[Git][security-tracker-team/security-tracker][master] automatic update
Salvatore Bonaccorso (@carnil)
carnil at debian.org
Wed Apr 3 09:11:53 BST 2024
Salvatore Bonaccorso pushed to branch master at Debian Security Tracker / security-tracker
Commits:
cbf589b9 by security tracker role at 2024-04-03T08:11:40+00:00
automatic update
- - - - -
1 changed file:
- data/CVE/list
Changes:
=====================================
data/CVE/list
=====================================
@@ -1,3 +1,159 @@
+CVE-2024-3248 (In Xpdf 4.05 (and earlier), a PDF object loop in the attachments leads ...)
+ TODO: check
+CVE-2024-3247 (In Xpdf 4.05 (and earlier), a PDF object loop in an object stream lead ...)
+ TODO: check
+CVE-2024-3227 (A vulnerability was found in Panwei eoffice OA up to 9.5. It has been ...)
+ TODO: check
+CVE-2024-3226 (A vulnerability was found in Campcodes Online Patient Record Managemen ...)
+ TODO: check
+CVE-2024-3225 (A vulnerability was found in SourceCodester PHP Task Management System ...)
+ TODO: check
+CVE-2024-3224 (A vulnerability has been found in SourceCodester PHP Task Management S ...)
+ TODO: check
+CVE-2024-3223 (A vulnerability, which was classified as critical, was found in Source ...)
+ TODO: check
+CVE-2024-3222 (A vulnerability, which was classified as critical, has been found in S ...)
+ TODO: check
+CVE-2024-3221 (A vulnerability classified as critical was found in SourceCodester PHP ...)
+ TODO: check
+CVE-2024-3218 (A vulnerability classified as critical has been found in Shibang Commu ...)
+ TODO: check
+CVE-2024-3209 (A vulnerability was found in UPX up to 4.2.2. It has been rated as cri ...)
+ TODO: check
+CVE-2024-3207 (A vulnerability was found in ermig1979 Simd up to 6.0.134. It has been ...)
+ TODO: check
+CVE-2024-3205 (A vulnerability was found in yaml libyaml up to 0.2.5 and classified a ...)
+ TODO: check
+CVE-2024-3204 (A vulnerability has been found in c-blosc2 up to 2.13.2 and classified ...)
+ TODO: check
+CVE-2024-3203 (A vulnerability, which was classified as critical, was found in c-blos ...)
+ TODO: check
+CVE-2024-3202 (A vulnerability, which was classified as problematic, has been found i ...)
+ TODO: check
+CVE-2024-3162 (The Jeg Elementor Kit plugin for WordPress is vulnerable to Stored Cro ...)
+ TODO: check
+CVE-2024-31013 (Cross Site Scripting (XSS) vulnerability in emlog version Pro 2.3, all ...)
+ TODO: check
+CVE-2024-31012 (An issue was discovered in SEMCMS v.4.8, allows remote attackers to ex ...)
+ TODO: check
+CVE-2024-31011 (Arbitrary file write vulnerability in beescms v.4.0, allows a remote a ...)
+ TODO: check
+CVE-2024-31010 (SQL injection vulnerability in SEMCMS v.4.8, allows a remote attacker ...)
+ TODO: check
+CVE-2024-31009 (SQL injection vulnerability in SEMCMS v.4.8, allows a remote attacker ...)
+ TODO: check
+CVE-2024-31008 (An issue was discovered in WUZHICMS version 4.1.0, allows an attacker ...)
+ TODO: check
+CVE-2024-30998 (SQL Injection vulnerability in PHPGurukul Men Salon Management System ...)
+ TODO: check
+CVE-2024-30371 (Foxit PDF Reader AcroForm Use-After-Free Remote Code Execution Vulnera ...)
+ TODO: check
+CVE-2024-30370 (RARLAB WinRAR Mark-Of-The-Web Bypass Vulnerability. This vulnerability ...)
+ TODO: check
+CVE-2024-30367 (Foxit PDF Reader AcroForm Use-After-Free Remote Code Execution Vulnera ...)
+ TODO: check
+CVE-2024-30365 (Foxit PDF Reader AcroForm Use-After-Free Remote Code Execution Vulnera ...)
+ TODO: check
+CVE-2024-30364 (Foxit PDF Reader U3D File Parsing Out-Of-Bounds Read Information Discl ...)
+ TODO: check
+CVE-2024-30363 (Foxit PDF Reader U3D File Parsing Out-Of-Bounds Read Information Discl ...)
+ TODO: check
+CVE-2024-30362 (Foxit PDF Reader PDF File Parsing Use-After-Free Remote Code Execution ...)
