[Git][security-tracker-team/security-tracker][master] automatic update
Salvatore Bonaccorso (@carnil)
carnil at debian.org
Fri Jan 12 08:12:14 GMT 2024
Salvatore Bonaccorso pushed to branch master at Debian Security Tracker / security-tracker
Commits:
91a552af by security tracker role at 2024-01-12T08:12:02+00:00
automatic update
- - - - -
1 changed file:
- data/CVE/list
Changes:
=====================================
data/CVE/list
=====================================
@@ -1,4 +1,130 @@
-CVE-2024-0443
+CVE-2024-23179 (An issue was discovered in the GlobalBlocking extension in MediaWiki b ...)
+ TODO: check
+CVE-2024-23178 (An issue was discovered in the Phonos extension in MediaWiki before 1. ...)
+ TODO: check
+CVE-2024-23177 (An issue was discovered in the WatchAnalytics extension in MediaWiki b ...)
+ TODO: check
+CVE-2024-23174 (An issue was discovered in the PageTriage extension in MediaWiki befor ...)
+ TODO: check
+CVE-2024-23173 (An issue was discovered in the Cargo extension in MediaWiki before 1.3 ...)
+ TODO: check
+CVE-2024-23172 (An issue was discovered in the CheckUser extension in MediaWiki before ...)
+ TODO: check
+CVE-2024-23171 (An issue was discovered in the CampaignEvents extension in MediaWiki b ...)
+ TODO: check
+CVE-2024-22027 (Improper input validation vulnerability in WordPress Quiz Maker Plugin ...)
+ TODO: check
+CVE-2024-21982 (ONTAP versions 9.4 and higher are susceptible to a vulnerability whic ...)
+ TODO: check
+CVE-2024-21617 (An Incomplete Cleanup vulnerability in Nonstop active routing (NSR) co ...)
+ TODO: check
+CVE-2024-21616 (An Improper Validation of Syntactic Correctness of Input vulnerability ...)
+ TODO: check
+CVE-2024-21614 (An Improper Check for Unusual or Exceptional Conditions vulnerability ...)
+ TODO: check
+CVE-2024-21613 (A Missing Release of Memory after Effective Lifetime vulnerability in ...)
+ TODO: check
+CVE-2024-21612 (An Improper Handling of Syntactically Invalid Structure vulnerability ...)
+ TODO: check
+CVE-2024-21611 (A Missing Release of Memory after Effective Lifetime vulnerability in ...)
+ TODO: check
+CVE-2024-21607 (An Unsupported Feature in the UI vulnerability in Juniper Networks Jun ...)
+ TODO: check
+CVE-2024-21606 (A Double Free vulnerability in the flow processing daemon (flowd) of J ...)
+ TODO: check
+CVE-2024-21604 (An Allocation of Resources Without Limits or Throttling vulnerability ...)
+ TODO: check
+CVE-2024-21603 (An Improper Check for Unusual or Exceptional Conditions vulnerability ...)
+ TODO: check
+CVE-2024-21602 (A NULL Pointer Dereference vulnerability in Juniper Networks Junos OS ...)
+ TODO: check
+CVE-2024-21601 (A Concurrent Execution using Shared Resource with Improper Synchroniza ...)
+ TODO: check
+CVE-2024-21600 (An Improper Neutralization of Equivalent Special Elements vulnerabilit ...)
+ TODO: check
+CVE-2024-21599 (A Missing Release of Memory after Effective Lifetime vulnerability in ...)
+ TODO: check
+CVE-2024-21597 (An Exposure of Resource to Wrong Sphere vulnerability in the Packet Fo ...)
+ TODO: check
+CVE-2024-21596 (A Heap-based Buffer Overflow vulnerability in the Routing Protocol Dae ...)
+ TODO: check
+CVE-2024-21595 (An Improper Validation of Syntactic Correctness of Input vulnerability ...)
