[Git][security-tracker-team/security-tracker][master] automatic update
Salvatore Bonaccorso (@carnil)
carnil at debian.org
Mon Feb 26 20:12:29 GMT 2024
Salvatore Bonaccorso pushed to branch master at Debian Security Tracker / security-tracker
Commits:
80a89ccd by security tracker role at 2024-02-26T20:12:16+00:00
automatic update
- - - - -
1 changed file:
- data/CVE/list
Changes:
=====================================
data/CVE/list
=====================================
@@ -1,31 +1,131 @@
+CVE-2024-27092 (Hoppscotch is an API development ecosystem. Due to lack of validation ...)
+ TODO: check
+CVE-2024-27088 (es5-ext contains ECMAScript 5 extensions. Passing functions with very ...)
+ TODO: check
+CVE-2024-27087 (Kirby is a content management system. The new link field introduced in ...)
+ TODO: check
+CVE-2024-27084
+ REJECTED
+CVE-2024-27081 (ESPHome is a system to control your ESP8266/ESP32. A security misconfi ...)
+ TODO: check
+CVE-2024-26468 (A DOM based cross-site scripting (XSS) vulnerability in the component ...)
+ TODO: check
+CVE-2024-26467 (A DOM based cross-site scripting (XSS) vulnerability in the component ...)
+ TODO: check
+CVE-2024-26466 (A DOM based cross-site scripting (XSS) vulnerability in the component ...)
+ TODO: check
+CVE-2024-26465 (A DOM based cross-site scripting (XSS) vulnerability in the component ...)
+ TODO: check
+CVE-2024-26462 (Kerberos 5 (aka krb5) 1.21.2 contains a memory leak vulnerability in / ...)
+ TODO: check
+CVE-2024-26461 (Kerberos 5 (aka krb5) 1.21.2 contains a memory leak vulnerability in / ...)
+ TODO: check
+CVE-2024-26458 (Kerberos 5 (aka krb5) 1.21.2 contains a memory leak in /krb5/src/lib/r ...)
+ TODO: check
+CVE-2024-26455 (fluent-bit 2.2.2 contains a Use-After-Free vulnerability in /fluent-bi ...)
+ TODO: check
+CVE-2024-25925 (Unrestricted Upload of File with Dangerous Type vulnerability in SYSBA ...)
+ TODO: check
+CVE-2024-25913 (Unrestricted Upload of File with Dangerous Type vulnerability in Skymo ...)
+ TODO: check
+CVE-2024-25909 (Unrestricted Upload of File with Dangerous Type vulnerability in JoomU ...)
+ TODO: check
+CVE-2024-25770 (libming 0.4.8 contains a memory leak vulnerability in /libming/src/act ...)
+ TODO: check
+CVE-2024-25768 (OpenDMARC 1.4.2 contains a null pointer dereference vulnerability in / ...)
+ TODO: check
+CVE-2024-25767 (nanomq 0.21.2 contains a Use-After-Free vulnerability in /nanomq/nng/s ...)
+ TODO: check
+CVE-2024-25763 (openNDS 10.2.0 is vulnerable to Use-After-Free via /openNDS/src/auth.c ...)
+ TODO: check
+CVE-2024-25760 (yasm 1.3.0 contains a memory leak via /yasm/tools/genmacro/genmacro.c.)
+ TODO: check
+CVE-2024-25410 (flusity-CMS 2.33 is vulnerable to Unrestricted Upload of File with Dan ...)
+ TODO: check
+CVE-2024-25344 (Cross Site Scripting vulnerability in ITFlow.org before commit v.43248 ...)
+ TODO: check
+CVE-2024-25082 (Splinefont in FontForge through 20230101 allows command injection via ...)
+ TODO: check
+CVE-2024-25081 (Splinefont in FontForge through 20230101 allows command injection via ...)
+ TODO: check
+CVE-2024-24714 (Unrestricted Upload of File with Dangerous Type vulnerability in bPlug ...)
+ TODO: check
+CVE-2024-24568 (Suricata is a network Intrusion Detection System, Intrusion Prevention ...)
+ TODO: check
+CVE-2024-24528
+ REJECTED
+CVE-2024-24402 (An issue in Nagios XI 2024R1.01 allows a remote attacker to escalate p ...)
+ TODO: check
+CVE-2024-24401 (SQL Injection vulnerability in Nagios XI 2024R1.01 allows a remote att ...)
+ TODO: check
+CVE-2024-23839 (Suricata is a network Intrusion Detection System, Intrusion Prevention ...)
+ TODO: check
+CVE-2024-23837 (LibHTP is a security-aware parser for the HTTP protocol. Crafted traff ...)
+ TODO: check
+CVE-2024-23836 (Suricata is a network Intrusion Detection System, Intrusion Prevention ...)
