Salvatore Bonaccorso pushed to branch master at Debian Security Tracker /
security-tracker
Commits:
a529a07b by security tracker role at 2024-01-30T08:11:34+00:00
automatic update
- - - - -
1 changed file:
- data/CVE/list
Changes:
=====================================
data/CVE/list
=====================================
@@ -1,3 +1,77 @@
+CVE-2024-23829 (aiohttp is an asynchronous HTTP client/server framework for
asyncio an ...)
+ TODO: check
+CVE-2024-23334 (aiohttp is an asynchronous HTTP client/server framework for
asyncio an ...)
+ TODO: check
+CVE-2024-22938 (Insecure Permissions vulnerability in BossCMS v.1.3.0 allows a
local a ...)
+ TODO: check
+CVE-2024-22682 (DuckDB <=0.9.2 and DuckDB extension-template <=0.9.2 are
vulnerable to ...)
+ TODO: check
+CVE-2024-22648 (A Blind SSRF vulnerability exists in the "Crawl Meta Data"
functionali ...)
+ TODO: check
+CVE-2024-22647 (An user enumeration vulnerability was found in SEO Panel
4.10.0. This ...)
+ TODO: check
+CVE-2024-22646 (An email address enumeration vulnerability exists in the
password rese ...)
+ TODO: check
+CVE-2024-22643 (A Cross-Site Request Forgery (CSRF) vulnerability in SEO Panel
version ...)
+ TODO: check
+CVE-2024-21840 (Incorrect Default Permissions vulnerability in Hitachi Storage
Plug-in ...)
+ TODO: check
+CVE-2024-21803 (Use After Free vulnerability in Linux Linux kernel kernel on
Linux, x8 ...)
+ TODO: check
+CVE-2024-21488 (Versions of the package network before 0.7.0 are vulnerable to
Arbitra ...)
+ TODO: check
+CVE-2024-1029 (A vulnerability was found in Cogites eReserv 7.7.58 and
classified as ...)
+ TODO: check
+CVE-2024-1028 (A vulnerability has been found in SourceCodester Facebook News
Feed Li ...)
+ TODO: check
+CVE-2024-1027 (A vulnerability, which was classified as critical, was found in
Source ...)
+ TODO: check
+CVE-2024-1026 (A vulnerability was found in Cogites eReserv 7.7.58 and
classified as ...)
+ TODO: check
+CVE-2024-1024 (A vulnerability has been found in SourceCodester Facebook News
Feed Li ...)
+ TODO: check
+CVE-2024-1022 (A vulnerability, which was classified as problematic, was found
in Cod ...)
+ TODO: check
+CVE-2024-1021 (A vulnerability, which was classified as critical, has been
found in R ...)
+ TODO: check
+CVE-2024-1020 (A vulnerability classified as problematic was found in Rebuild
up to 3 ...)
+ TODO: check
+CVE-2023-7225 (The MapPress Maps for WordPress plugin for WordPress is
vulnerable to ...)
+ TODO: check
+CVE-2023-5372 (The post-authentication command injection vulnerability in
Zyxel NAS32 ...)
+ TODO: check
+CVE-2023-52071 (tiny-curl-8_4_0 , curl-8_4_0 and curl-8_5_0 were discovered to
contain ...)
+ TODO: check
+CVE-2023-51982 (CrateDB 5.5.1 is contains an authentication bypass
vulnerability in th ...)
+ TODO: check
+CVE-2023-51843 (react-dashboard 1.4.0 is vulnerable to Cross Site Scripting
(XSS) as h ...)
+ TODO: check
+CVE-2023-51837 (Ylianst MeshCentral 1.1.16 is vulnerable to Missing SSL
Certificate Va ...)
+ TODO: check
+CVE-2023-51813 (Cross Site Request Forgery (CSRF) vulnerability in Free
Open-Source In ...)
+ TODO: check
+CVE-2023-4554 (Improper Restriction of XML External Entity Reference
vulnerability in ...)
+ TODO: check
+CVE-2023-4553 (Improper Input Validation vulnerability in OpenText AppBuilder
on Wind ...)
+ TODO: check
+CVE-2023-4552 (Improper Input Validation vulnerability in OpenText AppBuilder
on Wind ...)
+ TODO: check
+CVE-2023-4551 (Improper Input Validation vulnerability in OpenText AppBuilder
on Wind ...)
+ TODO: check
+CVE-2023-4550 (Improper Input Validation, Files or Directories Accessible to
External ...)
