[Git][security-tracker-team/security-tracker][master] automatic update

Salvatore Bonaccorso (@carnil) carnil at debian.org
Fri Mar 1 08:11:56 GMT 2024 


Salvatore Bonaccorso pushed to branch master at Debian Security Tracker / security-tracker


Commits:
c3d17c83 by security tracker role at 2024-03-01T08:11:43+00:00
automatic update

- - - - -


1 changed file:

- data/CVE/list


Changes:

=====================================
data/CVE/list
=====================================
@@ -1,68 +1,136 @@
-CVE-2021-47068 [net/nfc: fix use-after-free llcp_sock_bind/connect]
+CVE-2024-2045 (Session version 1.17.5 allows obtaining internal application files and ...)
+	TODO: check
+CVE-2024-2022 (A vulnerability was found in Netentsec NS-ASG Application Security Gat ...)
+	TODO: check
+CVE-2024-2021 (A vulnerability was found in Netentsec NS-ASG Application Security Gat ...)
+	TODO: check
+CVE-2024-2016 (A vulnerability, which was classified as critical, was found in ZhiCms ...)
+	TODO: check
+CVE-2024-2015 (A vulnerability, which was classified as critical, has been found in Z ...)
+	TODO: check
+CVE-2024-2014 (A vulnerability classified as critical was found in Panabit Panalog 20 ...)
+	TODO: check
+CVE-2024-27950 (Missing Authorization vulnerability in sirv.Com Image Optimizer, Resiz ...)
+	TODO: check
+CVE-2024-27949 (Server-Side Request Forgery (SSRF) vulnerability in sirv.Com Image Opt ...)
+	TODO: check
+CVE-2024-27294 (dp-golang is a Puppet module for Go installations.  Prior to 1.2.7, dp ...)
+	TODO: check
+CVE-2024-27292 (Docassemble is an expert system for guided interviews and document ass ...)
+	TODO: check
+CVE-2024-27291 (Docassemble is an expert system for guided interviews and document ass ...)
+	TODO: check
+CVE-2024-27290 (Docassemble is an expert system for guided interviews and document ass ...)
+	TODO: check
+CVE-2024-26196 (Microsoft Edge for Android (Chromium-based) Information Disclosure Vul ...)
+	TODO: check
+CVE-2024-25578 (MicroDicom DICOM Viewer versions 2023.3 (Build 9342) and prior contain ...)
+	TODO: check
+CVE-2024-25554
+	REJECTED
+CVE-2024-25553
+	REJECTED
+CVE-2024-25552 (A local attacker can gain administrative privileges by inserting an ex ...)
+	TODO: check
+CVE-2024-25386 (Directory Traversal vulnerability in DICOM\xae Connectivity Framework  ...)
+	TODO: check
+CVE-2024-25293 (mjml-app versions 3.0.4 and 3.1.0-beta were discovered to contain a re ...)
+	TODO: check
+CVE-2024-25239 (SQL Injection vulnerability in Sourcecodester Employee Management Syst ...)
+	TODO: check
+CVE-2024-25167 (Cross Site Scripting vulnerability in eblog v1.0 allows a remote attac ...)
+	TODO: check
+CVE-2024-24520 (An issue in Lepton CMS v.7.0.0 allows a local attacker to execute arbi ...)
+	TODO: check
+CVE-2024-24028 (Server Side Request Forgery (SSRF) vulnerability in Likeshop before 2. ...)
+	TODO: check
+CVE-2024-22891 (Nteract v.0.28.0 was discovered to contain a remote code execution (RC ...)
+	TODO: check
+CVE-2024-22100 (MicroDicom DICOM Viewer versions 2023.3 (Build 9342) and prior are aff ...)
+	TODO: check
