[Git][security-tracker-team/security-tracker][master] automatic update

Salvatore Bonaccorso (@carnil) Wed, 07 Feb 2024 13:06:26 -0800


Salvatore Bonaccorso pushed to branch master at Debian Security Tracker / 
security-tracker



Commits:
8fcaa299 by security tracker role at 2024-02-07T20:11:41+00:00
automatic update

- - - - -


1 changed file:

- data/CVE/list


Changes:

=====================================
data/CVE/list
=====================================
@@ -1,3 +1,87 @@
+CVE-2024-25201 (Espruino 2v20 (commit fcc9ba4) was discovered to contain an 
Out-of-bou ...)
+       TODO: check
+CVE-2024-25200 (Espruino 2v20 (commit fcc9ba4) was discovered to contain a 
Stack Overf ...)
+       TODO: check
+CVE-2024-25145 (Stored cross-site scripting (XSS) vulnerability in the Portal 
Search m ...)
+       TODO: check
+CVE-2024-25143 (The Document and Media widget In Liferay Portal 7.2.0 through 
7.3.6, a ...)
+       TODO: check
+CVE-2024-24824 (Graylog is a free and open log management platform. Starting 
in versio ...)
+       TODO: check
+CVE-2024-24823 (Graylog is a free and open log management platform. Starting 
in versio ...)
+       TODO: check
+CVE-2024-24822 (Pimcore's Admin Classic Bundle provides a backend user 
interface for P ...)
+       TODO: check
+CVE-2024-24816 (CKEditor4 is an open source what-you-see-is-what-you-get HTML 
editor.  ...)
+       TODO: check
+CVE-2024-24815 (CKEditor4 is an open source what-you-see-is-what-you-get HTML 
editor.  ...)
+       TODO: check
+CVE-2024-24812 (Frappe is a full-stack web application framework that uses 
Python and  ...)
+       TODO: check
+CVE-2024-24811 (SQLAlchemyDA is a generic database adapter for ZSQL methods. A 
vulnera ...)
+       TODO: check
+CVE-2024-24771 (Open Forms allows users create and publish smart forms. 
Versions prior ...)
+       TODO: check
+CVE-2024-24706 (Cross-Site Request Forgery (CSRF) vulnerability in Forum One 
WP-CFM wp ...)
+       TODO: check
+CVE-2024-24563 (Vyper is a Pythonic Smart Contract Language for the Ethereum 
Virtual M ...)
+       TODO: check
+CVE-2024-24488 (An issue in Shenzen Tenda Technology CP3V2.0 
V11.10.00.2311090948 allo ...)
+       TODO: check
+CVE-2024-24311 (Path Traversal vulnerability in Linea Grafica "Multilingual 
and Multis ...)
+       TODO: check
+CVE-2024-24304 (In the module "Mailjet" (mailjet) from Mailjet for PrestaShop 
before v ...)
+       TODO: check
+CVE-2024-24303 (SQL Injection vulnerability in HiPresta "Gift Wrapping Pro" 
(hiadvance ...)
+       TODO: check
+CVE-2024-24189 (Jsish v3.5.0 (commit 42c694c) was discovered to contain a 
use-after-fr ...)
+       TODO: check
+CVE-2024-24188 (Jsish v3.5.0 was discovered to contain a heap-buffer-overflow 
in ./src ...)
+       TODO: check
+CVE-2024-24186 (Jsish v3.5.0 (commit 42c694c) was discovered to contain a 
stack-overfl ...)
+       TODO: check
+CVE-2024-24133 (Atmail v6.6.0 was discovered to contain a SQL injection 
vulnerability  ...)
+       TODO: check
+CVE-2024-24131 (SuperWebMailer v9.31.0.01799 was discovered to contain a 
reflected cro ...)
+       TODO: check
+CVE-2024-24130 (Mail2World v12 Business Control Center was discovered to 
contain a ref ...)
+       TODO: check
+CVE-2024-23806 (Sensitive data can be extracted from HID iCLASS SE reader 
configuratio ...)
+       TODO: check
+CVE-2024-23769 (Improper privilege control for the named pipe in Samsung 
Magician PC S ...)
+       TODO: check
+CVE-2024-22984
+       REJECTED
+CVE-2024-22012 (In TBD of TBD, there is a possible out of bounds write due to 
a missin ...)
+       TODO: check
+CVE-2024-20290 (A vulnerability in the OLE2 file format parser of ClamAV could 
allow a ...)
+       TODO: check
+CVE-2024-20255 (A vulnerability in the SOAP API of Cisco Expressway Series and 
Cisco T ...)
+       TODO: check
+CVE-2024-20254 (Multiple vulnerabilities in Cisco Expressway Series and Cisco 
TelePres ...)
+       TODO: check
+CVE-2024-20252 (Multiple vulnerabilities in Cisco Expressway Series and Cisco 
TelePres ...)
+       TODO: check
