Salvatore Bonaccorso pushed to branch master at Debian Security Tracker /
security-tracker
Commits:
6589665c by security tracker role at 2024-02-21T08:11:42+00:00
automatic update
- - - - -
1 changed file:
- data/CVE/list
Changes:
=====================================
data/CVE/list
=====================================
@@ -1,32 +1,164 @@
-CVE-2024-1676
+CVE-2024-26269 (Cross-site scripting (XSS) vulnerability in the Frontend JS
module's p ...)
+ TODO: check
+CVE-2024-26266 (Multiple stored cross-site scripting (XSS) vulnerabilities in
Liferay ...)
+ TODO: check
+CVE-2024-26140 (com.yetanalytics/lrs is the Yet Analytics Core LRS Library.
Prior to v ...)
+ TODO: check
+CVE-2024-26136 (kedi ElectronCord is a bot management tool for Discord. Commit
aaaeaf4 ...)
+ TODO: check
+CVE-2024-25905 (Cross-Site Request Forgery (CSRF) vulnerability in Mondula
GmbH Multi ...)
+ TODO: check
+CVE-2024-25904 (Cross-Site Request Forgery (CSRF) vulnerability in David
Stockl TinyMC ...)
+ TODO: check
+CVE-2024-25603 (Stored cross-site scripting (XSS) vulnerability in the Dynamic
Data Ma ...)
+ TODO: check
+CVE-2024-25602 (Stored cross-site scripting (XSS) vulnerability in Users Admin
module' ...)
+ TODO: check
+CVE-2024-25601 (Stored cross-site scripting (XSS) vulnerability in Expando
module's ge ...)
+ TODO: check
+CVE-2024-25428 (SQL Injection vulnerability in MRCMS v3.1.2 allows attackers
to run ar ...)
+ TODO: check
+CVE-2024-25152 (Stored cross-site scripting (XSS) vulnerability in Message
Board widge ...)
+ TODO: check
+CVE-2024-25151 (The Calendar module in Liferay Portal 7.2.0 through 7.4.2, and
older u ...)
+ TODO: check
+CVE-2024-25147 (Cross-site scripting (XSS) vulnerability in
HtmlUtil.escapeJsLink in L ...)
+ TODO: check
+CVE-2024-25141 (When sslwas enabled for Mongo Hook, default settings included
"allow_i ...)
+ TODO: check
+CVE-2024-24876 (Cross-Site Request Forgery (CSRF) vulnerability in Janis Elsts
Admin M ...)
+ TODO: check
+CVE-2024-24872 (Cross-Site Request Forgery (CSRF) vulnerability in Themify
Themify Bui ...)
+ TODO: check
+CVE-2024-24849 (Cross-Site Request Forgery (CSRF) vulnerability in Mark
Stockton Quick ...)
+ TODO: check
+CVE-2024-24843 (Cross-Site Request Forgery (CSRF) vulnerability in PowerPack
Addons fo ...)
+ TODO: check
+CVE-2024-24837 (Cross-Site Request Forgery (CSRF) vulnerability in
Fr\xe9d\xe9ric GILL ...)
+ TODO: check
+CVE-2024-24802 (Cross-Site Request Forgery (CSRF) vulnerability in John Tendik
JTRT Re ...)
+ TODO: check
+CVE-2024-24798 (Cross-Site Request Forgery (CSRF) vulnerability in SoniNow
Team Debug. ...)
+ TODO: check
+CVE-2024-23830 (MantisBT is an open source issue tracker. Prior to version
2.26.1, an ...)
+ TODO: check
+CVE-2024-23758 (An issue discovered in Unisys Stealth 5.3.062.0 allows
attackers to vi ...)
+ TODO: check
+CVE-2024-22235 (VMware Aria Operations contains a local privilege escalation
vulnerabi ...)
+ TODO: check
+CVE-2024-1631 (Impact: The library offers a function to generate an ed25519
key pair ...)
+ TODO: check
+CVE-2024-1562 (The WooCommerce Google Sheet Connector plugin for WordPress is
vulnera ...)
+ TODO: check
+CVE-2024-1501 (The Database Reset plugin for WordPress is vulnerable to
Cross-Site Re ...)
+ TODO: check
+CVE-2024-1108 (The Plugin Groups plugin for WordPress is vulnerable to
unauthorized m ...)
+ TODO: check
+CVE-2024-1081 (The 3D FlipBook \u2013 PDF Flipbook WordPress plugin for
WordPress is ...)
+ TODO: check
+CVE-2024-0593 (The Simple Job Board plugin for WordPress is vulnerable to
unauthorize ...)
+ TODO: check
+CVE-2023-52442 (In the Linux kernel, the following vulnerability has been
resolved: k ...)
+ TODO: check
+CVE-2023-52441 (In the Linux kernel, the following vulnerability has been
resolved: k ...)
+ TODO: check
+CVE-2023-52440 (In the Linux kernel, the following vulnerability has been
resolved: k ...)
