[Git][security-tracker-team/security-tracker][master] automatic update
Salvatore Bonaccorso (@carnil)
carnil at debian.org
Tue Mar 19 08:12:31 GMT 2024
Salvatore Bonaccorso pushed to branch master at Debian Security Tracker / security-tracker
Commits:
3e2f4d37 by security tracker role at 2024-03-19T08:12:15+00:00
automatic update
- - - - -
1 changed file:
- data/CVE/list
Changes:
=====================================
data/CVE/list
=====================================
@@ -1,3 +1,61 @@
+CVE-2024-2622 (A vulnerability was found in Fujian Kelixin Communication Command and ...)
+ TODO: check
+CVE-2024-2621 (A vulnerability was found in Fujian Kelixin Communication Command and ...)
+ TODO: check
+CVE-2024-2620 (A vulnerability has been found in Fujian Kelixin Communication Command ...)
+ TODO: check
+CVE-2024-2604 (A vulnerability was found in SourceCodester File Manager App 1.0. It h ...)
+ TODO: check
+CVE-2024-28865 (django-wiki is a wiki system for Django. Installations of django-wiki ...)
+ TODO: check
+CVE-2024-28864 (SecureProps is a PHP library designed to simplify the encryption and d ...)
+ TODO: check
+CVE-2024-28855 (ZITADEL, open source authentication management software, uses Go templ ...)
+ TODO: check
+CVE-2024-28447 (Shenzhen Libituo Technology Co., Ltd LBT-T300-mini1 v1.2.9 was discove ...)
+ TODO: check
+CVE-2024-28446 (Shenzhen Libituo Technology Co., Ltd LBT-T300-mini1 v1.2.9 was discove ...)
+ TODO: check
+CVE-2024-28250 (Cilium is a networking, observability, and security solution with an e ...)
+ TODO: check
+CVE-2024-28249 (Cilium is a networking, observability, and security solution with an e ...)
+ TODO: check
+CVE-2024-28248 (Cilium is a networking, observability, and security solution with an e ...)
+ TODO: check
+CVE-2024-28237 (OctoPrint provides a web interface for controlling consumer 3D printer ...)
+ TODO: check
+CVE-2024-26369 (An issue in the HistoryQosPolicy component of FastDDS v2.12.x, v2.11.x ...)
+ TODO: check
+CVE-2024-25942 (Dell PowerEdge Server BIOS contains an Improper SMM communication buff ...)
+ TODO: check
+CVE-2024-24578 (RaspberryMatic is an open-source operating system for HomeMatic intern ...)
+ TODO: check
+CVE-2024-24043 (Directory Traversal vulnerability in Speedy11CZ MCRPX v.1.4.0 and befo ...)
+ TODO: check
+CVE-2024-24042 (Directory Traversal vulnerability in Devan-Kerman ARRP v.0.8.1 and bef ...)
+ TODO: check
+CVE-2024-23333 (LDAP Account Manager (LAM) is a webfrontend for managing entries store ...)
+ TODO: check
+CVE-2024-22453 (Dell PowerEdge Server BIOS contains a heap-based buffer overflow vulne ...)
+ TODO: check
+CVE-2024-22412 (ClickHouse is an open-source column-oriented database management syste ...)
+ TODO: check
+CVE-2024-21504 (Versions of the package livewire/livewire from 3.3.5 and before 3.4.9 ...)
+ TODO: check
+CVE-2024-21503 (Versions of the package black before 24.3.0 are vulnerable to Regular ...)
+ TODO: check
+CVE-2024-0055 (Sandro Poppi, member of the AXIS OS Bug Bounty Program, has found that ...)
+ TODO: check
+CVE-2024-0054 (Sandro Poppi, member of the AXIS OS Bug Bounty Program, has found that ...)
+ TODO: check
+CVE-2023-40280 (An issue was discovered in OpenClinic GA 5.247.01. An attacker can per ...)
