[Git][security-tracker-team/security-tracker][master] automatic update
Salvatore Bonaccorso (@carnil)
carnil at debian.org
Sat Sep 28 21:45:57 BST 2024
Salvatore Bonaccorso pushed to branch master at Debian Security Tracker / security-tracker
Commits:
8796d37e by security tracker role at 2024-09-28T20:12:44+00:00
automatic update
- - - - -
1 changed file:
- data/CVE/list
Changes:
=====================================
data/CVE/list
=====================================
@@ -1,3 +1,69 @@
+CVE-2024-9316 (A vulnerability classified as critical has been found in code-projects ...)
+ TODO: check
+CVE-2024-9315 (A vulnerability was found in SourceCodester Employee and Visitor Gate ...)
+ TODO: check
+CVE-2024-9300 (A vulnerability classified as problematic was found in SourceCodester ...)
+ TODO: check
+CVE-2024-9299 (A vulnerability classified as problematic has been found in SourceCode ...)
+ TODO: check
+CVE-2024-9298 (A vulnerability was found in SourceCodester Online Railway Reservation ...)
+ TODO: check
+CVE-2024-9297 (A vulnerability was found in SourceCodester Online Railway Reservation ...)
+ TODO: check
+CVE-2024-9296 (A vulnerability was found in SourceCodester Advocate Office Management ...)
+ TODO: check
+CVE-2024-9295 (A vulnerability was found in SourceCodester Advocate Office Management ...)
+ TODO: check
+CVE-2024-9294 (A vulnerability, which was classified as critical, has been found in d ...)
+ TODO: check
+CVE-2024-9293 (A vulnerability classified as critical was found in skyselang yylAdmin ...)
+ TODO: check
+CVE-2024-9291 (A vulnerability classified as problematic has been found in kalvinGit ...)
+ TODO: check
+CVE-2024-9189 (The EU/UK VAT Manager for WooCommerce plugin for WordPress is vulnerab ...)
+ TODO: check
+CVE-2024-9023 (The WP-WebAuthn plugin for WordPress is vulnerable to Stored Cross-Sit ...)
+ TODO: check
+CVE-2024-8788 (The EU/UK VAT Manager for WooCommerce plugin for WordPress is vulnerab ...)
+ TODO: check
+CVE-2024-8715 (The Simple LDAP Login plugin for WordPress is vulnerable to Reflected ...)
+ TODO: check
+CVE-2024-8712 (The GTM Server Side plugin for WordPress is vulnerable to Reflected Cr ...)
+ TODO: check
+CVE-2024-8547 (The Simple Popup Plugin plugin for WordPress is vulnerable to Stored C ...)
+ TODO: check
+CVE-2024-8353 (The GiveWP \u2013 Donation Plugin and Fundraising Platform plugin for ...)
+ TODO: check
+CVE-2024-8189 (The WP MultiTasking \u2013 WP Utilities plugin for WordPress is vulner ...)
+ TODO: check
+CVE-2024-47186 (Filament is a collection of full-stack components for Laravel developm ...)
+ TODO: check
+CVE-2024-46453 (A cross-site scripting (XSS) vulnerability in the component /test/ of ...)
+ TODO: check
+CVE-2024-38796 (EDK2 contains a vulnerability in the PeCoffLoaderRelocateImage(). An A ...)
+ TODO: check
+CVE-2024-23967 (Autel MaxiCharger AC Elite Business C50 WebSocket Base64 Decoding Stac ...)
+ TODO: check
+CVE-2024-23961 (Alpine Halo9 UPDM_wemCmdUpdFSpeDecomp Command Injection Remote Code Ex ...)
+ TODO: check
+CVE-2024-23960 (Alpine Halo9 Improper Verification of Cryptographic Signature Vulnerab ...)
+ TODO: check
+CVE-2024-23959 (Autel MaxiCharger AC Elite Business C50 BLE AppChargingControl Stack-b ...)
+ TODO: check
+CVE-2024-23958 (Autel MaxiCharger AC Elite Business C50 BLE Hardcoded Credentials Auth ...)
+ TODO: check
+CVE-2024-23957 (Autel MaxiCharger AC Elite Business C50 DLB_HostHeartBeat Stack-based ...)
+ TODO: check
+CVE-2024-23938 (Silicon Labs Gecko OS Debug Interface Stack-based Buffer Overflow Remo ...)
+ TODO: check
+CVE-2024-23935 (Alpine Halo9 DecodeUTF7 Stack-based Buffer Overflow Remote Code Execut ...)
+ TODO: check
+CVE-2024-23924 (Alpine Halo9 UPDM_wemCmdCreatSHA256Hash Command Injection Remote Code ...)
+ TODO: check
+CVE-2024-23923 (Alpine Halo9 prh_l2_sar_data_ind Use-After-Free Remote Code Execution ...)
+ TODO: check
+CVE-2024-23586 (HCL Nomad is susceptible to an insufficient session expiration vulnera ...)
