[Git][security-tracker-team/security-tracker][master] automatic update

Salvatore Bonaccorso (@carnil) Mon, 22 Jan 2024 12:12:28 -0800


Salvatore Bonaccorso pushed to branch master at Debian Security Tracker / 
security-tracker



Commits:
7d046261 by security tracker role at 2024-01-22T20:12:08+00:00
automatic update

- - - - -


1 changed file:

- data/CVE/list


Changes:

=====================================
data/CVE/list
=====================================
@@ -1,3 +1,65 @@
+CVE-2024-22895 (DedeCMS 5.7.112 has a File Upload vulnerability via 
uploads/dede/modul ...)
+       TODO: check
+CVE-2024-22233 (In Spring Framework versions 6.0.15 and 6.1.2, it is possible 
for a us ...)
+       TODO: check
+CVE-2024-0784 (A vulnerability was found in biantaibao octopus 1.0. It has 
been class ...)
+       TODO: check
+CVE-2024-0783 (A vulnerability was found in Project Worlds Online Admission 
System 1. ...)
+       TODO: check
+CVE-2024-0782 (A vulnerability has been found in CodeAstro Online Railway 
Reservation ...)
+       TODO: check
+CVE-2024-0781 (A vulnerability, which was classified as problematic, was found 
in Cod ...)
+       TODO: check
+CVE-2024-0778 (** UNSUPPORTED WHEN ASSIGNED ** A vulnerability, which was 
classified  ...)
+       TODO: check
+CVE-2024-0706
+       REJECTED
+CVE-2024-0606 (An attacker could execute unauthorized script on a legitimate 
site thr ...)
+       TODO: check
+CVE-2024-0605 (Using a javascript: URI with a setTimeout race condition, an 
attacker  ...)
+       TODO: check
+CVE-2024-0430 (IObit Malware Fighter v11.0.0.1274 is vulnerable to a Denial of 
Servic ...)
+       TODO: check
+CVE-2024-0204 (Authentication bypass in Fortra's GoAnywhere MFT prior to 7.4.1 
allows ...)
+       TODO: check
+CVE-2023-7194 (The Meris WordPress theme through 1.1.2 does not sanitise and 
escape s ...)
+       TODO: check
+CVE-2023-7170 (The EventON-RSVP WordPress plugin before 2.9.5 does not 
sanitise and e ...)
+       TODO: check
+CVE-2023-7082 (The Import any XML or CSV File to WordPress plugin before 3.7.3 
accept ...)
+       TODO: check
+CVE-2023-6626 (The Product Enquiry for WooCommerce WordPress plugin before 3.1 
does n ...)
+       TODO: check
+CVE-2023-6625 (The Product Enquiry for WooCommerce WordPress plugin before 3.1 
does n ...)
+       TODO: check
+CVE-2023-6456 (The WP Review Slider WordPress plugin before 13.0 does not 
sanitise an ...)
+       TODO: check
+CVE-2023-6447 (The EventPrime WordPress plugin before 3.3.6 lacks 
authentication and  ...)
+       TODO: check
+CVE-2023-6384 (The WP User Profile Avatar WordPress plugin before 1.0.1 does 
not prop ...)
+       TODO: check
+CVE-2023-6290 (The SEOPress WordPress plugin before 7.3 does not sanitise and 
escape  ...)
+       TODO: check
+CVE-2023-50308 (IBM Db2 for Linux, UNIX and Windows (includes DB2 Connect 
Server) 11.5 ...)
+       TODO: check
+CVE-2023-48118 (SQL Injection vulnerability in Quest Analytics LLC IQCRM 
v.2023.9.5 al ...)
+       TODO: check
+CVE-2023-47747 (IBM DB2 for Linux, UNIX and Windows (includes Db2 Connect 
Server) 10.1 ...)
+       TODO: check
+CVE-2023-47746 (IBM Db2 for Linux, UNIX and Windows (includes Db2 Connect 
Server) 10.5 ...)
+       TODO: check
+CVE-2023-47158 (IBM DB2 for Linux, UNIX and Windows (includes Db2 Connect 
Server) 10.1 ...)
+       TODO: check
+CVE-2023-47152 (IBM Db2 for Linux, UNIX and Windows (includes Db2 Connect 
Server) 11.5 ...)
+       TODO: check
+CVE-2023-45193 (IBM Db2 for Linux, UNIX and Windows (includes Db2 Connect 
Server) 11.5 ...)
+       TODO: check
+CVE-2023-44395 (Autolab is a course management service that enables 
instructors to off ...)
+       TODO: check
+CVE-2020-36772 (CloudLinux  CageFS 7.0.8-2 or below insufficiently restricts 
file path ...)
+       TODO: check
+CVE-2020-36771 (CloudLinux  CageFS 7.1.1-1 or below passes the authentication 
