[Git][security-tracker-team/security-tracker][master] automatic update
Salvatore Bonaccorso (@carnil)
carnil at debian.org
Wed Mar 27 20:12:48 GMT 2024
Salvatore Bonaccorso pushed to branch master at Debian Security Tracker / security-tracker
Commits:
75bcd492 by security tracker role at 2024-03-27T20:12:37+00:00
automatic update
- - - - -
1 changed file:
- data/CVE/list
Changes:
=====================================
data/CVE/list
=====================================
@@ -1,17 +1,287 @@
-CVE-2024-28085 [escape sequence Injection in wall]
+CVE-2024-30238 (Improper Neutralization of Special Elements used in an SQL Command ('S ...)
+ TODO: check
+CVE-2024-30186 (Improper Neutralization of Input During Web Page Generation ('Cross-si ...)
+ TODO: check
+CVE-2024-30185 (Improper Neutralization of Input During Web Page Generation ('Cross-si ...)
+ TODO: check
+CVE-2024-30184 (Improper Neutralization of Input During Web Page Generation ('Cross-si ...)
+ TODO: check
+CVE-2024-30183 (Improper Neutralization of Input During Web Page Generation ('Cross-si ...)
+ TODO: check
+CVE-2024-30182 (Improper Neutralization of Input During Web Page Generation ('Cross-si ...)
+ TODO: check
+CVE-2024-30181 (Improper Neutralization of Input During Web Page Generation ('Cross-si ...)
+ TODO: check
+CVE-2024-30180 (Improper Neutralization of Input During Web Page Generation ('Cross-si ...)
+ TODO: check
+CVE-2024-30179 (Improper Neutralization of Input During Web Page Generation ('Cross-si ...)
+ TODO: check
+CVE-2024-30178 (Improper Neutralization of Input During Web Page Generation ('Cross-si ...)
+ TODO: check
+CVE-2024-30177 (Improper Neutralization of Input During Web Page Generation ('Cross-si ...)
+ TODO: check
+CVE-2024-2996 (A vulnerability was found in Bdtask Multi-Store Inventory Management S ...)
+ TODO: check
+CVE-2024-2995 (A vulnerability was found in NUUO Camera up to 20240319 and classified ...)
+ TODO: check
+CVE-2024-2994 (A vulnerability was found in Tenda FH1203 2.0.1.6. It has been declare ...)
+ TODO: check
+CVE-2024-2993 (A vulnerability was found in Tenda FH1203 2.0.1.6. It has been classif ...)
+ TODO: check
+CVE-2024-2992 (A vulnerability was found in Tenda FH1203 2.0.1.6 and classified as cr ...)
+ TODO: check
+CVE-2024-2991 (A vulnerability has been found in Tenda FH1203 2.0.1.6 and classified ...)
+ TODO: check
+CVE-2024-2990 (A vulnerability, which was classified as critical, was found in Tenda ...)
+ TODO: check
+CVE-2024-2989 (A vulnerability, which was classified as critical, has been found in T ...)
+ TODO: check
+CVE-2024-2988 (A vulnerability classified as critical was found in Tenda FH1203 2.0.1 ...)
+ TODO: check
+CVE-2024-2987 (A vulnerability classified as critical has been found in Tenda FH1202 ...)
+ TODO: check
+CVE-2024-2986 (A vulnerability was found in Tenda FH1202 1.2.0.14(408). It has been r ...)
+ TODO: check
+CVE-2024-2985 (A vulnerability was found in Tenda FH1202 1.2.0.14(408). It has been d ...)
+ TODO: check
+CVE-2024-2984 (A vulnerability was found in Tenda FH1202 1.2.0.14(408). It has been c ...)
+ TODO: check
+CVE-2024-2983 (A vulnerability was found in Tenda FH1202 1.2.0.14(408) and classified ...)
+ TODO: check
+CVE-2024-2982 (A vulnerability has been found in Tenda FH1202 1.2.0.14(408) and class ...)
+ TODO: check
+CVE-2024-2981 (A vulnerability, which was classified as critical, was found in Tenda ...)
