Salvatore Bonaccorso pushed to branch master at Debian Security Tracker / security-tracker
Commits:
eb60c7f7 by security tracker role at 2024-03-27T08:11:53+00:00
automatic update
- - - - -
1 changed file:
- data/CVE/list
Changes:
=====================================
data/CVE/list
=====================================
@@ -1,3 +1,283 @@
+CVE-2024-30201 (Improper Neutralization of Input During Web Page Generation ('Cross-si ...)
+ TODO: check
+CVE-2024-30199 (Improper Neutralization of Input During Web Page Generation ('Cross-si ...)
+ TODO: check
+CVE-2024-30198 (Improper Neutralization of Input During Web Page Generation ('Cross-si ...)
+ TODO: check
+CVE-2024-30197 (Improper Neutralization of Input During Web Page Generation ('Cross-si ...)
+ TODO: check
+CVE-2024-30196 (Improper Neutralization of Input During Web Page Generation ('Cross-si ...)
+ TODO: check
+CVE-2024-30195 (Improper Neutralization of Input During Web Page Generation ('Cross-si ...)
+ TODO: check
+CVE-2024-30194 (Improper Neutralization of Input During Web Page Generation ('Cross-si ...)
+ TODO: check
+CVE-2024-30193 (Improper Neutralization of Input During Web Page Generation ('Cross-si ...)
+ TODO: check
+CVE-2024-30192 (Improper Neutralization of Input During Web Page Generation ('Cross-si ...)
+ TODO: check
+CVE-2024-2971 (Out-of-bounds array write in Xpdf 4.05 and earlier, triggered by negat ...)
+ TODO: check
+CVE-2024-2956 (The Simple Ajax Chat \u2013 Add a Fast, Secure Chat Box plugin for Wor ...)
+ TODO: check
+CVE-2024-2954 (The Action Network plugin for WordPress is vulnerable to SQL Injection ...)
+ TODO: check
+CVE-2024-2945 (A vulnerability was found in Campcodes Online Examination System 1.0. ...)
+ TODO: check
+CVE-2024-2944 (A vulnerability was found in Campcodes Online Examination System 1.0 a ...)
+ TODO: check
+CVE-2024-2943 (A vulnerability has been found in Campcodes Online Examination System ...)
+ TODO: check
+CVE-2024-2942 (A vulnerability, which was classified as critical, was found in Campco ...)
+ TODO: check
+CVE-2024-2941 (A vulnerability, which was classified as critical, has been found in C ...)
+ TODO: check
+CVE-2024-2940 (A vulnerability classified as problematic was found in Campcodes Onlin ...)
+ TODO: check
+CVE-2024-2939 (A vulnerability classified as problematic has been found in Campcodes ...)
+ TODO: check
+CVE-2024-2938 (A vulnerability was found in Campcodes Online Examination System 1.0. ...)
+ TODO: check
+CVE-2024-2935 (A vulnerability, which was classified as problematic, has been found i ...)
+ TODO: check
+CVE-2024-2934 (A vulnerability classified as critical was found in SourceCodester Tod ...)
+ TODO: check
+CVE-2024-2932 (A vulnerability classified as critical has been found in SourceCodeste ...)
+ TODO: check
+CVE-2024-2930 (A vulnerability was found in SourceCodester Music Gallery Site 1.0. It ...)
+ TODO: check
+CVE-2024-2927 (A vulnerability was found in code-projects Mobile Shop 1.0. It has bee ...)
+ TODO: check
+CVE-2024-2917 (A vulnerability was found in Campcodes House Rental Management System ...)
+ TODO: check
+CVE-2024-2916 (A vulnerability was found in Campcodes House Rental Management System ...)
+ TODO: check
+CVE-2024-2911 (A vulnerability, which was classified as problematic, was found in Tia ...)
+ TODO: check
+CVE-2024-2910 (A vulnerability, which was classified as critical, has been found in R ...)
