[Git][security-tracker-team/security-tracker][master] automatic update

Salvatore Bonaccorso (@carnil) carnil at debian.org
Mon Jan 22 20:12:20 GMT 2024 


Salvatore Bonaccorso pushed to branch master at Debian Security Tracker / security-tracker


Commits:
7d046261 by security tracker role at 2024-01-22T20:12:08+00:00
automatic update

- - - - -


1 changed file:

- data/CVE/list


Changes:

=====================================
data/CVE/list
=====================================
@@ -1,3 +1,65 @@
+CVE-2024-22895 (DedeCMS 5.7.112 has a File Upload vulnerability via uploads/dede/modul ...)
+	TODO: check
+CVE-2024-22233 (In Spring Framework versions 6.0.15 and 6.1.2, it is possible for a us ...)
+	TODO: check
+CVE-2024-0784 (A vulnerability was found in biantaibao octopus 1.0. It has been class ...)
+	TODO: check
+CVE-2024-0783 (A vulnerability was found in Project Worlds Online Admission System 1. ...)
+	TODO: check
+CVE-2024-0782 (A vulnerability has been found in CodeAstro Online Railway Reservation ...)
+	TODO: check
+CVE-2024-0781 (A vulnerability, which was classified as problematic, was found in Cod ...)
+	TODO: check
+CVE-2024-0778 (** UNSUPPORTED WHEN ASSIGNED ** A vulnerability, which was classified  ...)
+	TODO: check
+CVE-2024-0706
+	REJECTED
+CVE-2024-0606 (An attacker could execute unauthorized script on a legitimate site thr ...)
+	TODO: check
+CVE-2024-0605 (Using a javascript: URI with a setTimeout race condition, an attacker  ...)
+	TODO: check
+CVE-2024-0430 (IObit Malware Fighter v11.0.0.1274 is vulnerable to a Denial of Servic ...)
+	TODO: check
+CVE-2024-0204 (Authentication bypass in Fortra's GoAnywhere MFT prior to 7.4.1 allows ...)
+	TODO: check
+CVE-2023-7194 (The Meris WordPress theme through 1.1.2 does not sanitise and escape s ...)
+	TODO: check
+CVE-2023-7170 (The EventON-RSVP WordPress plugin before 2.9.5 does not sanitise and e ...)
+	TODO: check
+CVE-2023-7082 (The Import any XML or CSV File to WordPress plugin before 3.7.3 accept ...)
+	TODO: check
+CVE-2023-6626 (The Product Enquiry for WooCommerce WordPress plugin before 3.1 does n ...)
+	TODO: check
+CVE-2023-6625 (The Product Enquiry for WooCommerce WordPress plugin before 3.1 does n ...)
+	TODO: check
+CVE-2023-6456 (The WP Review Slider WordPress plugin before 13.0 does not sanitise an ...)
+	TODO: check
+CVE-2023-6447 (The EventPrime WordPress plugin before 3.3.6 lacks authentication and  ...)
+	TODO: check
+CVE-2023-6384 (The WP User Profile Avatar WordPress plugin before 1.0.1 does not prop ...)
+	TODO: check
+CVE-2023-6290 (The SEOPress WordPress plugin before 7.3 does not sanitise and escape  ...)
+	TODO: check
+CVE-2023-50308 (IBM Db2 for Linux, UNIX and Windows (includes DB2 Connect Server) 11.5 ...)
+	TODO: check
+CVE-2023-48118 (SQL Injection vulnerability in Quest Analytics LLC IQCRM v.2023.9.5 al ...)
+	TODO: check
+CVE-2023-47747 (IBM DB2 for Linux, UNIX and Windows (includes Db2 Connect Server) 10.1 ...)
+	TODO: check
+CVE-2023-47746 (IBM Db2 for Linux, UNIX and Windows (includes Db2 Connect Server) 10.5 ...)
+	TODO: check
+CVE-2023-47158 (IBM DB2 for Linux, UNIX and Windows (includes Db2 Connect Server) 10.1 ...)
+	TODO: check
+CVE-2023-47152 (IBM Db2 for Linux, UNIX and Windows (includes Db2 Connect Server) 11.5 ...)
+	TODO: check
+CVE-2023-45193 (IBM Db2 for Linux, UNIX and Windows (includes Db2 Connect Server) 11.5 ...)
+	TODO: check
+CVE-2023-44395 (Autolab is a course management service that enables instructors to off ...)
+	TODO: check
+CVE-2020-36772 (CloudLinux  CageFS 7.0.8-2 or below insufficiently restricts file path ...)
