[Git][security-tracker-team/security-tracker][master] automatic update

Salvatore Bonaccorso (@carnil) carnil at debian.org
Thu Apr 18 09:12:00 BST 2024 


Salvatore Bonaccorso pushed to branch master at Debian Security Tracker / security-tracker


Commits:
3fd6e59a by security tracker role at 2024-04-18T08:11:47+00:00
automatic update

- - - - -


1 changed file:

- data/CVE/list


Changes:

=====================================
data/CVE/list
=====================================
@@ -1,3 +1,61 @@
+CVE-2024-3932 (A vulnerability classified as problematic has been found in Totara LMS ...)
+	TODO: check
+CVE-2024-3931 (A vulnerability was found in Totara LMS 18.0.1 Build 20231128.01. It h ...)
+	TODO: check
+CVE-2024-3928 (A vulnerability was found in Dromara open-capacity-platform 2.0.1. It  ...)
+	TODO: check
+CVE-2024-32746 (A cross-site scripting (XSS) vulnerability in the Settings section of  ...)
+	TODO: check
+CVE-2024-32745 (A cross-site scripting (XSS) vulnerability in the Settings section of  ...)
+	TODO: check
+CVE-2024-32744 (A cross-site scripting (XSS) vulnerability in the Settings section of  ...)
+	TODO: check
+CVE-2024-32743 (A cross-site scripting (XSS) vulnerability in the Settings section of  ...)
+	TODO: check
+CVE-2024-32472 (excalidraw is an open source virtual hand-drawn style whiteboard. A st ...)
+	TODO: check
+CVE-2024-32345 (A cross-site scripting (XSS) vulnerability in the Settings menu of CMS ...)
+	TODO: check
+CVE-2024-32344 (A cross-site scripting (XSS) vulnerability in the Settings menu of CMS ...)
+	TODO: check
+CVE-2024-32343 (A cross-site scripting (XSS) vulnerability in the Create Page of Boid  ...)
+	TODO: check
+CVE-2024-32342 (A cross-site scripting (XSS) vulnerability in the Create Page of Boid  ...)
+	TODO: check
+CVE-2024-32341 (Multiple cross-site scripting (XSS) vulnerabilities in the Home page o ...)
+	TODO: check
+CVE-2024-32340 (A cross-site scripting (XSS) vulnerability in the Settings section of  ...)
+	TODO: check
+CVE-2024-32339 (Multiple cross-site scripting (XSS) vulnerabilities in the HOW TO page ...)
+	TODO: check
+CVE-2024-32338 (A cross-site scripting (XSS) vulnerability in the Settings section of  ...)
+	TODO: check
+CVE-2024-32337 (A cross-site scripting (XSS) vulnerability in the Settings section of  ...)
+	TODO: check
+CVE-2024-31869 (Airflow versions 2.7.0 through 2.8.4 have a vulnerability that allows  ...)
+	TODO: check
+CVE-2024-2729 (The Otter Blocks  WordPress plugin before 2.6.6 does not properly esca ...)
+	TODO: check
+CVE-2024-29956 (A vulnerability in Brocade SANnav before v2.3.1 and v2.3.0a prints the ...)
+	TODO: check
+CVE-2024-29955 (A vulnerability in Brocade SANnav before v2.3.1 and v2.3.0a could allo ...)
+	TODO: check
+CVE-2024-29952 (A vulnerability in Brocade SANnav before v2.3.1 and v2.3.0a could allo ...)
+	TODO: check
+CVE-2024-1429 (The Element Pack Elementor Addons (Header Footer, Free Template Librar ...)
+	TODO: check
+CVE-2024-1426 (The Element Pack Elementor Addons (Header Footer, Free Template Librar ...)
+	TODO: check
+CVE-2023-4509 (It is possible for an API key to be logged in clear text in the audit  ...)
+	TODO: check
+CVE-2023-4235 (A flaw was found in ofono, an Open Source Telephony on Linux. A stack  ...)
+	TODO: check
+CVE-2023-4234 (A flaw was found in ofono, an Open Source Telephony on Linux. A stack  ...)
+	TODO: check
+CVE-2023-4233 (A flaw was found in ofono, an Open Source Telephony on Linux. A stack  ...)
+	TODO: check
+CVE-2023-4232 (A flaw was found in ofono, an Open Source Telephony on Linux. A stack  ...)
+	TODO: check
 CVE-2024-3914 (Use after free in V8 in Google Chrome prior to 124.0.6367.60 allowed a ...)
 	- chromium <unfixed>
