[Git][security-tracker-team/security-tracker][master] automatic update
Salvatore Bonaccorso (@carnil)
carnil at debian.org
Wed Jun 26 21:12:52 BST 2024
Salvatore Bonaccorso pushed to branch master at Debian Security Tracker / security-tracker
Commits:
5e55cfd5 by security tracker role at 2024-06-26T20:12:30+00:00
automatic update
- - - - -
1 changed file:
- data/CVE/list
Changes:
=====================================
data/CVE/list
=====================================
@@ -1,3 +1,55 @@
+CVE-2024-6354 (Improper access control in PAM dashboard in Devolutions Remote Desktop ...)
+ TODO: check
+CVE-2024-6349
+ REJECTED
+CVE-2024-6344 (A vulnerability, which was classified as problematic, was found in ZKT ...)
+ TODO: check
+CVE-2024-4604 (URL Redirection to Untrusted Site ('Open Redirect') vulnerability in M ...)
+ TODO: check
+CVE-2024-4228 (Improper Neutralization of Special Elements used in an SQL Command ('S ...)
+ TODO: check
+CVE-2024-39460 (Jenkins Bitbucket Branch Source Plugin 886.v44cf5e4ecec5 and earlier p ...)
+ TODO: check
+CVE-2024-39459 (In rare cases Jenkins Plain Credentials Plugin 182.v468b_97b_9dcb_8 an ...)
+ TODO: check
+CVE-2024-39458 (When Jenkins Structs Plugin 337.v1b_04ea_4df7c8 and earlier fails to c ...)
+ TODO: check
+CVE-2024-39243 (An issue discovered in skycaiji 2.8 allows attackers to run arbitrary ...)
+ TODO: check
+CVE-2024-39242 (A cross-site scripting (XSS) vulnerability in skycaiji v2.8 allows att ...)
+ TODO: check
+CVE-2024-39241 (Cross Site Scripting (XSS) vulnerability in skycaiji 2.8 allows attack ...)
+ TODO: check
+CVE-2024-38950 (Heap Buffer Overflow vulnerability in Libde265 v1.0.15 allows attacker ...)
+ TODO: check
+CVE-2024-38949 (Heap Buffer Overflow vulnerability in Libde265 v1.0.15 allows attacker ...)
+ TODO: check
+CVE-2024-38527 (ZenUML is JavaScript-based diagramming tool that requires no server, u ...)
+ TODO: check
+CVE-2024-38520 (SoftEtherVPN is a an open-source cross-platform multi-protocol VPN Pro ...)
+ TODO: check
+CVE-2024-38375 (@fastly/js-compute is a JavaScript SDK and runtime for building Fastly ...)
+ TODO: check
+CVE-2024-38272 (There exists a vulnerability in Quickshare/Nearby where an attacker ca ...)
+ TODO: check
+CVE-2024-38271 (There exists a vulnerability in Quickshare/Nearby where an attacker ca ...)
+ TODO: check
+CVE-2024-37252 (Improper Neutralization of Special Elements used in an SQL Command ('S ...)
+ TODO: check
+CVE-2024-37098 (Server-Side Request Forgery (SSRF) vulnerability in Blossom Themes Blo ...)
+ TODO: check
+CVE-2024-35545 (MAP-OS v4.45.0 and earlier was discovered to contain a cross-site scri ...)
+ TODO: check
+CVE-2024-33329 (A hardcoded privileged ID within Lumisxp v15.0.x to v16.1.x allows att ...)
+ TODO: check
+CVE-2024-33328 (A cross-site scripting (XSS) vulnerability in the component main.jsp o ...)
+ TODO: check
+CVE-2024-33327 (A cross-site scripting (XSS) vulnerability in the component UrlAccessi ...)
+ TODO: check
+CVE-2024-33326 (A cross-site scripting (XSS) vulnerability in the component XsltResult ...)
+ TODO: check
+CVE-2024-25637 (October is a self-hosted CMS platform based on the Laravel PHP Framewo ...)
+ TODO: check
CVE-2024-6060 (An information disclosure vulnerability in Phloc Webscopes 7.0.0 allow ...)
NOT-FOR-US: Phloc Webscopes
CVE-2024-5573 (The Easy Table of Contents WordPress plugin before 2.0.66 does not san ...)
