[Git][security-tracker-team/security-tracker][master] automatic update
Salvatore Bonaccorso (@carnil)
carnil at debian.org
Thu Mar 21 20:12:42 GMT 2024
Salvatore Bonaccorso pushed to branch master at Debian Security Tracker / security-tracker
Commits:
86f41086 by security tracker role at 2024-03-21T20:12:29+00:00
automatic update
- - - - -
1 changed file:
- data/CVE/list
Changes:
=====================================
data/CVE/list
=====================================
@@ -1,30 +1,162 @@
-CVE-2024-26643 [netfilter: nf_tables: mark set as dead when unbinding anonymous set with timeout]
+CVE-2024-2742 (Operating system command injection vulnerability in Planet IGS-4215-16 ...)
+ TODO: check
+CVE-2024-2741 (Cross-Site Request Forgery (CSRF) vulnerability in Planet IGS-4215-16T ...)
+ TODO: check
+CVE-2024-2740 (Information exposure vulnerability in Planet IGS-4215-16T2S, affecting ...)
+ TODO: check
+CVE-2024-2580 (Improper Neutralization of Input During Web Page Generation ('Cross-si ...)
+ TODO: check
+CVE-2024-2579 (Improper Neutralization of Input During Web Page Generation ('Cross-si ...)
+ TODO: check
+CVE-2024-2578 (Improper Neutralization of Input During Web Page Generation ('Cross-si ...)
+ TODO: check
+CVE-2024-2494 (A flaw was found in the RPC library APIs of libvirt. The RPC server de ...)
+ TODO: check
+CVE-2024-2465 (Open redirection vulnerability in CDeX applicationallows to redirect u ...)
+ TODO: check
+CVE-2024-2464 (This issue occurs during password recovery, where a difference in mess ...)
+ TODO: check
+CVE-2024-2463 (Weak password recovery mechanism in CDeX application allows to retriev ...)
+ TODO: check
+CVE-2024-29937 (NFS in a BSD derived codebase, as used in OpenBSD through 7.4 and Free ...)
+ TODO: check
+CVE-2024-29916 (The dormakaba Saflok system before the November 2023 software update a ...)
+ TODO: check
+CVE-2024-29880 (In JetBrains TeamCity before 2023.11 users with access to the agent ma ...)
+ TODO: check
+CVE-2024-29879 (Cross-Site Scripting (XSS) vulnerability in Sentrifugo 3.2, through / ...)
+ TODO: check
+CVE-2024-29878 (Cross-Site Scripting (XSS) vulnerability in Sentrifugo 3.2, through / ...)
+ TODO: check
+CVE-2024-29877 (Cross-Site Scripting (XSS) vulnerability in Sentrifugo 3.2, through / ...)
+ TODO: check
+CVE-2024-29876 (SQL injection vulnerability in Sentrifugo 3.2, through /sentrifugo/in ...)
+ TODO: check
+CVE-2024-29875 (SQL injection vulnerability in Sentrifugo 3.2, through /sentrifugo/ind ...)
+ TODO: check
+CVE-2024-29874 (SQL injection vulnerability in Sentrifugo 3.2, through/sentrifugo/inde ...)
+ TODO: check
+CVE-2024-29873 (SQL injection vulnerability in Sentrifugo 3.2, through/sentrifugo/inde ...)
+ TODO: check
+CVE-2024-29872 (SQL injection vulnerability in Sentrifugo 3.2, through/sentrifugo/inde ...)
+ TODO: check
+CVE-2024-29871 (SQL injection vulnerability in Sentrifugo 3.2, through /sentrifugo/ind ...)
+ TODO: check
+CVE-2024-29870 (SQL injection vulnerability in Sentrifugo 3.2, through /sentrifugo/ind ...)
+ TODO: check
+CVE-2024-29866 (Datalust Seq before 2023.4.11151 and 2024 before 2024.1.11146 has Inco ...)
+ TODO: check
+CVE-2024-29732 (A SQL Injection has been found on SCAN_VISIO eDocument Suite Web Viewe ...)
+ TODO: check
+CVE-2024-29374 (A Cross-Site Scripting (XSS) vulnerability exists in the way MOODLE 3. ...)
+ TODO: check
+CVE-2024-29244 (Shenzhen Libituo Technology Co., Ltd LBT-T300-mini v1.2.9 was discover ...)
