[Git][security-tracker-team/security-tracker][master] automatic update
Salvatore Bonaccorso (@carnil)
carnil at debian.org
Fri Jan 26 08:12:24 GMT 2024
Salvatore Bonaccorso pushed to branch master at Debian Security Tracker / security-tracker
Commits:
1b57d9bf by security tracker role at 2024-01-26T08:12:09+00:00
automatic update
- - - - -
1 changed file:
- data/CVE/list
Changes:
=====================================
data/CVE/list
=====================================
@@ -1,3 +1,113 @@
+CVE-2024-24399 (An arbitrary file upload vulnerability in LeptonCMS v7.0.0 allows auth ...)
+ TODO: check
+CVE-2024-23630 (An arbitrary firmware upload vulnerability exists in the Motorola MR2 ...)
+ TODO: check
+CVE-2024-23629 (An authentication bypass vulnerability exists in the web component of ...)
+ TODO: check
+CVE-2024-23628 (A command injection vulnerability exists in the 'SaveStaticRouteIPv6P ...)
+ TODO: check
+CVE-2024-23627 (A command injection vulnerability exists in the 'SaveStaticRouteIPv4Pa ...)
+ TODO: check
+CVE-2024-23626 (A command injection vulnerability exists in the \u2018SaveSysLogParams ...)
+ TODO: check
+CVE-2024-23625 (A command injection vulnerability exists in D-Link DAP-1650 devices wh ...)
+ TODO: check
+CVE-2024-23624 (A command injection vulnerability exists in the gena.cgi module of D-L ...)
+ TODO: check
+CVE-2024-23622 (A stack-based buffer overflow exists in IBM Merge Healthcare eFilm Wor ...)
+ TODO: check
+CVE-2024-23621 (A buffer overflow exists in IBM Merge Healthcare eFilm Workstation lic ...)
+ TODO: check
+CVE-2024-23620 (An improper privilege management vulnerability exists in IBM Merge Hea ...)
+ TODO: check
+CVE-2024-23619 (A hardcoded credential vulnerability exists in IBM Merge Healthcare eF ...)
+ TODO: check
+CVE-2024-23618 (An arbitrary code execution vulnerability exists in Arris SURFboard SG ...)
+ TODO: check
+CVE-2024-23617 (A buffer overflow vulnerability exists in Symantec Data Loss Preventio ...)
+ TODO: check
+CVE-2024-23616 (A buffer overflow vulnerability exists in Symantec Server Management S ...)
+ TODO: check
+CVE-2024-23615 (A buffer overflow vulnerability exists in Symantec Messaging Gateway v ...)
+ TODO: check
+CVE-2024-23614 (A buffer overflow vulnerability exists in Symantec Messaging Gateway v ...)
+ TODO: check
+CVE-2024-23613 (A buffer overflow vulnerability exists in Symantec Deployment Solution ...)
+ TODO: check
+CVE-2024-23388 (Improper authorization in handler for custom URL scheme issue in "Merc ...)
+ TODO: check
+CVE-2024-23055 (An issue in Plone Docker Official Image 5.2.13 (5221) open-source soft ...)
+ TODO: check
+CVE-2024-22922 (An issue in Projectworlds Vistor Management Systemin PHP v.1.0 allows ...)
+ TODO: check
+CVE-2024-22639 (iGalerie v3.0.22 was discovered to contain a reflected cross-site scri ...)
+ TODO: check
+CVE-2024-22638 (liveSite v2019.1 was discovered to contain a remote code execution (RC ...)
+ TODO: check
+CVE-2024-22637 (Form Tools v3.1.1 was discovered to contain a reflected cross-site scr ...)
+ TODO: check
+CVE-2024-22636 (PluXml Blog v5.8.9 was discovered to contain a remote code execution ( ...)
+ TODO: check
+CVE-2024-22635 (WebCalendar v1.3.0 was discovered to contain a reflected cross-site sc ...)
+ TODO: check
+CVE-2024-22545 (TRENDnet TEW-824DRU version 1.04b01 is vulnerable to Command Injection ...)
+ TODO: check
+CVE-2024-21620 (An Improper Neutralization of Input During Web Page Generation ('Cross ...)
+ TODO: check
+CVE-2024-21619 (A Missing Authentication for Critical Function vulnerability combined ...)
