[Git][security-tracker-team/security-tracker][master] automatic update
Salvatore Bonaccorso (@carnil)
carnil at debian.org
Thu Apr 11 21:20:25 BST 2024
Salvatore Bonaccorso pushed to branch master at Debian Security Tracker / security-tracker
Commits:
95461784 by security tracker role at 2024-04-11T20:20:12+00:00
automatic update
- - - - -
1 changed file:
- data/CVE/list
Changes:
=====================================
data/CVE/list
=====================================
@@ -1,3 +1,103 @@
+CVE-2024-3344 (The Otter Blocks \u2013 Gutenberg Blocks, Page Builder for Gutenberg E ...)
+ TODO: check
+CVE-2024-3343 (The Otter Blocks \u2013 Gutenberg Blocks, Page Builder for Gutenberg E ...)
+ TODO: check
+CVE-2024-32112 (Cross-Site Request Forgery (CSRF) vulnerability in Leadinfo leadinfo. ...)
+ TODO: check
+CVE-2024-32109 (Cross-Site Request Forgery (CSRF) vulnerability in Julien Berthelot / ...)
+ TODO: check
+CVE-2024-32108 (Cross-Site Request Forgery (CSRF) vulnerability in Stephanie Leary Con ...)
+ TODO: check
+CVE-2024-32107 (Cross-Site Request Forgery (CSRF) vulnerability in XLPlugins Finale Li ...)
+ TODO: check
+CVE-2024-32106 (Cross-Site Request Forgery (CSRF) vulnerability in WP Compress WP Comp ...)
+ TODO: check
+CVE-2024-32105 (Cross-Site Request Forgery (CSRF) vulnerability in ELEXtensions ELEX W ...)
+ TODO: check
+CVE-2024-32083 (Improper Neutralization of Input During Web Page Generation ('Cross-si ...)
+ TODO: check
+CVE-2024-32080 (Improper Neutralization of Input During Web Page Generation ('Cross-si ...)
+ TODO: check
+CVE-2024-31937 (Improper Neutralization of Input During Web Page Generation ('Cross-si ...)
+ TODO: check
+CVE-2024-31936 (Cross-Site Request Forgery (CSRF) vulnerability in AyeCode Ltd UsersWP ...)
+ TODO: check
+CVE-2024-31935 (Cross-Site Request Forgery (CSRF) vulnerability in BracketSpace Simple ...)
+ TODO: check
+CVE-2024-31934 (Cross-Site Request Forgery (CSRF) vulnerability in Link Whisper Link W ...)
+ TODO: check
+CVE-2024-31932 (Cross-Site Request Forgery (CSRF) vulnerability in CreativeThemes Bloc ...)
+ TODO: check
+CVE-2024-31931 (Improper Neutralization of Input During Web Page Generation ('Cross-si ...)
+ TODO: check
+CVE-2024-31930 (Improper Neutralization of Input During Web Page Generation ('Cross-si ...)
+ TODO: check
+CVE-2024-31929 (Improper Neutralization of Input During Web Page Generation ('Cross-si ...)
+ TODO: check
+CVE-2024-31928 (Improper Neutralization of Input During Web Page Generation ('Cross-si ...)
+ TODO: check
+CVE-2024-31927 (Improper Neutralization of Input During Web Page Generation ('Cross-si ...)
+ TODO: check
+CVE-2024-31926 (Improper Neutralization of Input During Web Page Generation ('Cross-si ...)
+ TODO: check
+CVE-2024-31925 (Improper Neutralization of Input During Web Page Generation ('Cross-si ...)
+ TODO: check
+CVE-2024-31861 (Improper Control of Generation of Code ('Code Injection') vulnerabilit ...)
+ TODO: check
+CVE-2024-31678 (Sourcecodester Loan Management System v1.0 is vulnerable to SQL Inject ...)
+ TODO: check
+CVE-2024-31387 (Improper Neutralization of Input During Web Page Generation ('Cross-si ...)
+ TODO: check
+CVE-2024-31361 (Improper Neutralization of Input During Web Page Generation ('Cross-si ...)
+ TODO: check
+CVE-2024-31285 (Cross-Site Request Forgery (CSRF) vulnerability in Tooltip WordPress T ...)
+ TODO: check
+CVE-2024-30273 (Illustrator versions 28.3, 27.9.2 and earlier are affected by a Stack- ...)
