[Git][security-tracker-team/security-tracker][master] automatic update
Salvatore Bonaccorso (@carnil)
carnil at debian.org
Thu Jan 18 20:12:14 GMT 2024
Salvatore Bonaccorso pushed to branch master at Debian Security Tracker / security-tracker
Commits:
683fa915 by security tracker role at 2024-01-18T20:12:03+00:00
automatic update
- - - - -
1 changed file:
- data/CVE/list
Changes:
=====================================
data/CVE/list
=====================================
@@ -1,3 +1,61 @@
+CVE-2024-22819 (FlyCms v1.0 contains a Cross-Site Request Forgery (CSRF) vulnerability ...)
+ TODO: check
+CVE-2024-22818 (FlyCms v1.0 contains a Cross-Site Request Forgery (CSRF) vulnerbility ...)
+ TODO: check
+CVE-2024-22817 (FlyCms v1.0 contains a Cross-Site Request Forgery (CSRF) vulnerability ...)
+ TODO: check
+CVE-2024-22699 (FlyCms v1.0 contains a Cross-Site Request Forgery (CSRF) vulnerability ...)
+ TODO: check
+CVE-2024-22603 (FlyCms v1.0 contains a Cross-Site Request Forgery (CSRF) vulnerability ...)
+ TODO: check
+CVE-2024-22601 (FlyCms v1.0 contains a Cross-Site Request Forgery (CSRF) vulnerability ...)
+ TODO: check
+CVE-2024-22593 (FlyCms v1.0 contains a Cross-Site Request Forgery (CSRF) vulnerability ...)
+ TODO: check
+CVE-2024-22592 (FlyCms v1.0 contains a Cross-Site Request Forgery (CSRF) vulnerability ...)
+ TODO: check
+CVE-2024-22591 (FlyCms v1.0 contains a Cross-Site Request Forgery (CSRF) vulnerability ...)
+ TODO: check
+CVE-2024-22568 (FlyCms v1.0 contains a Cross-Site Request Forgery (CSRF) vulnerability ...)
+ TODO: check
+CVE-2024-22549 (FlyCms 1.0 is vulnerable to Cross Site Scripting (XSS) in the email se ...)
+ TODO: check
+CVE-2024-22548 (FlyCms 1.0 is vulnerable to Cross Site Scripting (XSS) in the system w ...)
+ TODO: check
+CVE-2024-22419 (Vyper is a Pythonic Smart Contract Language for the Ethereum Virtual M ...)
+ TODO: check
+CVE-2024-22400 (Nextcloud User Saml is an app for authenticating Nextcloud users using ...)
+ TODO: check
+CVE-2024-22317 (IBM App Connect Enterprise 11.0.0.1 through 11.0.0.24 and 12.0.1.0 thr ...)
+ TODO: check
+CVE-2024-22213 (Deck is a kanban style organization tool aimed at personal planning an ...)
+ TODO: check
+CVE-2024-22212 (Nextcloud Global Site Selector is a tool which allows you to run multi ...)
+ TODO: check
+CVE-2024-0694
+ REJECTED
+CVE-2024-0669 (A Cross-Frame Scripting vulnerability has been found on Plone CMS affe ...)
+ TODO: check
+CVE-2024-0580 (Omission of user-controlled key authorization in the IDMSistemas platf ...)
+ TODO: check
+CVE-2023-7153 (Improper Neutralization of Input During Web Page Generation ('Cross-si ...)
+ TODO: check
+CVE-2023-5806 (Improper Neutralization of Special Elements used in an SQL Command ('S ...)
+ TODO: check
+CVE-2023-51464 (Adobe Experience Manager versions 6.5.18 and earlier are affected by a ...)
+ TODO: check
+CVE-2023-51463 (Adobe Experience Manager versions 6.5.18 and earlier are affected by a ...)
+ TODO: check
+CVE-2023-49943 (Zoho ManageEngine ServiceDesk Plus MSP before 14504 allows stored XSS ...)
+ TODO: check
+CVE-2023-40052 (This issue affects Progress Application Server (PAS) for OpenEdge in v ...)
+ TODO: check
+CVE-2023-40051 (This issue affects Progress Application Server (PAS) for OpenEdge in v ...)
+ TODO: check
+CVE-2023-34348 (AVEVA PI Server versions 2023 and 2018 SP3 P05 and prior contain a vul ...)
+ TODO: check
+CVE-2023-31274 (AVEVA PI Server versions 2023 and 2018 SP3 P05 and prior contain a vul ...)
+ TODO: check
CVE-2024-23525 (The Spreadsheet::ParseXLSX package before 0.30 for Perl allows XXE att ...)
- libspreadsheet-parsexlsx-perl <unfixed> (bug #1061098)
NOTE: https://gist.github.com/phvietan/d1c95a88ab6e17047b0248d6bf9eac4a
@@ -340,7 +398,7 @@ CVE-2023-36236 (Cross Site Scripting vulnerability in webkil Bagisto v.1.5.0 and
NOT-FOR-US: webkil Bagisto
CVE-2023-36235 (An issue in webkul qloapps before v1.6.0 allows an attacker to obtain ...)
