[Git][security-tracker-team/security-tracker][master] automatic update
Salvatore Bonaccorso (@carnil)
carnil at debian.org
Thu Feb 29 08:12:29 GMT 2024
Salvatore Bonaccorso pushed to branch master at Debian Security Tracker / security-tracker
Commits:
aa328881 by security tracker role at 2024-02-29T08:12:15+00:00
automatic update
- - - - -
1 changed file:
- data/CVE/list
Changes:
=====================================
data/CVE/list
=====================================
@@ -1,46 +1,192 @@
-CVE-2023-52484 [iommu/arm-smmu-v3: Fix soft lockup triggered by arm_smmu_mm_invalidate_range]
+CVE-2024-26559 (An issue in uverif v.2.0 allows a remote attacker to obtain sensitive ...)
+ TODO: check
+CVE-2024-26476 (An issue in open-emr before v.7.0.2 allows a remote attacker to escala ...)
+ TODO: check
+CVE-2024-26450 (Cross Site Scripting vulnerability in Piwigo before v.14.2.0 allows a ...)
+ TODO: check
+CVE-2024-25869 (An Unrestricted File Upload vulnerability in CodeAstro Membership Mana ...)
+ TODO: check
+CVE-2024-25868 (A Cross Site Scripting (XSS) vulnerability in CodeAstro Membership Man ...)
+ TODO: check
+CVE-2024-25867 (A SQL Injection vulnerability in CodeAstro Membership Management Syste ...)
+ TODO: check
+CVE-2024-25866 (A SQL Injection vulnerability in CodeAstro Membership Management Syste ...)
+ TODO: check
+CVE-2024-25594 (Improper Neutralization of Input During Web Page Generation ('Cross-si ...)
+ TODO: check
+CVE-2024-25579 (OS command injection vulnerability in ELECOM wireless LAN routers allo ...)
+ TODO: check
+CVE-2024-25422 (SQL Injection vulnerability in SEMCMS v.4.8 allows a remote attacker t ...)
+ TODO: check
+CVE-2024-25351 (SQL Injection vulnerability in /zms/admin/changeimage.php in PHPGuruku ...)
+ TODO: check
+CVE-2024-25350 (SQL Injection vulnerability in /zms/admin/edit-ticket.php in PHPGuruku ...)
+ TODO: check
+CVE-2024-25292 (Cross-site scripting (XSS) vulnerability in RenderTune v1.1.4 allows a ...)
+ TODO: check
+CVE-2024-25291 (Deskfiler v1.2.3 allows attackers to execute arbitrary code via upload ...)
+ TODO: check
+CVE-2024-25098 (Improper Neutralization of Input During Web Page Generation ('Cross-si ...)
+ TODO: check
+CVE-2024-25094 (Improper Neutralization of Input During Web Page Generation ('Cross-si ...)
+ TODO: check
+CVE-2024-25093 (Improper Neutralization of Input During Web Page Generation ('Cross-si ...)
+ TODO: check
+CVE-2024-24988 (Mattermost fails to properly validate the length of the emoji value in ...)
+ TODO: check
+CVE-2024-24525 (An issue in EpointWebBuilder 5.1.0-sp1, 5.2.1-sp1, 5.4.1 and 5.4.2 all ...)
+ TODO: check
+CVE-2024-24155 (Bento4 v1.5.1-628 contains a Memory leak on AP4_Movie::AP4_Movie, pars ...)
+ TODO: check
+CVE-2024-24150 (A memory leak issue discovered in parseSWF_TEXTRECORD in libming v0.4. ...)
+ TODO: check
+CVE-2024-24149 (A memory leak issue discovered in parseSWF_GLYPHENTRY in libming v0.4. ...)
+ TODO: check
+CVE-2024-24147 (A memory leak issue discovered in parseSWF_FILLSTYLEARRAY in libming v ...)
+ TODO: check
+CVE-2024-24146 (A memory leak issue discovered in parseSWF_DEFINEBUTTON in libming v0. ...)
+ TODO: check
+CVE-2024-23910 (Cross-site request forgery (CSRF) vulnerability in ELECOM wireless LAN ...)
+ TODO: check
+CVE-2024-23501 (Improper Neutralization of Input During Web Page Generation ('Cross-si ...)
+ TODO: check
+CVE-2024-23493 (Mattermost fails to properly authorize the requests fetchingteam assoc ...)
+ TODO: check
+CVE-2024-23488 (Mattermost fails to properly restrict the access of files attached to ...)
