[Git][security-tracker-team/security-tracker][master] automatic update

Mon Apr 15 21:12:16 BST 2024


Salvatore Bonaccorso pushed to branch master at Debian Security Tracker / security-tracker


Commits:
bb6d802e by security tracker role at 2024-04-15T20:11:56+00:00
automatic update

- - - - -


1 changed file:

- data/CVE/list


Changes:

=====================================
data/CVE/list
=====================================
@@ -1,3 +1,255 @@
+CVE-2024-3804 (A vulnerability, which was classified as critical, has been found in V ...)
+	TODO: check
+CVE-2024-3803 (A vulnerability classified as critical was found in Vesystem Cloud Des ...)
+	TODO: check
+CVE-2024-3802 (Vulnerabilities in Celeste 22.x was vulnerable to takeover from unauth ...)
+	TODO: check
+CVE-2024-3797 (A vulnerability was found in SourceCodester QR Code Bookmark System 1. ...)
+	TODO: check
+CVE-2024-3796 (Vulnerability in WBSAirback 21.02.04, which consists of a stored Cross ...)
+	TODO: check
+CVE-2024-3795 (Vulnerability in WBSAirback 21.02.04, which consists of a stored Cross ...)
+	TODO: check
+CVE-2024-3794 (Vulnerability in WBSAirback 21.02.04, which consists of a stored Cross ...)
+	TODO: check
+CVE-2024-3793 (Vulnerability in WBSAirback 21.02.04, which consists of a stored Cross ...)
+	TODO: check
+CVE-2024-3792 (Vulnerability in WBSAirback 21.02.04, which consists of a stored Cross ...)
+	TODO: check
+CVE-2024-3791 (Vulnerability in WBSAirback 21.02.04, which consists of a stored Cross ...)
+	TODO: check
+CVE-2024-3790 (Vulnerability in WBSAirback 21.02.04, which consists of a stored Cross ...)
+	TODO: check
+CVE-2024-3789 (Uncontrolled resource consumption vulnerability in White Bear Solution ...)
+	TODO: check
+CVE-2024-3788 (Vulnerability in WBSAirback 21.02.04, which involves improper neutrali ...)
+	TODO: check
+CVE-2024-3787 (Vulnerability in WBSAirback 21.02.04, which involves improper neutrali ...)
+	TODO: check
+CVE-2024-3786 (Vulnerability in WBSAirback 21.02.04, which involves improper neutrali ...)
+	TODO: check
+CVE-2024-3785 (Vulnerability in WBSAirback 21.02.04, which involves improper neutrali ...)
+	TODO: check
+CVE-2024-3784 (Vulnerability in WBSAirback 21.02.04, which involves improper neutrali ...)
+	TODO: check
+CVE-2024-3783 (The Backup Agents section in WBSAirback 21.02.04 is affected by a Path ...)
+	TODO: check
+CVE-2024-3782 (Cross-Site Request Forgery vulnerability in WBSAirback 21.02.04, which ...)
+	TODO: check
+CVE-2024-3781 (Command injection vulnerability in the operating system. Improper neut ...)
+	TODO: check
+CVE-2024-3780 (A vulnerability of Information Exposure has been found on Technicolor  ...)
+	TODO: check
+CVE-2024-32437 (Cross-Site Request Forgery (CSRF) vulnerability in impleCode eCommerce ...)
+	TODO: check
+CVE-2024-32436 (Cross-Site Request Forgery (CSRF) vulnerability in Codemenschen Gift V ...)
+	TODO: check
+CVE-2024-32435 (Cross-Site Request Forgery (CSRF) vulnerability in Affieasy Team AffiE ...)
+	TODO: check
