[Git][security-tracker-team/security-tracker][master] automatic update

Salvatore Bonaccorso (@carnil) carnil at debian.org
Mon Jan 15 20:12:16 GMT 2024 


Salvatore Bonaccorso pushed to branch master at Debian Security Tracker / security-tracker


Commits:
f9718507 by security tracker role at 2024-01-15T20:12:03+00:00
automatic update

- - - - -


1 changed file:

- data/CVE/list


Changes:

=====================================
data/CVE/list
=====================================
@@ -1,3 +1,75 @@
+CVE-2024-22207 (fastify-swagger-ui is a Fastify plugin for serving Swagger UI.  Prior  ...)
+	TODO: check
+CVE-2024-20721 (Acrobat Reader T5 (MSFT Edge) versions 120.0.2210.91 and earlier are a ...)
+	TODO: check
+CVE-2024-20709 (Acrobat Reader T5 (MSFT Edge) versions 120.0.2210.91 and earlier are a ...)
+	TODO: check
+CVE-2024-0565 (An out-of-bounds memory read flaw was found in receive_encrypted_stand ...)
+	TODO: check
+CVE-2024-0562 (A use-after-free flaw was found in the Linux Kernel. When a disk is re ...)
+	TODO: check
+CVE-2024-0558 (A vulnerability has been found in DedeBIZ 6.3.0 and classified as crit ...)
+	TODO: check
+CVE-2024-0557 (A vulnerability, which was classified as problematic, was found in Ded ...)
+	TODO: check
+CVE-2024-0320 (Cross-Site Scripting in FireEye Malware Analysis (AX) affecting versio ...)
+	TODO: check
+CVE-2024-0319 (Open Redirect vulnerability in FireEye HXTool affecting version 4.6, t ...)
+	TODO: check
+CVE-2024-0318 (Cross-Site Scripting in FireEye HXTool affecting version 4.6. This vul ...)
+	TODO: check
+CVE-2024-0317 (Cross-Site Scripting in FireEye EX, affecting version 9.0.3.936727. Ex ...)
+	TODO: check
+CVE-2024-0316 (Improper cleanup vulnerability in exceptions thrown in FireEye Endpoin ...)
+	TODO: check
+CVE-2024-0315 (Remote file inclusion vulnerability in FireEye Central Management affe ...)
+	TODO: check
+CVE-2024-0314 (XSS vulnerability in FireEye Central Management affecting version 9.1. ...)
+	TODO: check
+CVE-2023-6991 (The JSM file_get_contents() Shortcode WordPress plugin before 2.7.1 do ...)
+	TODO: check
+CVE-2023-6941 (The Keap Official Opt-in Forms WordPress plugin through 1.0.11 does no ...)
+	TODO: check
+CVE-2023-6915 (A Null pointer dereference problem was found in ida_free in lib/idr.c  ...)
+	TODO: check
+CVE-2023-6843 (The easy.jobs- Best Recruitment Plugin for Job Board Listing, Manager, ...)
+	TODO: check
+CVE-2023-6623 (The Essential Blocks WordPress plugin before 4.4.3 does not prevent un ...)
+	TODO: check
+CVE-2023-6620 (The POST SMTP Mailer WordPress plugin before 2.8.7 does not properly s ...)
+	TODO: check
+CVE-2023-6163 (The WP Crowdfunding WordPress plugin before 2.1.10 does not sanitise a ...)
+	TODO: check
+CVE-2023-6066 (The WP Custom Widget area WordPress plugin through 1.2.5 does not prop ...)
+	TODO: check
+CVE-2023-6050 (The Estatik Real Estate Plugin WordPress plugin before 4.1.1 does not  ...)
+	TODO: check
+CVE-2023-6049 (The Estatik Real Estate Plugin WordPress plugin before 4.1.1 unseriali ...)
+	TODO: check
+CVE-2023-6048 (The Estatik Real Estate Plugin WordPress plugin before 4.1.1 does not  ...)
+	TODO: check
+CVE-2023-6029 (The EazyDocs WordPress plugin before 2.3.6 does not have authorization ...)
+	TODO: check
+CVE-2023-5905 (The DeMomentSomTres WordPress Export Posts With Images WordPress plugi ...)
+	TODO: check
+CVE-2023-5253 (A missing authentication check in the WebSocket channel used for the C ...)
+	TODO: check
+CVE-2023-50729 (Traccar is an open source GPS tracking system. Prior to 5.11, Traccar  ...)
+	TODO: check
+CVE-2023-4925 (The Easy Forms for Mailchimp WordPress plugin through 6.8.10 does not  ...)
+	TODO: check
