[Git][security-tracker-team/security-tracker][master] automatic update

[Salvatore Bonaccorso (@carnil)]

Salvatore Bonaccorso pushed to branch master at Debian Security Tracker / security-tracker


Commits:
ba15c604 by security tracker role at 2024-06-25T08:12:39+00:00
automatic update

- - - - -


1 changed file:

- data/CVE/list


Changes:

=====================================
data/CVE/list
=====================================
@@ -1,16 +1,138 @@
-CVE-2024-6293
+CVE-2024-6297 (Several plugins for WordPress hosted on WordPress.org have been compro ...)
+	TODO: check
+CVE-2024-6295 (udn News Android APP stores the unencrypted user session in the local  ...)
+	TODO: check
+CVE-2024-6294 (udn News Android APP stores the user session in logcat file when user  ...)
+	TODO: check
+CVE-2024-5431 (The WPCafe \u2013 Online Food Ordering, Restaurant Menu, Delivery, and ...)
+	TODO: check
+CVE-2024-4759 (The Mime Types Extended WordPress plugin through 0.11 does not sanitis ...)
+	TODO: check
+CVE-2024-4757 (The Logo Manager For Enamad WordPress plugin through 0.7.0 does not ha ...)
+	TODO: check
+CVE-2024-4197 (An unrestrictedfile upload vulnerability in Avaya IP Officewas discove ...)
+	TODO: check
+CVE-2024-4196 (An improper input validation vulnerability  was discovered in Avaya IP ...)
+	TODO: check
+CVE-2024-3249 (The Zita Elementor Site Library plugin for WordPress is vulnerable to  ...)
+	TODO: check
+CVE-2024-38903 (H3C Magic R230 V100R002's udpserver opens port 9034, allowing attacker ...)
+	TODO: check
+CVE-2024-38902 (H3C Magic R230 V100R002 was discovered to contain a hardcoded password ...)
+	TODO: check
+CVE-2024-38897 (WAVLINK WN551K1'live_check.shtml enables attackers to obtain sensitive ...)
+	TODO: check
+CVE-2024-38896 (WAVLINK WN551K1 found a command injection vulnerability through the st ...)
+	TODO: check
+CVE-2024-38895 (WAVLINK WN551K1'live_mfg.shtml enables attackers to obtain sensitive r ...)
+	TODO: check
+CVE-2024-38894 (WAVLINK WN551K1 found a command injection vulnerability through the IP ...)
+	TODO: check
+CVE-2024-38892 (An issue in Wavlink WN551K1 allows a remote attacker to obtain sensiti ...)
+	TODO: check
+CVE-2024-37759 (DataGear v5.0.0 and earlier was discovered to contain a SpEL (Spring E ...)
+	TODO: check
+CVE-2024-37007 (A maliciously crafted X_B and X_T file, when parsed in pskernel.DLL th ...)
+	TODO: check
+CVE-2024-37006 (A maliciously crafted CATPRODUCT file, when parsed in CC5Dll.dll throu ...)
+	TODO: check
+CVE-2024-37005 (A maliciously crafted X_B and X_T file, when parsed in pskernel.DLL th ...)
+	TODO: check
+CVE-2024-37004 (A maliciously crafted SLDPRT file, when parsed in ASMKERN229A.dll thro ...)
+	TODO: check
+CVE-2024-37003 (A maliciously crafted DWG and SLDPRT file, when parsed in opennurbs.dl ...)
+	TODO: check
+CVE-2024-37002 (A maliciously crafted MODEL file, when parsed in ASMkern229A.dllthroug ...)
+	TODO: check
+CVE-2024-37001 ([A maliciously crafted 3DM file, when parsed in opennurbs.dll through  ...)
+	TODO: check
+CVE-2024-37000 (A maliciously crafted X_B file, when parsed in pskernel.DLL through Au ...)
+	TODO: check
+CVE-2024-36999 (A maliciously crafted 3DM file, when parsed in opennurbs.dll through A ...)
+	TODO: check
+CVE-2024-36683 (SQL injection vulnerability in the module "Products Alert" (productsal ...)
+	TODO: check
+CVE-2024-36682 (In the module "Theme settings" (pk_themesettings) <= 1.8.8 from Promok ...)
+	TODO: check
+CVE-2024-36681 (SQL Injection vulnerability in the module "Isotope" (pk_isotope) <=1.7 ...)
+	TODO: check
+CVE-2024-34992 (SQL Injection vulnerability in the module "Help Desk - Customer Suppor ...)
+	TODO: check
+CVE-2024-34991 (In the module "Axepta" (axepta) before 1.3.4 from Quadra Informatique  ...)
+	TODO: check
+CVE-2024-34988 (SQL injection vulnerability in the module "Complete for Create a Quote ...)
+	TODO: check
