[Git][security-tracker-team/security-tracker][master] automatic update
Salvatore Bonaccorso (@carnil)
carnil at debian.org
Fri Jan 12 20:39:36 GMT 2024
Salvatore Bonaccorso pushed to branch master at Debian Security Tracker / security-tracker
Commits:
d339433a by security tracker role at 2024-01-12T20:12:11+00:00
automatic update
- - - - -
1 changed file:
- data/CVE/list
Changes:
=====================================
data/CVE/list
=====================================
@@ -1,14 +1,82 @@
+CVE-2024-22494 (A stored XSS vulnerability exists in JFinalcms 5.0.0 via the /gusetboo ...)
+ TODO: check
+CVE-2024-22493 (A stored XSS vulnerability exists in JFinalcms 5.0.0 via the /gusetboo ...)
+ TODO: check
+CVE-2024-22492 (A stored XSS vulnerability exists in JFinalcms 5.0.0 via the /gusetboo ...)
+ TODO: check
+CVE-2024-21887 (A command injection vulnerability in web components of Ivanti Connect ...)
+ TODO: check
+CVE-2024-0467 (A vulnerability, which was classified as problematic, was found in cod ...)
+ TODO: check
+CVE-2024-0466 (A vulnerability, which was classified as critical, has been found in c ...)
+ TODO: check
+CVE-2024-0465 (A vulnerability classified as problematic was found in code-projects E ...)
+ TODO: check
+CVE-2024-0464 (A vulnerability classified as critical has been found in code-projects ...)
+ TODO: check
+CVE-2024-0463 (A vulnerability was found in code-projects Online Faculty Clearance 1. ...)
+ TODO: check
+CVE-2024-0462 (A vulnerability was found in code-projects Online Faculty Clearance 1. ...)
+ TODO: check
+CVE-2024-0461 (A vulnerability was found in code-projects Online Faculty Clearance 1. ...)
+ TODO: check
+CVE-2024-0460 (A vulnerability was found in code-projects Faculty Management System 1 ...)
+ TODO: check
+CVE-2024-0459 (A vulnerability has been found in Blood Bank & Donor Management 5.6 an ...)
+ TODO: check
+CVE-2023-6683 (A flaw was found in the QEMU built-in VNC server while processing Clie ...)
+ TODO: check
+CVE-2023-52026 (TOTOlink EX1800T V9.1.0cu.2112_B20220316 was discovered to contain a r ...)
+ TODO: check
+CVE-2023-51978 (In PHPGurukul Art Gallery Management System v1.1, "Update Artist Image ...)
+ TODO: check
+CVE-2023-51949 (Verydows v2.0 was discovered to contain a Cross-Site Request Forgery ( ...)
+ TODO: check
+CVE-2023-51806 (File Upload vulnerability in Ujcms v.8.0.2 allows a local attacker to ...)
+ TODO: check
+CVE-2023-51790 (Cross Site Scripting vulnerability in piwigo v.14.0.0 allows a remote ...)
+ TODO: check
+CVE-2023-49569 (A path traversal vulnerability was discovered in go-git versions prior ...)
+ TODO: check
+CVE-2023-49568 (A denial of service (DoS) vulnerability was discovered in go-git versi ...)
+ TODO: check
+CVE-2023-49262 (The authentication mechanism can be bypassed by overflowing the value ...)
+ TODO: check
+CVE-2023-49261 (The "tokenKey" value used in user authorization is visible in the HTML ...)
+ TODO: check
+CVE-2023-49260 (An XSS attack can be performed by changing the MOTD banner and pointin ...)
+ TODO: check
+CVE-2023-49259 (The authentication cookies are generated using an algorithm based on t ...)
+ TODO: check
+CVE-2023-49258 (User browser may be forced to execute JavaScript and pass the authenti ...)
+ TODO: check
+CVE-2023-49257 (An authenticated user is able to upload an arbitrary CGI-compatible fi ...)
+ TODO: check
+CVE-2023-49256 (It is possible to download the configuration backup without authorizat ...)
+ TODO: check
+CVE-2023-49255 (The router console is accessible without authentication at "data" fiel ...)
+ TODO: check
+CVE-2023-49254 (Authenticated user can execute arbitrary commands in the context of th ...)
+ TODO: check
+CVE-2023-49253 (Root user password is hardcoded into the device and cannot be changed ...)
+ TODO: check
+CVE-2023-48909 (An issue was discovered in Jave2 version 3.3.1, allows attackers to ex ...)
+ TODO: check
+CVE-2023-46805 (An authentication bypass vulnerability in the web component of Ivanti ...)
+ TODO: check
+CVE-2010-10011 (A vulnerability, which was classified as problematic, was found in Acr ...)
