[Git][security-tracker-team/security-tracker][master] automatic update
Salvatore Bonaccorso (@carnil)
carnil at debian.org
Tue Mar 5 20:12:38 GMT 2024
Salvatore Bonaccorso pushed to branch master at Debian Security Tracker / security-tracker
Commits:
6acad771 by security tracker role at 2024-03-05T20:12:27+00:00
automatic update
- - - - -
1 changed file:
- data/CVE/list
Changes:
=====================================
data/CVE/list
=====================================
@@ -1,9 +1,101 @@
-CVE-2022-48630 [crypto: qcom-rng - fix infinite loop on requests not multiple of WORD_SZ]
+CVE-2024-2188 (Cross-Site Scripting (XSS) vulnerability stored in TP-Link Archer AX50 ...)
+ TODO: check
+CVE-2024-2056 (Services that are running and bound to the loopback interface on the A ...)
+ TODO: check
+CVE-2024-2055 (The "Rich Filemanager" feature of Artica Proxy provides a web-based in ...)
+ TODO: check
+CVE-2024-2054 (The Artica-Proxy administrative web application will deserialize arbit ...)
+ TODO: check
+CVE-2024-2053 (The Artica Proxy administrative web application will deserialize arbit ...)
+ TODO: check
+CVE-2024-2005 (Blue Planet\xae has released software updates that address this vulner ...)
+ TODO: check
+CVE-2024-27931 (Deno is a JavaScript, TypeScript, and WebAssembly runtime with secure ...)
+ TODO: check
+CVE-2024-27929 (ImageSharp is a managed, cross-platform, 2D graphics library. A heap-u ...)
+ TODO: check
+CVE-2024-27627 (A reflected cross-site scripting (XSS) vulnerability exists in SuperCa ...)
+ TODO: check
+CVE-2024-27626 (A Reflected Cross-Site Scripting (XSS) vulnerability has been identifi ...)
+ TODO: check
+CVE-2024-27625 (CMS Made Simple Version 2.2.19 is vulnerable to Cross Site Scripting ( ...)
+ TODO: check
+CVE-2024-27623 (CMS Made Simple version 2.2.19 is vulnerable to Server-Side Template I ...)
+ TODO: check
+CVE-2024-27622 (A remote code execution vulnerability has been identified in the User ...)
+ TODO: check
+CVE-2024-27565 (A Server-Side Request Forgery (SSRF) in weixin.php of ChatGPT-wechat-p ...)
+ TODO: check
+CVE-2024-27564 (A Server-Side Request Forgery (SSRF) in pictureproxy.php of ChatGPT co ...)
+ TODO: check
+CVE-2024-27563 (A Server-Side Request Forgery (SSRF) in the getFileFromRepo function o ...)
+ TODO: check
+CVE-2024-27561 (A Server-Side Request Forgery (SSRF) in the installUpdateThemePluginAc ...)
+ TODO: check
+CVE-2024-26339 (swftools v0.9.2 was discovered to contain a strcpy parameter overlap v ...)
+ TODO: check
+CVE-2024-26337 (swftools v0.9.2 was discovered to contain a segmentation violation via ...)
+ TODO: check
+CVE-2024-26335 (swftools v0.9.2 was discovered to contain a segmentation violation via ...)
+ TODO: check
+CVE-2024-26334 (swftools v0.9.2 was discovered to contain a segmentation violation via ...)
+ TODO: check
+CVE-2024-24098 (Code-projects Scholars Tracking System 1.0 is vulnerable to SQL Inject ...)
+ TODO: check
+CVE-2024-23296 (A memory corruption issue was addressed with improved validation. This ...)
+ TODO: check
+CVE-2024-23256 (A logic issue was addressed with improved state management. This issue ...)
+ TODO: check
+CVE-2024-23243 (A privacy issue was addressed with improved private data redaction for ...)
+ TODO: check
+CVE-2024-23225 (A memory corruption issue was addressed with improved validation. This ...)
+ TODO: check
+CVE-2024-22352 (IBM InfoSphere Information Server 11.7 stores potentially sensitive in ...)
+ TODO: check
+CVE-2024-22255 (VMware ESXi, Workstation, and Fusion contain an information disclosure ...)
