[Git][security-tracker-team/security-tracker][master] automatic update

Salvatore Bonaccorso (@carnil) carnil at debian.org
Thu Jan 25 20:23:10 GMT 2024 


Salvatore Bonaccorso pushed to branch master at Debian Security Tracker / security-tracker


Commits:
b7fb9bfa by security tracker role at 2024-01-25T20:22:56+00:00
automatic update

- - - - -


1 changed file:

- data/CVE/list


Changes:

=====================================
data/CVE/list
=====================================
@@ -1,3 +1,39 @@
+CVE-2024-23855 (A vulnerability has been reported in Cups Easy (Purchase & Inventory), ...)
+	TODO: check
+CVE-2024-23817 (Dolibarr is an enterprise resource planning (ERP) and customer relatio ...)
+	TODO: check
+CVE-2024-23656 (Dex is an identity service that uses OpenID Connect to drive authentic ...)
+	TODO: check
+CVE-2024-23655 (Tuta is an encrypted email service. Starting in version 3.118.12 and p ...)
+	TODO: check
+CVE-2024-22749 (GPAC v2.3 was detected to contain a buffer overflow via the function g ...)
+	TODO: check
+CVE-2024-22729 (NETIS SYSTEMS MW5360 V1.0.1.3031 was discovered to contain a command i ...)
+	TODO: check
+CVE-2024-22529 (TOTOLINK X2000R_V2 V2.0.0-B20230727.10434 has a command injection vuln ...)
+	TODO: check
+CVE-2024-22432 (Networker 19.9 and all prior versions contains a Plain-text Password s ...)
+	TODO: check
+CVE-2024-21630 (Zulip is an open-source team collaboration tool. A vulnerability in ve ...)
+	TODO: check
+CVE-2024-0883 (A vulnerability was found in SourceCodester Online Tours & Travels Man ...)
+	TODO: check
+CVE-2024-0882 (A vulnerability was found in qwdigital LinkWechat 5.1.0. It has been c ...)
+	TODO: check
+CVE-2024-0880 (A vulnerability was found in Qidianbang qdbcrm 1.1.0 and classified as ...)
+	TODO: check
+CVE-2024-0879 (Authentication bypass in vector-admin allows a user to register to a v ...)
+	TODO: check
+CVE-2023-7227 (SystemK NVR 504/508/516 versions 2.3.5SK.30084998 and prior are vulner ...)
+	TODO: check
+CVE-2023-6282 (IceHrm 23.0.0.OS does not sufficiently encode user-controlled input, w ...)
+	TODO: check
+CVE-2023-52076 (Atril Document Viewer is the default document reader of the MATE deskt ...)
+	TODO: check
+CVE-2023-41474 (Directory Traversal vulnerability in Ivanti Avalanche 6.3.4.153 allows ...)
+	TODO: check
+CVE-2023-3181 (The C:\Program Files (x86)\Splashtop\Splashtop Software Updater\uninst ...)
+	TODO: check
 CVE-2024-23985 (EzServer 6.4.017 allows a denial of service (daemon crash) via a long  ...)
 	NOT-FOR-US: EzServer
 CVE-2024-23307 (Integer Overflow or Wraparound vulnerability in Linux Linux kernel ker ...)
@@ -26,7 +62,7 @@ CVE-2023-33758 (Splicecom Maximiser Soft PBX v1.5 and before was discovered to c
 	NOT-FOR-US: SpliceCom
 CVE-2023-33757 (A lack of SSL certificate validation in Splicecom iPCS (iOS App) v1.3. ...)
 	NOT-FOR-US: SpliceCom
-CVE-2024-0822
+CVE-2024-0822 (An authentication bypass vulnerability was found in overt-engine. This ...)
 	NOT-FOR-US: ovirt-engine
 CVE-2024-0727 [Add NULL checks where ContentInfo data can be NULL]
 	- openssl <unfixed>
@@ -37,16 +73,16 @@ CVE-2024-0727 [Add NULL checks where ContentInfo data can be NULL]
 	NOTE: https://github.com/openssl/openssl/commit/8a85df7c60ba1372ee98acc5982e902d75f52130 (master)
 	NOTE: https://github.com/openssl/openssl/commit/d135eeab8a5dbf72b3da5240bab9ddb7678dbd2c (openssl-3.1)
 	NOTE: https://github.com/openssl/openssl/commit/d135eeab8a5dbf72b3da5240bab9ddb7678dbd2c (openssl-3.1)
-CVE-2023-6267
+CVE-2023-6267 (A flaw was found in the json payload. If annotation based security is  ...)
 	NOT-FOR-US: Quarkus
 CVE-2023-5675
 	NOT-FOR-US: Quarkus
-CVE-2023-52356
+CVE-2023-52356 (A segment fault (SEGV) flaw was found in libtiff that could be trigger ...)
