[Git][security-tracker-team/security-tracker][master] automatic update
Salvatore Bonaccorso (@carnil)
carnil at debian.org
Fri Mar 8 20:12:31 GMT 2024
Salvatore Bonaccorso pushed to branch master at Debian Security Tracker / security-tracker
Commits:
e408e8ce by security tracker role at 2024-03-08T20:12:18+00:00
automatic update
- - - - -
1 changed file:
- data/CVE/list
Changes:
=====================================
data/CVE/list
=====================================
@@ -1,3 +1,27 @@
+CVE-2024-2339 (PostgreSQL Anonymizer v1.2 contains a vulnerability that allows a use ...)
+ TODO: check
+CVE-2024-2338 (PostgreSQL Anonymizer v1.2 contains a SQL injection vulnerability that ...)
+ TODO: check
+CVE-2024-2319 (Cross-Site Scripting (XSS) vulnerability in the Django MarkdownX proje ...)
+ TODO: check
+CVE-2024-2318 (A vulnerability was found in ZKTeco ZKBio Media 2.0.0_x64_2024-01-29-1 ...)
+ TODO: check
+CVE-2024-2317 (A vulnerability was found in Bdtask Hospital AutoManager up to 2024022 ...)
+ TODO: check
+CVE-2024-2316 (A vulnerability has been found in Bdtask Hospital AutoManager up to 20 ...)
+ TODO: check
+CVE-2024-21901 (A SQL injection vulnerability has been reported to affect myQNAPcloud. ...)
+ TODO: check
+CVE-2024-21900 (An injection vulnerability has been reported to affect several QNAP op ...)
+ TODO: check
+CVE-2024-21899 (An improper authentication vulnerability has been reported to affect s ...)
+ TODO: check
+CVE-2023-47221 (A path traversal vulnerability has been reported to affect Photo Stati ...)
+ TODO: check
+CVE-2023-34980 (An OS command injection vulnerability has been reported to affect seve ...)
+ TODO: check
+CVE-2023-32969 (A cross-site scripting (XSS) vulnerability has been reported to affect ...)
+ TODO: check
CVE-2024-2298 (The affiliate-toolkit \u2013 WordPress Affiliate Plugin plugin for Wor ...)
NOT-FOR-US: WordPress plugin
CVE-2024-2285 (A vulnerability, which was classified as problematic, has been found i ...)
@@ -5914,6 +5938,7 @@ CVE-2024-25619 (Mastodon is a free, open-source social network server based on A
CVE-2024-25618 (Mastodon is a free, open-source social network server based on Activit ...)
- mastodon <itp> (bug #859741)
CVE-2024-25617 (Squid is an open source caching proxy for the Web supporting HTTP, HTT ...)
+ {DSA-5637-1}
- squid 6.5-1
- squid3 <removed>
NOTE: https://github.com/squid-cache/squid/security/advisories/GHSA-h5x6-w8mv-xfpr
@@ -8669,7 +8694,7 @@ CVE-2024-24041 (A stored cross-site scripting (XSS) vulnerability in Travel Jour
NOT-FOR-US: Travel Journal Using PHP and MySQL
CVE-2024-23978 (Heap-based buffer overflow vulnerability exists in HOME SPOT CUBE2 V10 ...)
NOT-FOR-US: HOME SPOT CUBE2
-CVE-2024-23746 (Miro Desktop 0.8.18 on macOS allows code injection via a complex serie ...)
+CVE-2024-23746 (Miro Desktop 0.8.18 on macOS allows local Electron code injection via ...)
NOT-FOR-US: Miro Desktop
CVE-2024-23052 (An issue in WuKongOpenSource WukongCRM v.72crm_9.0.1_20191202 allows a ...)
NOT-FOR-US: WuKongOpenSource WukongCRM
@@ -10319,6 +10344,7 @@ CVE-2024-XXXX [RUSTSEC-2024-0006]
NOTE: https://rustsec.org/advisories/RUSTSEC-2024-0006.html
NOTE: https://github.com/comex/rust-shlex/security/advisories/GHSA-r7qv-8r2h-pg27
CVE-2024-23638 (Squid is a caching proxy for the Web. Due to an expired pointer refere ...)
