[Git][security-tracker-team/security-tracker][master] automatic update
Salvatore Bonaccorso (@carnil)
carnil at debian.org
Wed Jan 3 20:16:28 GMT 2024
Salvatore Bonaccorso pushed to branch master at Debian Security Tracker / security-tracker
Commits:
fd49bd10 by security tracker role at 2024-01-03T20:11:38+00:00
automatic update
- - - - -
1 changed file:
- data/CVE/list
Changes:
=====================================
data/CVE/list
=====================================
@@ -1,6 +1,106 @@
-CVE-2023-51785
+CVE-2024-21911 (TinyMCE versions before 5.6.0 are affected by a stored cross-site scri ...)
+ TODO: check
+CVE-2024-21910 (TinyMCE versions before 5.10.0 are affected by a cross-site scripting ...)
+ TODO: check
+CVE-2024-21909 (PeterO.Cbor versions 4.0.0 through 4.5.0 are vulnerable to a denial of ...)
+ TODO: check
+CVE-2024-21908 (TinyMCE versions before 5.9.0 are affected by a stored cross-site scri ...)
+ TODO: check
+CVE-2024-21907 (Newtonsoft.Json before version 13.0.1 is affected by a mishandling of ...)
+ TODO: check
+CVE-2024-21633 (Apktool is a tool for reverse engineering Android APK files. In versio ...)
+ TODO: check
+CVE-2024-21631 (Vapor is an HTTP web framework for Swift. Prior to version 4.90.0, Vap ...)
+ TODO: check
+CVE-2024-21622 (Craft is a content management system. This is a potential moderate imp ...)
+ TODO: check
+CVE-2024-0217 (A use-after-free flaw was found in PackageKitd. In some conditions, th ...)
+ TODO: check
+CVE-2024-0201 (The Product Expiry for WooCommerce plugin for WordPress is vulnerable ...)
+ TODO: check
+CVE-2023-7068 (The WooCommerce PDF Invoices, Packing Slips, Delivery Notes and Shippi ...)
+ TODO: check
+CVE-2023-6984 (The PowerPack Addons for Elementor (Free Widgets, Extensions and Templ ...)
+ TODO: check
+CVE-2023-6747 (The Best WordPress Gallery Plugin \u2013 FooGallery plugin for WordPre ...)
+ TODO: check
+CVE-2023-6621 (The POST SMTP WordPress plugin before 2.8.7 does not sanitise and esca ...)
+ TODO: check
+CVE-2023-5881 (Unauthenticated access permitted to web interface page The Genie Compa ...)
+ TODO: check
+CVE-2023-5880 (When the Genie Company Aladdin Connect garage door opener (Retrofit-Ki ...)
+ TODO: check
+CVE-2023-5879 (Users\u2019 product account authentication data was stored in clear te ...)
+ TODO: check
+CVE-2023-52314 (PaddlePaddle before 2.6.0 has a command injection in convert_shape_com ...)
+ TODO: check
+CVE-2023-52313 (FPE in paddle.argmin and paddle.argmaxin PaddlePaddle before 2.6.0. Th ...)
+ TODO: check
+CVE-2023-52312 (Nullptr dereference in paddle.cropin PaddlePaddle before 2.6.0. This f ...)
+ TODO: check
+CVE-2023-52311 (PaddlePaddle before 2.6.0 has a command injection in _wget_download. T ...)
+ TODO: check
+CVE-2023-52310 (PaddlePaddle before 2.6.0 has a command injection in get_online_pass_i ...)
+ TODO: check
+CVE-2023-52309 (Heap buffer overflow in paddle.repeat_interleavein PaddlePaddle before ...)
+ TODO: check
+CVE-2023-52308 (FPE in paddle.aminin PaddlePaddle before 2.6.0. This flaw can cause a ...)
+ TODO: check
+CVE-2023-52307 (Stack overflow in paddle.linalg.lu_unpackin PaddlePaddle before 2.6.0. ...)
+ TODO: check
+CVE-2023-52306 (FPE in paddle.lerpin PaddlePaddle before 2.6.0. This flaw can cause a ...)
+ TODO: check
+CVE-2023-52305 (FPE in paddle.topkin PaddlePaddle before 2.6.0. This flaw can cause a ...)
+ TODO: check
+CVE-2023-52304 (Stack overflow in paddle.searchsortedin PaddlePaddle before 2.6.0. Thi ...)
+ TODO: check
+CVE-2023-52303 (Nullptr in paddle.put_along_axisin PaddlePaddle before 2.6.0. This fla ...)
+ TODO: check
+CVE-2023-52302 (Nullptr in paddle.nextafterin PaddlePaddle before 2.6.0. This flaw can ...)
+ TODO: check
+CVE-2023-50921 (An issue was discovered on GL.iNet devices through 4.5.0. Attackers ca ...)
+ TODO: check
+CVE-2023-50253 (Laf is a cloud development platform. In the Laf version design, the lo ...)
+ TODO: check
+CVE-2023-50093 (APIIDA API Gateway Manager for Broadcom Layer7 v2023.2.2 is vulnerable ...)