+CVE-2024-1118 (The Podlove Subscribe button plugin for WordPress is vulnerable 
to UNI ...)
+       TODO: check
+CVE-2024-1110 (The Podlove Podcast Publisher plugin for WordPress is 
vulnerable to un ...)
+       TODO: check
+CVE-2024-1109 (The Podlove Podcast Publisher plugin for WordPress is 
vulnerable to un ...)
+       TODO: check
+CVE-2023-47700 (IBM SAN Volume Controller, IBM Storwize, IBM FlashSystem and 
IBM Stora ...)
+       TODO: check
+CVE-2023-46914 (SQL Injection vulnerability in RM bookingcalendar module for 
PrestaSho ...)
+       TODO: check
+CVE-2023-43017 (IBM Security Verify Access 10.0.0.0 through 10.0.6.1 could 
allow a pri ...)
+       TODO: check
+CVE-2023-38995 (An issue in SCHUHFRIED v.8.22.00 allows remote attacker to 
obtain the  ...)
+       TODO: check
+CVE-2023-38369 (IBM Security Access Manager Container 10.0.0.0 through 
10.0.6.1 does n ...)
+       TODO: check
+CVE-2023-32330 (IBM Security Verify Access 10.0.0.0 through 10.0.6.1 uses 
insecure cal ...)
+       TODO: check
+CVE-2023-32328 (IBM Security Verify Access 10.0.0.0 through 10.0.6.1 uses 
insecure pro ...)
+       TODO: check
 CVE-2024-25140 (A default installation of RustDesk 1.2.3 on Windows places a 
WDKTestCe ...)
        NOT-FOR-US: RustDesk
 CVE-2024-24943 (In JetBrains Toolbox App before 2.2 a DoS attack was possible 
via a ma ...)
@@ -7579,7 +7663,7 @@ CVE-2023-52084 (Winter is a free, open-source content 
management system. Prior t
        NOT-FOR-US: Winter CMS
 CVE-2023-52083 (Winter is a free, open-source content management system.  
Prior to 1.2 ...)
        NOT-FOR-US: Winter CMS
-CVE-2023-51437
+CVE-2023-51437 (Observable timing discrepancy vulnerability in Apache Pulsar 
SASL Auth ...)
        NOT-FOR-US: Apache Pulsar
 CVE-2023-51435 (Some Honor products are affected by incorrect privilege 
assignment vul ...)
        NOT-FOR-US: Honor
@@ -23778,7 +23862,7 @@ CVE-2023-40375 (Integrated application server for IBM i 
7.2, 7.3, 7.4, and 7.5 c
        NOT-FOR-US: IBM
 CVE-2023-40307 (An attacker with standard privileges on macOS when requesting 
administ ...)
        NOT-FOR-US: SAP
-CVE-2023-39196
+CVE-2023-39196 (Improper Authentication vulnerability in Apache Ozone.  The 
vulnerabil ...)
        NOT-FOR-US: Apache Ozone
 CVE-2023-39195
        REJECTED
@@ -43171,8 +43255,8 @@ CVE-2023-31004 (IBM Security Access Manager Container 
(IBM Security Verify Acces
        NOT-FOR-US: IBM
 CVE-2023-31003 (IBM Security Access Manager Container (IBM Security Verify 
Access Appl ...)
        NOT-FOR-US: IBM
-CVE-2023-31002
-       RESERVED
+CVE-2023-31002 (IBM Security Access Manager Container 10.0.0.0 through 
10.0.6.1 tempor ...)
+       TODO: check
 CVE-2023-31001 (IBM Security Access Manager Container (IBM Security Verify 
Access Appl ...)
        NOT-FOR-US: IBM
 CVE-2023-31000
@@ -74075,7 +74159,7 @@ CVE-2022-47438 (Auth. (editor+) Stored Cross-Site 
Scripting (XSS) vulnerability
        NOT-FOR-US: WordPress plugin
 CVE-2022-47437 (Auth. (admin+) Stored Cross-Site Scripting (XSS) vulnerability 
in Bran ...)
        NOT-FOR-US: WordPress plugin
-CVE-2022-47436 (Auth. (admin+) Stored Cross-Site Scripting (XSS) vulnerability 
in Mant ...)
+CVE-2022-47436 (Improper Neutralization of Input During Web Page Generation 
('Cross-si ...)
        NOT-FOR-US: WordPress plugin
 CVE-2022-47435 (Auth. (admin+) Stored Cross-Site Scripting (XSS) vulnerability 
in Oliv ...)
        NOT-FOR-US: WordPress plugin



View it on GitLab: 
https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/8fcaa299747bf49998d2ba4ad513ee22d5fb969f

-- 
View it on GitLab: 
https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/8fcaa299747bf49998d2ba4ad513ee22d5fb969f
You're receiving this email because of your account on salsa.debian.org.

_______________________________________________
debian-security-tracker-commits mailing list
debian-security-tracker-commits@alioth-lists.debian.net
https://alioth-lists.debian.net/cgi-bin/mailman/listinfo/debian-security-tracker-commits

[Git][security-tracker-team/security-tracker][master] automatic update

Reply via email to