[Git][security-tracker-team/security-tracker][master] automatic update

Salvatore Bonaccorso (@carnil) carnil at debian.org
Thu Jan 18 08:12:32 GMT 2024 


Salvatore Bonaccorso pushed to branch master at Debian Security Tracker / security-tracker


Commits:
e26d0b21 by security tracker role at 2024-01-18T08:12:20+00:00
automatic update

- - - - -


1 changed file:

- data/CVE/list


Changes:

=====================================
data/CVE/list
=====================================
@@ -1,3 +1,87 @@
+CVE-2024-23525 (The Spreadsheet::ParseXLSX package before 0.30 for Perl allows XXE att ...)
+	TODO: check
+CVE-2024-22416 (pyLoad is a free and open-source Download Manager written in pure Pyth ...)
+	TODO: check
+CVE-2024-22414 (flaskBlog is a simple blog app built with Flask. Improper storage and  ...)
+	TODO: check
+CVE-2024-22410 (Creditcoin is a network that enables cross-blockchain credit transacti ...)
+	TODO: check
+CVE-2024-0655 (A vulnerability has been found in Novel-Plus 4.3.0-RC1 and classified  ...)
+	TODO: check
+CVE-2024-0654 (A vulnerability, which was classified as problematic, was found in Dee ...)
+	TODO: check
+CVE-2024-0652 (A vulnerability was found in PHPGurukul Company Visitor Management Sys ...)
+	TODO: check
+CVE-2024-0651 (A vulnerability was found in PHPGurukul Company Visitor Management Sys ...)
+	TODO: check
+CVE-2024-0650 (A vulnerability was found in Project Worlds Visitor Management System  ...)
+	TODO: check
+CVE-2024-0649 (A vulnerability was found in ZhiHuiYun up to 4.4.13 and classified as  ...)
+	TODO: check
+CVE-2024-0648 (A vulnerability has been found in Yunyou CMS up to 2.2.6 and classifie ...)
+	TODO: check
+CVE-2024-0381 (The WP Recipe Maker plugin for WordPress is vulnerable to Stored Cross ...)
+	TODO: check
+CVE-2023-6970 (The WP Recipe Maker plugin for WordPress is vulnerable to Reflected Cr ...)
+	TODO: check
+CVE-2023-6958 (The WP Recipe Maker plugin for WordPress is vulnerable to Stored Cross ...)
+	TODO: check
+CVE-2023-6549 (Improper Restriction of Operations within the Bounds of a Memory Buffe ...)
+	TODO: check
+CVE-2023-6548 (Improper Control of Generation of Code ('Code Injection') in NetScaler ...)
+	TODO: check
+CVE-2023-6340 (SonicWall Capture Client version 3.7.10,NetExtender client version 10. ...)
+	TODO: check
+CVE-2023-6184 (Cross SiteScripting vulnerability in Citrix Session Recording allows a ...)
+	TODO: check
+CVE-2023-5914 (Cross-site scripting (XSS))
+	TODO: check
+CVE-2023-48858 (A Cross-site scripting (XSS) vulnerability in login page php code in A ...)
+	TODO: check
+CVE-2023-48359 (In autotest driver, there is a possible out of bounds write due to imp ...)
+	TODO: check
+CVE-2023-48358 (In drm driver, there is a possible out of bounds write due to a missin ...)
+	TODO: check
+CVE-2023-48357 (In vsp driver, there is a possible out of bounds write due to a missin ...)
+	TODO: check
+CVE-2023-48356 (In jpg driver, there is a possible out of bounds write due to a missin ...)
+	TODO: check
+CVE-2023-48355 (In jpg driver, there is a possible out of bounds write due to a missin ...)
+	TODO: check
+CVE-2023-48354 (In telephone service, there is a possible improper input validation. T ...)
+	TODO: check
+CVE-2023-48353 (In vsp driver, there is a possible use after free due to a logic error ...)
+	TODO: check
+CVE-2023-48352 (In phasecheckserver, there is a possible out of bounds write due to a  ...)
+	TODO: check
+CVE-2023-48351 (In video decoder, there is a possible out of bounds write due to a mis ...)
+	TODO: check
+CVE-2023-48350 (In video decoder, there is a possible out of bounds write due to a mis ...)
+	TODO: check
+CVE-2023-48349 (In video decoder, there is a possible out of bounds write due to a mis ...)
+	TODO: check
+CVE-2023-48348 (In video decoder, there is a possible out of bounds write due to impro ...)
+	TODO: check
