[Git][security-tracker-team/security-tracker][master] automatic update

Salvatore Bonaccorso (@carnil) carnil at debian.org
Thu Aug 29 21:12:55 BST 2024 


Salvatore Bonaccorso pushed to branch master at Debian Security Tracker / security-tracker


Commits:
34d2c913 by security tracker role at 2024-08-29T20:12:27+00:00
automatic update

- - - - -


1 changed file:

- data/CVE/list


Changes:

=====================================
data/CVE/list
=====================================
@@ -1,4 +1,214 @@
-CVE-2021-4442 [tcp: add sanity tests to TCP_QUEUE_SEQ]
+CVE-2024-8304 (A vulnerability has been found in jpress up to 5.1.1 and classified as ...)
+	TODO: check
+CVE-2024-8303 (A vulnerability classified as critical has been found in dingfanzu CMS ...)
+	TODO: check
+CVE-2024-8302 (A vulnerability was found in dingfanzu CMS up to 29d67d9044f6f93378e6e ...)
+	TODO: check
+CVE-2024-8301 (A vulnerability was found in dingfanzu CMS up to 29d67d9044f6f93378e6e ...)
+	TODO: check
+CVE-2024-8297 (A vulnerability was found in kitsada8621 Digital Library Management Sy ...)
+	TODO: check
+CVE-2024-8296 (A vulnerability was found in FeehiCMS up to 2.1.1 and classified as cr ...)
+	TODO: check
+CVE-2024-8295 (A vulnerability has been found in FeehiCMS up to 2.1.1 and classified  ...)
+	TODO: check
+CVE-2024-8294 (A vulnerability, which was classified as critical, was found in FeehiC ...)
+	TODO: check
+CVE-2024-8255 (Delta Electronics DTN Soft version 2.0.1 and prior are vulnerable to a ...)
+	TODO: check
+CVE-2024-7895 (The Beaver Builder \u2013 WordPress Page Builder plugin for WordPress  ...)
+	TODO: check
+CVE-2024-6551 (The GiveWP \u2013 Donation Plugin and Fundraising Platform plugin for  ...)
+	TODO: check
+CVE-2024-5624 (Reflected Cross-Site Scripting (XSS) in Shift Logbook application of B ...)
+	TODO: check
+CVE-2024-5623 (An untrusted search path vulnerability in B&R APROL <= R 4.4-00P3 may  ...)
+	TODO: check
+CVE-2024-5622 (An untrusted search path vulnerability in the AprolConfigureCCServices ...)
+	TODO: check
+CVE-2024-5057 (Improper Neutralization of Special Elements used in an SQL Command ('S ...)
+	TODO: check
+CVE-2024-45056 (zksolc is a Solidity compiler for ZKsync. All LLVM versions since 2015 ...)
+	TODO: check
+CVE-2024-45045 (Collabora Online is a collaborative online office suite based on Libre ...)
+	TODO: check
+CVE-2024-44930 (Serilog before v2.1.0 was discovered to contain a Client IP Spoofing v ...)
+	TODO: check
+CVE-2024-44919 (A cross-site scripting (XSS) vulnerability in the component admin_ads. ...)
+	TODO: check
+CVE-2024-44779 (A reflected cross-site scripting (XSS) vulnerability in the viewname p ...)
+	TODO: check
+CVE-2024-44778 (A reflected cross-site scripting (XSS) vulnerability in the parent par ...)
+	TODO: check
+CVE-2024-44777 (A reflected cross-site scripting (XSS) vulnerability in the tag parame ...)
+	TODO: check
+CVE-2024-44776 (An Open Redirect vulnerability in the page parameter of vTiger CRM v7. ...)
+	TODO: check
+CVE-2024-44717 (A cross-site scripting (XSS) vulnerability in DedeBIZ v6.3.0 allows at ...)
+	TODO: check
+CVE-2024-44716 (A cross-site scripting (XSS) vulnerability in DedeBIZ v6.3.0 allows at ...)
