[Git][security-tracker-team/security-tracker][master] automatic update
Salvatore Bonaccorso (@carnil)
carnil at debian.org
Fri Jan 5 20:12:37 GMT 2024
Salvatore Bonaccorso pushed to branch master at Debian Security Tracker / security-tracker
Commits:
74d47310 by security tracker role at 2024-01-05T20:12:16+00:00
automatic update
- - - - -
1 changed file:
- data/CVE/list
Changes:
=====================================
data/CVE/list
=====================================
@@ -1,3 +1,89 @@
+CVE-2024-0247 (A vulnerability classified as critical was found in CodeAstro Online F ...)
+ TODO: check
+CVE-2024-0246 (A vulnerability classified as problematic has been found in IceWarp 12 ...)
+ TODO: check
+CVE-2023-52151 (Exposure of Sensitive Information to an Unauthorized Actor vulnerabili ...)
+ TODO: check
+CVE-2023-52149 (Cross-Site Request Forgery (CSRF) vulnerability in Wow-Company Floatin ...)
+ TODO: check
+CVE-2023-52148 (Exposure of Sensitive Information to an Unauthorized Actor vulnerabili ...)
+ TODO: check
+CVE-2023-52146 (Exposure of Sensitive Information to an Unauthorized Actor vulnerabili ...)
+ TODO: check
+CVE-2023-52145 (Cross-Site Request Forgery (CSRF) vulnerability in Marios Alexandrou R ...)
+ TODO: check
+CVE-2023-52143 (Exposure of Sensitive Information to an Unauthorized Actor vulnerabili ...)
+ TODO: check
+CVE-2023-52136 (Cross-Site Request Forgery (CSRF) vulnerability in Smash Balloon Custo ...)
+ TODO: check
+CVE-2023-52130 (Cross-Site Request Forgery (CSRF) vulnerability in wp.Insider, wpaffil ...)
+ TODO: check
+CVE-2023-52129 (Cross-Site Request Forgery (CSRF) vulnerability in Michael Winkler tea ...)
+ TODO: check
+CVE-2023-52128 (Cross-Site Request Forgery (CSRF) vulnerability in WhiteWP White Label ...)
+ TODO: check
+CVE-2023-52127 (Cross-Site Request Forgery (CSRF) vulnerability in WPClever WPC Produc ...)
+ TODO: check
+CVE-2023-52126 (Exposure of Sensitive Information to an Unauthorized Actor vulnerabili ...)
+ TODO: check
+CVE-2023-52125 (Improper Neutralization of Input During Web Page Generation ('Cross-si ...)
+ TODO: check
+CVE-2023-52124 (Improper Neutralization of Input During Web Page Generation ('Cross-si ...)
+ TODO: check
+CVE-2023-52123 (Cross-Site Request Forgery (CSRF) vulnerability in WPChill Strong Test ...)
+ TODO: check
+CVE-2023-52122 (Cross-Site Request Forgery (CSRF) vulnerability in PressTigers Simple ...)
+ TODO: check
+CVE-2023-52121 (Cross-Site Request Forgery (CSRF) vulnerability in NitroPack Inc. Nitr ...)
+ TODO: check
+CVE-2023-52120 (Cross-Site Request Forgery (CSRF) vulnerability in Basix NEX-Forms \u2 ...)
+ TODO: check
+CVE-2023-52119 (Cross-Site Request Forgery (CSRF) vulnerability in Icegram Icegram Eng ...)
+ TODO: check
+CVE-2023-51678 (Cross-Site Request Forgery (CSRF) vulnerability in Doofinder Doofinder ...)
+ TODO: check
+CVE-2023-51673 (Cross-Site Request Forgery (CSRF) vulnerability in Designful Stylish P ...)
+ TODO: check
+CVE-2023-51668 (Cross-Site Request Forgery (CSRF) vulnerability in WP Zone Inline Imag ...)
+ TODO: check
+CVE-2023-51539 (Cross-Site Request Forgery (CSRF) vulnerability in Apollo13Themes Apol ...)
+ TODO: check
+CVE-2023-51538 (Cross-Site Request Forgery (CSRF) vulnerability in Awesome Support Tea ...)