+ TODO: check
+CVE-2024-23302 (Couchbase Server before 7.2.4 has a private key leak in goxdcr.log.)
+ TODO: check
+CVE-2024-22983 (SQL injection vulnerability in Projectworlds Visitor Management System ...)
+ TODO: check
+CVE-2024-22871 (An issue in Clojure versions 1.20 to 1.12.0-alpha5 allows an attacker ...)
+ TODO: check
+CVE-2024-22532 (Buffer Overflow vulnerability in XNSoft NConvert 7.163 (for Windows x8 ...)
+ TODO: check
+CVE-2024-21798 (ELECOM wireless LAN routers contain a cross-site scripting vulnerabili ...)
+ TODO: check
+CVE-2024-21752 (Cross-Site Request Forgery (CSRF) vulnerability in Ernest Marcinko Aja ...)
+ TODO: check
+CVE-2024-1982 (The Migration, Backup, Staging \u2013 WPvivid plugin for WordPress is ...)
+ TODO: check
+CVE-2024-1981 (The Migration, Backup, Staging \u2013 WPvivid plugin for WordPress is ...)
+ TODO: check
+CVE-2024-1978 (The Friends plugin for WordPress is vulnerable to Server-Side Request ...)
+ TODO: check
+CVE-2024-1977 (The Restaurant Solutions \u2013 Checklist plugin for WordPress is vuln ...)
+ TODO: check
+CVE-2024-1976 (The Marketing Optimizer plugin for WordPress is vulnerable to Cross-Si ...)
+ TODO: check
+CVE-2024-1972 (A vulnerability was found in SourceCodester Online Job Portal 1.0 and ...)
+ TODO: check
+CVE-2024-1971 (A vulnerability has been found in Surya2Developer Online Shopping Syst ...)
+ TODO: check
+CVE-2024-1970 (A vulnerability, which was classified as problematic, was found in Sou ...)
+ TODO: check
+CVE-2024-1887 (Mattermost fails to check if compliance export is enabled when fetchin ...)
+ TODO: check
+CVE-2024-1468 (The Avada | Website Builder For WordPress & WooCommerce theme for Word ...)
+ TODO: check
+CVE-2024-1437 (Improper Neutralization of Input During Web Page Generation ('Cross-si ...)
+ TODO: check
+CVE-2024-1435 (Exposure of Sensitive Information to an Unauthorized Actor vulnerabili ...)
+ TODO: check
+CVE-2024-1434 (Improper Neutralization of Input During Web Page Generation ('Cross-si ...)
+ TODO: check
+CVE-2024-1341 (The Advanced iFrame plugin for WordPress is vulnerable to Stored Cross ...)
+ TODO: check
+CVE-2024-0689 (The Custom Field Suite plugin for WordPress is vulnerable to Stored Cr ...)
+ TODO: check
+CVE-2023-6090 (Unrestricted Upload of File with Dangerous Type vulnerability in Molli ...)
+ TODO: check
+CVE-2023-5617 (Hitachi Vantara Pentaho Data Integration & Analytics versions before 1 ...)
+ TODO: check
+CVE-2023-51802 (Cross Site Scripting (XSS) vulnerability in the Simple Student Attenda ...)
+ TODO: check
+CVE-2023-51801 (SQL Injection vulnerability in the Simple Student Attendance System v. ...)
+ TODO: check
+CVE-2023-51800 (Cross Site Scripting (XSS) vulnerability in School Fees Management Sys ...)
+ TODO: check
+CVE-2023-51696 (Cross-Site Request Forgery (CSRF) vulnerability in \u0421leanTalk - An ...)
+ TODO: check
+CVE-2023-51531 (Cross-Site Request Forgery (CSRF) vulnerability in Thrive Themes Thriv ...)
+ TODO: check
+CVE-2023-51530 (Cross-Site Request Forgery (CSRF) vulnerability in GS Plugins Logo Sli ...)
+ TODO: check
+CVE-2023-51529 (Cross-Site Request Forgery (CSRF) vulnerability in HasThemes HT Mega \ ...)
+ TODO: check
+CVE-2023-51528 (Cross-Site Request Forgery (CSRF) vulnerability in Senol Sahin AI Powe ...)
+ TODO: check
+CVE-2023-50905 (Improper Neutralization of Input During Web Page Generation ('Cross-si ...)
+ TODO: check
+CVE-2023-50437 (An issue was discovered in Couchbase Server before 7.2.x before 7.2.4. ...)