+	TODO: check
+CVE-2024-43986 (Improper Neutralization of Input During Web Page Generation (XSS or 'C ...)
+	TODO: check
+CVE-2024-43965 (Improper Neutralization of Special Elements used in an SQL Command ('S ...)
+	TODO: check
+CVE-2024-43964 (Improper Neutralization of Input During Web Page Generation (XSS or 'C ...)
+	TODO: check
+CVE-2024-43963 (Improper Neutralization of Input During Web Page Generation (XSS or 'C ...)
+	TODO: check
+CVE-2024-43961 (Improper Neutralization of Input During Web Page Generation (XSS or 'C ...)
+	TODO: check
+CVE-2024-43960 (Improper Neutralization of Input During Web Page Generation (XSS or 'C ...)
+	TODO: check
+CVE-2024-43958 (Improper Neutralization of Input During Web Page Generation (XSS or 'C ...)
+	TODO: check
+CVE-2024-43957 (Improper Limitation of a Pathname to a Restricted Directory ('Path Tra ...)
+	TODO: check
+CVE-2024-43955 (Improper Limitation of a Pathname to a Restricted Directory ('Path Tra ...)
+	TODO: check
+CVE-2024-43954 (Incorrect Authorization vulnerability in Themeum Droip allows Accessin ...)
+	TODO: check
+CVE-2024-43953 (Improper Neutralization of Input During Web Page Generation (XSS or 'C ...)
+	TODO: check
+CVE-2024-43952 (Improper Neutralization of Input During Web Page Generation (XSS or 'C ...)
+	TODO: check
+CVE-2024-43951 (Improper Neutralization of Input During Web Page Generation (XSS or 'C ...)
+	TODO: check
+CVE-2024-43950 (Improper Neutralization of Input During Web Page Generation (XSS or 'C ...)
+	TODO: check
+CVE-2024-43949 (Improper Neutralization of Input During Web Page Generation (XSS or 'C ...)
+	TODO: check
+CVE-2024-43948 (Improper Neutralization of Input During Web Page Generation (XSS or 'C ...)
+	TODO: check
+CVE-2024-43947 (Cross-Site Request Forgery (CSRF) vulnerability in Dinesh Karki WP Arm ...)
+	TODO: check
+CVE-2024-43946 (Improper Neutralization of Input During Web Page Generation (XSS or 'C ...)
+	TODO: check
+CVE-2024-43944 (Incorrect Authorization vulnerability in Yassine Idrissi Maintenance & ...)
+	TODO: check
+CVE-2024-43943 (Improper Neutralization of Special Elements used in an SQL Command ('S ...)
+	TODO: check
+CVE-2024-43942 (Improper Neutralization of Special Elements used in an SQL Command ('S ...)
+	TODO: check
+CVE-2024-43941 (Improper Neutralization of Special Elements used in an SQL Command ('S ...)
+	TODO: check
+CVE-2024-43940 (Missing Authorization vulnerability in VIICTORY MEDIA LLC Z Y N I T H  ...)
+	TODO: check
+CVE-2024-43939 (Missing Authorization vulnerability in VIICTORY MEDIA LLC Z Y N I T H  ...)
+	TODO: check
+CVE-2024-43936 (Improper Neutralization of Input During Web Page Generation (XSS or 'C ...)
+	TODO: check
+CVE-2024-43935 (Improper Neutralization of Input During Web Page Generation (XSS or 'C ...)
+	TODO: check
+CVE-2024-43934 (Improper Neutralization of Input During Web Page Generation (XSS or 'C ...)
+	TODO: check
+CVE-2024-43931 (Deserialization of Untrusted Data vulnerability in eyecix JobSearch al ...)
+	TODO: check
+CVE-2024-43926 (Improper Neutralization of Input During Web Page Generation (XSS or 'C ...)
+	TODO: check
+CVE-2024-43922 (Improper Control of Generation of Code ('Code Injection') vulnerabilit ...)