+ TODO: check
+CVE-2024-30272 (Illustrator versions 28.3, 27.9.2 and earlier are affected by an out-o ...)
+ TODO: check
+CVE-2024-30271 (Illustrator versions 28.3, 27.9.2 and earlier are affected by an out-o ...)
+ TODO: check
+CVE-2024-29454 (An issue discovered in packages or nodes in ROS2 Humble Hawksbill with ...)
+ TODO: check
+CVE-2024-25852 (Linksys RE7000 v2.0.9, v2.0.11, and v2.0.15 have a command execution v ...)
+ TODO: check
+CVE-2024-22722 (Server Side Template Injection (SSTI) vulnerability in Form Tools 3.1. ...)
+ TODO: check
+CVE-2024-22721 (Cross Site Request Forgery (CSRF) vulnerability in Form Tools 3.1.1 al ...)
+ TODO: check
+CVE-2024-22719 (SQL Injection vulnerability in Form Tools 3.1.1 allows attackers to ru ...)
+ TODO: check
+CVE-2024-22718 (Cross Site Scripting (XSS) vulnerability in Form Tools 3.1.1 allows at ...)
+ TODO: check
+CVE-2024-22717 (Cross Site Scripting (XSS) vulnerability in Form Tools 3.1.1 allows at ...)
+ TODO: check
+CVE-2024-20798 (Illustrator versions 28.3, 27.9.2 and earlier are affected by an out-o ...)
+ TODO: check
+CVE-2024-20797 (Animate versions 23.0.4, 24.0.1 and earlier are affected by an out-of- ...)
+ TODO: check
+CVE-2024-20796 (Animate versions 23.0.4, 24.0.1 and earlier are affected by an out-of- ...)
+ TODO: check
+CVE-2024-20795 (Animate versions 23.0.4, 24.0.1 and earlier are affected by an Integer ...)
+ TODO: check
+CVE-2024-20794 (Animate versions 23.0.4, 24.0.1 and earlier are affected by a NULL Poi ...)
+ TODO: check
+CVE-2024-20771 (Bridge versions 13.0.6, 14.0.2 and earlier are affected by an out-of-b ...)
+ TODO: check
+CVE-2024-0881 (The Post Grid, Form Maker, Popup Maker, WooCommerce Blocks, Post Block ...)
+ TODO: check
+CVE-2023-5394 (Server receiving a malformed message that where the GCL message hostna ...)
+ TODO: check
+CVE-2023-5393 (Server receiving a malformed message that causes a disconnect to a hos ...)
+ TODO: check
+CVE-2023-5392 (C300 information leak due to an analysis feature which allows extracti ...)
+ TODO: check
+CVE-2023-50949 (IBM QRadar SIEM 7.5 could allow an unauthorized user to perform unauth ...)
+ TODO: check
+CVE-2023-32295 (Missing Authorization vulnerability in Alex Tselegidis Easy!Appointmen ...)
+ TODO: check
+CVE-2023-32228 (A firmware bug which may lead to misinterpretation of data in the AMC2 ...)
+ TODO: check
CVE-2024-3092
- gitlab <unfixed>
CVE-2024-2279
@@ -134,10 +234,12 @@ CVE-2024-3567 (A flaw was found in QEMU. An assertion failure was present in the
CVE-2024-3566 (A command inject vulnerability allows an attacker to perform command i ...)
TODO: check
CVE-2024-3516 (Heap buffer overflow in ANGLE in Google Chrome prior to 123.0.6312.122 ...)
+ {DSA-5656-1}
- chromium 123.0.6312.122-1
[bullseye] - chromium <end-of-life> (see #1061268)
[buster] - chromium <end-of-life> (see DSA 5046)
CVE-2024-3515 (Use after free in Dawn in Google Chrome prior to 123.0.6312.122 allowe ...)
+ {DSA-5656-1}
- chromium 123.0.6312.122-1
[bullseye] - chromium <end-of-life> (see #1061268)
[buster] - chromium <end-of-life> (see DSA 5046)
@@ -160,6 +262,7 @@ CVE-2024-3382 (A memory leak exists in Palo Alto Networks PAN-OS software that e
CVE-2024-3283 (A vulnerability in mintplex-labs/anything-llm allows users with manage ...)
NOT-FOR-US: anything-llm
CVE-2024-3157 (Out of bounds memory access in Compositing in Google Chrome prior to 1 ...)
