Salvatore Bonaccorso pushed to branch master at Debian Security Tracker / security-tracker
Commits: fd49bd10 by security tracker role at 2024-01-03T20:11:38+00:00 automatic update - - - - - 1 changed file: - data/CVE/list Changes: ===================================== data/CVE/list ===================================== @@ -1,6 +1,106 @@ -CVE-2023-51785 +CVE-2024-21911 (TinyMCE versions before 5.6.0 are affected by a stored cross-site scri ...) + TODO: check +CVE-2024-21910 (TinyMCE versions before 5.10.0 are affected by a cross-site scripting ...) + TODO: check +CVE-2024-21909 (PeterO.Cbor versions 4.0.0 through 4.5.0 are vulnerable to a denial of ...) + TODO: check +CVE-2024-21908 (TinyMCE versions before 5.9.0 are affected by a stored cross-site scri ...) + TODO: check +CVE-2024-21907 (Newtonsoft.Json before version 13.0.1 is affected by a mishandling of ...) + TODO: check +CVE-2024-21633 (Apktool is a tool for reverse engineering Android APK files. In versio ...) + TODO: check +CVE-2024-21631 (Vapor is an HTTP web framework for Swift. Prior to version 4.90.0, Vap ...) + TODO: check +CVE-2024-21622 (Craft is a content management system. This is a potential moderate imp ...) + TODO: check +CVE-2024-0217 (A use-after-free flaw was found in PackageKitd. In some conditions, th ...) + TODO: check +CVE-2024-0201 (The Product Expiry for WooCommerce plugin for WordPress is vulnerable ...) + TODO: check +CVE-2023-7068 (The WooCommerce PDF Invoices, Packing Slips, Delivery Notes and Shippi ...) + TODO: check +CVE-2023-6984 (The PowerPack Addons for Elementor (Free Widgets, Extensions and Templ ...) + TODO: check +CVE-2023-6747 (The Best WordPress Gallery Plugin \u2013 FooGallery plugin for WordPre ...) + TODO: check +CVE-2023-6621 (The POST SMTP WordPress plugin before 2.8.7 does not sanitise and esca ...) + TODO: check +CVE-2023-5881 (Unauthenticated access permitted to web interface page The Genie Compa ...) + TODO: check +CVE-2023-5880 (When the Genie Company Aladdin Connect garage door opener (Retrofit-Ki ...) + TODO: check +CVE-2023-5879 (Users\u2019 product account authentication data was stored in clear te ...) + TODO: check +CVE-2023-52314 (PaddlePaddle before 2.6.0 has a command injection in convert_shape_com ...) + TODO: check +CVE-2023-52313 (FPE in paddle.argmin and paddle.argmaxin PaddlePaddle before 2.6.0. Th ...) + TODO: check +CVE-2023-52312 (Nullptr dereference in paddle.cropin PaddlePaddle before 2.6.0. This f ...) + TODO: check +CVE-2023-52311 (PaddlePaddle before 2.6.0 has a command injection in _wget_download. T ...) + TODO: check +CVE-2023-52310 (PaddlePaddle before 2.6.0 has a command injection in get_online_pass_i ...) + TODO: check +CVE-2023-52309 (Heap buffer overflow in paddle.repeat_interleavein PaddlePaddle before ...) + TODO: check +CVE-2023-52308 (FPE in paddle.aminin PaddlePaddle before 2.6.0. This flaw can cause a ...) + TODO: check +CVE-2023-52307 (Stack overflow in paddle.linalg.lu_unpackin PaddlePaddle before 2.6.0. ...) + TODO: check +CVE-2023-52306 (FPE in paddle.lerpin PaddlePaddle before 2.6.0. This flaw can cause a ...) + TODO: check +CVE-2023-52305 (FPE in paddle.topkin PaddlePaddle before 2.6.0. This flaw can cause a ...) + TODO: check +CVE-2023-52304 (Stack overflow in paddle.searchsortedin PaddlePaddle before 2.6.0. Thi ...) + TODO: check +CVE-2023-52303 (Nullptr in paddle.put_along_axisin PaddlePaddle before 2.6.0. This fla ...) + TODO: check +CVE-2023-52302 (Nullptr in paddle.nextafterin PaddlePaddle before 2.6.0. This flaw can ...) + TODO: check +CVE-2023-50921 (An issue was discovered on GL.iNet devices through 4.5.0. Attackers ca ...) + TODO: check +CVE-2023-50253 (Laf is a cloud development platform. In the Laf version design, the lo ...) + TODO: check +CVE-2023-50093 (APIIDA API Gateway Manager for Broadcom Layer7 v2023.2.2 is vulnerable ...) + TODO: check +CVE-2023-50092 (APIIDA API Gateway Manager for Broadcom Layer7 v2023.2 is vulnerable