[Git][security-tracker-team/security-tracker][master] automatic update

Salvatore Bonaccorso (@carnil) carnil at debian.org
Wed Mar 6 08:12:29 GMT 2024 


Salvatore Bonaccorso pushed to branch master at Debian Security Tracker / security-tracker


Commits:
1c2441ca by security tracker role at 2024-03-06T08:12:16+00:00
automatic update

- - - - -


1 changed file:

- data/CVE/list


Changes:

=====================================
data/CVE/list
=====================================
@@ -1,3 +1,77 @@
+CVE-2024-2179 (Concrete CMS version 9 before 9.2.7 is vulnerable to Stored XSS via th ...)
+	TODO: check
+CVE-2024-27765 (Directory Traversal vulnerability in Jeewms v.3.7 and before allows a  ...)
+	TODO: check
+CVE-2024-27764 (An issue in Jeewms v.3.7 and before allows a remote attacker to escala ...)
+	TODO: check
+CVE-2024-27278 (OpenPNE Plugin "opTimelinePlugin" 1.2.11 and earlier contains a cross- ...)
+	TODO: check
+CVE-2024-25858 (In Foxit PDF Reader before 2024.1 and PDF Editor before 2024.1, code e ...)
+	TODO: check
+CVE-2024-25817 (Buffer Overflow vulnerability in eza before version 0.18.2, allows loc ...)
+	TODO: check
+CVE-2024-25616 (Aruba has identified certain configurations of ArubaOS that can lead t ...)
+	TODO: check
+CVE-2024-25615 (An unauthenticated Denial-of-Service (DoS) vulnerability exists in the ...)
+	TODO: check
+CVE-2024-25614 (There is an arbitrary file deletion vulnerability in the CLI used by A ...)
+	TODO: check
+CVE-2024-25613 (Authenticated command injection vulnerabilities exist in the ArubaOS c ...)
+	TODO: check
+CVE-2024-25612 (Authenticated command injection vulnerabilities exist in the ArubaOS c ...)
+	TODO: check
+CVE-2024-25611 (Authenticated command injection vulnerabilities exist in the ArubaOS c ...)
+	TODO: check
+CVE-2024-24786 (The protojson.Unmarshal function can enter an infinite loop when unmar ...)
+	TODO: check
+CVE-2024-24278 (An issue in Teamwire Windows desktop client v.2.0.1 through v.2.4.0 al ...)
+	TODO: check
+CVE-2024-24276 (Cross Site Scripting (XSS) vulnerability in Teamwire Windows desktop c ...)
+	TODO: check
+CVE-2024-24275 (Cross Site Scripting vulnerability in Teamwire Windows desktop client  ...)
+	TODO: check
+CVE-2024-22889 (Due to incorrect access control in Plone version v6.0.9, remote attack ...)
+	TODO: check
+CVE-2024-1989 (The Social Sharing Plugin \u2013 Sassy Social Share plugin for WordPre ...)
+	TODO: check
+CVE-2024-1901 (Denial of service in PAM password rotation during the check-in process ...)
+	TODO: check
+CVE-2024-1900 (Improper session management in the identity provider authentication fl ...)
+	TODO: check
+CVE-2024-1898 (Improper access control in the notification feature in Devolutions Ser ...)
+	TODO: check
+CVE-2024-1771 (The Total theme for WordPress is vulnerable to unauthorized modificati ...)
+	TODO: check
+CVE-2024-1764 (Improper privilege management in Just-in-time (JIT) elevation module i ...)
+	TODO: check
+CVE-2024-1760 (The Appointment Booking Calendar \u2014 Simply Schedule Appointments B ...)
+	TODO: check
+CVE-2024-1356 (Authenticated command injection vulnerabilities exist in the ArubaOS c ...)
+	TODO: check
