[Git][security-tracker-team/security-tracker][master] automatic update
Salvatore Bonaccorso (@carnil)
carnil at debian.org
Wed Mar 20 08:12:30 GMT 2024
Salvatore Bonaccorso pushed to branch master at Debian Security Tracker / security-tracker
Commits:
f0d7d465 by security tracker role at 2024-03-20T08:12:16+00:00
automatic update
- - - - -
1 changed file:
- data/CVE/list
Changes:
=====================================
data/CVE/list
=====================================
@@ -1,3 +1,183 @@
+CVE-2024-2682 (A vulnerability classified as problematic has been found in Campcodes ...)
+ TODO: check
+CVE-2024-2681 (A vulnerability was found in Campcodes Online Job Finder System 1.0. I ...)
+ TODO: check
+CVE-2024-2680 (A vulnerability was found in Campcodes Online Job Finder System 1.0. I ...)
+ TODO: check
+CVE-2024-2679 (A vulnerability was found in Campcodes Online Job Finder System 1.0. I ...)
+ TODO: check
+CVE-2024-2678 (A vulnerability was found in Campcodes Online Job Finder System 1.0 an ...)
+ TODO: check
+CVE-2024-2677 (A vulnerability has been found in Campcodes Online Job Finder System 1 ...)
+ TODO: check
+CVE-2024-2676 (A vulnerability, which was classified as critical, was found in Campco ...)
+ TODO: check
+CVE-2024-2675 (A vulnerability, which was classified as critical, has been found in C ...)
+ TODO: check
+CVE-2024-2674 (A vulnerability classified as critical was found in Campcodes Online J ...)
+ TODO: check
+CVE-2024-2673 (A vulnerability classified as critical has been found in Campcodes Onl ...)
+ TODO: check
+CVE-2024-2672 (A vulnerability was found in Campcodes Online Job Finder System 1.0. I ...)
+ TODO: check
+CVE-2024-2671 (A vulnerability was found in Campcodes Online Job Finder System 1.0. I ...)
+ TODO: check
+CVE-2024-2670 (A vulnerability was found in Campcodes Online Job Finder System 1.0. I ...)
+ TODO: check
+CVE-2024-2669 (A vulnerability was found in Campcodes Online Job Finder System 1.0 an ...)
+ TODO: check
+CVE-2024-2668 (A vulnerability has been found in Campcodes Online Job Finder System 1 ...)
+ TODO: check
+CVE-2024-2649 (A vulnerability has been found in Netentsec NS-ASG Application Securit ...)
+ TODO: check
+CVE-2024-2648 (A vulnerability, which was classified as problematic, was found in Net ...)
+ TODO: check
+CVE-2024-2647 (A vulnerability, which was classified as critical, has been found in N ...)
+ TODO: check
+CVE-2024-2646 (A vulnerability classified as critical was found in Netentsec NS-ASG A ...)
+ TODO: check
+CVE-2024-2645 (A vulnerability classified as problematic has been found in Netentsec ...)
+ TODO: check
+CVE-2024-2644 (A vulnerability was found in Netentsec NS-ASG Application Security Gat ...)
+ TODO: check
+CVE-2024-2642 (A vulnerability was found in Ruijie RG-NBS2009G-P up to 20240305. It h ...)
+ TODO: check
+CVE-2024-2641 (A vulnerability was found in Ruijie RG-NBS2009G-P up to 20240305. It h ...)
+ TODO: check
+CVE-2024-2538 (The Permalink Manager Lite plugin for WordPress is vulnerable to unaut ...)
+ TODO: check
+CVE-2024-2474 (The Standout Color Boxes and Buttons plugin for WordPress is vulnerabl ...)
+ TODO: check
+CVE-2024-2460 (The GamiPress \u2013 Button plugin for WordPress is vulnerable to Stor ...)
+ TODO: check
+CVE-2024-2459 (The UX Flat plugin for WordPress is vulnerable to Stored Cross-Site Sc ...)
+ TODO: check
+CVE-2024-2387 (The Advanced Form Integration \u2013 Connect WooCommerce and Contact F ...)
+ TODO: check
+CVE-2024-2384 (The WooCommerce POS plugin for WordPress is vulnerable to information ...)
+ TODO: check
+CVE-2024-2304 (The Animated Headline plugin for WordPress is vulnerable to Stored Cro ...)
+ TODO: check
+CVE-2024-2255 (The Essential Blocks \u2013 Page Builder Gutenberg Blocks, Patterns & ...)
+ TODO: check
+CVE-2024-2197 (Chirp Access improperly stores credentials within its source code, pot ...)
+ TODO: check
+CVE-2024-2129 (The WPBITS Addons For Elementor Page Builder plugin for WordPress is v ...)
+ TODO: check
+CVE-2024-2124 (The Translate WordPress and go Multilingual \u2013 Weglot plugin for W ...)
+ TODO: check
+CVE-2024-28715 (Cross Site Scripting vulnerability in DOraCMS v.2.18 and before allows ...)
+ TODO: check
+CVE-2024-28584 (Null Pointer Dereference vulnerability in open source FreeImage v.3.19 ...)
