Salvatore Bonaccorso pushed to branch master at Debian Security Tracker /
security-tracker
Commits:
76982af8 by security tracker role at 2024-01-19T20:12:17+00:00
automatic update
- - - - -
1 changed file:
- data/CVE/list
Changes:
=====================================
data/CVE/list
=====================================
@@ -1,4 +1,134 @@
-CVE-2024-21733 [Leaking of unrelated request bodies in default error page]
+CVE-2024-23331 (Vite is a frontend tooling framework for javascript. The Vite
dev serv ...)
+ TODO: check
+CVE-2024-23329 (changedetection.io is an open source tool designed to monitor
websites ...)
+ TODO: check
+CVE-2024-22957 (swftools 0.9.2 was discovered to contain an Out-of-bounds Read
vulnera ...)
+ TODO: check
+CVE-2024-22956 (swftools 0.9.2 was discovered to contain a heap-use-after-free
vulnera ...)
+ TODO: check
+CVE-2024-22955 (swftools 0.9.2 was discovered to contain a
stack-buffer-underflow vuln ...)
+ TODO: check
+CVE-2024-22920 (swftools 0.9.2 was discovered to contain a heap-use-after-free
via the ...)
+ TODO: check
+CVE-2024-22919 (swftools0.9.2 was discovered to contain a
global-buffer-overflow vulne ...)
+ TODO: check
+CVE-2024-22915 (A heap-use-after-free was found in SWFTools v0.9.2, in the
function sw ...)
+ TODO: check
+CVE-2024-22914 (A heap-use-after-free was found in SWFTools v0.9.2, in the
function in ...)
+ TODO: check
+CVE-2024-22913 (A heap-buffer-overflow was found in SWFTools v0.9.2, in the
function s ...)
+ TODO: check
+CVE-2024-22912 (A global-buffer-overflow was found in SWFTools v0.9.2, in the
function ...)
+ TODO: check
+CVE-2024-22911 (A stack-buffer-underflow vulnerability was found in SWFTools
v0.9.2, i ...)
+ TODO: check
+CVE-2024-22877 (StrangeBee TheHive 5.2.0 to 5.2.8 is vulnerable to Cross Site
Scriptin ...)
+ TODO: check
+CVE-2024-22876 (StrangeBee TheHive 5.1.0 to 5.1.9 and 5.2.0 to 5.2.8 is
vulnerable to ...)
+ TODO: check
+CVE-2024-22563 (openvswitch 2.17.8 was discovered to contain a memory leak via
the fun ...)
+ TODO: check
+CVE-2024-22562 (swftools 0.9.2 was discovered to contain a Stack Buffer
Underflow via ...)
+ TODO: check
+CVE-2024-22211 (FreeRDP is a set of free and open source remote desktop
protocol libra ...)
+ TODO: check
+CVE-2024-0732 (A vulnerability was found in PCMan FTP Server 2.0.7 and
classified as ...)
+ TODO: check
+CVE-2024-0731 (A vulnerability has been found in PCMan FTP Server 2.0.7 and
classifie ...)
+ TODO: check
+CVE-2024-0730 (A vulnerability, which was classified as critical, was found in
Projec ...)
+ TODO: check
+CVE-2024-0729 (A vulnerability, which was classified as critical, has been
found in F ...)
+ TODO: check
+CVE-2024-0728 (A vulnerability classified as problematic was found in ForU CMS
up to ...)
+ TODO: check
+CVE-2024-0726 (A vulnerability was found in Project Worlds Student Project
Allocation ...)
+ TODO: check
+CVE-2024-0725 (A vulnerability was found in ProSSHD 1.2 on Windows. It has
been decla ...)
+ TODO: check
+CVE-2024-0723 (A vulnerability was found in freeSSHd 1.0.9 on Windows. It has
been cl ...)
+ TODO: check
+CVE-2024-0722 (A vulnerability was found in code-projects Social Networking
Site 1.0 ...)
+ TODO: check
+CVE-2024-0721 (A vulnerability has been found in Jspxcms 10.2.0 and classified
as pro ...)
+ TODO: check
+CVE-2024-0720 (A vulnerability, which was classified as problematic, was found
in Fac ...)
