[Git][security-tracker-team/security-tracker][master] automatic update
Salvatore Bonaccorso (@carnil)
carnil at debian.org
Wed Jun 12 21:12:48 BST 2024
Salvatore Bonaccorso pushed to branch master at Debian Security Tracker / security-tracker
Commits:
df97ab30 by security tracker role at 2024-06-12T20:12:26+00:00
automatic update
- - - - -
1 changed file:
- data/CVE/list
Changes:
=====================================
data/CVE/list
=====================================
@@ -1,3 +1,169 @@
+CVE-2024-5909 (A problem with a protection mechanism in the Palo Alto Networks Cortex ...)
+ TODO: check
+CVE-2024-5908 (A problem with the Palo Alto Networks GlobalProtect app can result in ...)
+ TODO: check
+CVE-2024-5907 (A privilege escalation (PE) vulnerability in the Palo Alto Networks Co ...)
+ TODO: check
+CVE-2024-5906 (A cross-site scripting (XSS) vulnerability in Palo Alto Networks Prism ...)
+ TODO: check
+CVE-2024-5905 (A problem with a protection mechanism in the Palo Alto Networks Cortex ...)
+ TODO: check
+CVE-2024-5898 (A vulnerability was found in itsourcecode Payroll Management System 1. ...)
+ TODO: check
+CVE-2024-5897 (A vulnerability has been found in SourceCodester Employee and Visitor ...)
+ TODO: check
+CVE-2024-5896 (A vulnerability, which was classified as critical, was found in Source ...)
+ TODO: check
+CVE-2024-5895 (A vulnerability, which was classified as critical, has been found in S ...)
+ TODO: check
+CVE-2024-5894 (A vulnerability classified as critical was found in SourceCodester Onl ...)
+ TODO: check
+CVE-2024-5893 (A vulnerability classified as critical has been found in SourceCodeste ...)
+ TODO: check
+CVE-2024-5891 (A vulnerability was found in Quay. If an attacker can obtain the clien ...)
+ TODO: check
+CVE-2024-5798 (Vault and Vault Enterprise did not properly validate the JSON Web Toke ...)
+ TODO: check
+CVE-2024-5759 (An improper privilege management vulnerability exists in Tenable Secur ...)
+ TODO: check
+CVE-2024-5674 (The Newsletter - API v1 and v2 addon plugin for WordPress is vulnerabl ...)
+ TODO: check
+CVE-2024-5560 (CWE-125: Out-of-bounds Read vulnerability exists that could cause deni ...)
+ TODO: check
+CVE-2024-5559 (CWE-327: Use of a Broken or Risky Cryptographic Algorithm vulnerabilit ...)
+ TODO: check
+CVE-2024-5558 (CWE-367: Time-of-check Time-of-use (TOCTOU) Race Condition vulnerabili ...)
+ TODO: check
+CVE-2024-5557 (CWE-532: Insertion of Sensitive Information into Log File vulnerabilit ...)
+ TODO: check
+CVE-2024-5468 (The WordPress Header Builder Plugin \u2013 Pearl plugin for WordPress ...)
+ TODO: check
+CVE-2024-5313 (CWE-668: Exposure of the Resource Wrong Sphere vulnerability exists th ...)
+ TODO: check
+CVE-2024-5266 (The Download Manager Pro plugin for WordPress is vulnerable to Stored ...)
+ TODO: check
+CVE-2024-5211 (A path traversal vulnerability in mintplex-labs/anything-llm allowed a ...)
+ TODO: check
+CVE-2024-5056 (CWE-552: Files or Directories Accessible to External Parties vulnerabi ...)
+ TODO: check
+CVE-2024-4898 (The InstaWP Connect \u2013 1-click WP Staging & Migration plugin for W ...)
+ TODO: check
+CVE-2024-4845 (The Icegram Express plugin for WordPress is vulnerable to SQL Injectio ...)
+ TODO: check
+CVE-2024-3492 (The Events Manager \u2013 Calendar, Bookings, Tickets, and more! plugi ...)
+ TODO: check
+CVE-2024-37878 (Cross Site Scripting vulnerability in TWCMS v.2.0.3 allows a remote at ...)
+ TODO: check
+CVE-2024-37629 (SummerNote 0.8.18 is vulnerable to Cross Site Scripting (XSS) via the ...)
