[Git][security-tracker-team/security-tracker][master] automatic update

Salvatore Bonaccorso (@carnil) Sun, 31 Mar 2024 13:12:45 -0700


Salvatore Bonaccorso pushed to branch master at Debian Security Tracker / 
security-tracker



Commits:
adf940b4 by security tracker role at 2024-03-31T20:12:20+00:00
automatic update

- - - - -


1 changed file:

- data/CVE/list


Changes:

=====================================
data/CVE/list
=====================================
@@ -1,3 +1,119 @@
+CVE-2024-31123 (Improper Neutralization of Input During Web Page Generation 
('Cross-si ...)
+       TODO: check
+CVE-2024-31122 (Improper Neutralization of Input During Web Page Generation 
('Cross-si ...)
+       TODO: check
+CVE-2024-31121 (Contributor Cross Site Scripting (XSS) in HeartThis <= 0.1.0 
versions.)
+       TODO: check
+CVE-2024-31120 (Improper Neutralization of Input During Web Page Generation 
('Cross-si ...)
+       TODO: check
+CVE-2024-31117 (Improper Neutralization of Input During Web Page Generation 
('Cross-si ...)
+       TODO: check
+CVE-2024-31116 (Improper Neutralization of Special Elements used in an SQL 
Command ('S ...)
+       TODO: check
+CVE-2024-31115 (Unrestricted Upload of File with Dangerous Type vulnerability 
in Quant ...)
+       TODO: check
+CVE-2024-31114 (Unrestricted Upload of File with Dangerous Type vulnerability 
in biplo ...)
+       TODO: check
+CVE-2024-31112 (Improper Neutralization of Input During Web Page Generation 
('Cross-si ...)
+       TODO: check
+CVE-2024-31110 (Improper Neutralization of Input During Web Page Generation 
('Cross-si ...)
+       TODO: check
+CVE-2024-31108 (Improper Neutralization of Input During Web Page Generation 
('Cross-si ...)
+       TODO: check
+CVE-2024-31107 (Improper Neutralization of Input During Web Page Generation 
('Cross-si ...)
+       TODO: check
+CVE-2024-31106 (Improper Neutralization of Input During Web Page Generation 
('Cross-si ...)
+       TODO: check
+CVE-2024-31104 (Improper Neutralization of Input During Web Page Generation 
('Cross-si ...)
+       TODO: check
+CVE-2024-31103 (Improper Neutralization of Input During Web Page Generation 
('Cross-si ...)
+       TODO: check
+CVE-2024-31102 (Improper Neutralization of Input During Web Page Generation 
('Cross-si ...)
+       TODO: check
+CVE-2024-31101 (Improper Neutralization of Input During Web Page Generation 
('Cross-si ...)
+       TODO: check
+CVE-2024-31100 (Cross-Site Request Forgery (CSRF) vulnerability in Festi-Team 
Popup Ca ...)
+       TODO: check
+CVE-2024-31097 (Improper Neutralization of Input During Web Page Generation 
('Cross-si ...)
+       TODO: check
+CVE-2024-31096 (Cross-Site Request Forgery (CSRF) vulnerability in kopatheme 
Nictitate ...)
+       TODO: check
+CVE-2024-31095 (Authorization Bypass Through User-Controlled Key vulnerability 
in Rica ...)
+       TODO: check
+CVE-2024-31094 (Deserialization of Untrusted Data vulnerability in Filter 
Custom Field ...)
+       TODO: check
+CVE-2024-31092 (Improper Neutralization of Input During Web Page Generation 
('Cross-si ...)
+       TODO: check
+CVE-2024-31091 (Improper Neutralization of Input During Web Page Generation 
('Cross-si ...)
+       TODO: check
+CVE-2024-31090 (Improper Neutralization of Input During Web Page Generation 
('Cross-si ...)
+       TODO: check
+CVE-2024-31089 (Improper Neutralization of Input During Web Page Generation 
('Cross-si ...)
+       TODO: check
+CVE-2024-31087 (Improper Neutralization of Input During Web Page Generation 
('Cross-si ...)
+       TODO: check
+CVE-2024-31085 (Improper Neutralization of Input During Web Page Generation 
('Cross-si ...)
+       TODO: check
+CVE-2024-31084 (Improper Neutralization of Input During Web Page Generation 
('Cross-si ...)
+       TODO: check
+CVE-2024-30561 (Improper Neutralization of Input During Web Page Generation 
('Cross-si ...)
+       TODO: check
+CVE-2024-30559 (Improper Neutralization of Input During Web Page Generation 
('Cross-si ...)
+       TODO: check
+CVE-2024-30558 (Improper Neutralization of Input During Web Page Generation 
('Cross-si ...)
+       TODO: check
+CVE-2024-30557 (Improper Neutralization of Input During Web Page Generation 
('Cross-si ...)
+       TODO: check
+CVE-2024-30556 (Improper Neutralization of Input During Web Page Generation 
('Cross-si ...)
+       TODO: check
+CVE-2024-30555 (Improper Neutralization of Input During Web Page Generation 
('Cross-si ...)
+       TODO: check
+CVE-2024-30554 (Improper Neutralization of Input During Web Page Generation 
('Cross-si ...)
+       TODO: check
+CVE-2024-30553 (Improper Neutralization of Input During Web Page Generation 
('Cross-si ...)
+       TODO: check
+CVE-2024-30552 (Improper Neutralization of Input During Web Page Generation 
('Cross-si ...)
+       TODO: check
