[Git][security-tracker-team/security-tracker][master] automatic update

Salvatore Bonaccorso (@carnil) Sat, 03 Feb 2024 12:12:22 -0800


Salvatore Bonaccorso pushed to branch master at Debian Security Tracker / 
security-tracker



Commits:
f614a194 by security tracker role at 2024-02-03T20:11:53+00:00
automatic update

- - - - -


1 changed file:

- data/CVE/list


Changes:

=====================================
data/CVE/list
=====================================
@@ -1,3 +1,13 @@
+CVE-2024-1215 (A vulnerability was found in SourceCodester CRUD without Page 
Reload 1 ...)
+       TODO: check
+CVE-2024-1064 (A host header injection vulnerability in the HTTP handler 
component of ...)
+       TODO: check
+CVE-2023-49950 (The Jinja templating in Logpoint SIEM 6.10.0 through 7.x 
before 7.3.0  ...)
+       TODO: check
+CVE-2023-44031 (Incorrect access control in Reprise License Management 
Software Repris ...)
+       TODO: check
+CVE-2023-43183 (Incorrect access control in Reprise License Management 
Software Repris ...)
+       TODO: check
 CVE-2024-23553 (A cross-site scripting (XSS) vulnerability in the Web Reports 
componen ...)
        NOT-FOR-US: HCL
 CVE-2024-23550 (HCL DevOps Deploy / HCL Launch (UCD) could disclose sensitive 
user inf ...)
@@ -527,7 +537,7 @@ CVE-2023-7069 (The Advanced iFrame plugin for WordPress is 
vulnerable to Stored
        NOT-FOR-US: WordPress plugin
 CVE-2023-51939 (An issue in the cp_bbs_sig function in 
relic/src/cp/relic_cp_bbs.c of  ...)
        NOT-FOR-US: relic-toolkit
-CVE-2024-0853 [OCSP verification bypass with TLS session reuse]
+CVE-2024-0853 (curl inadvertently kept the SSL session ID for connections in 
its cach ...)
        - curl 8.6.0-1
        [bookworm] - curl <not-affected> (Vulnerable code introduced later)
        [bullseye] - curl <not-affected> (Vulnerable code introduced later)
@@ -3829,6 +3839,7 @@ CVE-2024-0482 (A vulnerability classified as critical has 
been found in Taokeyun
 CVE-2024-0481 (A vulnerability was found in Taokeyun up to 1.0.5. It has been 
rated a ...)
        NOT-FOR-US: Taokeyun
 CVE-2024-23301 (Relax-and-Recover (aka ReaR) through 2.7 creates a 
world-readable init ...)
+       {DLA-3733-1}
        - rear <unfixed> (bug #1060747)
        [bookworm] - rear <no-dsa> (Minor issue)
        [bullseye] - rear <no-dsa> (Minor issue)
@@ -7360,6 +7371,7 @@ CVE-2023-51764 (Postfix through 3.8.5 allows SMTP 
smuggling unless configured wi
 CVE-2023-51763 (csv_builder.rb in ActiveAdmin (aka Active Admin) before 3.2.0 
allows C ...)
        NOT-FOR-US: ActiveAdmin (aka Active Admin)
 CVE-2023-7090 (A flaw was found in sudo in the handling of ipa_hostname, where 
ipa_ho ...)
+       {DLA-3732-1}
        - sudo 1.8.28p1-1
        NOTE: 
https://github.com/sudo-project/sudo/commit/e99082e05b9f0dd0e0f47fa1d2e1b9d922ea8c4c
 (SUDO_1_8_28p1)
        NOTE: https://www.sudo.ws/repos/sudo/rev/b4f31dbe3109
@@ -27492,14 +27504,14 @@ CVE-2023-41362 (MyBB before 1.8.36 allows Code 
Injection by users with certain h
 CVE-2023-41037 (OpenPGP.js is a JavaScript implementation of the OpenPGP 
protocol. In  ...)
        - node-openpgp <itp> (bug #787774)
 CVE-2023-40890 (A stack-based buffer overflow vulnerability exists in the 
lookup_seque ...)
-       {DLA-3675-1}
+       {DSA-5614-1 DLA-3675-1}
        - zbar 0.23.92-9 (bug #1051724)
        NOTE: https://hackmd.io/@cspl/H1PxPAUnn
        NOTE: https://github.com/mchehab/zbar/issues/263
        NOTE: https://github.com/mchehab/zbar/pull/276
        NOTE: 
https://github.com/mchehab/zbar/commit/012a030250a203e5529d09caedea7ad7173dacfd
 CVE-2023-40889 (A heap-based buffer overflow exists in the 
qr_reader_match_centers fun ...)
-       {DLA-3675-1}
+       {DSA-5614-1 DLA-3675-1}
        - zbar 0.23.92-9 (bug #1051724)
        NOTE: https://hackmd.io/@cspl/B1ZkFZv23
        NOTE: https://github.com/mchehab/zbar/issues/263
@@ -50370,10 +50382,12 @@ CVE-2023-28488 (client.c in gdhcp in ConnMan through 
1.41 could be used by netwo
        NOTE: https://github.com/moehw/poc_exploits/tree/master/CVE-2023-28488
        NOTE: 
https://git.kernel.org/pub/scm/network/connman/connman.git/commit/?id=99e2c16ea1cced34a5dc450d76287a1c3e762138
 CVE-2023-28487 (Sudo before 1.9.13 does not escape control characters in 
sudoreplay ou ...)
+       {DLA-3732-1}
        - sudo 1.9.13p1-1
        [bullseye] - sudo <no-dsa> (Minor issue)
        NOTE: 
https://github.com/sudo-project/sudo/commit/334daf92b31b79ce68ed75e2ee14fca265f029ca
 CVE-2023-28486 (Sudo before 1.9.13 does not escape control characters in log 
messages.)
+       {DLA-3732-1}
        - sudo 1.9.13p1-1
        [bullseye] - sudo <no-dsa> (Minor issue)
        NOTE: 
https://github.com/sudo-project/sudo/commit/334daf92b31b79ce68ed75e2ee14fca265f029ca



View it on GitLab: 
https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/f614a1943f044dedecd07eb9c8fb8ba2f6753034

-- 
View it on GitLab: 
https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/f614a1943f044dedecd07eb9c8fb8ba2f6753034
You're receiving this email because of your account on salsa.debian.org.

_______________________________________________
debian-security-tracker-commits mailing list
debian-security-tracker-commits@alioth-lists.debian.net
https://alioth-lists.debian.net/cgi-bin/mailman/listinfo/debian-security-tracker-commits

[Git][security-tracker-team/security-tracker][master] automatic update

Reply via email to