[Git][security-tracker-team/security-tracker][master] automatic update

Salvatore Bonaccorso (@carnil) Mon, 26 Feb 2024 12:13:52 -0800


Salvatore Bonaccorso pushed to branch master at Debian Security Tracker / 
security-tracker



Commits:
80a89ccd by security tracker role at 2024-02-26T20:12:16+00:00
automatic update

- - - - -


1 changed file:

- data/CVE/list


Changes:

=====================================
data/CVE/list
=====================================
@@ -1,31 +1,131 @@
+CVE-2024-27092 (Hoppscotch is an API development ecosystem.  Due to lack of 
validation ...)
+       TODO: check
+CVE-2024-27088 (es5-ext contains ECMAScript 5 extensions. Passing functions 
with very  ...)
+       TODO: check
+CVE-2024-27087 (Kirby is a content management system. The new link field 
introduced in ...)
+       TODO: check
+CVE-2024-27084
+       REJECTED
+CVE-2024-27081 (ESPHome is a system to control your ESP8266/ESP32. A security 
misconfi ...)
+       TODO: check
+CVE-2024-26468 (A DOM based cross-site scripting (XSS) vulnerability in the 
component  ...)
+       TODO: check
+CVE-2024-26467 (A DOM based cross-site scripting (XSS) vulnerability in the 
component  ...)
+       TODO: check
+CVE-2024-26466 (A DOM based cross-site scripting (XSS) vulnerability in the 
component  ...)
+       TODO: check
+CVE-2024-26465 (A DOM based cross-site scripting (XSS) vulnerability in the 
component  ...)
+       TODO: check
+CVE-2024-26462 (Kerberos 5 (aka krb5) 1.21.2 contains a memory leak 
vulnerability in / ...)
+       TODO: check
+CVE-2024-26461 (Kerberos 5 (aka krb5) 1.21.2 contains a memory leak 
vulnerability in / ...)
+       TODO: check
+CVE-2024-26458 (Kerberos 5 (aka krb5) 1.21.2 contains a memory leak in 
/krb5/src/lib/r ...)
+       TODO: check
+CVE-2024-26455 (fluent-bit 2.2.2 contains a Use-After-Free vulnerability in 
/fluent-bi ...)
+       TODO: check
+CVE-2024-25925 (Unrestricted Upload of File with Dangerous Type vulnerability 
in SYSBA ...)
+       TODO: check
+CVE-2024-25913 (Unrestricted Upload of File with Dangerous Type vulnerability 
in Skymo ...)
+       TODO: check
+CVE-2024-25909 (Unrestricted Upload of File with Dangerous Type vulnerability 
in JoomU ...)
+       TODO: check
+CVE-2024-25770 (libming 0.4.8 contains a memory leak vulnerability in 
/libming/src/act ...)
+       TODO: check
+CVE-2024-25768 (OpenDMARC 1.4.2 contains a null pointer dereference 
vulnerability in / ...)
+       TODO: check
+CVE-2024-25767 (nanomq 0.21.2 contains a Use-After-Free vulnerability in 
/nanomq/nng/s ...)
+       TODO: check
+CVE-2024-25763 (openNDS 10.2.0 is vulnerable to Use-After-Free via 
/openNDS/src/auth.c ...)
+       TODO: check
+CVE-2024-25760 (yasm 1.3.0 contains a memory leak via 
/yasm/tools/genmacro/genmacro.c.)
+       TODO: check
+CVE-2024-25410 (flusity-CMS 2.33 is vulnerable to Unrestricted Upload of File 
with Dan ...)
+       TODO: check
+CVE-2024-25344 (Cross Site Scripting vulnerability in ITFlow.org before commit 
v.43248 ...)
+       TODO: check
+CVE-2024-25082 (Splinefont in FontForge through 20230101 allows command 
injection via  ...)
+       TODO: check
+CVE-2024-25081 (Splinefont in FontForge through 20230101 allows command 
injection via  ...)
+       TODO: check
+CVE-2024-24714 (Unrestricted Upload of File with Dangerous Type vulnerability 
in bPlug ...)
+       TODO: check
+CVE-2024-24568 (Suricata is a network Intrusion Detection System, Intrusion 
Prevention ...)
+       TODO: check
+CVE-2024-24528
+       REJECTED
+CVE-2024-24402 (An issue in Nagios XI 2024R1.01 allows a remote attacker to 
escalate p ...)
+       TODO: check
+CVE-2024-24401 (SQL Injection vulnerability in Nagios XI 2024R1.01 allows a 
remote att ...)
+       TODO: check
+CVE-2024-23839 (Suricata is a network Intrusion Detection System, Intrusion 
Prevention ...)
+       TODO: check
+CVE-2024-23837 (LibHTP is a security-aware parser for the HTTP protocol. 
Crafted traff ...)
+       TODO: check
+CVE-2024-23836 (Suricata is a network Intrusion Detection System, Intrusion 
