[Git][security-tracker-team/security-tracker][master] automatic update
Salvatore Bonaccorso (@carnil)
carnil at debian.org
Wed Mar 6 20:28:17 GMT 2024
Salvatore Bonaccorso pushed to branch master at Debian Security Tracker / security-tracker
Commits:
3e8cb44e by security tracker role at 2024-03-06T20:28:05+00:00
automatic update
- - - - -
1 changed file:
- data/CVE/list
Changes:
=====================================
data/CVE/list
=====================================
@@ -1,38 +1,122 @@
-CVE-2024-28160
+CVE-2024-2211 (Cross-Site Scripting stored vulnerability in Gophish affecting version ...)
+ TODO: check
+CVE-2024-28174 (In JetBrains TeamCity before 2023.11.4 presigned URL generation reques ...)
+ TODO: check
+CVE-2024-28173 (In JetBrains TeamCity between 2023.11 and 2023.11.4 custom build param ...)
+ TODO: check
+CVE-2024-27917 (Shopware is an open commerce platform based on Symfony Framework and V ...)
+ TODO: check
+CVE-2024-27916 (Minder is a software supply chain security platform. Prior to version ...)
+ TODO: check
+CVE-2024-27915 (Sulu is a PHP content management system. Starting in verson 2.2.0 and ...)
+ TODO: check
+CVE-2024-27307 (JSONata is a JSON query and transformation language. Starting in versi ...)
+ TODO: check
+CVE-2024-27304 (pgx is a PostgreSQL driver and toolkit for Go. SQL injection can occur ...)
+ TODO: check
+CVE-2024-27303 (electron-builder is a solution to package and build a ready for distri ...)
+ TODO: check
+CVE-2024-27302 (go-zero is a web and rpc framework. Go-zero allows user to specify a C ...)
+ TODO: check
+CVE-2024-27289 (pgx is a PostgreSQL driver and toolkit for Go. Prior to version 4.18.2 ...)
+ TODO: check
+CVE-2024-27288 (1Panel is an open source Linux server operation and maintenance manage ...)
+ TODO: check
+CVE-2024-27287 (ESPHome is a system to control your ESP8266/ESP32 for Home Automation ...)
+ TODO: check
+CVE-2024-25359 (An issue in zuoxingdong lagom v.0.1.2 allows a local attacker to execu ...)
+ TODO: check
+CVE-2024-25103 (This vulnerability exists in AppSamvid software due to the usage of vu ...)
+ TODO: check
+CVE-2024-25102 (This vulnerability exists in AppSamvid software due to the usage of a ...)
+ TODO: check
+CVE-2024-24767 (CasaOS-UserService provides user management functionalities to CasaOS. ...)
+ TODO: check
+CVE-2024-24766 (CasaOS-UserService provides user management functionalities to CasaOS. ...)
+ TODO: check
+CVE-2024-24765 (CasaOS-UserService provides user management functionalities to CasaOS. ...)
+ TODO: check
+CVE-2024-24761 (Galette is a membership management web application for non profit orga ...)
+ TODO: check
+CVE-2024-20346 (A vulnerability in the web-based management interface of Cisco AppDyna ...)
+ TODO: check
+CVE-2024-20345 (A vulnerability in the file upload functionality of Cisco AppDynamics ...)
+ TODO: check
+CVE-2024-20338 (A vulnerability in the ISE Posture (System Scan) module of Cisco Secur ...)
+ TODO: check
+CVE-2024-20337 (A vulnerability in the SAML authentication process of Cisco Secure Cli ...)
+ TODO: check
+CVE-2024-20336 (A vulnerability in the web-based user interface of Cisco Small Busines ...)
+ TODO: check
+CVE-2024-20335 (A vulnerability in the web-based management interface of Cisco Small B ...)
+ TODO: check
+CVE-2024-20301 (A vulnerability in Cisco Duo Authentication for Windows Logon and RDP ...)
+ TODO: check
+CVE-2024-20292 (A vulnerability in the logging component of Cisco Duo Authentication f ...)
+ TODO: check
+CVE-2024-1224 (This vulnerability exists in USB Pratirodh due to the usage of a weake ...)
+ TODO: check
+CVE-2024-1142 (Path Traversal in Sonatype IQ Server from version 143 allows remote au ...)
