Salvatore Bonaccorso pushed to branch master at Debian Security Tracker / security-tracker
Commits: a529a07b by security tracker role at 2024-01-30T08:11:34+00:00 automatic update - - - - - 1 changed file: - data/CVE/list Changes: ===================================== data/CVE/list ===================================== @@ -1,3 +1,77 @@ +CVE-2024-23829 (aiohttp is an asynchronous HTTP client/server framework for asyncio an ...) + TODO: check +CVE-2024-23334 (aiohttp is an asynchronous HTTP client/server framework for asyncio an ...) + TODO: check +CVE-2024-22938 (Insecure Permissions vulnerability in BossCMS v.1.3.0 allows a local a ...) + TODO: check +CVE-2024-22682 (DuckDB <=0.9.2 and DuckDB extension-template <=0.9.2 are vulnerable to ...) + TODO: check +CVE-2024-22648 (A Blind SSRF vulnerability exists in the "Crawl Meta Data" functionali ...) + TODO: check +CVE-2024-22647 (An user enumeration vulnerability was found in SEO Panel 4.10.0. This ...) + TODO: check +CVE-2024-22646 (An email address enumeration vulnerability exists in the password rese ...) + TODO: check +CVE-2024-22643 (A Cross-Site Request Forgery (CSRF) vulnerability in SEO Panel version ...) + TODO: check +CVE-2024-21840 (Incorrect Default Permissions vulnerability in Hitachi Storage Plug-in ...) + TODO: check +CVE-2024-21803 (Use After Free vulnerability in Linux Linux kernel kernel on Linux, x8 ...) + TODO: check +CVE-2024-21488 (Versions of the package network before 0.7.0 are vulnerable to Arbitra ...) + TODO: check +CVE-2024-1029 (A vulnerability was found in Cogites eReserv 7.7.58 and classified as ...) + TODO: check +CVE-2024-1028 (A vulnerability has been found in SourceCodester Facebook News Feed Li ...) + TODO: check +CVE-2024-1027 (A vulnerability, which was classified as critical, was found in Source ...) + TODO: check +CVE-2024-1026 (A vulnerability was found in Cogites eReserv 7.7.58 and classified as ...) + TODO: check +CVE-2024-1024 (A vulnerability has been found in SourceCodester Facebook News Feed Li ...) + TODO: check +CVE-2024-1022 (A vulnerability, which was classified as problematic, was found in Cod ...) + TODO: check +CVE-2024-1021 (A vulnerability, which was classified as critical, has been found in R ...) + TODO: check +CVE-2024-1020 (A vulnerability classified as problematic was found in Rebuild up to 3 ...) + TODO: check +CVE-2023-7225 (The MapPress Maps for WordPress plugin for WordPress is vulnerable to ...) + TODO: check +CVE-2023-5372 (The post-authentication command injection vulnerability in Zyxel NAS32 ...) + TODO: check +CVE-2023-52071 (tiny-curl-8_4_0 , curl-8_4_0 and curl-8_5_0 were discovered to contain ...) + TODO: check +CVE-2023-51982 (CrateDB 5.5.1 is contains an authentication bypass vulnerability in th ...) + TODO: check +CVE-2023-51843 (react-dashboard 1.4.0 is vulnerable to Cross Site Scripting (XSS) as h ...) + TODO: check +CVE-2023-51837 (Ylianst MeshCentral 1.1.16 is vulnerable to Missing SSL Certificate Va ...) + TODO: check +CVE-2023-51813 (Cross Site Request Forgery (CSRF) vulnerability in Free Open-Source In ...) + TODO: check +CVE-2023-4554 (Improper Restriction of XML External Entity Reference vulnerability in ...) + TODO: check +CVE-2023-4553 (Improper Input Validation vulnerability in OpenText AppBuilder on Wind ...) + TODO: check +CVE-2023-4552 (Improper Input Validation vulnerability in OpenText AppBuilder on Wind ...) + TODO: check +CVE-2023-4551 (Improper Input Validation vulnerability in OpenText AppBuilder on Wind ...) + TODO: check +CVE-2023-4550 (Improper Input Validation, Files or Directories