+CVE-2024-1941 (Delta Electronics CNCSoft-B versions 1.0.0.4 and prior are vulnerable  ...)
+	TODO: check
+CVE-2024-1859 (The Slider Responsive Slideshow \u2013 Image slider, Gallery slideshow ...)
+	TODO: check
+CVE-2024-0403 (Recipes version 1.5.10 allows arbitrary HTTP requests to be made  thro ...)
+	TODO: check
+CVE-2023-52555 (In mongo-express 1.0.2, /admin allows CSRF, as demonstrated by deletio ...)
+	TODO: check
+CVE-2023-50324 (IBM Cognos Command Center 10.2.4.1 and 10.2.5 exposes details the X-As ...)
+	TODO: check
+CVE-2023-50312 (IBM WebSphere Application Server Liberty 17.0.0.3 through 24.0.0.2 cou ...)
+	TODO: check
+CVE-2023-50305 (IBM Engineering Requirements Management DOORS 9.7.2.7 does not require ...)
+	TODO: check
+CVE-2023-47716 (IBM CP4BA - Filenet Content Manager Component 5.5.8.0, 5.5.10.0, and 5 ...)
+	TODO: check
+CVE-2023-38366 (IBM Filenet Content Manager Component 5.5.8.0, 5.5.10.0, and 5.5.11.0  ...)
+	TODO: check
+CVE-2021-47068 (In the Linux kernel, the following vulnerability has been resolved:  n ...)
 	- linux 5.10.38-1
 	[buster] - linux 4.19.194-1
 	NOTE: https://git.kernel.org/linus/c61760e6940dd4039a7f5e84a6afc9cdbf4d82b6 (5.13-rc1)
-CVE-2021-47067 [soc/tegra: regulators: Fix locking up when voltage-spread is out of range]
+CVE-2021-47067 (In the Linux kernel, the following vulnerability has been resolved:  s ...)
 	- linux 5.10.38-1
 	[buster] - linux <not-affected> (Vulnerable code not present)
 	NOTE: https://git.kernel.org/linus/ef85bb582c41524e9e68dfdbde48e519dac4ab3d (5.13-rc1)
-CVE-2021-47066 [async_xor: increase src_offs when dropping destination page]
+CVE-2021-47066 (In the Linux kernel, the following vulnerability has been resolved:  a ...)
 	- linux 5.10.38-1
 	[buster] - linux <not-affected> (Vulnerable code not present)
 	NOTE: https://git.kernel.org/linus/ceaf2966ab082bbc4d26516f97b3ca8a676e2af8 (5.13-rc1)
-CVE-2021-47065 [rtw88: Fix array overrun in rtw_get_tx_power_params()]
+CVE-2021-47065 (In the Linux kernel, the following vulnerability has been resolved:  r ...)
 	- linux 5.10.38-1
 	[buster] - linux <not-affected> (Vulnerable code not present)
 	NOTE: https://git.kernel.org/linus/2ff25985ea9ccc6c9af2c77b0b49045adcc62e0e (5.13-rc1)
-CVE-2021-47064 [mt76: fix potential DMA mapping leak]
+CVE-2021-47064 (In the Linux kernel, the following vulnerability has been resolved:  m ...)
 	- linux 5.10.38-1
 	[buster] - linux <not-affected> (Vulnerable code not present)
 	NOTE: https://git.kernel.org/linus/b4403cee6400c5f679e9c4a82b91d61aa961eccf (5.13-rc1)
-CVE-2021-47063 [drm: bridge/panel: Cleanup connector on bridge detach]
+CVE-2021-47063 (In the Linux kernel, the following vulnerability has been resolved:  d ...)
 	- linux 5.10.38-1
 	NOTE: https://git.kernel.org/linus/4d906839d321c2efbf3fed4bc31ffd9ff55b75c0 (5.13-rc1)
-CVE-2021-47062 [KVM: SVM: Use online_vcpus, not created_vcpus, to iterate over vCPUs]
+CVE-2021-47062 (In the Linux kernel, the following vulnerability has been resolved:  K ...)
 	- linux <not-affected> (Vulnerable code not present)
