[Git][security-tracker-team/security-tracker][master] automatic update
Salvatore Bonaccorso (@carnil)
carnil at debian.org
Tue Jun 25 09:12:53 BST 2024
Salvatore Bonaccorso pushed to branch master at Debian Security Tracker / security-tracker
Commits:
ba15c604 by security tracker role at 2024-06-25T08:12:39+00:00
automatic update
- - - - -
1 changed file:
- data/CVE/list
Changes:
=====================================
data/CVE/list
=====================================
@@ -1,16 +1,138 @@
-CVE-2024-6293
+CVE-2024-6297 (Several plugins for WordPress hosted on WordPress.org have been compro ...)
+ TODO: check
+CVE-2024-6295 (udn News Android APP stores the unencrypted user session in the local ...)
+ TODO: check
+CVE-2024-6294 (udn News Android APP stores the user session in logcat file when user ...)
+ TODO: check
+CVE-2024-5431 (The WPCafe \u2013 Online Food Ordering, Restaurant Menu, Delivery, and ...)
+ TODO: check
+CVE-2024-4759 (The Mime Types Extended WordPress plugin through 0.11 does not sanitis ...)
+ TODO: check
+CVE-2024-4757 (The Logo Manager For Enamad WordPress plugin through 0.7.0 does not ha ...)
+ TODO: check
+CVE-2024-4197 (An unrestrictedfile upload vulnerability in Avaya IP Officewas discove ...)
+ TODO: check
+CVE-2024-4196 (An improper input validation vulnerability was discovered in Avaya IP ...)
+ TODO: check
+CVE-2024-3249 (The Zita Elementor Site Library plugin for WordPress is vulnerable to ...)
+ TODO: check
+CVE-2024-38903 (H3C Magic R230 V100R002's udpserver opens port 9034, allowing attacker ...)
+ TODO: check
+CVE-2024-38902 (H3C Magic R230 V100R002 was discovered to contain a hardcoded password ...)
+ TODO: check
+CVE-2024-38897 (WAVLINK WN551K1'live_check.shtml enables attackers to obtain sensitive ...)
+ TODO: check
+CVE-2024-38896 (WAVLINK WN551K1 found a command injection vulnerability through the st ...)
+ TODO: check
+CVE-2024-38895 (WAVLINK WN551K1'live_mfg.shtml enables attackers to obtain sensitive r ...)
+ TODO: check
+CVE-2024-38894 (WAVLINK WN551K1 found a command injection vulnerability through the IP ...)
+ TODO: check
+CVE-2024-38892 (An issue in Wavlink WN551K1 allows a remote attacker to obtain sensiti ...)
+ TODO: check
+CVE-2024-37759 (DataGear v5.0.0 and earlier was discovered to contain a SpEL (Spring E ...)
+ TODO: check
+CVE-2024-37007 (A maliciously crafted X_B and X_T file, when parsed in pskernel.DLL th ...)
+ TODO: check
+CVE-2024-37006 (A maliciously crafted CATPRODUCT file, when parsed in CC5Dll.dll throu ...)
+ TODO: check
+CVE-2024-37005 (A maliciously crafted X_B and X_T file, when parsed in pskernel.DLL th ...)
+ TODO: check
+CVE-2024-37004 (A maliciously crafted SLDPRT file, when parsed in ASMKERN229A.dll thro ...)
+ TODO: check
+CVE-2024-37003 (A maliciously crafted DWG and SLDPRT file, when parsed in opennurbs.dl ...)
+ TODO: check
+CVE-2024-37002 (A maliciously crafted MODEL file, when parsed in ASMkern229A.dllthroug ...)
+ TODO: check
+CVE-2024-37001 ([A maliciously crafted 3DM file, when parsed in opennurbs.dll through ...)
+ TODO: check
+CVE-2024-37000 (A maliciously crafted X_B file, when parsed in pskernel.DLL through Au ...)
+ TODO: check
+CVE-2024-36999 (A maliciously crafted 3DM file, when parsed in opennurbs.dll through A ...)
+ TODO: check
+CVE-2024-36683 (SQL injection vulnerability in the module "Products Alert" (productsal ...)
+ TODO: check
+CVE-2024-36682 (In the module "Theme settings" (pk_themesettings) <= 1.8.8 from Promok ...)
+ TODO: check
+CVE-2024-36681 (SQL Injection vulnerability in the module "Isotope" (pk_isotope) <=1.7 ...)
+ TODO: check
+CVE-2024-34992 (SQL Injection vulnerability in the module "Help Desk - Customer Suppor ...)
+ TODO: check
+CVE-2024-34991 (In the module "Axepta" (axepta) before 1.3.4 from Quadra Informatique ...)
+ TODO: check
+CVE-2024-34988 (SQL injection vulnerability in the module "Complete for Create a Quote ...)
+ TODO: check
+CVE-2024-33898 (Axiros AXESS Auto Configuration Server (ACS) 4.x and 5.0.0 has Incorre ...)
+ TODO: check
+CVE-2024-32855 (Dell Client Platform BIOS contains an Out-of-bounds Write vulnerabilit ...)