+ TODO: check
+CVE-2024-22254 (VMware ESXi contains an out-of-bounds write vulnerability.A malicious ...)
+ TODO: check
+CVE-2024-22253 (VMware ESXi, Workstation, and Fusion contain a use-after-free vulnerab ...)
+ TODO: check
+CVE-2024-22252 (VMware ESXi, Workstation, and Fusion contain a use-after-free vulnerab ...)
+ TODO: check
+CVE-2024-1202 (Authentication Bypass by Primary Weakness vulnerability in XPodas Octo ...)
+ TODO: check
+CVE-2023-7103 (Authentication Bypass by Primary Weakness vulnerability in ZKSoftware ...)
+ TODO: check
+CVE-2023-5457 (A CWE-1269 \u201cProduct Released in Non-Release Configuration\u201d v ...)
+ TODO: check
+CVE-2023-5456 (A CWE-798 \u201cUse of Hard-coded Credentials\u201d vulnerability in t ...)
+ TODO: check
+CVE-2023-45600 (A CWE-613 \u201cInsufficient Session Expiration\u201d vulnerability in ...)
+ TODO: check
+CVE-2023-45599 (A CWE-646 \u201cReliance on File Name or Extension of Externally-Suppl ...)
+ TODO: check
+CVE-2023-45598 (A CWE-862 \u201cMissing Authorization\u201d vulnerability in the \u201 ...)
+ TODO: check
+CVE-2023-45597 (A CWE-1236 \u201cImproper Neutralization of Formula Elements in a CSV ...)
+ TODO: check
+CVE-2023-45596 (A CWE-862 \u201cMissing Authorization\u201d vulnerability in the \u201 ...)
+ TODO: check
+CVE-2023-45595 (A CWE-434 \u201cUnrestricted Upload of File with Dangerous Type\u201d ...)
+ TODO: check
+CVE-2023-45594 (A CWE-552 \u201cFiles or Directories Accessible to External Parties\u2 ...)
+ TODO: check
+CVE-2023-45593 (A CWE-693 \u201cProtection Mechanism Failure\u201d vulnerability in th ...)
+ TODO: check
+CVE-2023-45592 (A CWE-250 \u201cExecution with Unnecessary Privileges\u201d vulnerabil ...)
+ TODO: check
+CVE-2023-45591 (A CWE-122 \u201cHeap-based Buffer Overflow\u201d vulnerability in the ...)
+ TODO: check
+CVE-2023-35899 (IBM Cloud Pak for Automation 18.0.0, 18.0.1, 18.0.2, 19.0.1, 19.0.2, 1 ...)
+ TODO: check
+CVE-2022-48630 (In the Linux kernel, the following vulnerability has been resolved: c ...)
- linux 5.17.11-1
[bullseye] - linux 5.10.120-1
[buster] - linux 4.19.249-1
NOTE: https://git.kernel.org/linus/16287397ec5c08aa58db6acf7dbc55470d78087d (5.18)
-CVE-2022-48629 [crypto: qcom-rng - ensure buffer for generate is completely filled]
+CVE-2022-48629 (In the Linux kernel, the following vulnerability has been resolved: c ...)
- linux 5.16.18-1
[bullseye] - linux 5.10.113-1
[buster] - linux 4.19.249-1
@@ -2520,6 +2612,7 @@ CVE-2023-48679 (Stored cross-site scripting (XSS) vulnerability due to missing o
CVE-2023-48678 (Sensitive information disclosure due to insecure folder permissions. T ...)
NOT-FOR-US: Acronis
CVE-2024-27354 (An issue was discovered in phpseclib 1.x before 1.0.23, 2.x before 2.0 ...)
+ {DLA-3750-1 DLA-3749-1}
- phpseclib 1.0.23-1
[bookworm] - phpseclib <no-dsa> (Minor issue; can be fixed via pu)
[bullseye] - phpseclib <no-dsa> (Minor issue; can be fixed via pu)
@@ -2530,6 +2623,7 @@ CVE-2024-27354 (An issue was discovered in phpseclib 1.x before 1.0.23, 2.x befo
[bookworm] - php-phpseclib3 <no-dsa> (Minor issue; can be fixed via pu)
NOTE: https://github.com/phpseclib/phpseclib/commit/ad5dbdf2129f5e0fb644637770b7f33de8ca8575
CVE-2024-27355 (An issue was discovered in phpseclib 1.x before 1.0.23, 2.x before 2.0 ...)
