Salvatore Bonaccorso pushed to branch master at Debian Security Tracker / security-tracker
Commits: 29679e3f by security tracker role at 2024-04-25T20:11:52+00:00 automatic update - - - - - 1 changed file: - data/CVE/list Changes: ===================================== data/CVE/list ===================================== @@ -1,3 +1,111 @@ +CVE-2024-4175 (Unicode transformation vulnerability in Hyperion affecting version 2.0 ...) + TODO: check +CVE-2024-4174 (Cross-Site Scripting (XSS) vulnerability in Hyperion Web Server affect ...) + TODO: check +CVE-2024-4172 (A vulnerability classified as problematic was found in idcCMS 1.35. Af ...) + TODO: check +CVE-2024-4171 (A vulnerability classified as critical has been found in Tenda W30E 1. ...) + TODO: check +CVE-2024-4170 (A vulnerability was found in Tenda 4G300 1.01.42. It has been rated as ...) + TODO: check +CVE-2024-4169 (A vulnerability was found in Tenda 4G300 1.01.42. It has been declared ...) + TODO: check +CVE-2024-4168 (A vulnerability was found in Tenda 4G300 1.01.42. It has been classifi ...) + TODO: check +CVE-2024-4167 (A vulnerability was found in Tenda 4G300 1.01.42 and classified as cri ...) + TODO: check +CVE-2024-4166 (A vulnerability has been found in Tenda 4G300 1.01.42 and classified a ...) + TODO: check +CVE-2024-4165 (A vulnerability, which was classified as critical, was found in Tenda ...) + TODO: check +CVE-2024-4164 (A vulnerability, which was classified as critical, has been found in T ...) + TODO: check +CVE-2024-4077 (Improper Neutralization of Input During Web Page Generation ('Cross-si ...) + TODO: check +CVE-2024-4035 (The Photo Gallery \u2013 GT3 Image Gallery & Gutenberg Block Gallery p ...) + TODO: check +CVE-2024-4024 (An issue has been discovered in GitLab CE/EE affecting all versions st ...) + TODO: check +CVE-2024-4006 (An issue has been discovered in GitLab CE/EE affecting all versions st ...) + TODO: check +CVE-2024-3994 (The Tutor LMS \u2013 eLearning and online course solution plugin for W ...) + TODO: check +CVE-2024-3733 (The Essential Addons for Elementor \u2013 Best Elementor Templates, Wi ...) + TODO: check +CVE-2024-3730 (The Simple Membership plugin for WordPress is vulnerable to Stored Cro ...) + TODO: check +CVE-2024-33592 (Server-Side Request Forgery (SSRF) vulnerability in SoftLab Radio Play ...) + TODO: check +CVE-2024-33247 (Sourcecodester Employee Task Management System v1.0 is vulnerable to S ...) + TODO: check +CVE-2024-32961 (Improper Neutralization of Input During Web Page Generation ('Cross-si ...) + TODO: check +CVE-2024-32676 (Improper Restriction of Excessive Authentication Attempts vulnerabilit ...) + TODO: check +CVE-2024-32649 (Vyper is a pythonic Smart Contract Language for the Ethereum virtual m ...) + TODO: check +CVE-2024-32648 (Vyper is a pythonic Smart Contract Language for the Ethereum virtual m ...) + TODO: check +CVE-2024-32647 (Vyper is a pythonic Smart Contract Language for the Ethereum virtual m ...) + TODO: check +CVE-2024-32646 (Vyper is a pythonic Smart Contract Language for the Ethereum virtual m ...) + TODO: check +CVE-2024-32645 (Vyper is a pythonic Smart Contract Language for the Ethereum virtual m ...) + TODO: check +CVE-2024-32481 (Vyper is a pythonic Smart Contract Language for the Ethereum virtual m ...) + TODO: check +CVE-2024-32467 (MeterSphere is an open source continuous testing platform. Prior to ve ...) + TODO: check +CVE-2024-32358 (An issue in Jpress v.5.1.0 allows a remote attacker to execute