Salvatore Bonaccorso pushed to branch master at Debian Security Tracker / security-tracker
Commits: 1b048c42 by security tracker role at 2024-02-01T08:11:31+00:00 automatic update - - - - - 1 changed file: - data/CVE/list Changes: ===================================== data/CVE/list ===================================== @@ -1,3 +1,39 @@ +CVE-2024-24747 (MinIO is a High Performance Object Storage. When someone creates an ac ...) + TODO: check +CVE-2024-24573 (facileManager is a modular suite of web apps built with the sysadmin i ...) + TODO: check +CVE-2024-24572 (facileManager is a modular suite of web apps built with the sysadmin i ...) + TODO: check +CVE-2024-24571 (facileManager is a modular suite of web apps built with the sysadmin i ...) + TODO: check +CVE-2024-24548 (Payment EX Ver1.1.5b and earlier allows a remote unauthenticated attac ...) + TODO: check +CVE-2024-23941 (Cross-site scripting vulnerability exists in Group Office prior to v6. ...) + TODO: check +CVE-2024-23653 (BuildKit is a toolkit for converting source code to build artifacts in ...) + TODO: check +CVE-2024-23652 (BuildKit is a toolkit for converting source code to build artifacts in ...) + TODO: check +CVE-2024-23651 (BuildKit is a toolkit for converting source code to build artifacts in ...) + TODO: check +CVE-2024-23650 (BuildKit is a toolkit for converting source code to build artifacts in ...) + TODO: check +CVE-2024-22859 (Cross-Site Request Forgery (CSRF) vulnerability in livewire before v3. ...) + TODO: check +CVE-2024-1130 (The NEX-Forms \u2013 Ultimate Form Builder \u2013 Contact forms and mu ...) + TODO: check +CVE-2024-1129 (The NEX-Forms \u2013 Ultimate Form Builder \u2013 Contact forms and mu ...) + TODO: check +CVE-2024-1117 (A vulnerability was found in openBI up to 1.0.8. It has been declared ...) + TODO: check +CVE-2024-0907 (The NEX-Forms \u2013 Ultimate Form Builder \u2013 Contact forms and mu ...) + TODO: check +CVE-2024-0831 (Vault and Vault Enterprise (\u201cVault\u201d) may expose sensitive in ...) + TODO: check +CVE-2023-7069 (The Advanced iFrame plugin for WordPress is vulnerable to Stored Cross ...) + TODO: check +CVE-2023-51939 (An issue in the cp_bbs_sig function in relic/src/cp/relic_cp_bbs.c of ...) + TODO: check CVE-2024-0853 [OCSP verification bypass with TLS session reuse] - curl 8.6.0-1 [bookworm] - curl <not-affected> (Vulnerable code introduced later) @@ -6,7 +42,7 @@ CVE-2024-0853 [OCSP verification bypass with TLS session reuse] NOTE: https://curl.se/docs/CVE-2024-0853.html NOTE: Introduced by: https://github.com/curl/curl/commit/395365ad2d9a6c3f1a35d5e268a6af2824129832 (curl-8_5_0) NOTE: Fixed by: https://github.com/curl/curl/commit/c28e9478cb2548848eca9b765d0d409bfb18668c (curl-8_6_0) -CVE-2024-21626 +CVE-2024-21626 (runc is a CLI tool for spawning and running containers on Linux accord ...) - runc <unfixed> NOTE: https://www.openwall.com/lists/oss-security/2024/01/31/6 NOTE: https://github.com/opencontainers/runc/security/advisories/GHSA-xr7r-f8xq-vfvv @@ -1965,7 +2001,7 @@ CVE-2023-51892 (An issue in weaver e-cology v.10.0.2310.01 allows a remote attac NOT-FOR-US: weaver e-cology CVE-2023-49329 (Anomali Match before 4.6.2 allows OS Command Injection. An authenticat ...) NOT-FOR-US: Anomali Match -CVE-2023-47024 (Cross Site Request Forgery vulnerability in NCR Terminal Handler v.1.5 ...) +CVE-2023-47024 (Cross-Site Request Forgery (CSRF) in NCR Terminal Handler v.1.5.1 lead ...) NOT-FOR-US: NCR Terminal Handler CVE-2023-46447 (The POPS! Rebel application 5.0 for Android, in POPS! Rebel Bluetooth ...) NOT-FOR-US: POPS! Rebel @@ -8084,7 +8120,7 @@ CVE-2023-32725 (The website configured in the URL widget will receive a session CVE-2023-32230 (An improper handling of a malformed API request to an API server in Bo ...) NOT-FOR-US: Bosch CVE-2023-48795 (The SSH transport protocol with certain OpenSSH extensions, found in O ...) - {DSA-5601-1 DSA-5600-1 DSA-5599-1 DSA-5591-1 DSA-5588-1 DSA-5586-1 DLA-3719-1 DLA-3718-1 DLA-3694-1} + {DSA-5601-1 DSA-5600-1 DSA-5599-1 DSA-5591-1 DSA-5588-1 DSA-5586-1 DLA-3730-1 DLA-3719-1 DLA-3718-1 DLA-3694-1} - dropbear 2022.83-4 (bug #1059001) [bookworm] - dropbear <no-dsa> (Minor issue) [bullseye] - dropbear <no-dsa> (Minor issue) @@ -73867,8 +73903,8 @@ CVE-2022-47074 RESERVED CVE-2022-47073 (A cross-site scripting (XSS) vulnerability in the Create Ticket page o ...) NOT-FOR-US: Small CRM -CVE-2022-47072 - RESERVED +CVE-2022-47072 (SQL injection vulnerability in Enterprise Architect 16.0.1605 32-bit a ...) + TODO: check CVE-2022-47071 (In NVS365 V01, the background network test function can trigger comman ...) NOT-FOR-US: NVS365 V01 CVE-2022-47070 (NVS365 V01 is vulnerable to Incorrect Access Control. After entering a ...) View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/1b048c42ac1065103415d6d128125c54a23e9e07 -- View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/1b048c42ac1065103415d6d128125c54a23e9e07 You're receiving this email because of your account on salsa.debian.org.
_______________________________________________ debian-security-tracker-commits mailing list debian-security-tracker-commits@alioth-lists.debian.net https://alioth-lists.debian.net/cgi-bin/mailman/listinfo/debian-security-tracker-commits