+ {DSA-5656-1}
- chromium 123.0.6312.122-1
[bullseye] - chromium <end-of-life> (see #1061268)
[buster] - chromium <end-of-life> (see DSA 5046)
@@ -317,7 +420,7 @@ CVE-2024-23080 (Joda Time v2.12.5 was discovered to contain a NullPointerExcepti
NOT-FOR-US: Joda Time
CVE-2024-23077 (JFreeChart v1.5.4 was discovered to be vulnerable to ArrayIndexOutOfBo ...)
- libjfreechart-java <unfixed>
-CVE-2024-23076 (FreeChart v1.5.4 was discovered to contain a NullPointerException via ...)
+CVE-2024-23076 (JFreeChart v1.5.4 was discovered to contain a NullPointerException via ...)
- libjfreechart-java <unfixed>
CVE-2024-20780 (Adobe Experience Manager versions 6.5.19 and earlier are affected by a ...)
NOT-FOR-US: Adobe
@@ -803,7 +906,8 @@ CVE-2024-2918 (Improper input validation in PAM JIT elevation feature in Devolut
NOT-FOR-US: Devolutions
CVE-2024-2871 (The Media Library Assistant plugin for WordPress is vulnerable to SQL ...)
NOT-FOR-US: WordPress plugin
-CVE-2024-2866 (The Gutenberg Blocks by Kadence Blocks \u2013 Page Builder Features pl ...)
+CVE-2024-2866
+ REJECTED
NOT-FOR-US: WordPress plugin
CVE-2024-2847 (The WordPress File Upload plugin for WordPress is vulnerable to Stored ...)
NOT-FOR-US: WordPress plugin
@@ -6280,7 +6384,7 @@ CVE-2024-27280 [Buffer overread vulnerability in StringIO]
- ruby2.5 <removed>
NOTE: https://www.ruby-lang.org/en/news/2024/03/21/buffer-overread-cve-2024-27280/
TODO: check details
-CVE-2024-30161 (In Qt before 6.5.6 and 6.6.x before 6.6.3, the wasm component may acce ...)
+CVE-2024-30161 (In Qt 6.5.4, 6.5.5, and 6.6.2, QNetworkReply header data might be acce ...)
- qt6-base <not-affected> (wasm target not built/buildable with Debian package, see bug #1068454)
- qtbase-opensource-src <not-affected> (Only affects Qt6)
- qtbase-opensource-src-gles <not-affected> (Only affects Qt6)
@@ -23555,9 +23659,9 @@ CVE-2024-20699 (Windows Hyper-V Denial of Service Vulnerability)
NOT-FOR-US: Microsoft
CVE-2024-20698 (Windows Kernel Elevation of Privilege Vulnerability)
NOT-FOR-US: Microsoft
-CVE-2024-20697 (Windows Libarchive Remote Code Execution Vulnerability)
+CVE-2024-20697 (Windows libarchive Remote Code Execution Vulnerability)
NOT-FOR-US: Microsoft
-CVE-2024-20696 (Windows Libarchive Remote Code Execution Vulnerability)
+CVE-2024-20696 (Windows libarchive Remote Code Execution Vulnerability)
NOT-FOR-US: Microsoft
CVE-2024-20694 (Windows CoreMessaging Information Disclosure Vulnerability)
NOT-FOR-US: Microsoft
@@ -65514,8 +65618,7 @@ CVE-2023-29485 (An issue was discovered in Heimdal Thor agent versions 3.4.2 and
NOT-FOR-US: Heimdal Thor
CVE-2023-29484 (In Terminalfour before 8.3.16, misconfigured LDAP users are able to lo ...)
NOT-FOR-US: Terminalfour
-CVE-2023-29483
- RESERVED
+CVE-2023-29483 (eventlet before 0.35.2, as used in dnspython before 2.6.0, allows remo ...)
- dnspython 2.6.0-1
[bookworm] - dnspython <ignored> (Minor issue)
[bullseye] - dnspython <ignored> (Minor issue)
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/95461784ac2d163d68083655eb02777ee53c37ab
--
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/95461784ac2d163d68083655eb02777ee53c37ab
You're receiving this email because of your account on salsa.debian.org.
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://alioth-lists.debian.net/pipermail/debian-security-tracker-commits/attachments/20240411/3c780c24/attachment-0001.htm>
More information about the debian-security-tracker-commits
mailing list