+ TODO: check
+CVE-2023-50716 (eProsima Fast DDS (formerly Fast RTPS) is a C++ implementation of the ...)
+ TODO: check
+CVE-2023-50167 (Pega Platform from 7.1.7 to 23.1.1 is affected by an XSS issue with ed ...)
+ TODO: check
+CVE-2023-49985 (A cross-site scripting (XSS) vulnerability in the component /managemen ...)
+ TODO: check
+CVE-2023-49984 (A cross-site scripting (XSS) vulnerability in the component /managemen ...)
+ TODO: check
+CVE-2023-49983 (A cross-site scripting (XSS) vulnerability in the component /managemen ...)
+ TODO: check
+CVE-2023-49982 (Broken access control in the component /admin/management/users of Scho ...)
+ TODO: check
+CVE-2023-49981 (A directory listing vulnerability in School Fees Management System v1. ...)
+ TODO: check
+CVE-2023-49980 (A directory listing vulnerability in Best Student Result Management Sy ...)
+ TODO: check
+CVE-2023-49979 (A directory listing vulnerability in Customer Support System v1 allows ...)
+ TODO: check
+CVE-2023-49978 (Incorrect access control in Customer Support System v1 allows non-admi ...)
+ TODO: check
+CVE-2023-48703 (RobotsAndPencils go-saml, a SAML client library written in Go, contain ...)
+ TODO: check
+CVE-2023-38825 (SQL injection vulnerability in Vanderbilt REDCap before v.13.8.0 allow ...)
+ TODO: check
+CVE-2024-28160 (Jenkins iceScrum Plugin 1.1.6 and earlier does not sanitize iceScrum p ...)
NOT-FOR-US: Jenkins plugin
-CVE-2024-28159
+CVE-2024-28159 (A missing permission check in Jenkins Subversion Partial Release Manag ...)
NOT-FOR-US: Jenkins plugin
-CVE-2024-28158
+CVE-2024-28158 (A cross-site request forgery (CSRF) vulnerability in Jenkins Subversio ...)
NOT-FOR-US: Jenkins plugin
-CVE-2024-28157
+CVE-2024-28157 (Jenkins GitBucket Plugin 0.8 and earlier does not sanitize Gitbucket U ...)
NOT-FOR-US: Jenkins plugin
-CVE-2024-28156
+CVE-2024-28156 (Jenkins Build Monitor View Plugin 1.14-860.vd06ef2568b_3f and earlier ...)
NOT-FOR-US: Jenkins plugin
-CVE-2024-2215
+CVE-2024-2215 (A cross-site request forgery (CSRF) vulnerability in Jenkins docker-bu ...)
NOT-FOR-US: Jenkins plugin
-CVE-2024-2216
+CVE-2024-2216 (A missing permission check in an HTTP endpoint in Jenkins docker-build ...)
NOT-FOR-US: Jenkins plugin
-CVE-2024-28161
+CVE-2024-28161 (In Jenkins Delphix Plugin 3.0.1, a global option for administrators to ...)
NOT-FOR-US: Jenkins plugin
-CVE-2024-28162
+CVE-2024-28162 (In Jenkins Delphix Plugin 3.0.1 through 3.1.0 (both inclusive) a globa ...)
NOT-FOR-US: Jenkins plugin
-CVE-2024-28155
+CVE-2024-28155 (Jenkins AppSpider Plugin 1.0.16 and earlier does not perform permissio ...)
NOT-FOR-US: Jenkins plugin
-CVE-2024-28154
+CVE-2024-28154 (Jenkins MQ Notifier Plugin 1.4.0 and earlier logs potentially sensitiv ...)
NOT-FOR-US: Jenkins plugin
-CVE-2024-28153
+CVE-2024-28153 (Jenkins OWASP Dependency-Check Plugin 5.4.5 and earlier does not escap ...)
NOT-FOR-US: Jenkins plugin
-CVE-2024-28152
+CVE-2024-28152 (In Jenkins Bitbucket Branch Source Plugin 866.vdea_7dcd3008e and earli ...)
NOT-FOR-US: Jenkins plugin
-CVE-2024-28151
+CVE-2024-28151 (Jenkins HTML Publisher Plugin 1.32 and earlier archives invalid symbol ...)
