[Git][security-tracker-team/security-tracker][master] automatic update
Salvatore Bonaccorso (@carnil)
carnil at debian.org
Fri Mar 22 20:12:40 GMT 2024
Salvatore Bonaccorso pushed to branch master at Debian Security Tracker / security-tracker
Commits:
b2e733d0 by security tracker role at 2024-03-22T20:12:27+00:00
automatic update
- - - - -
1 changed file:
- data/CVE/list
Changes:
=====================================
data/CVE/list
=====================================
@@ -1,3 +1,87 @@
+CVE-2024-2828 (A vulnerability, which was classified as critical, was found in lakern ...)
+ TODO: check
+CVE-2024-2827 (A vulnerability, which was classified as critical, has been found in l ...)
+ TODO: check
+CVE-2024-2826 (A vulnerability classified as problematic was found in lakernote EasyA ...)
+ TODO: check
+CVE-2024-2825 (A vulnerability classified as critical has been found in lakernote Eas ...)
+ TODO: check
+CVE-2024-2824 (A vulnerability was found in Matthias-Wandel jhead 3.08 and classified ...)
+ TODO: check
+CVE-2024-2823 (A vulnerability has been found in DedeCMS 5.7 and classified as proble ...)
+ TODO: check
+CVE-2024-2822 (A vulnerability, which was classified as problematic, was found in Ded ...)
+ TODO: check
+CVE-2024-2821 (A vulnerability, which was classified as problematic, has been found i ...)
+ TODO: check
+CVE-2024-2820 (A vulnerability classified as problematic was found in DedeCMS 5.7. Af ...)
+ TODO: check
+CVE-2024-2728 (Information exposure vulnerability in the CIGESv2 system. This vulnera ...)
+ TODO: check
+CVE-2024-2727 (HTML injection vulnerability affecting the CIGESv2 system, which allow ...)
+ TODO: check
+CVE-2024-2726 (Stored Cross-Site Scripting (Stored-XSS) vulnerability affecting the C ...)
+ TODO: check
+CVE-2024-2725 (Information exposure vulnerability in the CIGESv2 system. A remote att ...)
+ TODO: check
+CVE-2024-2724 (SQL injection vulnerability in the CIGESv2 system, through/ajaxServici ...)
+ TODO: check
+CVE-2024-2723 (SQL injection vulnerability in the CIGESv2 system, through/ajaxSubServ ...)
+ TODO: check
+CVE-2024-2722 (SQL injection vulnerability in the CIGESv2 system, through/ajaxConfigT ...)
+ TODO: check
+CVE-2024-2449 (A cross-site request forgery vulnerability has been identified in Load ...)
+ TODO: check
+CVE-2024-2448 (An OS command injection vulnerability has been identified in LoadMaste ...)
+ TODO: check
+CVE-2024-2228 (This vulnerability allows an authenticated user to perform a Lifecycle ...)
+ TODO: check
+CVE-2024-2227 (This vulnerability allows access to arbitrary files in the application ...)
+ TODO: check
+CVE-2024-29944 (An attacker was able to inject an event handler into a privileged obje ...)
+ TODO: check
+CVE-2024-29943 (An attacker was able to perform an out-of-bounds read or write on a Ja ...)
+ TODO: check
+CVE-2024-29865 (Logpoint before 7.1.0 allows Self-XSS on the LDAP authentication page ...)
+ TODO: check
+CVE-2024-29499 (Anchor CMS v0.12.7 was discovered to contain a Cross-Site Request Forg ...)
+ TODO: check
+CVE-2024-29385 (DIR-845L router <= v1.01KRb03 has an Unauthenticated remote code execu ...)
+ TODO: check
+CVE-2024-29366 (A command injection vulnerability exists in the cgibin binary in DIR-8 ...)
+ TODO: check
+CVE-2024-29338 (Anchor CMS v0.12.7 was discovered to contain a Cross-Site Request Forg ...)
+ TODO: check
+CVE-2024-29186 (Bref is an open-source project that helps users go serverless on Amazo ...)
+ TODO: check
+CVE-2024-29185 (FreeScout is a self-hosted help desk and shared mailbox. Versions prio ...)
+ TODO: check
+CVE-2024-29184 (FreeScout is a self-hosted help desk and shared mailbox. A Stored Cros ...)
+ TODO: check
+CVE-2024-29042 (Translate is a package that allows users to convert text to different ...)