+ TODO: check
+CVE-2024-37304 (NuGet Gallery is a package repository that powers nuget.org. The NuGet ...)
+ TODO: check
+CVE-2024-37300 (OAuthenticator is software that allows OAuth2 identity providers to be ...)
+ TODO: check
+CVE-2024-37297 (WooCommerce is an open-source e-commerce platform built on WordPress. ...)
+ TODO: check
+CVE-2024-37040 (CWE-120: Buffer Copy without Checking Size of Input (\u2018Classic Buf ...)
+ TODO: check
+CVE-2024-37039 (CWE-252: Unchecked Return Value vulnerability exists that could cause ...)
+ TODO: check
+CVE-2024-37038 (CWE-276: Incorrect Default Permissions vulnerability exists that could ...)
+ TODO: check
+CVE-2024-37037 (CWE-22: Improper Limitation of a Pathname to a Restricted Directory (\ ...)
+ TODO: check
+CVE-2024-37036 (CWE-787: Out-of-bounds Write vulnerability exists that could result in ...)
+ TODO: check
+CVE-2024-36840 (SQL Injection vulnerability in Boelter Blue System Management v.1.3 al ...)
+ TODO: check
+CVE-2024-36761 (naga v0.14.0 was discovered to contain a stack overflow via the compon ...)
+ TODO: check
+CVE-2024-36699 (GNU Debugger v8.2 to v14.2 was discovered to contain a buffer overflow ...)
+ TODO: check
+CVE-2024-36691 (Insecure permissions in the AdminController.AjaxSave() method of PPGo_ ...)
+ TODO: check
+CVE-2024-36265 (** UNSUPPORTED WHEN ASSIGNED ** Incorrect Authorization vulnerability ...)
+ TODO: check
+CVE-2024-36264 (** UNSUPPORTED WHEN ASSIGNED ** Improper Authentication vulnerability ...)
+ TODO: check
+CVE-2024-36263 (** UNSUPPORTED WHEN ASSIGNED ** Improper Neutralization of Special Ele ...)
+ TODO: check
+CVE-2024-34065 (Strapi is an open-source content management system. By combining two v ...)
+ TODO: check
+CVE-2024-31881 (IBM Db2 for Linux, UNIX and Windows (includes Db2 Connect Server) 10.5 ...)
+ TODO: check
+CVE-2024-31217 (Strapi is an open-source content management system. Prior to version 4 ...)
+ TODO: check
+CVE-2024-2747 (CWE-428: Unquoted search path or element vulnerability exists in Easer ...)
+ TODO: check
+CVE-2024-2300 (HP Advance Mobile Applications for iOS and Android are potentially vul ...)
+ TODO: check
+CVE-2024-2230
+ REJECTED
+CVE-2024-2092 (The Elementor Addon Elements plugin for WordPress is vulnerable to Sto ...)
+ TODO: check
+CVE-2024-29181 (Strapi is an open-source content management system. Prior to version 4 ...)
+ TODO: check
+CVE-2024-28964 (Dell Common Event Enabler, version 8.9.10.0 and prior, contain an inse ...)
+ TODO: check
+CVE-2024-28762 (IBM Db2 for Linux, UNIX and Windows (includes DB2 Connect Server) 10.5 ...)
+ TODO: check
+CVE-2024-25949 (Dell OS10 Networking Switches, versions10.5.6.x, 10.5.5.x, 10.5.4.x an ...)
+ TODO: check
+CVE-2024-24051 (Improper input validation of printing files in Monoprice Select Mini V ...)
+ TODO: check
+CVE-2024-22855 (A cross-site scripting (XSS) vulnerability in the User Maintenance sec ...)
+ TODO: check
+CVE-2024-1891 (A stored cross site scripting vulnerability exists in Tenable Security ...)
+ TODO: check
+CVE-2024-1766 (The Download Manager plugin for WordPress is vulnerable to Stored Cros ...)
+ TODO: check
+CVE-2024-1659 (Arbitrary File Upload vulnerability in MegaBIP software allows attacke ...)
+ TODO: check
+CVE-2024-1577 (Remote Code Execution vulnerability in MegaBIP software allows to exec ...)
+ TODO: check
+CVE-2024-1576 (SQL Injection vulnerability in MegaBIP software allows attacker to obt ...)