NOT-FOR-US: Jenkins plugin
-CVE-2024-28150
+CVE-2024-28150 (Jenkins HTML Publisher Plugin 1.32 and earlier does not escape job nam ...)
NOT-FOR-US: Jenkins plugin
-CVE-2024-28149
+CVE-2024-28149 (Jenkins HTML Publisher Plugin 1.16 through 1.32 (both inclusive) does ...)
NOT-FOR-US: Jenkins plugin
-CVE-2023-50740
+CVE-2023-50740 (In Apache Linkis <=1.4.0, The password is printed to the log when usin ...)
NOT-FOR-US: Apache Linkis
-CVE-2024-26580
+CVE-2024-26580 (Deserialization of Untrusted Data vulnerability in Apache InLong.This ...)
NOT-FOR-US: Apache InLong
CVE-2024-2179 (Concrete CMS version 9 before 9.2.7 is vulnerable to Stored XSS via th ...)
NOT-FOR-US: Concrete CMS
@@ -108,15 +192,18 @@ CVE-2023-38944 (An issue in Multilaser RE160V firmware v12.03.01.09_pt and Multi
NOT-FOR-US: Multilaser
CVE-2023-33677 (Sourcecodester Lost and Found Information System's Version 1.0 is vuln ...)
NOT-FOR-US: Sourcecodester Lost and Found Information System
-CVE-2024-2176
+CVE-2024-2176 (Use after free in FedCM in Google Chrome prior to 122.0.6261.111 allow ...)
+ {DSA-5636-1}
- chromium 122.0.6261.111-1
[bullseye] - chromium <end-of-life> (see #1061268)
[buster] - chromium <end-of-life> (see DSA 5046)
-CVE-2024-2174
+CVE-2024-2174 (Inappropriate implementation in V8 in Google Chrome prior to 122.0.626 ...)
+ {DSA-5636-1}
- chromium 122.0.6261.111-1
[bullseye] - chromium <end-of-life> (see #1061268)
[buster] - chromium <end-of-life> (see DSA 5046)
-CVE-2024-2173
+CVE-2024-2173 (Out of bounds memory access in V8 in Google Chrome prior to 122.0.6261 ...)
+ {DSA-5636-1}
- chromium 122.0.6261.111-1
[bullseye] - chromium <end-of-life> (see #1061268)
[buster] - chromium <end-of-life> (see DSA 5046)
@@ -285,7 +372,7 @@ CVE-2024-2054 (The Artica-Proxy administrative web application will deserialize
NOT-FOR-US: Artica Proxy
CVE-2024-2053 (The Artica Proxy administrative web application will deserialize arbit ...)
NOT-FOR-US: Artica Proxy
-CVE-2024-2005 (Blue Planet\xae has released software updates that address this vulner ...)
+CVE-2024-2005 (In Blue Planet\xae products through 22.12, a misconfiguration in the ...)
NOT-FOR-US: Blue Planet
CVE-2024-27931 (Deno is a JavaScript, TypeScript, and WebAssembly runtime with secure ...)
NOT-FOR-US: Deno
@@ -377,14 +464,14 @@ CVE-2022-48629 (In the Linux kernel, the following vulnerability has been resolv
[bullseye] - linux 5.10.113-1
[buster] - linux 4.19.249-1
NOTE: https://git.kernel.org/linus/a680b1832ced3b5fa7c93484248fd221ea0d614b (5.17)
-CVE-2024-27308 [RUSTSEC-2024-0019]
+CVE-2024-27308 (Mio is a Metal I/O library for Rust. When using named pipes on Windows ...)
- rust-mio <not-affected> (Windows-specific)
- rust-mio-0.6 <not-affected> (Vulnerable code not present)
NOTE: https://rustsec.org/advisories/RUSTSEC-2024-0019.html
CVE-2024-XXXX [RUSTSEC-2024-0020]
- rust-whoami <not-affected> (Specific to Solaris)
NOTE: https://rustsec.org/advisories/RUSTSEC-2024-0020.html
-CVE-2024-25111 [SQUID-2024:1 Denial of Service in HTTP Chunked Decoding]
+CVE-2024-25111 (Squid is a web proxy cache. Starting in version 3.5.27 and prior to ve ...)