arbitra ...) + TODO: check +CVE-2024-32324 (Buffer Overflow vulnerability in Shenzhen Libituo Technology Co., Ltd ...) + TODO: check +CVE-2024-32236 (An issue in CmsEasy v.7.7 and before allows a remote attacker to obtai ...) + TODO: check +CVE-2024-31615 (ThinkCMF 6.0.9 is vulnerable to File upload via UeditorController.php.) + TODO: check +CVE-2024-31574 (Cross Site Scripting vulnerability in TWCMS v.2.6 allows a local attac ...) + TODO: check +CVE-2024-31266 (Improper Control of Generation of Code ('Code Injection') vulnerabilit ...) + TODO: check +CVE-2024-30939 (An issue discovered in Yealink VP59 Teams Editions with firmware versi ...) + TODO: check +CVE-2024-30890 (Cross Site Scripting vulnerability in ED01-CMS v.1.0 allows an attacke ...) + TODO: check +CVE-2024-30560 (Cross-Site Request Forgery (CSRF) vulnerability in \u5927\u4fa0WP DX-W ...) + TODO: check +CVE-2024-2829 (An issue has been discovered in GitLab CE/EE affecting all versions st ...) + TODO: check +CVE-2024-2434 (An issue has been discovered in GitLab affecting all versions of GitLa ...) + TODO: check +CVE-2024-29660 (Cross Site Scripting vulnerability in DedeCMS v.5.7 allows a local att ...) + TODO: check +CVE-2024-28241 (The GLPI Agent is a generic management agent. Prior to version 1.7.2, ...) + TODO: check +CVE-2024-28240 (The GLPI Agent is a generic management agent. A vulnerability that onl ...) + TODO: check +CVE-2024-25917 (Exposure of Sensitive Information to an Unauthorized Actor vulnerabili ...) + TODO: check +CVE-2024-25624 (Iris is a web collaborative platform aiming to help incident responder ...) + TODO: check +CVE-2024-25569 (An out-of-bounds read vulnerability exists in the RAWCodec::DecodeByte ...) + TODO: check +CVE-2024-25026 (IBM WebSphere Application Server 8.5, 9.0 and IBM WebSphere Applicatio ...) + TODO: check +CVE-2024-22391 (A heap-based buffer overflow vulnerability exists in the LookupTable:: ...) + TODO: check +CVE-2024-22373 (An out-of-bounds write vulnerability exists in the JPEG2000Codec::Deco ...) + TODO: check +CVE-2024-22144 (Improper Control of Generation of Code ('Code Injection') vulnerabilit ...) + TODO: check +CVE-2024-1347 (An issue has been discovered in GitLab CE/EE affecting all versions be ...) + TODO: check +CVE-2023-52220 (Missing Authorization vulnerability in MonsterInsights Google Analytic ...) + TODO: check +CVE-2023-51484 (Improper Authentication vulnerability in wp-buy Login as User or Custo ...) + TODO: check +CVE-2023-51482 (Improper Authentication vulnerability in EazyPlugins Eazy Plugin Manag ...) + TODO: check CVE-2024-4173 (A vulnerability in Brocade SANnav ova versions before Brocade SANnav v ...) NOT-FOR-US: Brocade CVE-2024-4161 (In Brocade SANnav, before Brocade SANnav v2.3.0, syslog traffic receiv ...) @@ -326,7 +434,8 @@ CVE-2023-47357 REJECTED CVE-2023-32127 (Missing Authorization vulnerability in Daniel Powney Multi Rating allo ...) NOT-FOR-US: WordPress plugin -CVE-2024-25583 +CVE-2024-25583 (A crafted response from an upstream server the recursor has been confi ...) + {DSA-5674-1} - pdns-recursor 4.9.5-1 (bug #1069762) NOTE: https://www.openwall.com/lists/oss-security/2024/04/24/1 CVE-2024-3154 @@ -733,7 +842,8 @@ CVE-2024-31841 (An issue was discovered in Italtel Embrace 1.6.4. The web server NOT-FOR-US: Italtel Embrace CVE-2024-31750 (SQL injection vulnerability in f-logic datacube3 v.1.0 allows a remote ...) NOT-FOR-US: f-logic datacube3 -CVE-2024-31745 (Libdwarf v0.9.1 was discovered to contain a