+ TODO: check
+CVE-2024-23159 (A maliciously crafted STP file, when parsed in stp_aim_x64_vc15d.dll t ...)
+ TODO: check
+CVE-2024-23158 (A maliciously crafted IGES file, when parsed in ASMImport229A.dll thro ...)
+ TODO: check
+CVE-2024-23157 (A maliciously crafted SLDASM or SLDPRT file, when parsed in ODXSW_DLL. ...)
+ TODO: check
+CVE-2024-23156 (A maliciously crafted 3DM file, when parsed in opennurbs.dll and ASMke ...)
+ TODO: check
+CVE-2024-23155 (A maliciously crafted MODEL file, when parsed in atf_asm_interface.dll ...)
+ TODO: check
+CVE-2024-23154 (A maliciously crafted SLDPRT file, when parsed in ODXSW_DLL.dll throug ...)
+ TODO: check
+CVE-2024-23153 (A maliciously crafted MODEL file, when parsed in libodx.dll through Au ...)
+ TODO: check
+CVE-2024-23152 (A maliciously crafted 3DM file, when parsed in opennurbs.dll through A ...)
+ TODO: check
+CVE-2024-23151 (A maliciously crafted 3DM file, when parsed in ASMkern229A.dll through ...)
+ TODO: check
+CVE-2024-23150 (A maliciously crafted PRT file, when parsed in odxug_dll.dll through A ...)
+ TODO: check
+CVE-2024-23149 (A maliciously crafted SLDDRW file, when parsed in ODXSW_DLL.dll throug ...)
+ TODO: check
+CVE-2024-23148 (A maliciously crafted CATPRODUCT file, when parsed in CC5Dll.dll throu ...)
+ TODO: check
+CVE-2024-23147 (A maliciously crafted CATPART, X_B and STEP, when parsed in ASMKERN228 ...)
+ TODO: check
+CVE-2024-23146 (A maliciously crafted X_B and X_T file, when parsed in pskernel.DLL th ...)
+ TODO: check
+CVE-2024-23145 (A maliciously crafted PRT file, when parsed in opennurbs.dll through A ...)
+ TODO: check
+CVE-2024-23144 (A maliciously crafted CATPART file, when parsed in CC5Dll.dll and ASMB ...)
+ TODO: check
+CVE-2024-23143 (A maliciously crafted 3DM, MODEL and X_B file, when parsed in ASMkern2 ...)
+ TODO: check
+CVE-2024-23142 (A maliciously crafted CATPART, STP, and MODEL file, when parsed in atf ...)
+ TODO: check
+CVE-2024-23141 (A maliciously crafted MODEL file, when parsed in libodxdll through Aut ...)
+ TODO: check
+CVE-2024-23140 (A maliciously crafted 3DM and MODEL file, when parsed in opennurbs.dll ...)
+ TODO: check
+CVE-2024-22385 (Incorrect Default Permissions vulnerability in Hitachi Storage Provide ...)
+ TODO: check
+CVE-2024-22168 (A Cross-Site Scripting (XSS) vulnerability on the My Cloud, My Cloud H ...)
+ TODO: check
+CVE-2023-6198 (Use of Hard-coded Credentials vulnerability in Baicells Snap Router Ba ...)
+ TODO: check
+CVE-2023-5038 (badmonkey, a Security Researcher has found a flaw that allows for a un ...)
+ TODO: check
+CVE-2023-50029 (PHP Injection vulnerability in the module "M4 PDF Extensions" (m4pdf) ...)
+ TODO: check
+CVE-2023-45196 (Adminer and AdminerEvo allow an unauthenticated remote attacker to cau ...)
+ TODO: check
+CVE-2023-45195 (Adminer and AdminerEvo are vulnerable to SSRF via database connection ...)
+ TODO: check
+CVE-2024-6293 (Use after free in Dawn in Google Chrome prior to 126.0.6478.126 allowe ...)
- chromium <unfixed>
[bullseye] - chromium <end-of-life> (see #1061268)
[buster] - chromium <end-of-life> (see DSA 5046)
-CVE-2024-6292
+CVE-2024-6292 (Use after free in Dawn in Google Chrome prior to 126.0.6478.126 allowe ...)
- chromium <unfixed>
[bullseye] - chromium <end-of-life> (see #1061268)
[buster] - chromium <end-of-life> (see DSA 5046)
-CVE-2024-6291
+CVE-2024-6291 (Use after free in Swiftshader in Google Chrome prior to 126.0.6478.126 ...)
- chromium <unfixed>
[bullseye] - chromium <end-of-life> (see #1061268)
[buster] - chromium <end-of-life> (see DSA 5046)
-CVE-2024-6290
+CVE-2024-6290 (Use after free in Dawn in Google Chrome prior to 126.0.6478.126 allowe ...)
