[Git][security-tracker-team/security-tracker][master] automatic update
Salvatore Bonaccorso (@carnil)
carnil at debian.org
Tue Mar 26 20:12:39 GMT 2024
Salvatore Bonaccorso pushed to branch master at Debian Security Tracker / security-tracker
Commits:
bfa62c8e by security tracker role at 2024-03-26T20:12:19+00:00
automatic update
- - - - -
1 changed file:
- data/CVE/list
Changes:
=====================================
data/CVE/list
=====================================
@@ -1,3 +1,175 @@
+CVE-2024-30235 (Missing Authorization vulnerability in Themeisle Multiple Page Generat ...)
+ TODO: check
+CVE-2024-30234 (Missing Authorization vulnerability in Wholesale Team WholesaleX.This ...)
+ TODO: check
+CVE-2024-30233 (Exposure of Sensitive Information to an Unauthorized Actor vulnerabili ...)
+ TODO: check
+CVE-2024-30232 (Improper Neutralization of Input During Web Page Generation ('Cross-si ...)
+ TODO: check
+CVE-2024-30231 (Unrestricted Upload of File with Dangerous Type vulnerability in WebTo ...)
+ TODO: check
+CVE-2024-2955 (T.38 dissector crash in Wireshark 4.2.0 to 4.0.3 and 4.0.0 to 4.0.13 a ...)
+ TODO: check
+CVE-2024-2951 (Cross-Site Request Forgery (CSRF) vulnerability in Metagauss Registrat ...)
+ TODO: check
+CVE-2024-2929 (A memory corruption vulnerability in Rockwell Automation Arena Simulat ...)
+ TODO: check
+CVE-2024-2921 (Improper access control in PAM vault permissions in Devolutions Server ...)
+ TODO: check
+CVE-2024-2915 (Improper access control in PAM JIT elevation in Devolutions Server 202 ...)
+ TODO: check
+CVE-2024-2906 (Missing Authorization vulnerability in SoftLab Radio Player.This issue ...)
+ TODO: check
+CVE-2024-2904 (Cross-Site Request Forgery (CSRF) vulnerability in Extend Themes Calli ...)
+ TODO: check
+CVE-2024-2902 (A vulnerability was found in Tenda AC7 15.03.06.44 and classified as c ...)
+ TODO: check
+CVE-2024-2901 (A vulnerability has been found in Tenda AC7 15.03.06.44 and classified ...)
+ TODO: check
+CVE-2024-2900 (A vulnerability, which was classified as critical, was found in Tenda ...)
+ TODO: check
+CVE-2024-2899 (A vulnerability, which was classified as critical, has been found in T ...)
+ TODO: check
+CVE-2024-2898 (A vulnerability classified as critical was found in Tenda AC7 15.03.06 ...)
+ TODO: check
+CVE-2024-2897 (A vulnerability classified as critical has been found in Tenda AC7 15. ...)
+ TODO: check
+CVE-2024-2896 (A vulnerability was found in Tenda AC7 15.03.06.44. It has been rated ...)
+ TODO: check
+CVE-2024-2895 (A vulnerability was found in Tenda AC7 15.03.06.44. It has been declar ...)
+ TODO: check
+CVE-2024-2894 (A vulnerability was found in Tenda AC7 15.03.06.44. It has been classi ...)
+ TODO: check
+CVE-2024-2893 (A vulnerability was found in Tenda AC7 15.03.06.44 and classified as c ...)
+ TODO: check
+CVE-2024-2892 (A vulnerability has been found in Tenda AC7 15.03.06.44 and classified ...)
+ TODO: check
+CVE-2024-2891 (A vulnerability, which was classified as critical, was found in Tenda ...)
+ TODO: check
+CVE-2024-2802
+ REJECTED
+CVE-2024-2452 (In Eclipse ThreadX NetX Duo before 6.4.0, if an attacker can control ...)
+ TODO: check
+CVE-2024-2214 (In Eclipse ThreadX before version 6.4.0, the _Mtxinit() function in th ...)
+ TODO: check
+CVE-2024-2212 (In Eclipse ThreadX before 6.4.0, xQueueCreate() and xQueueCreateSet() ...)