+ TODO: check
+CVE-2024-2909 (A vulnerability classified as critical was found in Ruijie RG-EG350 up ...)
+ TODO: check
+CVE-2024-2903 (A vulnerability was found in Tenda AC7 15.03.06.44. It has been classi ...)
+ TODO: check
+CVE-2024-2781 (The Elementor Website Builder Pro plugin for WordPress is vulnerable t ...)
+ TODO: check
+CVE-2024-2466 (libcurl did not check the server certificate of TLS connections done t ...)
+ TODO: check
+CVE-2024-2398 (When an application tells libcurl it wants to allow HTTP/2 server push ...)
+ TODO: check
+CVE-2024-2379 (libcurl skips the certificate verification for a QUIC connection under ...)
+ TODO: check
+CVE-2024-2244 (REST service authentication anomaly with \u201cvalid username/no passw ...)
+ TODO: check
+CVE-2024-2210 (The The Plus Addons for Elementor plugin for WordPress is vulnerable t ...)
+ TODO: check
+CVE-2024-2209 (A user with administrative privileges can create a compromised dll fil ...)
+ TODO: check
+CVE-2024-2206 (The /proxy route allows a user to proxy arbitrary urls including poten ...)
+ TODO: check
+CVE-2024-2203 (The The Plus Addons for Elementor plugin for WordPress is vulnerable t ...)
+ TODO: check
+CVE-2024-2139 (The Master Addons for Elementor plugin for WordPress is vulnerable to ...)
+ TODO: check
+CVE-2024-2121 (The Elementor Website Builder Pro plugin for WordPress is vulnerable t ...)
+ TODO: check
+CVE-2024-2120 (The Elementor Website Builder \u2013 More than Just a Page Builder plu ...)
+ TODO: check
+CVE-2024-2097 (Authenticated List control client can execute the LINQ query in SCM Se ...)
+ TODO: check
+CVE-2024-2004 (When a protocol selection parameter option disables all protocols with ...)
+ TODO: check
+CVE-2024-29928 (Improper Neutralization of Input During Web Page Generation ('Cross-si ...)
+ TODO: check
+CVE-2024-29927 (Improper Neutralization of Input During Web Page Generation ('Cross-si ...)
+ TODO: check
+CVE-2024-29926 (Improper Neutralization of Input During Web Page Generation ('Cross-si ...)
+ TODO: check
+CVE-2024-29925 (Improper Neutralization of Input During Web Page Generation ('Cross-si ...)
+ TODO: check
+CVE-2024-29924 (Improper Neutralization of Input During Web Page Generation ('Cross-si ...)
+ TODO: check
+CVE-2024-29923 (Improper Neutralization of Input During Web Page Generation ('Cross-si ...)
+ TODO: check
+CVE-2024-29922 (Improper Neutralization of Input During Web Page Generation ('Cross-si ...)
+ TODO: check
+CVE-2024-29921 (Improper Neutralization of Input During Web Page Generation ('Cross-si ...)
+ TODO: check
+CVE-2024-29920 (Improper Neutralization of Input During Web Page Generation ('Cross-si ...)
+ TODO: check
+CVE-2024-29919 (Improper Neutralization of Input During Web Page Generation ('Cross-si ...)
+ TODO: check
+CVE-2024-29918 (Improper Neutralization of Input During Web Page Generation ('Cross-si ...)
+ TODO: check
+CVE-2024-29917 (Improper Neutralization of Input During Web Page Generation ('Cross-si ...)
+ TODO: check
+CVE-2024-29915 (Improper Neutralization of Input During Web Page Generation ('Cross-si ...)
+ TODO: check
+CVE-2024-29914 (Improper Neutralization of Input During Web Page Generation ('Cross-si ...)
+ TODO: check
+CVE-2024-29913 (Improper Neutralization of Input During Web Page Generation ('Cross-si ...)
+ TODO: check
+CVE-2024-29912 (Improper Neutralization of Input During Web Page Generation ('Cross-si ...)
