[Git][security-tracker-team/security-tracker][master] automatic update
Salvatore Bonaccorso (@carnil)
carnil at debian.org
Tue May 7 21:12:27 BST 2024
Salvatore Bonaccorso pushed to branch master at Debian Security Tracker / security-tracker
Commits:
65aa002c by security tracker role at 2024-05-07T20:12:09+00:00
automatic update
- - - - -
1 changed file:
- data/CVE/list
Changes:
=====================================
data/CVE/list
=====================================
@@ -1,12 +1,177 @@
-CVE-2024-4559
+CVE-2024-4601 (An incorrect authentication vulnerability has been found in Socomec Ne ...)
+ TODO: check
+CVE-2024-4600 (Cross-Site Request Forgery vulnerability in Socomec Net Vision, versio ...)
+ TODO: check
+CVE-2024-4599 (Remote denial of service vulnerability in LAN Messenger affecting vers ...)
+ TODO: check
+CVE-2024-4596 (A vulnerability was found in Kimai up to 2.15.0 and classified as prob ...)
+ TODO: check
+CVE-2024-4595 (A vulnerability has been found in SEMCMS up to 4.8 and classified as c ...)
+ TODO: check
+CVE-2024-4594 (A vulnerability, which was classified as problematic, was found in Ded ...)
+ TODO: check
+CVE-2024-4593 (A vulnerability, which was classified as problematic, has been found i ...)
+ TODO: check
+CVE-2024-4592 (A vulnerability classified as problematic was found in DedeCMS 5.7. Th ...)
+ TODO: check
+CVE-2024-4591 (A vulnerability classified as problematic has been found in DedeCMS 5. ...)
+ TODO: check
+CVE-2024-4590 (A vulnerability was found in DedeCMS 5.7. It has been rated as problem ...)
+ TODO: check
+CVE-2024-4589 (A vulnerability was found in DedeCMS 5.7. It has been declared as prob ...)
+ TODO: check
+CVE-2024-4588 (A vulnerability was found in DedeCMS 5.7. It has been classified as pr ...)
+ TODO: check
+CVE-2024-4587 (A vulnerability was found in DedeCMS 5.7 and classified as problematic ...)
+ TODO: check
+CVE-2024-4586 (A vulnerability has been found in DedeCMS 5.7 and classified as proble ...)
+ TODO: check
+CVE-2024-4585 (A vulnerability, which was classified as problematic, was found in Ded ...)
+ TODO: check
+CVE-2024-4584 (A vulnerability, which was classified as problematic, has been found i ...)
+ TODO: check
+CVE-2024-4583 (A vulnerability classified as problematic was found in Faraday GM8181 ...)
+ TODO: check
+CVE-2024-4582 (A vulnerability classified as critical has been found in Faraday GM818 ...)
+ TODO: check
+CVE-2024-4538 (IDOR vulnerability in Janto Ticketing Software affecting version 4.3r1 ...)
+ TODO: check
+CVE-2024-4537 (IDOR vulnerability in Janto Ticketing Software affecting version 4.3r1 ...)
+ TODO: check
+CVE-2024-4536 (In Eclipse Dataspace Components from version 0.2.1 to 0.6.2, in the ED ...)
+ TODO: check
+CVE-2024-4346 (The Startklar Elementor Addons plugin for WordPress is vulnerable to a ...)
+ TODO: check
+CVE-2024-4345 (The Startklar Elementor Addons plugin for WordPress is vulnerable to a ...)
+ TODO: check
+CVE-2024-34523 (AChecker 1.5 allows remote attackers to read the contents of arbitrary ...)
+ TODO: check
+CVE-2024-34517 (The Cypher component in Neo4j before 5.19.0 mishandles IMMUTABLE privi ...)
+ TODO: check
+CVE-2024-34342 (react-pdf displays PDFs in React apps. If PDF.js is used to load a mal ...)
+ TODO: check
+CVE-2024-34341 (Trix is a rich text editor. The Trix editor, versions prior to 2.1.1, ...)
