[Git][security-tracker-team/security-tracker][master] automatic update
Salvatore Bonaccorso (@carnil)
carnil at debian.org
Fri Aug 30 21:12:29 BST 2024
Salvatore Bonaccorso pushed to branch master at Debian Security Tracker / security-tracker
Commits:
dc624e27 by security tracker role at 2024-08-30T20:12:11+00:00
automatic update
- - - - -
1 changed file:
- data/CVE/list
Changes:
=====================================
data/CVE/list
=====================================
@@ -1,4 +1,64 @@
-CVE-2022-48944 [sched: Fix yet more sched_fork() races]
+CVE-2024-8345 (A vulnerability was found in SourceCodester Music Gallery Site 1.0 and ...)
+ TODO: check
+CVE-2024-8344 (A vulnerability has been found in Campcodes Supplier Management System ...)
+ TODO: check
+CVE-2024-8343 (A vulnerability, which was classified as critical, was found in Source ...)
+ TODO: check
+CVE-2024-8342 (A vulnerability, which was classified as critical, has been found in S ...)
+ TODO: check
+CVE-2024-8341 (A vulnerability classified as critical was found in SourceCodester Pet ...)
+ TODO: check
+CVE-2024-8340 (A vulnerability classified as critical has been found in SourceCodeste ...)
+ TODO: check
+CVE-2024-8339 (A vulnerability was found in SourceCodester Electric Billing Managemen ...)
+ TODO: check
+CVE-2024-8338 (A vulnerability was found in HFO4 shudong-share 2.4.7. It has been dec ...)
+ TODO: check
+CVE-2024-8337 (A vulnerability, which was classified as problematic, has been found i ...)
+ TODO: check
+CVE-2024-8336 (A vulnerability classified as critical was found in SourceCodester Mus ...)
+ TODO: check
+CVE-2024-8335 (A vulnerability classified as critical has been found in OpenRapid Rap ...)
+ TODO: check
+CVE-2024-8334 (A vulnerability was found in master-nan Sweet-CMS up to 5f441e022b8876 ...)
+ TODO: check
+CVE-2024-8332 (A vulnerability was found in master-nan Sweet-CMS up to 5f441e022b8876 ...)
+ TODO: check
+CVE-2024-8331 (A vulnerability was found in OpenRapid RapidCMS up to 1.3.1. It has be ...)
+ TODO: check
+CVE-2024-8274 (The WP Booking Calendar plugin for WordPress is vulnerable to Reflecte ...)
+ TODO: check
+CVE-2024-8260 (A SMB force-authentication vulnerability exists in all versions of OPA ...)
+ TODO: check
+CVE-2024-8252 (The Clean Login plugin for WordPress is vulnerable to Local File Inclu ...)
+ TODO: check
+CVE-2024-8235 (A flaw was found in libvirt. A refactor of the code fetching the list ...)
+ TODO: check
+CVE-2024-8064
+ REJECTED
+CVE-2024-7858 (The Media Library Folders plugin for WordPress is vulnerable to unauth ...)
+ TODO: check
+CVE-2024-7712
+ REJECTED
+CVE-2024-7122 (The Elementor Addon Elements plugin for WordPress is vulnerable to Sto ...)
+ TODO: check
+CVE-2024-7051
+ REJECTED
+CVE-2024-6204 (Zohocorp ManageEngine Exchange Reporter Plus versions before5715 are v ...)
+ TODO: check
+CVE-2024-45047 (svelte performance oriented web framework. A potential mXSS vulnerabil ...)
+ TODO: check
+CVE-2024-44918 (A cross-site scripting (XSS) vulnerability in the component admin_data ...)
+ TODO: check
+CVE-2024-44916 (Vulnerability in admin_ip.php in Seacms v13.1, when action=set, allows ...)
+ TODO: check
+CVE-2024-42379
+ REJECTED
+CVE-2024-38868 (Zohocorp ManageEngine Endpoint Central affected byIncorrect authorizat ...)
+ TODO: check
+CVE-2024-21658 (discourse-calendar is a discourse plugin which adds the ability to cre ...)
+ TODO: check
+CVE-2022-48944 (In the Linux kernel, the following vulnerability has been resolved: s ...)
- linux 5.16.14-1
NOTE: https://git.kernel.org/linus/b1e8206582f9d680cff7d04828708c8b6ab32957 (5.17-rc5)
CVE-2024-8333
@@ -49,7 +109,7 @@ CVE-2024-45488 (One Identity Safeguard for Privileged Passwords before 7.5.2 all
NOT-FOR-US: One Identity Safeguard for Privileged Passwords
CVE-2024-45302 (RestSharp is a Simple REST and HTTP API Client for .NET. The second ar ...)