+ TODO: check
+CVE-2024-29911 (Improper Neutralization of Input During Web Page Generation ('Cross-si ...)
+ TODO: check
+CVE-2024-29910 (Improper Neutralization of Input During Web Page Generation ('Cross-si ...)
+ TODO: check
+CVE-2024-29909 (Improper Neutralization of Input During Web Page Generation ('Cross-si ...)
+ TODO: check
+CVE-2024-29908 (Improper Neutralization of Input During Web Page Generation ('Cross-si ...)
+ TODO: check
+CVE-2024-29907 (Improper Neutralization of Input During Web Page Generation ('Cross-si ...)
+ TODO: check
+CVE-2024-29906 (Improper Neutralization of Input During Web Page Generation ('Cross-si ...)
+ TODO: check
+CVE-2024-29820 (Improper Neutralization of Input During Web Page Generation ('Cross-si ...)
+ TODO: check
+CVE-2024-28815 (A vulnerability in the BluStar component of Mitel InAttend 2.6 SP4 thr ...)
+ TODO: check
+CVE-2024-28551 (Tenda AC18 V15.03.05.05 has a stack overflow vulnerability in the ssid ...)
+ TODO: check
+CVE-2024-28545 (Tenda AC18 V15.03.05.05 contains a command injection vulnerablility in ...)
+ TODO: check
+CVE-2024-28335 (Lektor before 3.3.11 does not sanitize DB path traversal. Thus, shell ...)
+ TODO: check
+CVE-2024-27521 (TOTOLINK A3300R V17.0.0cu.557_B20221024 was discovered to contain an u ...)
+ TODO: check
+CVE-2024-27188 (Improper Neutralization of Input During Web Page Generation ('Cross-si ...)
+ TODO: check
+CVE-2024-26577 (VSeeFace through 1.13.38.c2 allows attackers to cause a denial of serv ...)
+ TODO: check
+CVE-2024-26303 (Authenticated Denial of Service Vulnerability in ArubaOS-Switch SSH Da ...)
+ TODO: check
+CVE-2024-25926 (Improper Neutralization of Input During Web Page Generation ('Cross-si ...)
+ TODO: check
+CVE-2024-25920 (Improper Neutralization of Input During Web Page Generation ('Cross-si ...)
+ TODO: check
+CVE-2024-25736 (An issue was discovered on WyreStorm Apollo VX20 devices before 1.3.58 ...)
+ TODO: check
+CVE-2024-25735 (An issue was discovered on WyreStorm Apollo VX20 devices before 1.3.58 ...)
+ TODO: check
+CVE-2024-25734 (An issue was discovered on WyreStorm Apollo VX20 devices before 1.3.58 ...)
+ TODO: check
+CVE-2024-25421 (An issue in Ignite Realtime Openfire v.4.9.0 and before allows a remot ...)
+ TODO: check
+CVE-2024-25420 (An issue in Ignite Realtime Openfire v.4.9.0 and before allows a remot ...)
+ TODO: check
+CVE-2024-25138 (In AutomationDirect C-MORE EA9 HMI, credentials used by the platform ...)
+ TODO: check
+CVE-2024-25137 (In AutomationDirect C-MORE EA9 HMI there is a program that copies a bu ...)
+ TODO: check
+CVE-2024-25136 (There is a function in AutomationDirect C-MORE EA9 HMI that allows an ...)
+ TODO: check
+CVE-2024-24842 (Deserialization of Untrusted Data vulnerability in Echo Plugins Knowle ...)
+ TODO: check
+CVE-2024-24800 (Improper Neutralization of Input During Web Page Generation ('Cross-si ...)
+ TODO: check
+CVE-2024-24700 (Improper Neutralization of Input During Web Page Generation ('Cross-si ...)
+ TODO: check
+CVE-2024-22311 (Improper Neutralization of Input During Web Page Generation ('Cross-si ...)