+	TODO: check
+CVE-2024-43921 (Improper Neutralization of Input During Web Page Generation (XSS or 'C ...)
+	TODO: check
+CVE-2024-43920 (Improper Neutralization of Input During Web Page Generation (XSS or 'C ...)
+	TODO: check
+CVE-2024-43918 (Improper Neutralization of Special Elements used in an SQL Command ('S ...)
+	TODO: check
+CVE-2024-43917 (Improper Neutralization of Special Elements used in an SQL Command ('S ...)
+	TODO: check
+CVE-2024-43804 (Roxy-WI is a web interface for managing Haproxy, Nginx, Apache and Kee ...)
+	TODO: check
+CVE-2024-43144 (Improper Neutralization of Special Elements used in an SQL Command ('S ...)
+	TODO: check
+CVE-2024-43132 (Improper Neutralization of Special Elements used in an SQL Command ('S ...)
+	TODO: check
+CVE-2024-41964 (Kirby is a CMS targeting designers and editors. Kirby allows to restri ...)
+	TODO: check
+CVE-2024-41372 (Organizr v1.90 was discovered to contain a SQL injection vulnerability ...)
+	TODO: check
+CVE-2024-41371 (Organizr v1.90 is vulnerable to Cross Site Scripting (XSS) via api.php ...)
+	TODO: check
+CVE-2024-41370 (Organizr v1.90 was discovered to contain a SQL injection vulnerability ...)
+	TODO: check
+CVE-2024-41369 (RPi-Jukebox-RFID v2.7.0 was discovered to contain a remote code execut ...)
+	TODO: check
+CVE-2024-41368 (RPi-Jukebox-RFID v2.7.0 was discovered to contain a remote code execut ...)
+	TODO: check
+CVE-2024-41367 (RPi-Jukebox-RFID v2.7.0 was discovered to contain a remote code execut ...)
+	TODO: check
+CVE-2024-41366 (RPi-Jukebox-RFID v2.7.0 was discovered to contain a remote code execut ...)
+	TODO: check
+CVE-2024-41364 (RPi-Jukebox-RFID v2.7.0 was discovered to contain a remote code execut ...)
+	TODO: check
+CVE-2024-41361 (RPi-Jukebox-RFID v2.7.0 was discovered to contain a remote code execut ...)
+	TODO: check
+CVE-2024-41358 (phpipam 1.6 is vulnerable to Cross Site Scripting (XSS) via app\admin\ ...)
+	TODO: check
+CVE-2024-41351 (bjyadmin commit a560fd5 is vulnerable to Cross Site Scripting (XSS) vi ...)
+	TODO: check
+CVE-2024-41350 (bjyadmin commit a560fd5 is vulnerable to Cross Site Scripting (XSS) vi ...)
+	TODO: check
+CVE-2024-41348 (openflights commit 5234b5b is vulnerable to Cross-Site Scripting (XSS) ...)
+	TODO: check
+CVE-2024-41347 (openflights commit 5234b5b is vulnerable to Cross-Site Scripting (XSS) ...)
+	TODO: check
+CVE-2024-41346 (openflights commit 5234b5b is vulnerable to Cross-Site Scripting (XSS) ...)
+	TODO: check
+CVE-2024-41345 (openflights commit 5234b5b is vulnerable to Cross-Site Scripting (XSS) ...)
+	TODO: check
+CVE-2024-3679 (The Premium SEO Pack \u2013 WP SEO Plugin plugin for WordPress is vuln ...)
+	TODO: check
+CVE-2024-39658 (Improper Neutralization of Special Elements used in an SQL Command ('S ...)
+	TODO: check
+CVE-2024-39653 (Improper Neutralization of Special Elements used in an SQL Command ('S ...)
+	TODO: check
+CVE-2024-39638 (Improper Neutralization of Special Elements used in an SQL Command ('S ...)
+	TODO: check
+CVE-2024-39622 (Improper Neutralization of Special Elements used in an SQL Command ('S ...)
+	TODO: check
+CVE-2024-39620 (Improper Neutralization of Special Elements used in an SQL Command ('S ...)