+ TODO: check
+CVE-2024-2980 (A vulnerability, which was classified as critical, has been found in T ...)
+ TODO: check
+CVE-2024-2979 (A vulnerability classified as critical was found in Tenda F1203 2.0.1. ...)
+ TODO: check
+CVE-2024-2978 (A vulnerability classified as critical has been found in Tenda F1203 2 ...)
+ TODO: check
+CVE-2024-2977 (A vulnerability was found in Tenda F1203 2.0.1.6. It has been rated as ...)
+ TODO: check
+CVE-2024-2976 (A vulnerability was found in Tenda F1203 2.0.1.6. It has been declared ...)
+ TODO: check
+CVE-2024-2962 (The Networker - Tech News WordPress Theme with Dark Mode theme for Wor ...)
+ TODO: check
+CVE-2024-29946 (In Splunk Enterprise versions below 9.2.1, 9.1.4, and 9.0.9, the Dashb ...)
+ TODO: check
+CVE-2024-29945 (In Splunk Enterprise versions below 9.2.1, 9.1.4, and 9.0.9, the softw ...)
+ TODO: check
+CVE-2024-29936 (Improper Neutralization of Input During Web Page Generation ('Cross-si ...)
+ TODO: check
+CVE-2024-29935 (Improper Neutralization of Input During Web Page Generation ('Cross-si ...)
+ TODO: check
+CVE-2024-29934 (Improper Neutralization of Input During Web Page Generation ('Cross-si ...)
+ TODO: check
+CVE-2024-29933 (Improper Neutralization of Input During Web Page Generation ('Cross-si ...)
+ TODO: check
+CVE-2024-29932 (Improper Neutralization of Input During Web Page Generation ('Cross-si ...)
+ TODO: check
+CVE-2024-29931 (Improper Neutralization of Input During Web Page Generation ('Cross-si ...)
+ TODO: check
+CVE-2024-29930 (Improper Neutralization of Input During Web Page Generation ('Cross-si ...)
+ TODO: check
+CVE-2024-29929 (Improper Neutralization of Input During Web Page Generation ('Cross-si ...)
+ TODO: check
+CVE-2024-29892 (ZITADEL, open source authentication management software, uses Go templ ...)
+ TODO: check
+CVE-2024-29891 (ZITADEL users can upload their own avatar image and various image type ...)
+ TODO: check
+CVE-2024-29888 (Saleor is an e-commerce platform that serves high-volume companies. Wh ...)
+ TODO: check
+CVE-2024-29887 (Serverpod is an app and web server, built for the Flutter and Dart eco ...)
+ TODO: check
+CVE-2024-29886 (Serverpod is an app and web server, built for the Flutter and Dart eco ...)
+ TODO: check
+CVE-2024-29819 (Improper Neutralization of Input During Web Page Generation ('Cross-si ...)
+ TODO: check
+CVE-2024-29818 (Improper Neutralization of Input During Web Page Generation ('Cross-si ...)
+ TODO: check
+CVE-2024-29817 (Improper Neutralization of Input During Web Page Generation ('Cross-si ...)
+ TODO: check
+CVE-2024-29816 (Improper Neutralization of Input During Web Page Generation ('Cross-si ...)
+ TODO: check
+CVE-2024-29815 (Improper Neutralization of Input During Web Page Generation ('Cross-si ...)
+ TODO: check
+CVE-2024-29814 (Improper Neutralization of Input During Web Page Generation ('Cross-si ...)
+ TODO: check
+CVE-2024-29813 (Improper Neutralization of Input During Web Page Generation ('Cross-si ...)
+ TODO: check
+CVE-2024-29812 (Improper Neutralization of Input During Web Page Generation ('Cross-si ...)
+ TODO: check
+CVE-2024-29811 (Improper Neutralization of Input During Web Page Generation ('Cross-si ...)
+ TODO: check
+CVE-2024-29807 (Improper Neutralization of Input During Web Page Generation ('Cross-si ...)
+ TODO: check
+CVE-2024-29806 (Improper Neutralization of Input During Web Page Generation ('Cross-si ...)
