[Git][security-tracker-team/security-tracker][master] automatic update
Salvatore Bonaccorso (@carnil)
carnil at debian.org
Wed Jan 31 20:12:21 GMT 2024
Salvatore Bonaccorso pushed to branch master at Debian Security Tracker / security-tracker
Commits:
02c5a1ae by security tracker role at 2024-01-31T20:12:07+00:00
automatic update
- - - - -
1 changed file:
- data/CVE/list
Changes:
=====================================
data/CVE/list
=====================================
@@ -1,3 +1,133 @@
+CVE-2024-24579 (stereoscope is a go library for processing container images and simula ...)
+ TODO: check
+CVE-2024-24566 (Lobe Chat is a chatbot framework that supports speech synthesis, multi ...)
+ TODO: check
+CVE-2024-23637 (OctoPrint is a web interface for 3D printer.s OctoPrint versions up un ...)
+ TODO: check
+CVE-2024-23508 (Improper Neutralization of Input During Web Page Generation ('Cross-si ...)
+ TODO: check
+CVE-2024-23507 (Improper Neutralization of Special Elements used in an SQL Command ('S ...)
+ TODO: check
+CVE-2024-23505 (Improper Neutralization of Input During Web Page Generation ('Cross-si ...)
+ TODO: check
+CVE-2024-23502 (Improper Neutralization of Input During Web Page Generation ('Cross-si ...)
+ TODO: check
+CVE-2024-22310 (Improper Neutralization of Input During Web Page Generation ('Cross-si ...)
+ TODO: check
+CVE-2024-22307 (Improper Neutralization of Input During Web Page Generation ('Cross-si ...)
+ TODO: check
+CVE-2024-22306 (Improper Neutralization of Input During Web Page Generation ('Cross-si ...)
+ TODO: check
+CVE-2024-22305 (Authorization Bypass Through User-Controlled Key vulnerability in ali ...)
+ TODO: check
+CVE-2024-22304 (Cross-Site Request Forgery (CSRF) vulnerability in Borbis Media FreshM ...)
+ TODO: check
+CVE-2024-22302 (Improper Neutralization of Input During Web Page Generation ('Cross-si ...)
+ TODO: check
+CVE-2024-22297 (Improper Neutralization of Input During Web Page Generation ('Cross-si ...)
+ TODO: check
+CVE-2024-22295 (Improper Neutralization of Input During Web Page Generation ('Cross-si ...)
+ TODO: check
+CVE-2024-22293 (Improper Neutralization of Input During Web Page Generation ('Cross-si ...)
+ TODO: check
+CVE-2024-22292 (Improper Neutralization of Input During Web Page Generation ('Cross-si ...)
+ TODO: check
+CVE-2024-22291 (Cross-Site Request Forgery (CSRF) vulnerability in Marco Milesi Browse ...)
+ TODO: check
+CVE-2024-22290 (Cross-Site Request Forgery (CSRF) vulnerability in AboZain,O7abeeb,Uni ...)
+ TODO: check
+CVE-2024-22289 (Improper Neutralization of Input During Web Page Generation ('Cross-si ...)
+ TODO: check
+CVE-2024-22287 (Cross-Site Request Forgery (CSRF) vulnerability in Lud\u011bk Melichar ...)
+ TODO: check
+CVE-2024-22286 (Improper Neutralization of Input During Web Page Generation ('Cross-si ...)
+ TODO: check
+CVE-2024-22285 (Cross-Site Request Forgery (CSRF) vulnerability in Elise Bosse Frontpa ...)
+ TODO: check
+CVE-2024-22282 (Improper Neutralization of Input During Web Page Generation ('Cross-si ...)
+ TODO: check
+CVE-2024-22163 (Improper Neutralization of Input During Web Page Generation ('Cross-si ...)
+ TODO: check
+CVE-2024-22162 (Improper Neutralization of Input During Web Page Generation ('Cross-si ...)
+ TODO: check
+CVE-2024-22161 (Improper Neutralization of Input During Web Page Generation ('Cross-si ...)
+ TODO: check
+CVE-2024-22160 (Improper Neutralization of Input During Web Page Generation ('Cross-si ...)
+ TODO: check
+CVE-2024-22159 (Improper Neutralization of Input During Web Page Generation ('Cross-si ...)
