[Git][security-tracker-team/security-tracker][master] automatic update
Salvatore Bonaccorso (@carnil)
carnil at debian.org
Tue Jan 30 08:11:48 GMT 2024
Salvatore Bonaccorso pushed to branch master at Debian Security Tracker / security-tracker
Commits:
a529a07b by security tracker role at 2024-01-30T08:11:34+00:00
automatic update
- - - - -
1 changed file:
- data/CVE/list
Changes:
=====================================
data/CVE/list
=====================================
@@ -1,3 +1,77 @@
+CVE-2024-23829 (aiohttp is an asynchronous HTTP client/server framework for asyncio an ...)
+ TODO: check
+CVE-2024-23334 (aiohttp is an asynchronous HTTP client/server framework for asyncio an ...)
+ TODO: check
+CVE-2024-22938 (Insecure Permissions vulnerability in BossCMS v.1.3.0 allows a local a ...)
+ TODO: check
+CVE-2024-22682 (DuckDB <=0.9.2 and DuckDB extension-template <=0.9.2 are vulnerable to ...)
+ TODO: check
+CVE-2024-22648 (A Blind SSRF vulnerability exists in the "Crawl Meta Data" functionali ...)
+ TODO: check
+CVE-2024-22647 (An user enumeration vulnerability was found in SEO Panel 4.10.0. This ...)
+ TODO: check
+CVE-2024-22646 (An email address enumeration vulnerability exists in the password rese ...)
+ TODO: check
+CVE-2024-22643 (A Cross-Site Request Forgery (CSRF) vulnerability in SEO Panel version ...)
+ TODO: check
+CVE-2024-21840 (Incorrect Default Permissions vulnerability in Hitachi Storage Plug-in ...)
+ TODO: check
+CVE-2024-21803 (Use After Free vulnerability in Linux Linux kernel kernel on Linux, x8 ...)
+ TODO: check
+CVE-2024-21488 (Versions of the package network before 0.7.0 are vulnerable to Arbitra ...)
+ TODO: check
+CVE-2024-1029 (A vulnerability was found in Cogites eReserv 7.7.58 and classified as ...)
+ TODO: check
+CVE-2024-1028 (A vulnerability has been found in SourceCodester Facebook News Feed Li ...)
+ TODO: check
+CVE-2024-1027 (A vulnerability, which was classified as critical, was found in Source ...)
+ TODO: check
+CVE-2024-1026 (A vulnerability was found in Cogites eReserv 7.7.58 and classified as ...)
+ TODO: check
+CVE-2024-1024 (A vulnerability has been found in SourceCodester Facebook News Feed Li ...)
+ TODO: check
+CVE-2024-1022 (A vulnerability, which was classified as problematic, was found in Cod ...)
+ TODO: check
+CVE-2024-1021 (A vulnerability, which was classified as critical, has been found in R ...)
+ TODO: check
+CVE-2024-1020 (A vulnerability classified as problematic was found in Rebuild up to 3 ...)
+ TODO: check
+CVE-2023-7225 (The MapPress Maps for WordPress plugin for WordPress is vulnerable to ...)
+ TODO: check
+CVE-2023-5372 (The post-authentication command injection vulnerability in Zyxel NAS32 ...)
+ TODO: check
+CVE-2023-52071 (tiny-curl-8_4_0 , curl-8_4_0 and curl-8_5_0 were discovered to contain ...)
+ TODO: check
+CVE-2023-51982 (CrateDB 5.5.1 is contains an authentication bypass vulnerability in th ...)
+ TODO: check
+CVE-2023-51843 (react-dashboard 1.4.0 is vulnerable to Cross Site Scripting (XSS) as h ...)
+ TODO: check
+CVE-2023-51837 (Ylianst MeshCentral 1.1.16 is vulnerable to Missing SSL Certificate Va ...)
+ TODO: check
+CVE-2023-51813 (Cross Site Request Forgery (CSRF) vulnerability in Free Open-Source In ...)
+ TODO: check
+CVE-2023-4554 (Improper Restriction of XML External Entity Reference vulnerability in ...)
+ TODO: check
+CVE-2023-4553 (Improper Input Validation vulnerability in OpenText AppBuilder on Wind ...)
+ TODO: check
+CVE-2023-4552 (Improper Input Validation vulnerability in OpenText AppBuilder on Wind ...)
+ TODO: check
+CVE-2023-4551 (Improper Input Validation vulnerability in OpenText AppBuilder on Wind ...)
