[Git][security-tracker-team/security-tracker][master] automatic update
Salvatore Bonaccorso (@carnil)
carnil at debian.org
Wed Jan 3 08:12:09 GMT 2024
Salvatore Bonaccorso pushed to branch master at Debian Security Tracker / security-tracker
Commits:
84d7a6d2 by security tracker role at 2024-01-03T08:11:54+00:00
automatic update
- - - - -
1 changed file:
- data/CVE/list
Changes:
=====================================
data/CVE/list
=====================================
@@ -1,3 +1,121 @@
+CVE-2024-21632 (omniauth-microsoft_graph provides an Omniauth strategy for the Microso ...)
+ TODO: check
+CVE-2024-21629 (Rust EVM is an Ethereum Virtual Machine interpreter. In `rust-evm`, a ...)
+ TODO: check
+CVE-2024-21628 (PrestaShop is an open-source e-commerce platform. Prior to version 8.1 ...)
+ TODO: check
+CVE-2024-21627 (PrestaShop is an open-source e-commerce platform. Prior to versions 8. ...)
+ TODO: check
+CVE-2024-21623 (OTCLient is an alternative tibia client for otserv. Prior to commit db ...)
+ TODO: check
+CVE-2024-0211 (DOCSIS dissector crash in Wireshark 4.2.0 allows denial of service via ...)
+ TODO: check
+CVE-2024-0210 (Zigbee TLV dissector crash in Wireshark 4.2.0 allows denial of service ...)
+ TODO: check
+CVE-2024-0209 (IEEE 1609.2 dissector crash in Wireshark 4.2.0, 4.0.0 to 4.0.11, and 3 ...)
+ TODO: check
+CVE-2024-0208 (GVCP dissector crash in Wireshark 4.2.0, 4.0.0 to 4.0.11, and 3.6.0 to ...)
+ TODO: check
+CVE-2024-0207 (HTTP3 dissector crash in Wireshark 4.2.0 allows denial of service via ...)
+ TODO: check
+CVE-2024-0196 (A vulnerability has been found in Magic-Api up to 2.0.1 and classified ...)
+ TODO: check
+CVE-2024-0195 (A vulnerability, which was classified as critical, was found in spider ...)
+ TODO: check
+CVE-2024-0194 (A vulnerability, which was classified as critical, has been found in C ...)
+ TODO: check
+CVE-2023-7027 (The POST SMTP Mailer \u2013 Email log, Delivery Failure Notifications ...)
+ TODO: check
+CVE-2023-6986 (The EmbedPress \u2013 Embed PDF, YouTube, Google Docs, Vimeo, Wistia V ...)
+ TODO: check
+CVE-2023-6981 (The WP SMS \u2013 Messaging & SMS Notification for WordPress, WooComme ...)
+ TODO: check
+CVE-2023-6980 (The WP SMS \u2013 Messaging & SMS Notification for WordPress, WooComme ...)
+ TODO: check
+CVE-2023-6629 (The POST SMTP Mailer \u2013 Email log, Delivery Failure Notifications ...)
+ TODO: check
+CVE-2023-6600 (The OMGF | GDPR/DSGVO Compliant, Faster Google Fonts. Easy. plugin for ...)
+ TODO: check
+CVE-2023-6524 (The MapPress Maps for WordPress plugin for WordPress is vulnerable to ...)
+ TODO: check
+CVE-2023-6339 (Google Nest WiFi Pro root code-execution & user-data compromise)
+ TODO: check
+CVE-2023-50922 (An issue was discovered on GL.iNet devices through 4.5.0. Attackers wh ...)
+ TODO: check
+CVE-2023-50351 (HCL DRYiCE MyXalytics is impacted by the use of an insecure key rotati ...)
+ TODO: check
+CVE-2023-50350 (HCL DRYiCE MyXalytics is impacted by the use of a broken cryptographic ...)
+ TODO: check
+CVE-2023-50348 (HCL DRYiCE MyXalytics is impacted by an improper error handling vulner ...)
+ TODO: check
+CVE-2023-50346 (HCL DRYiCE MyXalytics is impacted by an information disclosure vulnera ...)