+ {DSA-5637-1}
- squid 6.6-1
NOTE: https://github.com/squid-cache/squid/security/advisories/GHSA-j49p-553x-48rx
NOTE: https://megamansec.github.io/Squid-Security-Audit/stream-assert.html
@@ -18032,7 +18058,7 @@ CVE-2023-50369 (Improper Neutralization of Input During Web Page Generation ('Cr
CVE-2023-50368 (Improper Neutralization of Input During Web Page Generation ('Cross-si ...)
NOT-FOR-US: WordPress plugin
CVE-2023-50269 (Squid is a caching proxy for the Web. Due to an Uncontrolled Recursion ...)
- {DLA-3709-1}
+ {DSA-5637-1 DLA-3709-1}
- squid 6.6-1 (bug #1058721)
- squid3 <removed>
NOTE: https://github.com/squid-cache/squid/security/advisories/GHSA-wgq4-4cfg-c4x3
@@ -27314,6 +27340,7 @@ CVE-2023-46728 (Squid is a caching proxy for the Web supporting HTTP, HTTPS, FTP
NOTE: https://github.com/squid-cache/squid/security/advisories/GHSA-cg5h-v6vc-w33f
NOTE: https://megamansec.github.io/Squid-Security-Audit/gopher-nullpointer.html
CVE-2023-46724 (Squid is a caching proxy for the Web. Due to an Improper Validation of ...)
+ {DSA-5637-1}
- squid 6.5-1 (bug #1055252)
[buster] - squid <not-affected> (Doesn't build with OpenSSL yet)
NOTE: https://github.com/squid-cache/squid/commit/792ef23e6e1c05780fe17f733859eef6eb8c8be3
@@ -27327,7 +27354,7 @@ CVE-2023-46848 (Squid is vulnerable to Denial of Service, where a remote attack
- squid3 <not-affected> (Vulnerable code not present)
NOTE: https://github.com/squid-cache/squid/security/advisories/GHSA-2g3c-pg7q-g59w
CVE-2023-46847 (Squid is vulnerable to a Denial of Service, where a remote attacker c ...)
- {DLA-3709-1}
+ {DSA-5637-1 DLA-3709-1}
- squid 6.5-1 (bug #1055250)
- squid3 <removed>
NOTE: https://github.com/squid-cache/squid/security/advisories/GHSA-phqj-m8gv-cq4g
@@ -27338,7 +27365,7 @@ CVE-2023-5824 (Squid is vulnerable to Denial of Service attack against HTTP and
- squid3 <removed>
NOTE: https://github.com/squid-cache/squid/security/advisories/GHSA-543m-w2m2-g255
CVE-2023-46846 (SQUID is vulnerable to HTTP request smuggling, caused by chunked decod ...)
- {DLA-3709-1}
+ {DSA-5637-1 DLA-3709-1}
- squid 6.5-1 (bug #1054537)
- squid3 <removed>
NOTE: https://github.com/squid-cache/squid/security/advisories/GHSA-j83v-w3p4-5cqh
@@ -28838,7 +28865,7 @@ CVE-2023-34977 (A cross-site scripting (XSS) vulnerability has been reported to
NOT-FOR-US: QNAP
CVE-2023-34976 (A SQL injection vulnerability has been reported to affect Video Statio ...)
NOT-FOR-US: QNAP
-CVE-2023-34975 (A SQL injection vulnerability has been reported to affect Video Statio ...)
+CVE-2023-34975 (An OS command injection vulnerability has been reported to affect seve ...)
NOT-FOR-US: QNAP
CVE-2023-33303 (A insufficient session expiration in Fortinet FortiEDR version 5.0.0 t ...)
NOT-FOR-US: Fortinet
@@ -32782,7 +32809,7 @@ CVE-2023-42456 (Sudo-rs, a memory safe implementation of sudo and su, allows use
NOTE: https://ferrous-systems.com/blog/sudo-rs-audit/
CVE-2023-42280 (mee-admin 1.5 is vulnerable to Directory Traversal. The download metho ...)
NOT-FOR-US: mee-admin
-CVE-2023-42279 (Dreamer CMS 4.1.3 is vulnerable to SQL Injection.)
+CVE-2023-42279 (Dreamer CMS v4.1.3 was discovered to contain a SQL injection vulnerabi ...)