+CVE-2024-32434 (Cross-Site Request Forgery (CSRF) vulnerability in Tyche Softwares Ord ...)
+	TODO: check
+CVE-2024-32433 (Cross-Site Request Forgery (CSRF) vulnerability in Themefic BEAF.This  ...)
+	TODO: check
+CVE-2024-32141 (Cross-Site Request Forgery (CSRF) vulnerability in Libsyn Libsyn Publi ...)
+	TODO: check
+CVE-2024-32129 (URL Redirection to Untrusted Site ('Open Redirect') vulnerability in F ...)
+	TODO: check
+CVE-2024-32104 (Cross-Site Request Forgery (CSRF) vulnerability in XLPlugins NextMove  ...)
+	TODO: check
+CVE-2024-32103 (Cross-Site Request Forgery (CSRF) vulnerability in Siteimprove.This is ...)
+	TODO: check
+CVE-2024-32102 (Cross-Site Request Forgery (CSRF) vulnerability in Scott Kingsley Clar ...)
+	TODO: check
+CVE-2024-32101 (Cross-Site Request Forgery (CSRF) vulnerability in Omnisend Email Mark ...)
+	TODO: check
+CVE-2024-32099 (Cross-Site Request Forgery (CSRF) vulnerability in James Ward WP Mail  ...)
+	TODO: check
+CVE-2024-32097 (Cross-Site Request Forgery (CSRF) vulnerability in Eyal Fitoussi GEO m ...)
+	TODO: check
+CVE-2024-32096 (Cross-Site Request Forgery (CSRF) vulnerability in DAEV.Tech WP Migrat ...)
+	TODO: check
+CVE-2024-32095 (Cross-Site Request Forgery (CSRF) vulnerability in MultiParcels MultiP ...)
+	TODO: check
+CVE-2024-32094 (Cross-Site Request Forgery (CSRF) vulnerability in ChurchThemes Church ...)
+	TODO: check
+CVE-2024-32093 (Cross-Site Request Forgery (CSRF) vulnerability in Nose Graze Novelist ...)
+	TODO: check
+CVE-2024-32092 (Cross-Site Request Forgery (CSRF) vulnerability in Michael Bester Kimi ...)
+	TODO: check
+CVE-2024-32091 (Cross-Site Request Forgery (CSRF) vulnerability in Tonjoo Sangar Slide ...)
+	TODO: check
+CVE-2024-32090 (Cross-Site Request Forgery (CSRF) vulnerability in Andy Moyle Church A ...)
+	TODO: check
+CVE-2024-32089 (Cross-Site Request Forgery (CSRF) vulnerability in Supsystic Digital P ...)
+	TODO: check
+CVE-2024-32088 (Cross-Site Request Forgery (CSRF) vulnerability in SeedProd Coming Soo ...)
+	TODO: check
+CVE-2024-32085 (Cross-Site Request Forgery (CSRF) vulnerability in AitThemes Citadela  ...)
+	TODO: check
+CVE-2024-32084 (Cross-Site Request Forgery (CSRF) vulnerability in Gold Plugins Before ...)
+	TODO: check
+CVE-2024-32035 (ImageSharp is a 2D graphics API. A vulnerability discovered in the Ima ...)
+	TODO: check
+CVE-2024-31990 (Argo CD is a declarative, GitOps continuous delivery tool for Kubernet ...)
+	TODO: check
+CVE-2024-31942 (Cross-Site Request Forgery (CSRF) vulnerability in Typps Calendarista  ...)
+	TODO: check
+CVE-2024-31941 (Cross-Site Request Forgery (CSRF) vulnerability in CodePeople CP Media ...)
+	TODO: check
+CVE-2024-31940 (Cross-Site Request Forgery (CSRF) vulnerability in RedNao Extra Produc ...)
+	TODO: check
+CVE-2024-31938 (Cross-Site Request Forgery (CSRF) vulnerability in Themeinwp NewsXpres ...)
+	TODO: check
+CVE-2024-31933 (Cross-Site Request Forgery (CSRF) vulnerability in Live Composer Team  ...)
+	TODO: check
