[Git][security-tracker-team/security-tracker][master] automatic update

Sat Jan 20 08:11:47 GMT 2024


Salvatore Bonaccorso pushed to branch master at Debian Security Tracker / security-tracker


Commits:
199e39f8 by security tracker role at 2024-01-20T08:11:35+00:00
automatic update

- - - - -


1 changed file:

- data/CVE/list


Changes:

=====================================
data/CVE/list
=====================================
@@ -1,3 +1,71 @@
+CVE-2024-23689 (Exposure of sensitive information in exceptions in ClichHouse's clickh ...)
+	TODO: check
+CVE-2024-23688 (Consensys Discovery versions less than 0.4.5 uses the same AES/GCM non ...)
+	TODO: check
+CVE-2024-23687 (Hard-coded credentials in FOLIO mod-data-export-spring versions before ...)
+	TODO: check
+CVE-2024-23686 (DependencyCheck for Maven 9.0.0 to 9.0.6, for CLI version 9.0.0 to 9.0 ...)
+	TODO: check
+CVE-2024-23685 (Hard-coded credentials in mod-remote-storage versions under 1.7.2 and  ...)
+	TODO: check
+CVE-2024-23684 (Inefficient algorithmic complexity in DecodeFromBytes function in com. ...)
+	TODO: check
+CVE-2024-23683 (Artemis Java Test Sandbox versions less than 1.7.6 are vulnerable to a ...)
+	TODO: check
+CVE-2024-23682 (Artemis Java Test Sandbox versions before 1.8.0 are vulnerable to a sa ...)
+	TODO: check
+CVE-2024-23681 (Artemis Java Test Sandbox versions before 1.11.2 are vulnerable to a s ...)
+	TODO: check
+CVE-2024-23680 (AWS Encryption SDK for Java versions 2.0.0 to 2.2.0 and less than 1.9. ...)
+	TODO: check
+CVE-2024-23679 (Enonic XP versions less than 7.7.4 are vulnerable to a session fixatio ...)
+	TODO: check
+CVE-2024-23332 (The Notary Project is a set of specifications and tools intended to pr ...)
+	TODO: check
+CVE-2024-22421 (JupyterLab is an extensible environment for interactive and reproducib ...)
+	TODO: check
+CVE-2024-22420 (JupyterLab is an extensible environment for interactive and reproducib ...)
+	TODO: check
+CVE-2024-0758 (MolecularFaces before 0.3.0 is vulnerable to cross site scripting. A r ...)
+	TODO: check
+CVE-2024-0739 (A vulnerability, which was classified as critical, was found in Hechen ...)
+	TODO: check
+CVE-2024-0738 (A vulnerability, which was classified as critical, has been found in \ ...)
+	TODO: check
+CVE-2024-0737 (A vulnerability classified as problematic was found in Xlightftpd Xlig ...)
+	TODO: check
+CVE-2024-0736 (A vulnerability classified as problematic has been found in EFS Easy F ...)
+	TODO: check
+CVE-2024-0735 (A vulnerability was found in SourceCodester Online Tours & Travels Man ...)
+	TODO: check
+CVE-2024-0734 (A vulnerability was found in Smsot up to 2.12. It has been declared as ...)
+	TODO: check
+CVE-2024-0733 (A vulnerability was found in Smsot up to 2.12. It has been classified  ...)
+	TODO: check
+CVE-2024-0679 (The ColorMag theme for WordPress is vulnerable to unauthorized access  ...)
+	TODO: check
+CVE-2024-0623 (The VK Block Patterns plugin for WordPress is vulnerable to Cross-Site ...)
+	TODO: check
+CVE-2023-51928 (An arbitrary file upload vulnerability in the nccloud.web.arcp.taskmon ...)
+	TODO: check
+CVE-2023-51927 (YonBIP v3_23.05 was discovered to contain a SQL injection vulnerabilit ...)
+	TODO: check
+CVE-2023-51926 (YonBIP v3_23.05 was discovered to contain an arbitrary file read vulne ...)
+	TODO: check
+CVE-2023-51925 (An arbitrary file upload vulnerability in the nccloud.web.arcp.taskmon ...)
+	TODO: check
+CVE-2023-51924 (An arbitrary file upload vulnerability in the uap.framework.rc.itf.IRe ...)
+	TODO: check
+CVE-2023-51906 (An issue in yonyou YonBIP v3_23.05 allows a remote attacker to execute ...)
+	TODO: check
+CVE-2023-51892 (An issue in weaver e-cology v.10.0.2310.01 allows a remote attacker to ...)
+	TODO: check
+CVE-2023-49329 (Anomali Match before 4.6.2 allows OS Command Injection. An authenticat ...)
+	TODO: check
+CVE-2023-47024 (Cross Site Request Forgery vulnerability in NCR Terminal Handler v.1.5 ...)
+	TODO: check
+CVE-2023-46447 (The POPS! Rebel application 5.0 for Android, in POPS! Rebel Bluetooth  ...)
+	TODO: check
 CVE-2024-23331 (Vite is a frontend tooling framework for javascript. The Vite dev serv ...)
 	TODO: check
 CVE-2024-23329 (changedetection.io is an open source tool designed to monitor websites ...)
@@ -191341,8 +191409,8 @@ CVE-2021-31316 (The unprivileged user portal part of CentOS Web Panel is affecte
 CVE-2021-31315 (Telegram Android <7.1.0 (2090), Telegram iOS <7.1, and Telegram macOS  ...)
 	- rlottie <not-affected> (Doesn't affect rlottie as packaged in Debian, bug #988885)
 	NOTE: https://www.shielder.it/advisories/telegram-rlottie-blit-stack-buffer-overflow/
-CVE-2021-31314
-	RESERVED
+CVE-2021-31314 (File upload vulnerability in ejinshan v8+ terminal security system all ...)
+	TODO: check
 CVE-2021-31313
 	RESERVED
 CVE-2021-31312



View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/199e39f8405891d034393ec7d90d349b09d0a20a

-- 
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/199e39f8405891d034393ec7d90d349b09d0a20a
You're receiving this email because of your account on salsa.debian.org.


-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://alioth-lists.debian.net/pipermail/debian-security-tracker-commits/attachments/20240120/4017959b/attachment.htm>