 	- tiff <unfixed>
 	NOTE: https://gitlab.com/libtiff/libtiff/-/issues/622
 	NOTE: https://gitlab.com/libtiff/libtiff/-/merge_requests/546
 	NOTE: https://gitlab.com/libtiff/libtiff/-/commit/51558511bdbbcffdce534db21dbaf5d54b31638a
-CVE-2023-52355
+CVE-2023-52355 (An out-of-memory flaw was found in libtiff that could be triggered by  ...)
 	- tiff <unfixed>
 	NOTE: https://gitlab.com/libtiff/libtiff/-/issues/621
 	NOTE: https://gitlab.com/libtiff/libtiff/-/merge_requests/553
@@ -65,7 +101,7 @@ CVE-2023-40549
 CVE-2023-40548
 	- shim <unfixed>
 	NOTE: https://bugzilla.redhat.com/show_bug.cgi?id=2241782
-CVE-2023-40547
+CVE-2023-40547 (A remote code execution vulnerability was found in Shim. The Shim boot ...)
 	- shim <unfixed>
 	NOTE: https://bugzilla.redhat.com/show_bug.cgi?id=2234589
 CVE-2023-40546
@@ -480,7 +516,7 @@ CVE-2023-44401 (The Silverstripe CMS GraphQL Server serves Silverstripe data as
 CVE-2023-42143 (Missing Integrity Check in Shelly TRV 20220811-152343/v2.1.8 at 5afc928c  ...)
 	NOT-FOR-US: Shelly
 CVE-2024-0755 (Memory safety bugs present in Firefox 121, Firefox ESR 115.6, and Thun ...)
-	{DSA-5606-1 DSA-5605-1}
+	{DSA-5606-1 DSA-5605-1 DLA-3720-1}
 	- firefox 122.0-1
 	- firefox-esr 115.7.0esr-1
 	- thunderbird 1:115.7.0-1
@@ -491,7 +527,7 @@ CVE-2024-0754 (Some WASM source files could have caused a crash when loaded in d
 	- firefox 122.0-1
 	NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2024-01/#CVE-2024-0754
 CVE-2024-0753 (In specific HSTS configurations an attacker could have bypassed HSTS o ...)
-	{DSA-5606-1 DSA-5605-1}
+	{DSA-5606-1 DSA-5605-1 DLA-3720-1}
 	- firefox 122.0-1
 	- firefox-esr 115.7.0esr-1
 	- thunderbird 1:115.7.0-1
@@ -502,7 +538,7 @@ CVE-2024-0752 (A use-after-free crash could have occurred on macOS if a Firefox
 	- firefox <not-affected> (Only affects Firefox on MacOS)
 	NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2024-01/#CVE-2024-0752
 CVE-2024-0751 (A malicious devtools extension could have been used to escalate privil ...)
-	{DSA-5606-1 DSA-5605-1}
+	{DSA-5606-1 DSA-5605-1 DLA-3720-1}
 	- firefox 122.0-1
 	- firefox-esr 115.7.0esr-1
 	- thunderbird 1:115.7.0-1
@@ -510,7 +546,7 @@ CVE-2024-0751 (A malicious devtools extension could have been used to escalate p
 	NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2024-02/#CVE-2024-0751
 	NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2024-04/#CVE-2024-0751
 CVE-2024-0750 (A bug in popup notifications delay calculation could have made it poss ...)
-	{DSA-5606-1 DSA-5605-1}
+	{DSA-5606-1 DSA-5605-1 DLA-3720-1}
 	- firefox 122.0-1
 	- firefox-esr 115.7.0esr-1
 	- thunderbird 1:115.7.0-1
@@ -518,7 +554,7 @@ CVE-2024-0750 (A bug in popup notifications delay calculation could have made it
 	NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2024-02/#CVE-2024-0750
 	NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2024-04/#CVE-2024-0750
 CVE-2024-0749 (A phishing site could have repurposed an `about:` dialog to show phish ...)
-	{DSA-5606-1 DSA-5605-1}
+	{DSA-5606-1 DSA-5605-1 DLA-3720-1}
 	- firefox 122.0-1
 	- firefox-esr 115.7.0esr-1
 	- thunderbird 1:115.7.0-1
@@ -529,7 +565,7 @@ CVE-2024-0748 (A compromised content process could have updated the document URI
 	- firefox 122.0-1
 	NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2024-01/#CVE-2024-0748
 CVE-2024-0747 (When a parent page loaded a child in an iframe with `unsafe-inline`, t ...)
-	{DSA-5606-1 DSA-5605-1}
+	{DSA-5606-1 DSA-5605-1 DLA-3720-1}
 	- firefox 122.0-1
 	- firefox-esr 115.7.0esr-1
 	- thunderbird 1:115.7.0-1
@@ -537,7 +573,7 @@ CVE-2024-0747 (When a parent page loaded a child in an iframe with `unsafe-inlin
 	NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2024-02/#CVE-2024-0747