+CVE-2024-31923 (Cross-Site Request Forgery (CSRF) vulnerability in PluginOps Feather L ...)
+	TODO: check
+CVE-2024-31922 (Cross-Site Request Forgery (CSRF) vulnerability in Anton Aleksandrov W ...)
+	TODO: check
+CVE-2024-31921 (Cross-Site Request Forgery (CSRF) vulnerability in Etoile Web Design U ...)
+	TODO: check
+CVE-2024-31920 (Cross-Site Request Forgery (CSRF) vulnerability in Tyche Softwares Cur ...)
+	TODO: check
+CVE-2024-31576
+	REJECTED
+CVE-2024-31434 (Cross-Site Request Forgery (CSRF) vulnerability in Stefano Lissa & The ...)
+	TODO: check
+CVE-2024-31433 (Cross-Site Request Forgery (CSRF) vulnerability in The Events Calendar ...)
+	TODO: check
+CVE-2024-31432 (Missing Authorization vulnerability in StellarWP Restrict Content.This ...)
+	TODO: check
+CVE-2024-31431 (Cross-Site Request Forgery (CSRF) vulnerability in Tyche Softwares Pro ...)
+	TODO: check
+CVE-2024-31429 (Cross-Site Request Forgery (CSRF) vulnerability in Blossom Themes Sara ...)
+	TODO: check
+CVE-2024-31428 (Cross-Site Request Forgery (CSRF) vulnerability in Rara Theme The Conf ...)
+	TODO: check
+CVE-2024-31427 (Cross-Site Request Forgery (CSRF) vulnerability in Marker.Io Marker.Io ...)
+	TODO: check
+CVE-2024-31426 (Cross-Site Request Forgery (CSRF) vulnerability in Data443 Inline Rela ...)
+	TODO: check
+CVE-2024-31425 (Cross-Site Request Forgery (CSRF) vulnerability in TMS Amelia.This iss ...)
+	TODO: check
+CVE-2024-31424 (Cross-Site Request Forgery (CSRF) vulnerability in Hamid Alinia - ideh ...)
+	TODO: check
+CVE-2024-31422 (Cross-Site Request Forgery (CSRF) vulnerability in Philippe Bernard Fa ...)
+	TODO: check
+CVE-2024-31421 (Missing Authorization vulnerability in Supsystic Popup by Supsystic.Th ...)
+	TODO: check
+CVE-2024-31389 (Cross-Site Request Forgery (CSRF) vulnerability in Ertano MihanPanel.T ...)
+	TODO: check
+CVE-2024-31388 (Cross-Site Request Forgery (CSRF) vulnerability in Pauple Table & Cont ...)
+	TODO: check
+CVE-2024-31385 (Cross-Site Request Forgery (CSRF) vulnerability in Reservation Diary R ...)
+	TODO: check
+CVE-2024-31384 (Cross-Site Request Forgery (CSRF) vulnerability in Rara Theme Spa and  ...)
+	TODO: check
+CVE-2024-31383 (Cross-Site Request Forgery (CSRF) vulnerability in Pagelayer PopularFX ...)
+	TODO: check
+CVE-2024-31382 (Cross-Site Request Forgery (CSRF) vulnerability in Creative Themes HQ  ...)
+	TODO: check
+CVE-2024-31381 (Cross-Site Request Forgery (CSRF) vulnerability in RebelCode Spotlight ...)
+	TODO: check
+CVE-2024-31379 (Cross-Site Request Forgery (CSRF) vulnerability in Smash Balloon Smash ...)
+	TODO: check
+CVE-2024-31378 (Cross-Site Request Forgery (CSRF) vulnerability in MailMunch MailChimp ...)
+	TODO: check
+CVE-2024-31376 (Cross-Site Request Forgery (CSRF) vulnerability in Andrew Rapps Dashbo ...)
+	TODO: check
+CVE-2024-31374 (Cross-Site Request Forgery (CSRF) vulnerability in AppPresser Team App ...)
+	TODO: check
+CVE-2024-31373 (Cross-Site Request Forgery (CSRF) vulnerability in E2Pdf.This issue af ...)
+	TODO: check
