[Git][security-tracker-team/security-tracker][master] automatic update

Salvatore Bonaccorso (@carnil) carnil at debian.org
Mon Feb 26 20:12:29 GMT 2024



Salvatore Bonaccorso pushed to branch master at Debian Security Tracker / security-tracker


Commits:
80a89ccd by security tracker role at 2024-02-26T20:12:16+00:00
automatic update

- - - - -


1 changed file:

- data/CVE/list


Changes:

=====================================
data/CVE/list
=====================================
@@ -1,31 +1,131 @@
+CVE-2024-27092 (Hoppscotch is an API development ecosystem.  Due to lack of validation ...)
+	TODO: check
+CVE-2024-27088 (es5-ext contains ECMAScript 5 extensions. Passing functions with very  ...)
+	TODO: check
+CVE-2024-27087 (Kirby is a content management system. The new link field introduced in ...)
+	TODO: check
+CVE-2024-27084
+	REJECTED
+CVE-2024-27081 (ESPHome is a system to control your ESP8266/ESP32. A security misconfi ...)
+	TODO: check
+CVE-2024-26468 (A DOM based cross-site scripting (XSS) vulnerability in the component  ...)
+	TODO: check
+CVE-2024-26467 (A DOM based cross-site scripting (XSS) vulnerability in the component  ...)
+	TODO: check
+CVE-2024-26466 (A DOM based cross-site scripting (XSS) vulnerability in the component  ...)
+	TODO: check
+CVE-2024-26465 (A DOM based cross-site scripting (XSS) vulnerability in the component  ...)
+	TODO: check
+CVE-2024-26462 (Kerberos 5 (aka krb5) 1.21.2 contains a memory leak vulnerability in / ...)
+	TODO: check
+CVE-2024-26461 (Kerberos 5 (aka krb5) 1.21.2 contains a memory leak vulnerability in / ...)
+	TODO: check
+CVE-2024-26458 (Kerberos 5 (aka krb5) 1.21.2 contains a memory leak in /krb5/src/lib/r ...)
+	TODO: check
+CVE-2024-26455 (fluent-bit 2.2.2 contains a Use-After-Free vulnerability in /fluent-bi ...)
+	TODO: check
+CVE-2024-25925 (Unrestricted Upload of File with Dangerous Type vulnerability in SYSBA ...)
+	TODO: check
+CVE-2024-25913 (Unrestricted Upload of File with Dangerous Type vulnerability in Skymo ...)
+	TODO: check
+CVE-2024-25909 (Unrestricted Upload of File with Dangerous Type vulnerability in JoomU ...)
+	TODO: check
+CVE-2024-25770 (libming 0.4.8 contains a memory leak vulnerability in /libming/src/act ...)
+	TODO: check
+CVE-2024-25768 (OpenDMARC 1.4.2 contains a null pointer dereference vulnerability in / ...)
+	TODO: check
+CVE-2024-25767 (nanomq 0.21.2 contains a Use-After-Free vulnerability in /nanomq/nng/s ...)
+	TODO: check
+CVE-2024-25763 (openNDS 10.2.0 is vulnerable to Use-After-Free via /openNDS/src/auth.c ...)
+	TODO: check
+CVE-2024-25760 (yasm 1.3.0 contains a memory leak via /yasm/tools/genmacro/genmacro.c.)
+	TODO: check
+CVE-2024-25410 (flusity-CMS 2.33 is vulnerable to Unrestricted Upload of File with Dan ...)
+	TODO: check
+CVE-2024-25344 (Cross Site Scripting vulnerability in ITFlow.org before commit v.43248 ...)
+	TODO: check
+CVE-2024-25082 (Splinefont in FontForge through 20230101 allows command injection via  ...)
+	TODO: check
+CVE-2024-25081 (Splinefont in FontForge through 20230101 allows command injection via  ...)
+	TODO: check
+CVE-2024-24714 (Unrestricted Upload of File with Dangerous Type vulnerability in bPlug ...)
+	TODO: check
+CVE-2024-24568 (Suricata is a network Intrusion Detection System, Intrusion Prevention ...)
+	TODO: check
+CVE-2024-24528
+	REJECTED
+CVE-2024-24402 (An issue in Nagios XI 2024R1.01 allows a remote attacker to escalate p ...)
+	TODO: check
+CVE-2024-24401 (SQL Injection vulnerability in Nagios XI 2024R1.01 allows a remote att ...)
+	TODO: check
+CVE-2024-23839 (Suricata is a network Intrusion Detection System, Intrusion Prevention ...)
+	TODO: check
+CVE-2024-23837 (LibHTP is a security-aware parser for the HTTP protocol. Crafted traff ...)
+	TODO: check