Prevention ...)
+       TODO: check
+CVE-2024-23835 (Suricata is a network Intrusion Detection System, Intrusion 
Prevention ...)
+       TODO: check
+CVE-2024-23605 (A heap-based buffer overflow vulnerability exists in the GGUF 
library  ...)
+       TODO: check
+CVE-2024-23496 (A heap-based buffer overflow vulnerability exists in the GGUF 
library  ...)
+       TODO: check
+CVE-2024-22873 (Tencent Blueking CMDB v3.2.x to v3.9.x was discovered to 
contain a Ser ...)
+       TODO: check
+CVE-2024-22201 (Jetty is a Java based web server and servlet engine. An HTTP/2 
SSL con ...)
+       TODO: check
+CVE-2024-21836 (A heap-based buffer overflow vulnerability exists in the GGUF 
library  ...)
+       TODO: check
+CVE-2024-21825 (A heap-based buffer overflow vulnerability exists in the GGUF 
library  ...)
+       TODO: check
+CVE-2024-21802 (A heap-based buffer overflow vulnerability exists in the GGUF 
library  ...)
+       TODO: check
+CVE-2024-1899 (An issue in the anchors subparser of Showdownjs versions <= 
2.1.0 coul ...)
+       TODO: check
+CVE-2024-1890 (Vulnerability whereby an attacker could send a malicious link 
to an au ...)
+       TODO: check
+CVE-2024-1889 (Cross-Site Request Forgery vulnerability in SMA Cluster 
Controller, af ...)
+       TODO: check
+CVE-2024-1622 (Due to a mistake in error checking, Routinator will terminate 
when an  ...)
+       TODO: check
+CVE-2024-1436 (Exposure of Sensitive Information to an Unauthorized Actor 
vulnerabili ...)
+       TODO: check
+CVE-2024-0387 (The EDS-4000/G4000 Series prior to version 3.2 includes IP 
forwarding  ...)
+       TODO: check
+CVE-2023-49960 (In Indo-Sol PROFINET-INspektor NT through 2.4.0, a path 
traversal vuln ...)
+       TODO: check
+CVE-2023-49959 (In Indo-Sol PROFINET-INspektor NT through 2.4.0, a command 
injection v ...)
+       TODO: check
+CVE-2023-49114 (A DLL hijacking vulnerability was identified in the Qognify 
VMS Client ...)
+       TODO: check
 CVE-2023-51518
        NOT-FOR-US: Apache James
-CVE-2023-52474 [IB/hfi1: Fix bugs with non-PAGE_SIZE-end multi-iovec user SDMA 
requests]
+CVE-2023-52474 (In the Linux kernel, the following vulnerability has been 
resolved:  I ...)
        - linux 6.3.7-1
        [bookworm] - linux 6.1.37-1
        [bullseye] - linux 5.10.191-1
        NOTE: 
https://git.kernel.org/linus/00cbce5cbf88459cd1aa1d60d0f1df15477df127 (6.4-rc1)
-CVE-2021-46906 [HID: usbhid: fix info leak in hid_submit_ctrl]
+CVE-2021-46906 (In the Linux kernel, the following vulnerability has been 
resolved:  H ...)
        - linux 5.14.6-1
        [bullseye] - linux 5.10.46-1
        [buster] - linux 4.19.208-1
        NOTE: 
https://git.kernel.org/linus/6be388f4a35d2ce5ef7dbf635a8964a5da7f799f (5.13-rc5)
-CVE-2020-36775 [f2fs: fix to avoid potential deadlock]
+CVE-2020-36775 (In the Linux kernel, the following vulnerability has been 
resolved:  f ...)
        - linux 5.6.7-1
        NOTE: 
https://git.kernel.org/linus/df77fbd8c5b222c680444801ffd20e8bbc90a56e (5.7-rc1)
-CVE-2019-25162 [i2c: Fix a potential use after free]
+CVE-2019-25162 (In the Linux kernel, the following vulnerability has been 
resolved:  i ...)
        - linux 5.19.6-1
        [bullseye] - linux 5.10.140-1
        [buster] - linux 4.19.260-1
        NOTE: 
https://git.kernel.org/linus/e4c72c06c367758a14f227c847f9d623f1994ecf (6.0-rc1)
-CVE-2019-25161 [drm/amd/display: prevent memory leak]
+CVE-2019-25161 (In the Linux kernel, the following vulnerability has been 
resolved:  d ...)
        - linux 5.4.6-1
        [buster] - linux 4.19.146-1
        NOTE: 
https://git.kernel.org/linus/104c307147ad379617472dd91a5bcb368d72bd6d (5.4-rc1)
-CVE-2019-25160 [netlabel: fix out-of-bounds memory accesses]
+CVE-2019-25160 (In the Linux kernel, the following vulnerability has been 
resolved:  n ...)
        - linux 4.19.28-1
        NOTE: 
https://git.kernel.org/linus/5578de4834fe0f2a34fedc7374be691443396d1f (5.0)
-CVE-2024-26606 [binder: signal epoll threads of self-work]