+ TODO: check
+CVE-2024-28861 (Symfony 1 is a community-driven fork of the 1.x branch of Symfony, a P ...)
+ TODO: check
+CVE-2024-28824 (Least privilege violation and reliance on untrusted inputs in the mk_i ...)
+ TODO: check
+CVE-2024-28593 (The Chat activity in Moodle 4.3.3 allows students to insert a potentia ...)
+ TODO: check
+CVE-2024-28560 (SQL injection vulnerability in Niushop B2B2C v.5.3.3 and before allows ...)
+ TODO: check
+CVE-2024-28559 (SQL injection vulnerability in Niushop B2B2C v.5.3.3 and before allows ...)
+ TODO: check
+CVE-2024-25168 (SQL injection vulnerability in snow snow v.2.0.0 allows a remote attac ...)
+ TODO: check
+CVE-2024-1848 (Heap-based Buffer Overflow, Memory Corruption, Out-Of-Bounds Read, Out ...)
+ TODO: check
+CVE-2024-1742 (Invocation of the sqlplus command with sensitive information in the co ...)
+ TODO: check
+CVE-2024-0638 (Least privilege violation in the Checkmk agent plugins mk_oracle, mk_o ...)
+ TODO: check
+CVE-2023-4063 (Certain HP OfficeJet Pro printers are potentially vulnerable to a Deni ...)
+ TODO: check
+CVE-2023-41099 (In the Windows installer in Atos Eviden CardOS API before 5.5.5.2811, ...)
+ TODO: check
CVE-2024-2817 (A vulnerability, which was classified as problematic, has been found i ...)
NOT-FOR-US: Tenda
CVE-2024-2816 (A vulnerability classified as problematic was found in Tenda AC15 15.0 ...)
@@ -4150,7 +4234,7 @@ CVE-2024-24783 (Verifying a certificate chain which contains a certificate with
NOTE: https://github.com/golang/go/commit/be5b52bea674190ef7de272664be6c7ae93ec5a0 (go1.21.8)
CVE-2024-1979 (A vulnerability was found in Quarkus. In certain conditions related to ...)
NOT-FOR-US: Quarkus
-CVE-2023-5685 [StackOverflowException when the chain of notifier states becomes problematically big]
+CVE-2023-5685 (A flaw was found in XNIO. The XNIO NotifierState that can cause a Stac ...)
- jboss-xnio <unfixed> (bug #1065847)
[bookworm] - jboss-xnio <no-dsa> (Minor issue)
[bullseye] - jboss-xnio <no-dsa> (Minor issue)
@@ -28619,6 +28703,7 @@ CVE-2023-46352 (In the module "Pixel Plus: Events + CAPI + Pixel Catalog for Fac
CVE-2023-46176 (IBM MQ Appliance 9.3 CD could allow a local attacker to gain elevated ...)
NOT-FOR-US: IBM
CVE-2023-44271 (An issue was discovered in Pillow before 10.0.0. It is a Denial of Ser ...)
+ {DLA-3768-1}
- pillow 10.0.0-1
[bookworm] - pillow <no-dsa> (Minor issue)
[bullseye] - pillow <no-dsa> (Minor issue)
@@ -45185,7 +45270,8 @@ CVE-2023-3577 (Mattermost fails to properly restrict requests tolocalhost/intran
- mattermost-server <itp> (bug #823556)
CVE-2023-3459 (The Export and Import Users and Customers plugin for WordPress is vuln ...)
NOT-FOR-US: WordPress plugin
-CVE-2023-3418 (The Querlo Chatbot WordPress plugin through 1.2.4 does not escape or s ...)
+CVE-2023-3418
+ REJECTED
NOT-FOR-US: WordPress plugin
CVE-2023-3403 (The ProfileGrid plugin for WordPress is vulnerable to unauthorized mod ...)
NOT-FOR-US: WordPress plugin
@@ -58406,7 +58492,7 @@ CVE-2023-29582 (yasm 1.3.0.55.g101bc was discovered to contain a stack overflow
- yasm <unfixed> (unimportant)
NOTE: https://github.com/yasm/yasm/issues/217
NOTE: Crash in CLI tool, no security impact
-CVE-2023-29581 (yasm 1.3.0.55.g101bc was discovered to contain a segmentation violatio ...)