+CVE-2024-30551 (Improper Neutralization of Input During Web Page Generation 
('Cross-si ...)
+       TODO: check
+CVE-2024-30550 (Improper Neutralization of Input During Web Page Generation 
('Cross-si ...)
+       TODO: check
+CVE-2024-30549 (Improper Neutralization of Input During Web Page Generation 
('Cross-si ...)
+       TODO: check
+CVE-2024-30548 (Improper Neutralization of Input During Web Page Generation 
('Cross-si ...)
+       TODO: check
+CVE-2024-30543 (Authorization Bypass Through User-Controlled Key vulnerability 
in UPQO ...)
+       TODO: check
+CVE-2024-30541 (Cross-Site Request Forgery (CSRF) vulnerability in LWS LWS 
Optimize.Th ...)
+       TODO: check
+CVE-2024-30536 (Cross-Site Request Forgery (CSRF) vulnerability in WPFactory 
Slugs Man ...)
+       TODO: check
+CVE-2024-30535 (Improper Neutralization of Special Elements used in an SQL 
Command ('S ...)
+       TODO: check
+CVE-2024-30533 (Unrestricted Upload of File with Dangerous Type vulnerability 
in Teche ...)
+       TODO: check
+CVE-2024-30530 (Improper Neutralization of Input During Web Page Generation 
('Cross-si ...)
+       TODO: check
+CVE-2024-30526 (Cross-Site Request Forgery (CSRF) vulnerability in Easy Social 
Feed.Th ...)
+       TODO: check
+CVE-2024-30524 (Improper Neutralization of Input During Web Page Generation 
('Cross-si ...)
+       TODO: check
+CVE-2024-30523 (Insertion of Sensitive Information into Log File vulnerability 
in Paid ...)
+       TODO: check
+CVE-2024-30489 (Improper Neutralization of Special Elements used in an SQL 
Command ('S ...)
+       TODO: check
+CVE-2024-25027 (IBM Security Verify Access 10.0.6 could disclose sensitive 
snapshot in ...)
+       TODO: check
+CVE-2024-22353 (IBM WebSphere Application Server Liberty 17.0.0.3 through 
24.0.0.3 is  ...)
+       TODO: check
+CVE-2023-50959 (IBM Cloud Pak for Business Automation 18.0.0, 18.0.1, 
18.0.2,19.0.1, 1 ...)
+       TODO: check
+CVE-2023-50311 (IBM CICS Transaction Gateway for Multiplatforms 9.2 and 9.3 
transmits  ...)
+       TODO: check
+CVE-2020-36828 (A vulnerability was found in DiscuzX up to 3.4-20200818. It 
has been c ...)
+       TODO: check
+CVE-2017-20191 (A vulnerability was found in Zimbra zm-admin-ajax up to 8.8.1. 
It has  ...)
+       TODO: check
 CVE-2024-XXXX [mediawiki: XSS in edit summary parser]
        - mediawiki 1:1.39.7-1
        [bookworm] - mediawiki 1:1.39.7-1~deb12u1
@@ -9,7 +125,6 @@ CVE-2024-XXXX [mediawiki: XSS in edit summary parser]
 CVE-2024-XXXX [mediawiki:  Denial of service vector via GET request to 
Special:MovePage on pages with thousands of subpages]
        - mediawiki 1:1.39.7-1
        [bookworm] - mediawiki 1:1.39.7-1~deb12u1
-       [bookworm] - mediawiki 1:1.39.7-1~deb12u1
        NOTE: 
https://lists.wikimedia.org/hyperkitty/list/wikitec...@lists.wikimedia.org/thread/V3WXEPXV2DU6WTVEKK4XHW4QXD5OFKD7/
        NOTE: https://phabricator.wikimedia.org/T357760
        NOTE: https://gerrit.wikimedia.org/r/c/mediawiki/core/+/1015423
@@ -1067,6 +1182,7 @@ CVE-2023-39311 (Cross-Site Request Forgery (CSRF) 
vulnerability in ThemeFusion F
 CVE-2023-34020 (URL Redirection to Untrusted Site ('Open Redirect') 
vulnerability in U ...)
        NOT-FOR-US: WordPress plugin
 CVE-2024-28085 (wall in util-linux through 2.40, often installed with setgid 
tty permi ...)
+       {DSA-5650-1}
        - util-linux 2.39.3-11 (bug #1067849)
        NOTE: https://www.openwall.com/lists/oss-security/2024/03/27/5
        NOTE: 
https://github.com/util-linux/util-linux/commit/404b0781f52f7c045ca811b2dceec526408ac253
 (v2.40)
@@ -1377,7 +1493,7 @@ CVE-2023-45922 (glx_pbuffer.c in Mesa 23.0.4 was 
discovered to contain a segment
        NOTE: https://gitlab.freedesktop.org/mesa/mesa/-/issues/9857
        NOTE: Negligible security impact
 CVE-2023-45920 (Xfig v3.2.8 was discovered to contain a NULL pointer 
dereference when  ...)
-        - xfig 1:3.2.9-1 (unimportant)
+       - xfig 1:3.2.9-1 (unimportant)
        NOTE: https://sourceforge.net/p/mcj/tickets/155/
        NOTE: 
https://sourceforge.net/p/mcj/xfig/ci/ec49cde00dbd6f7f45d8e386795079d5d636496f/
        NOTE: Ngliggible security impact, crash in CLI tool



View it on GitLab: 
https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/adf940b48541473fb670d6e239496274e8950cdd

-- 
View it on GitLab: 
https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/adf940b48541473fb670d6e239496274e8950cdd
You're receiving this email because of your account on salsa.debian.org.

_______________________________________________
debian-security-tracker-commits mailing list
debian-security-tracker-commits@alioth-lists.debian.net
https://alioth-lists.debian.net/cgi-bin/mailman/listinfo/debian-security-tracker-commits

[Git][security-tracker-team/security-tracker][master] automatic update

Reply via email to