+ TODO: check
+CVE-2024-22300 (Improper Neutralization of Input During Web Page Generation ('Cross-si ...)
+ TODO: check
+CVE-2024-22299 (Improper Neutralization of Input During Web Page Generation ('Cross-si ...)
+ TODO: check
+CVE-2024-22288 (Improper Neutralization of Input During Web Page Generation ('Cross-si ...)
+ TODO: check
+CVE-2024-22149 (Improper Neutralization of Input During Web Page Generation ('Cross-si ...)
+ TODO: check
+CVE-2024-1532 (A vulnerability exists in the stb-language file handling that affects ...)
+ TODO: check
+CVE-2024-1531 (A vulnerability exists in the stb-language file handling that affects ...)
+ TODO: check
+CVE-2024-1521 (The Elementor Website Builder Pro plugin for WordPress is vulnerable t ...)
+ TODO: check
+CVE-2024-1364 (The Elementor Website Builder Pro plugin for WordPress is vulnerable t ...)
+ TODO: check
+CVE-2024-0400 (SCM Software is a client and server application. An Authenticated Syst ...)
+ TODO: check
+CVE-2023-52228 (Improper Neutralization of Input During Web Page Generation ('Cross-si ...)
+ TODO: check
+CVE-2023-51148 (An issue in TRENDnet Trendnet AC1200 Dual Band PoE Indoor Wireless Acc ...)
+ TODO: check
+CVE-2023-51147 (Buffer Overflow vulnerability in TRENDnet Trendnet AC1200 TEW-821DAP w ...)
+ TODO: check
+CVE-2023-51146 (Buffer Overflow vulnerability in TRENDnet AC1200 TEW-821DAP with firmw ...)
+ TODO: check
+CVE-2023-50702 (Sikka SSCWindowsService 5 2023-09-14 executes a program as LocalSystem ...)
+ TODO: check
+CVE-2023-49815 (Unrestricted Upload of File with Dangerous Type vulnerability in WappP ...)
+ TODO: check
+CVE-2023-48777 (Unrestricted Upload of File with Dangerous Type vulnerability in Eleme ...)
+ TODO: check
+CVE-2023-48275 (Unrestricted Upload of File with Dangerous Type vulnerability in Trust ...)
+ TODO: check
+CVE-2023-47873 (Unrestricted Upload of File with Dangerous Type vulnerability in WEN S ...)
+ TODO: check
+CVE-2023-47846 (Unrestricted Upload of File with Dangerous Type vulnerability in Terry ...)
+ TODO: check
+CVE-2023-47842 (Unrestricted Upload of File with Dangerous Type vulnerability in Zacha ...)
+ TODO: check
+CVE-2023-46052 (Sane 1.2.1 heap bounds overwrite in init_options() from backend/test.c ...)
+ TODO: check
+CVE-2023-46051 (TeX Live 944e257 allows a NULL pointer dereference in texk/web2c/pdfte ...)
+ TODO: check
+CVE-2023-46049 (LLVM 15.0.0 has a NULL pointer dereference in the parseOneMetadata() f ...)
+ TODO: check
+CVE-2023-46048 (Tex Live 944e257 has a NULL pointer dereference in texk/web2c/pdftexdi ...)
+ TODO: check
+CVE-2023-46047 (An issue in Sane 1.2.1 allows a local attacker to execute arbitrary co ...)
+ TODO: check
+CVE-2023-46046 (An issue in MiniZinc before 2.8.0 allows a NULL pointer dereference vi ...)
+ TODO: check
+CVE-2023-45935 (Qt 6 through 6.6 was discovered to contain a NULL pointer dereference ...)
+ TODO: check
+CVE-2023-45931 (Mesa 23.0.4 was discovered to contain a NULL pointer dereference in ch ...)
+ TODO: check
+CVE-2023-45929 (S-Lang 2.3.2 was discovered to contain a segmentation fault via the fu ...)
+ TODO: check
+CVE-2023-45927 (S-Lang 2.3.2 was discovered to contain an arithmetic exception via the ...)