+ TODO: check
+CVE-2023-49038 (Command injection in the ping utility on Buffalo LS210D
1.78-0.03 allo ...)
+ TODO: check
+CVE-2023-45930
+ REJECTED
+CVE-2023-45928
+ REJECTED
+CVE-2023-45926
+ REJECTED
+CVE-2023-45923
+ REJECTED
+CVE-2023-37571 (Softing TH SCOPE through 3.70 allows XSS.)
+ TODO: check
CVE-2024-1023
NOT-FOR-US: Eclipse Vertx
CVE-2024-24141 (Sourcecodester School Task Manager App 1.0 allows SQL
Injection via th ...)
@@ -4080,6 +4154,7 @@ CVE-2023-42797 (A vulnerability has been identified in
CP-8031 MASTER MODULE (Al
CVE-2022-48618 (The issue was addressed with improved checks. This issue is
fixed in m ...)
NOT-FOR-US: Apple
CVE-2023-41056 (Redis is an in-memory database that persists on disk. Redis
incorrectl ...)
+ {DSA-5610-1}
- redis 5:7.0.15-1 (bug #1060316)
[bullseye] - redis <not-affected> (Vulnerable code not present)
[buster] - redis <not-affected> (Vulnerable code not present)
@@ -18404,7 +18479,7 @@ CVE-2023-45812 (The Apollo Router is a configurable,
high-performance graph rout
CVE-2023-45146 (XXL-RPC is a high performance, distributed RPC framework. With
it, a T ...)
NOT-FOR-US: XXL-RPC
CVE-2023-45145 (Redis is an in-memory database that persists on disk. On
startup, Redi ...)
- {DLA-3627-1}
+ {DSA-5610-1 DLA-3627-1}
- redis 5:7.0.14-1 (bug #1054225)
[bullseye] - redis <no-dsa> (Minor issue)
NOTE:
https://github.com/redis/redis/security/advisories/GHSA-ghmp-889m-7cvx
@@ -24911,6 +24986,7 @@ CVE-2023-41329 (WireMock is a tool for mocking HTTP
services. The proxy mode of
CVE-2023-41327 (WireMock is a tool for mocking HTTP services. WireMock can be
configur ...)
NOT-FOR-US: WireMock
CVE-2023-41053 (Redis is an in-memory database that persists on disk. Redis
does not c ...)
+ {DSA-5610-1}
- redis 5:7.0.13-1 (bug #1051512)
[bullseye] - redis <not-affected> (Vulnerable code introduced later)
[buster] - redis <not-affected> (Vulnerable code introduced later)
@@ -33124,6 +33200,7 @@ CVE-2023-36867 (Visual Studio Code GitHub Pull Requests
and Issues Extension Rem
CVE-2023-36825 (Orchid is a Laravel package that allows application
development of bac ...)
NOT-FOR-US: Decidim
CVE-2023-36824 (Redis is an in-memory database that persists on disk. In Redit
7.0 pri ...)
+ {DSA-5610-1}
- redis 5:7.0.12-1 (bug #1040879)
[bullseye] - redis <not-affected> (Vulnerable code introduced later)
[buster] - redis <not-affected> (Vulnerable code introduced later)
@@ -139713,6 +139790,7 @@ CVE-2022-24836 (Nokogiri is an open source XML and
HTML library for Ruby. Nokogi
CVE-2022-24835
RESERVED
CVE-2022-24834 (Redis is an in-memory database that persists on disk. A
specially craf ...)
+ {DSA-5610-1}
- redis 5:7.0.12-1
[bullseye] - redis <no-dsa> (Minor issue)
[buster] - redis <no-dsa> (Minor issue)
@@ -208581,7 +208659,7 @@ CVE-2021-3171
RESERVED
CVE-2021-3170
RESERVED
-CVE-2021-3169 (An issue in Jumpserver 2.6.2 and below allows attackers to
create a co ...)
+CVE-2021-3169 (An issue in Jumpserver before 2.6.2, before 2.5.4, before 2.4.5
allows ...)
NOT-FOR-US: Jumpserver
CVE-2021-3168
RESERVED
View it on GitLab:
https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/a529a07b7da412e1794b017b483321259dda3c1e
--
View it on GitLab:
https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/a529a07b7da412e1794b017b483321259dda3c1e
You're receiving this email because of your account on salsa.debian.org.
_______________________________________________
debian-security-tracker-commits mailing list
debian-security-tracker-commits@alioth-lists.debian.net
https://alioth-lists.debian.net/cgi-bin/mailman/listinfo/debian-security-tracker-commits