+ TODO: check
+CVE-2024-29883 (CreateWiki is Miraheze's MediaWiki extension for requesting & creating ...)
+ TODO: check
+CVE-2024-29881 (TinyMCE is an open source rich text editor. A cross-site scripting (X ...)
+ TODO: check
+CVE-2024-29833 (The image upload component allows SVG files and the regular expression ...)
+ TODO: check
+CVE-2024-29832 (The current_url parameter of the AJAX call to the GalleryBox action of ...)
+ TODO: check
+CVE-2024-29810 (The thumb_url parameter of the AJAX call to the editimage_bwg action o ...)
+ TODO: check
+CVE-2024-29809 (The image_url parameter of the AJAX call to the editimage_bwg action o ...)
+ TODO: check
+CVE-2024-29808 (The image_id parameter of the AJAX call to the editimage_bwg action of ...)
+ TODO: check
+CVE-2024-29684 (DedeCMS v5.7 was discovered to contain a Cross-Site Request Forgery (C ...)
+ TODO: check
+CVE-2024-29644 (Cross Site Scripting vulnerability in dcat-admin v.2.1.3 and before al ...)
+ TODO: check
+CVE-2024-29401 (xzs-mysql 3.8 is vulnerable to Insufficient Session Expiration, which ...)
+ TODO: check
+CVE-2024-29203 (TinyMCE is an open source rich text editor. Across-site scripting (XSS ...)
+ TODO: check
+CVE-2024-29197 (Pimcore is an Open Source Data & Experience Management Platform. Any c ...)
+ TODO: check
+CVE-2024-28442 (Directory Traversal vulnerability in Yealink VP59 v.91.15.0.118 allows ...)
+ TODO: check
+CVE-2024-28131 (EasyRange Ver 1.41 contains an issue with the executable file search p ...)
+ TODO: check
+CVE-2024-28126 (Cross-site scripting vulnerability exists in 0ch BBS Script ver.4.00. ...)
+ TODO: check
+CVE-2024-28093 (The TELNET service of AdTran NetVanta 3120 18.01.01.00.E devices is en ...)
+ TODO: check
+CVE-2024-28048 (OS command injection vulnerability exists in ffBull ver.4.11, which ma ...)
+ TODO: check
+CVE-2024-28034 (Cross-site scripting vulnerability exists in Mini Thread Version 3.33\ ...)
+ TODO: check
+CVE-2024-28033 (OS command injection vulnerability exists in WebProxy 1.7.8 and 1.7.9, ...)
+ TODO: check
+CVE-2024-26018 (Cross-site scripting vulnerability exists in TvRock 0.9t8a. An arbitra ...)
+ TODO: check
+CVE-2024-25958 (Dell Grab for Windows, versions up to and including 5.0.4, contain Wea ...)
+ TODO: check
+CVE-2024-25957 (Dell Grab for Windows, versions 5.0.4 and below, contains a cleartext ...)
+ TODO: check
+CVE-2024-25956 (Dell Grab for Windows, versions 5.0.4 and below, contains an improper ...)
+ TODO: check
+CVE-2024-24805 (Missing Authorization vulnerability in Deepak anand WP Dummy Content G ...)
+ TODO: check
+CVE-2024-24799 (Missing Authorization vulnerability in WooCommerce WooCommerce Box Off ...)
+ TODO: check
+CVE-2024-24719 (Missing Authorization vulnerability in Uriahs Victor Location Picker a ...)
+ TODO: check
+CVE-2024-24718 (Missing Authorization vulnerability in PropertyHive.This issue affects ...)
+ TODO: check
+CVE-2024-24711 (Missing Authorization vulnerability in weDevs WooCommerce Conversion T ...)
+ TODO: check
+CVE-2024-23722 (In Fluent Bit 2.1.8 through 2.2.1, a NULL pointer dereference can be c ...)
+ TODO: check
+CVE-2024-23520 (Missing Authorization vulnerability in AccessAlly PopupAlly.This issue ...)
+ TODO: check
+CVE-2024-23482 (The ZScaler service is susceptible to a local privilege escalation vul ...)
+ TODO: check
+CVE-2024-22436 (A security vulnerability in HPE IceWall Agent products could be exploi ...)