+ TODO: check
+CVE-2024-30361 (Foxit PDF Reader AcroForm Use-After-Free Remote Code Execution Vulnera ...)
+ TODO: check
+CVE-2024-30360 (Foxit PDF Reader AcroForm Use-After-Free Remote Code Execution Vulnera ...)
+ TODO: check
+CVE-2024-30359 (Foxit PDF Reader AcroForm 3D Out-Of-Bounds Read Remote Code Execution ...)
+ TODO: check
+CVE-2024-30358 (Foxit PDF Reader AcroForm User-After-Free Remote Code Execution Vulner ...)
+ TODO: check
+CVE-2024-30357 (Foxit PDF Reader AcroForm Annotation Type Confusion Remote Code Execut ...)
+ TODO: check
+CVE-2024-30356 (Foxit PDF Reader AcroForm Out-Of-Bounds Read Information Disclosure Vu ...)
+ TODO: check
+CVE-2024-30355 (Foxit PDF Reader AcroForm Out-Of-Bounds Write Remote Code Execution Vu ...)
+ TODO: check
+CVE-2024-30354 (Foxit PDF Reader AcroForm Use-After-Free Remote Code Execution Vulnera ...)
+ TODO: check
+CVE-2024-30353 (Foxit PDF Reader AcroForm Out-Of-Bounds Read Remote Code Execution Vul ...)
+ TODO: check
+CVE-2024-30352 (Foxit PDF Reader AcroForm Use-After-Free Remote Code Execution Vulnera ...)
+ TODO: check
+CVE-2024-30351 (Foxit PDF Reader AcroForm Use-After-Free Remote Code Execution Vulnera ...)
+ TODO: check
+CVE-2024-30350 (Foxit PDF Reader Annotation Out-Of-Bounds Read Information Disclosure ...)
+ TODO: check
+CVE-2024-30349 (Foxit PDF Reader U3D File Parsing Out-Of-Bounds Write Remote Code Exec ...)
+ TODO: check
+CVE-2024-30348 (Foxit PDF Reader U3D File Parsing Out-Of-Bounds Write Remote Code Exec ...)
+ TODO: check
+CVE-2024-30347 (Foxit PDF Reader U3D File Parsing Out-Of-Bounds Read Information Discl ...)
+ TODO: check
+CVE-2024-30346 (Foxit PDF Reader AcroForm Use-After-Free Remote Code Execution Vulnera ...)
+ TODO: check
+CVE-2024-30345 (Foxit PDF Reader AcroForm Use-After-Free Remote Code Execution Vulnera ...)
+ TODO: check
+CVE-2024-30344 (Foxit PDF Reader AcroForm Use-After-Free Remote Code Execution Vulnera ...)
+ TODO: check
+CVE-2024-30343 (Foxit PDF Reader Annotation Use-After-Free Remote Code Execution Vulne ...)
+ TODO: check
+CVE-2024-30342 (Foxit PDF Reader Annotation Use-After-Free Remote Code Execution Vulne ...)
+ TODO: check
+CVE-2024-30341 (Foxit PDF Reader Doc Object Out-Of-Bounds Read Remote Code Execution V ...)
+ TODO: check
+CVE-2024-30340 (Foxit PDF Reader Annotation Out-Of-Bounds Read Information Disclosure ...)
+ TODO: check
+CVE-2024-30339 (Foxit PDF Reader AcroForm Use-After-Free Remote Code Execution Vulnera ...)
+ TODO: check
+CVE-2024-30338 (Foxit PDF Reader Doc Object Use-After-Free Remote Code Execution Vulne ...)
+ TODO: check
+CVE-2024-30337 (Foxit PDF Reader AcroForm Use-After-Free Remote Code Execution Vulnera ...)
+ TODO: check
+CVE-2024-30336 (Foxit PDF Reader AcroForm Use-After-Free Remote Code Execution Vulnera ...)
+ TODO: check
+CVE-2024-30166 (In Mbed TLS 3.3.0 through 3.5.2 before 3.6.0, a malicious client can c ...)
+ TODO: check
+CVE-2024-2879 (The LayerSlider plugin for WordPress is vulnerable to SQL Injection vi ...)
+ TODO: check
+CVE-2024-2322 (The WooCommerce Cart Abandonment Recovery WordPress plugin before 1.2. ...)
+ TODO: check
+CVE-2024-29734 (Uncontrolled search path element issue exists in SonicDICOM Media View ...)
+ TODO: check
+CVE-2024-29434 (An issue in the system image upload interface of Alldata v0.4.6 allows ...)
+ TODO: check
+CVE-2024-29432 (Alldata v0.4.6 was discovered to contain a SQL injection vulnerability ...)
+ TODO: check
+CVE-2024-28836 (An issue was discovered in Mbed TLS 3.5.x before 3.6.0. When negotiati ...)
