[Git][security-tracker-team/security-tracker][master] automatic update

Salvatore Bonaccorso (@carnil) carnil at debian.org
Thu Jan 25 08:11:56 GMT 2024 


Salvatore Bonaccorso pushed to branch master at Debian Security Tracker / security-tracker


Commits:
294451f6 by security tracker role at 2024-01-25T08:11:42+00:00
automatic update

- - - - -


1 changed file:

- data/CVE/list


Changes:

=====================================
data/CVE/list
=====================================
@@ -1,3 +1,29 @@
+CVE-2024-23985 (EzServer 6.4.017 allows a denial of service (daemon crash) via a long  ...)
+	TODO: check
+CVE-2024-23307 (Integer Overflow or Wraparound vulnerability in Linux Linux kernel ker ...)
+	TODO: check
+CVE-2024-22751 (D-Link DIR-882 DIR882A1_FW130B06 was discovered to contain a stack ove ...)
+	TODO: check
+CVE-2024-22099 (NULL Pointer Dereference vulnerability in Linux Linux kernel kernel on ...)
+	TODO: check
+CVE-2024-0688 (The "WebSub (FKA. PubSubHubbub)" plugin for WordPress is vulnerable to ...)
+	TODO: check
+CVE-2024-0625 (The WPFront Notification Bar plugin for WordPress is vulnerable to Sto ...)
+	TODO: check
+CVE-2024-0624 (The Paid Memberships Pro \u2013 Content Restriction, User Registration ...)
+	TODO: check
+CVE-2024-0617 (The Category Discount Woocommerce plugin for WordPress is vulnerable t ...)
+	TODO: check
+CVE-2023-50785 (Zoho ManageEngine ADAudit Plus before 7270 allows admin users to view  ...)
+	TODO: check
+CVE-2023-33760 (SpliceCom Maximiser Soft PBX v1.5 and before was discovered to utilize ...)
+	TODO: check
+CVE-2023-33759 (SpliceCom Maximiser Soft PBX v1.5 and before does not restrict excessi ...)
+	TODO: check
+CVE-2023-33758 (Splicecom Maximiser Soft PBX v1.5 and before was discovered to contain ...)
+	TODO: check
+CVE-2023-33757 (A lack of SSL certificate validation in Splicecom iPCS (iOS App) v1.3. ...)
+	TODO: check
 CVE-2024-0822
 	NOT-FOR-US: ovirt-engine
 CVE-2024-0727 [Add NULL checks where ContentInfo data can be NULL]
@@ -290,46 +316,57 @@ CVE-2023-31654 (Redis raft master-1b8bd86 to master-7b46079 was discovered to co
 CVE-2022-4964 (Ubuntu's pipewire-pulse in snap grants microphone access even when the ...)
 	NOT-FOR-US: Ubuntu snap pipewire-pulse
 CVE-2024-0814 (Incorrect security UI in Payments in Google Chrome prior to 121.0.6167 ...)
+	{DSA-5607-1}
 	- chromium 121.0.6167.85-1
 	[bullseye] - chromium <end-of-life> (see #1061268)
 	[buster] - chromium <end-of-life> (see DSA 5046)
 CVE-2024-0813 (Use after free in Reading Mode in Google Chrome prior to 121.0.6167.85 ...)
+	{DSA-5607-1}
 	- chromium 121.0.6167.85-1
 	[bullseye] - chromium <end-of-life> (see #1061268)
 	[buster] - chromium <end-of-life> (see DSA 5046)
 CVE-2024-0812 (Inappropriate implementation in Accessibility in Google Chrome prior t ...)
+	{DSA-5607-1}
 	- chromium 121.0.6167.85-1
 	[bullseye] - chromium <end-of-life> (see #1061268)
 	[buster] - chromium <end-of-life> (see DSA 5046)
 CVE-2024-0811 (Inappropriate implementation in Extensions API in Google Chrome prior  ...)
+	{DSA-5607-1}
 	- chromium 121.0.6167.85-1
 	[bullseye] - chromium <end-of-life> (see #1061268)
 	[buster] - chromium <end-of-life> (see DSA 5046)
 CVE-2024-0810 (Insufficient policy enforcement in DevTools in Google Chrome prior to  ...)
+	{DSA-5607-1}
 	- chromium 121.0.6167.85-1
 	[bullseye] - chromium <end-of-life> (see #1061268)
 	[buster] - chromium <end-of-life> (see DSA 5046)
 CVE-2024-0809 (Inappropriate implementation in Autofill in Google Chrome prior to 121 ...)
+	{DSA-5607-1}
 	- chromium 121.0.6167.85-1
 	[bullseye] - chromium <end-of-life> (see #1061268)
 	[buster] - chromium <end-of-life> (see DSA 5046)
 CVE-2024-0808 (Integer underflow in WebUI in Google Chrome prior to 121.0.6167.85 all ...)
+	{DSA-5607-1}
 	- chromium 121.0.6167.85-1
 	[bullseye] - chromium <end-of-life> (see #1061268)
 	[buster] - chromium <end-of-life> (see DSA 5046)
 CVE-2024-0807 (Use after free in Web Audio in Google Chrome prior to 121.0.6167.85 al ...)
+	{DSA-5607-1}
 	- chromium 121.0.6167.85-1
 	[bullseye] - chromium <end-of-life> (see #1061268)
 	[buster] - chromium <end-of-life> (see DSA 5046)
 CVE-2024-0806 (Use after free in Passwords in Google Chrome prior to 121.0.6167.85 al ...)
+	{DSA-5607-1}
 	- chromium 121.0.6167.85-1
 	[bullseye] - chromium <end-of-life> (see #1061268)
 	[buster] - chromium <end-of-life> (see DSA 5046)