+ TODO: check
CVE-2024-9301 (A path traversal issue in E2Nest prior to commit 8a41948e553c89c56b144 ...)
NOT-FOR-US: E2Nest
CVE-2024-9284 (A vulnerability was found in TP-LINK TL-WR841ND up to 20240920. It has ...)
@@ -72796,7 +72862,7 @@ CVE-2024-22075 (Firefly III (aka firefly-iii) before 6.1.1 allows webhooks HTML
CVE-2024-22050 (Path traversal in the static file service in Iodine less than 0.7.33 a ...)
NOT-FOR-US: Iodine (not the same as src:iodine)
CVE-2024-22049 (httparty before 0.21.0 is vulnerable to an assumed-immutable web param ...)
- {DLA-3716-1}
+ {DLA-3900-1 DLA-3716-1}
- ruby-httparty 0.21.0-1
NOTE: https://github.com/jnunemaker/httparty/security/advisories/GHSA-5pq7-52mg-hr42
NOTE: https://github.com/jnunemaker/httparty/commit/cdb45a678c43e44570b4e73f84b1abeb5ec22b8e (v0.21.0)
@@ -75714,7 +75780,7 @@ CVE-2023-32725 (The website configured in the URL widget will receive a session
CVE-2023-32230 (An improper handling of a malformed API request to an API server in Bo ...)
NOT-FOR-US: Bosch
CVE-2023-48795 (The SSH transport protocol with certain OpenSSH extensions, found in O ...)
- {DSA-5750-1 DSA-5601-1 DSA-5600-1 DSA-5599-1 DSA-5591-1 DSA-5588-1 DSA-5586-1 DLA-3794-1 DLA-3730-1 DLA-3719-1 DLA-3718-1 DLA-3694-1}
+ {DSA-5750-1 DSA-5601-1 DSA-5600-1 DSA-5599-1 DSA-5591-1 DSA-5588-1 DSA-5586-1 DLA-3899-1 DLA-3794-1 DLA-3730-1 DLA-3719-1 DLA-3718-1 DLA-3694-1}
- dropbear 2022.83-4 (bug #1059001)
[bookworm] - dropbear 2022.83-1+deb12u1
[bullseye] - dropbear 2020.81-3+deb11u1
@@ -82318,6 +82384,7 @@ CVE-2023-47346 (Buffer Overflow vulnerability in free5gc 3.3.0, UPF 1.2.0, and S
CVE-2023-47117 (Label Studio is an open source data labeling tool. In all current vers ...)
- label-studio <itp> (bug #1026232)
CVE-2023-46446 (An issue in AsyncSSH before 2.14.1 allows attackers to control the rem ...)
+ {DLA-3899-1}
- python-asyncssh 2.15.0-1 (bug #1055999)
[bookworm] - python-asyncssh <no-dsa> (Minor issue)
[buster] - python-asyncssh <no-dsa> (Minor issue)
@@ -82325,6 +82392,7 @@ CVE-2023-46446 (An issue in AsyncSSH before 2.14.1 allows attackers to control t
NOTE: https://github.com/ronf/asyncssh/commit/83e43f5ea3470a8617fc388c72b062c7136efd7e (v2.14.1)
NOTE: https://terrapin-attack.com/
CVE-2023-46445 (An issue in AsyncSSH before 2.14.1 allows attackers to control the ext ...)
+ {DLA-3899-1}
- python-asyncssh 2.15.0-1 (bug #1056000)
[bookworm] - python-asyncssh <no-dsa> (Minor issue)
[buster] - python-asyncssh <no-dsa> (Minor issue)
@@ -186223,7 +186291,7 @@ CVE-2022-32210 (`Undici.ProxyAgent` never verifies the remote server's certifica
- node-undici 5.6.1+dfsg1+~cs18.9.16-1
NOTE: https://github.com/advisories/GHSA-pgw7-wx7w-2w33
CVE-2022-32209 (# Possible XSS Vulnerability in Rails::Html::SanitizerThere is a possi ...)
- {DLA-3227-1}
+ {DLA-3902-1 DLA-3227-1}
- ruby-rails-html-sanitizer 1.4.3-0.1 (bug #1013806)
NOTE: https://hackerone.com/reports/1530898
NOTE: https://discuss.rubyonrails.org/t/cve-2022-32209-possible-xss-vulnerability-in-rails-sanitizer/80800
@@ -213101,7 +213169,7 @@ CVE-2022-23521 (Git is distributed revision control system. gitattributes are a
NOTE: https://github.com/git/git/commit/3c50032ff5289cc45659f21949c8d09e52164579
NOTE: https://github.com/git/git/files/10430260/X41-OSTIF-Gitlab-Git-Security-Audit-20230117-public.pdf
CVE-2022-23520 (rails-html-sanitizer is responsible for sanitizing HTML fragments in R ...)