+CVE-2023-29581 (yasm 1.3.0.55.g101bc has a segmentation violation in the function dele ...)
- yasm <unfixed> (unimportant)
NOTE: https://github.com/yasm/yasm/issues/216
NOTE: Crash in CLI tool, no security impact
@@ -78180,8 +78266,8 @@ CVE-2023-23351
RESERVED
CVE-2023-23350
RESERVED
-CVE-2023-23349
- RESERVED
+CVE-2023-23349 (Kaspersky has fixed a security issue in Kaspersky Password Manager (KP ...)
+ TODO: check
CVE-2023-0229 (A flaw was found in github.com/openshift/apiserver-library-go, used in ...)
NOT-FOR-US: OpenShift
CVE-2023-0228 (Improper Authentication vulnerability in ABB Symphony Plus S+ Operatio ...)
@@ -129470,18 +129556,18 @@ CVE-2022-32758
RESERVED
CVE-2022-32757 (IBM Security Directory Suite VA 8.0.1 through 8.0.1.19 uses an inadequ ...)
NOT-FOR-US: IBM
-CVE-2022-32756
- RESERVED
+CVE-2022-32756 (IBM Security Verify Directory 10.0.0 could allow a remote attacker to ...)
+ TODO: check
CVE-2022-32755 (IBM Security Directory Server 6.4.0 is vulnerable to an XML External E ...)
NOT-FOR-US: IBM
-CVE-2022-32754
- RESERVED
-CVE-2022-32753
- RESERVED
+CVE-2022-32754 (IBM Security Verify Directory 10.0.0 is vulnerable to cross-site scrip ...)
+ TODO: check
+CVE-2022-32753 (IBM Security Verify Directory 10.0.0 uses weaker than expected cryptog ...)
+ TODO: check
CVE-2022-32752 (IBM Security Directory Suite VA 8.0.1 through 8.0.1.19 could allow a r ...)
NOT-FOR-US: IBM
-CVE-2022-32751
- RESERVED
+CVE-2022-32751 (IBM Security Verify Directory 10.0.0 could disclose sensitive server i ...)
+ TODO: check
CVE-2022-32750 (IBM DataPower Gateway 10.0.2.0 through 10.0.4.0, 10.0.1.0 through 10.0 ...)
NOT-FOR-US: IBM
CVE-2022-32749 (Improper Check for Unusual or Exceptional Conditions vulnerability han ...)
@@ -160673,7 +160759,7 @@ CVE-2022-22818 (The {% debug %} template tag in Django 2.2 before 2.2.27, 3.2 be
NOTE: https://github.com/django/django/commit/1a1e8278c46418bde24c86a65443b0674bae65e2 (3.2.12)
NOTE: https://github.com/django/django/commit/c27a7eb9f40b64990398978152e62b6ff839c2e6 (2.2.27)
CVE-2022-22817 (PIL.ImageMath.eval in Pillow before 9.0.0 allows evaluation of arbitra ...)
- {DSA-5053-1 DLA-2893-1}
+ {DSA-5053-1 DLA-3768-1 DLA-2893-1}
- pillow 9.0.0-1
NOTE: https://pillow.readthedocs.io/en/stable/releasenotes/9.0.0.html#restrict-builtins-available-to-imagemath-eval
NOTE: https://github.com/python-pillow/Pillow/commit/8531b01d6cdf0b70f256f93092caa2a5d91afc11 (9.0.0)
@@ -226091,6 +226177,7 @@ CVE-2021-23439 (This affects the package file-upload-with-preview before 4.2.0.
CVE-2021-23438 (This affects the package mpath before 0.8.4. A type confusion vulnerab ...)
NOT-FOR-US: Node mpath
CVE-2021-23437 (The package pillow 5.2.0 and before 8.3.2 are vulnerable to Regular Ex ...)
+ {DLA-3768-1}
- pillow 8.3.2-1
[bullseye] - pillow <no-dsa> (Minor issue)
[stretch] - pillow <postponed> (Minor issue, can be fixed in the next DLA)
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/b2e733d0724efaea32f12879744c0a62e83c363f
--
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/b2e733d0724efaea32f12879744c0a62e83c363f
You're receiving this email because of your account on salsa.debian.org.
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://alioth-lists.debian.net/pipermail/debian-security-tracker-commits/attachments/20240322/6832ddf5/attachment.htm>
More information about the debian-security-tracker-commits
mailing list