+ TODO: check
+CVE-2024-21387 (Microsoft Edge for Android Spoofing Vulnerability)
+ TODO: check
+CVE-2024-21385 (Microsoft Edge (Chromium-based) Elevation of Privilege Vulnerability)
+ TODO: check
+CVE-2024-21383 (Microsoft Edge (Chromium-based) Spoofing Vulnerability)
+ TODO: check
+CVE-2024-21382 (Microsoft Edge for Android Information Disclosure Vulnerability)
+ TODO: check
+CVE-2024-21326 (Microsoft Edge (Chromium-based) Elevation of Privilege Vulnerability)
+ TODO: check
+CVE-2024-0891 (A vulnerability was found in hongmaple octopus 1.0. It has been declar ...)
+ TODO: check
+CVE-2024-0890 (A vulnerability was found in hongmaple octopus 1.0. It has been classi ...)
+ TODO: check
+CVE-2024-0889 (A vulnerability was found in Kmint21 Golden FTP Server 2.02b and class ...)
+ TODO: check
+CVE-2024-0888 (A vulnerability, which was classified as problematic, was found in BOR ...)
+ TODO: check
+CVE-2024-0887 (A vulnerability, which was classified as problematic, has been found i ...)
+ TODO: check
+CVE-2024-0886 (A vulnerability classified as problematic was found in Poikosoft EZ CD ...)
+ TODO: check
+CVE-2024-0885 (A vulnerability classified as problematic has been found in SpyCamLiza ...)
+ TODO: check
+CVE-2024-0884 (A vulnerability was found in SourceCodester Online Tours & Travels Man ...)
+ TODO: check
+CVE-2023-6919 (Path Traversal: '/../filedir' vulnerability in Biges Safe Life Technol ...)
+ TODO: check
+CVE-2023-52251 (An issue discovered in provectus kafka-ui 0.4.0 through 0.7.1 allows r ...)
+ TODO: check
+CVE-2023-52046 (Cross Site Scripting vulnerability (XSS) in webmin v.2.105 and earlier ...)
+ TODO: check
+CVE-2023-51833 (A command injection issue in TRENDnet TEW-411BRPplus v.2.07_eu that al ...)
+ TODO: check
+CVE-2023-48135 (An issue in mimasaka_farm mini-app on Line v13.6.1 allows attackers to ...)
+ TODO: check
+CVE-2023-48133 (An issue in angel coffee mini-app on Line v13.6.1 allows attackers to ...)
+ TODO: check
+CVE-2023-48132 (An issue in kosei entertainment esportsstudioLegends mini-app on Line ...)
+ TODO: check
+CVE-2023-48131 (An issue in CHIGASAKI BAKERY mini-app on Line v13.6.1 allows attackers ...)
+ TODO: check
+CVE-2023-48130 (An issue in GINZA CAFE mini-app on Line v13.6.1 allows attackers to se ...)
+ TODO: check
+CVE-2023-48129 (An issue in kimono-oldnew mini-app on Line v13.6.1 allows attackers to ...)
+ TODO: check
+CVE-2023-48128 (An issue in UNITED BOXING GYM mini-app on Line v13.6.1 allows attacker ...)
+ TODO: check
+CVE-2023-48127 (An issue in myGAKUYA mini-app on Line v13.6.1 allows attackers to send ...)
+ TODO: check
+CVE-2023-48126 (An issue in Luxe Beauty Clinic mini-app on Line v13.6.1 allows attacke ...)
+ TODO: check
CVE-2024-0914
- opencryptoki <unfixed>
NOTE: https://github.com/opencryptoki/opencryptoki/issues/731
@@ -14,19 +124,19 @@ CVE-2024-0911
NOTE: Crash in CLI tool, no security impact
CVE-2024-0874
- coredns <itp> (bug #880676)
-CVE-2024-0456
+CVE-2024-0456 (An authorization vulnerability exists in GitLab versions 14.0 prior to ...)
- gitlab <unfixed>
NOTE: https://about.gitlab.com/releases/2024/01/25/critical-security-release-gitlab-16-8-1-released
-CVE-2023-5612
+CVE-2023-5612 (An issue has been discovered in GitLab affecting all versions before 1 ...)
- gitlab <unfixed>
NOTE: https://about.gitlab.com/releases/2024/01/25/critical-security-release-gitlab-16-8-1-released
-CVE-2023-5933
+CVE-2023-5933 (An issue has been discovered in GitLab CE/EE affecting all versions af ...)
- gitlab <unfixed>
NOTE: https://about.gitlab.com/releases/2024/01/25/critical-security-release-gitlab-16-8-1-released
-CVE-2023-6159
+CVE-2023-6159 (An issue has been discovered in GitLab CE/EE affecting all versions fr ...)