NOT-FOR-US: Dreamer CMS
CVE-2023-41993 (The issue was addressed with improved checks. This issue is fixed in m ...)
{DSA-5527-1}
@@ -32958,7 +32985,7 @@ CVE-2023-41375 (Use after free vulnerability exists in Kostac PLC Programming So
NOT-FOR-US: KostacKostac PLC Programming Software
CVE-2023-41374 (Double free issue exists in Kostac PLC Programming Software Version 1. ...)
NOT-FOR-US: Kostac PLC Programming Software
-CVE-2023-40930 (Skyworth 3.0 OS is vulnerable to Directory Traversal.)
+CVE-2023-40930 (An issue in the directory /system/bin/blkid of Skyworth v3.0 allows at ...)
NOT-FOR-US: Skyworth
CVE-2023-40619 (phpPgAdmin 7.14.4 and earlier is vulnerable to deserialization of untr ...)
{DLA-3644-1}
@@ -33854,7 +33881,7 @@ CVE-2023-41032 (A vulnerability has been identified in Parasolid V34.1 (All vers
NOT-FOR-US: Siemens
CVE-2023-41013 (Cross Site Scripting (XSS) in Webmail Calendar in IceWarp 10.3.1 allow ...)
NOT-FOR-US: IceWarp
-CVE-2023-40834 (OpenCart v4.0.2.2 is vulnerable to Brute Force Attack.)
+CVE-2023-40834 (OpenCart CMS v4.0.2.2 was discovered to lack a protective mechanism on ...)
NOT-FOR-US: OpenCart
CVE-2023-40784 (DedeCMS 5.7.102 has a File Upload vulnerability via uploads/dede/modul ...)
NOT-FOR-US: DedeCMS
@@ -68548,7 +68575,7 @@ CVE-2023-25397
RESERVED
CVE-2023-25396 (Privilege escalation in the MSI repair functionality in Caphyon Advanc ...)
NOT-FOR-US: Caphyon Advanced Installer
-CVE-2023-25395 (TOTOlink A7100RU V7.4cu.2313_B20191024 router has a command injection ...)
+CVE-2023-25395 (TOTOlink A7100RU V7.4cu.2313_B20191024 router was discovered to contai ...)
NOT-FOR-US: TOTOLINK
CVE-2023-25394 (Videostream macOS app 0.5.0 and 0.4.3 has a Race Condition. The Update ...)
NOT-FOR-US: Videostream macOS app
@@ -68746,7 +68773,7 @@ CVE-2023-25306 (MultiMC Launcher <= 0.6.16 is vulnerable to Directory Traversal.
NOT-FOR-US: MultiMC Launcher
CVE-2023-25305 (PolyMC Launcher <= 1.4.3 is vulnerable to Directory Traversal. A mrpac ...)
NOT-FOR-US: PolyMC Launcher
-CVE-2023-25304 (Prism Launcher <= 6.1 is vulnerable to Directory Traversal.)
+CVE-2023-25304 (An issue in Prism Launcher up to v6.1 allows attackers to perform a di ...)
NOT-FOR-US: Prism Launcher
CVE-2023-25303 (ATLauncher <= 3.4.26.0 is vulnerable to Directory Traversal. A mrpack ...)
NOT-FOR-US: ATLauncher
@@ -68894,7 +68921,7 @@ CVE-2023-25232
RESERVED
CVE-2023-25231 (Tenda Router W30E V1.0.1.25(633) is vulnerable to Buffer Overflow in f ...)
NOT-FOR-US: Tenda
-CVE-2023-25230 (loonflow r2.0.14 is vulnerable to server-side request forgery (SSRF).)
+CVE-2023-25230 (A Server-Side Request Forgery (SSRF) in loonflow r2.0.14 allows attack ...)
NOT-FOR-US: loonflow
CVE-2023-25229
RESERVED
@@ -75295,7 +75322,7 @@ CVE-2023-23065
RESERVED
CVE-2023-23064 (TOTOLINK A720R V4.1.5cu.532_ B20210610 is vulnerable to Incorrect Acce ...)
NOT-FOR-US: TOTOLINK
-CVE-2023-23063 (Cellinx NVT v1.0.6.002b is vulnerable to local file disclosure.)