+CVE-2023-4818 (PAX A920 device allows to downgrade bootloader due to a bug in its ver ...)
+	TODO: check
+CVE-2023-46226 (Remote Code Execution vulnerability in Apache IoTDB.This issue affects ...)
+	TODO: check
+CVE-2023-42137 (PAX Android based POS devices with PayDroid_8.1.0_Sagittarius_V11.1.50 ...)
+	TODO: check
+CVE-2023-42136 (PAX Android based POS devices with PayDroid_8.1.0_Sagittarius_V11.1.50 ...)
+	TODO: check
+CVE-2023-42135 (PAX A920Pro/A50 devices with PayDroid_8.1.0_Sagittarius_V11.1.50_20230 ...)
+	TODO: check
+CVE-2023-42134 (PAX Android based POS devices with PayDroid_8.1.0_Sagittarius_V11.1.45 ...)
+	TODO: check
 CVE-2023-6237 [openssl: Checking excessively long invalid RSA public keys may take a long time]
 	- openssl <unfixed> (bug #1060858)
 	[bookworm] - openssl <no-dsa> (Minor issue)
@@ -233,9 +305,9 @@ CVE-2023-33472 (An issue was discovered in Scada-LTS v2.7.5.2 build 4551883606 a
 	NOT-FOR-US: Scada-LTS
 CVE-2022-4962 (A vulnerability was found in Apollo 2.0.0/2.0.1 and classified as prob ...)
 	NOT-FOR-US: Apollo
-CVE-2023-50290
+CVE-2023-50290 (Exposure of Sensitive Information to an Unauthorized Actor vulnerabili ...)
 	- lucene-solr <not-affected> (Vulnerable code not yet present)
-CVE-2023-46749
+CVE-2023-46749 (Apache Shiro before 1.130 or 2.0.0-alpha-4, may be susceptible to a pa ...)
 	- shiro <unfixed> (bug #1060754)
 	NOTE: https://www.openwall.com/lists/oss-security/2024/01/12/2
 CVE-2024-0232 [use-after-free bug in jsonParseAddNodeArray]
@@ -860,7 +932,7 @@ CVE-2022-47965 (The issue was addressed with improved memory handling. This issu
 	NOT-FOR-US: Apple
 CVE-2022-47915 (The issue was addressed with improved memory handling. This issue is f ...)
 	NOT-FOR-US: Apple
-CVE-2023-4001 [bypass the GRUB password protection feature]
+CVE-2023-4001 (An authentication bypass flaw was found in GRUB due to the way that GR ...)
 	- grub2 <not-affected> (Specific to a downstream patch in Red Hat)
 	NOTE: https://bugzilla.redhat.com/show_bug.cgi?id=2224951
 	NOTE: https://bugzilla.redhat.com/show_bug.cgi?id=2223437
@@ -188254,7 +188326,8 @@ CVE-2018-25014 (A use of uninitialized value was found in libwebp in versions be
 	NOTE: https://bugs.chromium.org/p/oss-fuzz/issues/detail?id=9496
 CVE-2021-3534
 	REJECTED
-CVE-2021-3533 (A flaw was found in Ansible if an ansible user sets ANSIBLE_ASYNC_DIR  ...)
+CVE-2021-3533
+	REJECTED
 	- ansible <unfixed> (bug #1014857)
 	[bookworm] - ansible <postponed> (Minor issue, revisit when/if fixed upstream)
 	[bullseye] - ansible <postponed> (Minor issue, revisit when/if fixed upstream)
@@ -188292,7 +188365,8 @@ CVE-2021-32013 (SheetJS and SheetJS Pro through 0.16.9 allows attackers to cause
 	NOT-FOR-US: SheetJS
 CVE-2021-32012 (SheetJS and SheetJS Pro through 0.16.9 allows attackers to cause a den ...)
 	NOT-FOR-US: SheetJS
-CVE-2021-3532 (A flaw was found in Ansible where the secret information present in as ...)
+CVE-2021-3532
+	REJECTED
 	- ansible <unfixed> (bug #1014722)
 	[bookworm] - ansible <postponed> (Minor issue, revisit when/if fixed upstream)
 	[bullseye] - ansible <postponed> (Minor issue, revisit when/if fixed upstream)



View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/f971850781cda3fedb5908dc0b0a7a0f8f52cc6c

-- 
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/f971850781cda3fedb5908dc0b0a7a0f8f52cc6c
You're receiving this email because of your account on salsa.debian.org.


-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://alioth-lists.debian.net/pipermail/debian-security-tracker-commits/attachments/20240115/967252b0/attachment-0001.htm>

More information about the debian-security-tracker-commits mailing list