+CVE-2024-31219 (Discourse-reactions is a plugin that allows user to add their reaction ...)
+	TODO: check
+CVE-2024-30840 (A Stack Overflow vulnerability in Tenda AC15 v15.03.05.18 allows attac ...)
+	TODO: check
+CVE-2024-30546 (Cross-Site Request Forgery (CSRF) vulnerability in Pixelite Login With ...)
+	TODO: check
+CVE-2024-30220 (Command injection vulnerability in MZK-MF300N all firmware versions al ...)
+	TODO: check
+CVE-2024-30219 (Active debug code vulnerability exists in MZK-MF300N all firmware vers ...)
+	TODO: check
+CVE-2024-2659 (A command injection vulnerability was identified in SMM/SMM2 and FPC t ...)
+	TODO: check
+CVE-2024-29219 (Out-of-bounds read vulnerability exists in KV STUDIO Ver.11.64 and ear ...)
+	TODO: check
+CVE-2024-29218 (Out-of-bounds write vulnerability exists in KV STUDIO Ver.11.64 and ea ...)
+	TODO: check
+CVE-2024-28957 (Generation of predictable identifiers issue exists in Cente middleware ...)
+	TODO: check
+CVE-2024-28894 (Out-of-bounds read vulnerability caused by improper checking of the op ...)
+	TODO: check
+CVE-2024-28558 (SQL Injection vulnerability in sourcecodester Petrol pump management s ...)
+	TODO: check
+CVE-2024-28557 (SQL Injection vulnerability in Sourcecodester php task management syst ...)
+	TODO: check
+CVE-2024-28556 (SQL Injection vulnerability in Sourcecodester php task management syst ...)
+	TODO: check
+CVE-2024-28099 (VT STUDIO Ver.8.32 and earlier contains an issue with the DLL search p ...)
+	TODO: check
+CVE-2024-28056 (Amazon AWS Amplify CLI before 12.10.1 incorrectly configures the role  ...)
+	TODO: check
+CVE-2024-26023 (OS command injection vulnerability in BUFFALO wireless LAN routers all ...)
+	TODO: check
+CVE-2024-24898 (Exposure of Sensitive Information to an Unauthorized Actor vulnerabili ...)
+	TODO: check
+CVE-2024-24891 (Exposure of Sensitive Information to an Unauthorized Actor vulnerabili ...)
+	TODO: check
+CVE-2024-24487 (An issue discovered in silex technology DS-600 Firmware v.1.4.1 allows ...)
+	TODO: check
+CVE-2024-24486 (An issue discovered in silex technology DS-600 Firmware v.1.4.1 allows ...)
+	TODO: check
+CVE-2024-24485 (An issue discovered in silex technology DS-600 Firmware v.1.4.1 allows ...)
+	TODO: check
+CVE-2024-23911 (Out-of-bounds read vulnerability caused by improper checking of the op ...)
+	TODO: check
+CVE-2024-23594 (A buffer overflow vulnerability was reported  in a system recovery boo ...)
+	TODO: check
+CVE-2024-23593 (A vulnerability was reported  in a system recovery bootloader that was ...)
+	TODO: check
+CVE-2024-23560 (HCL DevOps Deploy / HCL Launch could be vulnerable to incomplete revoc ...)
+	TODO: check
+CVE-2024-23559 (HCL DevOps Deploy / Launch is generating an obsolete HTTP header.)
+	TODO: check
+CVE-2024-23486 (Plaintext storage of a password issue exists in BUFFALO wireless LAN r ...)
+	TODO: check
+CVE-2024-22439 (A potential security vulnerability has been identified in HPE FlexFabr ...)
+	TODO: check
+CVE-2024-22438 (A potential security vulnerability has been identified in Hewlett Pack ...)