+CVE-2024-23836 (Suricata is a network Intrusion Detection System, Intrusion Prevention ...)
+	TODO: check
+CVE-2024-23835 (Suricata is a network Intrusion Detection System, Intrusion Prevention ...)
+	TODO: check
+CVE-2024-23605 (A heap-based buffer overflow vulnerability exists in the GGUF library  ...)
+	TODO: check
+CVE-2024-23496 (A heap-based buffer overflow vulnerability exists in the GGUF library  ...)
+	TODO: check
+CVE-2024-22873 (Tencent Blueking CMDB v3.2.x to v3.9.x was discovered to contain a Ser ...)
+	TODO: check
+CVE-2024-22201 (Jetty is a Java based web server and servlet engine. An HTTP/2 SSL con ...)
+	TODO: check
+CVE-2024-21836 (A heap-based buffer overflow vulnerability exists in the GGUF library  ...)
+	TODO: check
+CVE-2024-21825 (A heap-based buffer overflow vulnerability exists in the GGUF library  ...)
+	TODO: check
+CVE-2024-21802 (A heap-based buffer overflow vulnerability exists in the GGUF library  ...)
+	TODO: check
+CVE-2024-1899 (An issue in the anchors subparser of Showdownjs versions <= 2.1.0 coul ...)
+	TODO: check
+CVE-2024-1890 (Vulnerability whereby an attacker could send a malicious link to an au ...)
+	TODO: check
+CVE-2024-1889 (Cross-Site Request Forgery vulnerability in SMA Cluster Controller, af ...)
+	TODO: check
+CVE-2024-1622 (Due to a mistake in error checking, Routinator will terminate when an  ...)
+	TODO: check
+CVE-2024-1436 (Exposure of Sensitive Information to an Unauthorized Actor vulnerabili ...)
+	TODO: check
+CVE-2024-0387 (The EDS-4000/G4000 Series prior to version 3.2 includes IP forwarding  ...)
+	TODO: check
+CVE-2023-49960 (In Indo-Sol PROFINET-INspektor NT through 2.4.0, a path traversal vuln ...)
+	TODO: check
+CVE-2023-49959 (In Indo-Sol PROFINET-INspektor NT through 2.4.0, a command injection v ...)
+	TODO: check
+CVE-2023-49114 (A DLL hijacking vulnerability was identified in the Qognify VMS Client ...)
+	TODO: check
 CVE-2023-51518
 	NOT-FOR-US: Apache James
-CVE-2023-52474 [IB/hfi1: Fix bugs with non-PAGE_SIZE-end multi-iovec user SDMA requests]
+CVE-2023-52474 (In the Linux kernel, the following vulnerability has been resolved:  I ...)
 	- linux 6.3.7-1
 	[bookworm] - linux 6.1.37-1
 	[bullseye] - linux 5.10.191-1
 	NOTE: https://git.kernel.org/linus/00cbce5cbf88459cd1aa1d60d0f1df15477df127 (6.4-rc1)
-CVE-2021-46906 [HID: usbhid: fix info leak in hid_submit_ctrl]
+CVE-2021-46906 (In the Linux kernel, the following vulnerability has been resolved:  H ...)
 	- linux 5.14.6-1
 	[bullseye] - linux 5.10.46-1
 	[buster] - linux 4.19.208-1
 	NOTE: https://git.kernel.org/linus/6be388f4a35d2ce5ef7dbf635a8964a5da7f799f (5.13-rc5)
-CVE-2020-36775 [f2fs: fix to avoid potential deadlock]
+CVE-2020-36775 (In the Linux kernel, the following vulnerability has been resolved:  f ...)
 	- linux 5.6.7-1
 	NOTE: https://git.kernel.org/linus/df77fbd8c5b222c680444801ffd20e8bbc90a56e (5.7-rc1)
-CVE-2019-25162 [i2c: Fix a potential use after free]
+CVE-2019-25162 (In the Linux kernel, the following vulnerability has been resolved:  i ...)
 	- linux 5.19.6-1
 	[bullseye] - linux 5.10.140-1
 	[buster] - linux 4.19.260-1
 	NOTE: https://git.kernel.org/linus/e4c72c06c367758a14f227c847f9d623f1994ecf (6.0-rc1)
-CVE-2019-25161 [drm/amd/display: prevent memory leak]
+CVE-2019-25161 (In the Linux kernel, the following vulnerability has been resolved:  d ...)
 	- linux 5.4.6-1
 	[buster] - linux 4.19.146-1
 	NOTE: https://git.kernel.org/linus/104c307147ad379617472dd91a5bcb368d72bd6d (5.4-rc1)
-CVE-2019-25160 [netlabel: fix out-of-bounds memory accesses]
+CVE-2019-25160 (In the Linux kernel, the following vulnerability has been resolved:  n ...)
 	- linux 4.19.28-1
 	NOTE: https://git.kernel.org/linus/5578de4834fe0f2a34fedc7374be691443396d1f (5.0)
-CVE-2024-26606 [binder: signal epoll threads of self-work]
