[Git][security-tracker-team/security-tracker][master] automatic update
Salvatore Bonaccorso (@carnil)
carnil at debian.org
Tue Apr 30 21:12:48 BST 2024
Salvatore Bonaccorso pushed to branch master at Debian Security Tracker / security-tracker
Commits:
522a2023 by security tracker role at 2024-04-30T20:12:25+00:00
automatic update
- - - - -
1 changed file:
- data/CVE/list
Changes:
=====================================
data/CVE/list
=====================================
@@ -1,3 +1,113 @@
+CVE-2024-4340 (Passing a heavily nested list to sqlparse.parse() leads to a Denial of ...)
+ TODO: check
+CVE-2024-4337 (Adive Framework 2.0.8, does not sufficiently encode user-controlled in ...)
+ TODO: check
+CVE-2024-4336 (Adive Framework 2.0.8, does not sufficiently encode user-controlled in ...)
+ TODO: check
+CVE-2024-4185 (The Customer Email Verification for WooCommerce plugin for WordPress i ...)
+ TODO: check
+CVE-2024-3746 (The entire parent directory - C:\ScadaPro and its sub-directories and ...)
+ TODO: check
+CVE-2024-3411 (Implementations of IPMI Authenticated sessions does not provide enough ...)
+ TODO: check
+CVE-2024-3072 (The ACF Front End Editor plugin for WordPress is vulnerable to unautho ...)
+ TODO: check
+CVE-2024-34088 (In FRRouting (FRR) through 9.1, it is possible for the get_edge() func ...)
+ TODO: check
+CVE-2024-33832 (OneNav v0.9.35-20240318 was discovered to contain a Server-Side Reques ...)
+ TODO: check
+CVE-2024-33831 (A stored cross-site scripting (XSS) vulnerability in the Advanced Expe ...)
+ TODO: check
+CVE-2024-33465 (Cross Site Scripting vulnerability in MajorDoMo before v.0662e5e allow ...)
+ TODO: check
+CVE-2024-33437 (An issue in CSS Exfil Protection v.1.1.0 allows a remote attacker to o ...)
+ TODO: check
+CVE-2024-33436 (An issue in CSS Exfil Protection v.1.1.0 allows a remote attacker to o ...)
+ TODO: check
+CVE-2024-33383 (Arbitrary File Read vulnerability in novel-plus 4.3.0 and before allow ...)
+ TODO: check
+CVE-2024-33371 (Cross Site Scripting vulnerability in DedeCMS v.5.7.113 allows a remot ...)
+ TODO: check
+CVE-2024-33332 (An issue discovered in SpringBlade 3.7.1 allows attackers to obtain se ...)
+ TODO: check
+CVE-2024-33309 (An issue in TVS Motor Company Limited TVS Connet Android v.4.5.1 and i ...)
+ TODO: check
+CVE-2024-33308 (An issue in TVS Motor Company Limited TVS Connet Android v.4.5.1 and i ...)
+ TODO: check
+CVE-2024-33275 (SQL injection vulnerability in Webbax supernewsletter v.1.4.21 and bef ...)
+ TODO: check
+CVE-2024-33274 (Directory Traversal vulnerability in FME Modules customfields v.2.2.7 ...)
+ TODO: check
+CVE-2024-33273 (SQL injection vulnerability in shipup before v.3.3.0 allows a remote a ...)
+ TODO: check
+CVE-2024-33270 (An issue in FME Modules fileuploads v.2.0.3 and before and fixed in v2 ...)
+ TODO: check
+CVE-2024-33267 (SQL Injection vulnerability in Hero hfheropayment v.1.2.5 and before a ...)
+ TODO: check
+CVE-2024-33103 (An arbitrary file upload vulnerability in the Media Manager component ...)
+ TODO: check
+CVE-2024-33102 (A stored cross-site scripting (XSS) vulnerability in the component /pu ...)
+ TODO: check
+CVE-2024-33101 (A stored cross-site scripting (XSS) vulnerability in the component /ac ...)
+ TODO: check
+CVE-2024-2877 (Vault Enterprise, when configured with performance standby nodes and a ...)
+ TODO: check
+CVE-2024-2663 (The ZD YouTube FLV Player plugin for WordPress is vulnerable to Server ...)
+ TODO: check
+CVE-2024-2617 (A vulnerability exists in the RTU500 that allows for authenticated and ...)
+ TODO: check
+CVE-2024-2378 (A vulnerability exists in the web-authentication component of the SDM6 ...)
+ TODO: check
+CVE-2024-2377 (A vulnerability exists in the too permissive HTTP response header web ...)
+ TODO: check
+CVE-2024-29384 (An issue in CSS Exfil Protection v.1.1.0 allows a remote attacker to o ...)