- chromium <unfixed>
[bullseye] - chromium <end-of-life> (see #1061268)
[buster] - chromium <end-of-life> (see DSA 5046)
@@ -40261,7 +40383,7 @@ CVE-2024-25124 (Fiber is a web framework written in go. Prior to version 2.52.1,
NOT-FOR-US: Fiber
CVE-2024-23654 (discourse-ai is the AI plugin for the open-source discussion platform ...)
NOT-FOR-US: Discourse plugin
-CVE-2024-23137 (A maliciously crafted STP or SLDPRT file in ODXSW_DLL.dll when parsed ...)
+CVE-2024-23137 (A maliciously crafted STP or SLDPRT file, when parsed in ODXSW_DLL.dll ...)
NOT-FOR-US: Autodesk
CVE-2024-23136 (A maliciously crafted STP file in ASMKERN228A.dll when parsed through ...)
NOT-FOR-US: Autodesk
@@ -40273,15 +40395,15 @@ CVE-2024-23133 (A maliciously crafted STP file in ASMDATAX228A.dll when parsed t
NOT-FOR-US: Autodesk
CVE-2024-23132 (A maliciously crafted STP file in atf_dwg_consumer.dll when parsed thr ...)
NOT-FOR-US: Autodesk
-CVE-2024-23131 (A maliciously crafted STP file in ASMKERN228A.dll or ASMDATAX228A.dll ...)
+CVE-2024-23131 (A maliciously crafted STP file, when parsed in ASMIMPORT229A.dll, ASMK ...)
NOT-FOR-US: Autodesk
-CVE-2024-23130 (A maliciously crafted SLDASM, or SLDPRT files in ODXSW_DLL.dll when pa ...)
+CVE-2024-23130 (A maliciously crafted SLDASM or SLDPRT file, when parsed in ODXSW_DLL. ...)
NOT-FOR-US: Autodesk
-CVE-2024-23129 (A maliciously crafted MODEL 3DM, STP or SLDASM files in opennurbs.dll ...)
+CVE-2024-23129 (A maliciously crafted MODEL 3DM, STP, or SLDASM file, when in opennurb ...)
NOT-FOR-US: Autodesk
-CVE-2024-23128 (A maliciously crafted MODEL file in libodxdll.dll when parsed through ...)
+CVE-2024-23128 (A maliciously crafted MODEL file, when parsed in libodxdll.dll and ASM ...)
NOT-FOR-US: Autodesk
-CVE-2024-23127 (A maliciously crafted MODEL, SLDPRT or SLDASM file in VCRUNTIME140.dll ...)
+CVE-2024-23127 (A maliciously crafted MODEL, SLDPRT, or SLDASM file, when parsed in OD ...)
NOT-FOR-US: Autodesk
CVE-2024-23126 (A maliciously crafted CATPART file in CC5Dll.dll when parsed through A ...)
NOT-FOR-US: Autodesk
@@ -40289,9 +40411,9 @@ CVE-2024-23125 (A maliciously crafted SLDPRT file when parsed ODXSW_DLL.dll thro
NOT-FOR-US: Autodesk
CVE-2024-23124 (A maliciously crafted STP file in ASMIMPORT228A.dll when parsed throug ...)
NOT-FOR-US: Autodesk
-CVE-2024-23123 (A maliciously crafted CATPART file in CC5Dll.dll or ASMBASE228A.dll wh ...)
+CVE-2024-23123 (A maliciously crafted CATPART file, when parsed in CC5Dll.dll and ASMB ...)
NOT-FOR-US: Autodesk
-CVE-2024-23122 (A maliciously crafted 3DM file in opennurbs.dll when parsed through Au ...)
+CVE-2024-23122 (A maliciously crafted 3DM file, when parsed in opennurbs.dll through A ...)
NOT-FOR-US: Autodesk
CVE-2024-23121 (A maliciously crafted MODEL file when parsed in libodxdll.dll through ...)
NOT-FOR-US: Autodesk
@@ -60044,8 +60166,8 @@ CVE-2023-5747 (Bashis, a Security Researcher at IPVM has found a flaw that allow
NOT-FOR-US: Hanwha Vision PNV-A6081R
CVE-2023-5741 (The POWR plugin for WordPress is vulnerable to Stored Cross-Site Scrip ...)
NOT-FOR-US: WordPress plugin
-CVE-2023-5037
- REJECTED
+CVE-2023-5037 (badmonkey, a Security Researcher has found a flaw that allows for a au ...)
+ TODO: check
CVE-2023-4775 (The Advanced iFrame plugin for WordPress is vulnerable to Stored Cross ...)
NOT-FOR-US: WordPress plugin
CVE-2023-47669 (Cross-Site Request Forgery (CSRF) vulnerability in Cozmoslabs User Pro ...)
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/ba15c604c41e7ad9ad9bb688f74ff4a3487e49f2
--
This project does not include diff previews in email notifications.
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/ba15c604c41e7ad9ad9bb688f74ff4a3487e49f2
You're receiving this email because of your account on salsa.debian.org.
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://alioth-lists.debian.net/pipermail/debian-security-tracker-commits/attachments/20240625/840a2a30/attachment.htm>
More information about the debian-security-tracker-commits
mailing list