[Git][security-tracker-team/security-tracker][master] automatic update
Salvatore Bonaccorso (@carnil)
carnil at debian.org
Thu Jan 4 20:12:17 GMT 2024
Salvatore Bonaccorso pushed to branch master at Debian Security Tracker / security-tracker
Commits:
84bb25df by security tracker role at 2024-01-04T20:12:05+00:00
automatic update
- - - - -
1 changed file:
- data/CVE/list
Changes:
=====================================
data/CVE/list
=====================================
@@ -1,3 +1,59 @@
+CVE-2024-21625 (SideQuest is a place to get virtual reality applications for Oculus Qu ...)
+ TODO: check
+CVE-2023-7044 (The Essential Addons for Elementor \u2013 Best Elementor Templates, Wi ...)
+ TODO: check
+CVE-2023-6992 (Cloudflare version of zlib library was found to be vulnerable to memor ...)
+ TODO: check
+CVE-2023-6551 (As a simple library, class.upload.php does not perform an in-depth che ...)
+ TODO: check
+CVE-2023-6270 (A flaw was found in the ATA over Ethernet (AoE) driver in the Linux ke ...)
+ TODO: check
+CVE-2023-5619
+ REJECTED
+CVE-2023-5442
+ REJECTED
+CVE-2023-51812 (Tenda AX3 v16.03.12.11 was discovered to contain a remote code executi ...)
+ TODO: check
+CVE-2023-51154 (Jizhicms v2.5 was discovered to contain an arbitrary file download vul ...)
+ TODO: check
+CVE-2023-50867 (Travel Website v1.0 is vulnerable to multiple Unauthenticated SQL Inje ...)
+ TODO: check
+CVE-2023-50866 (Travel Website v1.0 is vulnerable to multiple Unauthenticated SQL Inje ...)
+ TODO: check
+CVE-2023-50865 (Travel Website v1.0 is vulnerable to multiple Unauthenticated SQL Inje ...)
+ TODO: check
+CVE-2023-50864 (Travel Website v1.0 is vulnerable to multiple Unauthenticated SQL Inje ...)
+ TODO: check
+CVE-2023-50863 (Travel Website v1.0 is vulnerable to multiple Unauthenticated SQL Inje ...)
+ TODO: check
+CVE-2023-50862 (Travel Website v1.0 is vulnerable to multiple Unauthenticated SQL Inje ...)
+ TODO: check
+CVE-2023-50760 (Online Notice Board System v1.0 is vulnerable to an Insecure File Uplo ...)
+ TODO: check
+CVE-2023-50753 (Online Notice Board System v1.0 is vulnerable to multiple Unauthentica ...)
+ TODO: check
+CVE-2023-50752 (Online Notice Board System v1.0 is vulnerable to multiple Unauthentica ...)
+ TODO: check
+CVE-2023-50743 (Online Notice Board System v1.0 is vulnerable to multiple Unauthentica ...)
+ TODO: check
+CVE-2023-49666 (Billing Software v1.0 is vulnerable to multiple Unauthenticated SQL In ...)
+ TODO: check
+CVE-2023-49665 (Billing Software v1.0 is vulnerable to multiple Unauthenticated SQL In ...)
+ TODO: check
+CVE-2023-49658 (Billing Software v1.0 is vulnerable to multiple Unauthenticated SQL In ...)
+ TODO: check
+CVE-2023-49639 (Billing Software v1.0 is vulnerable to multiple Unauthenticated SQL In ...)
+ TODO: check
+CVE-2023-49633 (Billing Software v1.0 is vulnerable to multiple Unauthenticated SQL In ...)
+ TODO: check
+CVE-2023-49625 (Billing Software v1.0 is vulnerable to multiple Unauthenticated SQL In ...)
+ TODO: check
+CVE-2023-49624 (Billing Software v1.0 is vulnerable to multiple Unauthenticated SQL In ...)
+ TODO: check
+CVE-2023-49622 (Billing Software v1.0 is vulnerable to multiple Unauthenticated SQL In ...)
+ TODO: check
+CVE-2023-3726 (OCSInventory allow stored email template with special characters that ...)
+ TODO: check
CVE-2024-21634 (Amazon Ion is a Java implementation of the Ion data notation. Prior to ...)