+ TODO: check
+CVE-2023-50923 (In QUIC in RFC 9000, the Latency Spin Bit specification
(section 17.4) ...)
+ TODO: check
+CVE-2023-49034 (Cross Site Scripting (XSS) vulnerability in ProjeQtOr 11.0.2
allows a ...)
+ TODO: check
+CVE-2023-47422 (An access control issue in /usr/sbin/httpd in Tenda TX9 V1
V22.03.02.5 ...)
+ TODO: check
+CVE-2023-46967 (Cross Site Scripting vulnerability in the sanitize function in
Enhance ...)
+ TODO: check
+CVE-2023-42953 (A permissions issue was addressed with additional
restrictions. This i ...)
+ TODO: check
+CVE-2023-42952 (The issue was addressed with improved checks. This issue is
fixed in i ...)
+ TODO: check
+CVE-2023-42951 (The issue was addressed with improved handling of caches. This
issue i ...)
+ TODO: check
+CVE-2023-42946 (This issue was addressed with improved redaction of sensitive
informat ...)
+ TODO: check
+CVE-2023-42945 (A permissions issue was addressed with additional
restrictions. This i ...)
+ TODO: check
+CVE-2023-42942 (This issue was addressed with improved handling of symlinks.
This issu ...)
+ TODO: check
+CVE-2023-42939 (A logic issue was addressed with improved checks. This issue
is fixed ...)
+ TODO: check
+CVE-2023-42928 (The issue was addressed with improved bounds checks. This
issue is fix ...)
+ TODO: check
+CVE-2023-42889 (The issue was addressed with improved checks. This issue is
fixed in m ...)
+ TODO: check
+CVE-2023-42878 (A privacy issue was addressed with improved private data
redaction for ...)
+ TODO: check
+CVE-2023-42877 (The issue was addressed with improved checks. This issue is
fixed in m ...)
+ TODO: check
+CVE-2023-42873 (The issue was addressed with improved bounds checks. This
issue is fix ...)
+ TODO: check
+CVE-2023-42860 (A permissions issue was addressed with additional
restrictions. This i ...)
+ TODO: check
+CVE-2023-42859 (The issue was addressed with improved checks. This issue is
fixed in m ...)
+ TODO: check
+CVE-2023-42858 (The issue was addressed with improved checks. This issue is
fixed in m ...)
+ TODO: check
+CVE-2023-42855 (This issue was addressed with improved state management. This
issue is ...)
+ TODO: check
+CVE-2023-42853 (A logic issue was addressed with improved checks. This issue
is fixed ...)
+ TODO: check
+CVE-2023-42848 (The issue was addressed with improved bounds checks. This
issue is fix ...)
+ TODO: check
+CVE-2023-42843 (An inconsistent user interface issue was addressed with
improved state ...)
+ TODO: check
+CVE-2023-42840 (The issue was addressed with improved checks. This issue is
fixed in m ...)
+ TODO: check
+CVE-2023-42839 (This issue was addressed with improved state management. This
issue is ...)
+ TODO: check
+CVE-2023-42838 (An access issue was addressed with improvements to the
sandbox. This i ...)
+ TODO: check
+CVE-2023-42836 (A logic issue was addressed with improved checks. This issue
is fixed ...)
+ TODO: check
+CVE-2023-42835 (A logic issue was addressed with improved checks. This issue
is fixed ...)
+ TODO: check
+CVE-2023-42834 (A privacy issue was addressed with improved handling of files.
This is ...)
+ TODO: check
+CVE-2023-42823 (The issue was resolved by sanitizing logging This issue is
fixed in wa ...)
+ TODO: check
+CVE-2023-42498 (Reflected cross-site scripting (XSS) vulnerability in the
Language Ove ...)
+ TODO: check
+CVE-2023-42496 (Reflected cross-site scripting (XSS) vulnerability on the add
assignee ...)
+ TODO: check
+CVE-2023-40191 (Reflected cross-site scripting (XSS) vulnerability in the
instance set ...)
+ TODO: check
+CVE-2024-1676 (Inappropriate implementation in Navigation in Google Chrome
prior to 1 ...)
- chromium <unfixed>
[bullseye] - chromium <end-of-life> (see #1061268)
[buster] - chromium <end-of-life> (see DSA 5046)
-CVE-2024-1675
+CVE-2024-1675 (Insufficient policy enforcement in Download in Google Chrome
prior to ...)
- chromium <unfixed>
[bullseye] - chromium <end-of-life> (see #1061268)
[buster] - chromium <end-of-life> (see DSA 5046)
-CVE-2024-1674
+CVE-2024-1674 (Inappropriate implementation in Navigation in Google Chrome
prior to 1 ...)
- chromium <unfixed>
[bullseye] - chromium <end-of-life> (see #1061268)
[buster] - chromium <end-of-life> (see DSA 5046)
-CVE-2024-1673
+CVE-2024-1673 (Use after free in Accessibility in Google Chrome prior to
122.0.6261.5 ...)