+CVE-2024-26606 (In the Linux kernel, the following vulnerability has been resolved:  b ...)
 	- linux <unfixed>
 	NOTE: https://git.kernel.org/linus/97830f3c3088638ff90b20dfba2eb4d487bf14d7 (6.8-rc3)
 CVE-2024-27456 (rack-cors (aka Rack CORS Middleware) 2.0.1 has 0666 permissions for th ...)
@@ -209,7 +309,7 @@ CVE-2024-21423 (Microsoft Edge (Chromium-based) Information Disclosure Vulnerabi
 	NOT-FOR-US: Microsoft
 CVE-2024-1810 (The Archivist \u2013 Custom Archive Templates plugin for WordPress is  ...)
 	NOT-FOR-US: WordPress plugin
-CVE-2024-22371
+CVE-2024-22371 (Exposure of sensitive data by by crafting a malicious EventFactory and ...)
 	NOT-FOR-US: Apache Camel
 CVE-2024-27319 (Versions of the package onnx before and including 1.15.0 are vulnerabl ...)
 	NOT-FOR-US: onnx
@@ -622,9 +722,9 @@ CVE-2024-26484 (A stored cross-site scripting (XSS) vulnerability in the Edit Co
 	NOT-FOR-US: Kirby CMS module
 CVE-2024-26483 (An arbitrary file upload vulnerability in the Profile Image module of  ...)
 	NOT-FOR-US: Kirby CMS module
-CVE-2024-26482 (An HTML injection vulnerability in the Edit Content Layout module of K ...)
+CVE-2024-26482 (An HTML injection vulnerability exists in the Edit Content Layout modu ...)
 	NOT-FOR-US: Kirby CMS module
-CVE-2024-26481 (Kirby CMS v4.1.0 was discovered to contain a reflected cross-site scri ...)
+CVE-2024-26481 (Kirby CMS v4.1.0 was discovered to contain a reflected self-XSS vulner ...)
 	NOT-FOR-US: Kirby CMS
 CVE-2024-26148 (Querybook is a user interface for querying big data. Prior to version  ...)
 	NOT-FOR-US: Querybook
@@ -3421,6 +3521,7 @@ CVE-2024-24829 (Sentry is an error tracking and performance monitoring platform.
 CVE-2024-24825 (DIRAC is a distributed resource framework. In affected versions any us ...)
 	NOT-FOR-US: DIRAC
 CVE-2024-24821 (Composer is a dependency Manager for the PHP language. In affected ver ...)
+	{DSA-5632-1}
 	- composer 2.7.1-1 (bug #1063603)
 	NOTE: https://github.com/composer/composer/security/advisories/GHSA-7c6p-848j-wh5h
 	NOTE: https://github.com/composer/composer/commit/64e4eb356b159a30c766cd1ea83450a38dc23bf5 (2.7.0)
@@ -4432,7 +4533,7 @@ CVE-2023-5643 (Out-of-bounds Write vulnerability in Arm Ltd Bifrost GPU Kernel D
 CVE-2023-5249 (Use After Free vulnerability in Arm Ltd Bifrost GPU Kernel Driver, Arm ...)
 	NOT-FOR-US: Arm
 CVE-2023-52138 (Engrampa is an archive manager for the MATE environment. Engrampa is f ...)
-	{DSA-5625-1}
+	{DSA-5625-1 DLA-3741-1}
 	- engrampa 1.26.2-1 (bug #1063494)
 	NOTE: https://github.com/mate-desktop/engrampa/security/advisories/GHSA-c98h-v39w-3r7v
 	NOTE: https://github.com/mate-desktop/engrampa/commit/63d5dfa9005c6b16d0f0ccd888cc859fca78f970
@@ -7960,6 +8061,7 @@ CVE-2024-0555 (A Cross-Site Request Forgery (CSRF) vulnerability has been found
 CVE-2024-0554 (A Cross-site scripting (XSS) vulnerability has been found on WIC1200,  ...)
 	NOT-FOR-US: WIC200
 CVE-2024-0553 (A vulnerability was found in GnuTLS. The response times to malformed c ...)
+	{DLA-3740-1}
 	- gnutls28 3.8.3-1 (bug #1061046)
 	[bookworm] - gnutls28 3.7.9-2+deb12u2
 	[bullseye] - gnutls28 <not-affected> (Incomplete fix for CVE-2023-5981 not published officially in any Debian bullseye release)



View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/80a89ccd4f9b3d0cfc7f49cb9884987b04f38080

-- 
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/80a89ccd4f9b3d0cfc7f49cb9884987b04f38080
You're receiving this email because of your account on salsa.debian.org.


-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://alioth-lists.debian.net/pipermail/debian-security-tracker-commits/attachments/20240226/88be89e7/attachment-0001.htm>


More information about the debian-security-tracker-commits mailing list