[Git][security-tracker-team/security-tracker][master] automatic update

Salvatore Bonaccorso (@carnil) carnil at debian.org
Tue Apr 2 09:12:28 BST 2024 


Salvatore Bonaccorso pushed to branch master at Debian Security Tracker / security-tracker


Commits:
861da87f by security tracker role at 2024-04-02T08:12:13+00:00
automatic update

- - - - -


1 changed file:

- data/CVE/list


Changes:

=====================================
data/CVE/list
=====================================
@@ -1,3 +1,227 @@
+CVE-2024-3165 (System->Maintenance-> Log Files in dotCMS dashboard is providing the u ...)
+	TODO: check
+CVE-2024-3164 (In dotCMS dashboard, the Tools and Log Files tabs under System \u2192  ...)
+	TODO: check
+CVE-2024-3160 (** DISPUTED ** A vulnerability, which was classified as problematic, w ...)
+	TODO: check
+CVE-2024-3148 (A vulnerability, which was classified as critical, has been found in D ...)
+	TODO: check
+CVE-2024-3147 (A vulnerability classified as problematic was found in DedeCMS 5.7. Th ...)
+	TODO: check
+CVE-2024-3146 (A vulnerability classified as problematic has been found in DedeCMS 5. ...)
+	TODO: check
+CVE-2024-3145 (A vulnerability was found in DedeCMS 5.7. It has been rated as problem ...)
+	TODO: check
+CVE-2024-3144 (A vulnerability was found in DedeCMS 5.7. It has been declared as prob ...)
+	TODO: check
+CVE-2024-3143 (A vulnerability was found in DedeCMS 5.7. It has been classified as pr ...)
+	TODO: check
+CVE-2024-3142 (A vulnerability was found in Clavister E10 and E80 up to 20240323 and  ...)
+	TODO: check
+CVE-2024-3141 (A vulnerability has been found in Clavister E10 and E80 up to 20240323 ...)
+	TODO: check
+CVE-2024-3140 (A vulnerability, which was classified as problematic, was found in Sou ...)
+	TODO: check
+CVE-2024-3139 (A vulnerability, which was classified as critical, has been found in S ...)
+	TODO: check
+CVE-2024-3138 (** DISPUTED ** A vulnerability was found in francoisjacquet RosarioSIS ...)
+	TODO: check
+CVE-2024-3137 (Improper Privilege Management in uvdesk/community-skeleton)
+	TODO: check
+CVE-2024-31005 (An issue in Bento4 Bento v.1.6.0-641 allows a remote attacker to execu ...)
+	TODO: check
+CVE-2024-31004 (An issue in Bento4 Bento v.1.6.0-641 allows a remote attacker to execu ...)
+	TODO: check
+CVE-2024-31003 (Buffer Overflow vulnerability in Bento4 Bento v.1.6.0-641 allows a rem ...)
+	TODO: check
+CVE-2024-31002 (Buffer Overflow vulnerability in Bento4 Bento v.1.6.0-641 allows a rem ...)
+	TODO: check
+CVE-2024-2925 (The Beaver Builder \u2013 WordPress Page Builder plugin for WordPress  ...)
+	TODO: check
+CVE-2024-2924 (The Creative Addons for Elementor plugin for WordPress is vulnerable t ...)
+	TODO: check
+CVE-2024-2839 (The Colibri Page Builder plugin for WordPress is vulnerable to Stored  ...)
+	TODO: check
+CVE-2024-2791 (The Metform Elementor Contact Form Builder plugin for WordPress is vul ...)
+	TODO: check
+CVE-2024-2369 (The Page Builder Gutenberg Blocks  WordPress plugin before 3.1.7 does  ...)
+	TODO: check
+CVE-2024-29276 (An issue was discovered in seeyonOA version 8, allows remote attackers ...)
+	TODO: check
+CVE-2024-29086 (in OpenHarmony v3.2.4 and prior versions allow a local attacker cause  ...)
+	TODO: check
+CVE-2024-29074 (in OpenHarmony v3.2.4 and prior versions allow a local attacker arbitr ...)
+	TODO: check
+CVE-2024-28951 (in OpenHarmony v4.0.0 and prior versions allow a local attacker arbitr ...)
+	TODO: check
+CVE-2024-28226 (in OpenHarmony v4.0.0 and prior versions allow a remote attacker cause ...)
+	TODO: check
+CVE-2024-27334 (Kofax Power PDF JPG File Parsing Out-Of-Bounds Read Information Disclo ...)
+	TODO: check
+CVE-2024-27333 (Kofax Power PDF GIF File Parsing Out-Of-Bounds Read Information Disclo ...)
+	TODO: check
+CVE-2024-27332 (PDF-XChange Editor JPG File Parsing Out-Of-Bounds Read Information Dis ...)