+ TODO: check
+CVE-2023-51535 (Cross-Site Request Forgery (CSRF) vulnerability in \u0421leanTalk - An ...)
+ TODO: check
+CVE-2023-50991 (Buffer Overflow vulnerability in Tenda i29 versions 1.0 V1.0.0.5 and 1 ...)
+ TODO: check
+CVE-2023-50027 (SQL Injection vulnerability in Buy Addons baproductzoommagnifier modul ...)
+ TODO: check
+CVE-2023-47560 (An OS command injection vulnerability has been reported to affect QuMa ...)
+ TODO: check
+CVE-2023-47559 (A cross-site scripting (XSS) vulnerability has been reported to affect ...)
+ TODO: check
+CVE-2023-47219 (A SQL injection vulnerability has been reported to affect QuMagie. If ...)
+ TODO: check
+CVE-2023-45044 (A buffer copy without checking size of input vulnerability has been re ...)
+ TODO: check
+CVE-2023-45043 (A buffer copy without checking size of input vulnerability has been re ...)
+ TODO: check
+CVE-2023-45042 (A buffer copy without checking size of input vulnerability has been re ...)
+ TODO: check
+CVE-2023-45041 (A buffer copy without checking size of input vulnerability has been re ...)
+ TODO: check
+CVE-2023-45040 (A buffer copy without checking size of input vulnerability has been re ...)
+ TODO: check
+CVE-2023-45039 (A buffer copy without checking size of input vulnerability has been re ...)
+ TODO: check
+CVE-2023-41289 (An OS command injection vulnerability has been reported to affect Qcal ...)
+ TODO: check
+CVE-2023-41288 (An OS command injection vulnerability has been reported to affect Vide ...)
+ TODO: check
+CVE-2023-41287 (A SQL injection vulnerability has been reported to affect Video Statio ...)
+ TODO: check
+CVE-2023-39296 (A prototype pollution vulnerability has been reported to affect severa ...)
+ TODO: check
+CVE-2023-39294 (An OS command injection vulnerability has been reported to affect seve ...)
+ TODO: check
CVE-2024-22088 (Lotos WebServer through 0.1.1 (commit 3eb36cc) has a use-after-free in ...)
NOT-FOR-US: Lotos WebServer
CVE-2024-22087 (route in main.c in Pico HTTP Server in C through f3b69a6 has an sprint ...)
@@ -7014,6 +7100,7 @@ CVE-2023-40056 (SQL Injection Remote Code Vulnerability was found in the SolarWi
CVE-2023-34055 (In Spring Boot versions 2.7.0 - 2.7.17, 3.0.0-3.0.12 and 3.1.0-3.1.5, ...)
NOT-FOR-US: Spring Boot
CVE-2023-46589 (Improper Input Validation vulnerability in Apache Tomcat.Tomcat from 1 ...)
+ {DLA-3707-1}
- tomcat10 10.1.16-1 (bug #1057082)
[bookworm] - tomcat10 <postponed> (Minor issue, fix along in next DSA)
- tomcat9 9.0.70-2
@@ -15450,55 +15537,55 @@ CVE-2023-44487 (The HTTP/2 protocol allows a denial of service (server resource
NOTE: - rust-hyper: https://seanmonstar.com/post/730794151136935936/hyper-http2-rapid-reset-unaffected
NOTE: - apache2: https://chaos.social/@icing/111210915918780532
NOTE: - lighttpd: https://www.openwall.com/lists/oss-security/2023/10/13/9
-CVE-2023-34324 [linux/xen: Possible deadlock in Linux kernel event handling]
+CVE-2023-34324 (Closing of an event channel in the Linux kernel can result in a deadlo ...)
{DSA-5594-1}
- linux 6.5.8-1
[bookworm] - linux 6.1.64-1
NOTE: https://xenbits.xen.org/xsa/advisory-441.html
NOTE: https://git.kernel.org/linus/87797fad6cce28ec9be3c13f031776ff4f104cfc (6.6-rc6)
-CVE-2023-46837 [arm32: The cache may not be properly cleaned/invalidated (take two)]
+CVE-2023-46837 (Arm provides multiple helpers to clean & invalidate the cache for a gi ...)