+ TODO: check
+CVE-2024-29805 (Improper Neutralization of Input During Web Page Generation ('Cross-si ...)
+ TODO: check
+CVE-2024-29804 (Improper Neutralization of Input During Web Page Generation ('Cross-si ...)
+ TODO: check
+CVE-2024-29803 (Improper Neutralization of Input During Web Page Generation ('Cross-si ...)
+ TODO: check
+CVE-2024-29802 (Improper Neutralization of Input During Web Page Generation ('Cross-si ...)
+ TODO: check
+CVE-2024-29801 (Improper Neutralization of Input During Web Page Generation ('Cross-si ...)
+ TODO: check
+CVE-2024-29799 (Improper Neutralization of Input During Web Page Generation ('Cross-si ...)
+ TODO: check
+CVE-2024-29798 (Improper Neutralization of Input During Web Page Generation ('Cross-si ...)
+ TODO: check
+CVE-2024-29797 (Improper Neutralization of Input During Web Page Generation ('Cross-si ...)
+ TODO: check
+CVE-2024-29796 (Improper Neutralization of Input During Web Page Generation ('Cross-si ...)
+ TODO: check
+CVE-2024-29795 (Improper Neutralization of Input During Web Page Generation ('Cross-si ...)
+ TODO: check
+CVE-2024-29794 (Improper Neutralization of Input During Web Page Generation ('Cross-si ...)
+ TODO: check
+CVE-2024-29793 (Improper Neutralization of Input During Web Page Generation ('Cross-si ...)
+ TODO: check
+CVE-2024-29792 (Improper Neutralization of Input During Web Page Generation ('Cross-si ...)
+ TODO: check
+CVE-2024-29791 (Improper Neutralization of Input During Web Page Generation ('Cross-si ...)
+ TODO: check
+CVE-2024-29790 (Improper Neutralization of Input During Web Page Generation ('Cross-si ...)
+ TODO: check
+CVE-2024-29789 (Improper Neutralization of Input During Web Page Generation ('Cross-si ...)
+ TODO: check
+CVE-2024-29788 (Improper Neutralization of Input During Web Page Generation ('Cross-si ...)
+ TODO: check
+CVE-2024-29777 (Improper Neutralization of Input During Web Page Generation ('Cross-si ...)
+ TODO: check
+CVE-2024-29776 (Cross Site Scripting (XSS) vulnerability in Metagauss EventPrime.This ...)
+ TODO: check
+CVE-2024-29775 (Improper Neutralization of Input During Web Page Generation ('Cross-si ...)
+ TODO: check
+CVE-2024-29774 (Improper Neutralization of Input During Web Page Generation ('Cross-si ...)
+ TODO: check
+CVE-2024-29773 (Cross-Site Request Forgery (CSRF) vulnerability in BizSwoop a CPF Conc ...)
+ TODO: check
+CVE-2024-29772 (Improper Neutralization of Input During Web Page Generation ('Cross-si ...)
+ TODO: check
+CVE-2024-29771 (Improper Neutralization of Input During Web Page Generation ('Cross-si ...)
+ TODO: check
+CVE-2024-29770 (Improper Neutralization of Input During Web Page Generation ('Cross-si ...)
+ TODO: check
+CVE-2024-29769 (Improper Neutralization of Input During Web Page Generation ('Cross-si ...)
+ TODO: check
+CVE-2024-29768 (Improper Neutralization of Input During Web Page Generation ('Cross-si ...)
+ TODO: check
+CVE-2024-29767 (Improper Neutralization of Input During Web Page Generation ('Cross-si ...)
+ TODO: check
+CVE-2024-29766 (Improper Neutralization of Input During Web Page Generation ('Cross-si ...)
+ TODO: check
+CVE-2024-29765 (Improper Neutralization of Input During Web Page Generation ('Cross-si ...)
+ TODO: check
+CVE-2024-29764 (Improper Neutralization of Input During Web Page Generation ('Cross-si ...)
+ TODO: check
+CVE-2024-29763 (Improper Neutralization of Input During Web Page Generation ('Cross-si ...)
