Salvatore Bonaccorso pushed to branch master at Debian Security Tracker /
security-tracker
Commits:
d339433a by security tracker role at 2024-01-12T20:12:11+00:00
automatic update
- - - - -
1 changed file:
- data/CVE/list
Changes:
=====================================
data/CVE/list
=====================================
@@ -1,14 +1,82 @@
+CVE-2024-22494 (A stored XSS vulnerability exists in JFinalcms 5.0.0 via the
/gusetboo ...)
+ TODO: check
+CVE-2024-22493 (A stored XSS vulnerability exists in JFinalcms 5.0.0 via the
/gusetboo ...)
+ TODO: check
+CVE-2024-22492 (A stored XSS vulnerability exists in JFinalcms 5.0.0 via the
/gusetboo ...)
+ TODO: check
+CVE-2024-21887 (A command injection vulnerability in web components of Ivanti
Connect ...)
+ TODO: check
+CVE-2024-0467 (A vulnerability, which was classified as problematic, was found
in cod ...)
+ TODO: check
+CVE-2024-0466 (A vulnerability, which was classified as critical, has been
found in c ...)
+ TODO: check
+CVE-2024-0465 (A vulnerability classified as problematic was found in
code-projects E ...)
+ TODO: check
+CVE-2024-0464 (A vulnerability classified as critical has been found in
code-projects ...)
+ TODO: check
+CVE-2024-0463 (A vulnerability was found in code-projects Online Faculty
Clearance 1. ...)
+ TODO: check
+CVE-2024-0462 (A vulnerability was found in code-projects Online Faculty
Clearance 1. ...)
+ TODO: check
+CVE-2024-0461 (A vulnerability was found in code-projects Online Faculty
Clearance 1. ...)
+ TODO: check
+CVE-2024-0460 (A vulnerability was found in code-projects Faculty Management
System 1 ...)
+ TODO: check
+CVE-2024-0459 (A vulnerability has been found in Blood Bank & Donor Management
5.6 an ...)
+ TODO: check
+CVE-2023-6683 (A flaw was found in the QEMU built-in VNC server while
processing Clie ...)
+ TODO: check
+CVE-2023-52026 (TOTOlink EX1800T V9.1.0cu.2112_B20220316 was discovered to
contain a r ...)
+ TODO: check
+CVE-2023-51978 (In PHPGurukul Art Gallery Management System v1.1, "Update
Artist Image ...)
+ TODO: check
+CVE-2023-51949 (Verydows v2.0 was discovered to contain a Cross-Site Request
Forgery ( ...)
+ TODO: check
+CVE-2023-51806 (File Upload vulnerability in Ujcms v.8.0.2 allows a local
attacker to ...)
+ TODO: check
+CVE-2023-51790 (Cross Site Scripting vulnerability in piwigo v.14.0.0 allows a
remote ...)
+ TODO: check
+CVE-2023-49569 (A path traversal vulnerability was discovered in go-git
versions prior ...)
+ TODO: check
+CVE-2023-49568 (A denial of service (DoS) vulnerability was discovered in
go-git versi ...)
+ TODO: check
+CVE-2023-49262 (The authentication mechanism can be bypassed by overflowing
the value ...)
+ TODO: check
+CVE-2023-49261 (The "tokenKey" value used in user authorization is visible in
the HTML ...)
+ TODO: check
+CVE-2023-49260 (An XSS attack can be performed by changing the MOTD banner and
pointin ...)
+ TODO: check
+CVE-2023-49259 (The authentication cookies are generated using an algorithm
based on t ...)
+ TODO: check
+CVE-2023-49258 (User browser may be forced to execute JavaScript and pass the
authenti ...)
+ TODO: check
+CVE-2023-49257 (An authenticated user is able to upload an arbitrary
CGI-compatible fi ...)
+ TODO: check
+CVE-2023-49256 (It is possible to download the configuration backup without
authorizat ...)
+ TODO: check
+CVE-2023-49255 (The router console is accessible without authentication at
"data" fiel ...)
+ TODO: check
+CVE-2023-49254 (Authenticated user can execute arbitrary commands in the
context of th ...)
+ TODO: check
+CVE-2023-49253 (Root user password is hardcoded into the device and cannot be
changed ...)
+ TODO: check
+CVE-2023-48909 (An issue was discovered in Jave2 version 3.3.1, allows
attackers to ex ...)
+ TODO: check
+CVE-2023-46805 (An authentication bypass vulnerability in the web component of
Ivanti ...)
+ TODO: check
+CVE-2010-10011 (A vulnerability, which was classified as problematic, was
found in Acr ...)
+ TODO: check
CVE-2024-XXXX [spip XSS]
- spip 4.1.15+dfsg-1
[bookworm] - spip <no-dsa> (Minor issue)
[bullseye] - spip <not-affected> (Vulnerable code not present)
-CVE-2023-6955
+CVE-2023-6955 (An improper access control vulnerability exists in GitLab
Remote Devel ...)