 	[bullseye] - chromium <end-of-life> (see #1061268)
@@ -11452,7 +11510,7 @@ CVE-2024-24693 (Improper access control in the installer for Zoom Rooms Client f
 CVE-2024-24692 (Race condition in the installer for Zoom Rooms Client for Windows befo ...)
 	NOT-FOR-US: Zoom
 CVE-2024-24549 (Denial of Service due to improper input validation vulnerability for H ...)
-	{DLA-3779-1}
+	{DSA-5665-1 DLA-3779-1}
 	- tomcat10 10.1.20-1 (bug #1066878)
 	- tomcat9 9.0.70-2
 	NOTE: https://lists.apache.org/thread/4c50rmomhbbsdgfjsgwlb51xdwfjdcvg
@@ -11460,7 +11518,7 @@ CVE-2024-24549 (Denial of Service due to improper input validation vulnerability
 	NOTE: https://github.com/apache/tomcat/commit/8e03be9f2698f2da9027d40b9e9c0c9429b74dc0 (9.0.86)
 	NOTE: Starting with 9.0.70-2 Tomcat9 no longer ships the server stack, using that as the fixed version
 CVE-2024-23672 (Denial of Service via incomplete cleanup vulnerability in Apache Tomca ...)
-	{DLA-3779-1}
+	{DSA-5665-1 DLA-3779-1}
 	- tomcat10 10.1.20-1 (bug #1066877)
 	- tomcat9 9.0.70-2
 	NOTE: https://lists.apache.org/thread/cmpswfx6tj4s7x0nxxosvfqs11lvdx2f
@@ -16334,7 +16392,7 @@ CVE-2024-23496 (A heap-based buffer overflow vulnerability exists in the GGUF li
 CVE-2024-22873 (Tencent Blueking CMDB v3.2.x to v3.9.x was discovered to contain a Ser ...)
 	NOT-FOR-US: Tencent Blueking CMDB
 CVE-2024-22201 (Jetty is a Java based web server and servlet engine. An HTTP/2 SSL con ...)
-	{DLA-3780-1}
+	{DSA-5664-1 DLA-3780-1}
 	- jetty9 9.4.54-1 (bug #1064923)
 	NOTE: https://github.com/jetty/jetty.project/security/advisories/GHSA-rggv-cv7r-mw98
 	NOTE: https://github.com/jetty/jetty.project/issues/11256
@@ -34219,7 +34277,7 @@ CVE-2023-40056 (SQL Injection Remote Code Vulnerability was found in the SolarWi
 CVE-2023-34055 (In Spring Boot versions 2.7.0 - 2.7.17, 3.0.0-3.0.12 and 3.1.0-3.1.5,  ...)
 	NOT-FOR-US: Spring Boot
 CVE-2023-46589 (Improper Input Validation vulnerability in Apache Tomcat.Tomcat from 1 ...)
-	{DLA-3707-1}
+	{DSA-5665-1 DLA-3707-1}
 	- tomcat10 10.1.16-1 (bug #1057082)
 	- tomcat9 9.0.70-2
 	[bullseye] - tomcat9 <postponed> (Minor issue, fix along in next DSA)
@@ -122448,7 +122506,7 @@ CVE-2022-38712 ("IBM WebSphere Application Server 7.0, 8.0, 8.5, and 9.0 Web ser
 	NOT-FOR-US: IBM
 CVE-2022-38711
 	RESERVED
-CVE-2022-38710 ("IBM Robotic Process Automation 21.0.1 and 21.0.2 could disclose sensi ...)
+CVE-2022-38710 (IBM Robotic Process Automation 21.0.1 and 21.0.2 could disclose sensit ...)
 	NOT-FOR-US: IBM
 CVE-2022-38709 (IBM Robotic Process Automation 21.0.1, 21.0.2, and 21.0.3 for Cloud Pa ...)
 	NOT-FOR-US: IBM
@@ -243872,7 +243930,7 @@ CVE-2021-20601 (Improper input validation vulnerability in GOT2000 series GT27 m
 	NOT-FOR-US: Mitsubishi
 CVE-2021-20600 (Uncontrolled resource consumption in Mitsubishi Electric MELSEC iQ-R s ...)
 	NOT-FOR-US: Mitsubishi
-CVE-2021-20599 (Cleartext transmission of sensitive information vulnerability in MELSE ...)
+CVE-2021-20599 (Cleartext Transmission of Sensitive InformationCleartext transmission  ...)
 	NOT-FOR-US: Mitsubishi
 CVE-2021-20598 (Overly Restrictive Account Lockout Mechanism vulnerability in Mitsubis ...)
 	NOT-FOR-US: Mitsubishi



View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/3fd6e59affd815d675cb5150d1add8d574b01969

-- 
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/3fd6e59affd815d675cb5150d1add8d574b01969
You're receiving this email because of your account on salsa.debian.org.


-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://alioth-lists.debian.net/pipermail/debian-security-tracker-commits/attachments/20240418/935c306d/attachment.htm>

More information about the debian-security-tracker-commits mailing list