+ TODO: check
+CVE-2023-50345 (HCL DRYiCE MyXalytics is impacted by an Open Redirect vulnerability wh ...)
+ TODO: check
+CVE-2023-50344 (HCL DRYiCE MyXalytics is impacted by improper access control (Unauthen ...)
+ TODO: check
+CVE-2023-50343 (HCL DRYiCE MyXalytics is impacted by an Improper Access Control (Contr ...)
+ TODO: check
+CVE-2023-50342 (HCL DRYiCE MyXalytics is impacted by an Insecure Direct Object Referen ...)
+ TODO: check
+CVE-2023-50341 (HCL DRYiCE MyXalytics is impacted by Improper Access Control (Obsolete ...)
+ TODO: check
+CVE-2023-50020 (An issue was discovered in open5gs v2.6.6. SIGPIPE can be used to cras ...)
+ TODO: check
+CVE-2023-50019 (An issue was discovered in open5gs v2.6.6. InitialUEMessage, Registrat ...)
+ TODO: check
+CVE-2023-4164 (There is a possible informationdisclosure due to a missing permission ...)
+ TODO: check
+CVE-2023-49558 (An issue in YASM 1.3.0.86.g9def allows a remote attacker to cause a de ...)
+ TODO: check
+CVE-2023-49557 (An issue in YASM 1.3.0.86.g9def allows a remote attacker to cause a de ...)
+ TODO: check
+CVE-2023-49556 (Buffer Overflow vulnerability in YASM 1.3.0.86.g9def allows a remote a ...)
+ TODO: check
+CVE-2023-49555 (An issue in YASM 1.3.0.86.g9def allows a remote attacker to cause a de ...)
+ TODO: check
+CVE-2023-49554 (Use After Free vulnerability in YASM 1.3.0.86.g9def allows a remote at ...)
+ TODO: check
+CVE-2023-49553 (An issue in Cesanta mjs 2.20.0 allows a remote attacker to cause a den ...)
+ TODO: check
+CVE-2023-49552 (An Out of Bounds Write in Cesanta mjs 2.20.0 allows a remote attacker ...)
+ TODO: check
+CVE-2023-49551 (An issue in Cesanta mjs 2.20.0 allows a remote attacker to cause a den ...)
+ TODO: check
+CVE-2023-49550 (An issue in Cesanta mjs 2.20.0 allows a remote attacker to cause a den ...)
+ TODO: check
+CVE-2023-49549 (An issue in Cesanta mjs 2.20.0 allows a remote attacker to cause a den ...)
+ TODO: check
+CVE-2023-48418 (In checkDebuggingDisallowed of DeviceVersionFragment.java, there is a ...)
+ TODO: check
+CVE-2023-47473 (Directory Traversal vulnerability in fuwushe.org iFair versions 23.8_a ...)
+ TODO: check
+CVE-2023-47458 (An issue in SpringBlade v.3.7.0 and before allows a remote attacker to ...)
+ TODO: check
+CVE-2023-46308 (In Plotly plotly.js before 2.25.2, plot API calls have a risk of __pro ...)
+ TODO: check
+CVE-2023-45893 (An indirect Object Reference (IDOR) in the Order and Invoice pages in ...)
+ TODO: check
+CVE-2023-45892 (An issue discovered in the Order and Invoice pages in Floorsight Insig ...)
+ TODO: check
+CVE-2023-45724 (HCL DRYiCE MyXalytics product is impacted by unauthenticated file uplo ...)
+ TODO: check
+CVE-2023-45723 (HCL DRYiCE MyXalytics is impacted by path traversal vulnerability whic ...)
+ TODO: check
+CVE-2023-45722 (HCL DRYiCE MyXalytics is impacted by path traversal arbitrary file rea ...)
+ TODO: check
+CVE-2023-45561 (An issue in A-WORLD OIRASE BEER_waiting Line v.13.6.1 allows attackers ...)
+ TODO: check
+CVE-2023-42358 (An issue was discovered in O-RAN Software Community ric-plt-e2mgr in t ...)