@@ -60,7 +112,7 @@ CVE-2024-37855 (An issue in Nepstech Wifi Router xpon (terminal) NTPL-Xpon1GFEVN
NOT-FOR-US: Nepstech Wifi Router
CVE-2024-37843 (Craft CMS up to v3.7.31 was discovered to contain a SQL injection vuln ...)
NOT-FOR-US: Craft CMS
-CVE-2024-37742 (An issue in Safe Exam Browser for Windows before 3.6 allows an attacke ...)
+CVE-2024-37742 (Insecure Access Control in Safe Exam Browser (SEB) = 3.5.0 on Windows. ...)
NOT-FOR-US: Safe Exam Browser
CVE-2024-37141 (Dell PowerProtect DD, versions prior to 8.0, LTS 7.13.1.0, LTS 7.10.1. ...)
NOT-FOR-US: Dell
@@ -6622,7 +6674,7 @@ CVE-2024-5171 (Integer overflow in libaom internal functionimg_alloc_helper can
NOTE: https://aomedia.googlesource.com/aom/+/19d9966572a410804349e1a8ee2017fed49a6dab
NOTE: https://aomedia.googlesource.com/aom/+/8156fb76d88845d716867d20333fd27001be47a8
CVE-2024-5197 (There exists interger overflows in libvpx in versions prior to 1.14.1. ...)
- {DLA-3830-1}
+ {DSA-5722-1 DLA-3830-1}
- libvpx 1.14.1-1
NOTE: https://issues.chromium.org/issues/332382766
NOTE: https://github.com/webmproject/libvpx/commit/c5640e3300690705c336966e2a8bb346a388c829
@@ -14824,6 +14876,7 @@ CVE-2024-32636 (A vulnerability has been identified in Parasolid V35.1 (All vers
CVE-2024-32635 (A vulnerability has been identified in Parasolid V35.1 (All versions < ...)
NOT-FOR-US: Siemens
CVE-2024-32465 (Git is a revision control system. The Git project recommends to avoid ...)
+ {DLA-3844-1}
- git 1:2.45.1-1 (bug #1071160)
NOTE: https://github.com/git/git/security/advisories/GHSA-vm9j-46j9-qvq4
NOTE: https://github.com/git/git/commit/7b70e9efb18c2cc3f219af399bd384c5801ba1d7
@@ -14864,6 +14917,7 @@ CVE-2024-32057 (A vulnerability has been identified in PS/IGES Parasolid Transla
CVE-2024-32055 (A vulnerability has been identified in PS/IGES Parasolid Translator Co ...)
NOT-FOR-US: Siemens
CVE-2024-32021 (Git is a revision control system. Prior to versions 2.45.1, 2.44.1, 2. ...)
+ {DLA-3844-1}
- git 1:2.45.1-1 (bug #1071160)
NOTE: https://github.com/git/git/security/advisories/GHSA-mvxm-9j2h-qjx7
CVE-2024-32020 (Git is a revision control system. Prior to versions 2.45.1, 2.44.1, 2. ...)
@@ -14873,12 +14927,14 @@ CVE-2024-32020 (Git is a revision control system. Prior to versions 2.45.1, 2.44
NOTE: https://github.com/git/git/commit/9e65df5eab274bf74c7b570107aacd1303a1e703
NOTE: Regression: https://lore.kernel.org/git/924426.1716570031@dash.ant.isi.edu/T/#u
CVE-2024-32004 (Git is a revision control system. Prior to versions 2.45.1, 2.44.1, 2. ...)
+ {DLA-3844-1}
- git 1:2.45.1-1 (bug #1071160)
NOTE: https://github.com/git/git/security/advisories/GHSA-xfc6-vwr8-r389
NOTE: https://github.com/git/git/commit/f4aa8c8bb11dae6e769cd930565173808cbb69c8
NOTE: https://github.com/git/git/commit/7b70e9efb18c2cc3f219af399bd384c5801ba1d7
NOTE: Regression: https://lore.kernel.org/git/924426.1716570031@dash.ant.isi.edu/T/#u
CVE-2024-32002 (Git is a revision control system. Prior to versions 2.45.1, 2.44.1, 2. ...)