- gitlab <unfixed>
-CVE-2023-4812
+CVE-2023-4812 (An issue has been discovered in GitLab EE affecting all
versions start ...)
- gitlab <unfixed>
-CVE-2023-5356
+CVE-2023-5356 (Incorrect authorization checks in GitLab CE/EE from all
versions start ...)
- gitlab <unfixed>
-CVE-2023-7028
+CVE-2023-7028 (An issue has been discovered in GitLab CE/EE affecting all
versions fr ...)
- gitlab <unfixed>
CVE-2024-23179 (An issue was discovered in the GlobalBlocking extension in
MediaWiki b ...)
NOT-FOR-US: MediaWiki extension GlobalBlocking
@@ -86,7 +154,7 @@ CVE-2023-7226 (A vulnerability was found in meetyoucrop
big-whale 1.1 and classi
NOT-FOR-US: meetyoucrop big-whale
CVE-2023-6740 (Privilege escalation in jar_signature agent plugin in Checkmk
before 2 ...)
- check-mk <removed>
-CVE-2023-6735 (Privilege escalation in mk_tsm agent plugin in Checkmk before
2.2.0p17 ...)
+CVE-2023-6735 (Privilege escalation in mk_tsm agent plugin in Checkmk before
2.2.0p18 ...)
- check-mk <removed>
CVE-2023-6040 (An out-of-bounds access vulnerability involving netfilter was
reported ...)
- linux 5.18.2-1
@@ -13078,7 +13146,7 @@ CVE-2023-46249 (authentik is an open-source Identity
Provider. Prior to versions
NOT-FOR-US: authentik
CVE-2023-46248 (Cody is an artificial intelligence (AI) coding assistant. The
Cody AI ...)
NOT-FOR-US: Cody
-CVE-2023-46245 (Kimai is a web-based multi-user time-tracking application.
Versions 2. ...)
+CVE-2023-46245 (Kimai is a web-based multi-user time-tracking application.
Versions pr ...)
NOT-FOR-US: Kimai
CVE-2023-46240 (CodeIgniter is a PHP full-stack web framework. Prior to
CodeIgniter4 v ...)
NOT-FOR-US: CodeIgniter
@@ -37649,7 +37717,7 @@ CVE-2023-31213 (Auth. (contributor+) Stored Cross-Site
Scripting (XSS) vulnerabi
NOT-FOR-US: WordPress plugin
CVE-2023-31212 (Improper Neutralization of Special Elements used in an SQL
Command ('S ...)
NOT-FOR-US: WordPress plugin
-CVE-2023-31211 (Insufficient authentication flow in Checkmk before 2.2.0p17,
2.1.0p37 ...)
+CVE-2023-31211 (Insufficient authentication flow in Checkmk before 2.2.0p18,
2.1.0p38 ...)
TODO: check
CVE-2023-31210 (Usage of user controlled LD_LIBRARY_PATH in agent in Checkmk
2.2.0p10 ...)
- check-mk <removed>
@@ -38164,32 +38232,32 @@ CVE-2012-10013 (A vulnerability was found in Kau-Boy
Backend Localization Plugin
NOT-FOR-US: WordPress plugin
CVE-2023-31037
RESERVED
-CVE-2023-31036
- RESERVED
-CVE-2023-31035
- RESERVED
-CVE-2023-31034
- RESERVED
-CVE-2023-31033
- RESERVED
-CVE-2023-31032
- RESERVED
-CVE-2023-31031
- RESERVED
-CVE-2023-31030
- RESERVED
-CVE-2023-31029
- RESERVED
+CVE-2023-31036 (NVIDIA Triton Inference Server for Linux and Windows contains
a vulner ...)
+ TODO: check
+CVE-2023-31035 (NVIDIA DGX A100 SBIOS contains a vulnerability where an
attacker may c ...)
+ TODO: check
+CVE-2023-31034 (NVIDIA DGX A100 SBIOS contains a vulnerability where a local
attacker ...)
+ TODO: check
+CVE-2023-31033 (NVIDIA DGX A100 BMC contains a vulnerability where a user may
cause a ...)
+ TODO: check
+CVE-2023-31032 (NVIDIA DGX A100 SBIOS contains a vulnerability where a user
may cause ...)
+ TODO: check
+CVE-2023-31031 (NVIDIA DGX A100 SBIOS contains a vulnerability where a user
may cause ...)
+ TODO: check
+CVE-2023-31030 (NVIDIA DGX A100 BMC contains a vulnerability in the host KVM
daemon, w ...)
+ TODO: check
+CVE-2023-31029 (NVIDIA DGX A100 baseboard management controller (BMC) contains
a vulne ...)