+ TODO: check
+CVE-2023-50436 (An issue was discovered in Couchbase Server before 7.2.4. ns_server ad ...)
+ TODO: check
+CVE-2023-49932 (An issue was discovered in Couchbase Server before 7.2.4. An attacker ...)
+ TODO: check
+CVE-2023-49931 (An issue was discovered in Couchbase Server before 7.2.4. SQL++ cURL c ...)
+ TODO: check
+CVE-2023-49930 (An issue was discovered in Couchbase Server before 7.2.4. cURL calls t ...)
+ TODO: check
+CVE-2023-49338 (Couchbase Server 7.1.x and 7.2.x before 7.2.4 does not require authent ...)
+ TODO: check
+CVE-2023-47874 (Missing Authorization vulnerability in Perfmatters.This issue affects ...)
+ TODO: check
+CVE-2023-45874 (An issue was discovered in Couchbase Server through 7.2.2. A data read ...)
+ TODO: check
+CVE-2023-45873 (An issue was discovered in Couchbase Server through 7.2.2. A data read ...)
+ TODO: check
+CVE-2023-45859 (In Hazelcast through 4.1.10, 4.2 through 4.2.8, 5.0 through 5.0.5, 5.1 ...)
+ TODO: check
+CVE-2023-43769 (An issue was discovered in Couchbase Server through 7.1.4 before 7.1.5 ...)
+ TODO: check
+CVE-2023-38372 (An unauthorized attacker who has obtained an IBM Watson IoT Platform 1 ...)
+ TODO: check
+CVE-2023-38367 (IBM Cloud Pak Foundational Services Identity Provider (idP) API (IBM C ...)
+ TODO: check
+CVE-2023-52484 (In the Linux kernel, the following vulnerability has been resolved: i ...)
- linux 6.5.6-1
[bookworm] - linux 6.1.64-1
NOTE: https://git.kernel.org/linus/d5afb4b47e13161b3f33904d45110f9e6463bad6 (6.6-rc5)
-CVE-2023-52483 [mctp: perform route lookups under a RCU read-side lock]
+CVE-2023-52483 (In the Linux kernel, the following vulnerability has been resolved: m ...)
- linux 6.5.8-1
[bookworm] - linux 6.1.64-1
[bullseye] - linux <not-affected> (Vulnerable code not present)
[buster] - linux <not-affected> (Vulnerable code not present)
NOTE: https://git.kernel.org/linus/5093bbfc10ab6636b32728e35813cbd79feb063c (6.6-rc6)
-CVE-2023-52482 [x86/srso: Add SRSO mitigation for Hygon processors]
+CVE-2023-52482 (In the Linux kernel, the following vulnerability has been resolved: x ...)
- linux 6.5.6-1
[bookworm] - linux 6.1.64-1
NOTE: https://git.kernel.org/linus/a5ef7d68cea1344cf524f04981c2b3f80bedbb0d (6.6-rc4)
-CVE-2023-52481 [arm64: errata: Add Cortex-A520 speculative unprivileged load workaround]
+CVE-2023-52481 (In the Linux kernel, the following vulnerability has been resolved: a ...)
- linux 6.5.8-1
[bookworm] - linux 6.1.64-1
NOTE: https://git.kernel.org/linus/471470bc7052d28ce125901877dd10e4c048e513 (6.6-rc5)
-CVE-2023-52480 [ksmbd: fix race condition between session lookup and expire]
+CVE-2023-52480 (In the Linux kernel, the following vulnerability has been resolved: k ...)
- linux 6.5.8-1
[bookworm] - linux 6.1.64-1
NOTE: https://git.kernel.org/linus/53ff5cf89142b978b1a5ca8dc4d4425e6a09745f (6.6-rc5)
-CVE-2023-52479 [ksmbd: fix uaf in smb20_oplock_break_ack]
+CVE-2023-52479 (In the Linux kernel, the following vulnerability has been resolved: k ...)
- linux 6.5.8-1
[bookworm] - linux 6.1.64-1
NOTE: https://git.kernel.org/linus/c69813471a1ec081a0b9bf0c6bd7e8afd818afce (6.6-rc5)
-CVE-2023-52478 [HID: logitech-hidpp: Fix kernel crash on receiver USB disconnect]
+CVE-2023-52478 (In the Linux kernel, the following vulnerability has been resolved: H ...)