+ TODO: check
+CVE-2024-29762 (Improper Neutralization of Input During Web Page Generation ('Cross-si ...)
+ TODO: check
+CVE-2024-29761 (Improper Neutralization of Input During Web Page Generation ('Cross-si ...)
+ TODO: check
+CVE-2024-29760 (Improper Neutralization of Input During Web Page Generation ('Cross-si ...)
+ TODO: check
+CVE-2024-29759 (Improper Neutralization of Input During Web Page Generation ('Cross-si ...)
+ TODO: check
+CVE-2024-29758 (Improper Neutralization of Input During Web Page Generation ('Cross-si ...)
+ TODO: check
+CVE-2024-28860 (Cilium is a networking, observability, and security solution with an e ...)
+ TODO: check
+CVE-2024-28853 (Ampache is a web based audio/video streaming application and file mana ...)
+ TODO: check
+CVE-2024-28852 (Ampache is a web based audio/video streaming application and file mana ...)
+ TODO: check
+CVE-2024-28784 (IBM QRadar SIEM 7.5 is vulnerable to cross-site scripting. This vulner ...)
+ TODO: check
+CVE-2024-28247 (The Pi-hole is a DNS sinkhole that protects your devices from unwanted ...)
+ TODO: check
+CVE-2024-28233 (JupyterHub is an open source multi-user server for Jupyter notebooks. ...)
+ TODO: check
+CVE-2024-27270 (IBM WebSphere Application Server Liberty 23.0.0.3 through 24.0.0.3 is ...)
+ TODO: check
+CVE-2024-27091 (GeoNode is a geospatial content management system, a platform for the ...)
+ TODO: check
+CVE-2024-25962 (Dell InsightIQ, version 5.0, contains an improper access control vulne ...)
+ TODO: check
+CVE-2024-23515 (Cross-Site Request Forgery (CSRF) vulnerability in Cincopa Post Video ...)
+ TODO: check
+CVE-2024-23510 (Cross-Site Request Forgery (CSRF) vulnerability in Martyn Chamberlin D ...)
+ TODO: check
+CVE-2024-23451 (Incorrect Authorization issue exists in the API key based security mod ...)
+ TODO: check
+CVE-2024-23450 (A flaw was discovered in Elasticsearch, where processing a document in ...)
+ TODO: check
+CVE-2024-22413
+ REJECTED
+CVE-2024-20354 (A vulnerability in the handling of encrypted wireless frames of Cisco ...)
+ TODO: check
+CVE-2024-20333 (A vulnerability in the web-based management interface of Cisco Catalys ...)
+ TODO: check
+CVE-2024-20324 (A vulnerability in the CLI of Cisco IOS XE Software could allow an aut ...)
+ TODO: check
+CVE-2024-20316 (A vulnerability in the data model interface (DMI) services of Cisco IO ...)
+ TODO: check
+CVE-2024-20314 (A vulnerability in the IPv4 Software-Defined Access (SD-Access) fabric ...)
+ TODO: check
+CVE-2024-20312 (A vulnerability in the Intermediate System-to-Intermediate System (IS- ...)
+ TODO: check
+CVE-2024-20311 (A vulnerability in the Locator ID Separation Protocol (LISP) feature o ...)
+ TODO: check
+CVE-2024-20309 (A vulnerability in auxiliary asynchronous port (AUX) functions of Cisc ...)
+ TODO: check
+CVE-2024-20308 (A vulnerability in the IKEv1 fragmentation code of Cisco IOS Software ...)
+ TODO: check
+CVE-2024-20307 (A vulnerability in the IKEv1 fragmentation code of Cisco IOS Software ...)
+ TODO: check
+CVE-2024-20306 (A vulnerability in the Unified Threat Defense (UTD) configuration CLI ...)
+ TODO: check
+CVE-2024-20303 (A vulnerability in the multicast DNS (mDNS) gateway feature of Cisco I ...)
+ TODO: check
+CVE-2024-20278 (A vulnerability in the NETCONF feature of Cisco IOS XE Software could ...)
