[Git][security-tracker-team/security-tracker][master] automatic update
Salvatore Bonaccorso (@carnil)
carnil at debian.org
Tue Mar 19 20:13:26 GMT 2024
Salvatore Bonaccorso pushed to branch master at Debian Security Tracker / security-tracker
Commits:
e34bca1c by security tracker role at 2024-03-19T20:12:33+00:00
automatic update
- - - - -
1 changed file:
- data/CVE/list
Changes:
=====================================
data/CVE/list
=====================================
@@ -1,67 +1,235 @@
-CVE-2024-27439
+CVE-2024-2639 (A vulnerability was found in Bdtask Wholesale Inventory Management Sys ...)
+ TODO: check
+CVE-2024-2636 (An Unrestricted Upload of File vulnerability has been found on Cegid M ...)
+ TODO: check
+CVE-2024-2635 (The configuration pages available are not intended to be placed on an ...)
+ TODO: check
+CVE-2024-2634 (A Cross-Site Scripting Vulnerability has been found on Meta4 HR affect ...)
+ TODO: check
+CVE-2024-2633 (A Cross-Site Scripting Vulnerability has been found on Meta4 HR affect ...)
+ TODO: check
+CVE-2024-2632 (A Information Exposure Vulnerability has been found on Meta4 HR. This ...)
+ TODO: check
+CVE-2024-2545
+ REJECTED
+CVE-2024-2442 (Franklin Fueling System EVO 550 and EVO 5000 are vulnerable to a Path ...)
+ TODO: check
+CVE-2024-2307 (A flaw was found in osbuild-composer. A condition can be triggered tha ...)
+ TODO: check
+CVE-2024-2169 (Implementations of UDP application protocol are vulnerable to network ...)
+ TODO: check
+CVE-2024-29143 (Improper Neutralization of Input During Web Page Generation ('Cross-si ...)
+ TODO: check
+CVE-2024-29142 (Improper Neutralization of Input During Web Page Generation ('Cross-si ...)
+ TODO: check
+CVE-2024-29141 (Improper Neutralization of Input During Web Page Generation ('Cross-si ...)
+ TODO: check
+CVE-2024-29140 (Improper Neutralization of Input During Web Page Generation ('Cross-si ...)
+ TODO: check
+CVE-2024-29139 (Improper Neutralization of Input During Web Page Generation ('Cross-si ...)
+ TODO: check
+CVE-2024-29138 (Improper Neutralization of Input During Web Page Generation ('Cross-si ...)
+ TODO: check
+CVE-2024-29137 (Improper Neutralization of Input During Web Page Generation ('Cross-si ...)
+ TODO: check
+CVE-2024-29136 (Deserialization of Untrusted Data vulnerability in Themefic Tourfic.Th ...)
+ TODO: check
+CVE-2024-29135 (Unrestricted Upload of File with Dangerous Type vulnerability in Tourf ...)
+ TODO: check
+CVE-2024-29134 (Improper Neutralization of Input During Web Page Generation ('Cross-si ...)
+ TODO: check
+CVE-2024-29130 (Improper Neutralization of Input During Web Page Generation ('Cross-si ...)
+ TODO: check
+CVE-2024-29129 (Improper Neutralization of Input During Web Page Generation ('Cross-si ...)
+ TODO: check
+CVE-2024-29128 (Improper Neutralization of Input During Web Page Generation ('Cross-si ...)
+ TODO: check
+CVE-2024-29127 (Improper Neutralization of Input During Web Page Generation ('Cross-si ...)
+ TODO: check
+CVE-2024-29126 (Improper Neutralization of Input During Web Page Generation ('Cross-si ...)
+ TODO: check
+CVE-2024-29125 (Improper Neutralization of Input During Web Page Generation ('Cross-si ...)
+ TODO: check
+CVE-2024-29124 (Improper Neutralization of Input During Web Page Generation ('Cross-si ...)
+ TODO: check
+CVE-2024-29123 (Improper Neutralization of Input During Web Page Generation ('Cross-si ...)