+ TODO: check
+CVE-2024-0718 (A vulnerability, which was classified as problematic, has been
found i ...)
+ TODO: check
+CVE-2024-0717 (A vulnerability classified as critical was found in D-Link
DAP-1360, D ...)
+ TODO: check
+CVE-2024-0716 (A vulnerability classified as problematic has been found in
Beijing Ba ...)
+ TODO: check
+CVE-2024-0714 (A vulnerability was found in MiczFlor RPi-Jukebox-RFID up to
2.5.0. It ...)
+ TODO: check
+CVE-2024-0713 (A vulnerability was found in Monitorr 1.7.6m. It has been
declared as ...)
+ TODO: check
+CVE-2024-0712 (A vulnerability was found in Beijing Baichuo Smart S150
Management Pla ...)
+ TODO: check
+CVE-2024-0705 (The Stripe Payment Plugin for WooCommerce plugin for WordPress
is vuln ...)
+ TODO: check
+CVE-2024-0663
+ REJECTED
+CVE-2023-6450 (An incorrect permissions vulnerability was reported in the
Lenovo App ...)
+ TODO: check
+CVE-2023-6044 (A privilege escalation vulnerability was reported in Lenovo
Vantage th ...)
+ TODO: check
+CVE-2023-6043 (A privilege escalation vulnerability was reported in Lenovo
Vantage th ...)
+ TODO: check
+CVE-2023-5081 (An information disclosure vulnerability was reported in the
Lenovo Tab ...)
+ TODO: check
+CVE-2023-5080 (A privilege escalation vulnerability was reported in some
Lenovo table ...)
+ TODO: check
+CVE-2023-51948 (A Site-wide directory listing vulnerability in /fm in actidata
actiNAS ...)
+ TODO: check
+CVE-2023-51947 (Improper access control on nasSvr.php in actidata actiNAS SL
2U-8 RDX ...)
+ TODO: check
+CVE-2023-51946 (Multiple reflected cross-site scripting (XSS) vulnerabilities
in nasSv ...)
+ TODO: check
+CVE-2023-50694 (An issue in dom96 HTTPbeast v.0.4.1 and before allows a remote
attacke ...)
+ TODO: check
+CVE-2023-50693 (An issue in dom96 Jester v.0.6.0 and before allows a remote
attacker t ...)
+ TODO: check
+CVE-2023-50447 (Pillow through 10.1.0 allows PIL.ImageMath.eval Arbitrary Code
Executi ...)
+ TODO: check
+CVE-2023-50030 (In the module "Jms Setting" (jmssetting) from Joommasters for
PrestaSh ...)
+ TODO: check
+CVE-2023-50028 (In the module "Sliding cart block" (blockslidingcart) up to
version 2. ...)
+ TODO: check
+CVE-2023-47035 (RPTC 0x3b08c was discovered to not conduct status checks on
the parame ...)
+ TODO: check
+CVE-2023-47034 (A vulnerability in UniswapFrontRunBot 0xdB94c allows attackers
to caus ...)
+ TODO: check
+CVE-2023-47033 (MultiSigWallet 0xF0C99 was discovered to contain a reentrancy
vulnerab ...)
+ TODO: check
+CVE-2023-46351 (In the module mib < 1.6.1 from MyPresta.eu for PrestaShop, a
guest can ...)
+ TODO: check
+CVE-2023-45485
+ REJECTED
+CVE-2023-43985 (SunnyToo stblogsearch up to v1.0.0 was discovered to contain a
SQL inj ...)
+ TODO: check
+CVE-2023-43956
+ REJECTED
+CVE-2023-42766 (Improper input validation in some Intel NUC 8 Compute Element
BIOS fir ...)
+ TODO: check
+CVE-2023-42429 (Improper buffer restrictions in some Intel NUC BIOS firmware
may allow ...)
+ TODO: check
+CVE-2023-38587 (Improper input validation in some Intel NUC BIOS firmware may
allow a ...)
+ TODO: check
+CVE-2023-38541 (Insecure inherited permissions in some Intel HID Event Filter
drivers ...)
+ TODO: check
+CVE-2023-33295 (Cohesity DataProtect 6.8.1 and 6.6.0d was discovered to have a
incorre ...)
