[Git][security-tracker-team/security-tracker][master] automatic update
Salvatore Bonaccorso (@carnil)
carnil at debian.org
Wed Mar 20 20:12:32 GMT 2024
Salvatore Bonaccorso pushed to branch master at Debian Security Tracker / security-tracker
Commits:
7e10c034 by security tracker role at 2024-03-20T20:12:21+00:00
automatic update
- - - - -
1 changed file:
- data/CVE/list
Changes:
=====================================
data/CVE/list
=====================================
@@ -1,28 +1,142 @@
-CVE-2024-2631
+CVE-2024-2721 (Deserialization of Untrusted Data vulnerability in Social Media Share ...)
+ TODO: check
+CVE-2024-2716 (A vulnerability was found in Campcodes Complete Online DJ Booking Syst ...)
+ TODO: check
+CVE-2024-2715 (A vulnerability was found in Campcodes Complete Online DJ Booking Syst ...)
+ TODO: check
+CVE-2024-2714 (A vulnerability has been found in Campcodes Complete Online DJ Booking ...)
+ TODO: check
+CVE-2024-2713 (A vulnerability, which was classified as critical, was found in Campco ...)
+ TODO: check
+CVE-2024-2712 (A vulnerability, which was classified as critical, has been found in C ...)
+ TODO: check
+CVE-2024-2711 (A vulnerability was found in Tenda AC10U 15.03.06.48. It has been rate ...)
+ TODO: check
+CVE-2024-2710 (A vulnerability was found in Tenda AC10U 15.03.06.49. It has been decl ...)
+ TODO: check
+CVE-2024-2709 (A vulnerability was found in Tenda AC10U 15.03.06.49. It has been clas ...)
+ TODO: check
+CVE-2024-2708 (A vulnerability was found in Tenda AC10U 15.03.06.49 and classified as ...)
+ TODO: check
+CVE-2024-2707 (A vulnerability has been found in Tenda AC10U 15.03.06.49 and classifi ...)
+ TODO: check
+CVE-2024-2706 (A vulnerability, which was classified as critical, was found in Tenda ...)
+ TODO: check
+CVE-2024-2705 (A vulnerability, which was classified as critical, has been found in T ...)
+ TODO: check
+CVE-2024-2704 (A vulnerability classified as critical was found in Tenda AC10U 15.03. ...)
+ TODO: check
+CVE-2024-2703 (A vulnerability classified as critical has been found in Tenda AC10U 1 ...)
+ TODO: check
+CVE-2024-2702 (Missing Authorization vulnerability in Olive Themes Olive One Click De ...)
+ TODO: check
+CVE-2024-2690 (A vulnerability was found in SourceCodester Online Discussion Forum Si ...)
+ TODO: check
+CVE-2024-2687 (A vulnerability was found in Campcodes Online Job Finder System 1.0 an ...)
+ TODO: check
+CVE-2024-2686 (A vulnerability has been found in Campcodes Online Job Finder System 1 ...)
+ TODO: check
+CVE-2024-2685 (A vulnerability, which was classified as problematic, was found in Cam ...)
+ TODO: check
+CVE-2024-2684 (A vulnerability, which was classified as problematic, has been found i ...)
+ TODO: check
+CVE-2024-2683 (A vulnerability classified as problematic was found in Campcodes Onlin ...)
+ TODO: check
+CVE-2024-2291 (In Progress MOVEit Transfer versions released before 2022.0.11 (14.0.1 ...)
+ TODO: check
+CVE-2024-29419 (There is a Cross-site scripting (XSS) vulnerability in the Wireless se ...)
+ TODO: check
+CVE-2024-28868 (Umbraco is an ASP.NET content management system. Umbraco 10 prior to 1 ...)
+ TODO: check
+CVE-2024-28735 (An incorrect access control issue in Unit4 Financials by Coda v.2023Q4 ...)
