[Git][security-tracker-team/security-tracker][master] automatic update

Salvatore Bonaccorso (@carnil) carnil at debian.org
Wed Jan 31 08:12:18 GMT 2024 


Salvatore Bonaccorso pushed to branch master at Debian Security Tracker / security-tracker


Commits:
7da35e2f by security tracker role at 2024-01-31T08:12:07+00:00
automatic update

- - - - -


1 changed file:

- data/CVE/list


Changes:

=====================================
data/CVE/list
=====================================
@@ -1,3 +1,33 @@
+CVE-2024-24567 (Vyper is a pythonic Smart Contract Language for the ethereum virtual m ...)
+	TODO: check
+CVE-2024-23834 (Discourse is an open-source discussion platform. Improperly sanitized  ...)
+	TODO: check
+CVE-2024-23745 (In Notion Web Clipper 1.0.3(7), a .nib file is susceptible to the Dirt ...)
+	TODO: check
+CVE-2024-22569 (Stored Cross-Site Scripting (XSS) vulnerability in POSCMS v4.6.2, allo ...)
+	TODO: check
+CVE-2024-22236 (In Spring Cloud Contract, versions 4.1.x prior to 4.1.1, versions 4.0. ...)
+	TODO: check
+CVE-2024-1069 (The Contact Form Entries plugin for WordPress is vulnerable to arbitra ...)
+	TODO: check
+CVE-2024-1012 (A vulnerability, which was classified as critical, has been found in W ...)
+	TODO: check
+CVE-2024-0836 (The WordPress Review & Structure Data Schema Plugin \u2013 Review Sche ...)
+	TODO: check
+CVE-2023-51204 (Insecure deserialization in ROS2 Foxy Fitzroy ROS_VERSION=2 and ROS_PY ...)
+	TODO: check
+CVE-2023-51202 (OS command injection vulnerability in command processing or system cal ...)
+	TODO: check
+CVE-2023-51198 (An issue in the permission and access control components within ROS2 F ...)
+	TODO: check
+CVE-2023-51197 (An issue discovered in shell command execution in ROS2 (Robot Operatin ...)
+	TODO: check
+CVE-2023-3934
+	REJECTED
+CVE-2023-31505 (An arbitrary file upload vulnerability in Schlix CMS v2.2.8-1, allows  ...)
+	TODO: check
+CVE-2023-2439 (The UserPro plugin for WordPress is vulnerable to Stored Cross-Site Sc ...)
+	TODO: check
 CVE-2024-1062 [a heap overflow leading to denail-of-servce while writing a value larger than 256 chars (in log_entry_attr)]
 	- 389-ds-base <unfixed>
 	NOTE: https://bugzilla.redhat.com/show_bug.cgi?id=2261879
@@ -7,15 +37,15 @@ CVE-2024-1062 [a heap overflow leading to denail-of-servce while writing a value
 CVE-2023-5992 [Side-channel leaks while stripping encryption PKCS#1 padding]
 	- opensc <unfixed>
 	NOTE: https://bugzilla.redhat.com/show_bug.cgi?id=2248685
-CVE-2024-1060
+CVE-2024-1060 (Use after free in Canvas in Google Chrome prior to 121.0.6167.139 allo ...)
 	- chromium <unfixed>
 	[bullseye] - chromium <end-of-life> (see #1061268)
 	[buster] - chromium <end-of-life> (see DSA 5046)
-CVE-2024-1059
+CVE-2024-1059 (Use after free in Peer Connection in Google Chrome prior to 121.0.6167 ...)
 	- chromium <unfixed>
 	[bullseye] - chromium <end-of-life> (see #1061268)
 	[buster] - chromium <end-of-life> (see DSA 5046)
-CVE-2024-1077
+CVE-2024-1077 (Use after free in Network in Google Chrome prior to 121.0.6167.139 all ...)
 	- chromium <unfixed>
 	[bullseye] - chromium <end-of-life> (see #1061268)
 	[buster] - chromium <end-of-life> (see DSA 5046)