+ TODO: check
+CVE-2024-22158 (Improper Neutralization of Input During Web Page Generation ('Cross-si ...)
+ TODO: check
+CVE-2024-22153 (Improper Neutralization of Input During Web Page Generation ('Cross-si ...)
+ TODO: check
+CVE-2024-22150 (Improper Neutralization of Input During Web Page Generation ('Cross-si ...)
+ TODO: check
+CVE-2024-22146 (Improper Neutralization of Input During Web Page Generation ('Cross-si ...)
+ TODO: check
+CVE-2024-22143 (Cross-Site Request Forgery (CSRF) vulnerability in WP Spell Check.This ...)
+ TODO: check
+CVE-2024-22140 (Cross-Site Request Forgery (CSRF) vulnerability in Cozmoslabs Profile ...)
+ TODO: check
+CVE-2024-22136 (Cross-Site Request Forgery (CSRF) vulnerability in DroitThemes Droit E ...)
+ TODO: check
+CVE-2024-21917 (A vulnerability exists in Rockwell Automation FactoryTalk\xae Service ...)
+ TODO: check
+CVE-2024-21916 (A denial-of-service vulnerability exists in specific Rockwell Automati ...)
+ TODO: check
+CVE-2024-21893 (A server-side request forgery vulnerability in the SAML component of I ...)
+ TODO: check
+CVE-2024-21888 (A privilege escalation vulnerability in web component of Ivanti Connec ...)
+ TODO: check
+CVE-2024-1116 (A vulnerability was found in openBI up to 1.0.8. It has been classifie ...)
+ TODO: check
+CVE-2024-1115 (A vulnerability was found in openBI up to 1.0.8 and classified as crit ...)
+ TODO: check
+CVE-2024-1114 (A vulnerability has been found in openBI up to 1.0.8 and classified as ...)
+ TODO: check
+CVE-2024-1113 (A vulnerability, which was classified as critical, was found in openBI ...)
+ TODO: check
+CVE-2024-1112 (Heap-based buffer overflow vulnerability in Resource Hacker, developed ...)
+ TODO: check
+CVE-2024-1111 (A vulnerability, which was classified as problematic, has been found i ...)
+ TODO: check
+CVE-2024-1103 (A vulnerability was found in CodeAstro Real Estate Management System 1 ...)
+ TODO: check
+CVE-2024-1099 (A vulnerability was found in Rebuild up to 3.5.5. It has been classifi ...)
+ TODO: check
+CVE-2024-1098 (A vulnerability was found in Rebuild up to 3.5.5 and classified as pro ...)
+ TODO: check
+CVE-2024-1087
+ REJECTED
+CVE-2024-1086 (A use-after-free vulnerability in the Linux kernel's netfilter: nf_tab ...)
+ TODO: check
+CVE-2024-1085 (A use-after-free vulnerability in the Linux kernel's netfilter: nf_tab ...)
+ TODO: check
+CVE-2024-0833 (In Telerik Test Studio versions prior to v2023.3.1330, a privilege e ...)
+ TODO: check
+CVE-2024-0832 (In Telerik Reporting versions prior to 2024 R1, a privilege elevation ...)
+ TODO: check
+CVE-2024-0589 (Cross-site scripting (XSS) vulnerability in the entry overview tab in ...)
+ TODO: check
+CVE-2024-0219 (In Telerik JustDecompile versions prior to 2024 R1, a privilege elevat ...)
+ TODO: check
+CVE-2023-7043 (Unquoted service path in ESET products allows to drop a prepared pro ...)
+ TODO: check
+CVE-2023-5390 (An attacker could potentially exploit this vulnerability, leading to f ...)
+ TODO: check
+CVE-2023-50357 (A cross site scripting vulnerability in the AREAL SAS Websrv1 ASP webs ...)
+ TODO: check
+CVE-2023-50356 (SSL connections to NOVELL and Synology LDAP server are vulnerable to a ...)
+ TODO: check
+CVE-2023-50166 (Pega Platform from 8.5.4 to 8.8.3 is affected by an XSS issue with an ...)
+ TODO: check
+CVE-2023-50165 (Pega Platform versions 8.2.1 to Infinity 23.1.0 are affected by an Gen ...)