 	NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2024-04/#CVE-2024-0747
 CVE-2024-0746 (A Linux user opening the print preview dialog could have caused the br ...)
-	{DSA-5606-1 DSA-5605-1}
+	{DSA-5606-1 DSA-5605-1 DLA-3720-1}
 	- firefox 122.0-1
 	- firefox-esr 115.7.0esr-1
 	- thunderbird 1:115.7.0-1
@@ -555,7 +591,7 @@ CVE-2024-0743 (An unchecked return value in TLS handshake code could have caused
 	NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2024-01/#CVE-2024-0743
 	TODO: check src:nss
 CVE-2024-0742 (It was possible for certain browser prompts and dialogs to be activate ...)
-	{DSA-5606-1 DSA-5605-1}
+	{DSA-5606-1 DSA-5605-1 DLA-3720-1}
 	- firefox 122.0-1
 	- firefox-esr 115.7.0esr-1
 	- thunderbird 1:115.7.0-1
@@ -563,7 +599,7 @@ CVE-2024-0742 (It was possible for certain browser prompts and dialogs to be act
 	NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2024-02/#CVE-2024-0742
 	NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2024-04/#CVE-2024-0742
 CVE-2024-0741 (An out of bounds write in ANGLE could have allowed an attacker to corr ...)
-	{DSA-5606-1 DSA-5605-1}
+	{DSA-5606-1 DSA-5605-1 DLA-3720-1}
 	- firefox 122.0-1
 	- firefox-esr 115.7.0esr-1
 	- thunderbird 1:115.7.0-1
@@ -659,7 +695,7 @@ CVE-2024-22895 (DedeCMS 5.7.112 has a File Upload vulnerability via uploads/dede
 CVE-2024-22233 (In Spring Framework versions 6.0.15 and 6.1.2, it is possible for a us ...)
 	- libspring-java <not-affected> (Only affects 6.x)
 	NOTE: https://spring.io/security/cve-2024-22233/
-CVE-2024-0784 (A vulnerability was found in biantaibao octopus 1.0. It has been class ...)
+CVE-2024-0784 (A vulnerability was found in hongmaple octopus 1.0. It has been classi ...)
 	NOT-FOR-US: biantaibao octopus
 CVE-2024-0783 (A vulnerability was found in Project Worlds Online Admission System 1. ...)
 	NOT-FOR-US: Project Worlds Online Admission System
@@ -3145,7 +3181,7 @@ CVE-2023-47996 (An integer overflow vulnerability in Exif.cpp::jpeg_read_exif_di
 	[bookworm] - freeimage <postponed> (Revisit when fixed upstream)
 	[bullseye] - freeimage <postponed> (Revisit when fixed upstream)
 	NOTE: https://github.com/thelastede/FreeImage-cve-poc/tree/master/CVE-2023-47996
-CVE-2023-47995 (Buffer Overflow vulnerability in BitmapAccess.cpp::FreeImage_AllocateB ...)
+CVE-2023-47995 (Memory Allocation with Excessive Size Value discovered in BitmapAccess ...)
 	- freeimage <unfixed> (bug #1060862)
 	[bookworm] - freeimage <postponed> (Revisit when fixed upstream)
 	[bullseye] - freeimage <postponed> (Revisit when fixed upstream)
@@ -57816,7 +57852,7 @@ CVE-2023-25531 (NVIDIA DGX H100 BMC contains a vulnerability in IPMI, where an a
 	NOT-FOR-US: NVIDIA DGX H100 BMC
 CVE-2023-25530 (NVIDIA DGX H100 BMC contains a vulnerability in the KVM service, where ...)
 	NOT-FOR-US: NVIDIA DGX H100 BMC
-CVE-2023-25529 (NVIDIA DGX H100 BMC contains a vulnerability in the host KVM daemon, w ...)
+CVE-2023-25529 (NVIDIA DGX H100 BMC and DGX A100 BMC contains a vulnerability in the h ...)
 	NOT-FOR-US: NVIDIA DGX H100 BMC
 CVE-2023-25528 (NVIDIA DGX H100 baseboard management controller (BMC) contains a vulne ...)
 	NOT-FOR-US: NVIDIA DGX H100 BMC



View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/b7fb9bfa67ab072fff27a7120c12abf336afbfd1

-- 
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/b7fb9bfa67ab072fff27a7120c12abf336afbfd1
You're receiving this email because of your account on salsa.debian.org.


-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://alioth-lists.debian.net/pipermail/debian-security-tracker-commits/attachments/20240125/47a293b3/attachment.htm>

More information about the debian-security-tracker-commits mailing list