- gitlab <unfixed>
NOTE: https://about.gitlab.com/releases/2024/01/25/critical-security-release-gitlab-16-8-1-released
-CVE-2024-0402
+CVE-2024-0402 (An issue has been discovered in GitLab CE/EE affecting all versions fr ...)
- gitlab <unfixed>
NOTE: https://about.gitlab.com/releases/2024/01/25/critical-security-release-gitlab-16-8-1-released
CVE-2024-23855 (A vulnerability has been reported in Cups Easy (Purchase & Inventory), ...)
@@ -1926,21 +2036,21 @@ CVE-2023-6395 (The Mock software contains a vulnerability wherein an attacker co
NOTE: Fixed by: https://github.com/xsuchy/templated-dictionary/commit/bcd90f0dafa365575c4b101e6f5d98c4ef4e4b69 (python-templated-dictionary-1.4-1)
NOTE: Fixed by: https://github.com/xsuchy/templated-dictionary/commit/0740bd0ca8d487301881541028977d120f8b8933 (python-templated-dictionary-1.4-1)
CVE-2024-0408 (A flaw was found in the X.Org server. The GLX PBuffer code does not ca ...)
- {DSA-5603-1}
+ {DSA-5603-1 DLA-3721-1}
- xorg-server 2:21.1.11-1
- xwayland 2:23.2.4-1
[bookworm] - xwayland <no-dsa> (Minor issue; Xwayland shouldn't be running as root)
NOTE: https://lists.x.org/archives/xorg/2024-January/061525.html
NOTE: https://gitlab.freedesktop.org/xorg/xserver/-/commit/e5e8586a12a3ec915673edffa10dc8fe5e15dac3
CVE-2024-0409 (A flaw was found in the X.Org server. The cursor code in both Xephyr a ...)
- {DSA-5603-1}
+ {DSA-5603-1 DLA-3721-1}
- xorg-server 2:21.1.11-1
- xwayland 2:23.2.4-1
[bookworm] - xwayland <no-dsa> (Minor issue; Xwayland shouldn't be running as root)
NOTE: https://lists.x.org/archives/xorg/2024-January/061525.html
NOTE: https://gitlab.freedesktop.org/xorg/xserver/-/commit/2ef0f1116c65d5cb06d7b6d83f8a1aea702c94f7
CVE-2024-21886 [Heap buffer overflow in DisableDevice]
- {DSA-5603-1}
+ {DSA-5603-1 DLA-3721-1}
- xorg-server 2:21.1.11-1
- xwayland 2:23.2.4-1
[bookworm] - xwayland <no-dsa> (Minor issue; Xwayland shouldn't be running as root)
@@ -1949,14 +2059,14 @@ CVE-2024-21886 [Heap buffer overflow in DisableDevice]
NOTE: https://gitlab.freedesktop.org/xorg/xserver/-/commit/26769aa71fcbe0a8403b7fb13b7c9010cc07c3a8
NOTE: Regression: https://gitlab.freedesktop.org/xorg/xserver/-/issues/1623
CVE-2024-21885 [Heap buffer overflow in XISendDeviceHierarchyEvent]
- {DSA-5603-1}
+ {DSA-5603-1 DLA-3721-1}
- xorg-server 2:21.1.11-1
- xwayland 2:23.2.4-1
[bookworm] - xwayland <no-dsa> (Minor issue; Xwayland shouldn't be running as root)
NOTE: https://lists.x.org/archives/xorg/2024-January/061525.html
NOTE: https://gitlab.freedesktop.org/xorg/xserver/-/commit/4a5e9b1895627d40d26045bd0b7ef3dce503cbd1
CVE-2024-0229 [Reattaching to different master device may lead to out-of-bounds memory access]
- {DSA-5603-1}
+ {DSA-5603-1 DLA-3721-1}
- xorg-server 2:21.1.11-1
- xwayland 2:23.2.4-1
[bookworm] - xwayland <no-dsa> (Minor issue; Xwayland shouldn't be running as root)
@@ -1965,7 +2075,7 @@ CVE-2024-0229 [Reattaching to different master device may lead to out-of-bounds
NOTE: https://gitlab.freedesktop.org/xorg/xserver/-/commit/219c54b8a3337456ce5270ded6a67bcde53553d5
NOTE: https://gitlab.freedesktop.org/xorg/xserver/-/commit/df3c65706eb169d5938df0052059f3e0d5981b74
CVE-2023-6816 (A flaw was found in X.Org server. Both DeviceFocusEvent and the XIQuer ...)
