Salvatore Bonaccorso pushed to branch master at Debian Security Tracker /
security-tracker
Commits:
e26d0b21 by security tracker role at 2024-01-18T08:12:20+00:00
automatic update
- - - - -
1 changed file:
- data/CVE/list
Changes:
=====================================
data/CVE/list
=====================================
@@ -1,3 +1,87 @@
+CVE-2024-23525 (The Spreadsheet::ParseXLSX package before 0.30 for Perl allows
XXE att ...)
+ TODO: check
+CVE-2024-22416 (pyLoad is a free and open-source Download Manager written in
pure Pyth ...)
+ TODO: check
+CVE-2024-22414 (flaskBlog is a simple blog app built with Flask. Improper
storage and ...)
+ TODO: check
+CVE-2024-22410 (Creditcoin is a network that enables cross-blockchain credit
transacti ...)
+ TODO: check
+CVE-2024-0655 (A vulnerability has been found in Novel-Plus 4.3.0-RC1 and
classified ...)
+ TODO: check
+CVE-2024-0654 (A vulnerability, which was classified as problematic, was found
in Dee ...)
+ TODO: check
+CVE-2024-0652 (A vulnerability was found in PHPGurukul Company Visitor
Management Sys ...)
+ TODO: check
+CVE-2024-0651 (A vulnerability was found in PHPGurukul Company Visitor
Management Sys ...)
+ TODO: check
+CVE-2024-0650 (A vulnerability was found in Project Worlds Visitor Management
System ...)
+ TODO: check
+CVE-2024-0649 (A vulnerability was found in ZhiHuiYun up to 4.4.13 and
classified as ...)
+ TODO: check
+CVE-2024-0648 (A vulnerability has been found in Yunyou CMS up to 2.2.6 and
classifie ...)
+ TODO: check
+CVE-2024-0381 (The WP Recipe Maker plugin for WordPress is vulnerable to
Stored Cross ...)
+ TODO: check
+CVE-2023-6970 (The WP Recipe Maker plugin for WordPress is vulnerable to
Reflected Cr ...)
+ TODO: check
+CVE-2023-6958 (The WP Recipe Maker plugin for WordPress is vulnerable to
Stored Cross ...)
+ TODO: check
+CVE-2023-6549 (Improper Restriction of Operations within the Bounds of a
Memory Buffe ...)
+ TODO: check
+CVE-2023-6548 (Improper Control of Generation of Code ('Code Injection') in
NetScaler ...)
+ TODO: check
+CVE-2023-6340 (SonicWall Capture Client version 3.7.10,NetExtender client
version 10. ...)
+ TODO: check
+CVE-2023-6184 (Cross SiteScripting vulnerability in Citrix Session Recording
allows a ...)
+ TODO: check
+CVE-2023-5914 (Cross-site scripting (XSS))
+ TODO: check
+CVE-2023-48858 (A Cross-site scripting (XSS) vulnerability in login page php
code in A ...)
+ TODO: check
+CVE-2023-48359 (In autotest driver, there is a possible out of bounds write
due to imp ...)
+ TODO: check
+CVE-2023-48358 (In drm driver, there is a possible out of bounds write due to
a missin ...)
+ TODO: check
+CVE-2023-48357 (In vsp driver, there is a possible out of bounds write due to
a missin ...)
+ TODO: check
+CVE-2023-48356 (In jpg driver, there is a possible out of bounds write due to
a missin ...)
+ TODO: check
+CVE-2023-48355 (In jpg driver, there is a possible out of bounds write due to
a missin ...)
+ TODO: check
+CVE-2023-48354 (In telephone service, there is a possible improper input
validation. T ...)
+ TODO: check
+CVE-2023-48353 (In vsp driver, there is a possible use after free due to a
logic error ...)
+ TODO: check
+CVE-2023-48352 (In phasecheckserver, there is a possible out of bounds write
due to a ...)
+ TODO: check
+CVE-2023-48351 (In video decoder, there is a possible out of bounds write due
to a mis ...)
+ TODO: check
+CVE-2023-48350 (In video decoder, there is a possible out of bounds write due
to a mis ...)
+ TODO: check
+CVE-2023-48349 (In video decoder, there is a possible out of bounds write due
to a mis ...)
+ TODO: check
+CVE-2023-48348 (In video decoder, there is a possible out of bounds write due
to impro ...)
+ TODO: check
+CVE-2023-48347 (In video decoder, there is a possible out of bounds read due
to improp ...)
+ TODO: check
+CVE-2023-48346 (In video decoder, there is a possible improper input
validation. This ...)
+ TODO: check
+CVE-2023-48345 (In video decoder, there is a possible out of bounds read due
to improp ...)