+ TODO: check
+CVE-2024-23835 (Suricata is a network Intrusion Detection System, Intrusion Prevention ...)
+ TODO: check
+CVE-2024-23605 (A heap-based buffer overflow vulnerability exists in the GGUF library ...)
+ TODO: check
+CVE-2024-23496 (A heap-based buffer overflow vulnerability exists in the GGUF library ...)
+ TODO: check
+CVE-2024-22873 (Tencent Blueking CMDB v3.2.x to v3.9.x was discovered to contain a Ser ...)
+ TODO: check
+CVE-2024-22201 (Jetty is a Java based web server and servlet engine. An HTTP/2 SSL con ...)
+ TODO: check
+CVE-2024-21836 (A heap-based buffer overflow vulnerability exists in the GGUF library ...)
+ TODO: check
+CVE-2024-21825 (A heap-based buffer overflow vulnerability exists in the GGUF library ...)
+ TODO: check
+CVE-2024-21802 (A heap-based buffer overflow vulnerability exists in the GGUF library ...)
+ TODO: check
+CVE-2024-1899 (An issue in the anchors subparser of Showdownjs versions <= 2.1.0 coul ...)
+ TODO: check
+CVE-2024-1890 (Vulnerability whereby an attacker could send a malicious link to an au ...)
+ TODO: check
+CVE-2024-1889 (Cross-Site Request Forgery vulnerability in SMA Cluster Controller, af ...)
+ TODO: check
+CVE-2024-1622 (Due to a mistake in error checking, Routinator will terminate when an ...)
+ TODO: check
+CVE-2024-1436 (Exposure of Sensitive Information to an Unauthorized Actor vulnerabili ...)
+ TODO: check
+CVE-2024-0387 (The EDS-4000/G4000 Series prior to version 3.2 includes IP forwarding ...)
+ TODO: check
+CVE-2023-49960 (In Indo-Sol PROFINET-INspektor NT through 2.4.0, a path traversal vuln ...)
+ TODO: check
+CVE-2023-49959 (In Indo-Sol PROFINET-INspektor NT through 2.4.0, a command injection v ...)
+ TODO: check
+CVE-2023-49114 (A DLL hijacking vulnerability was identified in the Qognify VMS Client ...)
+ TODO: check
CVE-2023-51518
NOT-FOR-US: Apache James
-CVE-2023-52474 [IB/hfi1: Fix bugs with non-PAGE_SIZE-end multi-iovec user SDMA requests]
+CVE-2023-52474 (In the Linux kernel, the following vulnerability has been resolved: I ...)
- linux 6.3.7-1
[bookworm] - linux 6.1.37-1
[bullseye] - linux 5.10.191-1
NOTE: https://git.kernel.org/linus/00cbce5cbf88459cd1aa1d60d0f1df15477df127 (6.4-rc1)
-CVE-2021-46906 [HID: usbhid: fix info leak in hid_submit_ctrl]
+CVE-2021-46906 (In the Linux kernel, the following vulnerability has been resolved: H ...)
- linux 5.14.6-1
[bullseye] - linux 5.10.46-1
[buster] - linux 4.19.208-1
NOTE: https://git.kernel.org/linus/6be388f4a35d2ce5ef7dbf635a8964a5da7f799f (5.13-rc5)
-CVE-2020-36775 [f2fs: fix to avoid potential deadlock]
+CVE-2020-36775 (In the Linux kernel, the following vulnerability has been resolved: f ...)
- linux 5.6.7-1
NOTE: https://git.kernel.org/linus/df77fbd8c5b222c680444801ffd20e8bbc90a56e (5.7-rc1)
-CVE-2019-25162 [i2c: Fix a potential use after free]
+CVE-2019-25162 (In the Linux kernel, the following vulnerability has been resolved: i ...)
- linux 5.19.6-1
[bullseye] - linux 5.10.140-1
[buster] - linux 4.19.260-1
NOTE: https://git.kernel.org/linus/e4c72c06c367758a14f227c847f9d623f1994ecf (6.0-rc1)
-CVE-2019-25161 [drm/amd/display: prevent memory leak]
+CVE-2019-25161 (In the Linux kernel, the following vulnerability has been resolved: d ...)
- linux 5.4.6-1
[buster] - linux 4.19.146-1
NOTE: https://git.kernel.org/linus/104c307147ad379617472dd91a5bcb368d72bd6d (5.4-rc1)
-CVE-2019-25160 [netlabel: fix out-of-bounds memory accesses]
+CVE-2019-25160 (In the Linux kernel, the following vulnerability has been resolved: n ...)