+	TODO: check
+CVE-2020-36771 (CloudLinux  CageFS 7.1.1-1 or below passes the authentication token as ...)
+	TODO: check
 CVE-2023-46838
 	- linux <unfixed>
 	NOTE: CVE-2023-46838
@@ -45,7 +107,7 @@ CVE-2023-47352 (Technicolor TC8715D devices have predictable default WPA2 securi
 	NOT-FOR-US: Technicolor
 CVE-2017-20189 (In Clojure before 1.9.0, classes can be used to construct a serialized ...)
 	- clojure 1.9.0-1
-CVE-2024-0775 [ext4: improve error recovery code paths in __ext4_remount()]
+CVE-2024-0775 (A use-after-free flaw was found in the __ext4_remount in fs/ext4/super ...)
 	- linux 6.3.7-1
 	[bookworm] - linux 6.1.37-1
 	[bullseye] - linux 5.10.191-1
@@ -4913,7 +4975,7 @@ CVE-2023-51765 (sendmail through 8.17.2 allows SMTP smuggling in certain configu
 	NOTE: https://sec-consult.com/blog/detail/smtp-smuggling-spoofing-e-mails-worldwide/
 	NOTE: https://www.openwall.com/lists/oss-security/2023/12/21/6
 	NOTE: https://www.openwall.com/lists/oss-security/2023/12/26/5
-CVE-2023-51764 (Postfix through 3.8.4 allows SMTP smuggling unless configured with smt ...)
+CVE-2023-51764 (Postfix through 3.8.5 allows SMTP smuggling unless configured with smt ...)
 	- postfix 3.8.4-1 (bug #1059230)
 	[bookworm] - postfix <no-dsa> (Minor issue; mitigations exist)
 	[bullseye] - postfix <no-dsa> (Minor issue; mitigations exist)
@@ -50065,8 +50127,8 @@ CVE-2023-27861 (IBM Maximo Application Suite - Manage Component 8.8.0 and 8.9.0
 	NOT-FOR-US: IBM
 CVE-2023-27860 (IBM Maximo Asset Management 7.6.1.2 and 7.6.1.3 could disclose sensiti ...)
 	NOT-FOR-US: IBM
-CVE-2023-27859
-	RESERVED
+CVE-2023-27859 (IBM Db2 10.1, 10.5, and 11.1 could allow a remote user to execute arbi ...)
+	TODO: check
 CVE-2023-27858 (Rockwell Automation Arena Simulation contains an arbitrary code execut ...)
 	NOT-FOR-US: Rockwell Automation
 CVE-2023-27857 (In affected versions, a heap-based buffer over-read condition occurs w ...)
@@ -76015,17 +76077,17 @@ CVE-2022-45797 (An arbitrary file deletion vulnerability in the Damage Cleanup E
 CVE-2022-45796 (Command injection vulnerability in nw_interface.html in SHARP multifun ...)
 	NOT-FOR-US: SHARP
 CVE-2022-45795
-	RESERVED
+	REJECTED
 CVE-2022-45794 (An attacker with network access to the affected PLC (CJ-series and CS- ...)
 	NOT-FOR-US: CS/CJ-series Programmable Controllers
-CVE-2022-45793 ([PROBLEMTYPE] in [VENDOR] [PRODUCT] [VERSION] on [PLATFORMS] allows [A ...)
+CVE-2022-45793 (Sysmac Studio installs executables in a directory with poor permission ...)
 	NOT-FOR-US: Omron
-CVE-2022-45792
-	RESERVED
+CVE-2022-45792 (Project files may contain malicious contents which the software will u ...)
+	TODO: check
 CVE-2022-45791
-	RESERVED
-CVE-2022-45790
-	RESERVED
+	REJECTED
+CVE-2022-45790 (The Omron FINS protocol has an authenticated feature to prevent access ...)
+	TODO: check
 CVE-2022-45789 (A CWE-294: Authentication Bypass by Capture-replay vulnerability exist ...)
 	NOT-FOR-US: Schneider Electric
 CVE-2022-45788 (A CWE-754: Improper Check for Unusual or Exceptional Conditions vulner ...)



View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/7d046261698bb427b0f8cc4a3bb18b7cf423c81a

-- 
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/7d046261698bb427b0f8cc4a3bb18b7cf423c81a
You're receiving this email because of your account on salsa.debian.org.


-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://alioth-lists.debian.net/pipermail/debian-security-tracker-commits/attachments/20240122/bb2cebec/attachment.htm>

More information about the debian-security-tracker-commits mailing list