+ TODO: check
+CVE-2024-22356 (IBM App Connect Enterprise 11.0.0.1 through 11.0.0.23, 12.0.1.0 throug ...)
+ TODO: check
+CVE-2024-22156 (Missing Authorization vulnerability in SNP Digital SalesKing.This issu ...)
+ TODO: check
+CVE-2024-21920 (A memory buffer vulnerability in Rockwell Automation Arena Simulation ...)
+ TODO: check
+CVE-2024-21919 (An uninitialized pointer in Rockwell Automation Arena Simulation softw ...)
+ TODO: check
+CVE-2024-21918 (A memory buffer vulnerability in Rockwell Automation Arena Simulation ...)
+ TODO: check
+CVE-2024-21913 (A heap-based memory buffer overflow vulnerability in Rockwell Automati ...)
+ TODO: check
+CVE-2024-21912 (An arbitrary code execution vulnerability in Rockwell Automation Arena ...)
+ TODO: check
+CVE-2024-1933 (Insecure UNIX Symbolic Link (Symlink) Following in TeamViewer Remote C ...)
+ TODO: check
+CVE-2024-1455 (The XMLOutputParser in LangChain uses the etree module from the XML pa ...)
+ TODO: check
+CVE-2024-1313 (It is possible for a user in a different organization from the owner o ...)
+ TODO: check
+CVE-2023-7251 (Improper Neutralization of Input During Web Page Generation ('Cross-si ...)
+ TODO: check
+CVE-2023-6091 (Unrestricted Upload of File with Dangerous Type vulnerability in mndps ...)
+ TODO: check
+CVE-2023-52214 (Missing Authorization vulnerability in voidCoders Void Contact Form 7 ...)
+ TODO: check
+CVE-2023-50895 (In Janitza GridVis through 9.0.66, exposed dangerous methods in the de ...)
+ TODO: check
+CVE-2023-50894 (In Janitza GridVis through 9.0.66, use of hard-coded credentials in th ...)
+ TODO: check
+CVE-2023-49838 (Cross-Site Request Forgery (CSRF) vulnerability in KlbTheme Clotya the ...)
+ TODO: check
+CVE-2023-47150 (IBM Common Cryptographic Architecture (CCA) 7.0.0 through 7.5.36 could ...)
+ TODO: check
+CVE-2023-45771 (Improper Neutralization of Input During Web Page Generation ('Cross-si ...)
+ TODO: check
+CVE-2023-44989 (Insertion of Sensitive Information into Log File vulnerability in GShe ...)
+ TODO: check
+CVE-2023-41973 (ZSATray passes the previousInstallerName as a config parameter to Tray ...)
+ TODO: check
+CVE-2023-41972 (In some rare cases, there is a password type validation missing in Rev ...)
+ TODO: check
+CVE-2023-41969 (An arbitrary file deletion in ZSATrayManager where it protects the tem ...)
+ TODO: check
+CVE-2023-41696
+ REJECTED
+CVE-2023-33855 (Under certain conditions, RSA operations performed by IBM Common Crypt ...)
+ TODO: check
+CVE-2023-33322 (Improper Neutralization of Input During Web Page Generation ('Cross-si ...)
+ TODO: check
+CVE-2023-32237 (Improper Neutralization of Input During Web Page Generation ('Cross-si ...)
+ TODO: check
CVE-2024-2887
- chromium <unfixed>
[bullseye] - chromium <end-of-life> (see #1061268)
@@ -14,63 +186,63 @@ CVE-2024-2883
- chromium <unfixed>
[bullseye] - chromium <end-of-life> (see #1061268)
[buster] - chromium <end-of-life> (see DSA 5046)
-CVE-2024-26650 [platform/x86: p2sb: Allow p2sb_bar() calls during PCI device probe]
+CVE-2024-26650 (In the Linux kernel, the following vulnerability has been resolved: p ...)