 	NOTE: https://git.kernel.org/linus/c36b16d29f3af5f32fc1b2a3401bf48f71cabee1 (5.13-rc1)
-CVE-2021-47061 [KVM: Destroy I/O bus devices on unregister failure _after_ sync'ing SRCU]
+CVE-2021-47061 (In the Linux kernel, the following vulnerability has been resolved:  K ...)
 	- linux 5.10.38-1
 	NOTE: https://git.kernel.org/linus/2ee3757424be7c1cd1d0bbfa6db29a7edd82a250 (5.13-rc1)
-CVE-2021-47060 [KVM: Stop looking for coalesced MMIO zones if the bus is destroyed]
+CVE-2021-47060 (In the Linux kernel, the following vulnerability has been resolved:  K ...)
 	- linux 5.10.38-1
 	NOTE: https://git.kernel.org/linus/5d3c4c79384af06e3c8e25b7770b6247496b4417 (5.13-rc1)
-CVE-2021-47059 [crypto: sun8i-ss - fix result memory leak on error path]
+CVE-2021-47059 (In the Linux kernel, the following vulnerability has been resolved:  c ...)
 	- linux 5.10.38-1
 	[buster] - linux <not-affected> (Vulnerable code not present)
 	NOTE: https://git.kernel.org/linus/1dbc6a1e25be8575d6c4114d1d2b841a796507f7 (5.13-rc1)
-CVE-2021-47058 [regmap: set debugfs_name to NULL after it is freed]
+CVE-2021-47058 (In the Linux kernel, the following vulnerability has been resolved:  r ...)
 	- linux 5.10.38-1
 	[buster] - linux 4.19.194-1
 	NOTE: https://git.kernel.org/linus/e41a962f82e7afb5b1ee644f48ad0b3aee656268 (5.13-rc1)
-CVE-2021-47057 [crypto: sun8i-ss - Fix memory leak of object d when dma_iv fails to map]
+CVE-2021-47057 (In the Linux kernel, the following vulnerability has been resolved:  c ...)
 	- linux 5.10.38-1
 	[buster] - linux <not-affected> (Vulnerable code not present)
 	NOTE: https://git.kernel.org/linus/98b5ef3e97b16eaeeedb936f8bda3594ff84a70e (5.13-rc1)
-CVE-2021-47056 [crypto: qat - ADF_STATUS_PF_RUNNING should be set after adf_dev_init]
+CVE-2021-47056 (In the Linux kernel, the following vulnerability has been resolved:  c ...)
 	- linux 5.10.38-1
 	[buster] - linux 4.19.194-1
 	NOTE: https://git.kernel.org/linus/8609f5cfdc872fc3a462efa6a3eca5cb1e2f6446 (5.13-rc1)
-CVE-2021-47055 [mtd: require write permissions for locking and badblock ioctls]
+CVE-2021-47055 (In the Linux kernel, the following vulnerability has been resolved:  m ...)
 	- linux 5.10.38-1
 	[buster] - linux 4.19.194-1
 	NOTE: https://git.kernel.org/linus/1e97743fd180981bef5f01402342bb54bf1c6366 (5.13-rc1)
-CVE-2021-47054 [bus: qcom: Put child node before return]
+CVE-2021-47054 (In the Linux kernel, the following vulnerability has been resolved:  b ...)
 	- linux 5.10.38-1
 	[buster] - linux 4.19.194-1
 	NOTE: https://git.kernel.org/linus/ac6ad7c2a862d682bb584a4bc904d89fa7721af8 (5.13-rc1)
-CVE-2021-47020 [soundwire: stream: fix memory leak in stream config error path]
+CVE-2021-47020 (In the Linux kernel, the following vulnerability has been resolved:  s ...)
 	- linux 5.10.38-1
 	[buster] - linux 4.19.194-1
 	NOTE: https://git.kernel.org/linus/48f17f96a81763c7c8bf5500460a359b9939359f (5.13-rc1)
-CVE-2021-47016 [m68k: mvme147,mvme16x: Don't wipe PCC timer config bits]
+CVE-2021-47016 (In the Linux kernel, the following vulnerability has been resolved:  m ...)
 	- linux 5.10.38-1