+CVE-2023-23063 (Cellinx NVT v1.0.6.002b was discovered to contain a local file disclos ...)
NOT-FOR-US: Cellinx NVT
CVE-2023-23062
RESERVED
@@ -75514,7 +75541,7 @@ CVE-2023-22977
RESERVED
CVE-2023-22976
RESERVED
-CVE-2023-22975 (jfinal_cms 5.1.0 is vulnerable to Cross Site Scripting (XSS).)
+CVE-2023-22975 (A cross-site scripting (XSS) vulnerability in JFinal CMS v5.1.0 allows ...)
NOT-FOR-US: jfinal_cms
CVE-2023-22974 (A Path Traversal in setup.php in OpenEMR < 7.0.0 allows remote unauthe ...)
NOT-FOR-US: OpenEMR
@@ -79501,7 +79528,7 @@ CVE-2022-47874 (Improper Access Control in /tc/rpc in Jedox GmbH Jedox 2020.2.5
NOT-FOR-US: Jedox
CVE-2022-47873 (Netcad KEOS 1.0 is vulnerable to XML External Entity (XXE) resulting i ...)
NOT-FOR-US: Netcad KEOS
-CVE-2022-47872 (maccms10 2021.1000.2000 is vulnerable to Server-side request forgery ( ...)
+CVE-2022-47872 (A Server-Side Request Forgery (SSRF) in maccms10 v2021.1000.2000 allow ...)
NOT-FOR-US: maccms10
CVE-2022-47871
RESERVED
@@ -83040,7 +83067,7 @@ CVE-2022-47085 (An issue was discovered in ostree before 2022.7 allows attackers
NOTE: https://github.com/ostreedev/ostree/issues/2775
CVE-2022-47084
RESERVED
-CVE-2022-47083 (Spitfire CMS 1.0.475 is vulnerable to PHP Object Injection.)
+CVE-2022-47083 (A PHP Object Injection vulnerability in the unserialize() function Spi ...)
NOT-FOR-US: Spitfire CMS
CVE-2022-47082
RESERVED
@@ -95443,8 +95470,8 @@ CVE-2022-43857 (IBM Navigator for i 7.3, 7.4 and 7.5 could allow an authenticate
NOT-FOR-US: IBM
CVE-2022-43856
RESERVED
-CVE-2022-43855
- RESERVED
+CVE-2022-43855 (IBM SPSS Statistics 26.0, 27.0.1, and 28.0 could allow a local user to ...)
+ TODO: check
CVE-2022-43854
RESERVED
CVE-2022-43853
@@ -312224,14 +312251,14 @@ CVE-2023-49288 (Squid is a caching proxy for the Web supporting HTTP, HTTPS, FTP
- squid3 <removed>
NOTE: https://github.com/squid-cache/squid/security/advisories/GHSA-rj5h-46j6-q2g5
CVE-2023-49286 (Squid is a caching proxy for the Web supporting HTTP, HTTPS, FTP, and ...)
- {DLA-3709-1}
+ {DSA-5637-1 DLA-3709-1}
- squid 6.5-1 (low)
- squid3 <removed>
NOTE: https://github.com/squid-cache/squid/security/advisories/GHSA-xggx-9329-3c27
NOTE: https://github.com/squid-cache/squid/commit/6014c6648a2a54a4ecb7f952ea1163e0798f9264 (SQUID_6_5)
NOTE: http://www.squid-cache.org/Versions/v6/SQUID-2023_8.patch
CVE-2023-49285 (Squid is a caching proxy for the Web supporting HTTP, HTTPS, FTP, and ...)
- {DLA-3709-1}
+ {DSA-5637-1 DLA-3709-1}
- squid 6.5-1 (low)
- squid3 <removed>
NOTE: https://github.com/squid-cache/squid/security/advisories/GHSA-8w9r-p88v-mmx9
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/e408e8ce6bc623380ba7a22d4ca027d643c31146
--
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/e408e8ce6bc623380ba7a22d4ca027d643c31146
You're receiving this email because of your account on salsa.debian.org.
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://alioth-lists.debian.net/pipermail/debian-security-tracker-commits/attachments/20240308/015676e0/attachment-0001.htm>
More information about the debian-security-tracker-commits
mailing list