[Git][security-tracker-team/security-tracker][master] automatic update

Salvatore Bonaccorso (@carnil) carnil at debian.org
Sat Mar 2 08:11:59 GMT 2024 


Salvatore Bonaccorso pushed to branch master at Debian Security Tracker / security-tracker


Commits:
3aad530e by security tracker role at 2024-03-02T08:11:48+00:00
automatic update

- - - - -


1 changed file:

- data/CVE/list


Changes:

=====================================
data/CVE/list
=====================================
@@ -1,46 +1,98 @@
-CVE-2021-47081 [habanalabs/gaudi: Fix a potential use after free in gaudi_memset_device_memory]
+CVE-2024-27747 (File Upload vulnerability in Petrol Pump Mangement Software v.1.0 allo ...)
+	TODO: check
+CVE-2024-27746 (SQL Injection vulnerability in Petrol Pump Mangement Software v.1.0 al ...)
+	TODO: check
+CVE-2024-27744 (Cross Site Scripting vulnerability in Petrol Pump Mangement Software v ...)
+	TODO: check
+CVE-2024-27743 (Cross Site Scripting vulnerability in Petrol Pump Mangement Software v ...)
+	TODO: check
+CVE-2024-27101 (SpiceDB is an open source, Google Zanzibar-inspired database for creat ...)
+	TODO: check
+CVE-2024-25438 (A cross-site scripting (XSS) vulnerability in the Submission module of ...)
+	TODO: check
+CVE-2024-25436 (A cross-site scripting (XSS) vulnerability in the Production module of ...)
+	TODO: check
+CVE-2024-25434 (A cross-site scripting (XSS) vulnerability in Pkp Ojs v3.3 allows atta ...)
+	TODO: check
+CVE-2024-25064 (Due to insufficient server-side validation, an attacker with login pri ...)
+	TODO: check
+CVE-2024-25063 (Due to insufficient server-side validation, a successful exploit of th ...)
+	TODO: check
+CVE-2024-24512 (Cross Site Scripting vulnerability in Pkp OJS v.3.4 allows an attacker ...)
+	TODO: check
+CVE-2024-24511 (Cross Site Scripting vulnerability in Pkp OJS v.3.4 allows an attacker ...)
+	TODO: check
+CVE-2024-23492 (A weak encoding is used to transmit credentials for WS203VICM.)
+	TODO: check
+CVE-2024-22182 (A remote, unauthenticated attacker may be able to send crafted message ...)
+	TODO: check
+CVE-2024-21767 (A remote attacker may be able to bypass access control of Commend WS20 ...)
+	TODO: check
+CVE-2024-1869 (Certain HP DesignJet print products are potentially vulnerable to info ...)
+	TODO: check
+CVE-2024-1775 (The Nextend Social Login and Register plugin for WordPress is vulnerab ...)
+	TODO: check
+CVE-2024-1592 (The Complianz \u2013 GDPR/CCPA Cookie Consent plugin for WordPress is  ...)
+	TODO: check
+CVE-2023-7244 (Industrial Control Systems Network Protocol Parsers (ICSNPP) - Etherca ...)
+	TODO: check
+CVE-2023-7243 (Industrial Control Systems Network Protocol Parsers (ICSNPP) - Etherca ...)
+	TODO: check
+CVE-2023-7242 (Industrial Control Systems Network Protocol Parsers (ICSNPP) - Etherca ...)
+	TODO: check
+CVE-2023-49545 (A directory listing vulnerability in Customer Support System v1 allows ...)
+	TODO: check
+CVE-2023-49544 (A local file inclusion (LFI) in Customer Support System v1 allows atta ...)
+	TODO: check
+CVE-2023-49543 (Incorrect access control in Book Store Management System v1 allows att ...)
+	TODO: check