- linux 6.6.15-1
[bookworm] - linux 6.1.76-1
[bullseye] - linux <not-affected> (Vulnerable code not present)
[buster] - linux <not-affected> (Vulnerable code not present)
NOTE: https://git.kernel.org/linus/5913320eb0b3ec88158cfcb0fa5e996bf4ef681b (6.8-rc2)
-CVE-2024-26649 [drm/amdgpu: Fix the null pointer when load rlc firmware]
+CVE-2024-26649 (In the Linux kernel, the following vulnerability has been resolved: d ...)
- linux 6.6.15-1
[bookworm] - linux <not-affected> (Vulnerable code not present)
[bullseye] - linux <not-affected> (Vulnerable code not present)
[buster] - linux <not-affected> (Vulnerable code not present)
NOTE: https://git.kernel.org/linus/bc03c02cc1991a066b23e69bbcc0f66e8f1f7453 (6.8-rc1)
-CVE-2024-26648 [drm/amd/display: Fix variable deferencing before NULL check in edp_setup_replay()]
+CVE-2024-26648 (In the Linux kernel, the following vulnerability has been resolved: d ...)
- linux 6.6.15-1
NOTE: https://git.kernel.org/linus/7073934f5d73f8b53308963cee36f0d389ea857c (6.8-rc1)
-CVE-2024-26647 [drm/amd/display: Fix late derefrence 'dsc' check in 'link_set_dsc_pps_packet()']
+CVE-2024-26647 (In the Linux kernel, the following vulnerability has been resolved: d ...)
- linux 6.6.15-1
NOTE: https://git.kernel.org/linus/3bb9b1f958c3d986ed90a3ff009f1e77e9553207 (6.8-rc1)
-CVE-2024-26646 [thermal: intel: hfi: Add syscore callbacks for system-wide PM]
+CVE-2024-26646 (In the Linux kernel, the following vulnerability has been resolved: t ...)
- linux 6.6.15-1
[bookworm] - linux 6.1.76-1
NOTE: https://git.kernel.org/linus/97566d09fd02d2ab329774bb89a2cdf2267e86d9 (6.8-rc1)
-CVE-2024-26645 [tracing: Ensure visibility when inserting an element into tracing_map]
+CVE-2024-26645 (In the Linux kernel, the following vulnerability has been resolved: t ...)
- linux 6.6.15-1
[bookworm] - linux 6.1.76-1
NOTE: https://git.kernel.org/linus/2b44760609e9eaafc9d234a6883d042fc21132a7 (6.8-rc2)
-CVE-2024-26644 [btrfs: don't abort filesystem when attempting to snapshot deleted subvolume]
+CVE-2024-26644 (In the Linux kernel, the following vulnerability has been resolved: b ...)
- linux 6.6.15-1
[bookworm] - linux 6.1.76-1
NOTE: https://git.kernel.org/linus/7081929ab2572920e94d70be3d332e5c9f97095a (6.8-rc2)
-CVE-2023-52627 [iio: adc: ad7091r: Allow users to configure device events]
+CVE-2023-52627 (In the Linux kernel, the following vulnerability has been resolved: i ...)
- linux 6.6.15-1
[bookworm] - linux 6.1.76-1
[buster] - linux <not-affected> (Vulnerable code not present)
NOTE: https://git.kernel.org/linus/020e71c7ffc25dfe29ed9be6c2d39af7bd7f661f (6.8-rc1)
-CVE-2023-52626 [net/mlx5e: Fix operation precedence bug in port timestamping napi_poll context]
+CVE-2023-52626 (In the Linux kernel, the following vulnerability has been resolved: n ...)
- linux 6.6.15-1
[bookworm] - linux <not-affected> (Vulnerable code not present)
[bullseye] - linux <not-affected> (Vulnerable code not present)
[buster] - linux <not-affected> (Vulnerable code not present)
NOTE: https://git.kernel.org/linus/3876638b2c7ebb2c9d181de1191db0de8cac143a (6.8-rc2)
-CVE-2023-52625 [drm/amd/display: Refactor DMCUB enter/exit idle interface]
+CVE-2023-52625 (In the Linux kernel, the following vulnerability has been resolved: d ...)
- linux 6.7.7-1
NOTE: https://git.kernel.org/linus/8e57c06bf4b0f51a4d6958e15e1a99c9520d00fa (6.8-rc1)
-CVE-2023-52624 [drm/amd/display: Wake DMCUB before executing GPINT commands]
+CVE-2023-52624 (In the Linux kernel, the following vulnerability has been resolved: d ...)