t ...) + TODO: check +CVE-2023-50090 (Arbitrary File Write vulnerability in the saveReportFile method of ure ...) + TODO: check +CVE-2023-46929 (An issue discovered in GPAC 2.3-DEV-rev605-gfc9e29089-master in MP4Box ...) + TODO: check +CVE-2023-46742 (CubeFS is an open-source cloud-native file storage system. CubeFS prio ...) + TODO: check +CVE-2023-46741 (CubeFS is an open-source cloud-native file storage system. A vulnerabi ...) + TODO: check +CVE-2023-46740 (CubeFS is an open-source cloud-native file storage system. Prior to ve ...) + TODO: check +CVE-2023-46739 (CubeFS is an open-source cloud-native file storage system. A vulnerabi ...) + TODO: check +CVE-2023-46738 (CubeFS is an open-source cloud-native file storage system. A security ...) + TODO: check +CVE-2023-45559 (An issue in Tamaki_hamanoki Line v.13.6.1 allows attackers to send cra ...) + TODO: check +CVE-2023-39655 (A host header injection vulnerability exists in the NPM package @perfo ...) + TODO: check +CVE-2023-38678 (OOB access in paddle.modein PaddlePaddle before 2.6.0. This flaw can c ...) + TODO: check +CVE-2023-38677 (FPE in paddle.linalg.eig in PaddlePaddle before 2.6.0. This flaw can c ...) + TODO: check +CVE-2023-38676 (Nullptr in paddle.dotin PaddlePaddle before 2.6.0. This flaw can cause ...) + TODO: check +CVE-2023-38675 (FPE in paddle.linalg.matrix_rank in PaddlePaddle before 2.6.0. This fl ...) + TODO: check +CVE-2023-38674 (FPE in paddle.nanmedian in PaddlePaddle before 2.6.0. This flaw can ca ...) + TODO: check +CVE-2023-37608 (An issue in Automatic Systems SOC FL9600 FastLine v.lego_T04E00 allows ...) + TODO: check +CVE-2023-37607 (Directory Traversal in Automatic-Systems SOC FL9600 FastLine lego_T04E ...) + TODO: check +CVE-2023-51785 (Deserialization of Untrusted Data vulnerability in Apache InLong.This ...) NOT-FOR-US: Apache InLong -CVE-2023-51784 +CVE-2023-51784 (Improper Control of Generation of Code ('Code Injection') vulnerabilit ...) NOT-FOR-US: Apache InLong CVE-2024-21632 (omniauth-microsoft_graph provides an Omniauth strategy for the Microso ...) NOT-FOR-US: omniauth-microsoft_graph @@ -7256,7 +7356,7 @@ CVE-2023-6918 (A flaw was found in the libssh implements abstract layer for mess NOTE: https://gitlab.com/libssh/libssh-mirror/-/commit/8b66d037d575e5f3ce4d35964547ff8c7e75ff8e (libssh-0.10.6) NOTE: https://gitlab.com/libssh/libssh-mirror/-/commit/8977e246b6d7ae467cab008a49e0a9e3d84bc2a0 (libssh-0.10.6) NOTE: https://gitlab.com/libssh/libssh-mirror/-/commit/622421018b58392ffecc29726b947e089b678221 (libssh-0.10.6) -CVE-2023-6004 [ProxyCommand/ProxyJump features enable to inject malicious code through hostname] +CVE-2023-6004 (A flaw was found in libssh. By utilizing the ProxyCommand or ProxyJump ...) {DSA-5591-1} - libssh 0.10.6-1 (bug #1059061) NOTE: https://www.libssh.org/security/advisories/CVE-2023-6004.txt @@ -37409,8 +37509,8 @@ CVE-2023-30619 (Tuleap Open ALM is a Libre and Open Source tool for end to end t NOT-FOR-US: Tuleap CVE-2023-30618 (Kitchen-Terraform provides a set of Test Kitchen plugins which enable ...) NOT-FOR-US: Kitchen-Terraform -CVE-2023-30617 - RESERVED +CVE-2023-30617 (Kruise provides automated management of large-scale applications on Ku ...) + TODO: check CVE-2023-30616 (Form block is a wordpress plugin designed to make form creation easier ...) NOT-FOR-US: WordPress plugin CVE-2023-30615 (Iris is a web collaborative platform aiming to help incident responder ...) View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/fd49bd100b31484f3c1c9deeb96500c06e1af09d -- View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/fd49bd100b31484f3c1c9deeb96500c06e1af09d You're receiving this email because of your account on salsa.debian.org.
_______________________________________________ debian-security-tracker-commits mailing list debian-security-tracker-commits@alioth-lists.debian.net https://alioth-lists.debian.net/cgi-bin/mailman/listinfo/debian-security-tracker-commits