+ TODO: check
+CVE-2023-4550 (Improper Input Validation, Files or Directories Accessible to External ...)
+ TODO: check
+CVE-2023-49038 (Command injection in the ping utility on Buffalo LS210D 1.78-0.03 allo ...)
+ TODO: check
+CVE-2023-45930
+ REJECTED
+CVE-2023-45928
+ REJECTED
+CVE-2023-45926
+ REJECTED
+CVE-2023-45923
+ REJECTED
+CVE-2023-37571 (Softing TH SCOPE through 3.70 allows XSS.)
+ TODO: check
CVE-2024-1023
NOT-FOR-US: Eclipse Vertx
CVE-2024-24141 (Sourcecodester School Task Manager App 1.0 allows SQL Injection via th ...)
@@ -4080,6 +4154,7 @@ CVE-2023-42797 (A vulnerability has been identified in CP-8031 MASTER MODULE (Al
CVE-2022-48618 (The issue was addressed with improved checks. This issue is fixed in m ...)
NOT-FOR-US: Apple
CVE-2023-41056 (Redis is an in-memory database that persists on disk. Redis incorrectl ...)
+ {DSA-5610-1}
- redis 5:7.0.15-1 (bug #1060316)
[bullseye] - redis <not-affected> (Vulnerable code not present)
[buster] - redis <not-affected> (Vulnerable code not present)
@@ -18404,7 +18479,7 @@ CVE-2023-45812 (The Apollo Router is a configurable, high-performance graph rout
CVE-2023-45146 (XXL-RPC is a high performance, distributed RPC framework. With it, a T ...)
NOT-FOR-US: XXL-RPC
CVE-2023-45145 (Redis is an in-memory database that persists on disk. On startup, Redi ...)
- {DLA-3627-1}
+ {DSA-5610-1 DLA-3627-1}
- redis 5:7.0.14-1 (bug #1054225)
[bullseye] - redis <no-dsa> (Minor issue)
NOTE: https://github.com/redis/redis/security/advisories/GHSA-ghmp-889m-7cvx
@@ -24911,6 +24986,7 @@ CVE-2023-41329 (WireMock is a tool for mocking HTTP services. The proxy mode of
CVE-2023-41327 (WireMock is a tool for mocking HTTP services. WireMock can be configur ...)
NOT-FOR-US: WireMock
CVE-2023-41053 (Redis is an in-memory database that persists on disk. Redis does not c ...)
+ {DSA-5610-1}
- redis 5:7.0.13-1 (bug #1051512)
[bullseye] - redis <not-affected> (Vulnerable code introduced later)
[buster] - redis <not-affected> (Vulnerable code introduced later)
@@ -33124,6 +33200,7 @@ CVE-2023-36867 (Visual Studio Code GitHub Pull Requests and Issues Extension Rem
CVE-2023-36825 (Orchid is a Laravel package that allows application development of bac ...)
NOT-FOR-US: Decidim
CVE-2023-36824 (Redis is an in-memory database that persists on disk. In Redit 7.0 pri ...)
+ {DSA-5610-1}
- redis 5:7.0.12-1 (bug #1040879)
[bullseye] - redis <not-affected> (Vulnerable code introduced later)
[buster] - redis <not-affected> (Vulnerable code introduced later)
@@ -139713,6 +139790,7 @@ CVE-2022-24836 (Nokogiri is an open source XML and HTML library for Ruby. Nokogi
CVE-2022-24835
RESERVED
CVE-2022-24834 (Redis is an in-memory database that persists on disk. A specially craf ...)
+ {DSA-5610-1}
- redis 5:7.0.12-1
[bullseye] - redis <no-dsa> (Minor issue)
[buster] - redis <no-dsa> (Minor issue)
@@ -208581,7 +208659,7 @@ CVE-2021-3171
RESERVED
CVE-2021-3170
RESERVED
-CVE-2021-3169 (An issue in Jumpserver 2.6.2 and below allows attackers to create a co ...)
+CVE-2021-3169 (An issue in Jumpserver before 2.6.2, before 2.5.4, before 2.4.5 allows ...)
NOT-FOR-US: Jumpserver
CVE-2021-3168
RESERVED
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/a529a07b7da412e1794b017b483321259dda3c1e
--
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/a529a07b7da412e1794b017b483321259dda3c1e
You're receiving this email because of your account on salsa.debian.org.
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://alioth-lists.debian.net/pipermail/debian-security-tracker-commits/attachments/20240130/322b1f35/attachment.htm>
More information about the debian-security-tracker-commits
mailing list