- xen <unfixed>
[bookworm] - xen <postponed> (Minor issue, fix along in next DSA)
[bullseye] - xen <end-of-life> (EOLed in Bullseye)
[buster] - xen <end-of-life> (DSA 4677-1)
NOTE: https://xenbits.xen.org/xsa/advisory-447.html
-CVE-2023-46836 [x86: BTC/SRSO fixes not fully effective]
+CVE-2023-46836 (The fixes for XSA-422 (Branch Type Confusion) and XSA-434 (Speculative ...)
- xen 4.17.2+76-ge1f9cb16e2-1 (bug #1056928)
[bookworm] - xen 4.17.2+76-ge1f9cb16e2-1~deb12u1
[bullseye] - xen <end-of-life> (EOLed in Bullseye)
[buster] - xen <end-of-life> (DSA 4677-1)
NOTE: https://xenbits.xen.org/xsa/advisory-446.html
-CVE-2023-46835 [x86/AMD: mismatch in IOMMU quarantine page table levels]
+CVE-2023-46835 (The current setup of the quarantine page tables assumes that the quara ...)
- xen 4.17.2+76-ge1f9cb16e2-1 (bug #1056928)
[bookworm] - xen 4.17.2+76-ge1f9cb16e2-1~deb12u1
[bullseye] - xen <end-of-life> (EOLed in Bullseye)
[buster] - xen <end-of-life> (DSA 4677-1)
NOTE: https://xenbits.xen.org/xsa/advisory-445.html
-CVE-2023-34328 [A PV vCPU can place a breakpoint over the live GDT]
+CVE-2023-34328 ([This CNA information record relates to multiple CVEs; the text explai ...)
- xen 4.17.2+55-g0b56bed864-1
[bookworm] - xen 4.17.2+76-ge1f9cb16e2-1~deb12u1
[bullseye] - xen <end-of-life> (EOLed in Bullseye)
[buster] - xen <end-of-life> (DSA 4677-1)
NOTE: https://xenbits.xen.org/xsa/advisory-444.html
-CVE-2023-34327 [An HVM vCPU can end up operating in the context of a previous vCPUs debug mask state]
+CVE-2023-34327 ([This CNA information record relates to multiple CVEs; the text explai ...)
- xen 4.17.2+55-g0b56bed864-1
[bookworm] - xen 4.17.2+76-ge1f9cb16e2-1~deb12u1
[bullseye] - xen <end-of-life> (EOLed in Bullseye)
[buster] - xen <end-of-life> (DSA 4677-1)
NOTE: https://xenbits.xen.org/xsa/advisory-444.html
-CVE-2023-34325 [Multiple vulnerabilities in libfsimage disk handling]
+CVE-2023-34325 ([This CNA information record relates to multiple CVEs; the text explai ...)
- xen 4.17.2+55-g0b56bed864-1
[bookworm] - xen 4.17.2+76-ge1f9cb16e2-1~deb12u1
[bullseye] - xen <end-of-life> (EOLed in Bullseye)
[buster] - xen <end-of-life> (DSA 4677-1)
NOTE: https://xenbits.xen.org/xsa/advisory-443.html
-CVE-2023-34326 [x86/AMD: missing IOMMU TLB flushing]
+CVE-2023-34326 (The caching invalidation guidelines from the AMD-Vi specification (488 ...)
- xen 4.17.2+55-g0b56bed864-1
[bookworm] - xen 4.17.2+76-ge1f9cb16e2-1~deb12u1
[bullseye] - xen <end-of-life> (EOLed in Bullseye)
[buster] - xen <end-of-life> (DSA 4677-1)
NOTE: https://xenbits.xen.org/xsa/advisory-442.html
-CVE-2023-34323 [xenstored: A transaction conflict can crash C Xenstored]
+CVE-2023-34323 (When a transaction is committed, C Xenstored will first check the quot ...)