+ TODO: check
+CVE-2024-29122 (Improper Neutralization of Input During Web Page Generation ('Cross-si ...)
+ TODO: check
+CVE-2024-29121 (Improper Neutralization of Input During Web Page Generation ('Cross-si ...)
+ TODO: check
+CVE-2024-29118 (Improper Neutralization of Input During Web Page Generation ('Cross-si ...)
+ TODO: check
+CVE-2024-29117 (Improper Neutralization of Input During Web Page Generation ('Cross-si ...)
+ TODO: check
+CVE-2024-29116 (Improper Neutralization of Input During Web Page Generation ('Cross-si ...)
+ TODO: check
+CVE-2024-29115 (Improper Neutralization of Input During Web Page Generation ('Cross-si ...)
+ TODO: check
+CVE-2024-29114 (Improper Neutralization of Input During Web Page Generation ('Cross-si ...)
+ TODO: check
+CVE-2024-29113 (Improper Neutralization of Input During Web Page Generation ('Cross-si ...)
+ TODO: check
+CVE-2024-29112 (Improper Neutralization of Input During Web Page Generation ('Cross-si ...)
+ TODO: check
+CVE-2024-29111 (Improper Neutralization of Input During Web Page Generation ('Cross-si ...)
+ TODO: check
+CVE-2024-29110 (Improper Neutralization of Input During Web Page Generation ('Cross-si ...)
+ TODO: check
+CVE-2024-29109 (Improper Neutralization of Input During Web Page Generation ('Cross-si ...)
+ TODO: check
+CVE-2024-29108 (Improper Neutralization of Input During Web Page Generation ('Cross-si ...)
+ TODO: check
+CVE-2024-29107 (Improper Neutralization of Input During Web Page Generation ('Cross-si ...)
+ TODO: check
+CVE-2024-29106 (Improper Neutralization of Input During Web Page Generation ('Cross-si ...)
+ TODO: check
+CVE-2024-29105 (Improper Neutralization of Input During Web Page Generation ('Cross-si ...)
+ TODO: check
+CVE-2024-29104 (Improper Neutralization of Input During Web Page Generation ('Cross-si ...)
+ TODO: check
+CVE-2024-29103 (Improper Neutralization of Input During Web Page Generation ('Cross-si ...)
+ TODO: check
+CVE-2024-29102 (Improper Neutralization of Input During Web Page Generation ('Cross-si ...)
+ TODO: check
+CVE-2024-29101 (Improper Neutralization of Input During Web Page Generation ('Cross-si ...)
+ TODO: check
+CVE-2024-29099 (Improper Neutralization of Input During Web Page Generation ('Cross-si ...)
+ TODO: check
+CVE-2024-29098 (Improper Neutralization of Input During Web Page Generation ('Cross-si ...)
+ TODO: check
+CVE-2024-29097 (Improper Neutralization of Input During Web Page Generation ('Cross-si ...)
+ TODO: check
+CVE-2024-29096 (Improper Neutralization of Input During Web Page Generation ('Cross-si ...)
+ TODO: check
+CVE-2024-29095 (Improper Neutralization of Input During Web Page Generation ('Cross-si ...)
+ TODO: check
+CVE-2024-29094 (Improper Neutralization of Input During Web Page Generation ('Cross-si ...)
+ TODO: check
+CVE-2024-29093 (Cross-Site Request Forgery (CSRF) vulnerability in Tobias Conrad Build ...)
+ TODO: check
+CVE-2024-29092 (Improper Neutralization of Input During Web Page Generation ('Cross-si ...)
+ TODO: check
+CVE-2024-29091 (Improper Neutralization of Input During Web Page Generation ('Cross-si ...)
+ TODO: check
+CVE-2024-29089 (Improper Neutralization of Input During Web Page Generation ('Cross-si ...)
+ TODO: check
+CVE-2024-29027 (Parse Server is an open source backend that can be deployed to any inf ...)
+ TODO: check
+CVE-2024-28734 (Cross Site Scripting vulnerability in Unit4 Financials by Coda v.2024Q ...)