 	[buster] - linux <not-affected> (Vulnerable code not present)
 	NOTE: https://git.kernel.org/linus/43262178c043032e7c42d00de44c818ba05f9967 (5.13-rc1)
-CVE-2021-46959 [spi: Fix use-after-free with devm_spi_alloc_*]
+CVE-2021-46959 (In the Linux kernel, the following vulnerability has been resolved:  s ...)
 	- linux 5.10.38-1
 	[buster] - linux 4.19.194-1
 	NOTE: https://git.kernel.org/linus/794aaf01444d4e765e2b067cba01cc69c1c68ed9 (5.13-rc1)
@@ -2449,7 +2517,7 @@ CVE-2024-1053 (The Event Tickets and Registration plugin for WordPress is vulner
 	NOT-FOR-US: WordPress plugin
 CVE-2024-0903 (The User Feedback \u2013 Create Interactive Feedback Form, User Survey ...)
 	NOT-FOR-US: WordPress plugin
-CVE-2024-0446 (A maliciously crafted STP, CATPART or MODEL file when parsed in ASMKER ...)
+CVE-2024-0446 (A maliciously crafted STP, CATPART or MODEL file in ASMKERN228A.dll wh ...)
 	NOT-FOR-US: Autodesk
 CVE-2023-52155 (A SQL Injection vulnerability in /admin/sauvegarde/run.php in PMB 7.4. ...)
 	NOT-FOR-US: PMB
@@ -12579,6 +12647,7 @@ CVE-2024-0209 (IEEE 1609.2 dissector crash in Wireshark 4.2.0, 4.0.0 to 4.0.11,
 	NOTE: The bug references two crashes, this is for the one labelled "BUG log 2",
 	NOTE: the more severe "Bug log 1" only affected unreleased versions
 CVE-2024-0208 (GVCP dissector crash in Wireshark 4.2.0, 4.0.0 to 4.0.11, and 3.6.0 to ...)
+	{DLA-3746-1}
 	- wireshark 4.2.2-1 (bug #1059925)
 	[bookworm] - wireshark <no-dsa> (Minor issue)
 	[bullseye] - wireshark <no-dsa> (Minor issue)
@@ -20750,7 +20819,7 @@ CVE-2023-6176 (A null pointer dereference flaw was found in the Linux kernel API
 	[buster] - linux <not-affected> (Vulnerable code not present)
 	NOTE: https://git.kernel.org/linus/cfaa80c91f6f99b9342b6557f0f0e1143e434066 (6.6-rc2)
 CVE-2023-6175 [NetScreen file parser crash]
-	{DSA-5559-1}
+	{DSA-5559-1 DLA-3746-1}
 	- wireshark 4.0.11-1
 	[bullseye] - wireshark <no-dsa> (Minor issue)
 	NOTE: https://www.wireshark.org/security/wnpa-sec-2023-29.html
@@ -34824,7 +34893,7 @@ CVE-2023-XXXX [tryton-server lack of record validation]
 	[buster] - tryton-server 5.0.4-2+deb10u2
 	NOTE: https://discuss.tryton.org/t/security-release-for-issue-12428
 CVE-2023-4513 (BT SDP dissector memory leak in Wireshark 4.0.0 to 4.0.7 and 3.6.0 to  ...)
-	{DSA-5559-1}
+	{DSA-5559-1 DLA-3746-1}
 	- wireshark 4.0.8-1
 	[bullseye] - wireshark <no-dsa> (Minor issue)
 	NOTE: https://gitlab.com/wireshark/wireshark/-/issues/19259
@@ -34837,7 +34906,7 @@ CVE-2023-4512 (CBOR dissector crash in Wireshark 4.0.0 to 4.0.6 allows denial of
 	NOTE: https://gitlab.com/wireshark/wireshark/-/issues/19144
 	NOTE: https://www.wireshark.org/security/wnpa-sec-2023-23.html
 CVE-2023-4511 (BT SDP dissector infinite loop in Wireshark 4.0.0 to 4.0.7 and 3.6.0 t ...)
-	{DSA-5559-1}
+	{DSA-5559-1 DLA-3746-1}
 	- wireshark 4.0.8-1
 	[bullseye] - wireshark <no-dsa> (Minor issue)
 	NOTE: https://gitlab.com/wireshark/wireshark/-/issues/19258
@@ -55149,8 +55218,8 @@ CVE-2023-28951
 	RESERVED
 CVE-2023-28950 (IBM MQ 8.0, 9.0, 9.1, 9.2, and 9.3 could disclose sensitive user infor ...)