 CVE-2024-0805 (Inappropriate implementation in Downloads in Google Chrome prior to 12 ...)
+	{DSA-5607-1}
 	- chromium 121.0.6167.85-1
 	[bullseye] - chromium <end-of-life> (see #1061268)
 	[buster] - chromium <end-of-life> (see DSA 5046)
 CVE-2024-0804 (Insufficient policy enforcement in iOS Security UI in Google Chrome pr ...)
+	{DSA-5607-1}
 	- chromium 121.0.6167.85-1
 	[bullseye] - chromium <end-of-life> (see #1061268)
 	[buster] - chromium <end-of-life> (see DSA 5046)
@@ -6904,6 +6941,7 @@ CVE-2023-32727 (An attacker who has the privilege to configure Zabbix items can
 	NOTE: https://github.com/zabbix/zabbix/commit/610f9fdbb86667f4094972547deb936c6cdfc6d5 (6.0.23rc1)
 	NOTE: introduced in https://git.zabbix.com/projects/ZBX/repos/zabbix/commits/57abe5a1f2c208d05cc59029026098c2f13ed464 (4.4.0alpha3)
 CVE-2023-32726 (The vulnerability is caused by improper check for check if RDLENGTH do ...)
+	{DLA-3717-1}
 	- zabbix 1:6.0.24+dfsg-1
 	NOTE: https://support.zabbix.com/browse/ZBX-23855
 	NOTE: https://github.com/zabbix/zabbix/commit/53ef2b7119f57f4140e6bd9c5cd2d3c6af228179 (6.0.24rc1)
@@ -6917,7 +6955,7 @@ CVE-2023-32725 (The website configured in the URL widget will receive a session
 CVE-2023-32230 (An improper handling of a malformed API request to an API server in Bo ...)
 	NOT-FOR-US: Bosch
 CVE-2023-48795 (The SSH transport protocol with certain OpenSSH extensions, found in O ...)
-	{DSA-5601-1 DSA-5600-1 DSA-5599-1 DSA-5591-1 DSA-5588-1 DSA-5586-1 DLA-3694-1}
+	{DSA-5601-1 DSA-5600-1 DSA-5599-1 DSA-5591-1 DSA-5588-1 DSA-5586-1 DLA-3719-1 DLA-3718-1 DLA-3694-1}
 	- dropbear 2022.83-4 (bug #1059001)
 	[bookworm] - dropbear <no-dsa> (Minor issue)
 	[bullseye] - dropbear <no-dsa> (Minor issue)
@@ -12716,7 +12754,7 @@ CVE-2023-48199 (HTML Injection vulnerability in the 'manageApiKeys' component in
 	- grocy <itp> (bug #969056)
 CVE-2023-48198 (A Cross-Site Scripting (XSS) vulnerability in the 'product description ...)
 	- grocy <itp> (bug #969056)
-CVE-2023-48197 (Cross Site Scripting vulnerability in Grocy v.4.0.3 allows a local att ...)
+CVE-2023-48197 (Cross-Site Scripting (XSS) vulnerability in the \u2018manageApiKeys\u2 ...)
 	- grocy <itp> (bug #969056)
 CVE-2023-47674 (Missing authentication for critical function vulnerability in First Co ...)
 	NOT-FOR-US: First Corporation
@@ -18758,6 +18796,7 @@ CVE-2023-32724 (Memory pointer is in a property of the Ducktape object. This lea
 	NOTE: https://github.com/zabbix/zabbix/commit/7266d0ac709b68ccb4d69d28253488670b8b4eb7 (release/5.0)
 	NOTE: https://github.com/zabbix/zabbix/commit/b28bf2f7081cffaeecbfb797d6e625e72679c06e (release/6.0)
 CVE-2023-32723 (Request to LDAP is sent before user permissions are checked.)
+	{DLA-3717-1}
 	- zabbix 1:6.0.23+dfsg-1 (bug #1053877)
 	[bookworm] - zabbix <no-dsa> (Minor issue)
 	[bullseye] - zabbix <no-dsa> (Minor issue)
@@ -18770,6 +18809,7 @@ CVE-2023-32722 (The zabbix/src/libs/zbxjson module is vulnerable to a buffer ove
 	[buster] - zabbix <not-affected> (vulnerable code introduced later)
 	NOTE: https://support.zabbix.com/browse/ZBX-23390
 CVE-2023-32721 (A stored XSS has been found in the Zabbix web application in the Maps  ...)
+	{DLA-3717-1}
 	- zabbix 1:6.0.23+dfsg-1 (bug #1053877)
 	[bookworm] - zabbix <no-dsa> (Minor issue)
 	[bullseye] - zabbix <no-dsa> (Minor issue)
@@ -60097,8 +60137,8 @@ CVE-2023-24678 (A vulnerability in Centralite Pearl Thermostat 0x04075010 allows
 	NOT-FOR-US: Centralite Pearl Thermostat
 CVE-2023-24677
 	RESERVED
-CVE-2023-24676
-	RESERVED
+CVE-2023-24676 (An issue found in Processwire 3.0.210 allows attackers to execute arbi ...)
+	TODO: check
 CVE-2023-24675 (Cross Site Scripting Vulnerability in BluditCMS v.3.14.1 allows attack ...)
 	NOT-FOR-US: BluditCMS
 CVE-2023-24674 (Permissions vulnerability found in Bludit CMS v.4.0.0 allows local att ...)



View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/294451f6d292360a02fc2454a7ed7d13386dd0a2

-- 
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/294451f6d292360a02fc2454a7ed7d13386dd0a2
You're receiving this email because of your account on salsa.debian.org.


-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://alioth-lists.debian.net/pipermail/debian-security-tracker-commits/attachments/20240125/eea302b0/attachment-0001.htm>

More information about the debian-security-tracker-commits mailing list