TODO: check
-CVE-2024-44944 [netfilter: ctnetlink: use helper function to calculate expect ID]
+CVE-2024-44944 (In the Linux kernel, the following vulnerability has been resolved: n ...)
- linux 6.10.3-1
[bookworm] - linux 6.1.106-1
NOTE: https://git.kernel.org/linus/782161895eb4ac45cf7cfa8db375bd4766cb8299 (6.11-rc1)
@@ -1235,7 +1295,7 @@ CVE-2024-41150 (An Stored Cross-site Scripting vulnerability in request module a
NOT-FOR-US: Zohocorp ManageEngine
CVE-2024-39841 (A SQL Injection vulnerability exists in the service configuration func ...)
- centreon-web <itp> (bug #913903)
-CVE-2024-38869 (An Stored Cross-site Scripting vulnerability affects ZohocorpManageEng ...)
+CVE-2024-38869 (Zohocorp ManageEngine Endpoint Central affected byIncorrect authorizat ...)
NOT-FOR-US: Zohocorp ManageEngine
CVE-2024-38807 (Applications that use spring-boot-loaderor spring-boot-loader-classica ...)
- libspring-java <unfixed> (unimportant)
@@ -1513,8 +1573,8 @@ CVE-2022-48937 (In the Linux kernel, the following vulnerability has been resolv
- linux 5.16.12-1
[bullseye] - linux 5.10.103-1
NOTE: https://git.kernel.org/linus/f240762f88b4b1b58561939ffd44837759756477 (5.17-rc6)
-CVE-2022-48936
- REJECTED
+CVE-2022-48936 (In the Linux kernel, the following vulnerability has been resolved: g ...)
+ TODO: check
CVE-2022-48935 (In the Linux kernel, the following vulnerability has been resolved: n ...)
- linux 5.16.12-1
[bullseye] - linux 5.10.205-1
@@ -4835,7 +4895,7 @@ CVE-2024-7681 (A vulnerability was found in code-projects College Management Sys
NOT-FOR-US: code-projects College Management System
CVE-2024-7680 (A vulnerability was found in itsourcecode Tailoring Management System ...)
NOT-FOR-US: itsourcecode Tailoring Management System
-CVE-2024-5651 (A flaw was found in fence agents that rely on SSH/Telnet. This vulnera ...)
+CVE-2024-5651 (A flaw was found in the Fence Agents Remediation operator. This vulner ...)
- fence-agents <unfixed> (bug #1078970)
[bookworm] - fence-agents <no-dsa> (Minor issue)
[bullseye] - fence-agents <postponed> (Minor issue)
@@ -7604,6 +7664,7 @@ CVE-2024-40796 (A privacy issue was addressed with improved private data redacti
CVE-2024-40795 (This issue was addressed with improved data protection. This issue is ...)
NOT-FOR-US: Apple
CVE-2024-40794 (This issue was addressed through improved state management. This issue ...)
+ {DSA-5762-1}
- webkit2gtk 2.44.3-1
- wpewebkit 2.44.3-1
[bookworm] - wpewebkit <ignored> (wpewebkit not covered by security support in Bookworm)
@@ -7612,6 +7673,7 @@ CVE-2024-40794 (This issue was addressed through improved state management. This
CVE-2024-40793 (This issue was addressed by removing the vulnerable code. This issue i ...)
NOT-FOR-US: Apple
CVE-2024-40789 (An out-of-bounds access issue was addressed with improved bounds check ...)
+ {DSA-5762-1}
- webkit2gtk 2.44.3-1
- wpewebkit 2.44.3-1
[bookworm] - wpewebkit <ignored> (wpewebkit not covered by security support in Bookworm)
@@ -7624,6 +7686,7 @@ CVE-2024-40787 (This issue was addressed by adding an additional prompt for user
CVE-2024-40786 (This issue was addressed through improved state management. This issue ...)
NOT-FOR-US: Apple
CVE-2024-40785 (This issue was addressed with improved checks. This issue is fixed in ...)
+ {DSA-5762-1}
- webkit2gtk 2.44.3-1
- wpewebkit 2.44.3-1
[bookworm] - wpewebkit <ignored> (wpewebkit not covered by security support in Bookworm)
@@ -7634,6 +7697,7 @@ CVE-2024-40784 (An integer overflow was addressed with improved input validation
CVE-2024-40783 (The issue was addressed with improved restriction of data container ac ...)
NOT-FOR-US: Apple
CVE-2024-40782 (A use-after-free issue was addressed with improved memory management. ...)