+ TODO: check
+CVE-2024-29243 (Shenzhen Libituo Technology Co., Ltd LBT-T300-mini v1.2.9 was discover ...)
+ TODO: check
+CVE-2024-29180 (Prior to versions 7.1.0, 6.1.2, and 5.3.4, the webpack-dev-middleware ...)
+ TODO: check
+CVE-2024-29019 (ESPHome is a system to control microcontrollers remotely through Home ...)
+ TODO: check
+CVE-2024-28402 (TOTOLINK X2000R before V1.0.0-B20231213.1013 contains a Stored Cross-s ...)
+ TODO: check
+CVE-2024-27995 (Improper Neutralization of Input During Web Page Generation ('Cross-si ...)
+ TODO: check
+CVE-2024-27994 (Improper Neutralization of Input During Web Page Generation ('Cross-si ...)
+ TODO: check
+CVE-2024-27993 (Improper Neutralization of Input During Web Page Generation ('Cross-si ...)
+ TODO: check
+CVE-2024-27992 (Improper Neutralization of Input During Web Page Generation ('Cross-si ...)
+ TODO: check
+CVE-2024-27991 (Improper Neutralization of Input During Web Page Generation ('Cross-si ...)
+ TODO: check
+CVE-2024-27990 (Improper Neutralization of Input During Web Page Generation ('Cross-si ...)
+ TODO: check
+CVE-2024-27989 (Improper Neutralization of Input During Web Page Generation ('Cross-si ...)
+ TODO: check
+CVE-2024-27988 (Improper Neutralization of Input During Web Page Generation ('Cross-si ...)
+ TODO: check
+CVE-2024-27985 (Deserialization of Untrusted Data vulnerability in PropertyHive.This i ...)
+ TODO: check
+CVE-2024-27970 (Missing Authorization vulnerability in BogdanFix WP SendFox.This issue ...)
+ TODO: check
+CVE-2024-27969 (Improper Neutralization of Input During Web Page Generation ('Cross-si ...)
+ TODO: check
+CVE-2024-27968 (Cross-Site Request Forgery (CSRF) vulnerability in Optimole Super Page ...)
+ TODO: check
+CVE-2024-27967 (Cross-Site Request Forgery (CSRF) vulnerability in Michael Leithold DS ...)
+ TODO: check
+CVE-2024-27966 (Improper Neutralization of Input During Web Page Generation ('Cross-si ...)
+ TODO: check
+CVE-2024-27965 (Improper Neutralization of Input During Web Page Generation ('Cross-si ...)
+ TODO: check
+CVE-2024-27964 (Unrestricted Upload of File with Dangerous Type vulnerability in Gesun ...)
+ TODO: check
+CVE-2024-27963 (Improper Neutralization of Input During Web Page Generation ('Cross-si ...)
+ TODO: check
+CVE-2024-27962 (Improper Neutralization of Input During Web Page Generation ('Cross-si ...)
+ TODO: check
+CVE-2024-27956 (Improper Neutralization of Special Elements used in an SQL Command ('S ...)
+ TODO: check
+CVE-2024-27683 (D-Link Go-RT-AC750 GORTAC750_A1_FW_v101b03 contains a stack-based buff ...)
+ TODO: check
+CVE-2024-27277 (The private key for the IBM Storage Protect Plus Server 10.1.0 through ...)
+ TODO: check
+CVE-2024-27190 (Missing Authorization vulnerability in Jean-David Daviet Download Medi ...)
+ TODO: check
+CVE-2024-25935 (Missing Authorization vulnerability in Metagauss RegistrationMagic.Thi ...)
+ TODO: check
+CVE-2024-25922 (Missing Authorization vulnerability in Peach Payments Peach Payments G ...)
+ TODO: check
+CVE-2024-25912 (Missing Authorization vulnerability in Skymoonlabs MoveTo.This issue a ...)
+ TODO: check
+CVE-2024-25908 (Missing Authorization vulnerability in JoomUnited WP Media folder.This ...)
+ TODO: check
+CVE-2024-25907 (Missing Authorization vulnerability in JoomUnited WP Media folder.This ...)
+ TODO: check
+CVE-2024-24883 (Missing Authorization vulnerability in BdThemes Prime Slider \u2013 Ad ...)
