[Git][security-tracker-team/security-tracker][master] automatic update

Salvatore Bonaccorso (@carnil) carnil at debian.org
Thu Mar 7 09:20:32 GMT 2024 


Salvatore Bonaccorso pushed to branch master at Debian Security Tracker / security-tracker


Commits:
80865560 by security tracker role at 2024-03-07T08:12:34+00:00
automatic update

- - - - -


1 changed file:

- data/CVE/list


Changes:

=====================================
data/CVE/list
=====================================
@@ -1,9 +1,101 @@
-CVE-2024-2236 [timing based side-channel in RSA implementation]
+CVE-2024-28222 (In Veritas NetBackup before 8.1.2 and NetBackup Appliance before 3.1.2 ...)
+	TODO: check
+CVE-2024-28216 (nGrinder before 3.5.9 allows an attacker to obtain the results of webh ...)
+	TODO: check
+CVE-2024-28215 (nGrinder before 3.5.9 allows an attacker to create or update webhook c ...)
+	TODO: check
+CVE-2024-28214 (nGrinder before 3.5.9 allows to set delay without limitation, which co ...)
+	TODO: check
+CVE-2024-28213 (nGrinder before 3.5.9 allows to accept serialized Java objects from un ...)
+	TODO: check
+CVE-2024-28212 (nGrinder before 3.5.9 uses old version of SnakeYAML, which could allow ...)
+	TODO: check
+CVE-2024-28211 (nGrinder before 3.5.9 allows connection to malicious JMX/RMI server by ...)
+	TODO: check
+CVE-2024-28111 (Canarytokens helps track activity and actions on a network. Canarytoke ...)
+	TODO: check
+CVE-2024-28110 (Go SDK for CloudEvents is the official CloudEvents SDK to integrate ap ...)
+	TODO: check
+CVE-2024-28102 (JWCrypto implements JWK, JWS, and JWE specifications using python-cryp ...)
+	TODO: check
+CVE-2024-28101 (The Apollo Router is a graph router written in Rust to run a federated ...)
+	TODO: check
+CVE-2024-28097 (Calendar functionality in Schoolbox application  before version 23.1.3 ...)
+	TODO: check
+CVE-2024-28096 (Class functionality in Schoolbox application  before version 23.1.3 is ...)
+	TODO: check
+CVE-2024-28095 (News functionality in Schoolbox application before  version 23.1.3 is  ...)
+	TODO: check
+CVE-2024-28094 (Chat functionality in Schoolbox application before  version 23.1.3 is  ...)
+	TODO: check
+CVE-2024-27936 (Deno is a JavaScript, TypeScript, and WebAssembly runtime with secure  ...)
+	TODO: check
+CVE-2024-27935 (Deno is a JavaScript, TypeScript, and WebAssembly runtime. Starting in ...)
+	TODO: check
+CVE-2024-27934 (Deno is a JavaScript, TypeScript, and WebAssembly runtime. Starting in ...)
+	TODO: check
+CVE-2024-27933 (Deno is a JavaScript, TypeScript, and WebAssembly runtime. In version  ...)
+	TODO: check
+CVE-2024-27932 (Deno is a JavaScript, TypeScript, and WebAssembly runtime. Starting in ...)
+	TODO: check
+CVE-2024-27927 (RSSHub is an open source RSS feed generator. Prior to version 1.0.0-ma ...)
+	TODO: check
+CVE-2024-27926 (RSSHub is an open source RSS feed generator. Starting in version 1.0.0 ...)
+	TODO: check
+CVE-2024-27923 (Grav is a content management system (CMS). Prior to version 1.7.43, us ...)
+	TODO: check
+CVE-2024-27922 (TOMP Bare Server implements the TompHTTP bare server. A vulnerability  ...)
+	TODO: check
+CVE-2024-27918 (Coder allows oragnizations to provision remote development environment ...)
+	TODO: check
+CVE-2024-26566 (An issue in Cute Http File Server v.3.1 allows a remote attacker to es ...)
+	TODO: check
+CVE-2024-24389 (A cross-site scripting (XSS) vulnerability in XunRuiCMS up to v4.6.2 a ...)
+	TODO: check
+CVE-2024-24375 (SQL injection vulnerability in Jfinalcms v.5.0.0 allows a remote attac ...)
+	TODO: check
+CVE-2024-1761 (The WP Chat App plugin for WordPress is vulnerable to Stored Cross-Sit ...)
+	TODO: check
+CVE-2024-1720 (The User Registration \u2013 Custom Registration Form, Login Form, and ...)
+	TODO: check
+CVE-2024-1506 (The Prime Slider \u2013 Addons For Elementor plugin for WordPress is v ...)
+	TODO: check
+CVE-2024-1500 (The Royal Elementor Addons and Templates plugin for WordPress is vulne ...)
+	TODO: check
+CVE-2024-1460 (MSI Afterburner v4.6.5.16370 is vulnerable to a Kernel Memory Leak vul ...)
+	TODO: check
+CVE-2024-1443 (MSI Afterburner v4.6.5.16370 is vulnerable to a Denial of Service vuln ...)
+	TODO: check
+CVE-2024-1419 (The The Plus Addons for Elementor plugin for WordPress is vulnerable t ...)
+	TODO: check
+CVE-2024-1377 (The Happy Addons for Elementor plugin for WordPress is vulnerable to S ...)
+	TODO: check