+CVE-2023-49540 (Book Store Management System v1.0 was discovered to contain a cross-si ...)
+	TODO: check
+CVE-2023-49539 (Book Store Management System v1.0 was discovered to contain a cross-si ...)
+	TODO: check
+CVE-2021-47081 (In the Linux kernel, the following vulnerability has been resolved:  h ...)
 	- linux <not-affected> (Vulnerable code not present)
 	NOTE: https://git.kernel.org/linus/115726c5d312b462c9d9931ea42becdfa838a076 (5.13-rc3)
-CVE-2021-47080 [RDMA/core: Prevent divide-by-zero error triggered by the user]
+CVE-2021-47080 (In the Linux kernel, the following vulnerability has been resolved:  R ...)
 	- linux 5.10.40-1
 	[buster] - linux <not-affected> (Vulnerable code not present)
 	NOTE: https://git.kernel.org/linus/54d87913f147a983589923c7f651f97de9af5be1 (5.13-rc3)
-CVE-2021-47079 [platform/x86: ideapad-laptop: fix a NULL pointer dereference]
+CVE-2021-47079 (In the Linux kernel, the following vulnerability has been resolved:  p ...)
 	- linux <not-affected> (Vulnerable code not present)
 	NOTE: https://git.kernel.org/linus/ff67dbd554b2aaa22be933eced32610ff90209dd (5.13-rc3)
-CVE-2021-47078 [RDMA/rxe: Clear all QP fields if creation failed]
+CVE-2021-47078 (In the Linux kernel, the following vulnerability has been resolved:  R ...)
 	- linux 5.10.40-1
 	[buster] - linux 4.19.194-1
 	NOTE: https://git.kernel.org/linus/67f29896fdc83298eed5a6576ff8f9873f709228 (5.13-rc3)
-CVE-2021-47077 [scsi: qedf: Add pointer checks in qedf_update_link_speed()]
+CVE-2021-47077 (In the Linux kernel, the following vulnerability has been resolved:  s ...)
 	- linux 5.10.40-1
 	NOTE: https://git.kernel.org/linus/73578af92a0fae6609b955fcc9113e50e413c80f (5.13-rc3)
-CVE-2021-47076 [RDMA/rxe: Return CQE error if invalid lkey was supplied]
+CVE-2021-47076 (In the Linux kernel, the following vulnerability has been resolved:  R ...)
 	- linux 5.14.6-1
 	NOTE: https://git.kernel.org/linus/dc07628bd2bbc1da768e265192c28ebd301f509d (5.13-rc3)
-CVE-2021-47075 [nvmet: fix memory leak in nvmet_alloc_ctrl()]
+CVE-2021-47075 (In the Linux kernel, the following vulnerability has been resolved:  n ...)
 	- linux 5.10.40-1
 	[buster] - linux <not-affected> (Vulnerable code not present)
 	NOTE: https://git.kernel.org/linus/fec356a61aa3d3a66416b4321f1279e09e0f256f (5.13-rc3)
-CVE-2021-47074 [nvme-loop: fix memory leak in nvme_loop_create_ctrl()]
+CVE-2021-47074 (In the Linux kernel, the following vulnerability has been resolved:  n ...)
 	- linux 5.10.40-1
 	NOTE: https://git.kernel.org/linus/03504e3b54cc8118cc26c064e60a0b00c2308708 (5.13-rc3)
-CVE-2021-47073 [platform/x86: dell-smbios-wmi: Fix oops on rmmod dell_smbios]
+CVE-2021-47073 (In the Linux kernel, the following vulnerability has been resolved:  p ...)
 	- linux 5.10.40-1
 	[buster] - linux 4.19.194-1
 	NOTE: https://git.kernel.org/linus/3a53587423d25c87af4b4126a806a0575104b45e (5.13-rc3)
-CVE-2021-47072 [btrfs: fix removed dentries still existing after log is synced]
+CVE-2021-47072 (In the Linux kernel, the following vulnerability has been resolved:  b ...)
 	- linux <not-affected> (Vulnerable code not present)
 	NOTE: https://git.kernel.org/linus/54a40fc3a1da21b52dbf19f72fdc27a2ec740760 (5.13-rc3)
