[Git][security-tracker-team/security-tracker][master] automatic update

Salvatore Bonaccorso (@carnil) carnil at debian.org
Fri Jun 28 21:13:15 BST 2024 


Salvatore Bonaccorso pushed to branch master at Debian Security Tracker / security-tracker


Commits:
e1d22b1c by security tracker role at 2024-06-28T20:12:57+00:00
automatic update

- - - - -


1 changed file:

- data/CVE/list


Changes:

=====================================
data/CVE/list
=====================================
@@ -1,3 +1,81 @@
+CVE-2024-6403 (A vulnerability, which was classified as critical, has been found in T ...)
+	TODO: check
+CVE-2024-6402 (A vulnerability classified as critical was found in Tenda A301 15.13.0 ...)
+	TODO: check
+CVE-2024-5972
+	REJECTED
+CVE-2024-5925 (The Theron Lite theme for WordPress is vulnerable to Stored Cross-Site ...)
+	TODO: check
+CVE-2024-5922 (The Scylla lite theme for WordPress is vulnerable to Stored Cross-Site ...)
+	TODO: check
+CVE-2024-5827 (Vanna v0.3.4 is vulnerable to SQL injection in its DuckDB integration  ...)
+	TODO: check
+CVE-2024-5737 (Script afGdStream.php inAdmirorFrames Joomla! extension doesn\u2019t s ...)
+	TODO: check
+CVE-2024-5736 (Server Side Request Forgery (SSRF) vulnerability in AdmirorFrames Joom ...)
+	TODO: check
+CVE-2024-5735 (Full Path Disclosure vulnerability in AdmirorFrames Joomla! extension  ...)
+	TODO: check
+CVE-2024-5712 (Cross-Site Request Forgery (CSRF) in stitionai/devika)
+	TODO: check
+CVE-2024-5662 (The Ultimate Post Kit Addons For Elementor \u2013 (Post Grid, Post Car ...)
+	TODO: check
+CVE-2024-5424 (The Gallery Blocks with Lightbox. Image Gallery, (HTML5 video , YouTub ...)
+	TODO: check
+CVE-2024-3995 (In Helix ALM versions prior to 2024.2.0, a local command injection was ...)
+	TODO: check
+CVE-2024-3816 (Sites managed in S at M CMS (Concept Intermedia) might be vulnerable to a ...)
+	TODO: check
+CVE-2024-3801 (Sites managed in S at M CMS (Concept Intermedia) might be vulnerable to R ...)
+	TODO: check
+CVE-2024-3800 (Sites managed in S at M CMS (Concept Intermedia) might be vulnerable to R ...)
+	TODO: check
+CVE-2024-39704 (Soft Circle French-Bread Melty Blood: Actress Again: Current Code thro ...)
+	TODO: check
+CVE-2024-38531 (Nix is a package manager for Linux and other Unix systems that makes p ...)
+	TODO: check
+CVE-2024-38528 (nptd-rs is a tool for synchronizing your computer's clock, implementin ...)
+	TODO: check
+CVE-2024-38522 (Hush Line is a free and open-source, anonymous-tip-line-as-a-service f ...)
+	TODO: check
+CVE-2024-38521 (Hush Line is a free and open-source, anonymous-tip-line-as-a-service f ...)
+	TODO: check
+CVE-2024-38514 (NextChat is a cross-platform ChatGPT/Gemini UI. There is a Server-Side ...)
+	TODO: check
+CVE-2024-38374 (The CycloneDX core module provides a model representation of the SBOM  ...)
+	TODO: check
+CVE-2024-38371 (authentik is an open-source Identity Provider. Access restrictions ass ...)
+	TODO: check
+CVE-2024-38322 (IBM Storage Defender - Resiliency Service 2.0.0 through 2.0.4 agent us ...)
+	TODO: check
+CVE-2024-37905 (authentik is an open-source Identity Provider that emphasizes flexibil ...)
+	TODO: check
+CVE-2024-37741 (OpenPLC 3 through 9cd8f1b allows XSS via an SVG document as a profile  ...)
+	TODO: check
+CVE-2024-35156 (IBM MQ 9.3 LTS and 9.3 CD could allow a remote attacker to obtain sens ...)
+	TODO: check
+CVE-2024-35155 (IBM MQ Console 9.3 LTS and 9.3 CD could disclose could allow a remote  ...)