+ TODO: check
+CVE-2023-45925 (GNU Midnight Commander 4.8.29-146-g299d9a2fb was discovered to contain ...)
+ TODO: check
+CVE-2023-45924 (libglxproto.c in OpenGL libglvnd bb06db5a was discovered to contain a ...)
+ TODO: check
+CVE-2023-45922 (glx_pbuffer.c in Mesa 23.0.4 was discovered to contain a segmentation ...)
+ TODO: check
+CVE-2023-45920 (Xfig v3.2.8 was discovered to contain a NULL pointer dereference when ...)
+ TODO: check
+CVE-2023-45919 (Mesa 23.0.4 was discovered to contain a buffer over-read in glXQuerySe ...)
+ TODO: check
+CVE-2023-45913 (Mesa v23.0.4 was discovered to contain a NULL pointer dereference via ...)
+ TODO: check
+CVE-2023-43768 (An issue was discovered in Couchbase Server 6.6.x through 7.2.0, befor ...)
+ TODO: check
+CVE-2023-40290 (An issue was discovered on Supermicro X11SSM-F, X11SAE-F, and X11SSE-F ...)
+ TODO: check
+CVE-2023-40289 (A command injection issue was discovered on Supermicro X11SSM-F, X11SA ...)
+ TODO: check
+CVE-2023-40288 (An issue was discovered on Supermicro X11SSM-F, X11SAE-F, and X11SSE-F ...)
+ TODO: check
+CVE-2023-40287 (An issue was discovered on Supermicro X11SSM-F, X11SAE-F, and X11SSE-F ...)
+ TODO: check
+CVE-2023-40286 (An issue was discovered on Supermicro X11SSM-F, X11SAE-F, and X11SSE-F ...)
+ TODO: check
+CVE-2023-40285 (An issue was discovered on Supermicro X11SSM-F, X11SAE-F, and X11SSE-F ...)
+ TODO: check
+CVE-2023-40284 (An issue was discovered on Supermicro X11SSM-F, X11SAE-F, and X11SSE-F ...)
+ TODO: check
+CVE-2023-39307 (Unrestricted Upload of File with Dangerous Type vulnerability in Theme ...)
+ TODO: check
+CVE-2023-39306 (Improper Neutralization of Input During Web Page Generation ('Cross-si ...)
+ TODO: check
+CVE-2023-38388 (Unrestricted Upload of File with Dangerous Type vulnerability in Artbe ...)
+ TODO: check
+CVE-2023-31854 (std::bad_alloc is mishandled in Precomp 0.4.8. NOTE: this is disputed ...)
+ TODO: check
+CVE-2023-31634 (In TeslaMate before 1.27.2, there is unauthorized access to port 4000 ...)
+ TODO: check
+CVE-2017-20190 (Some Microsoft technologies as used in Windows 8 through 11 allow a te ...)
+ TODO: check
CVE-2024-22029
- tomcat10 <not-affected> (SUSE specfic packaging issue on /usr/share/tomcat/tomcat-webapps permissions)
- tomcat9 <not-affected> (SUSE specfic packaging issue on /usr/share/tomcat/tomcat-webapps permissions)
@@ -174,19 +454,19 @@ CVE-2023-33322 (Improper Neutralization of Input During Web Page Generation ('Cr
NOT-FOR-US: WordPress plugin
CVE-2023-32237 (Improper Neutralization of Input During Web Page Generation ('Cross-si ...)
NOT-FOR-US: WordPress theme
-CVE-2024-2887
+CVE-2024-2887 (Type Confusion in WebAssembly in Google Chrome prior to 123.0.6312.86 ...)
- chromium <unfixed>
[bullseye] - chromium <end-of-life> (see #1061268)
[buster] - chromium <end-of-life> (see DSA 5046)
-CVE-2024-2886
+CVE-2024-2886 (Use after free in WebCodecs in Google Chrome prior to 123.0.6312.86 al ...)