+ TODO: check
+CVE-2024-21594 (A Heap-based Buffer Overflow vulnerability in the Network Services Dae ...)
+ TODO: check
+CVE-2024-21591 (An Out-of-bounds Write vulnerability in J-Web of Juniper Networks Juno ...)
+ TODO: check
+CVE-2024-21589 (An Improper Access Control vulnerability in the Juniper Networks Parag ...)
+ TODO: check
+CVE-2024-21587 (An Improper Handling of Exceptional Conditions vulnerability in the br ...)
+ TODO: check
+CVE-2024-21585 (An Improper Handling of Exceptional Conditions vulnerability in BGP se ...)
+ TODO: check
+CVE-2024-21337 (Microsoft Edge (Chromium-based) Elevation of Privilege Vulnerability)
+ TODO: check
+CVE-2024-20675 (Microsoft Edge (Chromium-based) Security Feature Bypass Vulnerability)
+ TODO: check
+CVE-2024-0454 (ELAN Match-on-Chip FPR solution has design fault about potential risk ...)
+ TODO: check
+CVE-2024-0426 (A vulnerability, which was classified as critical, has been found in F ...)
+ TODO: check
+CVE-2024-0393
+ REJECTED
+CVE-2023-7226 (A vulnerability was found in meetyoucrop big-whale 1.1 and classified ...)
+ TODO: check
+CVE-2023-6740 (Privilege escalation in jar_signature agent plugin in Checkmk before 2 ...)
+ TODO: check
+CVE-2023-6735 (Privilege escalation in mk_tsm agent plugin in Checkmk before 2.2.0p17 ...)
+ TODO: check
+CVE-2023-6040 (An out-of-bounds access vulnerability involving netfilter was reported ...)
+ TODO: check
+CVE-2023-52339 (In libebml before 1.4.5, an integer overflow in MemIOCallback.cpp can ...)
+ TODO: check
+CVE-2023-51350 (A spoofing attack in ujcms v.8.0.2 allows a remote attacker to obtain ...)
+ TODO: check
+CVE-2023-50920 (An issue was discovered on GL.iNet devices before version 4.5.0. They ...)
+ TODO: check
+CVE-2023-50919 (An issue was discovered on GL.iNet devices before version 4.5.0. There ...)
+ TODO: check
+CVE-2023-50129 (Missing encryption in the NFC tags of the Flient Smart Door Lock v1.0 ...)
+ TODO: check
+CVE-2023-50128 (The remote keyless system of the Hozard alarm system (alarmsystemen) v ...)
+ TODO: check
+CVE-2023-50127 (Hozard alarm system (Alarmsysteem) v1.0 is vulnerable to Improper Auth ...)
+ TODO: check
+CVE-2023-50126 (Missing encryption in the RFID tags of the Hozard alarm system (Alarms ...)
+ TODO: check
+CVE-2023-50125 (A default engineer password set on the Hozard alarm system (Alarmsyste ...)
+ TODO: check
+CVE-2023-50124 (Flient Smart Door Lock v1.0 is vulnerable to Use of Default Credential ...)
+ TODO: check
+CVE-2023-50123 (The number of attempts to bring the Hozard Alarm system (alarmsystemen ...)
+ TODO: check
+CVE-2023-46474 (File Upload vulnerability PMB v.7.4.8 allows a remote attacker to exec ...)
+ TODO: check
+CVE-2023-40362 (An issue was discovered in CentralSquare Click2Gov Building Permit bef ...)
+ TODO: check
+CVE-2023-40250 (Buffer Copy without Checking Size of Input ('Classic Buffer Overflow') ...)
+ TODO: check
+CVE-2023-37117 (A heap-use-after-free vulnerability was found in live555 version 2023. ...)
+ TODO: check
+CVE-2023-36842 (An Improper Check for Unusual or Exceptional Conditions vulnerability ...)
+ TODO: check
+CVE-2023-34061 (Cloud Foundry routing release versions from v0.163.0 to v0.283.0 are v ...)