+ TODO: check
+CVE-2024-28583 (Buffer Overflow vulnerability in open source FreeImage v.3.19.0 [r1909 ...)
+ TODO: check
+CVE-2024-28582 (Buffer Overflow vulnerability in open source FreeImage v.3.19.0 [r1909 ...)
+ TODO: check
+CVE-2024-28581 (Buffer Overflow vulnerability in open source FreeImage v.3.19.0 [r1909 ...)
+ TODO: check
+CVE-2024-28580 (Buffer Overflow vulnerability in open source FreeImage v.3.19.0 [r1909 ...)
+ TODO: check
+CVE-2024-28579 (Buffer Overflow vulnerability in open source FreeImage v.3.19.0 [r1909 ...)
+ TODO: check
+CVE-2024-28578 (Buffer Overflow vulnerability in open source FreeImage v.3.19.0 [r1909 ...)
+ TODO: check
+CVE-2024-28577 (Null Pointer Dereference vulnerability in open source FreeImage v.3.19 ...)
+ TODO: check
+CVE-2024-28576 (Buffer Overflow vulnerability in open source FreeImage v.3.19.0 [r1909 ...)
+ TODO: check
+CVE-2024-28575 (Buffer Overflow vulnerability in open source FreeImage v.3.19.0 [r1909 ...)
+ TODO: check
+CVE-2024-28574 (Buffer Overflow vulnerability in open source FreeImage v.3.19.0 [r1909 ...)
+ TODO: check
+CVE-2024-28573 (Buffer Overflow vulnerability in open source FreeImage v.3.19.0 [r1909 ...)
+ TODO: check
+CVE-2024-28572 (Buffer Overflow vulnerability in open source FreeImage v.3.19.0 [r1909 ...)
+ TODO: check
+CVE-2024-28571 (Buffer Overflow vulnerability in open source FreeImage v.3.19.0 [r1909 ...)
+ TODO: check
+CVE-2024-28570 (Buffer Overflow vulnerability in open source FreeImage v.3.19.0 [r1909 ...)
+ TODO: check
+CVE-2024-28569 (Buffer Overflow vulnerability in open source FreeImage v.3.19.0 [r1909 ...)
+ TODO: check
+CVE-2024-28568 (Buffer Overflow vulnerability in open source FreeImage v.3.19.0 [r1909 ...)
+ TODO: check
+CVE-2024-28567 (Buffer Overflow vulnerability in open source FreeImage v.3.19.0 [r1909 ...)
+ TODO: check
+CVE-2024-28566 (Buffer Overflow vulnerability in open source FreeImage v.3.19.0 [r1909 ...)
+ TODO: check
+CVE-2024-28565 (Buffer Overflow vulnerability in open source FreeImage v.3.19.0 [r1909 ...)
+ TODO: check
+CVE-2024-28564 (Buffer Overflow vulnerability in open source FreeImage v.3.19.0 [r1909 ...)
+ TODO: check
+CVE-2024-28563 (Buffer Overflow vulnerability in open source FreeImage v.3.19.0 [r1909 ...)
+ TODO: check
+CVE-2024-28562 (Buffer Overflow vulnerability in open source FreeImage v.3.19.0 [r1909 ...)
+ TODO: check
+CVE-2024-28389 (SQL injection vulnerability in KnowBand spinwheel v.3.0.3 and before a ...)
+ TODO: check
+CVE-2024-28283 (There is stack-based buffer overflow vulnerability in pc_change_act fu ...)
+ TODO: check
+CVE-2024-28092 (UBEE DDW365 XCNDDW365 8.14.3105 software on hardware 3.13.1 allows a r ...)
+ TODO: check
+CVE-2024-24336 (A multiple Cross-site scripting (XSS) vulnerability in the '/members/m ...)
+ TODO: check
+CVE-2024-22258 (Spring Authorization Server versions 1.0.0 - 1.0.5, 1.1.0 - 1.1.5, 1.2 ...)
+ TODO: check
+CVE-2024-22085 (An issue was discovered in Elspec G5 digital fault recorder versions 1 ...)
+ TODO: check
+CVE-2024-22084 (An issue was discovered in Elspec G5 digital fault recorder versions 1 ...)
+ TODO: check
+CVE-2024-22083 (An issue was discovered in Elspec G5 digital fault recorder versions 1 ...)
+ TODO: check
+CVE-2024-22082 (An issue was discovered in Elspec G5 digital fault recorder versions 1 ...)
+ TODO: check
+CVE-2024-22081 (An issue was discovered in Elspec G5 digital fault recorder versions 1 ...)
+ TODO: check
+CVE-2024-22080 (An issue was discovered in Elspec G5 digital fault recorder versions 1 ...)
+ TODO: check
+CVE-2024-22079 (An issue was discovered in Elspec G5 digital fault recorder versions 1 ...)
+ TODO: check
+CVE-2024-22078 (An issue was discovered in Elspec G5 digital fault recorder versions 1 ...)
+ TODO: check
+CVE-2024-22077 (An issue was discovered in Elspec G5 digital fault recorder versions 1 ...)
+ TODO: check
+CVE-2024-1995 (The Smart Custom Fields plugin for WordPress is vulnerable to unauthor ...)
