Salvatore Bonaccorso pushed to branch master at Debian Security Tracker /
security-tracker
Commits:
fd49bd10 by security tracker role at 2024-01-03T20:11:38+00:00
automatic update
- - - - -
1 changed file:
- data/CVE/list
Changes:
=====================================
data/CVE/list
=====================================
@@ -1,6 +1,106 @@
-CVE-2023-51785
+CVE-2024-21911 (TinyMCE versions before 5.6.0 are affected by a stored
cross-site scri ...)
+ TODO: check
+CVE-2024-21910 (TinyMCE versions before 5.10.0 are affected by a cross-site
scripting ...)
+ TODO: check
+CVE-2024-21909 (PeterO.Cbor versions 4.0.0 through 4.5.0 are vulnerable to a
denial of ...)
+ TODO: check
+CVE-2024-21908 (TinyMCE versions before 5.9.0 are affected by a stored
cross-site scri ...)
+ TODO: check
+CVE-2024-21907 (Newtonsoft.Json before version 13.0.1 is affected by a
mishandling of ...)
+ TODO: check
+CVE-2024-21633 (Apktool is a tool for reverse engineering Android APK files.
In versio ...)
+ TODO: check
+CVE-2024-21631 (Vapor is an HTTP web framework for Swift. Prior to version
4.90.0, Vap ...)
+ TODO: check
+CVE-2024-21622 (Craft is a content management system. This is a potential
moderate imp ...)
+ TODO: check
+CVE-2024-0217 (A use-after-free flaw was found in PackageKitd. In some
conditions, th ...)
+ TODO: check
+CVE-2024-0201 (The Product Expiry for WooCommerce plugin for WordPress is
vulnerable ...)
+ TODO: check
+CVE-2023-7068 (The WooCommerce PDF Invoices, Packing Slips, Delivery Notes and
Shippi ...)
+ TODO: check
+CVE-2023-6984 (The PowerPack Addons for Elementor (Free Widgets, Extensions
and Templ ...)
+ TODO: check
+CVE-2023-6747 (The Best WordPress Gallery Plugin \u2013 FooGallery plugin for
WordPre ...)
+ TODO: check
+CVE-2023-6621 (The POST SMTP WordPress plugin before 2.8.7 does not sanitise
and esca ...)
+ TODO: check
+CVE-2023-5881 (Unauthenticated access permitted to web interface page The
Genie Compa ...)
+ TODO: check
+CVE-2023-5880 (When the Genie Company Aladdin Connect garage door opener
(Retrofit-Ki ...)
+ TODO: check
+CVE-2023-5879 (Users\u2019 product account authentication data was stored in
clear te ...)
+ TODO: check
+CVE-2023-52314 (PaddlePaddle before 2.6.0 has a command injection in
convert_shape_com ...)
+ TODO: check
+CVE-2023-52313 (FPE in paddle.argmin and paddle.argmaxin PaddlePaddle before
2.6.0. Th ...)
+ TODO: check
+CVE-2023-52312 (Nullptr dereference in paddle.cropin PaddlePaddle before
2.6.0. This f ...)
+ TODO: check
+CVE-2023-52311 (PaddlePaddle before 2.6.0 has a command injection in
_wget_download. T ...)
+ TODO: check
+CVE-2023-52310 (PaddlePaddle before 2.6.0 has a command injection in
get_online_pass_i ...)
+ TODO: check
+CVE-2023-52309 (Heap buffer overflow in paddle.repeat_interleavein
PaddlePaddle before ...)
+ TODO: check
+CVE-2023-52308 (FPE in paddle.aminin PaddlePaddle before 2.6.0. This flaw can
cause a ...)
+ TODO: check
+CVE-2023-52307 (Stack overflow in paddle.linalg.lu_unpackin PaddlePaddle
before 2.6.0. ...)
+ TODO: check
+CVE-2023-52306 (FPE in paddle.lerpin PaddlePaddle before 2.6.0. This flaw can
cause a ...)
+ TODO: check
+CVE-2023-52305 (FPE in paddle.topkin PaddlePaddle before 2.6.0. This flaw can
cause a ...)
+ TODO: check
+CVE-2023-52304 (Stack overflow in paddle.searchsortedin PaddlePaddle before
2.6.0. Thi ...)
+ TODO: check
+CVE-2023-52303 (Nullptr in paddle.put_along_axisin PaddlePaddle before 2.6.0.
This fla ...)
+ TODO: check
+CVE-2023-52302 (Nullptr in paddle.nextafterin PaddlePaddle before 2.6.0. This
flaw can ...)
+ TODO: check
+CVE-2023-50921 (An issue was discovered on GL.iNet devices through 4.5.0.
Attackers ca ...)
+ TODO: check
+CVE-2023-50253 (Laf is a cloud development platform. In the Laf version
design, the lo ...)
+ TODO: check
+CVE-2023-50093 (APIIDA API Gateway Manager for Broadcom Layer7 v2023.2.2 is
vulnerable ...)
+ TODO: check
+CVE-2023-50092 (APIIDA API Gateway Manager for Broadcom Layer7 v2023.2 is
vulnerable t ...)