- linux 6.5.8-1
[bookworm] - linux 6.1.64-1
[bullseye] - linux 5.10.205-1
[buster] - linux 4.19.304-1
NOTE: https://git.kernel.org/linus/dac501397b9d81e4782232c39f94f4307b137452 (6.6-rc6)
-CVE-2023-52477 [usb: hub: Guard against accesses to uninitialized BOS descriptors]
+CVE-2023-52477 (In the Linux kernel, the following vulnerability has been resolved: u ...)
- linux 6.5.8-1
[bookworm] - linux 6.1.64-1
[bullseye] - linux 5.10.205-1
[buster] - linux 4.19.304-1
NOTE: https://git.kernel.org/linus/f74a7afc224acd5e922c7a2e52244d891bbe44ee (6.6-rc6)
-CVE-2023-52476 [perf/x86/lbr: Filter vsyscall addresses]
+CVE-2023-52476 (In the Linux kernel, the following vulnerability has been resolved: p ...)
- linux 6.5.8-1
[bookworm] - linux 6.1.64-1
NOTE: https://git.kernel.org/linus/e53899771a02f798d436655efbd9d4b46c0f9265 (6.6-rc6)
-CVE-2023-52475 [Input: powermate - fix use-after-free in powermate_config_complete]
+CVE-2023-52475 (In the Linux kernel, the following vulnerability has been resolved: I ...)
- linux 6.5.8-1
[bookworm] - linux 6.1.64-1
[bullseye] - linux 5.10.205-1
@@ -1762,14 +1908,14 @@ CVE-2023-44379 (baserCMS is a website development framework. Prior to version 5.
NOT-FOR-US: baserCMS
CVE-2023-37540 (Sametime Connect desktop chat client includes, but does not use or req ...)
NOT-FOR-US: Sametime Connect
-CVE-2024-26141 [Reject Range headers which are too large]
+CVE-2024-26141 (Rack is a modular Ruby web server interface. Carefully crafted Range h ...)
- ruby-rack <unfixed> (bug #1064516)
NOTE: https://github.com/rack/rack/releases/tag/v2.2.8.1
NOTE: https://github.com/rack/rack/commit/62457686b26d33a15a254c7768c2076e8e02b48b (v2.2.8.1)
-CVE-2024-25126 [Fixed ReDoS in Content Type header parsing]
+CVE-2024-25126 (Rack is a modular Ruby web server interface. Carefully crafted content ...)
- ruby-rack <unfixed> (bug #1064516)
NOTE: https://github.com/rack/rack/releases/tag/v2.2.8.1
-CVE-2024-26146 [Fixed ReDoS in Accept header parsing]
+CVE-2024-26146 (Rack is a modular Ruby web server interface. Carefully crafted headers ...)
- ruby-rack <unfixed> (bug #1064516)
NOTE: https://github.com/rack/rack/releases/tag/v2.2.8.1
NOTE: https://github.com/rack/rack/commit/e4c117749ba24a66f8ec5a08eddf68deeb425ccd (v2.2.8.1)
@@ -2254,12 +2400,12 @@ CVE-2023-42496 (Reflected cross-site scripting (XSS) vulnerability on the add as
NOT-FOR-US: Liferay
CVE-2023-40191 (Reflected cross-site scripting (XSS) vulnerability in the instance set ...)
NOT-FOR-US: Liferay
-CVE-2024-1939
+CVE-2024-1939 (Type Confusion in V8 in Google Chrome prior to 122.0.6261.94 allowed a ...)
{DSA-5634-1}
- chromium 122.0.6261.94-1
[bullseye] - chromium <end-of-life> (see #1061268)
[buster] - chromium <end-of-life> (see DSA 5046)
-CVE-2024-1938
+CVE-2024-1938 (Type Confusion in V8 in Google Chrome prior to 122.0.6261.94 allowed a ...)
{DSA-5634-1}
- chromium 122.0.6261.94-1
[bullseye] - chromium <end-of-life> (see #1061268)
@@ -3907,7 +4053,7 @@ CVE-2024-21376 (Microsoft Azure Kubernetes Service Confidential Container Remote
NOT-FOR-US: Microsoft
CVE-2024-21375 (Microsoft WDAC OLE DB provider for SQL Server Remote Code Execution Vu ...)