+ TODO: check
+CVE-2024-24850 (Missing Authorization vulnerability in Mark Stockton Quicksand Post Fi ...)
+ TODO: check
+CVE-2024-1727 (To prevent malicious 3rd party websites from making requests to Gradio ...)
+ TODO: check
+CVE-2023-51672 (Missing Authorization vulnerability in FunnelKit FunnelKit Checkout.Th ...)
+ TODO: check
+CVE-2023-51142 (An issue in ZKTeco BioTime v.8.5.4 and before allows a remote attacker ...)
+ TODO: check
+CVE-2023-51141 (An issue in ZKTeko BioTime v.8.5.4 and before allows a remote attacker ...)
+ TODO: check
+CVE-2023-49837 (Uncontrolled Resource Consumption vulnerability in David Artiss Code E ...)
+ TODO: check
+CVE-2023-47715 (IBM Storage Protect Plus Server 10.1.0 through 10.1.16 could allow an ...)
+ TODO: check
+CVE-2024-26643 (In the Linux kernel, the following vulnerability has been resolved: n ...)
- linux <unfixed>
[buster] - linux <not-affected> (Vulnerable code not present)
NOTE: https://git.kernel.org/linus/552705a3650bbf46a22b1adedc1b04181490fc36 (6.8)
-CVE-2024-26642 [netfilter: nf_tables: disallow anonymous set with timeout flag]
+CVE-2024-26642 (In the Linux kernel, the following vulnerability has been resolved: n ...)
- linux <unfixed>
NOTE: https://git.kernel.org/linus/16603605b667b70da974bea8216c93e7db043bf1 (6.8)
-CVE-2023-52620 [netfilter: nf_tables: disallow timeout for anonymous sets]
+CVE-2023-52620 (In the Linux kernel, the following vulnerability has been resolved: n ...)
- linux 6.4.4-1
NOTE: https://git.kernel.org/linus/e26d3009efda338f19016df4175f354a9bd0a4ab (6.4)
-CVE-2024-29131
+CVE-2024-29131 (Out-of-bounds Write vulnerability in Apache Commons Configuration.This ...)
- commons-configuration2 <unfixed>
[bookworm] - commons-configuration2 <no-dsa> (Minor issue)
[bullseye] - commons-configuration2 <no-dsa> (Minor issue)
NOTE: https://www.openwall.com/lists/oss-security/2024/03/20/4
NOTE: https://issues.apache.org/jira/browse/CONFIGURATION-840
-CVE-2024-29133
+CVE-2024-29133 (Out-of-bounds Write vulnerability in Apache Commons Configuration.This ...)
- commons-configuration2 <unfixed>
[bookworm] - commons-configuration2 <no-dsa> (Minor issue)
[bullseye] - commons-configuration2 <no-dsa> (Minor issue)
NOTE: https://issues.apache.org/jira/browse/CONFIGURATION-841
NOTE: https://www.openwall.com/lists/oss-security/2024/03/20/3
-CVE-2024-1394
+CVE-2024-1394 (A memory leak flaw was found in Golang in the RSA encrypting/decryptin ...)
NOT-FOR-US: golang-fips
-CVE-2024-26307
+CVE-2024-26307 (Possible race condition vulnerability in Apache Doris. Some of code us ...)
NOT-FOR-US: Apache Doris
-CVE-2024-27438
+CVE-2024-27438 (Download of Code Without Integrity Check vulnerability in Apache Doris ...)
NOT-FOR-US: Apache Doris
CVE-2024-2754 (A vulnerability classified as critical has been found in SourceCodeste ...)
NOT-FOR-US: SourceCodester Complete E-Commerce Site
@@ -87,7 +219,7 @@ CVE-2024-28835 (A flaw has been discovered in GnuTLS where an application crash
NOTE: https://gitlab.com/gnutls/gnutls/-/issues/1527
NOTE: https://lists.gnupg.org/pipermail/gnutls-help/2024-March/004845.html
NOTE: https://www.gnutls.org/security-new.html#GNUTLS-SA-2024-01-23
-CVE-2024-28834
+CVE-2024-28834 (A flaw was found in GnuTLS. The Minerva attack is a cryptographic vuln ...)