- linux 6.7.7-1
NOTE: https://git.kernel.org/linus/e5ffd1263dd5b44929c676171802e7b6af483f21 (6.8-rc1)
-CVE-2023-52623 [SUNRPC: Fix a suspicious RCU usage warning]
+CVE-2023-52623 (In the Linux kernel, the following vulnerability has been resolved: S ...)
- linux 6.7.7-1
NOTE: https://git.kernel.org/linus/31b62908693c90d4d07db597e685d9f25a120073 (6.8-rc1)
-CVE-2023-52622 [ext4: avoid online resizing failures due to oversized flex bg]
+CVE-2023-52622 (In the Linux kernel, the following vulnerability has been resolved: e ...)
- linux 6.7.7-1
NOTE: https://git.kernel.org/linus/5d1935ac02ca5aee364a449a35e2977ea84509b0 (6.8-rc1)
-CVE-2023-52621 [bpf: Check rcu_read_lock_trace_held() before calling bpf map helpers]
+CVE-2023-52621 (In the Linux kernel, the following vulnerability has been resolved: b ...)
- linux 6.7.7-1
NOTE: https://git.kernel.org/linus/169410eba271afc9f0fb476d996795aa26770c6d (6.8-rc1)
-CVE-2024-29735
+CVE-2024-29735 (Improper Preservation of Permissions vulnerability in Apache Airflow.T ...)
- airflow <itp> (bug #819700)
CVE-2024-2889 (Improper Neutralization of Input During Web Page Generation ('Cross-si ...)
NOT-FOR-US: WordPress plugin
@@ -2649,7 +2821,7 @@ CVE-2024-28354 (There is a command injection vulnerability in the TRENDnet TEW-8
NOT-FOR-US: TRENDnet
CVE-2024-28353 (There is a command injection vulnerability in the TRENDnet TEW-827DRU ...)
NOT-FOR-US: TRENDnet
-CVE-2024-27756 (An issue in GLPI v.10.0.12 and before allows a remote attacker to exec ...)
+CVE-2024-27756 (GLPI through 10.0.12 allows CSV injection by an attacker who is able t ...)
- glpi <removed>
NOTE: https://medium.com/%40cristiansindile/formula-injection-in-glpi-cve-2024-27756-3649c7cca092
CVE-2024-26540 (A heap-based buffer overflow in Clmg before 3.3.3 can occur via a craf ...)
@@ -4225,7 +4397,8 @@ CVE-2024-23254 (The issue was addressed with improved UI handling. This issue is
NOT-FOR-US: Apple
CVE-2024-23253 (A permissions issue was addressed with additional restrictions. This i ...)
NOT-FOR-US: Apple
-CVE-2024-23252 (The issue was addressed with improved memory handling. This issue is f ...)
+CVE-2024-23252
+ REJECTED
NOT-FOR-US: Apple
CVE-2024-23250 (An access issue was addressed with improved access restrictions. This ...)
NOT-FOR-US: Apple
@@ -66126,8 +66299,8 @@ CVE-2023-27632 (Cross-Site Request Forgery (CSRF) vulnerability in mmrs151 Daily
NOT-FOR-US: WordPress plugin
CVE-2023-27631 (Auth. (contributor+) Stored Cross-Site Scripting (XSS) vulnerability i ...)
NOT-FOR-US: WordPress plugin
-CVE-2023-27630
- RESERVED
+CVE-2023-27630 (Exposure of Sensitive Information to an Unauthorized Actor vulnerabili ...)
+ TODO: check
CVE-2023-27629 (Auth. (contributor+) Stored Cross-Site Scripting (XSS) vulnerability i ...)
NOT-FOR-US: WordPress plugin
CVE-2023-27628 (Auth. (contributor+) Stored Cross-Site Scripting (XSS) vulnerability i ...)
@@ -66710,8 +66883,8 @@ CVE-2023-27461 (Cross-Site Request Forgery (CSRF) vulnerability in Yoohoo Plugin
NOT-FOR-US: WordPress plugin
CVE-2023-27460
RESERVED
-CVE-2023-27459
- RESERVED
+CVE-2023-27459 (Deserialization of Untrusted Data vulnerability in WPEverest User Regi ...)