+ TODO: check
+CVE-2024-28755 (An issue was discovered in Mbed TLS 3.5.x before 3.6.0. When an SSL co ...)
+ TODO: check
+CVE-2024-28589 (An issue was discovered in Axigen Mail Server for Windows versions 10. ...)
+ TODO: check
+CVE-2024-28515 (Buffer Overflow vulnerability in CSAPP_Lab CSAPP Lab3 15-213 Fall 20xx ...)
+ TODO: check
+CVE-2024-27605 (Alldata V0.4.6 is vulnerable to Insecure Permissions. Using users (tes ...)
+ TODO: check
+CVE-2024-27604 (Alldata V0.4.6 is vulnerable to Command execution vulnerability. Syste ...)
+ TODO: check
+CVE-2024-27602 (Alldata V0.4.6 is vulnerable to Incorrect Access Control. A total of m ...)
+ TODO: check
+CVE-2024-26495 (Cross Site Scripting (XSS) vulnerability in Friendica versions after v ...)
+ TODO: check
+CVE-2024-25864 (Server Side Request Forgery (SSRF) vulnerability in Friendica versions ...)
+ TODO: check
+CVE-2024-25075 (An issue was discovered in Softing uaToolkit Embedded before 1.41.1. W ...)
+ TODO: check
+CVE-2024-24724 (Gibbon through 26.0.00 allows /modules/School%20Admin/messengerSetting ...)
+ TODO: check
+CVE-2024-24506 (Cross Site Scripting (XSS) vulnerability in Lime Survey Community Edit ...)
+ TODO: check
+CVE-2024-1327 (The Jeg Elementor Kit plugin for WordPress is vulnerable to Stored Cro ...)
+ TODO: check
+CVE-2023-35764 (Insufficient verification of data authenticity issue in Survey Maker p ...)
+ TODO: check
+CVE-2023-34423 (Survey Maker prior to 3.6.4 contains a stored cross-site scripting vul ...)
+ TODO: check
CVE-2024-3159
- chromium 123.0.6312.105-1
[bullseye] - chromium <end-of-life> (see #1061268)
@@ -398,7 +554,7 @@ CVE-2023-51571 (Voltronic Power ViewPower Pro SocketService Missing Authenticati
NOT-FOR-US: Voltronic Power ViewPower Pro
CVE-2023-51570 (Voltronic Power ViewPower Pro Deserialization of Untrusted Data Remote ...)
NOT-FOR-US: Voltronic Power ViewPower Pro
-CVE-2024-28219
+CVE-2024-28219 (In _imagingcms.c in Pillow before 10.3.0, a buffer overflow exists bec ...)
- pillow 10.3.0-1
NOTE: https://pillow.readthedocs.io/en/stable/releasenotes/10.3.0.html#security
NOTE: https://github.com/python-pillow/Pillow/commit/2a93aba5cfcf6e241ab4f9392c13e3b74032c061 (10.3.0)
@@ -93577,7 +93733,7 @@ CVE-2022-45869 (A race condition in the x86 KVM subsystem in the Linux kernel th
[bullseye] - linux <not-affected> (Vulnerable code not present)
[buster] - linux <not-affected> (Vulnerable code not present)
NOTE: https://git.kernel.org/linus/47b0c2e4c220f2251fd8dcfbb44479819c715e15 (6.1-rc7)
-CVE-2022-45868 (The web-based admin console in H2 Database Engine through 2.1.214 can ...)
+CVE-2022-45868 (The web-based admin console in H2 Database Engine before 2.2.220 can b ...)
- h2database <unfixed> (unimportant)
NOTE: Not cosidered a vulnerability of H2 Console by vendor. Passwords should never be
NOTE: passed on the command line.
@@ -219744,8 +219900,8 @@ CVE-2021-27314 (SQL injection in admin.php in doctor appointment system 1.0 allo
NOT-FOR-US: doctor appointment system
CVE-2021-27313
RESERVED
-CVE-2021-27312
- RESERVED
+CVE-2021-27312 (Server Side Request Forgery (SSRF) vulnerability in Gleez Cms 1.2.0, a ...)
+ TODO: check
CVE-2021-27311
RESERVED
CVE-2021-27310 (Clansphere CMS 2011.4 allows unauthenticated reflected XSS via "langua ...)
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/cbf589b9f2d69e919a1adbe174d21db640a3085c
--
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/cbf589b9f2d69e919a1adbe174d21db640a3085c
You're receiving this email because of your account on salsa.debian.org.
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://alioth-lists.debian.net/pipermail/debian-security-tracker-commits/attachments/20240403/32984564/attachment.htm>
More information about the debian-security-tracker-commits
mailing list