- gnutls28 <unfixed>
NOTE: https://gitlab.com/gnutls/gnutls/-/issues/1516
NOTE: https://lists.gnupg.org/pipermail/gnutls-help/2024-March/004845.html
@@ -660,6 +792,7 @@ CVE-2024-27439 (An error in the evaluation of the fetch metadata headers could a
CVE-2024-24683 (Improper Input Validation vulnerability in Apache Hop Engine.This issu ...)
NOT-FOR-US: Apache Hop Engine
CVE-2024-2616 (To harden ICU against exploitation, the behavior for out-of-memory con ...)
+ {DSA-5644-1 DSA-5643-1}
- firefox-esr 115.9.0esr-1
- thunderbird 1:115.9.0-1
NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2024-13/#CVE-2024-2616
@@ -668,6 +801,7 @@ CVE-2024-2615 (Memory safety bugs present in Firefox 123. Some of these bugs sho
- firefox 124.0-1
NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2024-12/#CVE-2024-2615
CVE-2024-2614 (Memory safety bugs present in Firefox 123, Firefox ESR 115.8, and Thun ...)
+ {DSA-5644-1 DSA-5643-1}
- firefox 124.0-1
- firefox-esr 115.9.0esr-1
- thunderbird 1:115.9.0-1
@@ -678,6 +812,7 @@ CVE-2024-2613 (Data was not properly sanitized when decoding a QUIC ACK frame; t
- firefox 124.0-1
NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2024-12/#CVE-2024-2613
CVE-2024-2612 (If an attacker could find a way to trigger a particular code path in ` ...)
+ {DSA-5644-1 DSA-5643-1}
- firefox 124.0-1
- firefox-esr 115.9.0esr-1
- thunderbird 1:115.9.0-1
@@ -685,6 +820,7 @@ CVE-2024-2612 (If an attacker could find a way to trigger a particular code path
NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2024-13/#CVE-2024-2612
NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2024-14/#CVE-2024-2612
CVE-2024-2611 (A missing delay on when pointer lock was used could have allowed a mal ...)
+ {DSA-5644-1 DSA-5643-1}
- firefox 124.0-1
- firefox-esr 115.9.0esr-1
- thunderbird 1:115.9.0-1
@@ -692,6 +828,7 @@ CVE-2024-2611 (A missing delay on when pointer lock was used could have allowed
NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2024-13/#CVE-2024-2611
NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2024-14/#CVE-2024-2611
CVE-2024-2610 (Using a markup injection an attacker could have stolen nonce values. T ...)
+ {DSA-5644-1 DSA-5643-1}
- firefox 124.0-1
- firefox-esr 115.9.0esr-1
- thunderbird 1:115.9.0-1
@@ -702,6 +839,7 @@ CVE-2024-2609 (The permission prompt input delay could have expired while the wi
- firefox 124.0-1
NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2024-12/#CVE-2024-2609
CVE-2024-2608 (`AppendEncodedAttributeValue(), ExtraSpaceNeededForAttrEncoding()` and ...)
+ {DSA-5644-1 DSA-5643-1}
- firefox 124.0-1
- firefox-esr 115.9.0esr-1
- thunderbird 1:115.9.0-1
@@ -709,6 +847,7 @@ CVE-2024-2608 (`AppendEncodedAttributeValue(), ExtraSpaceNeededForAttrEncoding()
NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2024-13/#CVE-2024-2608
NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2024-14/#CVE-2024-2608
CVE-2024-2607 (Return registers were overwritten which could have allowed an attacker ...)
+ {DSA-5644-1 DSA-5643-1}
- firefox 124.0-1
- firefox-esr 115.9.0esr-1
- thunderbird 1:115.9.0-1
@@ -4069,6 +4208,7 @@ CVE-2024-20830 (Incorrect default permission in AppLock prior to SMR MAr-2024 Re
CVE-2024-20829 (Missing proper interaction for opening deeplink in Samsung Internet pr ...)
NOT-FOR-US: Samsung
CVE-2024-1936 (The encrypted subject of an email message could be incorrectly and per ...)
+ {DSA-5644-1}
- thunderbird 1:115.8.1-1
NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2024-11/#CVE-2024-1936
CVE-2024-1782 (The Blue Triad EZAnalytics plugin for WordPress is vulnerable to Refle ...)