+ TODO: check
+CVE-2024-28396 (An issue in MyPrestaModules ordersexport v.6.0.2 and before allows a r ...)
+ TODO: check
+CVE-2024-28395 (SQL injection vulnerability in Best-Kit bestkit_popup v.1.7.2 and befo ...)
+ TODO: check
+CVE-2024-28392 (SQL injection vulnerability in pscartabandonmentpro v.2.0.11 and befor ...)
+ TODO: check
+CVE-2024-28286 (In mz-automation libiec61850 v1.4.0, a NULL Pointer Dereference was de ...)
+ TODO: check
+CVE-2024-28231 (eprosima Fast DDS is a C++ implementation of the Data Distribution Ser ...)
+ TODO: check
+CVE-2024-28179 (Jupyter Server Proxy allows users to run arbitrary external processes ...)
+ TODO: check
+CVE-2024-27286 (Zulip is an open-source team collaboration. When a user moves a Zulip ...)
+ TODO: check
+CVE-2024-27105 (Frappe is a full-stack web application framework. Prior to versions 14 ...)
+ TODO: check
+CVE-2024-24813 (Frappe is a full-stack web application framework. Prior to versions 14 ...)
+ TODO: check
+CVE-2024-23821 (GeoServer is an open source software server written in Java that allow ...)
+ TODO: check
+CVE-2024-23819 (GeoServer is an open source software server written in Java that allow ...)
+ TODO: check
+CVE-2024-23818 (GeoServer is an open source software server written in Java that allow ...)
+ TODO: check
+CVE-2024-23721 (A Directory Traversal issue was discovered in process_post on Draytek ...)
+ TODO: check
+CVE-2024-23643 (GeoServer is an open source software server written in Java that allow ...)
+ TODO: check
+CVE-2024-23642 (GeoServer is an open source software server written in Java that allow ...)
+ TODO: check
+CVE-2024-23640 (GeoServer is an open source software server written in Java that allow ...)
+ TODO: check
+CVE-2024-23634 (GeoServer is an open source software server written in Java that allow ...)
+ TODO: check
+CVE-2024-1992
+ REJECTED
+CVE-2024-1856 (In Progress\xae Telerik\xae Reporting versions prior to 2024 Q1 (18.0. ...)
+ TODO: check
+CVE-2024-1811 (A potential vulnerability has been identified in OpenText ArcSight Pla ...)
+ TODO: check
+CVE-2024-1801 (In Progress\xae Telerik\xae Reporting versions prior to 2024 Q1 (18.0. ...)
+ TODO: check
+CVE-2024-1800 (In Progress\xae Telerik\xae Report Server versions prior to 2024 Q1 (1 ...)
+ TODO: check
+CVE-2023-52229 (Missing Authorization vulnerability in Save as PDF plugin by Pdfcrowd ...)
+ TODO: check
+CVE-2023-51445 (GeoServer is an open source software server written in Java that allow ...)
+ TODO: check
+CVE-2023-51444 (GeoServer is an open source software server written in Java that allow ...)
+ TODO: check
+CVE-2023-50967 (latchset jose through version 11 allows attackers to cause a denial of ...)
+ TODO: check
+CVE-2023-45177 (IBM MQ 9.0 LTS, 9.1 LTS, 9.2 LTS, 9.3 LTS and 9.3 CD is vulnerable to ...)
+ TODO: check
+CVE-2023-41877 (GeoServer is an open source software server written in Java that allow ...)
+ TODO: check
+CVE-2023-41038 (Firebird is a relational database. Versions 4.0.0 through 4.0.3 and ve ...)
+ TODO: check
+CVE-2023-35888 (IBM Security Verify Governance 10.0.2 could allow a remote attacker to ...)
+ TODO: check
+CVE-2022-4963 (A vulnerability was found in Folio Spring Module Core up to 1.1.5. It ...)
+ TODO: check
+CVE-2024-2631 (Inappropriate implementation in iOS in Google Chrome prior to 123.0.63 ...)