+ TODO: check
+CVE-2024-20276 (A vulnerability in Cisco IOS Software for Cisco Catalyst 6000 Series S ...)
+ TODO: check
+CVE-2024-20271 (A vulnerability in the IP packet processing of Cisco Access Point (AP) ...)
+ TODO: check
+CVE-2024-20265 (A vulnerability in the boot process of Cisco Access Point (AP) Softwar ...)
+ TODO: check
+CVE-2024-20259 (A vulnerability in the DHCP snooping feature of Cisco IOS XE Software ...)
+ TODO: check
+CVE-2024-1540 (Previously, it was possible to exfiltrate secrets in Gradio's CI, but ...)
+ TODO: check
+CVE-2023-6400 (Incorrect Authorization vulnerability in OpenText\u2122 ZENworks Confi ...)
+ TODO: check
+CVE-2023-6173 (Improper Neutralization of Special Elements used in an SQL Command ('S ...)
+ TODO: check
+CVE-2023-6153 (Authentication Bypass by Primary Weakness vulnerability in TeoSOFT Sof ...)
+ TODO: check
+CVE-2023-50961 (IBM QRadar SIEM 7.5 is vulnerable to stored cross-site scripting. This ...)
+ TODO: check
+CVE-2023-44999 (Cross-Site Request Forgery (CSRF) vulnerability in WooCommerce WooComm ...)
+ TODO: check
+CVE-2023-39311 (Cross-Site Request Forgery (CSRF) vulnerability in ThemeFusion Fusion ...)
+ TODO: check
+CVE-2023-34020 (URL Redirection to Untrusted Site ('Open Redirect') vulnerability in U ...)
+ TODO: check
+CVE-2024-28085 (wall in util-linux through 2.40, often installed with setgid tty permi ...)
- util-linux 2.39.3-11 (bug #1067849)
NOTE: https://www.openwall.com/lists/oss-security/2024/03/27/5
NOTE: https://github.com/util-linux/util-linux/commit/404b0781f52f7c045ca811b2dceec526408ac253 (v2.40)
-CVE-2024-26651 [sr9800: Add check for usbnet_get_endpoints]
+CVE-2024-26651 (In the Linux kernel, the following vulnerability has been resolved: s ...)
- linux <unfixed>
NOTE: https://git.kernel.org/linus/07161b2416f740a2cb87faa5566873f401440a61 (6.9-rc1)
-CVE-2024-26652 [net: pds_core: Fix possible double free in error handling path]
+CVE-2024-26652 (In the Linux kernel, the following vulnerability has been resolved: n ...)
- linux <unfixed>
[bookworm] - linux <not-affected> (Vulnerable code not present)
[bullseye] - linux <not-affected> (Vulnerable code not present)
[buster] - linux <not-affected> (Vulnerable code not present)
NOTE: https://git.kernel.org/linus/ba18deddd6d502da71fd6b6143c53042271b82bd (6.8)
-CVE-2024-2004 [Usage of disabled protocol]
+CVE-2024-2004 (When a protocol selection parameter option disables all protocols with ...)
- curl 8.7.1-1
[bookworm] - curl <no-dsa> (Minor issue)
[bullseye] - curl <not-affected> (Vulnerable code not present)
@@ -19,20 +289,20 @@ CVE-2024-2004 [Usage of disabled protocol]
NOTE: https://curl.se/docs/CVE-2024-2004.html
NOTE: Introduced by: https://github.com/curl/curl/commit/e6f8445edef8e7996d1cfb141d6df184efef972c (curl-7_85_0)
NOTE: Fixed by: https://github.com/curl/curl/commit/17d302e56221f5040092db77d4f85086e8a20e0e (curl-8_7_0)
-CVE-2024-2379 [QUIC certificate check bypass with wolfSSL]
+CVE-2024-2379 (libcurl skips the certificate verification for a QUIC connection under ...)