+CVE-2024-26606 (In the Linux kernel, the following vulnerability has been 
resolved:  b ...)
        - linux <unfixed>
        NOTE: 
https://git.kernel.org/linus/97830f3c3088638ff90b20dfba2eb4d487bf14d7 (6.8-rc3)
 CVE-2024-27456 (rack-cors (aka Rack CORS Middleware) 2.0.1 has 0666 
permissions for th ...)
@@ -209,7 +309,7 @@ CVE-2024-21423 (Microsoft Edge (Chromium-based) Information 
Disclosure Vulnerabi
        NOT-FOR-US: Microsoft
 CVE-2024-1810 (The Archivist \u2013 Custom Archive Templates plugin for 
WordPress is  ...)
        NOT-FOR-US: WordPress plugin
-CVE-2024-22371
+CVE-2024-22371 (Exposure of sensitive data by by crafting a malicious 
EventFactory and ...)
        NOT-FOR-US: Apache Camel
 CVE-2024-27319 (Versions of the package onnx before and including 1.15.0 are 
vulnerabl ...)
        NOT-FOR-US: onnx
@@ -622,9 +722,9 @@ CVE-2024-26484 (A stored cross-site scripting (XSS) 
vulnerability in the Edit Co
        NOT-FOR-US: Kirby CMS module
 CVE-2024-26483 (An arbitrary file upload vulnerability in the Profile Image 
module of  ...)
        NOT-FOR-US: Kirby CMS module
-CVE-2024-26482 (An HTML injection vulnerability in the Edit Content Layout 
module of K ...)
+CVE-2024-26482 (An HTML injection vulnerability exists in the Edit Content 
Layout modu ...)
        NOT-FOR-US: Kirby CMS module
-CVE-2024-26481 (Kirby CMS v4.1.0 was discovered to contain a reflected 
cross-site scri ...)
+CVE-2024-26481 (Kirby CMS v4.1.0 was discovered to contain a reflected 
self-XSS vulner ...)
        NOT-FOR-US: Kirby CMS
 CVE-2024-26148 (Querybook is a user interface for querying big data. Prior to 
version  ...)
        NOT-FOR-US: Querybook
@@ -3421,6 +3521,7 @@ CVE-2024-24829 (Sentry is an error tracking and 
performance monitoring platform.
 CVE-2024-24825 (DIRAC is a distributed resource framework. In affected 
versions any us ...)
        NOT-FOR-US: DIRAC
 CVE-2024-24821 (Composer is a dependency Manager for the PHP language. In 
affected ver ...)
+       {DSA-5632-1}
        - composer 2.7.1-1 (bug #1063603)
        NOTE: 
https://github.com/composer/composer/security/advisories/GHSA-7c6p-848j-wh5h
        NOTE: 
https://github.com/composer/composer/commit/64e4eb356b159a30c766cd1ea83450a38dc23bf5
 (2.7.0)
@@ -4432,7 +4533,7 @@ CVE-2023-5643 (Out-of-bounds Write vulnerability in Arm 
Ltd Bifrost GPU Kernel D
 CVE-2023-5249 (Use After Free vulnerability in Arm Ltd Bifrost GPU Kernel 
Driver, Arm ...)
        NOT-FOR-US: Arm
 CVE-2023-52138 (Engrampa is an archive manager for the MATE environment. 
Engrampa is f ...)
-       {DSA-5625-1}
+       {DSA-5625-1 DLA-3741-1}
        - engrampa 1.26.2-1 (bug #1063494)
        NOTE: 
https://github.com/mate-desktop/engrampa/security/advisories/GHSA-c98h-v39w-3r7v
        NOTE: 
https://github.com/mate-desktop/engrampa/commit/63d5dfa9005c6b16d0f0ccd888cc859fca78f970
@@ -7960,6 +8061,7 @@ CVE-2024-0555 (A Cross-Site Request Forgery (CSRF) 
vulnerability has been found
 CVE-2024-0554 (A Cross-site scripting (XSS) vulnerability has been found on 
WIC1200,  ...)
        NOT-FOR-US: WIC200
 CVE-2024-0553 (A vulnerability was found in GnuTLS. The response times to 
malformed c ...)
+       {DLA-3740-1}
        - gnutls28 3.8.3-1 (bug #1061046)
        [bookworm] - gnutls28 3.7.9-2+deb12u2
        [bullseye] - gnutls28 <not-affected> (Incomplete fix for CVE-2023-5981 
not published officially in any Debian bullseye release)



View it on GitLab: 
https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/80a89ccd4f9b3d0cfc7f49cb9884987b04f38080

-- 
View it on GitLab: 
https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/80a89ccd4f9b3d0cfc7f49cb9884987b04f38080
You're receiving this email because of your account on salsa.debian.org.

_______________________________________________
debian-security-tracker-commits mailing list
debian-security-tracker-commits@alioth-lists.debian.net
https://alioth-lists.debian.net/cgi-bin/mailman/listinfo/debian-security-tracker-commits

[Git][security-tracker-team/security-tracker][master] automatic update

Reply via email to