+ TODO: check
+CVE-2024-1983 (The Simple Ajax Chat WordPress plugin before 20240223 does not preven ...)
+ TODO: check
+CVE-2024-1844 (The RevivePress \u2013 Keep your Old Content Evergreen plugin for Word ...)
+ TODO: check
+CVE-2024-1799 (The GamiPress \u2013 The #1 gamification plugin to reward points, achi ...)
+ TODO: check
+CVE-2024-1787 (The Contests by Rewards Fuel plugin for WordPress is vulnerable to Sto ...)
+ TODO: check
+CVE-2024-1785 (The Contests by Rewards Fuel plugin for WordPress is vulnerable to Cro ...)
+ TODO: check
+CVE-2024-1711 (The Create by Mediavine plugin for WordPress is vulnerable to SQL Inje ...)
+ TODO: check
+CVE-2024-1477 (The Easy Maintenance Mode plugin for WordPress is vulnerable to Sensit ...)
+ TODO: check
+CVE-2024-1473 (The Coming Soon & Maintenance Mode by Colorlib plugin for WordPress is ...)
+ TODO: check
+CVE-2024-1379 (The Website Article Monetization By MageNet plugin for WordPress is vu ...)
+ TODO: check
+CVE-2024-1325 (The Live Sales Notification for Woocommerce \u2013 Woomotiv plugin for ...)
+ TODO: check
+CVE-2024-1205 (The Management App for WooCommerce \u2013 Order notifications, Order m ...)
+ TODO: check
+CVE-2024-1181 (The Coming Soon, Under Construction & Maintenance Mode By Dazzler plug ...)
+ TODO: check
+CVE-2024-1119 (The Order Tip for WooCommerce plugin for WordPress is vulnerable to un ...)
+ TODO: check
+CVE-2024-0856 (The Appointment Booking Calendar WordPress plugin before 1.3.83 does n ...)
+ TODO: check
+CVE-2024-0337 (The Travelpayouts: All Travel Brands in One Place WordPress plugin thr ...)
+ TODO: check
+CVE-2023-7246 (The System Dashboard WordPress plugin before 2.8.10 does not sanitize ...)
+ TODO: check
+CVE-2023-50811 (An issue discovered in SELESTA Visual Access Manager 4.38.6 allows att ...)
+ TODO: check
CVE-2024-2639 (A vulnerability was found in Bdtask Wholesale Inventory Management Sys ...)
NOT-FOR-US: Bdtask Wholesale Inventory Management System
CVE-2024-2636 (An Unrestricted Upload of File vulnerability has been found on Cegid M ...)
@@ -6312,13 +6492,13 @@ CVE-2024-25410 (flusity-CMS 2.33 is vulnerable to Unrestricted Upload of File wi
CVE-2024-25344 (Cross Site Scripting vulnerability in ITFlow.org before commit v.43248 ...)
NOT-FOR-US: ITFlow.org
CVE-2024-25082 (Splinefont in FontForge through 20230101 allows command injection via ...)
- {DLA-3754-1}
+ {DSA-5641-1 DLA-3754-1}
- fontforge 1:20230101~dfsg-1.1 (bug #1064967)
NOTE: https://github.com/fontforge/fontforge/pull/5367
NOTE: https://github.com/fontforge/fontforge/commit/216eb14b558df344b206bf82e2bdaf03a1f2f429
NOTE: https://www.canva.dev/blog/engineering/fonts-are-still-a-helvetica-of-a-problem/
CVE-2024-25081 (Splinefont in FontForge through 20230101 allows command injection via ...)
- {DLA-3754-1}
+ {DSA-5641-1 DLA-3754-1}
- fontforge 1:20230101~dfsg-1.1 (bug #1064967)
NOTE: https://github.com/fontforge/fontforge/pull/5367
NOTE: https://github.com/fontforge/fontforge/commit/216eb14b558df344b206bf82e2bdaf03a1f2f429
@@ -39940,6 +40120,7 @@ CVE-2022-48547 (A reflected cross-site scripting (XSS) vulnerability in Cacti 0.
CVE-2022-48545 (An infinite recursion in Catalog::findDestInTree can cause denial of s ...)
- xpdf <not-affected> (Debian uses poppler, which is not affected)
CVE-2022-48541 (A memory leak in ImageMagick 7.0.10-45 and 6.9.11-22 allows remote att ...)
+ {DLA-3767-1}
- imagemagick 8:6.9.11.57+dfsg-1
NOTE: https://github.com/ImageMagick/ImageMagick/issues/2889
NOTE: Fixed by: https://github.com/ImageMagick/ImageMagick6/commit/004194253242af71adf5b70e151a7e89bb776eee (6.9.11-46)
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/f0d7d4650ec360e489ba56bfb943f4c3fa029465
--
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/f0d7d4650ec360e489ba56bfb943f4c3fa029465
You're receiving this email because of your account on salsa.debian.org.
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://alioth-lists.debian.net/pipermail/debian-security-tracker-commits/attachments/20240320/c201c262/attachment-0001.htm>
More information about the debian-security-tracker-commits
mailing list