor ...)
 	NOT-FOR-US: langchain_experimental
 CVE-2023-44400 (Uptime Kuma is a self-hosted monitoring tool. Prior to version 1.23.3, ...)
 	NOT-FOR-US: Uptime Kuma
@@ -40027,7 +40051,7 @@ CVE-2023-36291 (Cross Site Scripting vulnerability in Maxsite CMS v.108.7 allows
 	NOT-FOR-US: Maxsite CMS
 CVE-2023-36262
 	REJECTED
-CVE-2023-36258 (An issue in langchain v.0.0.199 allows an attacker to execute arbitrar ...)
+CVE-2023-36258 (An issue in LangChain before 0.0.236 allows an attacker to execute arb ...)
 	NOT-FOR-US: Langchain
 CVE-2023-36223 (Cross Site Scripting vulnerability in mlogclub bbs-go v. 3.5.5. and be ...)
 	NOT-FOR-US: mlogclub bbs-go



View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/09cbfae23404b46b70c1f12e80d3644f98cb051a

-- 
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/09cbfae23404b46b70c1f12e80d3644f98cb051a
You're receiving this email because of your account on salsa.debian.org.


-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://alioth-lists.debian.net/pipermail/debian-security-tracker-commits/attachments/20240226/8930801b/attachment.htm>