+CVE-2024-1366 (The Happy Addons for Elementor plugin for WordPress is vulnerable to S ...)
+	TODO: check
+CVE-2024-0817 (Command injection in IrGraph.draw in paddlepaddle/paddle 2.6.0)
+	TODO: check
+CVE-2024-0815 (Command injection in paddle.utils.download._wget_download (bypass filt ...)
+	TODO: check
+CVE-2023-51395 (The vulnerability described by CVE-2023-0972 has been additionally dis ...)
+	TODO: check
+CVE-2023-51281 (Cross Site Scripting vulnerability in Customer Support System v.1.0 al ...)
+	TODO: check
+CVE-2023-49989 (Hotel Booking Management v1.0 was discovered to contain a SQL injectio ...)
+	TODO: check
+CVE-2023-49988 (Hotel Booking Management v1.0 was discovered to contain a SQL injectio ...)
+	TODO: check
+CVE-2023-49987 (A cross-site scripting (XSS) vulnerability in the component /managemen ...)
+	TODO: check
+CVE-2023-49986 (A cross-site scripting (XSS) vulnerability in the component /admin/par ...)
+	TODO: check
+CVE-2023-47415 (Cypress Solutions CTM-200 v2.7.1.5600 and below was discovered to cont ...)
+	TODO: check
+CVE-2024-2236 (A timing-based side-channel flaw was found in libgcrypt's RSA implemen ...)
 	- libgcrypt20 <unfixed>
 	NOTE: https://bugzilla.redhat.com/show_bug.cgi?id=2268268
-CVE-2024-1299
+CVE-2024-1299 (A privilege escalation vulnerability was discovered in GitLab affectin ...)
 	- gitlab <unfixed>
-CVE-2024-0199
+CVE-2024-0199 (An authorization bypass vulnerability was discovered in GitLab affecti ...)
 	- gitlab <unfixed>
 CVE-2024-2211 (Cross-Site Scripting stored vulnerability in Gophish affecting version ...)
 	NOT-FOR-US: Gophish
@@ -2305,7 +2397,7 @@ CVE-2024-25065 (Possible path traversal in Apache OFBiz allowing authentication
 	NOT-FOR-US: Apache OFBiz
 CVE-2024-23946 (Possible path traversal in Apache OFBiz allowing file inclusion. Users ...)
 	NOT-FOR-US: Apache OFBiz
-CVE-2024-22857
+CVE-2024-22857 (zlog 1.2.16 has a heap-based buffer overflow in struct zlog_rule_s whi ...)
 	NOT-FOR-US: zlog
 CVE-2024-26016 (A low privilege authenticated user could import an existing dashboard  ...)
 	NOT-FOR-US: Apache Superset
@@ -2638,7 +2730,7 @@ CVE-2020-36778 (In the Linux kernel, the following vulnerability has been resolv
 	- linux 5.10.38-1
 	[buster] - linux <not-affected> (Vulnerable code not present)
 	NOTE: https://git.kernel.org/linus/a85c5c7a3aa8041777ff691400b4046e56149fd3 (5.13-rc1)
-CVE-2023-51786
+CVE-2023-51786 (An issue was discovered in Lustre versions 2.13.x, 2.14.x, and 2.15.x  ...)
 	- lustre <removed>
 	NOTE: http://lists.lustre.org/pipermail/lustre-announce-lustre.org/2024/000270.html
 CVE-2024-27913 (ospf_te_parse_te in ospfd/ospf_te.c in FRRouting (FRR) through 9.1 all ...)
@@ -9325,7 +9417,7 @@ CVE-2024-0444 [GStreamer-SA-2024-0001: AV1 codec parser potential buffer overflo
 	NOTE: https://gstreamer.freedesktop.org/security/sa-2024-0001.html
 	NOTE: https://gitlab.freedesktop.org/gstreamer/gstreamer/-/merge_requests/5970
 	NOTE: Fixed by: https://gitlab.freedesktop.org/gstreamer/gstreamer/-/commit/394d5066f8a7b728df02fe9084e955b2f7d7f6fe (1.22.9)
-CVE-2023-46045 (Graphviz 2.36 before 10.0.0 has an out-of-bounds read via a crafted co ...)
+CVE-2023-46045 (Graphviz 2.36.0 through 9.x before 10.0.1 has an out-of-bounds read vi ...)
 	- graphviz 2.42.2-8 (unimportant)
 	NOTE: Crosses no security boundary, config files are under local control
 	NOTE: https://gitlab.com/graphviz/graphviz/-/issues/2441
@@ -85963,8 +86055,8 @@ CVE-2022-46091
 	RESERVED
 CVE-2022-46090
 	RESERVED
-CVE-2022-46089
-	RESERVED
+CVE-2022-46089 (Cross Site Scripting (XSS) vulnerability in the add-airline form of On ...)
+	TODO: check
 CVE-2022-46088 (Online Flight Booking Management System v1.0 was discovered to contain ...)
 	NOT-FOR-US: Online Flight Booking Management System
 CVE-2022-46087 (CloudSchool v3.0.1 is vulnerable to Cross Site Scripting (XSS). A norm ...)



View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/8086556068fc8d6f104a7677c17c015d09aec8c7

-- 
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/8086556068fc8d6f104a7677c17c015d09aec8c7
You're receiving this email because of your account on salsa.debian.org.


-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://alioth-lists.debian.net/pipermail/debian-security-tracker-commits/attachments/20240307/7f1799fd/attachment-0001.htm>

More information about the debian-security-tracker-commits mailing list