+ {DLA-3750-1 DLA-3749-1}
- phpseclib 1.0.23-1
[bookworm] - phpseclib <no-dsa> (Minor issue; can be fixed via pu)
[bullseye] - phpseclib <no-dsa> (Minor issue; can be fixed via pu)
@@ -5466,6 +5560,7 @@ CVE-2024-24921 (A vulnerability has been identified in Simcenter Femap (All vers
CVE-2024-24920 (A vulnerability has been identified in Simcenter Femap (All versions < ...)
NOT-FOR-US: Siemens
CVE-2024-24814 (mod_auth_openidc is an OpenID Certified\u2122 authentication and autho ...)
+ {DLA-3751-1}
- libapache2-mod-auth-openidc <unfixed> (bug #1064183)
NOTE: https://github.com/OpenIDC/mod_auth_openidc/security/advisories/GHSA-hxr6-w4gc-7vvv
NOTE: https://github.com/OpenIDC/mod_auth_openidc/commit/4022c12f314bd89d127d1be008b1a80a08e1203d (v2.4.15.2)
@@ -64602,8 +64697,8 @@ CVE-2023-26284 (IBM MQ Certified Container 9.3.0.1 through 9.3.0.3 and 9.3.1.0 t
NOT-FOR-US: IBM
CVE-2023-26283 (IBM WebSphere Application Server 9.0 is vulnerable to cross-site scrip ...)
NOT-FOR-US: IBM
-CVE-2023-26282
- RESERVED
+CVE-2023-26282 (IBM Watson CP4D Data Stores 4.6.0 through 4.6.3 could allow a user wit ...)
+ TODO: check
CVE-2023-26281 (IBM HTTP Server 8.5 used by IBM WebSphere Application Server could all ...)
NOT-FOR-US: IBM
CVE-2023-26280
@@ -66685,8 +66780,8 @@ CVE-2023-25683 (IBM PowerVM Hypervisor FW950.00 through FW950.71, FW1010.00 thro
NOT-FOR-US: IBM
CVE-2023-25682 (IBM Sterling B2B Integrator Standard Edition 6.0.0.0 through 6.0.3.8 a ...)
NOT-FOR-US: IBM
-CVE-2023-25681
- RESERVED
+CVE-2023-25681 (LDAP users on IBM Spectrum Virtualize 8.5 which are configured to requ ...)
+ TODO: check
CVE-2023-25680 (IBM Robotic Process Automation 21.0.1 through 21.0.5 is vulnerable to ...)
NOT-FOR-US: IBM
CVE-2023-25679
@@ -85479,8 +85574,8 @@ CVE-2022-46090
RESERVED
CVE-2022-46089
RESERVED
-CVE-2022-46088
- RESERVED
+CVE-2022-46088 (Online Flight Booking Management System v1.0 was discovered to contain ...)
+ TODO: check
CVE-2022-46087 (CloudSchool v3.0.1 is vulnerable to Cross Site Scripting (XSS). A norm ...)
NOT-FOR-US: CloudSchool
CVE-2022-46086
@@ -157585,8 +157680,8 @@ CVE-2022-22401 (IBM Aspera Faspex 5.0.5 could allow a remote attacker to gather
NOT-FOR-US: IBM
CVE-2022-22400
RESERVED
-CVE-2022-22399
- RESERVED
+CVE-2022-22399 (IBM Aspera Faspex 5.0.0 and 5.0.1 is vulnerable to HTTP header injecti ...)
+ TODO: check
CVE-2022-22398
RESERVED
CVE-2022-22397
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/6acad77195088ad5e8dea96c8994c243a5acb460
--
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/6acad77195088ad5e8dea96c8994c243a5acb460
You're receiving this email because of your account on salsa.debian.org.
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://alioth-lists.debian.net/pipermail/debian-security-tracker-commits/attachments/20240305/a3783236/attachment-0001.htm>
More information about the debian-security-tracker-commits
mailing list