+	TODO: check
+CVE-2024-22437 (A potential security vulnerability has been identified in VSS Provider ...)
+	TODO: check
+CVE-2024-22435 (A potential security vulnerability has been identified in Web ViewPoin ...)
+	TODO: check
+CVE-2024-22014 (An issue discovered in 360 Total Security Antivirus through 11.0.0.106 ...)
+	TODO: check
+CVE-2023-4857 (An authentication bypass vulnerability was identified in SMM/SMM2 and  ...)
+	TODO: check
+CVE-2023-4856 (A format string vulnerability was identified in SMM/SMM2 and FPC that  ...)
+	TODO: check
+CVE-2023-4855 (A command injection vulnerability was identified in SMM/SMM2 and FPC t ...)
+	TODO: check
+CVE-2023-48710 (iTop is an IT service management platform.  Files from the `env-produc ...)
+	TODO: check
+CVE-2023-48709 (iTop is an IT service management platform.  When exporting data from b ...)
+	TODO: check
+CVE-2023-47626 (iTop is an IT service management platform.  When displaying/editing th ...)
+	TODO: check
+CVE-2023-47622 (iTop is an IT service management platform.  When dashlet are refreshed ...)
+	TODO: check
+CVE-2023-47123 (iTop is an IT service management platform.  By filling malicious code  ...)
+	TODO: check
+CVE-2023-45808 (iTop is an IT service management platform.  When creating or updating  ...)
+	TODO: check
+CVE-2023-45503 (SQL Injection vulnerability in Macrob7 Macs CMS 1.1.4f, allows remote  ...)
+	TODO: check
+CVE-2023-44396 (iTop is an IT service management platform.  Dashlet edits ajax endpoin ...)
+	TODO: check
+CVE-2023-43790 (iTop is an IT service management platform.  By manipulating HTTP queri ...)
+	TODO: check
+CVE-2023-38511 (iTop is an IT service management platform.  Dashboard editor : can loa ...)
+	TODO: check
 CVE-2024-XXXX [validate a server certificate in a TLS-based server-server connection]
 	- ngircd 27~rc1-1
 	NOTE: https://github.com/ngircd/ngircd/issues/120
@@ -32,7 +284,7 @@ CVE-2024-3766 (A vulnerability, which was classified as problematic, has been fo
 	NOT-FOR-US: slowlyo OwlAdmin
 CVE-2024-3765 (A vulnerability classified as critical was found in Xiongmai AHB7804R- ...)
 	NOT-FOR-US: Xiongmai
-CVE-2024-3764 (A vulnerability classified as problematic has been found in Tuya Camer ...)
+CVE-2024-3764 (** DISPUTED ** A vulnerability classified as problematic has been foun ...)
 	NOT-FOR-US: Tuya Camera
 CVE-2024-3763 (A vulnerability was found in Emlog Pro 2.2.10. It has been rated as pr ...)
 	NOT-FOR-US: Emlog Pro
@@ -517,6 +769,7 @@ CVE-2024-1874
 	NOTE: Only affects improper handling of command line arguments on Windows
 	NOTE: https://github.com/php/php-src/commit/e3c784f2bfb6029b49d27783b2efc87ee6923f79
 CVE-2024-2756
+	{DSA-5661-1 DSA-5660-1}
 	- php8.2 8.2.18-1
 	- php7.4 <removed>
 	- php7.3 <removed>
@@ -524,6 +777,7 @@ CVE-2024-2756
 	NOTE: https://github.com/php/php-src/security/advisories/GHSA-wpj3-hf5j-x4v4
 	NOTE: https://github.com/php/php-src/commit/093c08af25fb323efa0c8e6154aa9fdeae3d3b53
 CVE-2024-3096
+	{DSA-5661-1 DSA-5660-1}