+ TODO: check
+CVE-2023-48344 (In video decoder, there is a possible out of bounds read due
to improp ...)
+ TODO: check
+CVE-2023-48343 (In video decoder, there is a possible out of bounds write due
to impro ...)
+ TODO: check
+CVE-2023-48342 (In media service, there is a possible out of bounds write due
to a mis ...)
+ TODO: check
+CVE-2023-48341 (In video decoder, there is a possible out of bounds read due
to improp ...)
+ TODO: check
+CVE-2023-48340 (In video decoder, there is a possible out of bounds write due
to impro ...)
+ TODO: check
+CVE-2023-48339 (In jpg driver, there is a possible missing permission check.
This coul ...)
+ TODO: check
+CVE-2021-4433 (A vulnerability was found in Karjasoft Sami HTTP Server 2.0. It
has be ...)
+ TODO: check
CVE-2024-22365 [pam_namespace: protect_dir(): use O_DIRECTORY to prevent local
DoS situations]
- pam <unfixed> (bug #1061097)
NOTE:
https://github.com/linux-pam/linux-pam/commit/031bb5a5d0d950253b68138b498dc93be69a64cb
(v1.6.0)
@@ -257,12 +341,15 @@ CVE-2024-0607 [netfilter: nf_tables: fix pointer math
issue in nft_byteorder_eva
[bookworm] - linux 6.1.64-1
NOTE:
https://git.kernel.org/linus/c301f0981fdd3fd1ffac6836b423c4d7a8e0eb63 (6.7-rc2)
CVE-2024-0519 (Out of bounds memory access in V8 in Google Chrome prior to
120.0.6099 ...)
+ {DSA-5602-1}
- chromium 120.0.6099.224-1
[buster] - chromium <end-of-life> (see DSA 5046)
CVE-2024-0518 (Type confusion in V8 in Google Chrome prior to 120.0.6099.224
allowed ...)
+ {DSA-5602-1}
- chromium 120.0.6099.224-1
[buster] - chromium <end-of-life> (see DSA 5046)
CVE-2024-0517 (Out of bounds write in V8 in Google Chrome prior to
120.0.6099.224 all ...)
+ {DSA-5602-1}
- chromium 120.0.6099.224-1
[buster] - chromium <end-of-life> (see DSA 5046)
CVE-2024-20922 (Vulnerability in the Oracle Java SE, Oracle GraalVM Enterprise
Edition ...)
@@ -461,7 +548,8 @@ CVE-2023-52098 (Denial of Service (DoS) vulnerability in
the DMS module. Success
NOT-FOR-US: Huawei
CVE-2023-52041 (An issue discovered in TOTOLINK X6000R V9.4.0cu.852_B20230719
allows a ...)
NOT-FOR-US: Totolink
-CVE-2023-51381 (Cross-site Scripting in thetag name pattern field in the tag
protectio ...)
+CVE-2023-51381
+ REJECTED
NOT-FOR-US: GitHub Enterprise Server
CVE-2023-4969 (A GPU kernel can read sensitive data from another GPU kernel
(even fro ...)
TODO: check
@@ -574,7 +662,7 @@ CVE-2024-0229 [Reattaching to different master device may
lead to out-of-bounds
NOTE:
https://gitlab.freedesktop.org/xorg/xserver/-/commit/ece23be888a93b741aa1209d1dbf64636109d6a5
NOTE:
https://gitlab.freedesktop.org/xorg/xserver/-/commit/219c54b8a3337456ce5270ded6a67bcde53553d5
NOTE:
https://gitlab.freedesktop.org/xorg/xserver/-/commit/df3c65706eb169d5938df0052059f3e0d5981b74
-CVE-2023-6816 [Heap buffer overflow in DeviceFocusEvent and ProcXIQueryPointer]
+CVE-2023-6816 (A flaw was found in X.Org server. Both DeviceFocusEvent and the
XIQuer ...)
- xorg-server 2:21.1.11-1
- xwayland 2:23.2.4-1
[bookworm] - xwayland <no-dsa> (Minor issue; Xwayland shouldn't be
running as root)
View it on GitLab:
https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/e26d0b21f7fd74b70267c59de798b47ee3beb1ec
--
View it on GitLab:
https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/e26d0b21f7fd74b70267c59de798b47ee3beb1ec
You're receiving this email because of your account on salsa.debian.org.
_______________________________________________
debian-security-tracker-commits mailing list
debian-security-tracker-commits@alioth-lists.debian.net
https://alioth-lists.debian.net/cgi-bin/mailman/listinfo/debian-security-tracker-commits