+CVE-2024-1220 (A stack-based buffer overflow in the built-in web server in Moxa NPort ...)
+	TODO: check
+CVE-2023-49977 (A cross-site scripting (XSS) vulnerability in Customer Support System  ...)
+	TODO: check
+CVE-2023-49976 (A cross-site scripting (XSS) vulnerability in Customer Support System  ...)
+	TODO: check
+CVE-2023-49974 (A cross-site scripting (XSS) vulnerability in Customer Support System  ...)
+	TODO: check
+CVE-2023-49973 (A cross-site scripting (XSS) vulnerability in Customer Support System  ...)
+	TODO: check
+CVE-2023-49971 (A cross-site scripting (XSS) vulnerability in Customer Support System  ...)
+	TODO: check
+CVE-2023-48644 (An issue was discovered in the Archibus app 4.0.3 for iOS. There is an ...)
+	TODO: check
+CVE-2023-43318 (TP-Link JetStream Smart Switch TL-SG2210P 5.0 Build 20211201 allows at ...)
+	TODO: check
+CVE-2023-38946 (An issue in Multilaser RE160 firmware v5.07.51_pt_MTL01 and v5.07.52_p ...)
+	TODO: check
+CVE-2023-38945 (Multilaser RE160 v5.07.51_pt_MTL01 and v5.07.52_pt_MTL01, Multilaser R ...)
+	TODO: check
+CVE-2023-38944 (An issue in Multilaser RE160V firmware v12.03.01.09_pt and Multilaser  ...)
+	TODO: check
+CVE-2023-33677 (Sourcecodester Lost and Found Information System's Version 1.0 is vuln ...)
+	TODO: check
 CVE-2024-2176
 	- chromium 122.0.6261.111-1
 	[bullseye] - chromium <end-of-life> (see #1061268)
@@ -10,106 +84,106 @@ CVE-2024-2173
 	- chromium 122.0.6261.111-1
 	[bullseye] - chromium <end-of-life> (see #1061268)
 	[buster] - chromium <end-of-life> (see DSA 5046)
-CVE-2024-26628 [drm/amdkfd: Fix lock dependency warning]
+CVE-2024-26628 (In the Linux kernel, the following vulnerability has been resolved:  d ...)
 	- linux 6.7.7-1
 	NOTE: https://git.kernel.org/linus/47bf0f83fc86df1bf42b385a91aadb910137c5c9 (6.8-rc1)
-CVE-2024-26627 [scsi: core: Move scsi_host_busy() out of host lock for waking up EH handler]
+CVE-2024-26627 (In the Linux kernel, the following vulnerability has been resolved:  s ...)
 	- linux 6.7.7-1
 	[buster] - linux <not-affected> (Vulnerable code not present)
 	NOTE: https://git.kernel.org/linus/4373534a9850627a2695317944898eb1283a2db0 (6.8-rc3)
-CVE-2024-26626 [ipmr: fix kernel panic when forwarding mcast packets]
+CVE-2024-26626 (In the Linux kernel, the following vulnerability has been resolved:  i ...)
 	- linux 6.7.7-1
 	[bullseye] - linux <not-affected> (Vulnerable code not present)
 	[buster] - linux <not-affected> (Vulnerable code not present)
 	NOTE: https://git.kernel.org/linus/e622502c310f1069fd9f41cd38210553115f610a (6.8-rc3)
-CVE-2024-26625 [llc: call sock_orphan() at release time]
+CVE-2024-26625 (In the Linux kernel, the following vulnerability has been resolved:  l ...)
 	- linux 6.7.7-1
 	NOTE: https://git.kernel.org/linus/aa2b2eb3934859904c287bf5434647ba72e14c1c (6.8-rc3)
-CVE-2024-26624 [af_unix: fix lockdep positive in sk_diag_dump_icons()]
+CVE-2024-26624 (In the Linux kernel, the following vulnerability has been resolved:  a ...)
 	- linux 6.7.7-1
 	NOTE: https://git.kernel.org/linus/4d322dce82a1d44f8c83f0f54f95dd1b8dcf46c9 (6.8-rc3)
-CVE-2024-26623 [pds_core: Prevent race issues involving the adminq]