+ TODO: check
+CVE-2023-32544 (Improper access control in some Intel HotKey Services for
Windows 10 f ...)
+ TODO: check
+CVE-2023-32272 (Uncontrolled search path in some Intel NUC Pro Software Suite
Configur ...)
+ TODO: check
+CVE-2023-29495 (Improper input validation for some Intel NUC BIOS firmware
before vers ...)
+ TODO: check
+CVE-2023-28743 (Improper input validation for some Intel NUC BIOS firmware
before vers ...)
+ TODO: check
+CVE-2024-21733 (Generation of Error Message Containing Sensitive Information
vulnerabi ...)
- tomcat9 9.0.53-1
NOTE: https://www.openwall.com/lists/oss-security/2024/01/19/2
NOTE:
https://github.com/apache/tomcat/commit/86ccc43940861703c2be96a5f35384407522125a
(9.0.44)
@@ -12905,13 +13035,17 @@ CVE-2023-47111 (ZITADEL provides identity
infrastructure. ZITADEL provides admin
NOT-FOR-US: ZITADEL
CVE-2023-47109 (PrestaShop blockreassurance adds an information block aimed at
offerin ...)
NOT-FOR-US: PrestaShop blockreassurance
-CVE-2023-47008 (An issue in ASUS RT-AX57 v.3.0.0.4_386_52041 allows a remote
attacker ...)
+CVE-2023-47008
+ REJECTED
NOT-FOR-US: ASUS
-CVE-2023-47007 (An issue in ASUS RT-AX57 v.3.0.0.4_386_52041 allows a remote
attacker ...)
+CVE-2023-47007
+ REJECTED
NOT-FOR-US: ASUS
-CVE-2023-47006 (An issue in ASUS RT-AX57 v.3.0.0.4_386_52041 allows a remote
attacker ...)
+CVE-2023-47006
+ REJECTED
NOT-FOR-US: ASUS
-CVE-2023-47005 (An issue in ASUS RT-AX57 v.3.0.0.4_386_52041 allows a remote
attacker ...)
+CVE-2023-47005
+ REJECTED
NOT-FOR-US: ASUS
CVE-2023-46492 (Cross Site Scripting vulnerability in MLDB.ai v.2017.04.17.0
allows a ...)
NOT-FOR-US: MLDB.ai
@@ -40939,8 +41073,8 @@ CVE-2023-29162
RESERVED
CVE-2023-28740 (Uncontrolled search path element in some Intel(R) QAT drivers
for Wind ...)
NOT-FOR-US: Intel
-CVE-2023-28722
- RESERVED
+CVE-2023-28722 (Improper buffer restrictions for some Intel NUC BIOS firmware
before v ...)
+ TODO: check
CVE-2023-28407
RESERVED
CVE-2023-28388 (Uncontrolled search path element in some Intel(R) Chipset
Device Softw ...)
@@ -43865,8 +43999,8 @@ CVE-2023-29465 (SageMath FlintQS 1.0 relies on
pathnames under TMPDIR (typically
NOTE: https://github.com/sagemath/FlintQS/issues/3
NOTE: https://github.com/sagemath/sage/pull/35419
NOTE: Neutralised by kernel hardening
-CVE-2023-29244
- RESERVED
+CVE-2023-29244 (Incorrect default permissions in some Intel Integrated Sensor
Hub (ISH ...)
+ TODO: check
CVE-2023-29165 (Unquoted search path or element in some Intel(R) Arc(TM) &
Iris(R) Xe ...)
NOT-FOR-US: Intel
CVE-2023-28823 (Uncontrolled search path in some Intel(R) oneAPI Toolkit and
component ...)
@@ -45808,8 +45942,8 @@ CVE-2023-28939
RESERVED
CVE-2023-28739
RESERVED
-CVE-2023-28738
- RESERVED
+CVE-2023-28738 (Improper input validation for some Intel NUC BIOS firmware
before vers ...)
+ TODO: check
CVE-2023-28721
RESERVED
CVE-2023-28658 (Insecure inherited permissions in some Intel(R) oneMKL
software before ...)