NOT-FOR-US: Amazon Ion
CVE-2024-20809 (Improper access control vulnerability in Nearby device scanning prior ...)
@@ -43,15 +99,19 @@ CVE-2023-49442 (Deserialization of Untrusted Data in jeecgFormDemoController in
CVE-2023-41784 (Permissions and Access Control Vulnerability in ZTE Red Magic 8 Pro)
NOT-FOR-US: ZTE
CVE-2024-0225 (Use after free in WebGPU in Google Chrome prior to 120.0.6099.199 allo ...)
+ {DSA-5595-1}
- chromium 120.0.6099.199-1
[buster] - chromium <end-of-life> (see DSA 5046)
CVE-2024-0224 (Use after free in WebAudio in Google Chrome prior to 120.0.6099.199 al ...)
+ {DSA-5595-1}
- chromium 120.0.6099.199-1
[buster] - chromium <end-of-life> (see DSA 5046)
CVE-2024-0223 (Heap buffer overflow in ANGLE in Google Chrome prior to 120.0.6099.199 ...)
+ {DSA-5595-1}
- chromium 120.0.6099.199-1
[buster] - chromium <end-of-life> (see DSA 5046)
CVE-2024-0222 (Use after free in ANGLE in Google Chrome prior to 120.0.6099.199 allow ...)
+ {DSA-5595-1}
- chromium 120.0.6099.199-1
[buster] - chromium <end-of-life> (see DSA 5046)
CVE-2024-21911 (TinyMCE versions before 5.6.0 are affected by a stored cross-site scri ...)
@@ -525,7 +585,7 @@ CVE-2023-7130 (A vulnerability has been found in code-projects College Notes Gal
NOT-FOR-US: code-projects College Notes Gallery
CVE-2023-6094 (A vulnerability has been identified in OnCell G3150A-LTE Series firmwa ...)
NOT-FOR-US: OnCell G3150A-LTE Series firmware
-CVE-2023-6093 (A vulnerability has been identified in OnCell G3150A-LTE Series firmwa ...)
+CVE-2023-6093 (A clickjacking vulnerability has been identified in OnCell G3150A-LTE ...)
NOT-FOR-US: OnCell G3150A-LTE Series firmware
CVE-2023-52185 (Exposure of Sensitive Information to an Unauthorized Actor vulnerabili ...)
NOT-FOR-US: WordPress plugin
@@ -1222,7 +1282,7 @@ CVE-2014-125109 (A vulnerability was found in BestWebSoft Portfolio Plugin up to
NOT-FOR-US: WordPress plugin
CVE-2012-10017 (A vulnerability was found in BestWebSoft Portfolio Plugin up to 2.04 o ...)
NOT-FOR-US: WordPress plugin
-CVE-2023-51467 (The vulnerability allows attackers to bypass authentication to achieve ...)
+CVE-2023-51467 (The vulnerability permits attackers to circumvent authentication proce ...)
NOT-FOR-US: Apache OFBiz
CVE-2023-50968 (Arbitrary file properties reading vulnerability in Apache Software Fou ...)
NOT-FOR-US: Apache OFBiz
@@ -2288,7 +2348,7 @@ CVE-2023-35883 (URL Redirection to Untrusted Site ('Open Redirect') vulnerabilit
NOT-FOR-US: WordPress plugin
CVE-2023-6945 (A vulnerability has been found in SourceCodester Online Student Manage ...)
NOT-FOR-US: SourceCodester Online Student Management System
-CVE-2023-6944
+CVE-2023-6944 (A flaw was found in the Red Hat Developer Hub (RHDH). The catalog-impo ...)
NOT-FOR-US: Red Hat Developer Hub (RHDH)
CVE-2023-6932 (A use-after-free vulnerability in the Linux kernel's ipv4: igmp compon ...)
{DSA-5594-1}
@@ -32337,7 +32397,7 @@ CVE-2023-33958 (notation is a CLI tool to sign and verify OCI artifacts and cont
NOT-FOR-US: notation
CVE-2023-33957 (notation is a CLI tool to sign and verify OCI artifacts and container ...)
NOT-FOR-US: notation
-CVE-2023-33952 (A double-free vulnerability was found in the vmwgfx driver in the Linu ...)