- chromium <unfixed>
[bullseye] - chromium <end-of-life> (see #1061268)
[buster] - chromium <end-of-life> (see DSA 5046)
-CVE-2024-2630
+CVE-2024-2630 (Inappropriate implementation in iOS in Google Chrome prior to 123.0.63 ...)
- chromium <unfixed>
[bullseye] - chromium <end-of-life> (see #1061268)
[buster] - chromium <end-of-life> (see DSA 5046)
-CVE-2024-2629
+CVE-2024-2629 (Incorrect security UI in iOS in Google Chrome prior to 123.0.6312.58 a ...)
- chromium <unfixed>
[bullseye] - chromium <end-of-life> (see #1061268)
[buster] - chromium <end-of-life> (see DSA 5046)
-CVE-2024-2628
+CVE-2024-2628 (Inappropriate implementation in Downloads in Google Chrome prior to 12 ...)
- chromium <unfixed>
[bullseye] - chromium <end-of-life> (see #1061268)
[buster] - chromium <end-of-life> (see DSA 5046)
-CVE-2024-2627
+CVE-2024-2627 (Use after free in Canvas in Google Chrome prior to 123.0.6312.58 allow ...)
- chromium <unfixed>
[bullseye] - chromium <end-of-life> (see #1061268)
[buster] - chromium <end-of-life> (see DSA 5046)
-CVE-2024-2626
+CVE-2024-2626 (Out of bounds read in Swiftshader in Google Chrome prior to 123.0.6312 ...)
- chromium <unfixed>
[bullseye] - chromium <end-of-life> (see #1061268)
[buster] - chromium <end-of-life> (see DSA 5046)
-CVE-2024-2625
+CVE-2024-2625 (Object lifecycle issue in V8 in Google Chrome prior to 123.0.6312.58 a ...)
- chromium <unfixed>
[bullseye] - chromium <end-of-life> (see #1061268)
[buster] - chromium <end-of-life> (see DSA 5046)
@@ -2543,7 +2657,8 @@ CVE-2023-49785 (NextChat, also known as ChatGPT-Next-Web, is a cross-platform ch
NOT-FOR-US: NextChat
CVE-2023-49453 (Reflected cross-site scripting (XSS) vulnerability in Racktables v0.22 ...)
- racktables <itp> (bug #629531)
-CVE-2024-2370 (Unrestricted file upload vulnerability in ManageEngine Desktop Central ...)
+CVE-2024-2370
+ REJECTED
NOT-FOR-US: ManageEngine
CVE-2024-2357 (The Libreswan Project was notified of an issue causing libreswan to re ...)
- libreswan 4.14-1 (bug #1066059)
@@ -3124,7 +3239,8 @@ CVE-2024-0203 (The Digits plugin for WordPress is vulnerable to Cross-Site Reque
NOT-FOR-US: WordPress plugin
CVE-2023-48725 (A stack-based buffer overflow vulnerability exists in the JSON Parsing ...)
NOT-FOR-US: Netgear
-CVE-2023-47691 (Missing Authorization vulnerability in Podlove Podlove Web Player.This ...)
+CVE-2023-47691
+ REJECTED
NOT-FOR-US: WordPress plugin
CVE-2023-42662 (JFrog Artifactory versions 7.59 and above, but below 7.59.18, 7.63.18, ...)
NOT-FOR-US: JFrog Artifactory
@@ -7395,6 +7511,7 @@ CVE-2024-25288 (SLIMS (Senayan Library Management Systems) 9 Bulian v9.6.1 is vu
CVE-2024-25249 (An issue in He3 App for macOS version 2.0.17, allows remote attackers ...)
NOT-FOR-US: He3 App for macOS
CVE-2024-25117 (php-svg-lib is a scalable vector graphics (SVG) file parsing/rendering ...)