+ {DLA-3844-1}
- git 1:2.45.1-1 (bug #1071160)
NOTE: https://github.com/git/git/security/advisories/GHSA-8h77-4q3w-gfgv
NOTE: https://github.com/git/git/commit/97065761333fd62db1912d81b489db938d8c991d
@@ -21711,7 +21767,7 @@ CVE-2024-1789 (The WP SMTP plugin for WordPress is vulnerable to SQL Injection v
CVE-2024-0740 (Eclipse Target Management: Terminal and Remote System Explorer (RSE) v ...)
NOT-FOR-US: Eclipse Target Management: Terminal and Remote System Explorer
CVE-2023-51794 (Buffer Overflow vulnerability in Ffmpeg v.N113007-g8d24a28d06 allows a ...)
- {DSA-5712-1}
+ {DSA-5721-1 DSA-5712-1}
[experimental] - ffmpeg 7:7.0-1
- ffmpeg <unfixed>
[buster] - ffmpeg <postponed> (Pick up when fixed in 4.1.x)
@@ -22996,7 +23052,7 @@ CVE-2024-1065 (Use After Free vulnerability in Arm Ltd Bifrost GPU Kernel Driver
CVE-2024-0671 (Use After Free vulnerability in Arm Ltd Midgard GPU Kernel Driver, Arm ...)
NOT-FOR-US: Arm
CVE-2023-51798 (Buffer Overflow vulnerability in Ffmpeg v.N113007-g8d24a28d06 allows a ...)
- {DSA-5712-1}
+ {DSA-5721-1 DSA-5712-1}
[experimental] - ffmpeg 7:7.0-1
- ffmpeg <unfixed>
[buster] - ffmpeg <postponed> (Pick up when fixed in most related branch)
@@ -23028,7 +23084,7 @@ CVE-2023-51795 (Buffer Overflow vulnerability in Ffmpeg v.N113007-g8d24a28d06 al
NOTE: Fixed in https://github.com/FFmpeg/FFmpeg/commit/ab0fdaedd1e7224f7e84ea22fcbfaa4ca75a6c06 (n7.0)
NOTE: Introduced in https://github.com/FFmpeg/FFmpeg/commit/81df787b53eb5c6433731f6eaaf7f2a94d8a8c80 (n5.1)
CVE-2023-51793 (Buffer Overflow vulnerability in Ffmpeg v.N113007-g8d24a28d06 allows a ...)
- {DSA-5712-1}
+ {DSA-5721-1 DSA-5712-1}
[experimental] - ffmpeg 7:7.0-1
- ffmpeg <unfixed>
[buster] - ffmpeg <postponed> (Pick up when fixed in most related branch)
@@ -23052,7 +23108,7 @@ CVE-2023-51791 (Buffer Overflow vulenrability in Ffmpeg v.N113007-g8d24a28d06 al
CVE-2023-50260 (Wazuh is a free and open source platform used for threat prevention, d ...)
NOT-FOR-US: Wazuh
CVE-2023-50010 (Buffer Overflow vulnerability in Ffmpeg v.n6.1-3-g466799d4f5 allows a ...)
- {DSA-5712-1}
+ {DSA-5721-1 DSA-5712-1}
[experimental] - ffmpeg 7:7.0-1
- ffmpeg <unfixed>
[buster] - ffmpeg <postponed> (Pick up when fixed in most related branch)
@@ -93903,6 +93959,7 @@ CVE-2023-29009 (baserCMS is a website development framework with WebAPI that run
CVE-2023-29008 (The SvelteKit framework offers developers an option to create simple R ...)
NOT-FOR-US: SvelteKit
CVE-2023-29007 (Git is a revision control system. Prior to versions 2.30.9, 2.31.8, 2. ...)
+ {DLA-3844-1}
- git 1:2.40.1-1 (bug #1034835)
[bookworm] - git <no-dsa> (Minor issue)
[bullseye] - git <no-dsa> (Minor issue)
@@ -94063,6 +94120,7 @@ CVE-2023-1692 (The window management module lacks permission verification.Succes
CVE-2023-1691 (Vulnerability of failures to capture exceptions in the communication f ...)