 	- php8.2 8.2.18-1
 	- php7.4 <removed>
 	- php7.3 <removed>
@@ -3995,7 +4249,7 @@ CVE-2023-52637 (In the Linux kernel, the following vulnerability has been resolv
 	[buster] - linux <not-affected> (Vulnerable code not present)
 	NOTE: https://git.kernel.org/linus/efe7cf828039aedb297c1f9920b638fffee6aabc (6.8-rc5)
 CVE-2024-31083 (A use-after-free vulnerability was found in the ProcRenderAddGlyphs()  ...)
-	{DSA-5657-1}
+	{DSA-5657-1 DLA-3787-1}
 	- xorg-server 2:21.1.11-3
 	- xwayland 2:23.2.6-1
 	[bookworm] - xwayland <no-dsa> (Minor issue; Xwayland shouldn't be running as root)
@@ -4010,14 +4264,14 @@ CVE-2024-31082 (A heap-based buffer over-read vulnerability was found in the X.o
 	NOTE: https://lists.x.org/archives/xorg-announce/2024-April/003497.html
 	NOTE: Affects the XQuartz (X11 server and client libraries for macOS) component
 CVE-2024-31081 (A heap-based buffer over-read vulnerability was found in the X.org ser ...)
-	{DSA-5657-1}
+	{DSA-5657-1 DLA-3787-1}
 	- xorg-server 2:21.1.11-3
 	- xwayland 2:23.2.6-1
 	[bookworm] - xwayland <no-dsa> (Minor issue; Xwayland shouldn't be running as root)
 	NOTE: Fixed by: https://gitlab.freedesktop.org/xorg/xserver/-/commit/3e77295f888c67fc7645db5d0c00926a29ffecee
 	NOTE: https://lists.x.org/archives/xorg-announce/2024-April/003497.html
 CVE-2024-31080 (A heap-based buffer over-read vulnerability was found in the X.org ser ...)
-	{DSA-5657-1}
+	{DSA-5657-1 DLA-3787-1}
 	- xorg-server 2:21.1.11-3
 	- xwayland 2:23.2.6-1
 	[bookworm] - xwayland <no-dsa> (Minor issue; Xwayland shouldn't be running as root)
@@ -49365,7 +49619,7 @@ CVE-2023-40224 (MISP 2.4.174 allows XSS in app/View/Events/index.ctp.)
 CVE-2023-40014 (OpenZeppelin Contracts is a library for secure smart contract developm ...)
 	NOT-FOR-US: OpenZeppelin Contracts
 CVE-2023-3824 (In PHP version 8.0.* before 8.0.30, 8.1.* before 8.1.22, and 8.2.* bef ...)
-	{DLA-3555-1}
+	{DSA-5661-1 DSA-5660-1 DLA-3555-1}
 	- php8.2 8.2.10-1 (bug #1043477)
 	[bookworm] - php8.2 <postponed> (Fix along in future update)
 	- php7.4 <removed>
@@ -49374,7 +49628,7 @@ CVE-2023-3824 (In PHP version 8.0.* before 8.0.30, 8.1.* before 8.1.22, and 8.2.
 	NOTE: https://github.com/php/php-src/commit/80316123f3e9dcce8ac419bd9dd43546e2ccb5ef (php-8.0.30)
 	NOTE: Fixed in: 8.0.30, 8.1.22, 8.2.8
 CVE-2023-3823 (In PHP versions 8.0.* before 8.0.30, 8.1.* before 8.1.22, and 8.2.* be ...)
-	{DLA-3555-1}
+	{DSA-5661-1 DSA-5660-1 DLA-3555-1}
 	- php8.2 8.2.10-1 (bug #1043477)
 	[bookworm] - php8.2 <postponed> (Fix along in future update)
 	- php7.4 <removed>



View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/bb6d802efef1bb72588321b178d05abfc9af6cd5

-- 
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/bb6d802efef1bb72588321b178d05abfc9af6cd5
You're receiving this email because of your account on salsa.debian.org.


-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://alioth-lists.debian.net/pipermail/debian-security-tracker-commits/attachments/20240415/f3a5254c/attachment.htm>