+ TODO: check
CVE-2023-31028
RESERVED
CVE-2023-31027 (NVIDIA GPU Display Driver for Windows contains a vulnerability
that al ...)
NOT-FOR-US: NVIDIA
CVE-2023-31026 (NVIDIA vGPU software for Windows and Linux contains a
vulnerability in ...)
NOT-FOR-US: NVIDIA (vGPU not packaged in Debian)
-CVE-2023-31025
- RESERVED
-CVE-2023-31024
- RESERVED
+CVE-2023-31025 (NVIDIA DGX A100 BMC contains a vulnerability where an attacker
may cau ...)
+ TODO: check
+CVE-2023-31024 (NVIDIA DGX A100 BMC contains a vulnerability in the host KVM
daemon, w ...)
+ TODO: check
CVE-2023-31023 (NVIDIA Display Driver for Windows contains a vulnerability
where an at ...)
NOT-FOR-US: NVIDIA
CVE-2023-31022 (NVIDIA GPU Display Driver for Windows and Linux contains a
vulnerabili ...)
@@ -39746,8 +39814,7 @@ CVE-2023-2032 (The Custom 404 Pro WordPress plugin
before 3.8.1 does not properl
NOT-FOR-US: WordPress plugin
CVE-2023-2031 (The Locatoraid Store Locator plugin for WordPress is vulnerable
to Sto ...)
NOT-FOR-US: WordPress plugin
-CVE-2023-2030
- RESERVED
+CVE-2023-2030 (An issue has been discovered in GitLab CE/EE affecting all
versions fr ...)
- gitlab <unfixed>
CVE-2023-2029 (The PrePost SEO WordPress plugin through 3.0 does not properly
sanitiz ...)
NOT-FOR-US: WordPress plugin
@@ -41215,12 +41282,12 @@ CVE-2023-30018 (Judging Management System v1.0 is
vulnerable to SQL Injection. v
NOT-FOR-US: Judging Management System
CVE-2023-30017
RESERVED
-CVE-2023-30016
- RESERVED
-CVE-2023-30015
- RESERVED
-CVE-2023-30014
- RESERVED
+CVE-2023-30016 (SQL Injection vulnerability in oretnom23 Judging Management
System v1. ...)
+ TODO: check
+CVE-2023-30015 (SQL Injection vulnerability in oretnom23 Judging Management
System v1. ...)
+ TODO: check
+CVE-2023-30014 (SQL Injection vulnerability in oretnom23 Judging Management
System v1. ...)
+ TODO: check
CVE-2023-30013 (TOTOLINK X5000R V9.1.0u.6118_B20201102 and
V9.1.0u.6369_B20230113 cont ...)
NOT-FOR-US: TOTOLINK
CVE-2023-30012
@@ -44679,12 +44746,12 @@ CVE-2023-28901
RESERVED
CVE-2023-28900
RESERVED
-CVE-2023-28899
- RESERVED
-CVE-2023-28898
- RESERVED
-CVE-2023-28897
- RESERVED
+CVE-2023-28899 (By sending a specific reset UDS request via OBDII port of
Skoda vehicl ...)
+ TODO: check
+CVE-2023-28898 (The Real-Time Streaming Protocol implementation in the MIB3
infotainme ...)
+ TODO: check
+CVE-2023-28897 (The secret value used for access to critical UDS services of
the MIB3 ...)
+ TODO: check
CVE-2023-28896 (Access to critical Unified Diagnostics Services (UDS) of the
Modular I ...)
NOT-FOR-US: Skoda
CVE-2023-28895 (The password for access to the debugging console of the PoWer
Controll ...)
@@ -58903,8 +58970,8 @@ CVE-2023-0439 (The NEX-Forms WordPress plugin before
8.4.4 does not escape its f
NOT-FOR-US: WordPress plugin
CVE-2023-0438 (Cross-Site Request Forgery (CSRF) in GitHub repository
modoboa/modoboa ...)
NOT-FOR-US: Modoboa
-CVE-2023-0437
- RESERVED
+CVE-2023-0437 (When calling bson_utf8_validateon some inputs a loop with an
exit cond ...)
+ TODO: check
CVE-2023-0436 (The affected versions of MongoDB Atlas Kubernetes Operator may
print s ...)
NOT-FOR-US: MongoDB Atlas Kubernetes Operator
CVE-2022-48282 (Under very specific circumstances (see Required configuration
section ...)
View it on GitLab:
https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/d339433a4e85da24c1cfe6e24769ad2cf80ee41c
--
View it on GitLab:
https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/d339433a4e85da24c1cfe6e24769ad2cf80ee41c
You're receiving this email because of your account on salsa.debian.org.
_______________________________________________
debian-security-tracker-commits mailing list
[email protected]
https://alioth-lists.debian.net/cgi-bin/mailman/listinfo/debian-security-tracker-commits