+	TODO: check
+CVE-2024-35139 (IBM Security Access Manager Docker 10.0.0.0 through 10.0.7.1 could all ...)
+	TODO: check
+CVE-2024-35137 (IBM Security Access Manager Docker 10.0.0.0 through 10.0.7.1 could all ...)
+	TODO: check
+CVE-2024-35116 (IBM MQ 9.0 LTS, 9.1 LTS, 9.2 LTS, 9.3 LTS, and 9.3 CD is vulnerable to ...)
+	TODO: check
+CVE-2024-31919 (IBM MQ 9.0 LTS, 9.1 LTS, 9.2 LTS, 9.3 LTS and 9.3 CD, in certain confi ...)
+	TODO: check
+CVE-2024-31912 (IBM MQ 9.3 LTS and 9.3 CD could allow an authenticated user to escalat ...)
+	TODO: check
+CVE-2024-27629 (An issue in dc2niix before v.1.0.20240202 allows a local attacker to e ...)
+	TODO: check
+CVE-2024-27628 (Buffer Overflow vulnerability in DCMTK v.3.6.8 allows an attacker to e ...)
+	TODO: check
+CVE-2024-25053 (IBM Cognos Analytics 11.2.0, 11.2.1, 11.2.2, 11.2.3, 11.2.4, 12.0.0, 1 ...)
+	TODO: check
+CVE-2024-25041 (IBM Cognos Analytics 11.2.0, 11.2.1, 11.2.2, 11.2.3, 11.2.4, 12.0.0, 1 ...)
+	TODO: check
+CVE-2024-25031 (IBM Storage Defender - Resiliency Service 2.0.0 through 2.0.4 uses an  ...)
+	TODO: check
 CVE-2024-6296 (The Stackable \u2013 Page Builder Gutenberg Blocks plugin for WordPres ...)
 	NOT-FOR-US: WordPress plugin
 CVE-2024-6288 (The Conversios \u2013 Google Analytics 4 (GA4), Meta Pixel & more Via  ...)
@@ -17985,10 +18063,12 @@ CVE-2024-34511
 CVE-2024-34510 (Gradio before 4.20 allows credential leakage on Windows.)
 	NOT-FOR-US: Gradio
 CVE-2024-34509 (dcmdata in DCMTK before 3.6.9 has a segmentation fault via an invalid  ...)
+	{DLA-3847-1}
 	- dcmtk 3.6.7-14
 	NOTE: https://support.dcmtk.org/redmine/issues/1114
 	NOTE: https://github.com/DCMTK/dcmtk/commit/c78e434c0c5f9d932874f0b17a8b4ce305ca01f5
 CVE-2024-34508 (dcmnet in DCMTK before 3.6.9 has a segmentation fault via an invalid D ...)
+	{DLA-3847-1}
 	- dcmtk 3.6.7-14
 	NOTE: https://support.dcmtk.org/redmine/issues/1114
 	NOTE: https://github.com/DCMTK/dcmtk/commit/c78e434c0c5f9d932874f0b17a8b4ce305ca01f5
@@ -21428,13 +21508,13 @@ CVE-2024-29040
 	[bullseye] - tpm2-tss <no-dsa> (Minor issue)
 	[buster] - tpm2-tss <postponed> (Minor issue; can be fixed in next update)
 	NOTE: https://github.com/tpm2-software/tpm2-tss/commit/710cd0b6adf3a063f34a8e92da46df7a107d9a99 (4.1.0)
-CVE-2024-29039
+CVE-2024-29039 (tpm2 is the source repository for the Trusted Platform Module (TPM2.0) ...)
 	- tpm2-tools 5.7-1 (bug #1070139)
 	[bookworm] - tpm2-tools <no-dsa> (Minor issue)
 	[bullseye] - tpm2-tools <no-dsa> (Minor issue)
 	[buster] - tpm2-tools <postponed> (Minor issue; can be fixed in next update)
 	NOTE: https://github.com/tpm2-software/tpm2-tools/commit/98599df9392a346216c5a059b8d35271286100bb (5.7)
-CVE-2024-29038
+CVE-2024-29038 (tpm2-tools is the source repository for the Trusted Platform Module (T ...)
 	- tpm2-tools 5.7-1 (bug #1070139)
 	[bookworm] - tpm2-tools <no-dsa> (Minor issue)
 	[bullseye] - tpm2-tools <no-dsa> (Minor issue)
@@ -22961,6 +23041,7 @@ CVE-2024-2477 (The wpDiscuz plugin for WordPress is vulnerable to Stored Cross-S
 CVE-2024-28627 (An issue in Flipsnack v.18/03/2024 allows a local attacker to obtain s ...)
 	NOT-FOR-US: Flipsnack
 CVE-2024-28130 (An incorrect type conversion vulnerability exists in the DVPSSoftcopyV ...)
+	{DLA-3847-1}
 	- dcmtk 3.6.7-14 (bug #1070207)
 	NOTE: https://talosintelligence.com/vulnerability_reports/TALOS-2024-1957
 	NOTE: https://support.dcmtk.org/redmine/issues/1120
@@ -134637,6 +134718,7 @@ CVE-2022-43274
 CVE-2022-43273