+ TODO: check
+CVE-2023-47116 (Label Studio is a popular open source data labeling tool. The vulnerab ...)
+ TODO: check
+CVE-2023-44313 (Server-Side Request Forgery (SSRF) vulnerability in Apache ServiceComb ...)
+ TODO: check
+CVE-2023-44312 (Exposure of Sensitive Information to an Unauthorized Actor in Apache S ...)
+ TODO: check
CVE-2024-24567 (Vyper is a pythonic Smart Contract Language for the ethereum virtual m ...)
NOT-FOR-US: Vyper
CVE-2024-23834 (Discourse is an open-source discussion platform. Improperly sanitized ...)
@@ -34,7 +164,7 @@ CVE-2024-1062 [a heap overflow leading to denail-of-servce while writing a value
NOTE: https://bugzilla.redhat.com/show_bug.cgi?id=2256711
NOTE: https://github.com/389ds/389-ds-base/issues/5647
TODO: check details
-CVE-2023-5992 [Side-channel leaks while stripping encryption PKCS#1 padding]
+CVE-2023-5992 (A vulnerability was found in OpenSC where PKCS#1 encryption padding re ...)
- opensc <unfixed>
NOTE: https://bugzilla.redhat.com/show_bug.cgi?id=2248685
CVE-2024-1060 (Use after free in Canvas in Google Chrome prior to 121.0.6167.139 allo ...)
@@ -154,7 +284,7 @@ CVE-2023-36260 (An issue discovered in Craft CMS version 4.6.1. allows remote at
NOT-FOR-US: Craft CMS
CVE-2023-36259 (Cross Site Scripting (XSS) vulnerability in Craft CMS Audit Plugin bef ...)
NOT-FOR-US: Craft CMS Audit Plugin
-CVE-2023-6246 [syslog: Fix heap buffer overflow in __vsyslog_internal]
+CVE-2023-6246 (A heap-based buffer overflow was found in the __vsyslog_internal funct ...)
{DSA-5611-1}
- glibc 2.37-15
[bullseye] - glibc <not-affected> (Vulnerable code not present)
@@ -164,7 +294,7 @@ CVE-2023-6246 [syslog: Fix heap buffer overflow in __vsyslog_internal]
NOTE: Fixed by: https://sourceware.org/git?p=glibc.git;a=commit;h=6bd0e4efcc78f3c0115e5ea9739a1642807450da
NOTE: https://sourceware.org/pipermail/libc-announce/2024/000037.html
NOTE: https://sourceware.org/git/?p=glibc.git;a=blob_plain;f=advisories/GLIBC-SA-2024-0001;hb=HEAD
-CVE-2023-6779 [syslog: Fix heap buffer overflow in __vsyslog_internal]
+CVE-2023-6779 (An off-by-one heap-based buffer overflow was found in the __vsyslog_in ...)
{DSA-5611-1}
- glibc 2.37-15
[bullseye] - glibc <not-affected> (Vulnerable code not present)
@@ -172,7 +302,7 @@ CVE-2023-6779 [syslog: Fix heap buffer overflow in __vsyslog_internal]
NOTE: Fixed by: https://sourceware.org/git/?p=glibc.git;a=commit;h=7e5a0c286da33159d47d0122007aac016f3e02cd
NOTE: https://sourceware.org/pipermail/libc-announce/2024/000037.html
NOTE: https://sourceware.org/git/?p=glibc.git;a=blob_plain;f=advisories/GLIBC-SA-2024-0002;hb=HEAD
-CVE-2023-6780 [syslog: Fix integer overflow in __vsyslog_internal]
+CVE-2023-6780 (An integer overflow was found in the __vsyslog_internal function of th ...)
{DSA-5611-1}
- glibc 2.37-15
[bullseye] - glibc <not-affected> (Vulnerable code not present)
@@ -1415,7 +1545,7 @@ CVE-2023-44401 (The Silverstripe CMS GraphQL Server serves Silverstripe data as
CVE-2023-42143 (Missing Integrity Check in Shelly TRV 20220811-152343/v2.1.8 at 5afc928c ...)
NOT-FOR-US: Shelly
CVE-2024-0755 (Memory safety bugs present in Firefox 121, Firefox ESR 115.6, and Thun ...)