+ {DSA-5642-1}
- php-dompdf-svg-lib 0.5.2-1 (bug #1064781)
NOTE: https://github.com/dompdf/php-svg-lib/security/advisories/GHSA-f3qr-qr4x-j273
NOTE: https://github.com/dompdf/php-svg-lib/commit/732faa9fb4309221e2bd9b2fda5de44f947133aa (0.5.2)
@@ -13761,19 +13878,19 @@ CVE-2020-36772 (CloudLinux CageFS 7.0.8-2 or below insufficiently restricts fil
NOT-FOR-US: CloudLinux CageFS
CVE-2020-36771 (CloudLinux CageFS 7.1.1-1 or below passes the authentication token as ...)
NOT-FOR-US: CloudLinux CageFS
-CVE-2023-46841 [x86: shadow stack vs exceptions from emulation stubs]
+CVE-2023-46841 (Recent x86 CPUs offer functionality named Control-flow Enforcement Tec ...)
- xen 4.17.3+36-g54dacb5c02-1
[bookworm] - xen <postponed> (Minor issue, fix along in next DSA)
[bullseye] - xen <end-of-life> (EOLed in Bullseye)
[buster] - xen <not-affected> (Vulnerable code not present)
NOTE: https://xenbits.xen.org/xsa/advisory-451.html
-CVE-2023-46840 [VT-d: Failure to quarantine devices in !HVM builds]
+CVE-2023-46840 (Incorrect placement of a preprocessor directive in source code results ...)
- xen 4.17.3+10-g091466ba55-1
[bookworm] - xen 4.17.3+10-g091466ba55-1~deb12u1
[bullseye] - xen <not-affected> (Vulnerable code not present)
[buster] - xen <not-affected> (Vulnerable code not present)
NOTE: https://xenbits.xen.org/xsa/advisory-450.html
-CVE-2023-46839 [pci: phantom functions assigned to incorrect contexts]
+CVE-2023-46839 (PCI devices can make use of a functionality called phantom functions, ...)
- xen 4.17.3+10-g091466ba55-1
[bookworm] - xen 4.17.3+10-g091466ba55-1~deb12u1
[bullseye] - xen <end-of-life> (EOLed in Bullseye)
@@ -21588,11 +21705,13 @@ CVE-2023-6753 (Path Traversal in GitHub repository mlflow/mlflow prior to 2.9.2.
CVE-2023-50263 (Nautobot is a Network Source of Truth and Network Automation Platform ...)
NOT-FOR-US: Nautobot
CVE-2023-50252 (php-svg-lib is an SVG file parsing / rendering library. Prior to versi ...)
+ {DSA-5642-1}
- php-dompdf-svg-lib 0.5.1-1 (bug #1058641)
NOTE: https://github.com/dompdf/php-svg-lib/security/advisories/GHSA-jq98-9543-m4cr
NOTE: Fixed by: https://github.com/dompdf/php-svg-lib/commit/08ce6a96d63ad7216315fae34a61c886dd2dc030 (0.5.1)
TODO: check, other packages are embedding the library: civicrm, icinga-php-thirdparty and icingaweb2 to be checked
CVE-2023-50251 (php-svg-lib is an SVG file parsing / rendering library. Prior to versi ...)
+ {DSA-5642-1}
- php-dompdf-svg-lib 0.5.1-1 (bug #1058641)
NOTE: https://github.com/dompdf/php-svg-lib/security/advisories/GHSA-ff5x-7qg5-vwf2
NOTE: Fixed by: https://github.com/dompdf/php-svg-lib/commit/88163cbe562d9b391b3a352e54d9c89d02d77ee0 (0.5.1)
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/7e10c03435d4db02cb1173c49bfd93f5ea5c03ef
--
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/7e10c03435d4db02cb1173c49bfd93f5ea5c03ef
You're receiving this email because of your account on salsa.debian.org.
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://alioth-lists.debian.net/pipermail/debian-security-tracker-commits/attachments/20240320/4d29ec1b/attachment-0001.htm>
More information about the debian-security-tracker-commits
mailing list