+ TODO: check
+CVE-2024-29320 (Wallos before 1.15.3 is vulnerable to SQL Injection via the category a ...)
+ TODO: check
+CVE-2024-28716 (An issue in OpenStack Storlets yoga-eom allows a remote attacker to ex ...)
+ TODO: check
+CVE-2024-28269 (ReCrystallize Server 5.10.0.0 allows administrators to upload files to ...)
+ TODO: check
+CVE-2024-26331 (ReCrystallize Server 5.10.0.0 uses a authorization mechanism that reli ...)
+ TODO: check
+CVE-2024-25938 (A use-after-free vulnerability exists in the way Foxit Reader 2024.1.0 ...)
+ TODO: check
+CVE-2024-25648 (A use-after-free vulnerability exists in the way Foxit Reader 2024.1.0 ...)
+ TODO: check
+CVE-2024-25575 (A type confusion vulnerability vulnerability exists in the way Foxit R ...)
+ TODO: check
+CVE-2024-23774 (An issue was discovered in Quest KACE Agent for Windows 12.0.38 and 13 ...)
+ TODO: check
+CVE-2024-23773 (An issue was discovered in Quest KACE Agent for Windows 12.0.38 and 13 ...)
+ TODO: check
+CVE-2024-23772 (An issue was discovered in Quest KACE Agent for Windows 12.0.38 and 13 ...)
+ TODO: check
+CVE-2024-23463 (Anti-tampering protection of the Zscaler Client Connector can be bypas ...)
+ TODO: check
+CVE-2024-22546 (TRENDnet TEW-815DAP 1.0.2.0 is vulnerable to Command Injection via the ...)
+ TODO: check
+CVE-2024-22405 (XADMaster is an objective-C library for archive and file unarchiving a ...)
+ TODO: check
+CVE-2024-1895 (The Event Monster \u2013 Event Management, Tickets Booking, Upcoming E ...)
+ TODO: check
+CVE-2023-50915 (An issue exists in GalaxyClientService.exe in GOG Galaxy (Beta) 2.0.67 ...)
+ TODO: check
+CVE-2023-50914 (A Privilege Escalation issue in the inter-process communication proced ...)
+ TODO: check
+CVE-2023-50059 (An issue ingalxe.com Galxe platform 1.0 allows a remote attacker to ob ...)
+ TODO: check
+CVE-2023-50053 (An issue in Foundation.app Foundation platform 1.0 allows a remote att ...)
+ TODO: check
+CVE-2023-49473 (Shenzhen JF6000 Cloud Media Collaboration Processing Platform firmware ...)
+ TODO: check
+CVE-2023-46304 (modules/Users/models/Module.php in Vtiger CRM 7.5.0 allows a remote au ...)
+ TODO: check
+CVE-2023-45385 (ProQuality pqprintshippinglabels before v.4.15.0 is vulnerable to Dire ...)
+ TODO: check
+CVE-2023-38002 (IBM Storage Scale 5.1.0.0 through 5.1.9.2 could allow an authenticated ...)
+ TODO: check
+CVE-2023-36268 (An issue in The Document Foundation Libreoffice v.7.4.7 allows a remot ...)
+ TODO: check
CVE-2024-29040
- tpm2-tss <unfixed> (bug #1070140)
NOTE: https://github.com/tpm2-software/tpm2-tss/commit/710cd0b6adf3a063f34a8e92da46df7a107d9a99 (4.1.0)
@@ -10898,7 +11008,7 @@ CVE-2023-47430 (Stack-buffer-overflow vulnerability in ReadyMedia (MiniDLNA) v1.
NOTE: https://sourceforge.net/p/minidlna/bugs/361/
NOTE: TiVo support not enabled in the Debian builds
CVE-2024-30205 (In Emacs before 29.3, Org mode considers contents of remote files to b ...)
- {DLA-3801-1}
+ {DLA-3802-1 DLA-3801-1}
- emacs 1:29.3+1-1 (bug #1067630)
[bookworm] - emacs <no-dsa> (Minor issue, will be fixed via point release)
[bullseye] - emacs <no-dsa> (Minor issue, will be fixed via point release)
@@ -10911,7 +11021,7 @@ CVE-2024-30205 (In Emacs before 29.3, Org mode considers contents of remote file
NOTE: https://list.orgmode.org/87o7b3eczr.fsf@bzg.fr/T/#t
NOTE: https://git.savannah.gnu.org/cgit/emacs/org-mode.git/commit/?id=4255d5dcc0657915f90e4fba7e0a5514cced514d (release_9.6.23)
CVE-2024-30204 (In Emacs before 29.3, LaTeX preview is enabled by default for e-mail a ...)