+ TODO: check
CVE-2024-XXXX [spip XSS]
- spip 4.1.15+dfsg-1
[bookworm] - spip <no-dsa> (Minor issue)
[bullseye] - spip <not-affected> (Vulnerable code not present)
-CVE-2023-6955
+CVE-2023-6955 (An improper access control vulnerability exists in GitLab Remote Devel ...)
- gitlab <unfixed>
-CVE-2023-4812
+CVE-2023-4812 (An issue has been discovered in GitLab EE affecting all versions start ...)
- gitlab <unfixed>
-CVE-2023-5356
+CVE-2023-5356 (Incorrect authorization checks in GitLab CE/EE from all versions start ...)
- gitlab <unfixed>
-CVE-2023-7028
+CVE-2023-7028 (An issue has been discovered in GitLab CE/EE affecting all versions fr ...)
- gitlab <unfixed>
CVE-2024-23179 (An issue was discovered in the GlobalBlocking extension in MediaWiki b ...)
NOT-FOR-US: MediaWiki extension GlobalBlocking
@@ -86,7 +154,7 @@ CVE-2023-7226 (A vulnerability was found in meetyoucrop big-whale 1.1 and classi
NOT-FOR-US: meetyoucrop big-whale
CVE-2023-6740 (Privilege escalation in jar_signature agent plugin in Checkmk before 2 ...)
- check-mk <removed>
-CVE-2023-6735 (Privilege escalation in mk_tsm agent plugin in Checkmk before 2.2.0p17 ...)
+CVE-2023-6735 (Privilege escalation in mk_tsm agent plugin in Checkmk before 2.2.0p18 ...)
- check-mk <removed>
CVE-2023-6040 (An out-of-bounds access vulnerability involving netfilter was reported ...)
- linux 5.18.2-1
@@ -13078,7 +13146,7 @@ CVE-2023-46249 (authentik is an open-source Identity Provider. Prior to versions
NOT-FOR-US: authentik
CVE-2023-46248 (Cody is an artificial intelligence (AI) coding assistant. The Cody AI ...)
NOT-FOR-US: Cody
-CVE-2023-46245 (Kimai is a web-based multi-user time-tracking application. Versions 2. ...)
+CVE-2023-46245 (Kimai is a web-based multi-user time-tracking application. Versions pr ...)
NOT-FOR-US: Kimai
CVE-2023-46240 (CodeIgniter is a PHP full-stack web framework. Prior to CodeIgniter4 v ...)
NOT-FOR-US: CodeIgniter
@@ -37649,7 +37717,7 @@ CVE-2023-31213 (Auth. (contributor+) Stored Cross-Site Scripting (XSS) vulnerabi
NOT-FOR-US: WordPress plugin
CVE-2023-31212 (Improper Neutralization of Special Elements used in an SQL Command ('S ...)
NOT-FOR-US: WordPress plugin
-CVE-2023-31211 (Insufficient authentication flow in Checkmk before 2.2.0p17, 2.1.0p37 ...)
+CVE-2023-31211 (Insufficient authentication flow in Checkmk before 2.2.0p18, 2.1.0p38 ...)
TODO: check
CVE-2023-31210 (Usage of user controlled LD_LIBRARY_PATH in agent in Checkmk 2.2.0p10 ...)
- check-mk <removed>
@@ -38164,32 +38232,32 @@ CVE-2012-10013 (A vulnerability was found in Kau-Boy Backend Localization Plugin
NOT-FOR-US: WordPress plugin
CVE-2023-31037
RESERVED
-CVE-2023-31036
- RESERVED
-CVE-2023-31035
- RESERVED
-CVE-2023-31034
- RESERVED
-CVE-2023-31033
- RESERVED
-CVE-2023-31032
- RESERVED
-CVE-2023-31031
- RESERVED
-CVE-2023-31030
- RESERVED
-CVE-2023-31029
- RESERVED
+CVE-2023-31036 (NVIDIA Triton Inference Server for Linux and Windows contains a vulner ...)
+ TODO: check
+CVE-2023-31035 (NVIDIA DGX A100 SBIOS contains a vulnerability where an attacker may c ...)
+ TODO: check
+CVE-2023-31034 (NVIDIA DGX A100 SBIOS contains a vulnerability where a local attacker ...)
+ TODO: check
+CVE-2023-31033 (NVIDIA DGX A100 BMC contains a vulnerability where a user may cause a ...)
+ TODO: check
+CVE-2023-31032 (NVIDIA DGX A100 SBIOS contains a vulnerability where a user may cause ...)
+ TODO: check
+CVE-2023-31031 (NVIDIA DGX A100 SBIOS contains a vulnerability where a user may cause ...)
+ TODO: check
+CVE-2023-31030 (NVIDIA DGX A100 BMC contains a vulnerability in the host KVM daemon, w ...)
+ TODO: check
+CVE-2023-31029 (NVIDIA DGX A100 baseboard management controller (BMC) contains a vulne ...)