+ TODO: check
+CVE-2024-0865 (CWE-798: Use of hard-coded credentials vulnerability exists that could ...)
+ TODO: check
+CVE-2023-52177 (Missing Authorization vulnerability in SoftLab Integrate Google Drive. ...)
+ TODO: check
+CVE-2023-52117 (Missing Authorization vulnerability in Metagauss ProfileGrid.This issu ...)
+ TODO: check
+CVE-2023-51680 (Missing Authorization vulnerability in TechnoVama Quotes for WooCommer ...)
+ TODO: check
+CVE-2023-51679 (Missing Authorization vulnerability in BulkGate BulkGate SMS Plugin fo ...)
+ TODO: check
+CVE-2023-51671 (Missing Authorization vulnerability in FunnelKit FunnelKit Checkout.Th ...)
+ TODO: check
+CVE-2023-51670 (Missing Authorization vulnerability in FunnelKit FunnelKit Checkout.Th ...)
+ TODO: check
+CVE-2023-51537 (Missing Authorization vulnerability in Awesome Support Team Awesome Su ...)
+ TODO: check
+CVE-2023-51526 (Missing Authorization vulnerability in Brett Shumaker Simple Staff Lis ...)
+ TODO: check
+CVE-2023-51524 (Missing Authorization vulnerability in weForms.This issue affects weFo ...)
+ TODO: check
+CVE-2023-51413 (Missing Authorization vulnerability in Piotnet Forms.This issue affect ...)
+ TODO: check
+CVE-2023-49559 (An issue in vektah gqlparser open-source-library v.2.5.10 allows a rem ...)
+ TODO: check
+CVE-2023-48280 (Missing Authorization vulnerability in Consensu.IO Consensu.Io.This is ...)
+ TODO: check
+CVE-2023-47845 (Cross-Site Request Forgery (CSRF) vulnerability in Lim Kai Yang Grab & ...)
+ TODO: check
+CVE-2023-47828 (Missing Authorization vulnerability in Mandrill wpMandrill.This issue ...)
+ TODO: check
+CVE-2023-44234 (Missing Authorization vulnerability in Bastianon Massimo WP GPX Map.Th ...)
+ TODO: check
+CVE-2023-41240 (Missing Authorization vulnerability in Vark Pricing Deals for WooComme ...)
+ TODO: check
+CVE-2023-40672 (Missing Authorization vulnerability in Hardik Chavada Sticky Social Me ...)
+ TODO: check
+CVE-2023-40603 (Missing Authorization vulnerability in Gangesh Matta Simple Org Chart. ...)
+ TODO: check
+CVE-2023-40209 (Missing Authorization vulnerability in Himalaya Saxena Highcompress Im ...)
+ TODO: check
+CVE-2023-38395 (Missing Authorization vulnerability in Afzal Multani WP Clone Menu.Thi ...)
+ TODO: check
CVE-2024-5892 (The Divi Torque Lite \u2013 Divi Theme and Extra Theme plugin for Word ...)
NOT-FOR-US: WordPress plugin
CVE-2024-5873
@@ -18,7 +184,7 @@ CVE-2024-5777
REJECTED
CVE-2024-5776
REJECTED
-CVE-2024-5739 (The in-app browser of LINE iOS versions below 14.9.0 contains a Univer ...)
+CVE-2024-5739 (The in-app browser of LINE client for iOS versions below 14.9.0 contai ...)
NOT-FOR-US: LINE iOS
CVE-2024-5646 (The Futurio Extra plugin for WordPress is vulnerable to Stored Cross-S ...)
NOT-FOR-US: WordPress plugin
@@ -438,12 +604,14 @@ CVE-2023-38533 (A vulnerability has been identified in TIA Administrator (All ve
CVE-2023-33922 (Missing Authorization vulnerability in Elementor Elementor Website Bui ...)
NOT-FOR-US: WordPress plugin
CVE-2024-5702 (Memory corruption in the networking stack could have led to a potentia ...)
+ {DSA-5709-1}
- firefox-esr 115.12.0esr-1
NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2024-26/#CVE-2024-5702
CVE-2024-5701 (Memory safety bugs present in Firefox 126. Some of these bugs showed e ...)