+	TODO: check
+CVE-2024-27331 (PDF-XChange Editor EMF File Parsing Out-Of-Bounds Read Information Dis ...)
+	TODO: check
+CVE-2024-27330 (PDF-XChange Editor EMF File Parsing Out-Of-Bounds Read Information Dis ...)
+	TODO: check
+CVE-2024-27329 (PDF-XChange Editor XPS File Parsing Out-Of-Bounds Read Information Dis ...)
+	TODO: check
+CVE-2024-27328 (PDF-XChange Editor EMF File Parsing Out-Of-Bounds Read Information Dis ...)
+	TODO: check
+CVE-2024-27327 (PDF-XChange Editor PDF File Parsing Out-Of-Bounds Write Remote Code Ex ...)
+	TODO: check
+CVE-2024-27326 (PDF-XChange Editor XPS File Parsing Out-Of-Bounds Read Information Dis ...)
+	TODO: check
+CVE-2024-27325 (PDF-XChange Editor EMF File Parsing Out-Of-Bounds Read Information Dis ...)
+	TODO: check
+CVE-2024-27324 (PDF-XChange Editor TIF File Parsing Out-Of-Bounds Read Information Dis ...)
+	TODO: check
+CVE-2024-27323 (PDF-XChange Editor Updater Improper Certificate Validation Remote Code ...)
+	TODO: check
+CVE-2024-26684 (In the Linux kernel, the following vulnerability has been resolved:  n ...)
+	TODO: check
+CVE-2024-26683 (In the Linux kernel, the following vulnerability has been resolved:  w ...)
+	TODO: check
+CVE-2024-26682 (In the Linux kernel, the following vulnerability has been resolved:  w ...)
+	TODO: check
+CVE-2024-26681 (In the Linux kernel, the following vulnerability has been resolved:  n ...)
+	TODO: check
+CVE-2024-26680 (In the Linux kernel, the following vulnerability has been resolved:  n ...)
+	TODO: check
+CVE-2024-26679 (In the Linux kernel, the following vulnerability has been resolved:  i ...)
+	TODO: check
+CVE-2024-26678 (In the Linux kernel, the following vulnerability has been resolved:  x ...)
+	TODO: check
+CVE-2024-26677 (In the Linux kernel, the following vulnerability has been resolved:  r ...)
+	TODO: check
+CVE-2024-26676 (In the Linux kernel, the following vulnerability has been resolved:  a ...)
+	TODO: check
+CVE-2024-26675 (In the Linux kernel, the following vulnerability has been resolved:  p ...)
+	TODO: check
+CVE-2024-26674 (In the Linux kernel, the following vulnerability has been resolved:  x ...)
+	TODO: check
+CVE-2024-26673 (In the Linux kernel, the following vulnerability has been resolved:  n ...)
+	TODO: check
+CVE-2024-26672 (In the Linux kernel, the following vulnerability has been resolved:  d ...)
+	TODO: check
+CVE-2024-26671 (In the Linux kernel, the following vulnerability has been resolved:  b ...)
+	TODO: check
+CVE-2024-26670 (In the Linux kernel, the following vulnerability has been resolved:  a ...)
+	TODO: check
+CVE-2024-26669 (In the Linux kernel, the following vulnerability has been resolved:  n ...)
+	TODO: check
+CVE-2024-26668 (In the Linux kernel, the following vulnerability has been resolved:  n ...)
+	TODO: check
+CVE-2024-26667 (In the Linux kernel, the following vulnerability has been resolved:  d ...)
+	TODO: check
+CVE-2024-26666 (In the Linux kernel, the following vulnerability has been resolved:  w ...)
+	TODO: check
+CVE-2024-26665 (In the Linux kernel, the following vulnerability has been resolved:  t ...)
+	TODO: check
+CVE-2024-26664 (In the Linux kernel, the following vulnerability has been resolved:  h ...)
+	TODO: check
+CVE-2024-26663 (In the Linux kernel, the following vulnerability has been resolved:  t ...)
+	TODO: check
+CVE-2024-26662 (In the Linux kernel, the following vulnerability has been resolved:  d ...)
+	TODO: check
+CVE-2024-26661 (In the Linux kernel, the following vulnerability has been resolved:  d ...)
+	TODO: check
+CVE-2024-26660 (In the Linux kernel, the following vulnerability has been resolved:  d ...)
+	TODO: check
+CVE-2024-26659 (In the Linux kernel, the following vulnerability has been resolved:  x ...)
+	TODO: check
+CVE-2024-26658 (In the Linux kernel, the following vulnerability has been resolved:  b ...)