+ TODO: check
+CVE-2024-28595 (SQL Injection vulnerability in Employee Management System v1.0 allows ...)
+ TODO: check
+CVE-2024-28394 (An issue in Advanced Plugins reportsstatistics v1.3.20 and before allo ...)
+ TODO: check
+CVE-2024-28303 (Open Source Medicine Ordering System v1.0 was discovered to contain a ...)
+ TODO: check
+CVE-2024-27998 (Improper Neutralization of Input During Web Page Generation ('Cross-si ...)
+ TODO: check
+CVE-2024-27997 (Improper Neutralization of Input During Web Page Generation ('Cross-si ...)
+ TODO: check
+CVE-2024-27996 (Improper Neutralization of Input During Web Page Generation ('Cross-si ...)
+ TODO: check
+CVE-2024-21677 (This High severity Path Traversal vulnerability was introduced in vers ...)
+ TODO: check
+CVE-2024-1401 (The Profile Box Shortcode And Widget WordPress plugin before 1.2.1 doe ...)
+ TODO: check
+CVE-2024-1146 (Cross-Site Scripting vulnerability in Devklan's Alma Blog that affects ...)
+ TODO: check
+CVE-2024-1145 (User enumeration vulnerability in Devklan's Alma Blog that affects ver ...)
+ TODO: check
+CVE-2024-1144 (Improper access control vulnerability in Devklan's Alma Blog that affe ...)
+ TODO: check
+CVE-2024-0450 (An issue was found in the CPython `zipfile` module affecting versions ...)
+ TODO: check
+CVE-2023-6597 (An issue was found in the CPython `tempfile.TemporaryDirectory` class ...)
+ TODO: check
+CVE-2023-50966 (erlang-jose (aka JOSE for Erlang and Elixir) through 1.11.6 allow atta ...)
+ TODO: check
+CVE-2023-4426
+ REJECTED
+CVE-2023-44092 (Improper Neutralization of Special Elements used in an OS Command ('OS ...)
+ TODO: check
+CVE-2023-44091 (Improper Neutralization of Special Elements used in an SQL Command ('S ...)
+ TODO: check
+CVE-2023-44090 (Improper Neutralization of Special Elements used in an SQL Command ('S ...)
+ TODO: check
+CVE-2023-42920 (Claris International has fixed a dylib hijacking vulnerability in the ...)
+ TODO: check
+CVE-2023-41793 (: Path Traversal vulnerability in Pandora FMS on all allows Path Trave ...)
+ TODO: check
+CVE-2023-40279 (An issue was discovered in OpenClinic GA 5.247.01. An attacker can per ...)
+ TODO: check
+CVE-2023-40278 (An issue was discovered in OpenClinic GA 5.247.01. An Information Disc ...)
+ TODO: check
+CVE-2023-32260 (Misinterpretation of Input vulnerability in OpenText\u2122 Service Man ...)
+ TODO: check
+CVE-2023-32259 (Insufficient Granularity of Access Control vulnerability in OpenText\u ...)
+ TODO: check
+CVE-2024-27439 (An error in the evaluation of the fetch metadata headers could allow a ...)
NOT-FOR-US: Apache Wicket
-CVE-2024-24683
+CVE-2024-24683 (Improper Input Validation vulnerability in Apache Hop Engine.This issu ...)
NOT-FOR-US: Apache Hop Engine
-CVE-2024-2616
+CVE-2024-2616 (To harden ICU against exploitation, the behavior for out-of-memory con ...)
- firefox-esr <unfixed>
- thunderbird 1:115.9.0-1
NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2024-13/#CVE-2024-2616
NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2024-14/#CVE-2024-2616
-CVE-2024-2615
+CVE-2024-2615 (Memory safety bugs present in Firefox 123. Some of these bugs showed e ...)
- firefox <unfixed>
NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2024-12/#CVE-2024-2615
-CVE-2024-2614
+CVE-2024-2614 (Memory safety bugs present in Firefox 123, Firefox ESR 115.8, and Thun ...)