@@ -51849,8 +51983,8 @@ CVE-2023-27170 (Xpand IT Write-back manager v2.3.1
allows attackers to perform a
NOT-FOR-US: Xpand IT Write-back manager
CVE-2023-27169 (Xpand IT Write-back manager v2.3.1 uses a hardcoded salt in
license cl ...)
NOT-FOR-US: Xpand IT Write-back manager
-CVE-2023-27168
- RESERVED
+CVE-2023-27168 (An arbitrary file upload vulnerability in Xpand IT Write-back
Manager ...)
+ TODO: check
CVE-2023-27167 (Suprema BioStar 2 v2.8.16 was discovered to contain a SQL
injection vu ...)
NOT-FOR-US: Suprema BioStar
CVE-2023-27166
@@ -71402,8 +71536,8 @@ CVE-2022-47162 (Cross-Site Request Forgery (CSRF)
vulnerability in Dannie Herdya
NOT-FOR-US: WordPress plugin
CVE-2022-47161 (Cross-Site Request Forgery (CSRF) vulnerability in The
WordPress.Org c ...)
NOT-FOR-US: WordPress plugin
-CVE-2022-47160
- RESERVED
+CVE-2022-47160 (Exposure of Sensitive Information to an Unauthorized Actor
vulnerabili ...)
+ TODO: check
CVE-2022-47159 (Cross-Site Request Forgery (CSRF) vulnerability in Logaster
Logaster L ...)
NOT-FOR-US: WordPress plugin
CVE-2022-47158 (Auth. (admin+) Stored Cross-Site Scripting (XSS) vulnerability
in Pakp ...)
@@ -75522,8 +75656,8 @@ CVE-2022-45847
RESERVED
CVE-2022-45846 (Cross-Site Request Forgery (CSRF) vulnerability in Nickys
Image Map Pr ...)
NOT-FOR-US: WordPress plugin
-CVE-2022-45845
- RESERVED
+CVE-2022-45845 (Deserialization of Untrusted Data vulnerability in Nextend
Smart Slide ...)
+ TODO: check
CVE-2022-45844
RESERVED
CVE-2022-45843 (Auth. (contributor+) Stored Cross-Site Scripting vulnerability
in Next ...)
@@ -77914,8 +78048,8 @@ CVE-2022-45085 (Server-Side Request Forgery (SSRF)
vulnerability in Group Arge E
NOT-FOR-US: Group Arge Energy and Control Systems Smartpower Web
CVE-2022-45084 (Unauth. Reflected Cross-Site Scripting (XSS) vulnerability in
Softacul ...)
NOT-FOR-US: WordPress plugin
-CVE-2022-45083
- RESERVED
+CVE-2022-45083 (Deserialization of Untrusted Data vulnerability in
ProfilePress Member ...)
+ TODO: check
CVE-2022-45082 (Multiple Auth. (admin+) Stored Cross-Site Scripting (XSS)
vulnerabilit ...)
NOT-FOR-US: WordPress plugin
CVE-2022-45081
@@ -90486,8 +90620,8 @@ CVE-2022-40966 (Authentication bypass vulnerability in
multiple Buffalo network
NOT-FOR-US: Buffalo
CVE-2022-40702 (Missing Authorization vulnerability in Zorem Advanced Local
Pickup for ...)
NOT-FOR-US: WordPress plugin
-CVE-2022-40700
- RESERVED
+CVE-2022-40700 (Server-Side Request Forgery (SSRF) vulnerability in Montonio
Montonio ...)
+ TODO: check
CVE-2022-40699 (Cross-Site Scripting (XSS) vulnerability in Dario Curvino Yasr
\u2013 ...)
NOT-FOR-US: WordPress plugin
CVE-2022-40697 (Auth. (admin+) Stored Cross-Site Scripting (XSS) vulnerability
in3com ...)
View it on GitLab:
https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/76982af8dfabb1ca218d46f77b1837fd7062fa3b
--
View it on GitLab:
https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/76982af8dfabb1ca218d46f77b1837fd7062fa3b
You're receiving this email because of your account on salsa.debian.org.
_______________________________________________
debian-security-tracker-commits mailing list
debian-security-tracker-commits@alioth-lists.debian.net
https://alioth-lists.debian.net/cgi-bin/mailman/listinfo/debian-security-tracker-commits