@@ -13825,7 +13965,7 @@ CVE-2024-0744 (In some circumstances, JIT compiled code could have dereferenced
- firefox 122.0-1
NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2024-01/#CVE-2024-0744
CVE-2024-0743 (An unchecked return value in TLS handshake code could have caused a po ...)
- {DLA-3757-1}
+ {DSA-5644-1 DSA-5643-1 DLA-3757-1}
- firefox 122.0-1
- firefox-esr 115.9.0esr-1
- nss 2:3.96.1-1
@@ -30557,7 +30697,7 @@ CVE-2023-39333
NOTE: https://nodejs.org/en/blog/vulnerability/october-2023-security-releases#code-injection-via-webassembly-export-names-low---cve-2023-39333
NOTE: https://github.com/nodejs/node/commit/eaf9083cf1e43bd897ac8244dcc0f4e3500150ca
CVE-2023-5388 (NSS was susceptible to a timing side-channel attack when performing RS ...)
- {DLA-3757-1}
+ {DSA-5644-1 DSA-5643-1 DLA-3757-1}
- firefox 124.0-1
- firefox-esr 115.9.0esr-1
- nss 2:3.98-1 (bug #1056284)
@@ -65148,8 +65288,8 @@ CVE-2023-27609
RESERVED
CVE-2023-27608
RESERVED
-CVE-2023-27607
- RESERVED
+CVE-2023-27607 (Missing Authorization vulnerability in WP Swings Points and Rewards fo ...)
+ TODO: check
CVE-2023-27606 (Cross-Site Request Forgery (CSRF) vulnerability in Sajjad Hossain WP R ...)
NOT-FOR-US: WordPress plugin
CVE-2023-27605 (Improper Neutralization of Special Elements used in an SQL Command ('S ...)
@@ -83353,8 +83493,8 @@ CVE-2022-47606 (Auth. (admin+) Stored Cross-Site Scripting (XSS) vulnerability i
NOT-FOR-US: WordPress plugin
CVE-2022-47605 (Auth. SQL Injection') vulnerability in Kunal Nagar Custom 404 Pro plug ...)
NOT-FOR-US: WordPress plugin
-CVE-2022-47604
- RESERVED
+CVE-2022-47604 (Missing Authorization vulnerability in junkcoder, ristoniinemets AJAX ...)
+ TODO: check
CVE-2022-47603 (Unauth. Reflected Cross-Site Scripting (XSS) vulnerability in wpdevart ...)
NOT-FOR-US: WordPress plugin
CVE-2022-47602 (Auth. (contributor+) Stored Cross-Site Scripting (XSS) vulnerability i ...)
@@ -94854,8 +94994,8 @@ CVE-2022-44635 (Apache Fineract allowed an authenticated user to perform remote
NOT-FOR-US: Apache Fineract
CVE-2022-44634 (Auth. (admin+) Arbitrary File Read vulnerability in S2W \u2013 Import ...)
NOT-FOR-US: WordPress plugin
-CVE-2022-44633
- RESERVED
+CVE-2022-44633 (Missing Authorization vulnerability in YITH YITH WooCommerce Gift Card ...)
+ TODO: check
CVE-2022-44632 (Auth. (admin+) Stored Cross-Site Scripting (XSS) vulnerability in Deni ...)
NOT-FOR-US: WordPress plugin
CVE-2022-44631 (Auth. (author+) Stored Cross-Site Scripting (XSS) vulnerability in 1ap ...)
@@ -95113,8 +95253,8 @@ CVE-2022-44597
RESERVED
CVE-2022-44596
RESERVED
-CVE-2022-44595
- RESERVED
+CVE-2022-44595 (Improper Authentication vulnerability in Melapress WP 2FA allows Authe ...)
+ TODO: check
CVE-2022-44594 (Auth. (admin+) Stored Cross-Site Scripting (XSS) vulnerability in Code ...)
NOT-FOR-US: WordPress plugin
CVE-2022-44593
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/86f41086bbe254354de6f0bc53959c6576693cad
--
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/86f41086bbe254354de6f0bc53959c6576693cad
You're receiving this email because of your account on salsa.debian.org.
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://alioth-lists.debian.net/pipermail/debian-security-tracker-commits/attachments/20240321/f2646cfe/attachment.htm>
More information about the debian-security-tracker-commits
mailing list