+ {DSA-5762-1}
- webkit2gtk 2.44.3-1
- wpewebkit 2.44.3-1
[bookworm] - wpewebkit <ignored> (wpewebkit not covered by security support in Bookworm)
@@ -7642,12 +7706,14 @@ CVE-2024-40782 (A use-after-free issue was addressed with improved memory manage
CVE-2024-40781 (The issue was addressed with improved checks. This issue is fixed in m ...)
NOT-FOR-US: Apple
CVE-2024-40780 (An out-of-bounds read was addressed with improved bounds checking. Thi ...)
+ {DSA-5762-1}
- webkit2gtk 2.44.3-1
- wpewebkit 2.44.3-1
[bookworm] - wpewebkit <ignored> (wpewebkit not covered by security support in Bookworm)
[bullseye] - wpewebkit <ignored> (wpewebkit >= 2.40 can no longer be sensibly backported)
NOTE: https://webkitgtk.org/security/WSA-2024-0004.html
CVE-2024-40779 (An out-of-bounds read was addressed with improved bounds checking. Thi ...)
+ {DSA-5762-1}
- webkit2gtk 2.44.3-1
- wpewebkit 2.44.3-1
[bookworm] - wpewebkit <ignored> (wpewebkit not covered by security support in Bookworm)
@@ -7658,6 +7724,7 @@ CVE-2024-40778 (An authentication issue was addressed with improved state manage
CVE-2024-40777 (An out-of-bounds access issue was addressed with improved bounds check ...)
NOT-FOR-US: Apple
CVE-2024-40776 (A use-after-free issue was addressed with improved memory management. ...)
+ {DSA-5762-1}
- webkit2gtk 2.44.3-1
- wpewebkit 2.44.3-1
[bookworm] - wpewebkit <ignored> (wpewebkit not covered by security support in Bookworm)
@@ -20781,7 +20848,7 @@ CVE-2024-5654 (The CF7 Google Sheets Connector plugin for WordPress is vulnerabl
NOT-FOR-US: WordPress plugin
CVE-2024-4680 (A vulnerability in zenml-io/zenml version 0.56.3 allows attackers to r ...)
NOT-FOR-US: zenml
-CVE-2024-4146 (In lunary-ai/lunary version v1.2.13, an improper authorization vulnera ...)
+CVE-2024-4146 (In lunary-ai/lunary version v1.2.13, an incorrect authorization vulner ...)
NOT-FOR-US: lunary-ai/lunary
CVE-2024-37408 (fprintd through 1.94.3 lacks a security attention mechanism, and thus ...)
- fprintd <unfixed> (bug #1072854)
@@ -32389,7 +32456,7 @@ CVE-2024-22266 (VMware Avi Load Balancer contains an information disclosure vuln
NOT-FOR-US: VMware
CVE-2024-22264 (VMware Avi Load Balancer contains a privilege escalation vulnerability ...)
NOT-FOR-US: VMware
-CVE-2024-1076 (The SSL Zen WordPress plugin before 4.6.0 only relies on the use of . ...)
+CVE-2024-1076 (The SSL Zen WordPress plugin before 4.6.0 does not properly prevent d ...)
NOT-FOR-US: WordPress plugin
CVE-2024-0043 (In multiple locations, there is a possible notification listener grant ...)
NOT-FOR-US: Android
@@ -32623,7 +32690,7 @@ CVE-2024-4559 (Heap buffer overflow in WebAudio in Google Chrome prior to 124.0.
[bullseye] - chromium <end-of-life> (see #1061268)
[buster] - chromium <end-of-life> (see DSA 5046)
CVE-2024-4558 (Use after free in ANGLE in Google Chrome prior to 124.0.6367.155 allow ...)
- {DSA-5683-1}
+ {DSA-5762-1 DSA-5683-1}
- chromium 124.0.6367.155-1
[bullseye] - chromium <end-of-life> (see #1061268)
[buster] - chromium <end-of-life> (see DSA 5046)
@@ -43283,7 +43350,7 @@ CVE-2024-23082 (ThreeTen Backport v1.6.8 was discovered to contain an integer ov
NOT-FOR-US: ThreeTen Backport
CVE-2024-23078 (JGraphT Core v1.5.2 was discovered to contain a NullPointerException v ...)
NOT-FOR-US: Disputed JGraphT issue
-CVE-2023-7164 (The BackWPup WordPress plugin before 4.0.4 does not prevent visitors f ...)
+CVE-2023-7164 (The BackWPup WordPress plugin before 4.0.4 does not prevent Directory ...)
NOT-FOR-US: WordPress plugin
CVE-2023-52554 (Permission control vulnerability in the Bluetooth module. Impact: Succ ...)