+ TODO: check
+CVE-2024-34315 (CmsEasy v7.7.7.9 was discovered to contain a local file inclusion vune ...)
+ TODO: check
+CVE-2024-34314 (CmsEasy v7.7.7.9 was discovered to contain a local file inclusion vune ...)
+ TODO: check
+CVE-2024-34084 (Minder's `HandleGithubWebhook` is susceptible to a denial of service a ...)
+ TODO: check
+CVE-2024-33860 (An issue was discovered in Logpoint before 7.4.0. It allows Local File ...)
+ TODO: check
+CVE-2024-33859 (An issue was discovered in Logpoint before 7.4.0. HTML code sent throu ...)
+ TODO: check
+CVE-2024-33858 (An issue was discovered in Logpoint before 7.4.0. A path injection vul ...)
+ TODO: check
+CVE-2024-33857 (An issue was discovered in Logpoint before 7.4.0. Due to a lack of inp ...)
+ TODO: check
+CVE-2024-33856 (An issue was discovered in Logpoint before 7.4.0. An attacker can enum ...)
+ TODO: check
+CVE-2024-33783 (MP-SPDZ v0.3.8 was discovered to contain a segmentation violation via ...)
+ TODO: check
+CVE-2024-33782 (MP-SPDZ v0.3.8 was discovered to contain a stack overflow via the func ...)
+ TODO: check
+CVE-2024-33781 (MP-SPDZ v0.3.8 was discovered to contain a stack overflow via the func ...)
+ TODO: check
+CVE-2024-33780 (MP-SPDZ v0.3.8 was discovered to contain a segmentation violation via ...)
+ TODO: check
+CVE-2024-33748 (Cross-site scripting (XSS) vulnerability in the search function in Mvn ...)
+ TODO: check
+CVE-2024-33434 (An issue in tiagorlampert CHAOS before 1b451cf62582295b7225caf5a7b506f ...)
+ TODO: check
+CVE-2024-33164 (J2EEFAST v2.7.0 was discovered to contain a SQL injection vulnerabilit ...)
+ TODO: check
+CVE-2024-33161 (J2EEFAST v2.7.0 was discovered to contain a SQL injection vulnerabilit ...)
+ TODO: check
+CVE-2024-33155 (J2EEFAST v2.7.0 was discovered to contain a SQL injection vulnerabilit ...)
+ TODO: check
+CVE-2024-33153 (J2EEFAST v2.7.0 was discovered to contain a SQL injection vulnerabilit ...)
+ TODO: check
+CVE-2024-33149 (J2EEFAST v2.7.0 was discovered to contain a SQL injection vulnerabilit ...)
+ TODO: check
+CVE-2024-33148 (J2EEFAST v2.7.0 was discovered to contain a SQL injection vulnerabilit ...)
+ TODO: check
+CVE-2024-33147 (J2EEFAST v2.7.0 was discovered to contain a SQL injection vulnerabilit ...)
+ TODO: check
+CVE-2024-33146 (J2EEFAST v2.7.0 was discovered to contain a SQL injection vulnerabilit ...)
+ TODO: check
+CVE-2024-33144 (J2EEFAST v2.7.0 was discovered to contain a SQL injection vulnerabilit ...)
+ TODO: check
+CVE-2024-33139 (J2EEFAST v2.7.0 was discovered to contain a SQL injection vulnerabilit ...)
+ TODO: check
+CVE-2024-33124 (Roothub v2.6 was discovered to contain a SQL injection vulnerability v ...)
+ TODO: check
+CVE-2024-33122 (Roothub v2.6 was discovered to contain a SQL injection vulnerability v ...)
+ TODO: check
+CVE-2024-33120 (Roothub v2.5 was discovered to contain an arbitrary file upload vulner ...)
+ TODO: check
+CVE-2024-32867 (Suricata is a network Intrusion Detection System, Intrusion Prevention ...)
+ TODO: check
+CVE-2024-32664 (Suricata is a network Intrusion Detection System, Intrusion Prevention ...)