+ TODO: check
+CVE-2023-50092 (APIIDA API Gateway Manager for Broadcom Layer7 v2023.2 is vulnerable t ...)
+ TODO: check
+CVE-2023-50090 (Arbitrary File Write vulnerability in the saveReportFile method of ure ...)
+ TODO: check
+CVE-2023-46929 (An issue discovered in GPAC 2.3-DEV-rev605-gfc9e29089-master in MP4Box ...)
+ TODO: check
+CVE-2023-46742 (CubeFS is an open-source cloud-native file storage system. CubeFS prio ...)
+ TODO: check
+CVE-2023-46741 (CubeFS is an open-source cloud-native file storage system. A vulnerabi ...)
+ TODO: check
+CVE-2023-46740 (CubeFS is an open-source cloud-native file storage system. Prior to ve ...)
+ TODO: check
+CVE-2023-46739 (CubeFS is an open-source cloud-native file storage system. A vulnerabi ...)
+ TODO: check
+CVE-2023-46738 (CubeFS is an open-source cloud-native file storage system. A security ...)
+ TODO: check
+CVE-2023-45559 (An issue in Tamaki_hamanoki Line v.13.6.1 allows attackers to send cra ...)
+ TODO: check
+CVE-2023-39655 (A host header injection vulnerability exists in the NPM package @perfo ...)
+ TODO: check
+CVE-2023-38678 (OOB access in paddle.modein PaddlePaddle before 2.6.0. This flaw can c ...)
+ TODO: check
+CVE-2023-38677 (FPE in paddle.linalg.eig in PaddlePaddle before 2.6.0. This flaw can c ...)
+ TODO: check
+CVE-2023-38676 (Nullptr in paddle.dotin PaddlePaddle before 2.6.0. This flaw can cause ...)
+ TODO: check
+CVE-2023-38675 (FPE in paddle.linalg.matrix_rank in PaddlePaddle before 2.6.0. This fl ...)
+ TODO: check
+CVE-2023-38674 (FPE in paddle.nanmedian in PaddlePaddle before 2.6.0. This flaw can ca ...)
+ TODO: check
+CVE-2023-37608 (An issue in Automatic Systems SOC FL9600 FastLine v.lego_T04E00 allows ...)
+ TODO: check
+CVE-2023-37607 (Directory Traversal in Automatic-Systems SOC FL9600 FastLine lego_T04E ...)
+ TODO: check
+CVE-2023-51785 (Deserialization of Untrusted Data vulnerability in Apache InLong.This ...)
NOT-FOR-US: Apache InLong
-CVE-2023-51784
+CVE-2023-51784 (Improper Control of Generation of Code ('Code Injection') vulnerabilit ...)
NOT-FOR-US: Apache InLong
CVE-2024-21632 (omniauth-microsoft_graph provides an Omniauth strategy for the Microso ...)
NOT-FOR-US: omniauth-microsoft_graph
@@ -7256,7 +7356,7 @@ CVE-2023-6918 (A flaw was found in the libssh implements abstract layer for mess
NOTE: https://gitlab.com/libssh/libssh-mirror/-/commit/8b66d037d575e5f3ce4d35964547ff8c7e75ff8e (libssh-0.10.6)
NOTE: https://gitlab.com/libssh/libssh-mirror/-/commit/8977e246b6d7ae467cab008a49e0a9e3d84bc2a0 (libssh-0.10.6)
NOTE: https://gitlab.com/libssh/libssh-mirror/-/commit/622421018b58392ffecc29726b947e089b678221 (libssh-0.10.6)
-CVE-2023-6004 [ProxyCommand/ProxyJump features enable to inject malicious code through hostname]
+CVE-2023-6004 (A flaw was found in libssh. By utilizing the ProxyCommand or ProxyJump ...)
{DSA-5591-1}
- libssh 0.10.6-1 (bug #1059061)
NOTE: https://www.libssh.org/security/advisories/CVE-2023-6004.txt
@@ -37409,8 +37509,8 @@ CVE-2023-30619 (Tuleap Open ALM is a Libre and Open Source tool for end to end t
NOT-FOR-US: Tuleap
CVE-2023-30618 (Kitchen-Terraform provides a set of Test Kitchen plugins which enable ...)
NOT-FOR-US: Kitchen-Terraform
-CVE-2023-30617
- RESERVED
+CVE-2023-30617 (Kruise provides automated management of large-scale applications on Ku ...)
+ TODO: check
CVE-2023-30616 (Form block is a wordpress plugin designed to make form creation easier ...)
NOT-FOR-US: WordPress plugin
CVE-2023-30615 (Iris is a web collaborative platform aiming to help incident responder ...)
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/fd49bd100b31484f3c1c9deeb96500c06e1af09d
--
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/fd49bd100b31484f3c1c9deeb96500c06e1af09d
You're receiving this email because of your account on salsa.debian.org.
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://alioth-lists.debian.net/pipermail/debian-security-tracker-commits/attachments/20240103/607777ad/attachment.htm>
More information about the debian-security-tracker-commits
mailing list