+ TODO: check
+CVE-2023-40277 (An issue was discovered in OpenClinic GA 5.247.01. A Reflected Cross-S ...)
+ TODO: check
+CVE-2023-40276 (An issue was discovered in OpenClinic GA 5.247.01. An Unauthenticated ...)
+ TODO: check
+CVE-2023-40275 (An issue was discovered in OpenClinic GA 5.247.01. It allows retrieval ...)
+ TODO: check
CVE-2024-2599 (File upload restriction evasion vulnerability in AMSS++ version 4.31. ...)
NOT-FOR-US: AMSS++
CVE-2024-2598 (Vulnerability in AMSS++ version 4.31, which does not sufficiently enco ...)
@@ -6502,7 +6560,7 @@ CVE-2024-26594 (In the Linux kernel, the following vulnerability has been resolv
[bullseye] - linux <not-affected> (Vulnerable code not present)
[buster] - linux <not-affected> (Vulnerable code not present)
NOTE: https://git.kernel.org/linus/92e470163d96df8db6c4fa0f484e4a229edb903d (6.8-rc1)
-CVE-2024-22025
+CVE-2024-22025 (A vulnerability in Node.js has been identified, allowing for a Denial ...)
- nodejs 18.19.1+dfsg-1
NOTE: https://nodejs.org/en/blog/release/v18.19.1
NOTE: https://github.com/nodejs/node/commit/f31d47e135973746c4f490d5eb635eded8bb3dda (v18.x)
@@ -8112,7 +8170,7 @@ CVE-2023-46809
NOTE: https://nodejs.org/en/blog/vulnerability/february-2024-security-releases/#nodejs-is-vulnerable-to-the-marvin-attack-timing-variant-of-the-bleichenbacher-attack-against-pkcs1-v15-padding-cve-2023-46809---medium
NOTE: https://github.com/nodejs/node/commit/d3d357ab096884f10f5d2f164149727eea875635 (v18.x)
NOTE: https://github.com/nodejs/node/commit/54cd268059626800dbe1e02a88b28d9538cf5587 (main)
-CVE-2024-22017
+CVE-2024-22017 (setuid() does not affect libuv's internal io_uring operations if initi ...)
[experimental] - nodejs <unfixed>
- nodejs <not-affected> (Only affects 20.x and later)
NOTE: https://nodejs.org/en/blog/vulnerability/february-2024-security-releases/#setuid-does-not-drop-all-privileges-due-to-io_uring-cve-2024-22017---high
@@ -24143,6 +24201,7 @@ CVE-2023-6274 (A vulnerability was found in Beijing Baichuo Smart S80 up to 2023
CVE-2023-6251 (Cross-site Request Forgery (CSRF) in Checkmk < 2.2.0p15, < 2.1.0p37, < ...)
- check-mk <removed>
CVE-2023-49298 (OpenZFS through 2.1.13 and 2.2.x through 2.2.1, in certain scenarios i ...)
+ {DLA-3766-1}
- zfs-linux 2.1.14-1 (bug #1056752)
[bookworm] - zfs-linux <no-dsa> (contrib not supported)
[bullseye] - zfs-linux <no-dsa> (contrib not supported)
@@ -215716,6 +215775,7 @@ CVE-2021-27207
CVE-2021-27206
RESERVED
CVE-2013-20001 (An issue was discovered in OpenZFS through 2.0.3. When an NFS share is ...)
+ {DLA-3766-1}
[experimental] - zfs-linux 2.2.0-1~exp1
- zfs-linux 2.2.2-1 (bug #1059322)
[bookworm] - zfs-linux <no-dsa> (contrib not supported)
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/3e2f4d379a2914c18a75f01930c216c27958259b
--
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/3e2f4d379a2914c18a75f01930c216c27958259b
You're receiving this email because of your account on salsa.debian.org.
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://alioth-lists.debian.net/pipermail/debian-security-tracker-commits/attachments/20240319/a8b7c2f9/attachment.htm>
More information about the debian-security-tracker-commits
mailing list