- {DLA-3566-1}
+ {DLA-3902-1 DLA-3566-1}
- ruby-rails-html-sanitizer 1.4.4-1 (bug #1027153)
NOTE: https://github.com/rails/rails-html-sanitizer/security/advisories/GHSA-rrfc-7g8p-99q8
NOTE: https://github.com/flavorjones/loofah/blob/main/docs/2022-10-decision-on-cdata-nodes.md
@@ -213111,7 +213179,7 @@ CVE-2022-23520 (rails-html-sanitizer is responsible for sanitizing HTML fragment
NOTE: https://github.com/rails/rails-html-sanitizer/commit/373fc6295918c4b0aad02111e869f4e0c6fc788b (v1.5.0)
NOTE: Replaces CVE-2022-32209 fix, requires 'cdata_escape' from ruby-loofah >= 2.19.1.
CVE-2022-23519 (rails-html-sanitizer is responsible for sanitizing HTML fragments in R ...)
- {DLA-3566-1}
+ {DLA-3902-1 DLA-3566-1}
- ruby-rails-html-sanitizer 1.4.4-1 (bug #1027153)
NOTE: https://github.com/rails/rails-html-sanitizer/security/advisories/GHSA-9h9g-93gc-623h
NOTE: https://github.com/flavorjones/loofah/blob/main/docs/2022-10-decision-on-cdata-nodes.md
@@ -213121,29 +213189,29 @@ CVE-2022-23519 (rails-html-sanitizer is responsible for sanitizing HTML fragment
NOTE: https://github.com/rails/rails-html-sanitizer/commit/373fc6295918c4b0aad02111e869f4e0c6fc788b (v1.5.0)
NOTE: Replaces CVE-2022-32209 fix, requires 'cdata_escape' from ruby-loofah >= 2.19.1.
CVE-2022-23518 (rails-html-sanitizer is responsible for sanitizing HTML fragments in R ...)
- {DLA-3566-1}
+ {DLA-3902-1 DLA-3566-1}
- ruby-rails-html-sanitizer 1.4.4-1 (bug #1027153)
NOTE: https://github.com/rails/rails-html-sanitizer/issues/135
NOTE: https://github.com/rails/rails-html-sanitizer/commit/d1223a29cb3e4151cdcb6ba6c8431708d8ce40a6 (v1.4.4)
NOTE: https://github.com/rails/rails-html-sanitizer/commit/bb6dfcbaaf9c5c8c4f77555557693c08d4d4ab48 (v1.5.0)
NOTE: https://github.com/rails/rails-html-sanitizer/security/advisories/GHSA-mcvf-2q2m-x72m
CVE-2022-23517 (rails-html-sanitizer is responsible for sanitizing HTML fragments in R ...)
- {DLA-3566-1}
+ {DLA-3902-1 DLA-3566-1}
- ruby-rails-html-sanitizer 1.4.4-1 (bug #1027153)
NOTE: https://github.com/rails/rails-html-sanitizer/security/advisories/GHSA-5x79-w82f-gw8w
NOTE: https://github.com/rails/rails-html-sanitizer/commit/56c61c0cebd1e493e8ad7bca2a0191609a4a6979
CVE-2022-23516 (Loofah is a general library for manipulating and transforming HTML/XML ...)
- {DLA-3565-1}
+ {DLA-3901-1 DLA-3565-1}
- ruby-loofah 2.19.1-1 (bug #1026083)
NOTE: https://github.com/flavorjones/loofah/security/advisories/GHSA-3x8r-x6xp-q4vm
NOTE: https://github.com/flavorjones/loofah/commit/86f7f6364491b0099d215db858ecdc0c89ded040
CVE-2022-23515 (Loofah is a general library for manipulating and transforming HTML/XML ...)
- {DLA-3565-1}
+ {DLA-3901-1 DLA-3565-1}
- ruby-loofah 2.19.1-1 (bug #1026083)
NOTE: https://github.com/flavorjones/loofah/security/advisories/GHSA-228g-948r-83gx
NOTE: https://github.com/flavorjones/loofah/commit/415677f3cf7f9254f42f811e784985cd63c7407f
CVE-2022-23514 (Loofah is a general library for manipulating and transforming HTML/XML ...)
- {DLA-3565-1}
+ {DLA-3901-1 DLA-3565-1}
- ruby-loofah 2.19.1-1 (bug #1026083)
NOTE: https://github.com/flavorjones/loofah/security/advisories/GHSA-486f-hjj9-9vhh
NOTE: https://github.com/flavorjones/loofah/commit/a6e0a1ab90675a17b1b2be189129d94139e4b143
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/8796d37ed2bf2975bb13a5bfc1c57cfe1998bf20
--
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/8796d37ed2bf2975bb13a5bfc1c57cfe1998bf20
You're receiving this email because of your account on salsa.debian.org.
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://alioth-lists.debian.net/pipermail/debian-security-tracker-commits/attachments/20240928/b09bbdee/attachment.htm>
More information about the debian-security-tracker-commits
mailing list