- {DSA-5606-1 DSA-5605-1 DLA-3720-1}
+ {DSA-5606-1 DSA-5605-1 DLA-3727-1 DLA-3720-1}
- firefox 122.0-1
- firefox-esr 115.7.0esr-1
- thunderbird 1:115.7.0-1
@@ -1426,7 +1556,7 @@ CVE-2024-0754 (Some WASM source files could have caused a crash when loaded in d
- firefox 122.0-1
NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2024-01/#CVE-2024-0754
CVE-2024-0753 (In specific HSTS configurations an attacker could have bypassed HSTS o ...)
- {DSA-5606-1 DSA-5605-1 DLA-3720-1}
+ {DSA-5606-1 DSA-5605-1 DLA-3727-1 DLA-3720-1}
- firefox 122.0-1
- firefox-esr 115.7.0esr-1
- thunderbird 1:115.7.0-1
@@ -1437,7 +1567,7 @@ CVE-2024-0752 (A use-after-free crash could have occurred on macOS if a Firefox
- firefox <not-affected> (Only affects Firefox on MacOS)
NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2024-01/#CVE-2024-0752
CVE-2024-0751 (A malicious devtools extension could have been used to escalate privil ...)
- {DSA-5606-1 DSA-5605-1 DLA-3720-1}
+ {DSA-5606-1 DSA-5605-1 DLA-3727-1 DLA-3720-1}
- firefox 122.0-1
- firefox-esr 115.7.0esr-1
- thunderbird 1:115.7.0-1
@@ -1445,7 +1575,7 @@ CVE-2024-0751 (A malicious devtools extension could have been used to escalate p
NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2024-02/#CVE-2024-0751
NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2024-04/#CVE-2024-0751
CVE-2024-0750 (A bug in popup notifications delay calculation could have made it poss ...)
- {DSA-5606-1 DSA-5605-1 DLA-3720-1}
+ {DSA-5606-1 DSA-5605-1 DLA-3727-1 DLA-3720-1}
- firefox 122.0-1
- firefox-esr 115.7.0esr-1
- thunderbird 1:115.7.0-1
@@ -1453,7 +1583,7 @@ CVE-2024-0750 (A bug in popup notifications delay calculation could have made it
NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2024-02/#CVE-2024-0750
NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2024-04/#CVE-2024-0750
CVE-2024-0749 (A phishing site could have repurposed an `about:` dialog to show phish ...)
- {DSA-5606-1 DSA-5605-1 DLA-3720-1}
+ {DSA-5606-1 DSA-5605-1 DLA-3727-1 DLA-3720-1}
- firefox 122.0-1
- firefox-esr 115.7.0esr-1
- thunderbird 1:115.7.0-1
@@ -1464,7 +1594,7 @@ CVE-2024-0748 (A compromised content process could have updated the document URI
- firefox 122.0-1
NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2024-01/#CVE-2024-0748
CVE-2024-0747 (When a parent page loaded a child in an iframe with `unsafe-inline`, t ...)
- {DSA-5606-1 DSA-5605-1 DLA-3720-1}
+ {DSA-5606-1 DSA-5605-1 DLA-3727-1 DLA-3720-1}
- firefox 122.0-1
- firefox-esr 115.7.0esr-1
- thunderbird 1:115.7.0-1
@@ -1472,7 +1602,7 @@ CVE-2024-0747 (When a parent page loaded a child in an iframe with `unsafe-inlin
NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2024-02/#CVE-2024-0747
NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2024-04/#CVE-2024-0747
CVE-2024-0746 (A Linux user opening the print preview dialog could have caused the br ...)
- {DSA-5606-1 DSA-5605-1 DLA-3720-1}
+ {DSA-5606-1 DSA-5605-1 DLA-3727-1 DLA-3720-1}
- firefox 122.0-1
- firefox-esr 115.7.0esr-1
- thunderbird 1:115.7.0-1
@@ -1492,7 +1622,7 @@ CVE-2024-0743 (An unchecked return value in TLS handshake code could have caused
NOTE: https://bugzilla.mozilla.org/show_bug.cgi?id=1867408
NOTE: https://hg.mozilla.org/projects/nss/rev/1bda168c0da97e19e5f14bc4227c15c0a9f493b
CVE-2024-0742 (It was possible for certain browser prompts and dialogs to be activate ...)