+CVE-2023-48347 (In video decoder, there is a possible out of bounds read due to improp ...)
+	TODO: check
+CVE-2023-48346 (In video decoder, there is a possible improper input validation. This  ...)
+	TODO: check
+CVE-2023-48345 (In video decoder, there is a possible out of bounds read due to improp ...)
+	TODO: check
+CVE-2023-48344 (In video decoder, there is a possible out of bounds read due to improp ...)
+	TODO: check
+CVE-2023-48343 (In video decoder, there is a possible out of bounds write due to impro ...)
+	TODO: check
+CVE-2023-48342 (In media service, there is a possible out of bounds write due to a mis ...)
+	TODO: check
+CVE-2023-48341 (In video decoder, there is a possible out of bounds read due to improp ...)
+	TODO: check
+CVE-2023-48340 (In video decoder, there is a possible out of bounds write due to impro ...)
+	TODO: check
+CVE-2023-48339 (In jpg driver, there is a possible missing permission check. This coul ...)
+	TODO: check
+CVE-2021-4433 (A vulnerability was found in Karjasoft Sami HTTP Server 2.0. It has be ...)
+	TODO: check
 CVE-2024-22365 [pam_namespace: protect_dir(): use O_DIRECTORY to prevent local DoS situations]
 	- pam <unfixed> (bug #1061097)
 	NOTE: https://github.com/linux-pam/linux-pam/commit/031bb5a5d0d950253b68138b498dc93be69a64cb (v1.6.0)
@@ -257,12 +341,15 @@ CVE-2024-0607 [netfilter: nf_tables: fix pointer math issue in nft_byteorder_eva
 	[bookworm] - linux 6.1.64-1
 	NOTE: https://git.kernel.org/linus/c301f0981fdd3fd1ffac6836b423c4d7a8e0eb63 (6.7-rc2)
 CVE-2024-0519 (Out of bounds memory access in V8 in Google Chrome prior to 120.0.6099 ...)
+	{DSA-5602-1}
 	- chromium 120.0.6099.224-1
 	[buster] - chromium <end-of-life> (see DSA 5046)
 CVE-2024-0518 (Type confusion in V8 in Google Chrome prior to 120.0.6099.224 allowed  ...)
+	{DSA-5602-1}
 	- chromium 120.0.6099.224-1
 	[buster] - chromium <end-of-life> (see DSA 5046)
 CVE-2024-0517 (Out of bounds write in V8 in Google Chrome prior to 120.0.6099.224 all ...)
+	{DSA-5602-1}
 	- chromium 120.0.6099.224-1
 	[buster] - chromium <end-of-life> (see DSA 5046)
 CVE-2024-20922 (Vulnerability in the Oracle Java SE, Oracle GraalVM Enterprise Edition ...)
@@ -461,7 +548,8 @@ CVE-2023-52098 (Denial of Service (DoS) vulnerability in the DMS module. Success
 	NOT-FOR-US: Huawei
 CVE-2023-52041 (An issue discovered in TOTOLINK X6000R V9.4.0cu.852_B20230719 allows a ...)
 	NOT-FOR-US: Totolink
-CVE-2023-51381 (Cross-site Scripting in thetag name pattern field in the tag protectio ...)
+CVE-2023-51381
+	REJECTED
 	NOT-FOR-US: GitHub Enterprise Server
 CVE-2023-4969 (A GPU kernel can read sensitive data from another GPU kernel (even fro ...)
 	TODO: check
@@ -574,7 +662,7 @@ CVE-2024-0229 [Reattaching to different master device may lead to out-of-bounds
 	NOTE: https://gitlab.freedesktop.org/xorg/xserver/-/commit/ece23be888a93b741aa1209d1dbf64636109d6a5
 	NOTE: https://gitlab.freedesktop.org/xorg/xserver/-/commit/219c54b8a3337456ce5270ded6a67bcde53553d5
 	NOTE: https://gitlab.freedesktop.org/xorg/xserver/-/commit/df3c65706eb169d5938df0052059f3e0d5981b74
-CVE-2023-6816 [Heap buffer overflow in DeviceFocusEvent and ProcXIQueryPointer]
+CVE-2023-6816 (A flaw was found in X.Org server. Both DeviceFocusEvent and the XIQuer ...)
 	- xorg-server 2:21.1.11-1
 	- xwayland 2:23.2.4-1
 	[bookworm] - xwayland <no-dsa> (Minor issue; Xwayland shouldn't be running as root)



View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/e26d0b21f7fd74b70267c59de798b47ee3beb1ec

-- 
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/e26d0b21f7fd74b70267c59de798b47ee3beb1ec
You're receiving this email because of your account on salsa.debian.org.


-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://alioth-lists.debian.net/pipermail/debian-security-tracker-commits/attachments/20240118/dc1d57b6/attachment-0001.htm>

More information about the debian-security-tracker-commits mailing list