+ TODO: check
CVE-2023-31028
RESERVED
CVE-2023-31027 (NVIDIA GPU Display Driver for Windows contains a vulnerability that al ...)
NOT-FOR-US: NVIDIA
CVE-2023-31026 (NVIDIA vGPU software for Windows and Linux contains a vulnerability in ...)
NOT-FOR-US: NVIDIA (vGPU not packaged in Debian)
-CVE-2023-31025
- RESERVED
-CVE-2023-31024
- RESERVED
+CVE-2023-31025 (NVIDIA DGX A100 BMC contains a vulnerability where an attacker may cau ...)
+ TODO: check
+CVE-2023-31024 (NVIDIA DGX A100 BMC contains a vulnerability in the host KVM daemon, w ...)
+ TODO: check
CVE-2023-31023 (NVIDIA Display Driver for Windows contains a vulnerability where an at ...)
NOT-FOR-US: NVIDIA
CVE-2023-31022 (NVIDIA GPU Display Driver for Windows and Linux contains a vulnerabili ...)
@@ -39746,8 +39814,7 @@ CVE-2023-2032 (The Custom 404 Pro WordPress plugin before 3.8.1 does not properl
NOT-FOR-US: WordPress plugin
CVE-2023-2031 (The Locatoraid Store Locator plugin for WordPress is vulnerable to Sto ...)
NOT-FOR-US: WordPress plugin
-CVE-2023-2030
- RESERVED
+CVE-2023-2030 (An issue has been discovered in GitLab CE/EE affecting all versions fr ...)
- gitlab <unfixed>
CVE-2023-2029 (The PrePost SEO WordPress plugin through 3.0 does not properly sanitiz ...)
NOT-FOR-US: WordPress plugin
@@ -41215,12 +41282,12 @@ CVE-2023-30018 (Judging Management System v1.0 is vulnerable to SQL Injection. v
NOT-FOR-US: Judging Management System
CVE-2023-30017
RESERVED
-CVE-2023-30016
- RESERVED
-CVE-2023-30015
- RESERVED
-CVE-2023-30014
- RESERVED
+CVE-2023-30016 (SQL Injection vulnerability in oretnom23 Judging Management System v1. ...)
+ TODO: check
+CVE-2023-30015 (SQL Injection vulnerability in oretnom23 Judging Management System v1. ...)
+ TODO: check
+CVE-2023-30014 (SQL Injection vulnerability in oretnom23 Judging Management System v1. ...)
+ TODO: check
CVE-2023-30013 (TOTOLINK X5000R V9.1.0u.6118_B20201102 and V9.1.0u.6369_B20230113 cont ...)
NOT-FOR-US: TOTOLINK
CVE-2023-30012
@@ -44679,12 +44746,12 @@ CVE-2023-28901
RESERVED
CVE-2023-28900
RESERVED
-CVE-2023-28899
- RESERVED
-CVE-2023-28898
- RESERVED
-CVE-2023-28897
- RESERVED
+CVE-2023-28899 (By sending a specific reset UDS request via OBDII port of Skoda vehicl ...)
+ TODO: check
+CVE-2023-28898 (The Real-Time Streaming Protocol implementation in the MIB3 infotainme ...)
+ TODO: check
+CVE-2023-28897 (The secret value used for access to critical UDS services of the MIB3 ...)
+ TODO: check
CVE-2023-28896 (Access to critical Unified Diagnostics Services (UDS) of the Modular I ...)
NOT-FOR-US: Skoda
CVE-2023-28895 (The password for access to the debugging console of the PoWer Controll ...)
@@ -58903,8 +58970,8 @@ CVE-2023-0439 (The NEX-Forms WordPress plugin before 8.4.4 does not escape its f
NOT-FOR-US: WordPress plugin
CVE-2023-0438 (Cross-Site Request Forgery (CSRF) in GitHub repository modoboa/modoboa ...)
NOT-FOR-US: Modoboa
-CVE-2023-0437
- RESERVED
+CVE-2023-0437 (When calling bson_utf8_validateon some inputs a loop with an exit cond ...)
+ TODO: check
CVE-2023-0436 (The affected versions of MongoDB Atlas Kubernetes Operator may print s ...)
NOT-FOR-US: MongoDB Atlas Kubernetes Operator
CVE-2022-48282 (Under very specific circumstances (see Required configuration section ...)
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/d339433a4e85da24c1cfe6e24769ad2cf80ee41c
--
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/d339433a4e85da24c1cfe6e24769ad2cf80ee41c
You're receiving this email because of your account on salsa.debian.org.
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://alioth-lists.debian.net/pipermail/debian-security-tracker-commits/attachments/20240112/e166d382/attachment-0001.htm>
More information about the debian-security-tracker-commits
mailing list