+	TODO: check
+CVE-2024-38795 (Improper Neutralization of Special Elements used in an SQL Command ('S ...)
+	TODO: check
+CVE-2024-38793 (Improper Neutralization of Special Elements used in an SQL Command ('S ...)
+	TODO: check
+CVE-2024-38693 (Improper Neutralization of Special Elements used in an SQL Command ('S ...)
+	TODO: check
+CVE-2024-35133 (IBM Security Verify Access 10.0.0 through 10.0.8 OIDC Provider could a ...)
+	TODO: check
+CVE-2024-35118 (IBM MaaS360 for Android 6.31 through 8.60 is using hard coded credenti ...)
+	TODO: check
+CVE-2024-34019 (Local privilege escalation due to DLL hijacking vulnerability. The fol ...)
+	TODO: check
+CVE-2024-34018 (Sensitive information disclosure due to insecure folder permissions. T ...)
+	TODO: check
+CVE-2024-34017 (Local privilege escalation due to DLL hijacking vulnerability. The fol ...)
+	TODO: check
+CVE-2024-2541 (The Popup Builder plugin for WordPress is vulnerable to Sensitive Info ...)
+	TODO: check
+CVE-2024-29731 (SQL injection vulnerabilities in SportsNET affecting version 4.0.1. Th ...)
+	TODO: check
+CVE-2024-29730 (SQL injection vulnerabilities in SportsNET affecting version 4.0.1. Th ...)
+	TODO: check
+CVE-2024-29729 (SQL injection vulnerabilities in SportsNET affecting version 4.0.1. Th ...)
+	TODO: check
+CVE-2024-29728 (SQL injection vulnerabilities in SportsNET affecting version 4.0.1. Th ...)
+	TODO: check
+CVE-2024-29727 (SQL injection vulnerabilities in SportsNET affecting version 4.0.1. Th ...)
+	TODO: check
+CVE-2024-29726 (SQL injection vulnerabilities in SportsNET affecting version 4.0.1. Th ...)
+	TODO: check
+CVE-2024-29725 (SQL injection vulnerabilities in SportsNET affecting version 4.0.1. Th ...)
+	TODO: check
+CVE-2024-29724 (SQL injection vulnerabilities in SportsNET affecting version 4.0.1. Th ...)
+	TODO: check
+CVE-2024-29723 (SQL injection vulnerabilities in SportsNET affecting version 4.0.1. Th ...)
+	TODO: check
+CVE-2024-1384 (The Premium Portfolio Features for Phlox theme plugin for WordPress is ...)
+	TODO: check
+CVE-2024-1056 (The FunnelKit Funnel Builder Pro plugin for WordPress is vulnerable to ...)
+	TODO: check
+CVE-2021-4442 (In the Linux kernel, the following vulnerability has been resolved:  t ...)
 	- linux 5.10.24-1
 	NOTE: https://git.kernel.org/linus/8811f4a9836e31c14ecdf79d9f3cb7c5d463265d (5.12-rc3)
 CVE-2024-8250 (NTLMSSP dissector crash in Wireshark 4.2.0 to 4.0.6 and 4.0.0 to 4.0.1 ...)
@@ -13722,6 +13932,7 @@ CVE-2024-29511 (Artifex Ghostscript before 10.03.1, when Tesseract is used for O
 	NOTE: Ghostscript in Debian not compiled with Tesseract support
 	NOTE: Regression (affecting pdf2ps) fix: https://git.ghostscript.com/?p=ghostpdl.git;a=commit;h=638159c43dbb48425a187d244ec288d252d0ecf4 (ghostpdl-10.03.0)
 CVE-2024-29509 (Artifex Ghostscript before 10.03.0 has a heap-based overflow when PDFP ...)
+	{DSA-5760-1}
 	- ghostscript 10.03.0~dfsg-1
 	[bullseye] - ghostscript <not-affected> (Vulnerable code introduced later)
 	NOTE: https://bugs.ghostscript.com/show_bug.cgi?id=707510
@@ -13729,6 +13940,7 @@ CVE-2024-29509 (Artifex Ghostscript before 10.03.0 has a heap-based overflow whe