- {DLA-3801-1}
+ {DLA-3802-1 DLA-3801-1}
- emacs 1:29.3+1-1 (bug #1067630)
[bookworm] - emacs <no-dsa> (Minor issue, will be fixed via point release)
[bullseye] - emacs <no-dsa> (Minor issue, will be fixed via point release)
@@ -10924,7 +11034,7 @@ CVE-2024-30204 (In Emacs before 29.3, LaTeX preview is enabled by default for e-
NOTE: org-mode/9.5.2+dfsh-5 dropped all lisp files from the produced binary packages
NOTE: making an empty dependency package only.
CVE-2024-30203 (In Emacs before 29.3, Gnus treats inline MIME contents as trusted.)
- {DLA-3801-1}
+ {DLA-3802-1 DLA-3801-1}
- emacs 1:29.3+1-1 (bug #1067630)
[bookworm] - emacs <no-dsa> (Minor issue, will be fixed via point release)
[bullseye] - emacs <no-dsa> (Minor issue, will be fixed via point release)
@@ -12938,6 +13048,7 @@ CVE-2023-7085 (The Scalable Vector Graphics (SVG) WordPress plugin through 3.4 d
CVE-2023-6821 (The Error Log Viewer by BestWebSoft WordPress plugin before 1.1.3 cont ...)
NOT-FOR-US: WordPress plugin
CVE-2023-41334 (Astropy is a project for astronomy in Python that fosters interoperabi ...)
+ {DLA-3803-1}
- astropy 5.3.3-1
NOTE: https://github.com/astropy/astropy/security/advisories/GHSA-h2x6-5jx5-46hf
NOTE: https://github.com/astropy/astropy/commit/22057d37b1313f5f5a9b5783df0a091d978dccb5 (v5.3.3)
@@ -260177,8 +260288,8 @@ CVE-2020-27480
RESERVED
CVE-2020-27479
RESERVED
-CVE-2020-27478
- RESERVED
+CVE-2020-27478 (Cross Site Scripting vulnerability found in Simplcommerce v.40734964b0 ...)
+ TODO: check
CVE-2020-27477
RESERVED
CVE-2020-27476
@@ -316053,8 +316164,8 @@ CVE-2019-20326 (A heap-based buffer overflow in _cairo_image_surface_create_from
[buster] - gthumb 3:3.6.2-4+deb10u1
NOTE: https://gitlab.gnome.org/GNOME/gthumb/commit/14860321ce3235d420498c4f81f21003d1fb78f4 (3.8.3)
NOTE: https://gitlab.gnome.org/GNOME/gthumb/commit/4faa5ce2358812d23a1147953ee76f59631590ad (master)
-CVE-2020-5200
- RESERVED
+CVE-2020-5200 (Minerbabe through V4.16 ships with SSH host keys baked into the instal ...)
+ TODO: check
CVE-2020-5199
RESERVED
CVE-2020-5198
@@ -321869,16 +321980,16 @@ CVE-2019-19757 (An internal product security audit of Lenovo XClarity Administra
NOT-FOR-US: Lenovo
CVE-2019-19756 (An internal product security audit of Lenovo XClarity Administrator (L ...)
NOT-FOR-US: Lenovo
-CVE-2019-19755
- RESERVED
-CVE-2019-19754
- RESERVED
-CVE-2019-19753
- RESERVED
-CVE-2019-19752
- RESERVED
-CVE-2019-19751
- RESERVED
+CVE-2019-19755 (ethOS through 1.3.3 ships with SSH host keys baked into the installati ...)
+ TODO: check
+CVE-2019-19754 (HiveOS through 0.6-102 at 191212 ships with SSH host keys baked into the ...)
+ TODO: check
+CVE-2019-19753 (SimpleMiningOS through v1259 ships with SSH host keys baked into the i ...)
+ TODO: check
+CVE-2019-19752 (nvOC through 3.2 ships with SSH host keys baked into the installation ...)
+ TODO: check
+CVE-2019-19751 (easyMINE before 2019-12-05 ships with SSH host keys baked into the ins ...)
+ TODO: check
CVE-2019-19750 (minerstat msOS before 2019-10-23 does not have a unique SSH key for ea ...)
NOT-FOR-US: minerstat msOS
CVE-2019-19749
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/522a2023b5ec5a418352bee084e46e73d3cc8c18
--
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/522a2023b5ec5a418352bee084e46e73d3cc8c18
You're receiving this email because of your account on salsa.debian.org.
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://alioth-lists.debian.net/pipermail/debian-security-tracker-commits/attachments/20240430/efbd951e/attachment.htm>
More information about the debian-security-tracker-commits
mailing list