[Git][security-tracker-team/security-tracker][master] automatic update

Salvatore Bonaccorso (@carnil) Thu, 01 Feb 2024 00:12:00 -0800


Salvatore Bonaccorso pushed to branch master at Debian Security Tracker / 
security-tracker



Commits:
1b048c42 by security tracker role at 2024-02-01T08:11:31+00:00
automatic update

- - - - -


1 changed file:

- data/CVE/list


Changes:

=====================================
data/CVE/list
=====================================
@@ -1,3 +1,39 @@
+CVE-2024-24747 (MinIO is a High Performance Object Storage. When someone 
creates an ac ...)
+       TODO: check
+CVE-2024-24573 (facileManager is a modular suite of web apps built with the 
sysadmin i ...)
+       TODO: check
+CVE-2024-24572 (facileManager is a modular suite of web apps built with the 
sysadmin i ...)
+       TODO: check
+CVE-2024-24571 (facileManager is a modular suite of web apps built with the 
sysadmin i ...)
+       TODO: check
+CVE-2024-24548 (Payment EX Ver1.1.5b and earlier allows a remote 
unauthenticated attac ...)
+       TODO: check
+CVE-2024-23941 (Cross-site scripting vulnerability exists in Group Office 
prior to v6. ...)
+       TODO: check
+CVE-2024-23653 (BuildKit is a toolkit for converting source code to build 
artifacts in ...)
+       TODO: check
+CVE-2024-23652 (BuildKit is a toolkit for converting source code to build 
artifacts in ...)
+       TODO: check
+CVE-2024-23651 (BuildKit is a toolkit for converting source code to build 
artifacts in ...)
+       TODO: check
+CVE-2024-23650 (BuildKit is a toolkit for converting source code to build 
artifacts in ...)
+       TODO: check
+CVE-2024-22859 (Cross-Site Request Forgery (CSRF) vulnerability in livewire 
before v3. ...)
+       TODO: check
+CVE-2024-1130 (The NEX-Forms \u2013 Ultimate Form Builder \u2013 Contact forms 
and mu ...)
+       TODO: check
+CVE-2024-1129 (The NEX-Forms \u2013 Ultimate Form Builder \u2013 Contact forms 
and mu ...)
+       TODO: check
+CVE-2024-1117 (A vulnerability was found in openBI up to 1.0.8. It has been 
declared  ...)
+       TODO: check
+CVE-2024-0907 (The NEX-Forms \u2013 Ultimate Form Builder \u2013 Contact forms 
and mu ...)
+       TODO: check
+CVE-2024-0831 (Vault and Vault Enterprise (\u201cVault\u201d) may expose 
sensitive in ...)
+       TODO: check
+CVE-2023-7069 (The Advanced iFrame plugin for WordPress is vulnerable to 
Stored Cross ...)
+       TODO: check
+CVE-2023-51939 (An issue in the cp_bbs_sig function in 
relic/src/cp/relic_cp_bbs.c of  ...)
+       TODO: check
 CVE-2024-0853 [OCSP verification bypass with TLS session reuse]
        - curl 8.6.0-1
        [bookworm] - curl <not-affected> (Vulnerable code introduced later)
@@ -6,7 +42,7 @@ CVE-2024-0853 [OCSP verification bypass with TLS session reuse]
        NOTE: https://curl.se/docs/CVE-2024-0853.html
        NOTE: Introduced by: 
https://github.com/curl/curl/commit/395365ad2d9a6c3f1a35d5e268a6af2824129832 
(curl-8_5_0)
        NOTE: Fixed by: 
https://github.com/curl/curl/commit/c28e9478cb2548848eca9b765d0d409bfb18668c 
(curl-8_6_0)
-CVE-2024-21626
+CVE-2024-21626 (runc is a CLI tool for spawning and running containers on 
Linux accord ...)
        - runc <unfixed>
        NOTE: https://www.openwall.com/lists/oss-security/2024/01/31/6
        NOTE: 
https://github.com/opencontainers/runc/security/advisories/GHSA-xr7r-f8xq-vfvv
@@ -1965,7 +2001,7 @@ CVE-2023-51892 (An issue in weaver e-cology 
v.10.0.2310.01 allows a remote attac
        NOT-FOR-US: weaver e-cology
 CVE-2023-49329 (Anomali Match before 4.6.2 allows OS Command Injection. An 
authenticat ...)
        NOT-FOR-US: Anomali Match
-CVE-2023-47024 (Cross Site Request Forgery vulnerability in NCR Terminal 
Handler v.1.5 ...)
+CVE-2023-47024 (Cross-Site Request Forgery (CSRF) in NCR Terminal Handler 
v.1.5.1 lead ...)
        NOT-FOR-US: NCR Terminal Handler
 CVE-2023-46447 (The POPS! Rebel application 5.0 for Android, in POPS! Rebel 
Bluetooth  ...)
        NOT-FOR-US: POPS! Rebel
@@ -8084,7 +8120,7 @@ CVE-2023-32725 (The website configured in the URL widget 
will receive a session
 CVE-2023-32230 (An improper handling of a malformed API request to an API 
server in Bo ...)
        NOT-FOR-US: Bosch
 CVE-2023-48795 (The SSH transport protocol with certain OpenSSH extensions, 
found in O ...)
-       {DSA-5601-1 DSA-5600-1 DSA-5599-1 DSA-5591-1 DSA-5588-1 DSA-5586-1 
DLA-3719-1 DLA-3718-1 DLA-3694-1}
+       {DSA-5601-1 DSA-5600-1 DSA-5599-1 DSA-5591-1 DSA-5588-1 DSA-5586-1 
DLA-3730-1 DLA-3719-1 DLA-3718-1 DLA-3694-1}
        - dropbear 2022.83-4 (bug #1059001)
        [bookworm] - dropbear <no-dsa> (Minor issue)
        [bullseye] - dropbear <no-dsa> (Minor issue)
@@ -73867,8 +73903,8 @@ CVE-2022-47074
        RESERVED
 CVE-2022-47073 (A cross-site scripting (XSS) vulnerability in the Create 
Ticket page o ...)
        NOT-FOR-US: Small CRM
-CVE-2022-47072
-       RESERVED
+CVE-2022-47072 (SQL injection vulnerability in Enterprise Architect 16.0.1605 
32-bit a ...)
+       TODO: check
 CVE-2022-47071 (In NVS365 V01, the background network test function can 
trigger comman ...)
        NOT-FOR-US: NVS365 V01
 CVE-2022-47070 (NVS365 V01 is vulnerable to Incorrect Access Control. After 
entering a ...)



View it on GitLab: 
https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/1b048c42ac1065103415d6d128125c54a23e9e07

-- 
View it on GitLab: 
https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/1b048c42ac1065103415d6d128125c54a23e9e07
You're receiving this email because of your account on salsa.debian.org.

_______________________________________________
debian-security-tracker-commits mailing list
debian-security-tracker-commits@alioth-lists.debian.net
https://alioth-lists.debian.net/cgi-bin/mailman/listinfo/debian-security-tracker-commits

[Git][security-tracker-team/security-tracker][master] automatic update

Reply via email to