+CVE-2023-33952 (A double-free vulnerability was found in handling vmw_buffer_object ob ...)
- linux 6.1.15-1
[bullseye] - linux <not-affected> (Vulnerable code not present)
[buster] - linux <not-affected> (Vulnerable code not present)
@@ -75627,8 +75687,8 @@ CVE-2022-3866 (HashiCorp Nomad and Nomad Enterprise 1.4.0 up to 1.4.1 workload i
NOTE: https://discuss.hashicorp.com/t/hcsec-2022-25-nomad-s-workload-identity-token-can-list-non-sensitive-metadata-for-nomad-paths/46167
CVE-2022-3865 (The WP User Merger WordPress plugin before 1.5.3 does not properly san ...)
NOT-FOR-US: WordPress plugin
-CVE-2022-3864
- RESERVED
+CVE-2022-3864 (A vulnerability exists in the Relion update package signature validati ...)
+ TODO: check
CVE-2022-3863 (Use after free in Browser History in Google Chrome prior to 100.0.4896 ...)
{DSA-5114-1}
- chromium 100.0.4896.75-1
@@ -110114,8 +110174,8 @@ CVE-2022-28127 (A data removal vulnerability exists in the web_server /action/re
NOT-FOR-US: Robustel R1510
CVE-2022-2082
RESERVED
-CVE-2022-2081
- RESERVED
+CVE-2022-2081 (A vulnerability exists in the HCI Modbus TCP function included in the ...)
+ TODO: check
CVE-2022-2080 (The Sensei LMS WordPress plugin before 4.5.2 does not ensure that the ...)
NOT-FOR-US: WordPress plugin
CVE-2022-2079 (Cross-site Scripting (XSS) - Stored in GitHub repository nocodb/nocodb ...)
@@ -146145,8 +146205,8 @@ CVE-2021-45467 (In CWP (aka Control Web Panel or CentOS Web Panel) before 0.9.8.
NOT-FOR-US: CentOS Web Panel
CVE-2021-45466 (In CWP (aka Control Web Panel or CentOS Web Panel) before 0.9.8.1107, ...)
NOT-FOR-US: CentOS Web Panel
-CVE-2021-45465
- RESERVED
+CVE-2021-45465 (A vulnerability has been identified in syngo fastView (All versions). ...)
+ TODO: check
CVE-2021-4160 (There is a carry propagation bug in the MIPS32 and MIPS64 squaring pro ...)
{DSA-5103-1}
- openssl 1.1.1m-1
@@ -160536,8 +160596,8 @@ CVE-2021-42030
RESERVED
CVE-2021-42029 (A vulnerability has been identified in SIMATIC STEP 7 (TIA Portal) V15 ...)
NOT-FOR-US: Siemens
-CVE-2021-42028
- RESERVED
+CVE-2021-42028 (A vulnerability has been identified in syngo fastView (All versions). ...)
+ TODO: check
CVE-2021-42027 (A vulnerability has been identified in SINUMERIK Edge (All versions < ...)
NOT-FOR-US: Siemens
CVE-2021-42026 (A vulnerability has been identified in Mendix Applications using Mendi ...)
@@ -164887,8 +164947,8 @@ CVE-2021-40369 (A carefully crafted plugin link invocation could trigger an XSS
- jspwiki <removed>
CVE-2021-40368 (A vulnerability has been identified in SIMATIC S7-400 CPU 412-1 DP V7 ...)
NOT-FOR-US: Siemens
-CVE-2021-40367
- RESERVED
+CVE-2021-40367 (A vulnerability has been identified in syngo fastView (All versions). ...)
+ TODO: check
CVE-2021-40366 (A vulnerability has been identified in Climatix POL909 (AWB module) (A ...)
NOT-FOR-US: Siemens
CVE-2021-40365 (Affected devices don't process correctly certain special crafted packe ...)
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/84bb25dfbf250e263ca193350a3ffdde47d7ac9d
--
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/84bb25dfbf250e263ca193350a3ffdde47d7ac9d
You're receiving this email because of your account on salsa.debian.org.
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://alioth-lists.debian.net/pipermail/debian-security-tracker-commits/attachments/20240104/9b1569c9/attachment.htm>
More information about the debian-security-tracker-commits
mailing list