+CVE-2024-26623 (In the Linux kernel, the following vulnerability has been resolved:  p ...)
 	- linux 6.7.7-1
 	[bookworm] - linux <not-affected> (Vulnerable code not present)
 	[bullseye] - linux <not-affected> (Vulnerable code not present)
 	[buster] - linux <not-affected> (Vulnerable code not present)
 	NOTE: https://git.kernel.org/linus/7e82a8745b951b1e794cc780d46f3fbee5e93447 (6.8-rc3)
-CVE-2023-52607 [powerpc/mm: Fix null-pointer dereference in pgtable_cache_add]
+CVE-2023-52607 (In the Linux kernel, the following vulnerability has been resolved:  p ...)
 	- linux 6.7.7-1
 	NOTE: https://git.kernel.org/linus/f46c8a75263f97bda13c739ba1c90aced0d3b071 (6.8-rc1)
-CVE-2023-52606 [powerpc/lib: Validate size for vector operations]
+CVE-2023-52606 (In the Linux kernel, the following vulnerability has been resolved:  p ...)
 	- linux 6.7.7-1
 	NOTE: https://git.kernel.org/linus/8f9abaa6d7de0a70fc68acaedce290c1f96e2e59 (6.8-rc1)
-CVE-2023-52605 [ACPI: extlog: fix NULL pointer dereference check]
+CVE-2023-52605 (In the Linux kernel, the following vulnerability has been resolved:  A ...)
 	- linux 6.7.7-1
 	NOTE: https://git.kernel.org/linus/72d9b9747e78979510e9aafdd32eb99c7aa30dd1 (6.8-rc1)
-CVE-2023-52604 [FS:JFS:UBSAN:array-index-out-of-bounds in dbAdjTree]
+CVE-2023-52604 (In the Linux kernel, the following vulnerability has been resolved:  F ...)
 	- linux 6.7.7-1
 	NOTE: https://git.kernel.org/linus/9862ec7ac1cbc6eb5ee4a045b5d5b8edbb2f7e68 (6.8-rc1)
-CVE-2023-52603 [UBSAN: array-index-out-of-bounds in dtSplitRoot]
+CVE-2023-52603 (In the Linux kernel, the following vulnerability has been resolved:  U ...)
 	- linux 6.7.7-1
 	NOTE: https://git.kernel.org/linus/27e56f59bab5ddafbcfe69ad7a4a6ea1279c1b16 (6.8-rc1)
-CVE-2023-52602 [jfs: fix slab-out-of-bounds Read in dtSearch]
+CVE-2023-52602 (In the Linux kernel, the following vulnerability has been resolved:  j ...)
 	- linux 6.7.7-1
 	NOTE: https://git.kernel.org/linus/fa5492ee89463a7590a1449358002ff7ef63529f (6.8-rc1)
-CVE-2023-52601 [jfs: fix array-index-out-of-bounds in dbAdjTree]
+CVE-2023-52601 (In the Linux kernel, the following vulnerability has been resolved:  j ...)
 	- linux 6.7.7-1
 	NOTE: https://git.kernel.org/linus/74ecdda68242b174920fe7c6133a856fb7d8559b (6.8-rc1)
-CVE-2023-52600 [jfs: fix uaf in jfs_evict_inode]
+CVE-2023-52600 (In the Linux kernel, the following vulnerability has been resolved:  j ...)
 	- linux 6.7.7-1
 	NOTE: https://git.kernel.org/linus/e0e1958f4c365e380b17ccb35617345b31ef7bf3 (6.8-rc1)
-CVE-2023-52599 [jfs: fix array-index-out-of-bounds in diNewExt]
+CVE-2023-52599 (In the Linux kernel, the following vulnerability has been resolved:  j ...)
 	- linux 6.7.7-1
 	NOTE: https://git.kernel.org/linus/49f9637aafa6e63ba686c13cb8549bf5e6920402 (6.8-rc1)
-CVE-2023-52598 [s390/ptrace: handle setting of fpc register correctly]
+CVE-2023-52598 (In the Linux kernel, the following vulnerability has been resolved:  s ...)
 	- linux 6.7.7-1
 	NOTE: https://git.kernel.org/linus/8b13601d19c541158a6e18b278c00ba69ae37829 (6.8-rc1)
-CVE-2023-52597 [KVM: s390: fix setting of fpc register]
+CVE-2023-52597 (In the Linux kernel, the following vulnerability has been resolved:  K ...)