- chromium <unfixed>
[bullseye] - chromium <end-of-life> (see #1061268)
[buster] - chromium <end-of-life> (see DSA 5046)
-CVE-2024-2885
+CVE-2024-2885 (Use after free in Dawn in Google Chrome prior to 123.0.6312.86 allowed ...)
- chromium <unfixed>
[bullseye] - chromium <end-of-life> (see #1061268)
[buster] - chromium <end-of-life> (see DSA 5046)
-CVE-2024-2883
+CVE-2024-2883 (Use after free in ANGLE in Google Chrome prior to 123.0.6312.86 allowe ...)
- chromium <unfixed>
[bullseye] - chromium <end-of-life> (see #1061268)
[buster] - chromium <end-of-life> (see DSA 5046)
@@ -2982,25 +3262,25 @@ CVE-2023-32633 (Improper input validation in the Intel(R) CSME installer softwar
NOT-FOR-US: Intel
CVE-2023-28389 (Incorrect default permissions in some Intel(R) CSME installer software ...)
NOT-FOR-US: Intel
-CVE-2024-25395
+CVE-2024-25395 (A buffer overflow occurs in utilities/rt-link/src/rtlink.c in RT-Threa ...)
NOT-FOR-US: RT-Thread
-CVE-2024-25394
+CVE-2024-25394 (A buffer overflow occurs in utilities/ymodem/ry_sy.c in RT-Thread thro ...)
NOT-FOR-US: RT-Thread
-CVE-2024-25393
+CVE-2024-25393 (A stack buffer overflow occurs in net/at/src/at_server.c in RT-Thread ...)
NOT-FOR-US: RT-Thread
-CVE-2024-25392
+CVE-2024-25392 (An out-of-bounds access occurs in utilities/var_export/var_export.c in ...)
NOT-FOR-US: RT-Thread
-CVE-2024-25391
+CVE-2024-25391 (A stack buffer overflow occurs in libc/posix/ipc/mqueue.c in RT-Thread ...)
NOT-FOR-US: RT-Thread
-CVE-2024-25390
+CVE-2024-25390 (A heap buffer overflow occurs in finsh/msh_file.c and finsh/msh.c in R ...)
NOT-FOR-US: RT-Thread
-CVE-2024-25388
+CVE-2024-25388 (drivers/wlan/wlan_mgmt,c in RT-Thread through 5.0.2 has an integer sig ...)
NOT-FOR-US: RT-Thread
-CVE-2024-25389
+CVE-2024-25389 (RT-Thread through 5.0.2 generates random numbers with a weak algorithm ...)
NOT-FOR-US: RT-Thread
-CVE-2024-24335
+CVE-2024-24335 (A heap buffer overflow occurs in the dfs_v2 romfs filesystem RT-Thread ...)
NOT-FOR-US: RT-Thread
-CVE-2024-24334
+CVE-2024-24334 (A heap buffer overflow occurs in dfs_v2 dfs_file in RT-Thread through ...)
NOT-FOR-US: RT-Thread
CVE-2024-28746 (Apache Airflow, versions 2.8.0 through 2.8.2, has a vulnerability that ...)
- airflow <itp> (bug #819700)
@@ -4438,6 +4718,7 @@ CVE-2024-23254 (The issue was addressed with improved UI handling. This issue is
CVE-2024-23253 (A permissions issue was addressed with additional restrictions. This i ...)
NOT-FOR-US: Apple
CVE-2024-23252
+ REJECTED
- webkit2gtk 2.44.0-1
[buster] - webkit2gtk <end-of-life> (EOL in buster LTS)
- wpewebkit <unfixed>
@@ -8471,6 +8752,7 @@ CVE-2024-26594 (In the Linux kernel, the following vulnerability has been resolv
[buster] - linux <not-affected> (Vulnerable code not present)
NOTE: https://git.kernel.org/linus/92e470163d96df8db6c4fa0f484e4a229edb903d (6.8-rc1)
CVE-2024-22025 (A vulnerability in Node.js has been identified, allowing for a Denial ...)