+ TODO: check
+CVE-2024-32663 (Suricata is a network Intrusion Detection System, Intrusion Prevention ...)
+ TODO: check
+CVE-2024-32371 (An issue in HSC Cybersecurity HC Mailinspector 5.2.17-3 through 5.2.18 ...)
+ TODO: check
+CVE-2024-32370 (An issue in HSC Cybersecurity HC Mailinspector 5.2.17-3 through 5.2.18 ...)
+ TODO: check
+CVE-2024-32369 (SQL Injection vulnerability in HSC Cybersecurity HC Mailinspector 5.2. ...)
+ TODO: check
+CVE-2024-31456 (GLPI is a Free Asset and IT Management Software package. Prior to 10.0 ...)
+ TODO: check
+CVE-2024-29889 (GLPI is a Free Asset and IT Management Software package. Prior to 10.0 ...)
+ TODO: check
+CVE-2024-29210 (A local privilege escalation (LPE) vulnerability has been identified i ...)
+ TODO: check
+CVE-2024-29209 (A medium severity vulnerability has been identified in the update mech ...)
+ TODO: check
+CVE-2024-29208 (An Unverified Password Change could allow a malicious actor with API a ...)
+ TODO: check
+CVE-2024-29207 (An Improper Certificate Validation could allow a malicious actor with ...)
+ TODO: check
+CVE-2024-29206 (An Improper Access Control could allow a malicious actor authenticated ...)
+ TODO: check
+CVE-2024-29150 (An issue was discovered in Alcatel-Lucent ALE NOE deskphones through 8 ...)
+ TODO: check
+CVE-2024-29149 (An issue was discovered in Alcatel-Lucent ALE NOE deskphones through 8 ...)
+ TODO: check
+CVE-2024-28148 (An authenticated user could potentially access metadata for a datasour ...)
+ TODO: check
+CVE-2024-25514 (RuvarOA v6.01 and v12.01 were discovered to contain a SQL injection vu ...)
+ TODO: check
+CVE-2024-25513 (RuvarOA v6.01 and v12.01 were discovered to contain a SQL injection vu ...)
+ TODO: check
+CVE-2024-25512 (RuvarOA v6.01 and v12.01 were discovered to contain a SQL injection vu ...)
+ TODO: check
+CVE-2024-25511 (RuvarOA v6.01 and v12.01 were discovered to contain a SQL injection vu ...)
+ TODO: check
+CVE-2024-25510 (RuvarOA v6.01 and v12.01 were discovered to contain a SQL injection vu ...)
+ TODO: check
+CVE-2024-25509 (RuvarOA v6.01 and v12.01 were discovered to contain a SQL injection vu ...)
+ TODO: check
+CVE-2024-25508 (RuvarOA v6.01 and v12.01 were discovered to contain a SQL injection vu ...)
+ TODO: check
+CVE-2024-25507 (RuvarOA v6.01 and v12.01 were discovered to contain a SQL injection vu ...)
+ TODO: check
+CVE-2023-7240 (An improper authorization level has been detected in the login panel. ...)
+ TODO: check
+CVE-2023-6810 (The ClickCease Click Fraud Protection plugin for WordPress is vulnerab ...)
+ TODO: check
+CVE-2023-46012 (Buffer Overflow vulnerability LINKSYS EA7500 3.0.1.207964 allows a rem ...)
+ TODO: check
+CVE-2023-42757 (Process Explorer before 17.04 allows attackers to make it functionally ...)
+ TODO: check
+CVE-2024-4559 (Heap buffer overflow in WebAudio in Google Chrome prior to 124.0.6367. ...)
- chromium <unfixed>
[bullseye] - chromium <end-of-life> (see #1061268)
[buster] - chromium <end-of-life> (see DSA 5046)
-CVE-2024-4558
+CVE-2024-4558 (Use after free in ANGLE in Google Chrome prior to 124.0.6367.155 allow ...)