 	NOT-FOR-US: IBM
-CVE-2023-28949
-	RESERVED
+CVE-2023-28949 (IBM Engineering Requirements Management DOORS 9.7.2.7 is vulnerable to ...)
+	TODO: check
 CVE-2023-28948
 	RESERVED
 CVE-2023-28947
@@ -56715,8 +56784,8 @@ CVE-2023-28527 (IBM Informix Dynamic Server 12.10 and 14.10 cdr is vulnerable to
 	NOT-FOR-US: IBM
 CVE-2023-28526 (IBM Informix Dynamic Server 12.10 and 14.10 archecker is vulnerable to ...)
 	NOT-FOR-US: IBM
-CVE-2023-28525
-	RESERVED
+CVE-2023-28525 (IBM Engineering Requirements Management 9.7.2.7 is vulnerable to cross ...)
+	TODO: check
 CVE-2023-28524
 	RESERVED
 CVE-2023-28523 (IBM Informix Dynamic Server 12.10 and 14.10 onsmsync is vulnerable to  ...)
@@ -275308,22 +275377,27 @@ CVE-2020-13580 (An exploitable heap-based buffer overflow vulnerability exists i
 CVE-2020-13579 (An exploitable integer overflow vulnerability exists in the PlanMaker  ...)
 	NOT-FOR-US: SoftMaker
 CVE-2020-13578 (A denial-of-service vulnerability exists in the WS-Security plugin fun ...)
+	{DLA-3745-1}
 	- gsoap 2.8.104-3 (bug #983596)
 	[stretch] - gsoap <ignored> (intrusive to backport, will either not compile or may cause runtime errors)
 	NOTE: https://talosintelligence.com/vulnerability_reports/TALOS-2020-1189
 CVE-2020-13577 (A denial-of-service vulnerability exists in the WS-Security plugin fun ...)
+	{DLA-3745-1}
 	- gsoap 2.8.104-3 (bug #983596)
 	[stretch] - gsoap <ignored> (intrusive to backport, will either not compile or may cause runtime errors)
 	NOTE: https://talosintelligence.com/vulnerability_reports/TALOS-2020-1188
 CVE-2020-13576 (A code execution vulnerability exists in the WS-Addressing plugin func ...)
+	{DLA-3745-1}
 	- gsoap 2.8.104-3 (bug #983596)
 	[stretch] - gsoap <ignored> (intrusive to backport, will either not compile or may cause runtime errors)
 	NOTE: https://talosintelligence.com/vulnerability_reports/TALOS-2020-1187
 CVE-2020-13575 (A denial-of-service vulnerability exists in the WS-Addressing plugin f ...)
+	{DLA-3745-1}
 	- gsoap 2.8.104-3 (bug #983596)
 	[stretch] - gsoap <ignored> (intrusive to backport, will either not compile or may cause runtime errors)
 	NOTE: https://talosintelligence.com/vulnerability_reports/TALOS-2020-1186
 CVE-2020-13574 (A denial-of-service vulnerability exists in the WS-Security plugin fun ...)
+	{DLA-3745-1}
 	- gsoap 2.8.104-3 (bug #983596)
 	[stretch] - gsoap <ignored> (intrusive to backport, will either not compile or may cause runtime errors)
 	NOTE: https://talosintelligence.com/vulnerability_reports/TALOS-2020-1185



View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/c3d17c83cd7e0e1cc896be1294eaf165375a4329

-- 
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/c3d17c83cd7e0e1cc896be1294eaf165375a4329
You're receiving this email because of your account on salsa.debian.org.


-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://alioth-lists.debian.net/pipermail/debian-security-tracker-commits/attachments/20240301/7d98baac/attachment-0001.htm>

More information about the debian-security-tracker-commits mailing list