Accessible to External ...) + TODO: check +CVE-2023-49038 (Command injection in the ping utility on Buffalo LS210D 1.78-0.03 allo ...) + TODO: check +CVE-2023-45930 + REJECTED +CVE-2023-45928 + REJECTED +CVE-2023-45926 + REJECTED +CVE-2023-45923 + REJECTED +CVE-2023-37571 (Softing TH SCOPE through 3.70 allows XSS.) + TODO: check CVE-2024-1023 NOT-FOR-US: Eclipse Vertx CVE-2024-24141 (Sourcecodester School Task Manager App 1.0 allows SQL Injection via th ...) @@ -4080,6 +4154,7 @@ CVE-2023-42797 (A vulnerability has been identified in CP-8031 MASTER MODULE (Al CVE-2022-48618 (The issue was addressed with improved checks. This issue is fixed in m ...) NOT-FOR-US: Apple CVE-2023-41056 (Redis is an in-memory database that persists on disk. Redis incorrectl ...) + {DSA-5610-1} - redis 5:7.0.15-1 (bug #1060316) [bullseye] - redis <not-affected> (Vulnerable code not present) [buster] - redis <not-affected> (Vulnerable code not present) @@ -18404,7 +18479,7 @@ CVE-2023-45812 (The Apollo Router is a configurable, high-performance graph rout CVE-2023-45146 (XXL-RPC is a high performance, distributed RPC framework. With it, a T ...) NOT-FOR-US: XXL-RPC CVE-2023-45145 (Redis is an in-memory database that persists on disk. On startup, Redi ...) - {DLA-3627-1} + {DSA-5610-1 DLA-3627-1} - redis 5:7.0.14-1 (bug #1054225) [bullseye] - redis <no-dsa> (Minor issue) NOTE: https://github.com/redis/redis/security/advisories/GHSA-ghmp-889m-7cvx @@ -24911,6 +24986,7 @@ CVE-2023-41329 (WireMock is a tool for mocking HTTP services. The proxy mode of CVE-2023-41327 (WireMock is a tool for mocking HTTP services. WireMock can be configur ...) NOT-FOR-US: WireMock CVE-2023-41053 (Redis is an in-memory database that persists on disk. Redis does not c ...) + {DSA-5610-1} - redis 5:7.0.13-1 (bug #1051512) [bullseye] - redis <not-affected> (Vulnerable code introduced later) [buster] - redis <not-affected> (Vulnerable code introduced later) @@ -33124,6 +33200,7 @@ CVE-2023-36867 (Visual Studio Code GitHub Pull Requests and Issues Extension Rem CVE-2023-36825 (Orchid is a Laravel package that allows application development of bac ...) NOT-FOR-US: Decidim CVE-2023-36824 (Redis is an in-memory database that persists on disk. In Redit 7.0 pri ...) + {DSA-5610-1} - redis 5:7.0.12-1 (bug #1040879) [bullseye] - redis <not-affected> (Vulnerable code introduced later) [buster] - redis <not-affected> (Vulnerable code introduced later) @@ -139713,6 +139790,7 @@ CVE-2022-24836 (Nokogiri is an open source XML and HTML library for Ruby. Nokogi CVE-2022-24835 RESERVED CVE-2022-24834 (Redis is an in-memory database that persists on disk. A specially craf ...) + {DSA-5610-1} - redis 5:7.0.12-1 [bullseye] - redis <no-dsa> (Minor issue) [buster] - redis <no-dsa> (Minor issue) @@ -208581,7 +208659,7 @@ CVE-2021-3171 RESERVED CVE-2021-3170 RESERVED -CVE-2021-3169 (An issue in Jumpserver 2.6.2 and below allows attackers to create a co ...) +CVE-2021-3169 (An issue in Jumpserver before 2.6.2, before 2.5.4, before 2.4.5 allows ...) NOT-FOR-US: Jumpserver CVE-2021-3168 RESERVED View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/a529a07b7da412e1794b017b483321259dda3c1e -- View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/a529a07b7da412e1794b017b483321259dda3c1e You're receiving this email because of your account on salsa.debian.org.
_______________________________________________ debian-security-tracker-commits mailing list debian-security-tracker-commits@alioth-lists.debian.net https://alioth-lists.debian.net/cgi-bin/mailman/listinfo/debian-security-tracker-commits