+ TODO: check
+CVE-2022-4961 (A vulnerability was found in Weitong Mall 1.0.0. It has been declared ...)
+ TODO: check
+CVE-2022-4960 (A vulnerability, which was classified as problematic, has been found i ...)
+ TODO: check
+CVE-2022-4959 (A vulnerability classified as problematic was found in qkmc-rk redbbs ...)
+ TODO: check
+CVE-2022-48620 (uev (aka libuev) before 2.4.1 has a buffer overflow in epoll_wait if m ...)
+ TODO: check
+CVE-2022-48619 (An issue was discovered in drivers/input/input.c in the Linux kernel b ...)
+ TODO: check
+CVE-2016-20021 (In Gentoo Portage before 3.0.47, there is missing PGP validation of ex ...)
+ TODO: check
+CVE-2024-0443 (A flaw was found in the blkgs destruction path in block/blk-cgroup.c i ...)
- linux 6.3.11-1
[bookworm] - linux <not-affected> (Vulnerable code not present)
[bullseye] - linux <not-affected> (Vulnerable code not present)
@@ -4394,7 +4520,7 @@ CVE-2023-32725 (The website configured in the URL widget will receive a session
CVE-2023-32230 (An improper handling of a malformed API request to an API server in Bo ...)
NOT-FOR-US: Bosch
CVE-2023-48795 (The SSH transport protocol with certain OpenSSH extensions, found in O ...)
- {DSA-5591-1 DSA-5588-1 DSA-5586-1 DLA-3694-1}
+ {DSA-5601-1 DSA-5600-1 DSA-5599-1 DSA-5591-1 DSA-5588-1 DSA-5586-1 DLA-3694-1}
- dropbear <unfixed> (bug #1059001)
[bookworm] - dropbear <no-dsa> (Minor issue)
[bullseye] - dropbear <no-dsa> (Minor issue)
@@ -11414,7 +11540,7 @@ CVE-2023-4249 (Zavio CF7500, CF7300, CF7201, CF7501, CB3211, CB3212, CB5220, CB
NOT-FOR-US: Zavio
CVE-2023-47613 (A CWE-23: Relative Path Traversal vulnerability exists in Telit Cinter ...)
NOT-FOR-US: Telit Cinterion
-CVE-2023-47489 (An issue in Combodo iTop v.3.1.0-2-11973 allows a local attacker to ex ...)
+CVE-2023-47489 (CSV injection in export as csv in Combodo iTop v.3.1.0-2-11973 allows ...)
NOT-FOR-US: Combodo iTop
CVE-2023-47488 (Cross Site Scripting vulnerability in Combodo iTop v.3.1.0-2-11973 all ...)
NOT-FOR-US: Combodo iTop
@@ -37487,8 +37613,8 @@ CVE-2023-31213 (Auth. (contributor+) Stored Cross-Site Scripting (XSS) vulnerabi
NOT-FOR-US: WordPress plugin
CVE-2023-31212 (Improper Neutralization of Special Elements used in an SQL Command ('S ...)
NOT-FOR-US: WordPress plugin
-CVE-2023-31211
- RESERVED
+CVE-2023-31211 (Insufficient authentication flow in Checkmk before 2.2.0p17, 2.1.0p37 ...)
+ TODO: check
CVE-2023-31210 (Usage of user controlled LD_LIBRARY_PATH in agent in Checkmk 2.2.0p10 ...)
- check-mk <removed>
CVE-2023-31209 (Improper neutralization of active check command arguments in Checkmk < ...)
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/91a552afe26808dcf6c3a7ee1d9e482c6af879dc
--
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/91a552afe26808dcf6c3a7ee1d9e482c6af879dc
You're receiving this email because of your account on salsa.debian.org.
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://alioth-lists.debian.net/pipermail/debian-security-tracker-commits/attachments/20240112/c05ab37f/attachment.htm>
More information about the debian-security-tracker-commits
mailing list