+ TODO: check
CVE-2023-27458 (Cross-Site Request Forgery (CSRF) vulnerability in wpstream WpStream p ...)
NOT-FOR-US: WordPress plugin
CVE-2023-27457 (Cross-Site Request Forgery (CSRF) vulnerability in Passionate Brains A ...)
@@ -66748,8 +66921,8 @@ CVE-2023-27442 (Cross-Site Request Forgery (CSRF) vulnerability in Teplitsa of s
NOT-FOR-US: WordPress plugin
CVE-2023-27441 (Cross-Site Request Forgery (CSRF) vulnerability in gl_SPICE New Adman ...)
NOT-FOR-US: WordPress plugin
-CVE-2023-27440
- RESERVED
+CVE-2023-27440 (Unrestricted Upload of File with Dangerous Type vulnerability in OnThe ...)
+ TODO: check
CVE-2023-27439 (Auth. (admin+) Stored Cross-Site Scripting (XSS) vulnerability in gl_S ...)
NOT-FOR-US: WordPress plugin
CVE-2023-27438 (Cross-Site Request Forgery (CSRF) vulnerability in Evgen Yurchenko WP ...)
@@ -70708,8 +70881,8 @@ CVE-2023-25967 (Cross-Site Request Forgery (CSRF) vulnerability in PeepSo Commun
NOT-FOR-US: WordPress plugin
CVE-2023-25966
RESERVED
-CVE-2023-25965
- RESERVED
+CVE-2023-25965 (Exposure of Sensitive Information to an Unauthorized Actor vulnerabili ...)
+ TODO: check
CVE-2023-25964 (Auth. (admin+) Stored Cross-Site Scripting (XSS) vulnerability in Noah ...)
NOT-FOR-US: WordPress plugin
CVE-2023-25963 (Auth. (admin+) Stored Cross-Site Scripting (XSS) vulnerability in Joom ...)
@@ -76796,8 +76969,8 @@ CVE-2023-23993 (Cross-Site Request Forgery (CSRF) vulnerability in LionScripts.C
NOT-FOR-US: WordPress plugin
CVE-2023-23992 (Cross-Site Request Forgery (CSRF) vulnerability in AutomatorWP plugin ...)
NOT-FOR-US: WordPress plugin
-CVE-2023-23991
- RESERVED
+CVE-2023-23991 (Improper Neutralization of Special Elements used in an SQL Command ('S ...)
+ TODO: check
CVE-2023-23990
RESERVED
CVE-2023-23989
@@ -77837,8 +78010,8 @@ CVE-2023-23658
RESERVED
CVE-2023-23657 (Auth. (contributor+) Stored Cross-Site Scripting (XSS) vulnerability i ...)
NOT-FOR-US: WordPress plugin
-CVE-2023-23656
- RESERVED
+CVE-2023-23656 (Unrestricted Upload of File with Dangerous Type vulnerability in MainW ...)
+ TODO: check
CVE-2023-23655
RESERVED
CVE-2023-23654 (Auth. (admin+) Stored Cross-Site Scripting (XSS) vulnerability in Spar ...)
@@ -193023,7 +193196,7 @@ CVE-2021-36761 (The GeoAnalytics feature in Qlik Sense April 2020 patch 4 allows
CVE-2021-36760 (In accountrecoveryendpoint/recoverpassword.do in WSO2 Identity Server ...)
NOT-FOR-US: WSO2
CVE-2021-36759
- RESERVED
+ REJECTED
CVE-2021-3651
REJECTED
CVE-2021-36758 (1Password Connect server before 1.2 is missing validation checks, perm ...)
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/bfa62c8eeb13030cfdf86a7cb344c6e505462dcb
--
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/bfa62c8eeb13030cfdf86a7cb344c6e505462dcb
You're receiving this email because of your account on salsa.debian.org.
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://alioth-lists.debian.net/pipermail/debian-security-tracker-commits/attachments/20240326/52f41fce/attachment-0001.htm>
More information about the debian-security-tracker-commits
mailing list