[Git][security-tracker-team/security-tracker][master] automatic update
Salvatore Bonaccorso (@carnil)
carnil at debian.org
Mon Jan 29 20:16:17 GMT 2024
Salvatore Bonaccorso pushed to branch master at Debian Security Tracker / security-tracker
Commits:
89fcf302 by security tracker role at 2024-01-29T20:16:03+00:00
automatic update
- - - - -
1 changed file:
- data/CVE/list
Changes:
=====================================
data/CVE/list
=====================================
@@ -1,3 +1,135 @@
+CVE-2024-24141 (Sourcecodester School Task Manager App 1.0 allows SQL Injection via th ...)
+ TODO: check
+CVE-2024-24140 (Sourcecodester Daily Habit Tracker App 1.0 allows SQL Injection via th ...)
+ TODO: check
+CVE-2024-24139 (Sourcecodester Login System with Email Verification 1.0 allows SQL Inj ...)
+ TODO: check
+CVE-2024-24136 (The 'Your Name' field in the Submit Score section of Sourcecodester Ma ...)
+ TODO: check
+CVE-2024-24135 (Product Name and Product Code in the 'Add Product' section of Sourceco ...)
+ TODO: check
+CVE-2024-24134 (Sourcecodester Online Food Menu 1.0 is vulnerable to Cross Site Script ...)
+ TODO: check
+CVE-2024-23940 (Trend Micro uiAirSupport, included in the Trend Micro Security 2023 fa ...)
+ TODO: check
+CVE-2024-23828 (Nginx-UI is a web interface to manage Nginx configurations. It is vuln ...)
+ TODO: check
+CVE-2024-23827 (Nginx-UI is a web interface to manage Nginx configurations. The Import ...)
+ TODO: check
+CVE-2024-23826 (spbu_se_site is the website of the Department of System Programming of ...)
+ TODO: check
+CVE-2024-23822 (Thruk is a multibackend monitoring webinterface. Prior to 3.12, the T ...)
+ TODO: check
+CVE-2024-23792 (When adding attachments to ticket comments, another user can add atta ...)
+ TODO: check
+CVE-2024-23791 (Insertion of debug information into log file during building the elast ...)
+ TODO: check
+CVE-2024-23790 (Improper Input Validation vulnerability in the upload functionality fo ...)
+ TODO: check
+CVE-2024-23747 (The Moderna Sistemas ModernaNet Hospital Management System 2024 is sus ...)
+ TODO: check
+CVE-2024-23441 (Vba32 Antivirus v3.36.0 is vulnerable to a Denial of Service vulnerabi ...)
+ TODO: check
+CVE-2024-22570 (A stored cross-site scripting (XSS) vulnerability in /install.php?m=in ...)
+ TODO: check
+CVE-2024-22559 (LightCMS v2.0 is vulnerable to Cross Site Scripting (XSS) in the Conte ...)
+ TODO: check
+CVE-2024-1018 (A vulnerability classified as problematic has been found in PbootCMS 3 ...)
+ TODO: check
+CVE-2024-1017 (A vulnerability was found in Gabriels FTP Server 1.2. It has been rate ...)
+ TODO: check
+CVE-2024-1016 (A vulnerability was found in Solar FTP Server 2.1.1/2.1.2. It has been ...)
+ TODO: check
+CVE-2024-1015 (Remote command execution vulnerability in SE-elektronic GmbH E-DDC3.3 ...)
+ TODO: check
+CVE-2024-1014 (Uncontrolled resource consumption vulnerability in SE-elektronic GmbH ...)
+ TODO: check
+CVE-2024-1011 (A vulnerability classified as problematic was found in SourceCodester ...)
+ TODO: check
+CVE-2024-1010 (A vulnerability classified as problematic has been found in SourceCode ...)
+ TODO: check
+CVE-2024-1009 (A vulnerability was found in SourceCodester Employee Management System ...)
+ TODO: check
+CVE-2024-1008 (A vulnerability was found in SourceCodester Employee Management System ...)
+ TODO: check
+CVE-2024-1007 (A vulnerability was found in SourceCodester Employee Management System ...)
+ TODO: check
+CVE-2024-1006 (A vulnerability was found in Shanxi Diankeyun Technology NODERP up to ...)