+ {DLA-3776-1}
- nodejs 18.19.1+dfsg-1
NOTE: https://nodejs.org/en/blog/release/v18.19.1
NOTE: https://github.com/nodejs/node/commit/f31d47e135973746c4f490d5eb635eded8bb3dda (v18.x)
@@ -9997,7 +10279,7 @@ CVE-2023-52161 (The Access Point functionality in eapol_auth_key_handle in eapol
NOTE: https://git.kernel.org/pub/scm/network/wireless/iwd.git/commit/?id=6415420f1c92012f64063c131480ffcef58e60ca (2.14)
CVE-2024-0793
NOT-FOR-US: kube-controller-manager
-CVE-2024-25580 [QT KTX buffer overflow]
+CVE-2024-25580 (An issue was discovered in gui/util/qktxhandler.cpp in Qt before 5.15. ...)
[experimental] - qt6-base 6.6.2+dfsg-1
- qt6-base <unfixed> (bug #1064052)
[bookworm] - qt6-base <no-dsa> (Minor issue)
@@ -10084,6 +10366,7 @@ CVE-2024-21891 (Node.js depends on multiple built-in utility functions to normal
- nodejs <not-affected> (Only affects 20.x and later)
NOTE: https://nodejs.org/en/blog/vulnerability/february-2024-security-releases/#multiple-permission-model-bypasses-due-to-improper-path-traversal-sequence-sanitization-cve-2024-21891---medium
CVE-2023-46809
+ {DLA-3776-1}
- nodejs 18.19.1+dfsg-1 (bug #1064055)
NOTE: https://nodejs.org/en/blog/vulnerability/february-2024-security-releases/#nodejs-is-vulnerable-to-the-marvin-attack-timing-variant-of-the-bleichenbacher-attack-against-pkcs1-v15-padding-cve-2023-46809---medium
NOTE: https://github.com/nodejs/node/commit/d3d357ab096884f10f5d2f164149727eea875635 (v18.x)
@@ -13785,7 +14068,7 @@ CVE-2023-45923
REJECTED
CVE-2023-37571 (Softing TH SCOPE through 3.70 allows XSS.)
NOT-FOR-US: Softing TH SCOPE
-CVE-2024-1023
+CVE-2024-1023 (A vulnerability in the Eclipse Vert.x toolkit results in a memory leak ...)
NOT-FOR-US: Eclipse Vertx
CVE-2024-24141 (Sourcecodester School Task Manager App 1.0 allows SQL Injection via th ...)
NOT-FOR-US: Sourcecodester School Task Manager App
@@ -23524,7 +23807,7 @@ CVE-2023-6356 (A flaw was found in the Linux kernel's NVMe driver. This issue ma
[bookworm] - linux 6.1.76-1
[bullseye] - linux 5.10.209-1
NOTE: https://bugzilla.redhat.com/show_bug.cgi?id=2254054
-CVE-2023-39804 [Incorrectly handled extension attributes in PAX archives can lead to a crash]
+CVE-2023-39804 (In GNU tar before 1.35, mishandled extension attributes in a PAX archi ...)
{DLA-3755-1}
- tar 1.34+dfsg-1.3 (bug #1058079)
[bookworm] - tar 1.34+dfsg-1.2+deb12u1
@@ -56737,7 +57020,7 @@ CVE-2023-30592
CVE-2023-30591 (Denial-of-service in NodeBB <= v2.8.10 allows unauthenticated attacker ...)
NOT-FOR-US: NodeBB
CVE-2023-30590 (The generateKeys() API function returned from crypto.createDiffieHellm ...)