+CVE-2024-33898 (Axiros AXESS Auto Configuration Server (ACS) 4.x and 5.0.0 has Incorre ...)
+	TODO: check
+CVE-2024-32855 (Dell Client Platform BIOS contains an Out-of-bounds Write vulnerabilit ...)
+	TODO: check
+CVE-2024-23159 (A maliciously crafted STP file, when parsed in stp_aim_x64_vc15d.dll t ...)
+	TODO: check
+CVE-2024-23158 (A maliciously crafted IGES file, when parsed in ASMImport229A.dll thro ...)
+	TODO: check
+CVE-2024-23157 (A maliciously crafted SLDASM or SLDPRT file, when parsed in ODXSW_DLL. ...)
+	TODO: check
+CVE-2024-23156 (A maliciously crafted 3DM file, when parsed in opennurbs.dll and ASMke ...)
+	TODO: check
+CVE-2024-23155 (A maliciously crafted MODEL file, when parsed in atf_asm_interface.dll ...)
+	TODO: check
+CVE-2024-23154 (A maliciously crafted SLDPRT file, when parsed in ODXSW_DLL.dll throug ...)
+	TODO: check
+CVE-2024-23153 (A maliciously crafted MODEL file, when parsed in libodx.dll through Au ...)
+	TODO: check
+CVE-2024-23152 (A maliciously crafted 3DM file, when parsed in opennurbs.dll through A ...)
+	TODO: check
+CVE-2024-23151 (A maliciously crafted 3DM file, when parsed in ASMkern229A.dll through ...)
+	TODO: check
+CVE-2024-23150 (A maliciously crafted PRT file, when parsed in odxug_dll.dll through A ...)
+	TODO: check
+CVE-2024-23149 (A maliciously crafted SLDDRW file, when parsed in ODXSW_DLL.dll throug ...)
+	TODO: check
+CVE-2024-23148 (A maliciously crafted CATPRODUCT file, when parsed in CC5Dll.dll throu ...)
+	TODO: check
+CVE-2024-23147 (A maliciously crafted CATPART, X_B and STEP, when parsed in ASMKERN228 ...)
+	TODO: check
+CVE-2024-23146 (A maliciously crafted X_B and X_T file, when parsed in pskernel.DLL th ...)
+	TODO: check
+CVE-2024-23145 (A maliciously crafted PRT file, when parsed in opennurbs.dll through A ...)
+	TODO: check
+CVE-2024-23144 (A maliciously crafted CATPART file, when parsed in CC5Dll.dll and ASMB ...)
+	TODO: check
+CVE-2024-23143 (A maliciously crafted 3DM, MODEL and X_B file, when parsed in ASMkern2 ...)
+	TODO: check
+CVE-2024-23142 (A maliciously crafted CATPART, STP, and MODEL file, when parsed in atf ...)
+	TODO: check
+CVE-2024-23141 (A maliciously crafted MODEL file, when parsed in libodxdll through Aut ...)
+	TODO: check
+CVE-2024-23140 (A maliciously crafted 3DM and MODEL file, when parsed in opennurbs.dll ...)
+	TODO: check
+CVE-2024-22385 (Incorrect Default Permissions vulnerability in Hitachi Storage Provide ...)
+	TODO: check
+CVE-2024-22168 (A Cross-Site Scripting (XSS) vulnerability on the My Cloud, My Cloud H ...)
+	TODO: check
+CVE-2023-6198 (Use of Hard-coded Credentials vulnerability in Baicells Snap Router Ba ...)
+	TODO: check
+CVE-2023-5038 (badmonkey, a Security Researcher has found a flaw that allows for a un ...)
+	TODO: check
+CVE-2023-50029 (PHP Injection vulnerability in the module "M4 PDF Extensions" (m4pdf)  ...)
+	TODO: check
+CVE-2023-45196 (Adminer and AdminerEvo allow an unauthenticated remote attacker to cau ...)
+	TODO: check
+CVE-2023-45195 (Adminer and AdminerEvo are vulnerable to SSRF via database connection  ...)
+	TODO: check
+CVE-2024-6293 (Use after free in Dawn in Google Chrome prior to 126.0.6478.126 allowe ...)
 	- chromium <unfixed>
 	[bullseye] - chromium <end-of-life> (see #1061268)
 	[buster] - chromium <end-of-life> (see DSA 5046)
-CVE-2024-6292
+CVE-2024-6292 (Use after free in Dawn in Google Chrome prior to 126.0.6478.126 allowe ...)
 	- chromium <unfixed>
 	[bullseye] - chromium <end-of-life> (see #1061268)
 	[buster] - chromium <end-of-life> (see DSA 5046)
-CVE-2024-6291
+CVE-2024-6291 (Use after free in Swiftshader in Google Chrome prior to 126.0.6478.126 ...)
 	- chromium <unfixed>
 	[bullseye] - chromium <end-of-life> (see #1061268)
 	[buster] - chromium <end-of-life> (see DSA 5046)
-CVE-2024-6290
+CVE-2024-6290 (Use after free in Dawn in Google Chrome prior to 126.0.6478.126 allowe ...)
 	- chromium <unfixed>
 	[bullseye] - chromium <end-of-life> (see #1061268)