 	- linux 6.7.7-1
 	NOTE: https://git.kernel.org/linus/b988b1bb0053c0dcd26187d29ef07566a565cf55 (6.8-rc1)
-CVE-2023-52596 [sysctl: Fix out of bounds access for empty sysctl registers]
+CVE-2023-52596 (In the Linux kernel, the following vulnerability has been resolved:  s ...)
 	- linux 6.7.7-1
 	NOTE: https://git.kernel.org/linus/315552310c7de92baea4e570967066569937a843 (6.8-rc1)
-CVE-2023-52595 [wifi: rt2x00: restart beacon queue when hardware reset]
+CVE-2023-52595 (In the Linux kernel, the following vulnerability has been resolved:  w ...)
 	- linux 6.7.7-1
 	NOTE: https://git.kernel.org/linus/a11d965a218f0cd95b13fe44d0bcd8a20ce134a8 (6.8-rc1)
-CVE-2023-52594 [wifi: ath9k: Fix potential array-index-out-of-bounds read in ath9k_htc_txstatus()]
+CVE-2023-52594 (In the Linux kernel, the following vulnerability has been resolved:  w ...)
 	- linux 6.7.7-1
 	NOTE: https://git.kernel.org/linus/2adc886244dff60f948497b59affb6c6ebb3c348 (6.8-rc1)
-CVE-2023-52593 [wifi: wfx: fix possible NULL pointer dereference in wfx_set_mfp_ap()]
+CVE-2023-52593 (In the Linux kernel, the following vulnerability has been resolved:  w ...)
 	- linux 6.7.7-1
 	NOTE: https://git.kernel.org/linus/fe0a7776d4d19e613bb8dd80fe2d78ae49e8b49d (6.8-rc1)
-CVE-2023-52592 [libbpf: Fix NULL pointer dereference in bpf_object__collect_prog_relos]
+CVE-2023-52592 (In the Linux kernel, the following vulnerability has been resolved:  l ...)
 	- linux 6.7.7-1
 	NOTE: https://git.kernel.org/linus/fc3a5534e2a8855427403113cbeb54af5837bbe0 (6.8-rc1)
-CVE-2023-52591 [reiserfs: Avoid touching renamed directory if parent does not change]
+CVE-2023-52591 (In the Linux kernel, the following vulnerability has been resolved:  r ...)
 	- linux 6.7.7-1
 	NOTE: https://git.kernel.org/linus/49db9b1b86a82448dfaf3fcfefcf678dee56c8ed (6.8-rc1)
-CVE-2023-52590 [ocfs2: Avoid touching renamed directory if parent does not change]
+CVE-2023-52590 (In the Linux kernel, the following vulnerability has been resolved:  o ...)
 	- linux 6.7.7-1
 	NOTE: https://git.kernel.org/linus/9d618d19b29c2943527e3a43da0a35aea91062fc (6.8-rc1)
-CVE-2023-52589 [media: rkisp1: Fix IRQ disable race issue]
+CVE-2023-52589 (In the Linux kernel, the following vulnerability has been resolved:  m ...)
 	- linux 6.7.7-1
 	NOTE: https://git.kernel.org/linus/870565f063a58576e8a4529f122cac4325c6b395 (6.8-rc1)
-CVE-2023-52588 [f2fs: fix to tag gcing flag on page during block migration]
+CVE-2023-52588 (In the Linux kernel, the following vulnerability has been resolved:  f ...)
 	- linux 6.7.7-1
 	NOTE: https://git.kernel.org/linus/4961acdd65c956e97c1a000c82d91a8c1cdbe44b (6.8-rc1)
-CVE-2023-52587 [IB/ipoib: Fix mcast list locking]
+CVE-2023-52587 (In the Linux kernel, the following vulnerability has been resolved:  I ...)
 	- linux 6.7.7-1
 	NOTE: https://git.kernel.org/linus/4f973e211b3b1c6d36f7c6a19239d258856749f9 (6.8-rc1)
-CVE-2023-52586 [drm/msm/dpu: Add mutex lock in control vblank irq]
+CVE-2023-52586 (In the Linux kernel, the following vulnerability has been resolved:  d ...)
 	- linux 6.7.7-1
 	NOTE: https://git.kernel.org/linus/45284ff733e4caf6c118aae5131eb7e7cf3eea5a (6.8-rc1)