- {DSA-5589-1}
+ {DSA-5589-1 DLA-3776-1}
- nodejs 18.13.0+dfsg1-1.1 (bug #1039990)
[bullseye] - nodejs <ignored> (Minor issue, only updates documentation to clarify an API)
NOTE: https://nodejs.org/en/blog/vulnerability/june-2023-security-releases#diffiehellman-do-not-generate-keys-after-setting-a-private-key-medium-cve-2023-30590
@@ -60250,8 +60533,8 @@ CVE-2023-29388 (Unauth. Reflected Cross-Site Scripting (XSS) vulnerability in im
NOT-FOR-US: WordPress plugin
CVE-2023-29387 (Auth. (contributor+) Stored Cross-Site Scripting (XSS) vulnerability i ...)
NOT-FOR-US: WordPress plugin
-CVE-2023-29386
- RESERVED
+CVE-2023-29386 (Unrestricted Upload of File with Dangerous Type vulnerability in Julie ...)
+ TODO: check
CVE-2023-29385 (Unauth. Reflected Cross-Site Scripting (XSS) vulnerability in Kevon Ad ...)
NOT-FOR-US: WordPress plugin
CVE-2023-29384 (Unrestricted Upload of File with Dangerous Type vulnerability in HM Pl ...)
@@ -61071,8 +61354,7 @@ CVE-2023-29136
CVE-2023-29135
RESERVED
NOT-FOR-US: CheckUser MediaWiki extension
-CVE-2023-29134
- RESERVED
+CVE-2023-29134 (An issue was discovered in the Cargo extension for MediaWiki through 1 ...)
NOT-FOR-US: Cargo MediaWiki extension
CVE-2023-29133
RESERVED
@@ -62317,8 +62599,8 @@ CVE-2023-28789 (Unauth. Reflected Cross-Site Scripting (XSS) vulnerability in Ci
NOT-FOR-US: WordPress plugin
CVE-2023-28788 (Improper Neutralization of Special Elements used in an SQL Command ('S ...)
NOT-FOR-US: WordPress plugin
-CVE-2023-28787
- RESERVED
+CVE-2023-28787 (Improper Neutralization of Special Elements used in an SQL Command ('S ...)
+ TODO: check
CVE-2023-28786 (URL Redirection to Untrusted Site ('Open Redirect') vulnerability in S ...)
NOT-FOR-US: WordPress plugin
CVE-2023-28785 (Auth. (contributor+) Stored Cross-Site Scripting (XSS) vulnerability i ...)
@@ -62700,8 +62982,8 @@ CVE-2023-28689
RESERVED
CVE-2023-28688
RESERVED
-CVE-2023-28687
- RESERVED
+CVE-2023-28687 (Improper Neutralization of Input During Web Page Generation ('Cross-si ...)
+ TODO: check
CVE-2023-1551
RESERVED
CVE-2023-1550 (Insertion of Sensitive Information into log file vulnerability in NGIN ...)
@@ -73105,8 +73387,8 @@ CVE-2023-25366 (In Siglent SDS 1104X-E SDS1xx4X-E_V6.1.37R9.ADS, insecure SCPI i
NOT-FOR-US: Siglent SDS 1104X-E SDS1xx4X-E_V6.1.37R9.ADS
CVE-2023-25365 (Cross Site Scripting vulnerability found in October CMS v.3.2.0 allows ...)
NOT-FOR-US: October CMS
-CVE-2023-25364
- RESERVED
+CVE-2023-25364 (Opswat Metadefender Core before 5.2.1 does not properly defend against ...)
+ TODO: check
CVE-2023-25363 (A use-after-free vulnerability in WebCore::RenderLayer::updateDescenda ...)
{DSA-5241-1 DSA-5240-1 DLA-3124-1}
- webkit2gtk 2.38.0-1
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/eb60c7f7affed1242de87a332fca030cc2432617
--
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/eb60c7f7affed1242de87a332fca030cc2432617
You're receiving this email because of your account on salsa.debian.org.
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://alioth-lists.debian.net/pipermail/debian-security-tracker-commits/attachments/20240327/38fdb8c7/attachment-0001.htm>