+ TODO: check
+CVE-2023-41783 (There is a command injection vulnerability of ZTE's ZXCLOUD iRAI. Due ...)
+ TODO: check
+CVE-2023-41780 (There is an unsafe DLL loading vulnerability in ZTE ZXCLOUD iRAI. Due ...)
+ TODO: check
+CVE-2023-41779 (There is an illegal memory access vulnerability of ZTE's ZXCLOUD iRAI ...)
+ TODO: check
+CVE-2023-41776 (There is a local privilege escalation vulnerability of ZTE's ZXCLOUD i ...)
+ TODO: check
CVE-2024-0193 (A use-after-free flaw was found in the netfilter subsystem of the Linu ...)
- linux <unfixed>
[bookworm] - linux 6.1.69-1
@@ -1614,7 +1732,8 @@ CVE-2023-47525 (Improper Neutralization of Input During Web Page Generation ('Cr
NOT-FOR-US: WordPress plugin
CVE-2023-47191 (Authorization Bypass Through User-Controlled Key vulnerability in Kain ...)
NOT-FOR-US: WordPress plugin
-CVE-2023-46791 (Online Matrimonial Project v1.0 is vulnerable to multiple Unauthentica ...)
+CVE-2023-46791
+ REJECTED
NOT-FOR-US: Online Matrimonial Project
CVE-2023-45127
REJECTED
@@ -9626,23 +9745,31 @@ CVE-2023-5801 (Vulnerability of identity verification being bypassed in the face
NOT-FOR-US: Huawei
CVE-2023-46800 (Online Matrimonial Project v1.0 is vulnerable to multiple Unauthentica ...)
NOT-FOR-US: Online Matrimonial Project
-CVE-2023-46799 (Online Matrimonial Project v1.0 is vulnerable to multiple Unauthentica ...)
+CVE-2023-46799
+ REJECTED
NOT-FOR-US: Online Matrimonial Project
-CVE-2023-46798 (Online Matrimonial Project v1.0 is vulnerable to multiple Unauthentica ...)
+CVE-2023-46798
+ REJECTED
NOT-FOR-US: Online Matrimonial Project
-CVE-2023-46797 (Online Matrimonial Project v1.0 is vulnerable to multiple Unauthentica ...)
+CVE-2023-46797
+ REJECTED
NOT-FOR-US: Online Matrimonial Project
-CVE-2023-46796 (Online Matrimonial Project v1.0 is vulnerable to multiple Unauthentica ...)
+CVE-2023-46796
+ REJECTED
NOT-FOR-US: Online Matrimonial Project
-CVE-2023-46795 (Online Matrimonial Project v1.0 is vulnerable to multiple Unauthentica ...)
+CVE-2023-46795
+ REJECTED
NOT-FOR-US: Online Matrimonial Project
-CVE-2023-46794 (Online Matrimonial Project v1.0 is vulnerable to multiple Unauthentica ...)
+CVE-2023-46794
+ REJECTED
NOT-FOR-US: Online Matrimonial Project
CVE-2023-46793 (Online Matrimonial Project v1.0 is vulnerable to multiple Unauthentica ...)
NOT-FOR-US: Online Matrimonial Project
-CVE-2023-46792 (Online Matrimonial Project v1.0 is vulnerable to multiple Unauthentica ...)
+CVE-2023-46792
+ REJECTED
NOT-FOR-US: Online Matrimonial Project
-CVE-2023-46790 (Online Matrimonial Project v1.0 is vulnerable to multiple Unauthentica ...)
+CVE-2023-46790
+ REJECTED
NOT-FOR-US: Online Matrimonial Project
CVE-2023-46789 (Online Matrimonial Project v1.0 is vulnerable to multiple Unauthentica ...)
NOT-FOR-US: Online Matrimonial Project
@@ -9650,7 +9777,8 @@ CVE-2023-46788 (Online Matrimonial Project v1.0 is vulnerable to multiple Unauth
NOT-FOR-US: Online Matrimonial Project
CVE-2023-46787 (Online Matrimonial Project v1.0 is vulnerable to multiple Unauthentica ...)