NOT-FOR-US: Huawei
@@ -56644,6 +56711,7 @@ CVE-2024-24476 (A buffer overflow in Wireshark before 4.2.0 allows a remote atta
NOTE: https://gitlab.com/wireshark/wireshark/-/issues/19344
NOTE: https://github.com/wireshark/wireshark/commit/108217f4bb1afb8b25fc705c2722b3e328b1ad78
CVE-2024-23346 (Pymatgen (Python Materials Genomics) is an open-source Python library ...)
+ {DSA-5763-1}
- pymatgen 2024.1.27+dfsg1-6 (bug #1064514)
NOTE: https://github.com/materialsproject/pymatgen/security/advisories/GHSA-vgv8-5cpj-qj2f
NOTE: https://github.com/materialsproject/pymatgen/commit/c231cbd3d5147ee920a37b6ee9dd236b376bcf5a (v2024.2.20)
@@ -58977,7 +59045,7 @@ CVE-2024-1420
REJECTED
CVE-2024-0566 (The Smart Manager WordPress plugin before 8.28.0 does not properly san ...)
NOT-FOR-US: WordPress plugin
-CVE-2024-0421 (The MapPress Maps for WordPress plugin before 2.88.16 does not ensure ...)
+CVE-2024-0421 (The MapPress Maps for WordPress plugin before 2.88.16 is affected by a ...)
NOT-FOR-US: WordPress plugin
CVE-2024-0420 (The MapPress Maps for WordPress plugin before 2.88.15 does not sanitiz ...)
NOT-FOR-US: WordPress plugin
@@ -92753,7 +92821,7 @@ CVE-2023-3508 (The WooCommerce Pre-Orders WordPress plugin before 2.0.3 has a fl
NOT-FOR-US: WordPress plugin
CVE-2023-3507 (The WooCommerce Pre-Orders WordPress plugin before 2.0.3 has a flawed ...)
NOT-FOR-US: WordPress plugin
-CVE-2023-3345 (The LMS by Masteriyo WordPress plugin before 1.6.8 does not properly s ...)
+CVE-2023-3345 (The LMS by Masteriyo WordPress plugin before 1.6.8 does not have prope ...)
NOT-FOR-US: WordPress plugin
CVE-2023-3292 (The grid-kit-premium WordPress plugin before 2.2.0 does not escape som ...)
NOT-FOR-US: WordPress plugin
@@ -134279,7 +134347,7 @@ CVE-2022-4542 (The Compact WP Audio Player WordPress plugin before 1.9.8 does no
CVE-2022-4541
RESERVED
CVE-2022-4540
- RESERVED
+ REJECTED
CVE-2022-4539
RESERVED
CVE-2022-4538
@@ -134299,7 +134367,7 @@ CVE-2022-4532 (The LOGIN AND REGISTRATION ATTEMPTS LIMIT plugin for WordPress is
CVE-2022-4531
REJECTED
CVE-2022-4530
- RESERVED
+ REJECTED
CVE-2022-4529
RESERVED
CVE-2022-4528
@@ -136063,7 +136131,7 @@ CVE-2022-4426 (The Mautic Integration for WooCommerce WordPress plugin before 1.
CVE-2022-4425
REJECTED
CVE-2022-4424
- RESERVED
+ REJECTED
CVE-2022-4423
RESERVED
CVE-2022-4422 (Call Center System developed by Bulutses Information Technologies befo ...)
@@ -187237,7 +187305,7 @@ CVE-2022-1511 (Missing Authorization in GitHub repository snipe/snipe-it prior t
- snipe-it <itp> (bug #1005172)
CVE-2022-1510 (An issue has been discovered in GitLab affecting all versions starting ...)
- gitlab 15.10.8+ds1-2
-CVE-2022-1509 (Sed Injection Vulnerability in GitHub repository hestiacp/hestiacp pri ...)
+CVE-2022-1509 (Command Injection Vulnerability in GitHub repository hestiacp/hestiacp ...)
NOT-FOR-US: Hestia Control Panel
CVE-2022-29868 (1Password for Mac 7.2.4 through 7.9.x before 7.9.3 is vulnerable to a ...)
NOT-FOR-US: 1Password
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/dc624e27d81a2dd38fa9871a62b49a46e35c8a35
--
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/dc624e27d81a2dd38fa9871a62b49a46e35c8a35
You're receiving this email because of your account on salsa.debian.org.
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://alioth-lists.debian.net/pipermail/debian-security-tracker-commits/attachments/20240830/9750f666/attachment.htm>
More information about the debian-security-tracker-commits
mailing list