NOT-FOR-US: Huawei
CVE-2022-48434 (libavcodec/pthread_frame.c in FFmpeg before 5.1.2, as used in VLC and ...)
+ {DSA-5721-1}
- ffmpeg 7:5.1.2-1
[buster] - ffmpeg <postponed> (Wait until the backport to 4.x)
NOTE: https://git.ffmpeg.org/gitweb/ffmpeg.git/commit/cc867f2c09d2b69cee8a0eccd62aff002cbbfe11 (n6.1-dev)
@@ -100844,8 +100902,8 @@ CVE-2023-26879
RESERVED
CVE-2023-26878
RESERVED
-CVE-2023-26877
- RESERVED
+CVE-2023-26877 (File upload vulnerability found in Softexpert Excellence Suite v.2.1 a ...)
+ TODO: check
CVE-2023-26876 (SQL injection vulnerability found in Piwigo v.13.5.0 and before allows ...)
- piwigo <removed>
CVE-2023-26875
@@ -103786,6 +103844,7 @@ CVE-2023-25817 (Nextcloud server is an open source, personal cloud implementatio
CVE-2023-25816 (Nextcloud is an Open Source private cloud software. Versions 25.0.0 an ...)
- nextcloud-server <itp> (bug #941708)
CVE-2023-25815 (In Git for Windows, the Windows port of Git, no localized messages are ...)
+ {DLA-3844-1}
- git 1:2.40.1-1 (bug #1034835)
[bookworm] - git <no-dsa> (Minor issue)
[bullseye] - git <no-dsa> (Minor issue)
@@ -104598,6 +104657,7 @@ CVE-2023-25653 (node-jose is a JavaScript implementation of the JSON Object Sign
NOT-FOR-US: Cisco node-jose (different from src:node-jose)
NOTE: https://github.com/cisco/node-jose/security/advisories/GHSA-5h4j-qrvg-9xhw
CVE-2023-25652 (Git is a revision control system. Prior to versions 2.30.9, 2.31.8, 2. ...)
+ {DLA-3844-1}
- git 1:2.40.1-1 (bug #1034835)
[bookworm] - git <no-dsa> (Minor issue)
[bullseye] - git <no-dsa> (Minor issue)
@@ -172901,7 +172961,7 @@ CVE-2022-29422 (Multiple Authenticated (admin+) Persistent Cross-Site Scripting
NOT-FOR-US: WordPress plugin
CVE-2022-29421 (Reflected Cross-Site Scripting (XSS) vulnerability in Adam Skaat's Cou ...)
NOT-FOR-US: WordPress plugin
-CVE-2022-29420 (Authenticated (admin+) Stored Cross-Site Scripting (XSS) vulnerability ...)
+CVE-2022-29420 (Improper Neutralization of Input During Web Page Generation (XSS or 'C ...)
NOT-FOR-US: WordPress plugin
CVE-2022-29419 (SQL Injection (SQLi) vulnerability in Don Crowther's 3xSocializer plug ...)
NOT-FOR-US: WordPress plugin
@@ -405136,7 +405196,7 @@ CVE-2019-1389 (A remote code execution vulnerability exists when Windows Hyper-V
CVE-2019-1388 (An elevation of privilege vulnerability exists in the Windows Certific ...)
NOT-FOR-US: Microsoft
CVE-2019-1387 (An issue was found in Git before v2.24.1, v2.23.1, v2.22.2, v2.21.1, v ...)
- {DSA-4581-1 DLA-2059-1}
+ {DSA-4581-1 DLA-3844-1 DLA-2059-1}
- git 1:2.24.0-2
NOTE: https://git.kernel.org/pub/scm/git/git.git/commit/?id=a8dee3ca610f5a1d403634492136c887f83b59d2
NOTE: https://www.openwall.com/lists/oss-security/2019/12/13/1
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/5e55cfd51c66ad2699da8211ba3f3fc267145596
--
This project does not include diff previews in email notifications.
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/5e55cfd51c66ad2699da8211ba3f3fc267145596
You're receiving this email because of your account on salsa.debian.org.
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://alioth-lists.debian.net/pipermail/debian-security-tracker-commits/attachments/20240626/ecc5b2ad/attachment.htm>
More information about the debian-security-tracker-commits
mailing list