NOT-FOR-US: Microsoft
-CVE-2024-21374 (Microsoft Teams for Android Information Disclosure)
+CVE-2024-21374 (Microsoft Teams for Android Information Disclosure Vulnerability)
NOT-FOR-US: Microsoft
CVE-2024-21372 (Windows OLE Remote Code Execution Vulnerability)
NOT-FOR-US: Microsoft
@@ -4979,7 +5125,7 @@ CVE-2023-6736 (An issue has been discovered in GitLab EE affecting all versions
- gitlab <not-affected> (Specific to EE)
CVE-2023-5665 (The Payment Forms for Paystack plugin for WordPress is vulnerable to S ...)
NOT-FOR-US: WordPress plugin
-CVE-2023-48974 (Cross Site Scripting vulnerability in Axigen WebMail v.10.5.7 and befo ...)
+CVE-2023-48974 (Cross Site Scripting vulnerability in Axigen WebMail prior to 10.3.3.6 ...)
NOT-FOR-US: Axigen WebMail
CVE-2023-47798 (Account lockout in Liferay Portal 7.2.0 through 7.3.0, and older unsup ...)
NOT-FOR-US: Liferay Portal
@@ -53572,8 +53718,8 @@ CVE-2023-1843 (The Metform Elementor Contact Form Builder plugin for WordPress i
NOT-FOR-US: WordPress plugin
CVE-2023-1842
REJECTED
-CVE-2023-1841
- RESERVED
+CVE-2023-1841 (Improper Neutralization of Input During Web Page Generation ('Cross-si ...)
+ TODO: check
CVE-2023-29272
RESERVED
CVE-2023-29271
@@ -59569,8 +59715,8 @@ CVE-2023-27547
RESERVED
CVE-2023-27546
RESERVED
-CVE-2023-27545
- RESERVED
+CVE-2023-27545 (IBM Watson CloudPak for Data Data Stores information disclosure 4.6.0 ...)
+ TODO: check
CVE-2023-27544
RESERVED
CVE-2023-27543
@@ -63989,18 +64135,18 @@ CVE-2023-25928 (IBM InfoSphere Information Server 11.7 is vulnerable to cross-si
NOT-FOR-US: IBM
CVE-2023-25927 (IBM Security Verify Access 10.0.0, 10.0.1, 10.0.2, 10.0.3, 10.0.4, and ...)
NOT-FOR-US: IBM
-CVE-2023-25926
- RESERVED
-CVE-2023-25925
- RESERVED
+CVE-2023-25926 (IBM Security Guardium Key Lifecycle Manager 3.0, 3.0.1, 4.0, 4.1, and ...)
+ TODO: check
+CVE-2023-25925 (IBM Security Guardium Key Lifecycle Manager 3.0, 3.0.1, 4.0, 4.1, and ...)
+ TODO: check
CVE-2023-25924 (IBM Security Guardium Key Lifecycle Manager 3.0, 3.0.1, 4.0, 4.1, and ...)
NOT-FOR-US: IBM
CVE-2023-25923 (IBM Security Guardium Key Lifecycle Manager 3.0, 3.0.1, 4.0, 4.1, and ...)
NOT-FOR-US: IBM
-CVE-2023-25922
- RESERVED
-CVE-2023-25921
- RESERVED
+CVE-2023-25922 (IBM Security Guardium Key Lifecycle Manager 3.0, 3.0.1, 4.0, 4.1, and ...)
+ TODO: check
+CVE-2023-25921 (IBM Security Guardium Key Lifecycle Manager 3.0, 3.0.1, 4.0, 4.1, and ...)
+ TODO: check
CVE-2023-25920
RESERVED
CVE-2023-25919
@@ -180234,8 +180380,8 @@ CVE-2021-39092
RESERVED
CVE-2021-39091
RESERVED
-CVE-2021-39090
- RESERVED
+CVE-2021-39090 (IBM Cloud Pak for Security (CP4S) 1.10.0.0 through 1.10.6.0 could allo ...)
+ TODO: check
CVE-2021-39089 (IBM Cloud Pak for Security (CP4S) 1.10.0.0 through 1.10.6.0 could allo ...)
NOT-FOR-US: IBM
CVE-2021-39088 (IBM QRadar SIEM 7.3, 7.4, and 7.5 is vulnerable to local privilege esc ...)
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/aa328881df3da8f137a8cebb311d61f8d3e85469
--
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/aa328881df3da8f137a8cebb311d61f8d3e85469
You're receiving this email because of your account on salsa.debian.org.
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://alioth-lists.debian.net/pipermail/debian-security-tracker-commits/attachments/20240229/ec3b3653/attachment-0001.htm>
More information about the debian-security-tracker-commits
mailing list