- chromium <unfixed>
[bullseye] - chromium <end-of-life> (see #1061268)
[buster] - chromium <end-of-life> (see DSA 5046)
-CVE-2024-1672
+CVE-2024-1672 (Inappropriate implementation in Content Security Policy in
Google Chro ...)
- chromium <unfixed>
[bullseye] - chromium <end-of-life> (see #1061268)
[buster] - chromium <end-of-life> (see DSA 5046)
-CVE-2024-1671
+CVE-2024-1671 (Inappropriate implementation in Site Isolation in Google Chrome
prior ...)
- chromium <unfixed>
[bullseye] - chromium <end-of-life> (see #1061268)
[buster] - chromium <end-of-life> (see DSA 5046)
-CVE-2024-1670
+CVE-2024-1670 (Use after free in Mojo in Google Chrome prior to 122.0.6261.57
allowed ...)
- chromium <unfixed>
[bullseye] - chromium <end-of-life> (see #1061268)
[buster] - chromium <end-of-life> (see DSA 5046)
-CVE-2024-1669
+CVE-2024-1669 (Out of bounds memory access in Blink in Google Chrome prior to
122.0.6 ...)
- chromium <unfixed>
[bullseye] - chromium <end-of-life> (see #1061268)
[buster] - chromium <end-of-life> (see DSA 5046)
@@ -93,10 +225,11 @@ CVE-2024-24793 (A use-after-free vulnerability exists in
the DICOM Element Parsi
NOT-FOR-US: libdicom
CVE-2024-24763 (JumpServer is an open source bastion host and an operation and
mainten ...)
NOT-FOR-US: JumpServer
-CVE-2024-24475 (An issue in Qemu before v.8.2.0 allows a remote attacker to
execute ar ...)
+CVE-2024-24475
+ REJECTED
- qemu 1:8.2.0+ds-1
NOTE:
https://github.com/qemu/qemu/commit/9d9c06b144da340b9a937ed01d45a936810715be
(v8.2.0-rc0)
-CVE-2024-24474 (Buffer Overflow vulnerability in Qemu before v.8.2.0 allows a
remote a ...)
+CVE-2024-24474 (QEMU before 8.2.0 has an integer underflow, and resultant
buffer overf ...)
- qemu 1:8.2.0+ds-1
NOTE: https://gitlab.com/qemu-project/qemu/-/issues/1810
NOTE:
https://github.com/qemu/qemu/commit/77668e4b9bca03a856c27ba899a2513ddf52bb52
(v8.2.0-rc0)
@@ -11032,7 +11165,7 @@ CVE-2023-6937 (wolfSSL prior to 5.6.6 did not check
that messages in one (D)TLS
[bookworm] - wolfssl <no-dsa> (Minor issue)
[bullseye] - wolfssl <no-dsa> (Minor issue)
NOTE:
https://github.com/wolfSSL/wolfssl/blob/v5.6.6-stable/ChangeLog.md#vulnerabilities
-CVE-2023-6936
+CVE-2023-6936 (In wolfSSL prior to 5.6.6, if callback functions are enabled
(via the ...)
[experimental] - wolfssl 5.6.6-1
- wolfssl 5.6.6-1.2 (bug #1059357)
[bookworm] - wolfssl <no-dsa> (Minor issue)
@@ -203747,8 +203880,8 @@ CVE-2021-29052 (The Data Engine module in Liferay
Portal 7.3.0 through 7.3.5, an
NOT-FOR-US: Liferay
CVE-2021-29051 (Cross-site scripting (XSS) vulnerability in the Asset module's
Asset P ...)
NOT-FOR-US: Liferay
-CVE-2021-29050
- RESERVED
+CVE-2021-29050 (Cross-Site Request Forgery (CSRF) vulnerability in the terms
of use pa ...)
+ TODO: check
CVE-2021-29049 (Cross-site scripting (XSS) vulnerability in the Portal
Workflow module ...)
NOT-FOR-US: Liferay
CVE-2021-29048 (Cross-site scripting (XSS) vulnerability in the Layout
module's page a ...)
@@ -203771,8 +203904,8 @@ CVE-2021-29040 (The JSON web services in Liferay
Portal 7.3.4 and earlier, and L
NOT-FOR-US: Liferay
CVE-2021-29039 (Cross-site scripting (XSS) vulnerability in the Asset module's
categor ...)
NOT-FOR-US: Liferay
-CVE-2021-29038
- RESERVED
+CVE-2021-29038 (Liferay Portal 7.2.0 through 7.3.5, and older unsupported
versions, an ...)
+ TODO: check
CVE-2021-29037
RESERVED
CVE-2021-29036
View it on GitLab:
https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/6589665c3f7c8f374a79e58a209540be1c08adf9
--
View it on GitLab:
https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/6589665c3f7c8f374a79e58a209540be1c08adf9
You're receiving this email because of your account on salsa.debian.org.
_______________________________________________
debian-security-tracker-commits mailing list
debian-security-tracker-commits@alioth-lists.debian.net
https://alioth-lists.debian.net/cgi-bin/mailman/listinfo/debian-security-tracker-commits