- curl 8.7.1-1 (unimportant)
NOTE: https://curl.se/docs/CVE-2024-2379.html
NOTE: Introduced by: https://github.com/curl/curl/commit/5d044ad9480a9f556f4b6a252d7533b1ba7fe57e (curl-8_6_0)
NOTE: Fixed by: https://github.com/curl/curl/commit/aedbbdf18e689a5eee8dc39600914f5eda6c409c (curl-8_7_0)
NOTE: curl in Debian not built with wolfSSL support
-CVE-2024-2398 [HTTP/2 push headers memory-leak]
+CVE-2024-2398 (When an application tells libcurl it wants to allow HTTP/2 server push ...)
- curl 8.7.1-1
[bookworm] - curl <no-dsa> (Minor issue)
[bullseye] - curl <no-dsa> (Minor issue)
NOTE: https://curl.se/docs/CVE-2024-2398.html
NOTE: Introduced by: https://github.com/curl/curl/commit/ea7134ac874a66107e54ff93657ac565cf2ec4aa (curl-7_44_0)
NOTE: Fixed by: https://github.com/curl/curl/commit/deca8039991886a559b67bcd6701db800a5cf764 (curl-8_7_0)
-CVE-2024-2466 [TLS certificate check bypass with mbedTLS]
+CVE-2024-2466 (libcurl did not check the server certificate of TLS connections done t ...)
- curl 8.7.1-1 (unimportant)
[bookworm] - curl <not-affected> (Vulnerable code not present)
[bullseye] - curl <not-affected> (Vulnerable code not present)
@@ -36123,6 +36393,7 @@ CVE-2023-43944 (A Stored Cross Site Scripting (XSS) vulnerability was found in S
CVE-2023-43909 (Hospital Management System thru commit 4770d was discovered to contain ...)
NOT-FOR-US: Hospital Management System
CVE-2023-43655 (Composer is a dependency manager for PHP. Users publishing a composer. ...)
+ {DLA-3777-1}
- composer 2.6.4-1
[bookworm] - composer <no-dsa> (Minor issue)
[bullseye] - composer <no-dsa> (Minor issue)
@@ -74984,8 +75255,8 @@ CVE-2023-0584 (The VK Blocks plugin for WordPress is vulnerable to improper auth
NOT-FOR-US: VK Blocks plugin for WordPress
CVE-2023-0583 (The VK Blocks plugin for WordPress is vulnerable to improper authoriza ...)
NOT-FOR-US: VK Blocks plugin for WordPress
-CVE-2023-0582
- RESERVED
+CVE-2023-0582 (Improper Limitation of a Pathname to a Restricted Directory ('Path Tra ...)
+ TODO: check
CVE-2023-0581 (The PrivateContent plugin for WordPress is vulnerable to protection me ...)
NOT-FOR-US: PrivateContent plugin for WordPress
CVE-2023-0580 (Insecure Storage of Sensitive Information vulnerability in ABB My Cont ...)
@@ -91771,8 +92042,8 @@ CVE-2022-45849 (Auth. (subscriber+) Reflected Cross-Site Scripting (XSS) vulnera
NOT-FOR-US: WordPress plugin
CVE-2022-45848 (Unauth. Stored Cross-Site Scripting (XSS) vulnerability inContest Gall ...)
NOT-FOR-US: WordPress plugin
-CVE-2022-45847
- RESERVED
+CVE-2022-45847 (Cross-Site Request Forgery (CSRF) vulnerability in WPAssist.Me WordPre ...)
+ TODO: check
CVE-2022-45846 (Cross-Site Request Forgery (CSRF) vulnerability in Nickys Image Map Pr ...)
NOT-FOR-US: WordPress plugin
CVE-2022-45845 (Deserialization of Untrusted Data vulnerability in Nextend Smart Slide ...)
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/75bcd4921e7c3208ea3e0924dc6946a3e7df7261
--
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/75bcd4921e7c3208ea3e0924dc6946a3e7df7261
You're receiving this email because of your account on salsa.debian.org.
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://alioth-lists.debian.net/pipermail/debian-security-tracker-commits/attachments/20240327/39f171df/attachment-0001.htm>
More information about the debian-security-tracker-commits
mailing list