- chromium <unfixed>
[bullseye] - chromium <end-of-life> (see #1061268)
[buster] - chromium <end-of-life> (see DSA 5046)
-CVE-2024-34397 [GDBus signal subscriptions for well-known names are vulnerable to unicast spoofing]
+CVE-2024-34397 (An issue was discovered in GNOME GLib before 2.78.5, and 2.79.x and 2. ...)
+ {DSA-5682-1}
- glib2.0 2.80.0-10
NOTE: https://gitlab.gnome.org/GNOME/glib/-/issues/3268
NOTE: Fixes: https://gitlab.gnome.org/GNOME/glib/-/issues/3268#fixes
@@ -155,7 +320,7 @@ CVE-2024-3752 (The Crelly Slider WordPress plugin through 1.4.5 does not sanitis
NOT-FOR-US: WordPress plugin
CVE-2024-3661 (By design, the DHCP protocol does not authenticate messages, including ...)
TODO: check
-CVE-2024-3576 (The NPort 5100A Series prior to version 1.6 is affected by web server ...)
+CVE-2024-3576 (The NPort 5100A Series firmware version v1.6 and prior versions are af ...)
NOT-FOR-US: Moxa
CVE-2024-34538 (Mateso PasswordSafe through 8.13.9.26689 has Weak Cryptography.)
NOT-FOR-US: Mateso PasswordSafe
@@ -9491,7 +9656,8 @@ CVE-2024-3136 (The MasterStudy LMS plugin for WordPress is vulnerable to Local F
NOT-FOR-US: WordPress plugin
CVE-2024-3097 (The WordPress Gallery Plugin \u2013 NextGEN Gallery plugin for WordPre ...)
NOT-FOR-US: WordPress plugin
-CVE-2024-3093 (The Font Farsi plugin for WordPress is vulnerable to Stored Cross-Site ...)
+CVE-2024-3093
+ REJECTED
NOT-FOR-US: WordPress plugin
CVE-2024-3064 (The Elementor Addons, Widgets and Enhancements \u2013 Stax plugin for ...)
NOT-FOR-US: WordPress plugin
@@ -12227,7 +12393,7 @@ CVE-2024-27983 (An attacker can make the Node.js HTTP/2 server completely unavai
- nodejs 18.20.1+dfsg-1 (bug #1068347)
NOTE: https://nodejs.org/en/blog/vulnerability/april-2024-security-releases/
NOTE: Fixed by: https://github.com/nodejs/node/commit/0fb816dbccde955cd24acc1b16497a91fab507c8 (v18.20.1)
-CVE-2024-27982
+CVE-2024-27982 (The team has identified a critical vulnerability in the http server of ...)
- nodejs 18.20.1+dfsg-1 (bug #1068347)
NOTE: https://nodejs.org/en/blog/vulnerability/april-2024-security-releases/
NOTE: Fixed by: https://github.com/nodejs/node/commit/5d4d5848cf557fba6dc0bfdd020471ea607950ca (v18.20.1)
@@ -51904,7 +52070,7 @@ CVE-2023-41305 (Vulnerability of 5G messages being sent without being encrypted
NOT-FOR-US: Huawei
CVE-2023-3767 (An OS command injection vulnerability has been found on EasyPHP Webse ...)
NOT-FOR-US: EasyPHP Webserver
-CVE-2023-38907 (An issue in TPLink Smart bulb Tapo series L530 v.1.0.0 and Tapo Applic ...)
+CVE-2023-38907 (An issue in TPLink Smart Bulb Tapo series L530 before 1.2.4, L510E bef ...)
NOT-FOR-US: TP-Link
CVE-2022-48606 (Stability-related vulnerability in the binder background management an ...)
NOT-FOR-US: Huawei
@@ -56543,11 +56709,11 @@ CVE-2023-39141 (webui-aria2 commit 4fe2e was discovered to contain a path traver
NOT-FOR-US: webui-aria2
CVE-2023-38996 (An issue in all versions of Douran DSGate allows a local authenticated ...)
NOT-FOR-US: Douran DSGate
-CVE-2023-38909 (An issue in TPLink Smart bulb Tapo series L530 v.1.0.0 and Tapo Applic ...)