- firefox 127.0-1
NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2024-25/#CVE-2024-5701
CVE-2024-5700 (Memory safety bugs present in Firefox 126, Firefox ESR 115.11, and Thu ...)
+ {DSA-5709-1}
- firefox 127.0-1
- firefox-esr 115.12.0esr-1
NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2024-25/#CVE-2024-5700
@@ -458,6 +626,7 @@ CVE-2024-5697 (A website was able to detect when a user took a screenshot of a p
- firefox 127.0-1
NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2024-25/#CVE-2024-5697
CVE-2024-5696 (By manipulating the text in an `<input>` tag, an attacker could ...)
+ {DSA-5709-1}
- firefox 127.0-1
- firefox-esr 115.12.0esr-1
NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2024-25/#CVE-2024-5696
@@ -469,6 +638,7 @@ CVE-2024-5694 (An attacker could have caused a use-after-free in the JavaScript
- firefox 127.0-1
NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2024-25/#CVE-2024-5694
CVE-2024-5693 (Offscreen Canvas did not properly track cross-origin tainting, which c ...)
+ {DSA-5709-1}
- firefox 127.0-1
- firefox-esr 115.12.0esr-1
NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2024-25/#CVE-2024-5693
@@ -479,11 +649,13 @@ CVE-2024-5692 (On Windows, when using the 'Save As' functionality, an attacker c
NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2024-25/#CVE-2024-5692
NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2024-26/#CVE-2024-5692
CVE-2024-5691 (By tricking the browser with a `X-Frame-Options` header, a sandboxed i ...)
+ {DSA-5709-1}
- firefox 127.0-1
- firefox-esr 115.12.0esr-1
NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2024-25/#CVE-2024-5691
NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2024-26/#CVE-2024-5691
CVE-2024-5690 (By monitoring the time certain operations take, an attacker could have ...)
+ {DSA-5709-1}
- firefox 127.0-1
- firefox-esr 115.12.0esr-1
NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2024-25/#CVE-2024-5690
@@ -492,6 +664,7 @@ CVE-2024-5689 (In addition to detecting when a user was taking a screenshot (XXX
- firefox 127.0-1
NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2024-25/#CVE-2024-5689
CVE-2024-5688 (If a garbage collection was triggered at the right time, a use-after-f ...)
+ {DSA-5709-1}
- firefox 127.0-1
- firefox-esr 115.12.0esr-1
NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2024-25/#CVE-2024-5688
@@ -693,9 +866,9 @@ CVE-2023-6748 (The Custom Field Template plugin for WordPress is vulnerable to S
NOT-FOR-US: WordPress plugin
CVE-2023-6745 (The Custom Field Template plugin for WordPress is vulnerable to Stored ...)
NOT-FOR-US: WordPress plugin
-CVE-2024-5203
+CVE-2024-5203 (A Cross-site request forgery (CSRF) flaw was found in Keycloak and occ ...)
NOT-FOR-US: Keycloak
-CVE-2024-3183
+CVE-2024-3183 (A vulnerability was found in FreeIPA in a way when a Kerberos TGS-REQ ...)
- freeipa <unfixed>
NOTE: https://bugzilla.redhat.com/show_bug.cgi?id=2270685
CVE-2024-2698 (A vulnerability was found in FreeIPA in how the initial implementation ...)
@@ -1252,7 +1425,7 @@ CVE-2024-36965 (In the Linux kernel, the following vulnerability has been resolv
[bullseye] - linux <not-affected> (Vulnerable code not present)
[buster] - linux <not-affected> (Vulnerable code not present)
NOTE: https://git.kernel.org/linus/331f91d86f71d0bb89a44217cc0b2a22810bbd42 (6.10-rc1)
-CVE-2024-5742
+CVE-2024-5742 (A vulnerability was found in GNU Nano that allows a possible privilege ...)
- nano 8.0-1
[bookworm] - nano <no-dsa> (Minor issue)
[bullseye] - nano <no-dsa> (Minor issue)
@@ -1425,11 +1598,11 @@ CVE-2023-49221 (Precor touchscreen console P62, P80, and P82 could allow a remot
NOT-FOR-US: Precor touchscreen console
CVE-2024-37280
- elasticsearch <removed>
-CVE-2024-23445
+CVE-2024-23445 (It was identified that if a cross-cluster API key https://www.elastic ...)