- linux 4.19.28-1
NOTE: https://git.kernel.org/linus/5578de4834fe0f2a34fedc7374be691443396d1f (5.0)
-CVE-2024-26606 [binder: signal epoll threads of self-work]
+CVE-2024-26606 (In the Linux kernel, the following vulnerability has been resolved: b ...)
- linux <unfixed>
NOTE: https://git.kernel.org/linus/97830f3c3088638ff90b20dfba2eb4d487bf14d7 (6.8-rc3)
CVE-2024-27456 (rack-cors (aka Rack CORS Middleware) 2.0.1 has 0666 permissions for th ...)
@@ -209,7 +309,7 @@ CVE-2024-21423 (Microsoft Edge (Chromium-based) Information Disclosure Vulnerabi
NOT-FOR-US: Microsoft
CVE-2024-1810 (The Archivist \u2013 Custom Archive Templates plugin for WordPress is ...)
NOT-FOR-US: WordPress plugin
-CVE-2024-22371
+CVE-2024-22371 (Exposure of sensitive data by by crafting a malicious EventFactory and ...)
NOT-FOR-US: Apache Camel
CVE-2024-27319 (Versions of the package onnx before and including 1.15.0 are vulnerabl ...)
NOT-FOR-US: onnx
@@ -622,9 +722,9 @@ CVE-2024-26484 (A stored cross-site scripting (XSS) vulnerability in the Edit Co
NOT-FOR-US: Kirby CMS module
CVE-2024-26483 (An arbitrary file upload vulnerability in the Profile Image module of ...)
NOT-FOR-US: Kirby CMS module
-CVE-2024-26482 (An HTML injection vulnerability in the Edit Content Layout module of K ...)
+CVE-2024-26482 (An HTML injection vulnerability exists in the Edit Content Layout modu ...)
NOT-FOR-US: Kirby CMS module
-CVE-2024-26481 (Kirby CMS v4.1.0 was discovered to contain a reflected cross-site scri ...)
+CVE-2024-26481 (Kirby CMS v4.1.0 was discovered to contain a reflected self-XSS vulner ...)
NOT-FOR-US: Kirby CMS
CVE-2024-26148 (Querybook is a user interface for querying big data. Prior to version ...)
NOT-FOR-US: Querybook
@@ -3421,6 +3521,7 @@ CVE-2024-24829 (Sentry is an error tracking and performance monitoring platform.
CVE-2024-24825 (DIRAC is a distributed resource framework. In affected versions any us ...)
NOT-FOR-US: DIRAC
CVE-2024-24821 (Composer is a dependency Manager for the PHP language. In affected ver ...)
+ {DSA-5632-1}
- composer 2.7.1-1 (bug #1063603)
NOTE: https://github.com/composer/composer/security/advisories/GHSA-7c6p-848j-wh5h
NOTE: https://github.com/composer/composer/commit/64e4eb356b159a30c766cd1ea83450a38dc23bf5 (2.7.0)
@@ -4432,7 +4533,7 @@ CVE-2023-5643 (Out-of-bounds Write vulnerability in Arm Ltd Bifrost GPU Kernel D
CVE-2023-5249 (Use After Free vulnerability in Arm Ltd Bifrost GPU Kernel Driver, Arm ...)
NOT-FOR-US: Arm
CVE-2023-52138 (Engrampa is an archive manager for the MATE environment. Engrampa is f ...)
- {DSA-5625-1}
+ {DSA-5625-1 DLA-3741-1}
- engrampa 1.26.2-1 (bug #1063494)
NOTE: https://github.com/mate-desktop/engrampa/security/advisories/GHSA-c98h-v39w-3r7v
NOTE: https://github.com/mate-desktop/engrampa/commit/63d5dfa9005c6b16d0f0ccd888cc859fca78f970
@@ -7960,6 +8061,7 @@ CVE-2024-0555 (A Cross-Site Request Forgery (CSRF) vulnerability has been found
CVE-2024-0554 (A Cross-site scripting (XSS) vulnerability has been found on WIC1200, ...)
NOT-FOR-US: WIC200
CVE-2024-0553 (A vulnerability was found in GnuTLS. The response times to malformed c ...)
+ {DLA-3740-1}
- gnutls28 3.8.3-1 (bug #1061046)
[bookworm] - gnutls28 3.7.9-2+deb12u2
[bullseye] - gnutls28 <not-affected> (Incomplete fix for CVE-2023-5981 not published officially in any Debian bullseye release)
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/80a89ccd4f9b3d0cfc7f49cb9884987b04f38080
--
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/80a89ccd4f9b3d0cfc7f49cb9884987b04f38080
You're receiving this email because of your account on salsa.debian.org.
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://alioth-lists.debian.net/pipermail/debian-security-tracker-commits/attachments/20240226/88be89e7/attachment-0001.htm>
More information about the debian-security-tracker-commits
mailing list