heap use-after-free via th ...) +CVE-2024-31745 + REJECTED - dwarfutils <unfixed> [bookworm] - dwarfutils <no-dsa> (Minor issue) [bullseye] - dwarfutils <no-dsa> (Minor issue) @@ -2817,7 +2927,7 @@ CVE-2024-0404 (A mass assignment vulnerability exists in the `/api/invite/:code` NOT-FOR-US: mintplex-labs/anything-llm CVE-2023-33806 (Insecure default configurations in Hikvision Interactive Tablet DS-D5B ...) NOT-FOR-US: Hikvision -CVE-2023-3597 +CVE-2023-3597 (A flaw was found in Keycloak, where it does not correctly validate its ...) NOT-FOR-US: Keycloak CVE-2024-31497 (In PuTTY 0.68 through 0.80 before 0.81, biased ECDSA nonce generation ...) - putty 0.81-1 @@ -3281,7 +3391,7 @@ CVE-2023-6067 (The WP User Profile Avatar WordPress plugin through 1.0.1 does no NOT-FOR-US: WordPress plugin CVE-2023-52144 (Improper Limitation of a Pathname to a Restricted Directory ('Path Tra ...) NOT-FOR-US: WordPress plugin -CVE-2024-3508 +CVE-2024-3508 (A flaw was found in Bombastic, which allows authenticated users to upl ...) NOT-FOR-US: Bombastic's use of bzip2 CVE-2024-3651 [potential DoS via resource consumption via specially crafted inputs to idna.encode()] - python-idna <unfixed> (bug #1069127) @@ -3539,13 +3649,13 @@ CVE-2023-47714 (IBM Sterling File Gateway 6.0.0.0 through 6.0.3.9, 6.1.0.0 throu NOT-FOR-US: IBM CVE-2024-31391 (Insertion of Sensitive Information into Log File vulnerability in the ...) NOT-FOR-US: Apache Solr Operator -CVE-2024-3625 +CVE-2024-3625 (A flaw was found in Quay, where Quay's database is stored in plain tex ...) NOT-FOR-US: mirror-registry for Quay -CVE-2024-3624 +CVE-2024-3624 (A flaw was found in how Quay's database is stored in plain-text in mir ...) NOT-FOR-US: mirror-registry for Quay -CVE-2024-3623 +CVE-2024-3623 (A flaw was found when using mirror-registry to install Quay. It uses a ...) NOT-FOR-US: mirror-registry for Quay -CVE-2024-3622 +CVE-2024-3622 (A flaw was found when using mirror-registry to install Quay. It uses a ...) NOT-FOR-US: mirror-registry for Quay CVE-2024-3400 (A command injection as a result of arbitrary file creation vulnerabili ...) NOT-FOR-US: Palo Alto Networks @@ -4297,7 +4407,7 @@ CVE-2024-3447 NOTE: https://bugs.chromium.org/p/oss-fuzz/issues/detail?id=58813 NOTE: https://gitlab.com/qemu-project/qemu/-/commit/9e4b27ca6bf4974f169bbca7f3dca117b1208b6f (v9.0.0-rc3) NOTE: https://gitlab.com/qemu-project/qemu/-/commit/35a67d2aa8caf8eb0bee7d38515924c95417047e (v8.2.3) -CVE-2024-2905 +CVE-2024-2905 (A security vulnerability has been discovered within rpm-ostree, pertai ...) NOT-FOR-US: rpm-ostree CVE-2024-2243 (A vulnerability was found in csmock where a regular user of the OSH se ...) NOT-FOR-US: csmock @@ -4455,7 +4565,8 @@ CVE-2024-3545 (Improper permission handling in the vault offline cache feature i NOT-FOR-US: Devolutions CVE-2024-3514 REJECTED -CVE-2024-3512 (The WP Shortcodes Plugin \u2014 Shortcodes Ultimate plugin for WordPre ...) +CVE-2024-3512 + REJECTED NOT-FOR-US: WordPress plugin CVE-2024-3446 (A double free vulnerability was found in QEMU virtio devices (virtio-g ...) - qemu 1:8.2.3+ds-1 (bug #1068820) @@ -6119,19 +6230,25 @@ CVE-2024-27575 (INOTEC Sicherheitstechnik WebServer CPS220/64 3.3.19 allows a re NOT-FOR-US: INOTEC CVE-2024-27268 (IBM WebSphere Application Server Liberty 18.0.0.2 through 24.0.0.3 is ...) NOT-FOR-US: IBM -CVE-2024-25709 (There is a stored Cross-site Scripting vulnerability in Esri Portal fo ...) +CVE-2024-25709 + REJECTED NOT-FOR-US: Esri Portal CVE-2024-25708 (There is a stored Cross-site Scripting vulnerability in Esri Portal fo ...) NOT-FOR-US: Esri Portal -CVE-2024-25706 (There is an HTML injection vulnerability in Esri Portal for ArcGIS <=1 ...) +CVE-2024-25706 + REJECTED NOT-FOR-US: Esri Portal -CVE-2024-25705 (There is a cross site scripting vulnerability in the Esri Portal for A ...) +CVE-2024-25705 + REJECTED NOT-FOR-US: Esri Portal -CVE-2024-25704 (There is a stored Cross-site Scripting vulnerability in Esri Portal fo ...) +CVE-2024-25704 + REJECTED NOT-FOR-US: Esri Portal -CVE-2024-25703 (There is a reflected cross site scripting vulnerability in the home ap ...) +CVE-2024-25703 + REJECTED NOT-FOR-US: Esri Portal -CVE-2024-25700 (There is a stored Cross-site Scripting vulnerability in Esri Portal fo ...) +CVE-2024-25700 + REJECTED NOT-FOR-US: Esri Portal CVE-2024-25699 (There is a difficult to exploit improper authentication issue in the H ...) NOT-FOR-US: Esri Portal @@ -6397,7 +6514,7 @@ CVE-2024-27919 (Envoy is a cloud-native, open-source edge and service proxy. In - envoyproxy <itp> (bug #987544) CVE-2024-2700 (A vulnerability was found in the quarkus-core component. Quarkus captu ...) NOT-FOR-US: Quarkus -CVE-2024-1139 +CVE-2024-1139 (A credentials leak vulnerability was found in the cluster monitoring o ...) NOT-FOR-US: Red Hat OpenShift Container Platform CVE-2024-3274 (** UNSUPPORTED WHEN ASSIGNED ** A vulnerability has been found in D-Li ...) NOT-FOR-US: D-Link @@ -12138,7 +12255,7 @@ CVE-2024-2515 (A vulnerability, which was classified as problematic, has been fo NOT-FOR-US: MAGESH-K21 Online-College-Event-Hall-Reservation-System CVE-2024-1857 (The Ultimate Gift Cards for WooCommerce \u2013 Create, Redeem & Manage ...) NOT-FOR-US: WooCommerce plugin -CVE-2024-2467 [Crypt-OpenSSL-RSA vulnerable to the Marvin Attack] +CVE-2024-2467 (A timing-based side-channel flaw exists in the perl-Crypt-OpenSSL-RSA ...) - libcrypt-openssl-rsa-perl <unfixed> (bug #1066969) [bookworm] - libcrypt-openssl-rsa-perl <no-dsa> (Minor issue) [bullseye] - libcrypt-openssl-rsa-perl <no-dsa> (Minor issue) @@ -15007,7 +15124,7 @@ CVE-2024-27351 (In Django 3.2 before 3.2.25, 4.2 before 4.2.11, and 5.0 before 5 NOTE: CVE is a followup to CVE-2019-14232 and CVE-2023-43665. CVE-2024-2167 REJECTED -CVE-2024-1657 +CVE-2024-1657 (A flaw was found in the ansible automation platform. An insecure WebSo ...) NOT-FOR-US: Red Hat Ansible Automation Platform CVE-2024-2048 (Vault and Vault Enterprise (\u201cVault\u201d) TLS certificate auth me ...) NOT-FOR-US: HashiCorp Vault @@ -18485,11 +18602,11 @@ CVE-2023-37177 (SQL Injection vulnerability in PMB Services PMB v.7.4.7 and befo NOT-FOR-US: PMB CVE-2024-26147 (Helm is a package manager for Charts for Kubernetes. Versions prior to ...) - helm-kubernetes <itp> (bug #910799) -CVE-2024-1726 +CVE-2024-1726 (A flaw was discovered in the RESTEasy Reactive implementation in Quark ...) NOT-FOR-US: Quarkus CVE-2024-1722 (A flaw was found in Keycloak. In certain conditions, this issue may al ...) NOT-FOR-US: Keycloak -CVE-2023-6787 +CVE-2023-6787 (A flaw was found in Keycloak that occurs from an error in the re-authe ...) NOT-FOR-US: Keycloak CVE-2024-27215 REJECTED @@ -23175,7 +23292,7 @@ CVE-2024-1111 (A vulnerability, which was classified as problematic, has been fo NOT-FOR-US: SourceCodester QR Code Login System CVE-2024-1103 (A vulnerability was found in CodeAstro Real Estate Management System 1 ...) NOT-FOR-US: CodeAstro Real Estate Management System -CVE-2024-1102 +CVE-2024-1102 (A vulnerability was found in jberet-core logging. An exception in 'dbP ...) NOT-FOR-US: JBeret CVE-2024-1099 (A vulnerability was found in Rebuild up to 3.5.5. It has been classifi ...) NOT-FOR-US: Rebuild @@ -24097,7 +24214,7 @@ CVE-2024-0911 (A flaw was found in indent, a program for formatting C code. This NOTE: https://bugzilla.redhat.com/show_bug.cgi?id=2260399 NOTE: https://lists.gnu.org/archive/html/bug-indent/2024-01/msg00001.html NOTE: Crash in CLI tool, no security impact -CVE-2024-0874 +CVE-2024-0874 (A flaw was found in coredns. This issue could lead to invalid cache en ...) - coredns <itp> (bug #880676) CVE-2024-0456 (An authorization vulnerability exists in GitLab versions 14.0 prior to ...) - gitlab 16.6.6-1 @@ -24200,7 +24317,7 @@ CVE-2024-0727 (Issue summary: Processing a maliciously formatted PKCS12 file may NOTE: https://github.com/openssl/openssl/commit/febb086d0fc1ea12181f4d833aa9b8fdf2133b3b (openssl-3.1.5) CVE-2023-6267 (A flaw was found in the json payload. If annotation based security is ...) NOT-FOR-US: Quarkus -CVE-2023-5675 +CVE-2023-5675 (A flaw was found in Quarkus. When a Quarkus RestEasy Classic or Reacti ...) NOT-FOR-US: Quarkus CVE-2023-52356 (A segment fault (SEGV) flaw was found in libtiff that could be trigger ...) {DLA-3758-1} @@ -25564,7 +25681,7 @@ CVE-2024-22365 (linux-pam (aka Linux PAM) before 1.6.0 allows attackers to cause [buster] - pam <no-dsa> (Minor issue) NOTE: https://www.openwall.com/lists/oss-security/2024/01/18/3 NOTE: https://github.com/linux-pam/linux-pam/commit/031bb5a5d0d950253b68138b498dc93be69a64cb (v1.6.0) -CVE-2023-6596 +CVE-2023-6596 (An incomplete fix was shipped for the Rapid Reset (CVE-2023-44487/CVE- ...) NOT-FOR-US: Red Hat OpenShift (specific for incomplete fixes in Red Hat for two OpenShift Containers) CVE-2024-22715 (Stupid Simple CMS <=1.2.4 was discovered to contain a Cross-Site Reque ...) NOT-FOR-US: Stupid Simple CMS @@ -34566,7 +34683,7 @@ CVE-2023-33017 (Memory corruption in Boot while running a ListVars test in UEFI NOT-FOR-US: Qualcomm CVE-2023-4503 (An improper initialization vulnerability was found in Galleon. When us ...) NOT-FOR-US: Red Hat EAP-Galleon -CVE-2023-6484 +CVE-2023-6484 (A log injection flaw was found in Keycloak. A text string may be injec ...) NOT-FOR-US: Keycloak CVE-2023-6481 (A serialization vulnerability in logback receiver component part of l ...) - logback <not-affected> (Incomplte fix not applied) @@ -83819,9 +83936,9 @@ CVE-2023-25020 (Unauth. Stored Cross-Site Scripting (XSS) vulnerability in Kibok NOT-FOR-US: WordPress plugin CVE-2023-25019 (Unauth. Reflected Cross-Site Scripting (XSS) vulnerability in Premio C ...) NOT-FOR-US: WordPress plugin -CVE-2023-6717 +CVE-2023-6717 (A flaw was found in the SAML client registration in Keycloak that coul ...) NOT-FOR-US: Keycloak -CVE-2023-6544 +CVE-2023-6544 (A flaw was found in the Keycloak package. This issue occurs due to a p ...) NOT-FOR-US: Keycloak CVE-2023-0657 RESERVED View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/29679e3f57bd2b942192a483ef0e7a20c309fd49 -- View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/29679e3f57bd2b942192a483ef0e7a20c309fd49 You're receiving this email because of your account on salsa.debian.org.
_______________________________________________ debian-security-tracker-commits mailing list debian-security-tracker-commits@alioth-lists.debian.net https://alioth-lists.debian.net/cgi-bin/mailman/listinfo/debian-security-tracker-commits