+ TODO: check
+CVE-2024-1005 (A vulnerability has been found in Shanxi Diankeyun Technology NODERP u ...)
+ TODO: check
+CVE-2024-1004 (A vulnerability, which was classified as critical, was found in Totoli ...)
+ TODO: check
+CVE-2024-1003 (A vulnerability, which was classified as critical, has been found in T ...)
+ TODO: check
+CVE-2024-1002 (A vulnerability classified as critical was found in Totolink N200RE 9. ...)
+ TODO: check
+CVE-2024-1001 (A vulnerability classified as critical has been found in Totolink N200 ...)
+ TODO: check
+CVE-2024-1000 (A vulnerability was found in Totolink N200RE 9.3.5u.6139_B20201216. It ...)
+ TODO: check
+CVE-2024-0999 (A vulnerability was found in Totolink N200RE 9.3.5u.6139_B20201216. It ...)
+ TODO: check
+CVE-2024-0998 (A vulnerability was found in Totolink N200RE 9.3.5u.6139_B20201216. It ...)
+ TODO: check
+CVE-2024-0997 (A vulnerability was found in Totolink N200RE 9.3.5u.6139_B20201216 and ...)
+ TODO: check
+CVE-2024-0788 (SUPERAntiSpyware Pro X v10.0.1260 is vulnerable to kernel-level API pa ...)
+ TODO: check
+CVE-2024-0212 (The Cloudflare Wordpress plugin was found to be vulnerable to improper ...)
+ TODO: check
+CVE-2023-7204 (The WP STAGING WordPress Backup plugin before 3.2.0 allows access to c ...)
+ TODO: check
+CVE-2023-7200 (The EventON WordPress plugin before 4.4.1 does not sanitise and escape ...)
+ TODO: check
+CVE-2023-7199 (The Relevanssi WordPress plugin before 4.22.0, Relevanssi Premium Word ...)
+ TODO: check
+CVE-2023-7089 (The Easy SVG Allow WordPress plugin through 1.0 does not sanitize uplo ...)
+ TODO: check
+CVE-2023-7074 (The WP SOCIAL BOOKMARK MENU WordPress plugin through 1.2 does not have ...)
+ TODO: check
+CVE-2023-6946 (The Autotitle for WordPress plugin through 1.0.3 does not have CSRF ch ...)
+ TODO: check
+CVE-2023-6633 (The Site Notes WordPress plugin through 2.0.0 does not have CSRF check ...)
+ TODO: check
+CVE-2023-6530 (The TJ Shortcodes WordPress plugin through 0.1.3 does not validate and ...)
+ TODO: check
+CVE-2023-6503 (The WP Plugin Lister WordPress plugin through 2.1.0 does not have CSRF ...)
+ TODO: check
+CVE-2023-6391 (The Custom User CSS WordPress plugin through 0.2 does not have CSRF ch ...)
+ TODO: check
+CVE-2023-6390 (The WordPress Users WordPress plugin through 1.4 does not have CSRF ch ...)
+ TODO: check
+CVE-2023-6389 (The WordPress Toolbar WordPress plugin through 2.2.6 redirects to any ...)
+ TODO: check
+CVE-2023-6279 (The Woostify Sites Library WordPress plugin before 1.4.8 does not have ...)
+ TODO: check
+CVE-2023-6278 (The Biteship: Plugin Ongkos Kirim Kurir Instant, Reguler, Kargo WordPr ...)
+ TODO: check
+CVE-2023-6165 (The Restrict Usernames Emails Characters WordPress plugin before 3.1.4 ...)
+ TODO: check
+CVE-2023-5956 (The Wp-Adv-Quiz WordPress plugin through 1.0.2 does not sanitise and e ...)
+ TODO: check
+CVE-2023-5943 (The Wp-Adv-Quiz WordPress plugin before 1.0.3 does not sanitise and es ...)
+ TODO: check
+CVE-2023-5378 (Improper Input Validation vulnerability in MegaBIP and already unsupp ...)
+ TODO: check
+CVE-2023-5124 (The Page Builder: Pagelayer WordPress plugin before 1.8.0 doesn't prev ...)