- firefox <unfixed>
- firefox-esr <unfixed>
- thunderbird 1:115.9.0-1
NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2024-12/#CVE-2024-2614
NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2024-13/#CVE-2024-2614
NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2024-14/#CVE-2024-2614
-CVE-2024-2613
+CVE-2024-2613 (Data was not properly sanitized when decoding a QUIC ACK frame; this c ...)
- firefox <unfixed>
NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2024-12/#CVE-2024-2613
-CVE-2024-2612
+CVE-2024-2612 (If an attacker could find a way to trigger a particular code path in ` ...)
- firefox <unfixed>
- firefox-esr <unfixed>
- thunderbird 1:115.9.0-1
NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2024-12/#CVE-2024-2612
NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2024-13/#CVE-2024-2612
NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2024-14/#CVE-2024-2612
-CVE-2024-2611
+CVE-2024-2611 (A missing delay on when pointer lock was used could have allowed a mal ...)
- firefox <unfixed>
- firefox-esr <unfixed>
- thunderbird 1:115.9.0-1
NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2024-12/#CVE-2024-2611
NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2024-13/#CVE-2024-2611
NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2024-14/#CVE-2024-2611
-CVE-2024-2610
+CVE-2024-2610 (Using a markup injection an attacker could have stolen nonce values. T ...)
- firefox <unfixed>
- firefox-esr <unfixed>
- thunderbird 1:115.9.0-1
NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2024-12/#CVE-2024-2610
NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2024-13/#CVE-2024-2610
NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2024-14/#CVE-2024-2610
-CVE-2024-2609
+CVE-2024-2609 (The permission prompt input delay could have expired while the window ...)
- firefox <unfixed>
NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2024-12/#CVE-2024-2609
-CVE-2024-2608
+CVE-2024-2608 (`AppendEncodedAttributeValue(), ExtraSpaceNeededForAttrEncoding()` and ...)
- firefox <unfixed>
- firefox-esr <unfixed>
- thunderbird 1:115.9.0-1
NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2024-12/#CVE-2024-2608
NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2024-13/#CVE-2024-2608
NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2024-14/#CVE-2024-2608
-CVE-2024-2607
+CVE-2024-2607 (Return registers were overwritten which could have allowed an attacker ...)
- firefox <unfixed>
- firefox-esr <unfixed>
- thunderbird 1:115.9.0-1
NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2024-12/#CVE-2024-2607
NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2024-13/#CVE-2024-2607
NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2024-14/#CVE-2024-2607
-CVE-2024-2606
+CVE-2024-2606 (Passing invalid data could have led to invalid wasm values being creat ...)
- firefox <unfixed>
NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2024-12/#CVE-2024-2606
-CVE-2024-2605
+CVE-2024-2605 (An attacker could have leveraged the Windows Error Reporter to run arb ...)
- firefox <not-affected> (Only affects Firefox on Windows)
- firefox-esr <not-affected> (Only affects Firefox ESR on Windows)
- thunderbird <not-affected> (Only affects Thunderbird on Windows)
@@ -29903,7 +30071,7 @@ CVE-2023-39333
[buster] - nodejs <not-affected> (Only affects 18.x and later)
NOTE: https://nodejs.org/en/blog/vulnerability/october-2023-security-releases#code-injection-via-webassembly-export-names-low---cve-2023-39333
NOTE: https://github.com/nodejs/node/commit/eaf9083cf1e43bd897ac8244dcc0f4e3500150ca
-CVE-2023-5388
+CVE-2023-5388 (NSS was susceptible to a timing side-channel attack when performing RS ...)
{DLA-3757-1}
- firefox <unfixed>
- firefox-esr <unfixed>
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/e34bca1c2dcf651bca7500690fe782a2bfe1be11
--
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/e34bca1c2dcf651bca7500690fe782a2bfe1be11
You're receiving this email because of your account on salsa.debian.org.
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://alioth-lists.debian.net/pipermail/debian-security-tracker-commits/attachments/20240319/33ab997d/attachment-0001.htm>
More information about the debian-security-tracker-commits
mailing list