-CVE-2023-52585 [drm/amdgpu: Fix possible NULL dereference in amdgpu_ras_query_error_status_helper()]
+CVE-2023-52585 (In the Linux kernel, the following vulnerability has been resolved:  d ...)
 	- linux 6.7.7-1
 	NOTE: https://git.kernel.org/linus/b8d55a90fd55b767c25687747e2b24abd1ef8680 (6.8-rc1)
-CVE-2023-52584 [spmi: mediatek: Fix UAF on device remove]
+CVE-2023-52584 (In the Linux kernel, the following vulnerability has been resolved:  s ...)
 	- linux 6.7.7-1
 	NOTE: https://git.kernel.org/linus/e821d50ab5b956ed0effa49faaf29912fd4106d9 (6.8-rc1)
-CVE-2023-52583 [ceph: fix deadlock or deadcode of misusing dget()]
+CVE-2023-52583 (In the Linux kernel, the following vulnerability has been resolved:  c ...)
 	- linux 6.7.7-1
 	NOTE: https://git.kernel.org/linus/b493ad718b1f0357394d2cdecbf00a44a36fa085 (6.8-rc1)
-CVE-2024-24785 [html/template: errors returned from MarshalJSON methods may break template escaping]
+CVE-2024-24785 (If errors returned from MarshalJSON methods contain user controlled da ...)
 	- golang-1.22 1.22.1-1
 	- golang-1.21 1.21.8-1
 	- golang-1.19 <removed>
@@ -118,7 +192,7 @@ CVE-2024-24785 [html/template: errors returned from MarshalJSON methods may brea
 	NOTE: https://github.com/golang/go/issues/65697
 	NOTE: https://github.com/golang/go/commit/056b0edcb8c152152021eebf4cf42adbfbe77992 (go1.22.1)
 	NOTE: https://github.com/golang/go/commit/3643147a29352ca2894fd5d0d2069bc4b4335a7e (go1.21.8)
-CVE-2024-24784 [net/mail: comments in display names are incorrectly handled]
+CVE-2024-24784 (The ParseAddressList function incorrectly handles comments (text withi ...)
 	- golang-1.22 1.22.1-1
 	- golang-1.21 1.21.8-1
 	- golang-1.19 <removed>
@@ -127,7 +201,7 @@ CVE-2024-24784 [net/mail: comments in display names are incorrectly handled]
 	NOTE: https://github.com/golang/go/issues/65083
 	NOTE: https://github.com/golang/go/commit/5330cd225ba54c7dc78c1b46dcdf61a4671a632c (go1.22.1)
 	NOTE: https://github.com/golang/go/commit/263c059b09fdd40d9dd945f2ecb20c89ea28efe5 (go1.21.8)
-CVE-2024-24783 [golang: crypto/x509: Verify panics on certificates with an unknown public key algorithm]
+CVE-2024-24783 (Verifying a certificate chain which contains a certificate with an unk ...)
 	- golang-1.22 1.22.1-1
 	- golang-1.21 1.21.8-1
 	- golang-1.19 <removed>
@@ -141,7 +215,7 @@ CVE-2024-1979
 CVE-2023-5685 [StackOverflowException when the chain of notifier states becomes problematically big]
 	- jboss-xnio <unfixed>
 	NOTE: https://bugzilla.redhat.com/show_bug.cgi?id=2241822
-CVE-2023-45290 [golang: net/http: memory exhaustion in Request.ParseMultipartFor]
+CVE-2023-45290 (When parsing a multipart form (either explicitly with Request.ParseMul ...)
 	- golang-1.22 1.22.1-1
 	- golang-1.21 1.21.8-1
 	- golang-1.19 <removed>
@@ -150,7 +224,7 @@ CVE-2023-45290 [golang: net/http: memory exhaustion in Request.ParseMultipartFor
 	NOTE: https://github.com/golang/go/issues/65383
 	NOTE: https://github.com/golang/go/commit/041a47712e765e94f86d841c3110c840e76d8f82 (go1.22.1)
 	NOTE: https://github.com/golang/go/commit/bf80213b121074f4ad9b449410a4d13bae5e9be0 (go1.21.8)