- xen 4.17.2+55-g0b56bed864-1 (unimportant)
[bookworm] - xen 4.17.2+76-ge1f9cb16e2-1~deb12u1
[bullseye] - xen <end-of-life> (EOLed in Bullseye)
@@ -20537,13 +20624,13 @@ CVE-2023-40743 (** UNSUPPORTED WHEN ASSIGNED ** When integrating Apache Axis 1.x
[bullseye] - axis <no-dsa> (Minor issue)
NOTE: https://www.openwall.com/lists/oss-security/2023/09/05/1
NOTE: https://github.com/apache/axis-axis1-java/commit/7e66753427466590d6def0125e448d2791723210
-CVE-2023-34322 [top-level shadow reference dropped too early for 64-bit PV guests]
+CVE-2023-34322 (For migration as well as to work around kernels unaware of L1TF (see X ...)
- xen 4.17.2+55-g0b56bed864-1
[bookworm] - xen 4.17.2+76-ge1f9cb16e2-1~deb12u1
[bullseye] - xen <end-of-life> (EOLed in Bullseye)
[buster] - xen <end-of-life> (DSA 4677-1)
NOTE: https://xenbits.xen.org/xsa/advisory-438.html
-CVE-2023-34321 [arm32: The cache may not be properly cleaned/invalidated]
+CVE-2023-34321 (Arm provides multiple helpers to clean & invalidate the cache for a gi ...)
- xen 4.17.2+55-g0b56bed864-1 (bug #1051954)
[bookworm] - xen 4.17.2+76-ge1f9cb16e2-1~deb12u1
[bullseye] - xen <end-of-life> (EOLed in Bullseye)
@@ -69241,8 +69328,8 @@ CVE-2022-46841 (Cross-Site Request Forgery (CSRF) vulnerability in Soflyy Oxygen
NOT-FOR-US: WordPress plugin
CVE-2022-46840
RESERVED
-CVE-2022-46839
- RESERVED
+CVE-2022-46839 (Unrestricted Upload of File with Dangerous Type vulnerability in JS He ...)
+ TODO: check
CVE-2022-46838
RESERVED
CVE-2022-4391 (The Vision Interactive For WordPress plugin through 1.5.3 does not san ...)
@@ -100763,8 +100850,8 @@ CVE-2022-36679 (Simple Task Scheduling System v1.0 was discovered to contain a S
NOT-FOR-US: Simple Task Scheduling System
CVE-2022-36678 (Simple Task Scheduling System v1.0 was discovered to contain a SQL inj ...)
NOT-FOR-US: Simple Task Scheduling System
-CVE-2022-36677
- RESERVED
+CVE-2022-36677 (Obsidian Mind Map v1.1.0 allows attackers to execute arbitrary code vi ...)
+ TODO: check
CVE-2022-36676 (Simple Task Scheduling System v1.0 was discovered to contain a SQL inj ...)
NOT-FOR-US: Simple Task Scheduling System
CVE-2022-36675 (Simple Task Scheduling System v1.0 was discovered to contain a SQL inj ...)
@@ -261953,8 +262040,8 @@ CVE-2020-13881 (In support.c in pam_tacplus 1.3.8 through 1.5.1, the TACACS+ sha
[stretch] - libpam-tacplus <no-dsa> (Minor issue)
NOTE: https://github.com/kravietz/pam_tacplus/commit/4a9852c31c2fd0c0e72fbb689a586aabcfb11cb0
NOTE: https://github.com/kravietz/pam_tacplus/issues/149
-CVE-2020-13880
- RESERVED
+CVE-2020-13880 (IrfanView B3D PlugIns before version 4.56 has a B3d.dll!+1cbf heap-bas ...)
+ TODO: check
CVE-2020-13879 (IrfanView B3D PlugIns before version 4.56 has a B3d.dll!+214f heap-bas ...)
NOT-FOR-US: IrfanView B3D PlugIns
CVE-2020-13878 (IrfanView B3D PlugIns before version 4.56 has a B3d.dll!+27ef heap-bas ...)
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/74d4731002a4a044bee232fae8004ed0a2714174
--
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/74d4731002a4a044bee232fae8004ed0a2714174
You're receiving this email because of your account on salsa.debian.org.
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://alioth-lists.debian.net/pipermail/debian-security-tracker-commits/attachments/20240105/be242fcf/attachment-0001.htm>
More information about the debian-security-tracker-commits
mailing list