+ TODO: check
+CVE-2023-51842 (An algorithm-downgrade issue was discovered in Ylianst MeshCentral 1.1 ...)
+ TODO: check
+CVE-2023-51840 (DoraCMS 2.1.8 is vulnerable to Use of Hard-coded Cryptographic Key.)
+ TODO: check
+CVE-2023-51839 (DeviceFarmer stf v3.6.6 suffers from Use of a Broken or Risky Cryptogr ...)
+ TODO: check
+CVE-2023-46050
+ REJECTED
+CVE-2023-45932
+ REJECTED
+CVE-2023-45921
+ REJECTED
+CVE-2023-45916
+ REJECTED
CVE-2024-24736 (The POP3 service in YahooPOPs (aka YPOPs!) 1.6 allows a remote denial ...)
NOT-FOR-US: POP3 service in YahooPOPs
CVE-2024-23782 (Cross-site scripting vulnerability exists in a-blog cms Ver.3.1.x seri ...)
@@ -545,20 +677,20 @@ CVE-2023-52355 (An out-of-memory flaw was found in libtiff that could be trigger
NOTE: https://gitlab.com/libtiff/libtiff/-/commit/335947359ce2dd3862cd9f7c49f92eba065dfed4
NOTE: https://gitlab.com/libtiff/libtiff/-/commit/16ab4a205cfc938c32686e8d697d048fabf97ed4
NOTE: Issue fixed by providing a documentation update
-CVE-2023-40551
+CVE-2023-40551 (A flaw was found in the MZ binary format in Shim. An out-of-bounds rea ...)
- shim <unfixed> (bug #1061519)
NOTE: https://bugzilla.redhat.com/show_bug.cgi?id=2259918
NOTE: https://github.com/rhboot/shim/commit/5a5147d1e19cf90ec280990c84061ac3f67ea1ab (15.8)
-CVE-2023-40550
+CVE-2023-40550 (An out-of-bounds read flaw was found in Shim when it tried to validate ...)
- shim <unfixed> (bug #1061519)
NOTE: https://bugzilla.redhat.com/show_bug.cgi?id=2259915
NOTE: https://github.com/rhboot/shim/commit/93ce2552f3e9f71f888a672913bfc0eef255c56d (15.8)
NOTE: Followup: https://github.com/rhboot/shim/commit/e7f5fdf53ee68025f3ef2688e2f27ccb0082db83 (15.8)
-CVE-2023-40549
+CVE-2023-40549 (An out-of-bounds read flaw was found in Shim due to the lack of proper ...)
- shim <unfixed> (bug #1061519)
NOTE: https://bugzilla.redhat.com/show_bug.cgi?id=2241797
NOTE: https://github.com/rhboot/shim/commit/afdc5039de0a4a3a40162a32daa070f94a883f09 (15.8)
-CVE-2023-40548
+CVE-2023-40548 (A buffer overflow was found in Shim in the 32-bit system. The overflow ...)
- shim <unfixed> (bug #1061519)
NOTE: https://bugzilla.redhat.com/show_bug.cgi?id=2241782
NOTE: https://github.com/rhboot/shim/commit/96dccc255b16e9465dbee50b3cef6b3db74d11c8 (15.8)
@@ -566,7 +698,7 @@ CVE-2023-40547 (A remote code execution vulnerability was found in Shim. The Shi
- shim <unfixed> (bug #1061519)
NOTE: https://bugzilla.redhat.com/show_bug.cgi?id=2234589
NOTE: https://github.com/rhboot/shim/commit/0226b56513b2b8bd5fd281bce77c40c9bf07c66d (15.8)
-CVE-2023-40546
+CVE-2023-40546 (A flaw was found in Shim when an error happened while creating a new E ...)
- shim <unfixed> (bug #1061519)
NOTE: https://bugzilla.redhat.com/show_bug.cgi?id=2241796
NOTE: https://github.com/rhboot/shim/commit/66e6579dbf921152f647a0c16da1d3b2f40861ca (15.8)
@@ -1244,7 +1376,7 @@ CVE-2020-36772 (CloudLinux CageFS 7.0.8-2 or below insufficiently restricts fil
NOT-FOR-US: CloudLinux CageFS
CVE-2020-36771 (CloudLinux CageFS 7.1.1-1 or below passes the authentication token as ...)