-CVE-2023-45289 [golang: net/http/cookiejar: incorrect forwarding of sensitive headers and cookies on HTTP redirect]
+CVE-2023-45289 (When following an HTTP redirect to a domain which is not a subdomain m ...)
 	- golang-1.22 1.22.1-1
 	- golang-1.21 1.21.8-1
 	- golang-1.19 <removed>
@@ -6857,6 +6931,7 @@ CVE-2024-25146 (Liferay Portal 7.2.0 through 7.4.1, and older unsupported versio
 CVE-2024-25144 (The IFrame widget in Liferay Portal 7.2.0 through 7.4.3.26, and older  ...)
 	NOT-FOR-US: Liferay Portal
 CVE-2024-24806 (libuv is a multi-platform support library with a focus on asynchronous ...)
+	{DLA-3752-1}
 	- libuv1 1.48.0-1 (bug #1063484)
 	NOTE: https://github.com/libuv/libuv/security/advisories/GHSA-f74f-cvh7-c6q6
 	NOTE: Introduced by: https://github.com/libuv/libuv/commit/6dd44caa35b4697d7e8c1b9fa0ba8e95d73355de (v1.24.0)
@@ -8616,7 +8691,7 @@ CVE-2024-23825 (TablePress is a table plugin for Wordpress. For importing tables
 	NOT-FOR-US: WordPress plugin
 CVE-2024-23647 (Authentik is an open-source Identity Provider. There is a bug in our i ...)
 	NOT-FOR-US: authentik
-CVE-2024-22894 (An issue in AIT-Deutschland Alpha Innotec Heatpumps wp2reg-V.3.88.0-90 ...)
+CVE-2024-22894 (An issue fixed in AIT-Deutschland Alpha Innotec Heatpumps V2.88.3 or l ...)
 	NOT-FOR-US: AIT-Deutschland Alpha Innotec Heatpumps
 CVE-2024-22523 (Directory Traversal vulnerability in Qiyu iFair version 23.8_ad0 and b ...)
 	NOT-FOR-US: Qiyu iFair
@@ -10514,7 +10589,7 @@ CVE-2023-51946 (Multiple reflected cross-site scripting (XSS) vulnerabilities in
 	NOT-FOR-US: actidata actiNAS-SL-2U-8
 CVE-2023-50694 (An issue in dom96 HTTPbeast v.0.4.1 and before allows a remote attacke ...)
 	NOT-FOR-US: dom96 HTTPbeast
-CVE-2023-50693 (An issue in dom96 Jester v.0.6.0 and before allows a remote attacker t ...)
+CVE-2023-50693 (An issue in Jester v.0.6.0 and before allows a remote attacker to send ...)
 	NOT-FOR-US: dom96 Jester
 CVE-2023-50447 (Pillow through 10.1.0 allows PIL.ImageMath.eval Arbitrary Code Executi ...)
 	{DLA-3724-1}
@@ -159299,7 +159374,7 @@ CVE-2021-45812 (NUUO Network Video Recorder NVRsolo 3.9.1 is affected by a Cross
 	NOT-FOR-US: NUUO Network Video Recorder NVRsolo
 CVE-2021-45811 (A SQL injection vulnerability in the "Search" functionality of "ticket ...)
 	NOT-FOR-US: osTicket
-CVE-2021-45810 (Multiple versions of GlobalProtect-openconnect are affected by incorre ...)
+CVE-2021-45810 (GlobalProtect-openconnect versions prior to 2.0.0 (exclusive) are affe ...)
 	NOT-FOR-US: GlobalProtect-openconnect
 CVE-2021-45809 (GlobalProtect-openconnect versions prior to 1.4.3 are affected by inco ...)
 	NOT-FOR-US: GlobalProtect-openconnect



View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/1c2441ca0d53d2d0f18fdc3d661ac4f8c016b4c5

-- 
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/1c2441ca0d53d2d0f18fdc3d661ac4f8c016b4c5
You're receiving this email because of your account on salsa.debian.org.


-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://alioth-lists.debian.net/pipermail/debian-security-tracker-commits/attachments/20240306/9bb649bf/attachment-0001.htm>

More information about the debian-security-tracker-commits mailing list