 	NOTE: Introduced with: https://cgit.ghostscript.com/cgi-bin/cgit.cgi/ghostpdl.git/commit/?id=316c3a08269212f1005709da64efcb383f8f5ce0 (ghostpdl-9.55.0rc1)
 	NOTE: Fixed by: https://cgit.ghostscript.com/cgi-bin/cgit.cgi/ghostpdl.git/commit/?id=917b3a71fb20748965254631199ad98210d6c2fb (ghostpdl-10.03.0)
 CVE-2024-29508 (Artifex Ghostscript before 10.03.0 has a heap-based pointer disclosure ...)
+	{DSA-5760-1}
 	- ghostscript 10.03.0~dfsg-1
 	NOTE: https://bugs.ghostscript.com/show_bug.cgi?id=707510
 	NOTE: https://www.openwall.com/lists/oss-security/2024/07/03/7
@@ -13736,6 +13948,7 @@ CVE-2024-29508 (Artifex Ghostscript before 10.03.0 has a heap-based pointer disc
 	NOTE: https://cgit.ghostscript.com/cgi-bin/cgit.cgi/ghostpdl.git/commit/?id=147e5abd63d82c9ec3587c6f67a5d8ec7dc38e61 (ghostpdl-10.03.0)
 	NOTE: https://cgit.ghostscript.com/cgi-bin/cgit.cgi/ghostpdl.git/commit/?id=d084021e06ba1caa1373fbbcf24a8510f43830ab (ghostpdl-10.03.0)
 CVE-2024-29507 (Artifex Ghostscript before 10.03.0 sometimes has a stack-based buffer  ...)
+	{DSA-5760-1}
 	- ghostscript 10.03.0~dfsg-1
 	[bullseye] - ghostscript <not-affected> (Vulnerable code introduced later)
 	NOTE: https://bugs.ghostscript.com/show_bug.cgi?id=707510
@@ -13743,6 +13956,7 @@ CVE-2024-29507 (Artifex Ghostscript before 10.03.0 sometimes has a stack-based b
 	NOTE: Introduced with: https://cgit.ghostscript.com/cgi-bin/cgit.cgi/ghostpdl.git/commit/?id=316c3a08269212f1005709da64efcb383f8f5ce0 (ghostpdl-9.55.0rc1)
 	NOTE: Fixed by: https://cgit.ghostscript.com/cgi-bin/cgit.cgi/ghostpdl.git/commit/?id=7745dbe24514710b0cfba925e608e607dee9eb0f (ghostpdl-10.03.0)
 CVE-2024-29506 (Artifex Ghostscript before 10.03.0 has a stack-based buffer overflow i ...)
+	{DSA-5760-1}
 	- ghostscript 10.03.0~dfsg-1
 	[bullseye] - ghostscript <not-affected> (Vulnerable code introduced later)
 	NOTE: https://bugs.ghostscript.com/show_bug.cgi?id=707510
@@ -57472,9 +57686,9 @@ CVE-2024-23591 (ThinkSystem SR670V2 servers manufactured from approximately June
 	NOT-FOR-US: Lenovo
 CVE-2024-22854 (DOM-based HTML injection vulnerability in the main page of Darktrace T ...)
 	NOT-FOR-US: Darktrace Threat Visualizer
-CVE-2024-22426 (Dell RecoverPoint for Virtual Machines 5.3.x contains an OS Command in ...)
+CVE-2024-22426 (Dell RecoverPoint for Virtual Machines 5.3.x, 6.0.SP1 contains an OS C ...)
 	NOT-FOR-US: Dell
-CVE-2024-22425 (Dell RecoverPoint for Virtual Machines 5.3.x contains a brute force/di ...)
+CVE-2024-22425 (Dell RecoverPoint for Virtual Machines 5.3.x, 6.0.SP1 contains a brute ...)
 	NOT-FOR-US: Dell
 CVE-2024-21915 (A privilege escalation vulnerability exists in Rockwell Automation Fac ...)
 	NOT-FOR-US: Rockwell Automation



View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/34d2c913af1371c3cf7c1ce93d95ff7e0a9894fd

-- 
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/34d2c913af1371c3cf7c1ce93d95ff7e0a9894fd
You're receiving this email because of your account on salsa.debian.org.


-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://alioth-lists.debian.net/pipermail/debian-security-tracker-commits/attachments/20240829/f15a03d1/attachment.htm>

More information about the debian-security-tracker-commits mailing list