- elasticsearch <removed>
CVE-2024-37279
- kibana <itp> (bug #700337)
-CVE-2024-5154
+CVE-2024-5154 (A flaw was found in cri-o. A malicious container can create a symbolic ...)
- cri-o <itp> (bug #979702)
CVE-2024-5640 (The Prime Slider \u2013 Addons For Elementor (Revolution of a slider, ...)
NOT-FOR-US: WordPress plugin
@@ -13114,7 +13287,7 @@ CVE-2024-34469 (Rukovoditel before 3.5.3 allows XSS via user_photo to index.php?
NOT-FOR-US: Rukovoditel
CVE-2024-34468 (Rukovoditel before 3.5.3 allows XSS via user_photo to My Page.)
NOT-FOR-US: Rukovoditel
-CVE-2024-34467 (ThinkPHP 8.0.3 allows remote attackers to discover the PHPSESSION cook ...)
+CVE-2024-34467 (ThinkPHP 8.0.3 allows remote attackers to exploit XSS due to inadequat ...)
NOT-FOR-US: ThinkPHP
CVE-2024-34462 (Alinto SOGo through 5.10.0 allows XSS during attachment preview.)
- sogo <unfixed> (bug #1071163)
@@ -16080,6 +16253,7 @@ CVE-2024-26980 (In the Linux kernel, the following vulnerability has been resolv
NOTE: https://git.kernel.org/linus/c119f4ede3fa90a9463f50831761c28f989bfb20 (6.9-rc6)
CVE-2024-26979
REJECTED
+ {DSA-5681-1}
CVE-2024-26978 (In the Linux kernel, the following vulnerability has been resolved: s ...)
{DSA-5681-1}
- linux 6.7.12-1
@@ -87939,7 +88113,7 @@ CVE-2023-29414 (A CWE-120: Buffer Copy without Checking Size of Input (Classic B
NOT-FOR-US: Schneider
CVE-2023-29413 (A CWE-306: Missing Authentication for Critical Function vulnerability ...)
NOT-FOR-US: Schneider
-CVE-2023-29412 (A CWE-78: Improper Handling of Case Sensitivity vulnerability exists t ...)
+CVE-2023-29412 (CWE-78: Improper Neutralization of Special Elements used in an OS Comm ...)
NOT-FOR-US: Schneider
CVE-2023-29411 (A CWE-306: Missing Authentication for Critical Function vulnerability ...)
NOT-FOR-US: Schneider
@@ -88544,8 +88718,8 @@ CVE-2023-29269
RESERVED
CVE-2023-29268 (The Splus Server component of TIBCO Software Inc.'s TIBCO Spotfire Sta ...)
NOT-FOR-US: TIBCO
-CVE-2023-29267
- RESERVED
+CVE-2023-29267 (IBM Db2 for Linux, UNIX and Windows (includes Db2 Connect Server) 10.5 ...)
+ TODO: check
CVE-2023-29266
RESERVED
CVE-2023-29265
@@ -101864,8 +102038,8 @@ CVE-2023-25032 (Auth. (admin+) Stored Cross-Site Scripting (XSS) vulnerability i
NOT-FOR-US: WordPress plugin
CVE-2023-25031 (Auth. (admin+) Stored Cross-Site Scripting (XSS) vulnerability in Kibo ...)
NOT-FOR-US: WordPress plugin
-CVE-2023-25030
- RESERVED
+CVE-2023-25030 (Missing Authorization vulnerability in Buy Me a Coffee.This issue affe ...)
+ TODO: check
CVE-2023-25029 (Cross-Site Request Forgery (CSRF) vulnerability in utahta WP Social Bo ...)
NOT-FOR-US: WordPress plugin
CVE-2023-25028 (Auth. (admin+) Stored Cross-Site Scripting (XSS) vulnerability in chuy ...)
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/df97ab30b9e5d79cea3e92a2841c78cb74975e8c
--
This project does not include diff previews in email notifications.
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/df97ab30b9e5d79cea3e92a2841c78cb74975e8c
You're receiving this email because of your account on salsa.debian.org.
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://alioth-lists.debian.net/pipermail/debian-security-tracker-commits/attachments/20240612/a95d7c41/attachment-0001.htm>
More information about the debian-security-tracker-commits
mailing list