NOT-FOR-US: webkul qloapps
-CVE-2024-0607 [netfilter: nf_tables: fix pointer math issue in nft_byteorder_eval()]
+CVE-2024-0607 (A flaw was found in the Netfilter subsystem in the Linux kernel. The i ...)
- linux 6.5.13-1
[bookworm] - linux 6.1.64-1
NOTE: https://git.kernel.org/linus/c301f0981fdd3fd1ffac6836b423c4d7a8e0eb63 (6.7-rc2)
@@ -633,13 +691,13 @@ CVE-2023-6395 (The Mock software contains a vulnerability wherein an attacker co
NOTE: templated-dictionary spit up from mock project in: https://github.com/rpm-software-management/mock/commit/c989e28ba92c571c0834e9b5d10ef29340e661f8 (mock-2.9)
NOTE: Fixed by: https://github.com/xsuchy/templated-dictionary/commit/bcd90f0dafa365575c4b101e6f5d98c4ef4e4b69 (python-templated-dictionary-1.4-1)
NOTE: Fixed by: https://github.com/xsuchy/templated-dictionary/commit/0740bd0ca8d487301881541028977d120f8b8933 (python-templated-dictionary-1.4-1)
-CVE-2024-0408 [SELinux unlabeled GLX PBuffer]
+CVE-2024-0408 (A flaw was found in the X.Org server. The GLX PBuffer code does not ca ...)
- xorg-server 2:21.1.11-1
- xwayland 2:23.2.4-1
[bookworm] - xwayland <no-dsa> (Minor issue; Xwayland shouldn't be running as root)
NOTE: https://lists.x.org/archives/xorg/2024-January/061525.html
NOTE: https://gitlab.freedesktop.org/xorg/xserver/-/commit/e5e8586a12a3ec915673edffa10dc8fe5e15dac3
-CVE-2024-0409 [SELinux context corruption]
+CVE-2024-0409 (A flaw was found in the X.Org server. The cursor code in both Xephyr a ...)
- xorg-server 2:21.1.11-1
- xwayland 2:23.2.4-1
[bookworm] - xwayland <no-dsa> (Minor issue; Xwayland shouldn't be running as root)
@@ -1469,7 +1527,7 @@ CVE-2023-51748 (ScaleFusion 10.5.2 does not properly limit users to the Edge app
CVE-2023-50671 (In exiftags 1.01, nikon_prop1 in nikon.c has a heap-based buffer overf ...)
- exiftags <unfixed> (bug #1060753)
NOTE: https://blog.yulun.ac.cn/posts/2023/fuzzing-exiftags/
-CVE-2023-50159 (In ScaleFusion (Windows Desktop App) agent v10.5.2, Kiosk mode applica ...)
+CVE-2023-50159 (In ScaleFusion (Windows Desktop App) agent 10.5.2, Kiosk mode applicat ...)
NOT-FOR-US: ScaleFusion
CVE-2023-4962 (The Video PopUp plugin for WordPress is vulnerable to Stored Cross-Sit ...)
NOT-FOR-US: WordPress plugin
@@ -45812,10 +45870,10 @@ CVE-2023-28903
RESERVED
CVE-2023-28902
RESERVED
-CVE-2023-28901
- RESERVED
-CVE-2023-28900
- RESERVED
+CVE-2023-28901 (The Skoda Automotive cloud contains a Broken Access Control vulnerabil ...)
+ TODO: check
+CVE-2023-28900 (The Skoda Automotive cloud contains a Broken Access Control vulnerabil ...)
+ TODO: check
CVE-2023-28899 (By sending a specific reset UDS request via OBDII port of Skoda vehicl ...)
NOT-FOR-US: Skoda
CVE-2023-28898 (The Real-Time Streaming Protocol implementation in the MIB3 infotainme ...)
@@ -184698,10 +184756,10 @@ CVE-2021-33633
RESERVED
CVE-2021-33632
RESERVED
-CVE-2021-33631
- RESERVED
-CVE-2021-33630
- RESERVED
+CVE-2021-33631 (Integer Overflow or Wraparound vulnerability in openEuler kernel on Li ...)
+ TODO: check
+CVE-2021-33630 (NULL Pointer Dereference vulnerability in openEuler kernel on Linux (n ...)
+ TODO: check
CVE-2021-33629 (isula-build before 0.9.5-6 can cause a program crash, when building co ...)
NOT-FOR-US: isula-build
CVE-2021-33628
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/683fa91515be2538894ce214b1614c20a3c1abfe
--
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/683fa91515be2538894ce214b1614c20a3c1abfe
You're receiving this email because of your account on salsa.debian.org.
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://alioth-lists.debian.net/pipermail/debian-security-tracker-commits/attachments/20240118/2cb91191/attachment-0001.htm>
More information about the debian-security-tracker-commits
mailing list