NOT-FOR-US: CloudLinux CageFS
-CVE-2023-46838 [xen-netback: don't produce zero-size SKB frags]
+CVE-2023-46838 (Transmit requests in Xen's virtual network protocol can consist of mul ...)
- linux <unfixed>
NOTE: https://xenbits.xen.org/xsa/advisory-448.html
NOTE: https://git.kernel.org/linus/c7ec4f2d684e17d69bbdd7c4324db0ef5daac26a
@@ -1511,6 +1643,7 @@ CVE-2023-50694 (An issue in dom96 HTTPbeast v.0.4.1 and before allows a remote a
CVE-2023-50693 (An issue in dom96 Jester v.0.6.0 and before allows a remote attacker t ...)
NOT-FOR-US: dom96 Jester
CVE-2023-50447 (Pillow through 10.1.0 allows PIL.ImageMath.eval Arbitrary Code Executi ...)
+ {DLA-3724-1}
- pillow 10.2.0-1 (bug #1061172)
NOTE: https://duartecsantos.github.io/2023-01-02-CVE-2023-50447/
NOTE: https://pillow.readthedocs.io/en/stable/releasenotes/10.2.0.html#imagemath-eval-restricted-environment-keys
@@ -41280,8 +41413,8 @@ CVE-2023-30972
RESERVED
CVE-2023-30971
RESERVED
-CVE-2023-30970
- RESERVED
+CVE-2023-30970 (Gotham Table service and Forward App were found to be vulnerable to a ...)
+ TODO: check
CVE-2023-30969 (The Palantir Tiles1 service was found to be vulnerable to an API wide ...)
NOT-FOR-US: Palantir
CVE-2023-30968
@@ -47077,8 +47210,7 @@ CVE-2023-29057 (A valid XCC user's local account permissions overrides their act
NOT-FOR-US: Lenovo
CVE-2023-29056 (A valid LDAP user, under specific conditions, will default to read-onl ...)
NOT-FOR-US: Lenovo
-CVE-2023-29055
- RESERVED
+CVE-2023-29055 (In Apache Kylin version 2.0.0 to 4.0.3, there is a Server Config web i ...)
NOT-FOR-US: Apache Kylin (different from Kylin desktop environment)
CVE-2023-29054 (A vulnerability has been identified in SCALANCE X200-4P IRT (All versi ...)
NOT-FOR-US: Siemens
@@ -47376,8 +47508,8 @@ CVE-2023-1707 (Certain HP Enterprise LaserJet and HP LaserJet Managed Printers a
NOT-FOR-US: HP
CVE-2023-1706
REJECTED
-CVE-2023-1705
- RESERVED
+CVE-2023-1705 (Missing Authorization vulnerability in Forcepoint F|One SmartEdge Agen ...)
+ TODO: check
CVE-2023-1704 (Cross-site Scripting (XSS) - Stored in GitHub repository pimcore/pimco ...)
NOT-FOR-US: pimcore
CVE-2023-1703 (Cross-site Scripting (XSS) - Generic in GitHub repository pimcore/pimc ...)
@@ -66722,8 +66854,8 @@ CVE-2014-125054 (A vulnerability classified as critical was found in koroket Red
NOT-FOR-US: RedditOnRails
CVE-2023-22837
RESERVED
-CVE-2023-22836
- RESERVED
+CVE-2023-22836 (In cases where a multi-tenant stack user is operating Foundry\u2019s L ...)
+ TODO: check
CVE-2023-22835 (A security defect was identified that enabled a user of Foundry Issues ...)
NOT-FOR-US: Palantir
CVE-2023-22834 (The Contour Service was not checking that users had permission to crea ...)
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/89fcf3026eeb46c14c3a60f63040cc8499861527
--
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/89fcf3026eeb46c14c3a60f63040cc8499861527
You're receiving this email because of your account on salsa.debian.org.
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://alioth-lists.debian.net/pipermail/debian-security-tracker-commits/attachments/20240129/e7f29eb0/attachment-0001.htm>
More information about the debian-security-tracker-commits
mailing list