@@ -432,10 +462,10 @@ CVE-2024-0960 (A vulnerability was found in flink-extended ai-flow 0.3.1. It has
 	NOT-FOR-US: flink-extended ai-flow
 CVE-2024-0959 (A vulnerability was found in StanfordVL GibsonEnv 0.3.1. It has been c ...)
 	NOT-FOR-US: StanfordVL GibsonEnv
-CVE-2024-23775 [Buffer overflow in mbedtls_x509_set_extension()]
+CVE-2024-23775 (Integer Overflow vulnerability in Mbed TLS 2.x before 2.28.7 and 3.x b ...)
 	- mbedtls 2.28.7-1
 	NOTE: https://mbed-tls.readthedocs.io/en/latest/security-advisories/mbedtls-security-advisory-2024-01-2/
-CVE-2024-23170 [Timing side channel in private key RSA operations]
+CVE-2024-23170 (An issue was discovered in Mbed TLS 2.x before 2.28.7 and 3.x before 3 ...)
 	- mbedtls 2.28.7-1
 	NOTE: https://mbed-tls.readthedocs.io/en/latest/security-advisories/mbedtls-security-advisory-2024-01-1/
 CVE-2024-23506 (Exposure of Sensitive Information to an Unauthorized Actor vulnerabili ...)
@@ -720,7 +750,7 @@ CVE-2024-22636 (PluXml Blog v5.8.9 was discovered to contain a remote code execu
 	[buster] - pluxml <end-of-life> (EOL in buster LTS)
 CVE-2024-22635 (WebCalendar v1.3.0 was discovered to contain a reflected cross-site sc ...)
 	- webcalendar <removed>
-CVE-2024-22545 (TRENDnet TEW-824DRU version 1.04b01 is vulnerable to Command Injection ...)
+CVE-2024-22545 (An issue was discovered in TRENDnet TEW-824DRU version 1.04b01, allows ...)
 	NOT-FOR-US: TRENDnet
 CVE-2024-21620 (An Improper Neutralization of Input During Web Page Generation ('Cross ...)
 	NOT-FOR-US: Juniper
@@ -778,7 +808,7 @@ CVE-2023-48127 (An issue in myGAKUYA mini-app on Line v13.6.1 allows attackers t
 	NOT-FOR-US: myGAKUYA mini-app on Line
 CVE-2023-48126 (An issue in Luxe Beauty Clinic mini-app on Line v13.6.1 allows attacke ...)
 	NOT-FOR-US: Luxe Beauty Clinic mini-app on Line
-CVE-2024-0914
+CVE-2024-0914 (A timing side-channel vulnerability has been discovered in the opencry ...)
 	- opencryptoki <unfixed>
 	[bookworm] - opencryptoki <no-dsa> (Minor issue)
 	[bullseye] - opencryptoki <no-dsa> (Minor issue)
@@ -8580,7 +8610,7 @@ CVE-2023-48389 (Multisuns EasyLog web+ has a path traversal vulnerability within
 	NOT-FOR-US: Multisuns EasyLog web+
 CVE-2023-48388 (Multisuns EasyLog web+ has a vulnerability of using hard-coded credent ...)
 	NOT-FOR-US: Multisuns EasyLog web+
-CVE-2023-48387 (TAIWAN-CA(TWCA) JCICSecurityTool's Registry-related functions have ins ...)
+CVE-2023-48387 (TAIWAN-CA(TWCA) JCICSecurityTool  fails to check the source website an ...)
 	NOT-FOR-US: TAIWAN-CA(TWCA) JCICSecurityTool
 CVE-2023-48384 (ArmorX Global Technology Corporation ArmorX Spam has insufficient vali ...)
 	NOT-FOR-US: ArmorX Global Technology Corporation ArmorX Spam



View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/7da35e2fdad9fa13f400cffcf18fbfad71b726f3

-- 
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/7da35e2fdad9fa13f400cffcf18fbfad71b726f3
You're receiving this email because of your account on salsa.debian.org.


-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://alioth-lists.debian.net/pipermail/debian-security-tracker-commits/attachments/20240131/5f166407/attachment.htm>

More information about the debian-security-tracker-commits mailing list