+ TODO: check
+CVE-2023-50090 (Arbitrary File Write vulnerability in the saveReportFile
method of ure ...)
+ TODO: check
+CVE-2023-46929 (An issue discovered in GPAC 2.3-DEV-rev605-gfc9e29089-master
in MP4Box ...)
+ TODO: check
+CVE-2023-46742 (CubeFS is an open-source cloud-native file storage system.
CubeFS prio ...)
+ TODO: check
+CVE-2023-46741 (CubeFS is an open-source cloud-native file storage system. A
vulnerabi ...)
+ TODO: check
+CVE-2023-46740 (CubeFS is an open-source cloud-native file storage system.
Prior to ve ...)
+ TODO: check
+CVE-2023-46739 (CubeFS is an open-source cloud-native file storage system. A
vulnerabi ...)
+ TODO: check
+CVE-2023-46738 (CubeFS is an open-source cloud-native file storage system. A
security ...)
+ TODO: check
+CVE-2023-45559 (An issue in Tamaki_hamanoki Line v.13.6.1 allows attackers to
send cra ...)
+ TODO: check
+CVE-2023-39655 (A host header injection vulnerability exists in the NPM
package @perfo ...)
+ TODO: check
+CVE-2023-38678 (OOB access in paddle.modein PaddlePaddle before 2.6.0. This
flaw can c ...)
+ TODO: check
+CVE-2023-38677 (FPE in paddle.linalg.eig in PaddlePaddle before 2.6.0. This
flaw can c ...)
+ TODO: check
+CVE-2023-38676 (Nullptr in paddle.dotin PaddlePaddle before 2.6.0. This flaw
can cause ...)
+ TODO: check
+CVE-2023-38675 (FPE in paddle.linalg.matrix_rank in PaddlePaddle before 2.6.0.
This fl ...)
+ TODO: check
+CVE-2023-38674 (FPE in paddle.nanmedian in PaddlePaddle before 2.6.0. This
flaw can ca ...)
+ TODO: check
+CVE-2023-37608 (An issue in Automatic Systems SOC FL9600 FastLine
v.lego_T04E00 allows ...)
+ TODO: check
+CVE-2023-37607 (Directory Traversal in Automatic-Systems SOC FL9600 FastLine
lego_T04E ...)
+ TODO: check
+CVE-2023-51785 (Deserialization of Untrusted Data vulnerability in Apache
InLong.This ...)
NOT-FOR-US: Apache InLong
-CVE-2023-51784
+CVE-2023-51784 (Improper Control of Generation of Code ('Code Injection')
vulnerabilit ...)
NOT-FOR-US: Apache InLong
CVE-2024-21632 (omniauth-microsoft_graph provides an Omniauth strategy for the
Microso ...)
NOT-FOR-US: omniauth-microsoft_graph
@@ -7256,7 +7356,7 @@ CVE-2023-6918 (A flaw was found in the libssh implements
abstract layer for mess
NOTE:
https://gitlab.com/libssh/libssh-mirror/-/commit/8b66d037d575e5f3ce4d35964547ff8c7e75ff8e
(libssh-0.10.6)
NOTE:
https://gitlab.com/libssh/libssh-mirror/-/commit/8977e246b6d7ae467cab008a49e0a9e3d84bc2a0
(libssh-0.10.6)
NOTE:
https://gitlab.com/libssh/libssh-mirror/-/commit/622421018b58392ffecc29726b947e089b678221
(libssh-0.10.6)
-CVE-2023-6004 [ProxyCommand/ProxyJump features enable to inject malicious code
through hostname]
+CVE-2023-6004 (A flaw was found in libssh. By utilizing the ProxyCommand or
ProxyJump ...)
{DSA-5591-1}
- libssh 0.10.6-1 (bug #1059061)
NOTE: https://www.libssh.org/security/advisories/CVE-2023-6004.txt
@@ -37409,8 +37509,8 @@ CVE-2023-30619 (Tuleap Open ALM is a Libre and Open
Source tool for end to end t
NOT-FOR-US: Tuleap
CVE-2023-30618 (Kitchen-Terraform provides a set of Test Kitchen plugins which
enable ...)
NOT-FOR-US: Kitchen-Terraform
-CVE-2023-30617
- RESERVED
+CVE-2023-30617 (Kruise provides automated management of large-scale
applications on Ku ...)
+ TODO: check
CVE-2023-30616 (Form block is a wordpress plugin designed to make form
creation easier ...)
NOT-FOR-US: WordPress plugin
CVE-2023-30615 (Iris is a web collaborative platform aiming to help incident
responder ...)
View it on GitLab:
https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/fd49bd100b31484f3c1c9deeb96500c06e1af09d
--
View it on GitLab:
https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/fd49bd100b31484f3c1c9deeb96500c06e1af09d
You're receiving this email because of your account on salsa.debian.org.
_______________________________________________
debian-security-tracker-commits mailing list
[email protected]
https://alioth-lists.debian.net/cgi-bin/mailman/listinfo/debian-security-tracker-commits