- squid 6.8-1
- squid3 <removed>
NOTE: https://lists.squid-cache.org/pipermail/squid-announce/2024-March/000165.html
@@ -2036,7 +2123,7 @@ CVE-2024-27516 (livehelperchat 4.28v is vulnerable to Server-Side Template Injec
CVE-2024-27515 (Osclass 5.1.2 is vulnerable to SQL Injection.)
NOT-FOR-US: Osclass
CVE-2024-27285 (YARD is a Ruby Documentation tool. The "frames.html" file within the Y ...)
- {DSA-5635-1}
+ {DSA-5635-1 DLA-3753-1}
- yard 0.9.36-1 (bug #1065118)
NOTE: https://github.com/lsegal/yard/security/advisories/GHSA-8mq4-9jjh-9xrc
NOTE: Fixed by: https://github.com/lsegal/yard/commit/d78fc393d603c4fc35975969296ed381146a29d4 (v0.9.35)
@@ -4054,8 +4141,8 @@ CVE-2024-22220 (An issue was discovered in Terminalfour 7.4 through 7.4.0004 QP3
NOT-FOR-US: Terminalfour
CVE-2024-20325 (A vulnerability in the Live Data server of Cisco Unified Intelligence ...)
NOT-FOR-US: Cisco
-CVE-2024-1714
- REJECTED
+CVE-2024-1714 (An issue exists in all supported versions of IdentityIQ Lifecycle Mana ...)
+ TODO: check
CVE-2024-1709 (ConnectWise ScreenConnect 23.9.7 and prior are affected by an Authenti ...)
NOT-FOR-US: ConnectWise ScreenConnect
CVE-2024-1708 (ConnectWise ScreenConnect 23.9.7 and prior are affected by path-traver ...)
@@ -8210,7 +8297,7 @@ CVE-2024-21780 (Stack-based buffer overflow vulnerability exists in HOME SPOT CU
NOT-FOR-US: HOME SPOT CUBE2
CVE-2024-21764 (In Rapid Software LLC's Rapid SCADA versions prior toVersion 5.8.4, th ...)
NOT-FOR-US: Rapid SCADA
-CVE-2024-21485 (Versions of the package dash-core-components before 2.13.0; all versio ...)
+CVE-2024-21485 (Versions of the package dash-core-components before 2.13.0; versions o ...)
NOT-FOR-US: Node dash-core-components
CVE-2024-21399 (Microsoft Edge (Chromium-based) Remote Code Execution Vulnerability)
NOT-FOR-US: Microsoft
@@ -245403,8 +245490,8 @@ CVE-2020-26944 (An issue was discovered in Aptean Product Configurator 4.61.0000
NOT-FOR-US: Aptean
CVE-2020-26943 (An issue was discovered in OpenStack blazar-dashboard before 1.3.1, 2. ...)
NOT-FOR-US: blazar-dashboard
-CVE-2020-26942
- RESERVED
+CVE-2020-26942 (An issue discovered in Axigen Mail Server 10.3.x before 10.3.1.27 and ...)
+ TODO: check
CVE-2020-26941 (A local (authenticated) low-privileged user can exploit a behavior in ...)
NOT-FOR-US: IBM
CVE-2020-26940
@@ -329064,6 +329151,7 @@ CVE-2019-1020003 (invenio-records before 1.2.2 allows XSS.)
CVE-2019-1020002 (Pterodactyl before 0.7.14 with 2FA allows credential sniffing.)
NOT-FOR-US: Pterodactyl
CVE-2019-1020001 (yard before 0.9.20 allows path traversal.)
+ {DLA-3753-1}
- yard 0.9.20-1 (low; bug #945369)
[stretch] - yard <no-dsa> (Minor issue)
[jessie] - yard <not-affected> (Bug was introduced in 0.9.6)
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/3e8cb44ebb69e8dc4c0f19697bed61c58f5323bf
--
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/3e8cb44ebb69e8dc4c0f19697bed61c58f5323bf
You're receiving this email because of your account on salsa.debian.org.
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://alioth-lists.debian.net/pipermail/debian-security-tracker-commits/attachments/20240306/243df5a5/attachment.htm>
More information about the debian-security-tracker-commits
mailing list