token as ...)
+       TODO: check
 CVE-2023-46838
        - linux <unfixed>
        NOTE: CVE-2023-46838
@@ -45,7 +107,7 @@ CVE-2023-47352 (Technicolor TC8715D devices have predictable 
default WPA2 securi
        NOT-FOR-US: Technicolor
 CVE-2017-20189 (In Clojure before 1.9.0, classes can be used to construct a 
serialized ...)
        - clojure 1.9.0-1
-CVE-2024-0775 [ext4: improve error recovery code paths in __ext4_remount()]
+CVE-2024-0775 (A use-after-free flaw was found in the __ext4_remount in 
fs/ext4/super ...)
        - linux 6.3.7-1
        [bookworm] - linux 6.1.37-1
        [bullseye] - linux 5.10.191-1
@@ -4913,7 +4975,7 @@ CVE-2023-51765 (sendmail through 8.17.2 allows SMTP 
smuggling in certain configu
        NOTE: 
https://sec-consult.com/blog/detail/smtp-smuggling-spoofing-e-mails-worldwide/
        NOTE: https://www.openwall.com/lists/oss-security/2023/12/21/6
        NOTE: https://www.openwall.com/lists/oss-security/2023/12/26/5
-CVE-2023-51764 (Postfix through 3.8.4 allows SMTP smuggling unless configured 
with smt ...)
+CVE-2023-51764 (Postfix through 3.8.5 allows SMTP smuggling unless configured 
with smt ...)
        - postfix 3.8.4-1 (bug #1059230)
        [bookworm] - postfix <no-dsa> (Minor issue; mitigations exist)
        [bullseye] - postfix <no-dsa> (Minor issue; mitigations exist)
@@ -50065,8 +50127,8 @@ CVE-2023-27861 (IBM Maximo Application Suite - Manage 
Component 8.8.0 and 8.9.0
        NOT-FOR-US: IBM
 CVE-2023-27860 (IBM Maximo Asset Management 7.6.1.2 and 7.6.1.3 could disclose 
sensiti ...)
        NOT-FOR-US: IBM
-CVE-2023-27859
-       RESERVED
+CVE-2023-27859 (IBM Db2 10.1, 10.5, and 11.1 could allow a remote user to 
execute arbi ...)
+       TODO: check
 CVE-2023-27858 (Rockwell Automation Arena Simulation contains an arbitrary 
code execut ...)
        NOT-FOR-US: Rockwell Automation
 CVE-2023-27857 (In affected versions, a heap-based buffer over-read condition 
occurs w ...)
@@ -76015,17 +76077,17 @@ CVE-2022-45797 (An arbitrary file deletion 
vulnerability in the Damage Cleanup E
 CVE-2022-45796 (Command injection vulnerability in nw_interface.html in SHARP 
multifun ...)
        NOT-FOR-US: SHARP
 CVE-2022-45795
-       RESERVED
+       REJECTED
 CVE-2022-45794 (An attacker with network access to the affected PLC (CJ-series 
and CS- ...)
        NOT-FOR-US: CS/CJ-series Programmable Controllers
-CVE-2022-45793 ([PROBLEMTYPE] in [VENDOR] [PRODUCT] [VERSION] on [PLATFORMS] 
allows [A ...)
+CVE-2022-45793 (Sysmac Studio installs executables in a directory with poor 
permission ...)
        NOT-FOR-US: Omron
-CVE-2022-45792
-       RESERVED
+CVE-2022-45792 (Project files may contain malicious contents which the 
software will u ...)
+       TODO: check
 CVE-2022-45791
-       RESERVED
-CVE-2022-45790
-       RESERVED
+       REJECTED
+CVE-2022-45790 (The Omron FINS protocol has an authenticated feature to 
prevent access ...)
+       TODO: check
 CVE-2022-45789 (A CWE-294: Authentication Bypass by Capture-replay 
vulnerability exist ...)
        NOT-FOR-US: Schneider Electric
 CVE-2022-45788 (A CWE-754: Improper Check for Unusual or Exceptional 
Conditions vulner ...)



View it on GitLab: 
https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/7d046261698bb427b0f8cc4a3bb18b7cf423c81a

-- 
View it on GitLab: 
https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/7d046261698bb427b0f8cc4a3bb18b7cf423c81a
You're receiving this email because of your account on salsa.debian.org.

_______________________________________________
debian-security-tracker-commits mailing list
debian-security-tracker-commits@alioth-lists.debian.net
https://alioth-lists.debian.net/cgi-bin/mailman/listinfo/debian-security-tracker-commits

[Git][security-tracker-team/security-tracker][master] automatic update

Reply via email to