+	TODO: check
+CVE-2024-26657 (In the Linux kernel, the following vulnerability has been resolved:  d ...)
+	TODO: check
+CVE-2024-26656 (In the Linux kernel, the following vulnerability has been resolved:  d ...)
+	TODO: check
+CVE-2024-25187 (Server Side Request Forgery (SSRF) vulnerability in 71cms v1.0.0, allo ...)
+	TODO: check
+CVE-2024-24581 (in OpenHarmony v4.0.0 and prior versions allow a local attacker arbitr ...)
+	TODO: check
+CVE-2024-23119 (Centreon insertGraphTemplate SQL Injection Remote Code Execution Vulne ...)
+	TODO: check
+CVE-2024-23118 (Centreon updateContactHostCommands SQL Injection Remote Code Execution ...)
+	TODO: check
+CVE-2024-23117 (Centreon updateContactServiceCommands SQL Injection Remote Code Execut ...)
+	TODO: check
+CVE-2024-23116 (Centreon updateLCARelation SQL Injection Remote Code Execution Vulnera ...)
+	TODO: check
+CVE-2024-23115 (Centreon updateGroups SQL Injection Remote Code Execution Vulnerabilit ...)
+	TODO: check
+CVE-2024-22180 (in OpenHarmony v4.0.0 and prior versions allow a local attacker cause  ...)
+	TODO: check
+CVE-2024-22177 (in OpenHarmony v3.2.4 and prior versions allow a local attacker cause  ...)
+	TODO: check
+CVE-2024-22098 (in OpenHarmony v3.2.4 and prior versions allow a local attacker arbitr ...)
+	TODO: check
+CVE-2024-22092 (in OpenHarmony v3.2.4 and prior versions allow a remote attacker bypas ...)
+	TODO: check
+CVE-2024-21834 (in OpenHarmony v3.2.4 and prior versions allow a local attacker cause  ...)
+	TODO: check
+CVE-2024-20854 (Improper handling of insufficient privileges vulnerability in Samsung  ...)
+	TODO: check
+CVE-2024-20853 (Improper verification of intent by broadcast receiver vulnerability in ...)
+	TODO: check
+CVE-2024-20852 (Improper verification of intent by broadcast receiver vulnerability in ...)
+	TODO: check
+CVE-2024-20851 (Improper access control vulnerability in Samsung Data Store prior to v ...)
+	TODO: check
+CVE-2024-20850 (Use of Implicit Intent for Sensitive Communication in Samsung Pay prio ...)
+	TODO: check
+CVE-2024-20849 (Out-of-bound Write vulnerability in chunk parsing implementation of li ...)
+	TODO: check
+CVE-2024-20848 (Out-of-bound Write vulnerability in text parsing implementation of lib ...)
+	TODO: check
+CVE-2024-20847 (Improper Access Control vulnerability in StorageManagerService prior t ...)
+	TODO: check
+CVE-2024-20846 (Out-of-bounds write vulnerability while decoding hcr of libsavsac.so p ...)
+	TODO: check
+CVE-2024-20845 (Out-of-bounds write vulnerability while releasing memory in libsavsac. ...)
+	TODO: check
+CVE-2024-20844 (Out-of-bounds write vulnerability while parsing remaining codewords in ...)
+	TODO: check
+CVE-2024-20843 (Out-of-bound write vulnerability in command parsing implementation of  ...)
+	TODO: check
+CVE-2024-20842 (Improper Input Validation vulnerability in handling apdu of libsec-ril ...)
+	TODO: check
+CVE-2024-20799 (Adobe Experience Manager versions 6.5.19 and earlier are affected by a ...)
+	TODO: check
+CVE-2024-1863 (Sante PACS Server Token Endpoint SQL Injection Remote Code Execution V ...)
+	TODO: check
+CVE-2024-1504 (The SecuPress Free \u2014 WordPress Security plugin for WordPress is v ...)
+	TODO: check
+CVE-2024-1274 (The My Calendar WordPress plugin before 3.4.24 does not sanitise and e ...)
+	TODO: check
+CVE-2024-1179 (TP-Link Omada ER605 DHCPv6 Client Options Stack-based Buffer Overflow  ...)
+	TODO: check
+CVE-2024-0637 (Centreon updateDirectory SQL Injection Remote Code Execution Vulnerabi ...)
+	TODO: check
+CVE-2023-52636 (In the Linux kernel, the following vulnerability has been resolved:  l ...)
+	TODO: check
+CVE-2023-52635 (In the Linux kernel, the following vulnerability has been resolved:  P ...)
+	TODO: check
+CVE-2023-52634 (In the Linux kernel, the following vulnerability has been resolved:  d ...)