- {DSA-5603-1}
+ {DSA-5603-1 DLA-3721-1}
- xorg-server 2:21.1.11-1
- xwayland 2:23.2.4-1
[bookworm] - xwayland <no-dsa> (Minor issue; Xwayland shouldn't be running as root)
@@ -3353,7 +3463,7 @@ CVE-2024-20681 (Windows Subsystem for Linux Elevation of Privilege Vulnerability
NOT-FOR-US: Microsoft
CVE-2024-20680 (Windows Message Queuing Client (MSMQC) Information Disclosure)
NOT-FOR-US: Microsoft
-CVE-2024-20677 (<p>A security vulnerability exists in FBX that could lead to remote co ...)
+CVE-2024-20677 (A security vulnerability exists in FBX that could lead to remote code ...)
NOT-FOR-US: Microsoft
CVE-2024-20676 (Azure Storage Mover Remote Code Execution Vulnerability)
NOT-FOR-US: Microsoft
@@ -12564,11 +12674,11 @@ CVE-2023-39545 (CLUSTERPRO X Ver5.1 and earlier and EXPRESSCLUSTER X 5.1 and ear
NOT-FOR-US: CLUSTERPRO
CVE-2023-39544 (CLUSTERPRO X Ver5.1 and earlier and EXPRESSCLUSTER X 5.1 and earlier, ...)
NOT-FOR-US: CLUSTERPRO
-CVE-2023-38324 (An issue was discovered in OpenNDS Captive Portal before version 10.1. ...)
+CVE-2023-38324 (An issue was discovered in OpenNDS before 10.1.2. It allows users to s ...)
- opennds 10.2.0+dfsg-1 (bug #1059451)
NOTE: https://source.sierrawireless.com/-/media/support_downloads/security-bulletins/pdf/swi-psa-2023-006-r3.ashx
NOTE: https://github.com/openNDS/openNDS/commit/cd4004fc3cf79c0f2bc0ee98db30d225d0b79bc9 (v10.1.2)
-CVE-2023-38323
+CVE-2023-38323 (An issue was discovered in OpenNDS before 10.1.3. It fails to sanitize ...)
- opennds <unfixed>
NOTE: https://source.sierrawireless.com/-/media/support_downloads/security-bulletins/pdf/swi-psa-2023-006-r3.ashx
CVE-2023-38322 (An issue was discovered in OpenNDS Captive Portal before version 10.1. ...)
@@ -12582,13 +12692,13 @@ CVE-2023-38320 (An issue was discovered in OpenNDS Captive Portal before version
- opennds 10.2.0+dfsg-1 (bug #1059451)
NOTE: https://source.sierrawireless.com/-/media/support_downloads/security-bulletins/pdf/swi-psa-2023-006-r3.ashx
NOTE: https://github.com/openNDS/openNDS/commit/cd4004fc3cf79c0f2bc0ee98db30d225d0b79bc9 (v10.1.2)
-CVE-2023-38319
+CVE-2023-38319 (An issue was discovered in OpenNDS before 10.1.3. It fails to sanitize ...)
- opennds <unfixed>
NOTE: https://source.sierrawireless.com/-/media/support_downloads/security-bulletins/pdf/swi-psa-2023-006-r3.ashx
-CVE-2023-38318
+CVE-2023-38318 (An issue was discovered in OpenNDS before 10.1.3. It fails to sanitize ...)
- opennds <unfixed>
NOTE: https://source.sierrawireless.com/-/media/support_downloads/security-bulletins/pdf/swi-psa-2023-006-r3.ashx
-CVE-2023-38317
+CVE-2023-38317 (An issue was discovered in OpenNDS before 10.1.3. It fails to sanitize ...)
- opennds <unfixed>
NOTE: https://source.sierrawireless.com/-/media/support_downloads/security-bulletins/pdf/swi-psa-2023-006-r3.ashx
CVE-2023-38316 (An issue was discovered in OpenNDS Captive Portal before version 10.1. ...)
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/1b57d9bfad14448647e804e084588f077932cb09
--
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/1b57d9bfad14448647e804e084588f077932cb09
You're receiving this email because of your account on salsa.debian.org.
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://alioth-lists.debian.net/pipermail/debian-security-tracker-commits/attachments/20240126/f98a4585/attachment-0001.htm>
More information about the debian-security-tracker-commits
mailing list