NOT-FOR-US: Online Matrimonial Project
-CVE-2023-46786 (Online Matrimonial Project v1.0 is vulnerable to multiple Unauthentica ...)
+CVE-2023-46786
+ REJECTED
NOT-FOR-US: Online Matrimonial Project
CVE-2023-46785 (Online Matrimonial Project v1.0 is vulnerable to multiple Unauthentica ...)
NOT-FOR-US: Online Matrimonial Project
@@ -10443,15 +10571,19 @@ CVE-2023-45332
REJECTED
CVE-2023-45331
REJECTED
-CVE-2023-45330 (Online Food Ordering System v1.0 is vulnerable to multiple Unauthentic ...)
+CVE-2023-45330
+ REJECTED
NOT-FOR-US: Online Food Ordering System
CVE-2023-45329
REJECTED
-CVE-2023-45328 (Online Food Ordering System v1.0 is vulnerable to multiple Unauthentic ...)
+CVE-2023-45328
+ REJECTED
NOT-FOR-US: Online Food Ordering System
-CVE-2023-45327 (Online Food Ordering System v1.0 is vulnerable to multiple Unauthentic ...)
+CVE-2023-45327
+ REJECTED
NOT-FOR-US: Online Food Ordering System
-CVE-2023-45326 (Online Food Ordering System v1.0 is vulnerable to multiple Unauthentic ...)
+CVE-2023-45326
+ REJECTED
NOT-FOR-US: Online Food Ordering System
CVE-2023-45325 (Online Food Ordering System v1.0 is vulnerable to multiple Unauthentic ...)
NOT-FOR-US: Online Food Ordering System
@@ -16540,13 +16672,16 @@ CVE-2023-44174 (Online Movie Ticket Booking System v1.0 is vulnerable to an aut
NOT-FOR-US: Online Movie Ticket Booking System
CVE-2023-44173 (Online Movie Ticket Booking System v1.0 is vulnerable to an authentic ...)
NOT-FOR-US: Online Movie Ticket Booking System
-CVE-2023-44168 (The 'phone' parameter of the process_registration.php resource does n ...)
+CVE-2023-44168
+ REJECTED
NOT-FOR-US: Online Movie Ticket Booking System
-CVE-2023-44167 (The 'name' parameter of the process_registration.php resource does no ...)
+CVE-2023-44167
+ REJECTED
NOT-FOR-US: Online Movie Ticket Booking System
CVE-2023-44166 (The 'age' parameter of the process_registration.php resource does not ...)
NOT-FOR-US: Online Movie Ticket Booking System
-CVE-2023-44165 (The 'Password' parameter of the process_login.php resource does not v ...)
+CVE-2023-44165
+ REJECTED
NOT-FOR-US: Online Movie Ticket Booking System
CVE-2023-44164 (The 'Email' parameter of the process_login.php resource does not vali ...)
NOT-FOR-US: Online Movie Ticket Booking System
@@ -231606,12 +231741,12 @@ CVE-2020-26627
RESERVED
CVE-2020-26626
RESERVED
-CVE-2020-26625
- RESERVED
-CVE-2020-26624
- RESERVED
-CVE-2020-26623
- RESERVED
+CVE-2020-26625 (A SQL injection vulnerability was discovered in Gila CMS 1.15.4 and ea ...)
+ TODO: check
+CVE-2020-26624 (A SQL injection vulnerability was discovered in Gila CMS 1.15.4 and ea ...)
+ TODO: check
+CVE-2020-26623 (SQL Injection vulnerability discovered in Gila CMS 1.15.4 and earlier ...)
+ TODO: check
CVE-2020-26622
RESERVED
CVE-2020-26621
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/84d7a6d2eeac4017c42a568dda43d9e2740c4cef
--
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/84d7a6d2eeac4017c42a568dda43d9e2740c4cef
You're receiving this email because of your account on salsa.debian.org.
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://alioth-lists.debian.net/pipermail/debian-security-tracker-commits/attachments/20240103/9f543a55/attachment-0001.htm>
More information about the debian-security-tracker-commits
mailing list