+	TODO: check
+CVE-2023-52633 (In the Linux kernel, the following vulnerability has been resolved:  u ...)
+	TODO: check
+CVE-2023-52632 (In the Linux kernel, the following vulnerability has been resolved:  d ...)
+	TODO: check
+CVE-2023-52631 (In the Linux kernel, the following vulnerability has been resolved:  f ...)
+	TODO: check
+CVE-2023-52630 (In the Linux kernel, the following vulnerability has been resolved:  b ...)
+	TODO: check
+CVE-2023-51573 (Voltronic Power ViewPower Pro updateManagerPassword Exposed Dangerous  ...)
+	TODO: check
+CVE-2023-51572 (Voltronic Power ViewPower Pro getMacAddressByIp Command Injection Remo ...)
+	TODO: check
+CVE-2023-51571 (Voltronic Power ViewPower Pro SocketService Missing Authentication Den ...)
+	TODO: check
+CVE-2023-51570 (Voltronic Power ViewPower Pro Deserialization of Untrusted Data Remote ...)
+	TODO: check
 CVE-2024-28219
 	- pillow <unfixed>
 	NOTE: https://pillow.readthedocs.io/en/stable/releasenotes/10.3.0.html#security
@@ -3010,7 +3234,7 @@ CVE-2024-29419 (There is a Cross-site scripting (XSS) vulnerability in the Wirel
 	NOT-FOR-US: TOTOLINK
 CVE-2024-28868 (Umbraco is an ASP.NET content management system. Umbraco 10 prior to 1 ...)
 	NOT-FOR-US: Umbraco
-CVE-2024-28735 (An incorrect access control issue in Unit4 Financials by Coda v.2023Q4 ...)
+CVE-2024-28735 (Unit4 Financials by Coda versions prior to 2023Q4 suffer from an incor ...)
 	NOT-FOR-US: Unit4 Financials by Coda
 CVE-2024-28396 (An issue in MyPrestaModules ordersexport v.6.0.2 and before allows a r ...)
 	NOT-FOR-US: PrestaShop module
@@ -3481,7 +3705,7 @@ CVE-2024-29089 (Improper Neutralization of Input During Web Page Generation ('Cr
 	NOT-FOR-US: WordPress plugin
 CVE-2024-29027 (Parse Server is an open source backend that can be deployed to any inf ...)
 	NOT-FOR-US: Parse Server
-CVE-2024-28734 (Cross Site Scripting vulnerability in Unit4 Financials by Coda v.2024Q ...)
+CVE-2024-28734 (Cross Site Scripting vulnerability in Unit4 Financials by Coda prior t ...)
 	NOT-FOR-US: Unit4 Financials by Coda
 CVE-2024-28595 (SQL Injection vulnerability in Employee Management System v1.0 allows  ...)
 	NOT-FOR-US: Employee Management System
@@ -13646,7 +13870,7 @@ CVE-2024-1312 (A use-after-free flaw was found in the Linux kernel's Memory Mana
 	[bullseye] - linux <not-affected> (Vulnerable code not present)
 	[buster] - linux <not-affected> (Vulnerable code not present)
 	NOTE: https://git.kernel.org/linus/657b5146955eba331e01b9a6ae89ce2e716ba306 (6.5-rc4)
-CVE-2024-1300
+CVE-2024-1300 (A vulnerability in the Eclipse Vert.x toolkit causes a memory leak in  ...)
 	NOT-FOR-US: Eclipse Vertx
 CVE-2024-1066 (An issue has been discovered in GitLab EE affecting all versions from  ...)
 	- gitlab 16.6.7-1
@@ -135441,7 +135665,7 @@ CVE-2022-31631
 	NOTE: PHP Bug: https://bugs.php.net/bug.php?id=81740
 	NOTE: Fixed by: https://github.com/php/php-src/commit/921b6813da3237a83e908998483f46ae3d8bacba (php-8.0.27)
 	NOTE: Improvement: https://github.com/php/php-src/commit/a6a80eefe0413c91acd922bc58590a4db7979af0
-CVE-2022-31630 (In PHP versions prior to 7.4.33, 8.0.25 and 8.2.12, when using imagelo ...)
+CVE-2022-31630 (In PHP versions prior to 7.4.33, 8.0.25 and 8.1.12, when using imagelo ...)
 	{DSA-5277-1}
 	- php8.1 8.1.12-1
 	- php7.4 <removed>



View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/861da87f37247b3a1c731cf0d9cae37a94392e6c

-- 
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/861da87f37247b3a1c731cf0d9cae37a94392e6c
You're receiving this email because of your account on salsa.debian.org.


-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://alioth-lists.debian.net/pipermail/debian-security-tracker-commits/attachments/20240402/6d54f909/attachment.htm>

More information about the debian-security-tracker-commits mailing list