 	RESERVED
 CVE-2022-43272 (DCMTK v3.6.7 was discovered to contain a memory leak via the T_ASC_Ass ...)
+	{DLA-3847-1}
 	[experimental] - dcmtk 3.6.8~git20221013.51be018-1
 	- dcmtk 3.6.7-8 (bug #1027165)
 	[bullseye] - dcmtk <no-dsa> (Minor issue)
@@ -148071,8 +148153,8 @@ CVE-2022-38385 (IBM Cloud Pak for Security (CP4S) 1.10.0.0 through 1.10.2.0 coul
 	NOT-FOR-US: IBM
 CVE-2022-38384
 	RESERVED
-CVE-2022-38383
-	RESERVED
+CVE-2022-38383 (IBM Cloud Pak for Security (CP4S) 1.10.0.0 through 1.10.11.0 and IBM Q ...)
+	TODO: check
 CVE-2022-38382
 	RESERVED
 CVE-2022-38105 (An information disclosure vulnerability exists in the cm_processREQ_NC ...)
@@ -160535,6 +160617,7 @@ CVE-2022-2122 (DOS / potential heap overwrite in qtdemux using zlib decompressio
 	NOTE: https://gitlab.freedesktop.org/gstreamer/gstreamer/-/commit/14d306da6da51a762c4dc701d161bb52ab66d774
 	NOTE: https://gitlab.freedesktop.org/gstreamer/gstreamer/-/commit/92b5eb1da30fda054daf2f3d30bb4b806910b234 (1.20.3)
 CVE-2022-2121 (OFFIS DCMTK's (All versions prior to 3.6.7) has a NULL pointer derefer ...)
+	{DLA-3847-1}
 	- dcmtk 3.6.7-1 (bug #1014044)
 	[bullseye] - dcmtk <no-dsa> (Minor issue)
 	NOTE: https://support.dcmtk.org/redmine/issues/1021
@@ -178928,8 +179011,8 @@ CVE-2022-27542
 	RESERVED
 CVE-2022-27541 (Potential Time-of-Check to Time-of Use (TOCTOU) vulnerabilities have b ...)
 	NOT-FOR-US: HP
-CVE-2022-27540
-	RESERVED
+CVE-2022-27540 (A potential Time-of-Check to Time-of Use (TOCTOU) vulnerability has be ...)
+	TODO: check
 CVE-2022-27539 (Potential Time-of-Check to Time-of Use (TOCTOU) vulnerabilities have b ...)
 	NOT-FOR-US: HP
 CVE-2022-27538 (A potential Time-of-Check to Time-of-Use (TOCTOU) vulnerability has be ...)
@@ -213576,18 +213659,22 @@ CVE-2021-41692
 CVE-2021-41691
 	RESERVED
 CVE-2021-41690 (DCMTK through 3.6.6 does not handle memory free properly. The malloced ...)
+	{DLA-3847-1}
 	- dcmtk 3.6.7-1
 	[bullseye] - dcmtk <no-dsa> (Minor issue)
 	NOTE: https://github.com/DCMTK/dcmtk/commit/a9697dfeb672b0b9412c00c7d36d801e27ec85cb (DCMTK-3.6.7)
 CVE-2021-41689 (DCMTK through 3.6.6 does not handle string copy properly. Sending spec ...)
+	{DLA-3847-1}
 	- dcmtk 3.6.7-1
 	[bullseye] - dcmtk <no-dsa> (Minor issue)
 	NOTE: https://github.com/DCMTK/dcmtk/commit/5c14bf53fb42ceca12bbcc0016e8704b1580920d (DCMTK-3.6.7)
 CVE-2021-41688 (DCMTK through 3.6.6 does not handle memory free properly. The object i ...)
+	{DLA-3847-1}
 	- dcmtk 3.6.7-1
 	[bullseye] - dcmtk <no-dsa> (Minor issue)
 	NOTE: https://github.com/DCMTK/dcmtk/commit/a9697dfeb672b0b9412c00c7d36d801e27ec85cb (DCMTK-3.6.7)
 CVE-2021-41687 (DCMTK through 3.6.6 does not handle memory free properly. The program  ...)
+	{DLA-3847-1}
 	- dcmtk 3.6.7-1
 	[bullseye] - dcmtk <no-dsa> (Minor issue)
 	NOTE: https://github.com/DCMTK/dcmtk/commit/a9697dfeb672b0b9412c00c7d36d801e27ec85cb (DCMTK-3.6.7)



View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/e1d22b1c0d3b62e544b4ec1d271cb6bfaad5c191

-- 
This project does not include diff previews in email notifications.
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/e1d22b1c0d3b62e544b4ec1d271cb6bfaad5c191
You're receiving this email because of your account on salsa.debian.org.


-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://alioth-lists.debian.net/pipermail/debian-security-tracker-commits/attachments/20240628/c77a9f4d/attachment-0001.htm>

More information about the debian-security-tracker-commits mailing list