- {DSA-5606-1 DSA-5605-1 DLA-3720-1}
+ {DSA-5606-1 DSA-5605-1 DLA-3727-1 DLA-3720-1}
- firefox 122.0-1
- firefox-esr 115.7.0esr-1
- thunderbird 1:115.7.0-1
@@ -1500,7 +1630,7 @@ CVE-2024-0742 (It was possible for certain browser prompts and dialogs to be act
NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2024-02/#CVE-2024-0742
NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2024-04/#CVE-2024-0742
CVE-2024-0741 (An out of bounds write in ANGLE could have allowed an attacker to corr ...)
- {DSA-5606-1 DSA-5605-1 DLA-3720-1}
+ {DSA-5606-1 DSA-5605-1 DLA-3727-1 DLA-3720-1}
- firefox 122.0-1
- firefox-esr 115.7.0esr-1
- thunderbird 1:115.7.0-1
@@ -2503,37 +2633,37 @@ CVE-2024-20923
CVE-2024-20925
- openjfx <not-affected> (Only affects JavaFX 8)
CVE-2024-20945
- {DSA-5604-1}
+ {DSA-5604-1 DLA-3728-1}
- openjdk-8 8u402-ga-1
- openjdk-11 11.0.22+7-1
- openjdk-17 17.0.10+7-1
- openjdk-21 21.0.2+13-1
CVE-2024-20926 (Vulnerability in the Oracle Java SE, Oracle GraalVM for JDK, Oracle Gr ...)
- {DSA-5604-1}
+ {DSA-5604-1 DLA-3728-1}
- openjdk-8 8u402-ga-1
- openjdk-11 11.0.22+7-1
- openjdk-17 17.0.10+7-1
- openjdk-21 21.0.2+13-1
CVE-2024-20921
- {DSA-5604-1}
+ {DSA-5604-1 DLA-3728-1}
- openjdk-8 8u402-ga-1
- openjdk-11 11.0.22+7-1
- openjdk-17 17.0.10+7-1
- openjdk-21 21.0.2+13-1
CVE-2024-20919
- {DSA-5604-1}
+ {DSA-5604-1 DLA-3728-1}
- openjdk-8 8u402-ga-1
- openjdk-11 11.0.22+7-1
- openjdk-17 17.0.10+7-1
- openjdk-21 21.0.2+13-1
CVE-2024-20952 (Vulnerability in the Oracle Java SE, Oracle GraalVM for JDK, Oracle Gr ...)
- {DSA-5604-1}
+ {DSA-5604-1 DLA-3728-1}
- openjdk-8 8u402-ga-1
- openjdk-11 11.0.22+7-1
- openjdk-17 17.0.10+7-1
- openjdk-21 21.0.2+13-1
CVE-2024-20918 (Vulnerability in the Oracle Java SE, Oracle GraalVM for JDK, Oracle Gr ...)
- {DSA-5604-1}
+ {DSA-5604-1 DLA-3728-1}
- openjdk-8 8u402-ga-1
- openjdk-11 11.0.22+7-1
- openjdk-17 17.0.10+7-1
@@ -48458,8 +48588,8 @@ CVE-2023-1615 (The Ultimate Addons for Contact Form 7 plugin for WordPress is vu
NOT-FOR-US: WordPress plugin
CVE-2023-1614 (The WP Custom Author URL WordPress plugin before 1.0.5 does not saniti ...)
NOT-FOR-US: WordPress plugin
-CVE-2023-28807
- RESERVED
+CVE-2023-28807 (In Zscaler Internet Access (ZIA) a mismatch between Connect Host and C ...)
+ TODO: check
CVE-2023-28806
RESERVED
CVE-2023-28805 (An Improper Input Validation vulnerability in Zscaler Client Connector ...)
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/02c5a1ae29fbf96aed4c0b002a4c50260bc2f424
--
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/02c5a1ae29fbf96aed4c0b002a4c50260bc2f424
You're receiving this email because of your account on salsa.debian.org.
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://alioth-lists.debian.net/pipermail/debian-security-tracker-commits/attachments/20240131/bf67ca4a/attachment-0001.htm>
More information about the debian-security-tracker-commits
mailing list