 	[buster] - chromium <end-of-life> (see DSA 5046)
@@ -40261,7 +40383,7 @@ CVE-2024-25124 (Fiber is a web framework written in go. Prior to version 2.52.1,
 	NOT-FOR-US: Fiber
 CVE-2024-23654 (discourse-ai is the AI plugin for the open-source discussion platform  ...)
 	NOT-FOR-US: Discourse plugin
-CVE-2024-23137 (A maliciously crafted STP or SLDPRT file in ODXSW_DLL.dll when parsed  ...)
+CVE-2024-23137 (A maliciously crafted STP or SLDPRT file, when parsed in ODXSW_DLL.dll ...)
 	NOT-FOR-US: Autodesk
 CVE-2024-23136 (A maliciously crafted STP file in ASMKERN228A.dll when parsed through  ...)
 	NOT-FOR-US: Autodesk
@@ -40273,15 +40395,15 @@ CVE-2024-23133 (A maliciously crafted STP file in ASMDATAX228A.dll when parsed t
 	NOT-FOR-US: Autodesk
 CVE-2024-23132 (A maliciously crafted STP file in atf_dwg_consumer.dll when parsed thr ...)
 	NOT-FOR-US: Autodesk
-CVE-2024-23131 (A maliciously crafted STP file in ASMKERN228A.dll or ASMDATAX228A.dll  ...)
+CVE-2024-23131 (A maliciously crafted STP file, when parsed in ASMIMPORT229A.dll, ASMK ...)
 	NOT-FOR-US: Autodesk
-CVE-2024-23130 (A maliciously crafted SLDASM, or SLDPRT files in ODXSW_DLL.dll when pa ...)
+CVE-2024-23130 (A maliciously crafted SLDASM or SLDPRT file, when parsed in ODXSW_DLL. ...)
 	NOT-FOR-US: Autodesk
-CVE-2024-23129 (A maliciously crafted MODEL 3DM, STP or SLDASM files in opennurbs.dll  ...)
+CVE-2024-23129 (A maliciously crafted MODEL 3DM, STP, or SLDASM file, when in opennurb ...)
 	NOT-FOR-US: Autodesk
-CVE-2024-23128 (A maliciously crafted MODEL file in libodxdll.dll when parsed through  ...)
+CVE-2024-23128 (A maliciously crafted MODEL file, when parsed in libodxdll.dll and ASM ...)
 	NOT-FOR-US: Autodesk
-CVE-2024-23127 (A maliciously crafted MODEL, SLDPRT or SLDASM file in VCRUNTIME140.dll ...)
+CVE-2024-23127 (A maliciously crafted MODEL, SLDPRT, or SLDASM file, when parsed in OD ...)
 	NOT-FOR-US: Autodesk
 CVE-2024-23126 (A maliciously crafted CATPART file in CC5Dll.dll when parsed through A ...)
 	NOT-FOR-US: Autodesk
@@ -40289,9 +40411,9 @@ CVE-2024-23125 (A maliciously crafted SLDPRT file when parsed ODXSW_DLL.dll thro
 	NOT-FOR-US: Autodesk
 CVE-2024-23124 (A maliciously crafted STP file in ASMIMPORT228A.dll when parsed throug ...)
 	NOT-FOR-US: Autodesk
-CVE-2024-23123 (A maliciously crafted CATPART file in CC5Dll.dll or ASMBASE228A.dll wh ...)
+CVE-2024-23123 (A maliciously crafted CATPART file, when parsed in CC5Dll.dll and ASMB ...)
 	NOT-FOR-US: Autodesk
-CVE-2024-23122 (A maliciously crafted 3DM file in opennurbs.dll when parsed through Au ...)
+CVE-2024-23122 (A maliciously crafted 3DM file, when parsed in opennurbs.dll through A ...)
 	NOT-FOR-US: Autodesk
 CVE-2024-23121 (A maliciously crafted MODEL file when parsed in libodxdll.dll through  ...)
 	NOT-FOR-US: Autodesk
@@ -60044,8 +60166,8 @@ CVE-2023-5747 (Bashis, a Security Researcher at IPVM has found a flaw that allow
 	NOT-FOR-US: Hanwha Vision PNV-A6081R
 CVE-2023-5741 (The POWR plugin for WordPress is vulnerable to Stored Cross-Site Scrip ...)
 	NOT-FOR-US: WordPress plugin
-CVE-2023-5037
-	REJECTED
+CVE-2023-5037 (badmonkey, a Security Researcher has found a flaw that allows for a au ...)
+	TODO: check
 CVE-2023-4775 (The Advanced iFrame plugin for WordPress is vulnerable to Stored Cross ...)
 	NOT-FOR-US: WordPress plugin
 CVE-2023-47669 (Cross-Site Request Forgery (CSRF) vulnerability in Cozmoslabs User Pro ...)



View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/ba15c604c41e7ad9ad9bb688f74ff4a3487e49f2

-- 
This project does not include diff previews in email notifications.
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/ba15c604c41e7ad9ad9bb688f74ff4a3487e49f2
You're receiving this email because of your account on salsa.debian.org.


-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://alioth-lists.debian.net/pipermail/debian-security-tracker-commits/attachments/20240625/840a2a30/attachment.htm>