-CVE-2021-47071 [uio_hv_generic: Fix a memory leak in error handling paths]
+CVE-2021-47071 (In the Linux kernel, the following vulnerability has been resolved:  u ...)
 	- linux 5.10.40-1
 	[buster] - linux <not-affected> (Vulnerable code not present)
 	NOTE: https://git.kernel.org/linus/3ee098f96b8b6c1a98f7f97915f8873164e6af9d (5.13-rc3)
-CVE-2021-47070 [uio_hv_generic: Fix another memory leak in error handling paths]
+CVE-2021-47070 (In the Linux kernel, the following vulnerability has been resolved:  u ...)
 	- linux 5.14.6-1
 	[buster] - linux <not-affected> (Vulnerable code not present)
 	NOTE: https://git.kernel.org/linus/0b0226be3a52dadd965644bc52a807961c2c26df (5.13-rc3)
-CVE-2021-47069 [ipc/mqueue, msg, sem: avoid relying on a stack reference past its expiry]
+CVE-2021-47069 (In the Linux kernel, the following vulnerability has been resolved:  i ...)
 	- linux 5.10.40-1
 	[buster] - linux <not-affected> (Vulnerable code not present)
 	NOTE: https://git.kernel.org/linus/a11ddb37bf367e6b5239b95ca759e5389bb46048 (5.13-rc3)
@@ -1635,7 +1687,7 @@ CVE-2023-48679 (Stored cross-site scripting (XSS) vulnerability due to missing o
 	NOT-FOR-US: Acronis
 CVE-2023-48678 (Sensitive information disclosure due to insecure folder permissions. T ...)
 	NOT-FOR-US: Acronis
-CVE-2024-27354
+CVE-2024-27354 (An issue was discovered in phpseclib 1.x before 1.0.23, 2.x before 2.0 ...)
 	- phpseclib 1.0.23-1
 	[bookworm] - phpseclib <no-dsa> (Minor issue; can be fixed via pu)
 	[bullseye] - phpseclib <no-dsa> (Minor issue; can be fixed via pu)
@@ -1645,7 +1697,7 @@ CVE-2024-27354
 	- php-phpseclib3 3.0.36-1
 	[bookworm] - php-phpseclib3 <no-dsa> (Minor issue; can be fixed via pu)
 	NOTE: https://github.com/phpseclib/phpseclib/commit/ad5dbdf2129f5e0fb644637770b7f33de8ca8575
-CVE-2024-27355
+CVE-2024-27355 (An issue was discovered in phpseclib 1.x before 1.0.23, 2.x before 2.0 ...)
 	- phpseclib 1.0.23-1
 	[bookworm] - phpseclib <no-dsa> (Minor issue; can be fixed via pu)
 	[bullseye] - phpseclib <no-dsa> (Minor issue; can be fixed via pu)
@@ -5850,7 +5902,7 @@ CVE-2024-20290 (A vulnerability in the OLE2 file format parser of ClamAV could a
 	[bullseye] - clamav <not-affected> (Vulnerable code not present)
 	[buster] - clamav <not-affected> (Vulnerable code not present)
 	NOTE: https://blog.clamav.net/2023/11/clamav-130-122-105-released.html
-CVE-2024-20328
+CVE-2024-20328 (A vulnerability in the VirusEvent feature of ClamAV could allow a loca ...)
 	- clamav 1.0.5+dfsg-1 (bug #1063479)
 	[bookworm] - clamav <no-dsa> (clamav is updated via -updates)
 	[bullseye] - clamav <not-affected> (Vulnerable code not present)



View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/3aad530eaf0a32b8ccaee3c03610ad93d5b52f0f

-- 
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/3aad530eaf0a32b8ccaee3c03610ad93d5b52f0f
You're receiving this email because of your account on salsa.debian.org.


-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://alioth-lists.debian.net/pipermail/debian-security-tracker-commits/attachments/20240302/92290b8b/attachment.htm>

More information about the debian-security-tracker-commits mailing list