+CVE-2023-38909 (An issue in TPLink Smart Bulb Tapo series L530 before 1.2.4, L510E bef ...)
NOT-FOR-US: TPLink
-CVE-2023-38908 (An issue in TPLink Smart bulb Tapo series L530 v.1.0.0 and Tapo Applic ...)
+CVE-2023-38908 (An issue in TPLink Smart Bulb Tapo series L530 before 1.2.4, L510E bef ...)
NOT-FOR-US: TPLink
-CVE-2023-38906 (An issue in TPLink Smart bulb Tapo series L530 v.1.0.0 and Tapo Applic ...)
+CVE-2023-38906 (An issue in TPLink Smart Bulb Tapo series L530 1.1.9, L510E 1.0.8, L63 ...)
NOT-FOR-US: TPLink
CVE-2023-38732 (IBM Robotic Process Automation 21.0.0 through 21.0.7 server could allo ...)
NOT-FOR-US: IBM
@@ -69734,8 +69900,8 @@ CVE-2023-31236 (Auth. (admin+) Stored Cross-Site Scripting (XSS) vulnerability i
NOT-FOR-US: WordPress plugin
CVE-2023-31235 (Cross-Site Request Forgery (CSRF) vulnerability in Roland Barker, xnau ...)
NOT-FOR-US: WordPress plugin
-CVE-2023-31234
- RESERVED
+CVE-2023-31234 (Missing Authorization vulnerability in Tilda Publishing.This issue aff ...)
+ TODO: check
CVE-2023-31233 (Auth. (admin+) Stored Cross-Site Scripting (XSS) vulnerability in Haoq ...)
NOT-FOR-US: WordPress plugin
CVE-2023-31232 (Auth. (admin+) Stored Cross-Site Scripting (XSS) vulnerability in Davi ...)
@@ -131228,7 +131394,7 @@ CVE-2022-35242 (Unauthenticated plugin settings change vulnerability in 59sec TH
NOT-FOR-US: WordPress plugin
CVE-2022-35235 (Authenticated (admin+) Arbitrary File Read vulnerability in XplodedThe ...)
NOT-FOR-US: WordPress plugin
-CVE-2022-31474 (Directory Traversal vulnerability in iThemes BackupBuddy plugin 8.5.8. ...)
+CVE-2022-31474 (Improper Limitation of a Pathname to a Restricted Directory ('Path Tra ...)
NOT-FOR-US: WordPress plugin
CVE-2022-29476 (Unauthenticated Stored Cross-Site Scripting (XSS) vulnerability in 8 D ...)
NOT-FOR-US: WordPress plugin
@@ -133406,7 +133572,7 @@ CVE-2022-37251 (Craft CMS 4.2.0.1 is vulnerable to Cross Site Scripting (XSS) vi
CVE-2022-37250 (Craft CMS 4.2.0.1 suffers from Stored Cross Site Scripting (XSS) in /a ...)
NOT-FOR-US: Craft CMS
CVE-2022-37249
- RESERVED
+ REJECTED
CVE-2022-37248 (Craft CMS 4.2.0.1 is vulnerable to Cross Site Scripting (XSS) via src/ ...)
NOT-FOR-US: Craft CMS
CVE-2022-37247 (Craft CMS 4.2.0.1 is vulnerable to stored a cross-site scripting (XSS) ...)
@@ -140723,7 +140889,8 @@ CVE-2022-34625 (Mealie1.0.0beta3 was discovered to contain a Server-Side Templat
NOT-FOR-US: hay-kot/mealie
CVE-2022-34624 (Mealie1.0.0beta3 does not terminate download tokens after a user logs ...)
NOT-FOR-US: Mealie
-CVE-2022-34623 (Mealie1.0.0beta3 is vulnerable to user enumeration via timing response ...)
+CVE-2022-34623
+ REJECTED
NOT-FOR-US: Mealie
CVE-2022-34622
RESERVED
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/65aa002ccd4ee7f7331aadcd693237cd33907a47
--
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/65aa002ccd4ee7f7331aadcd693237cd33907a47
You're receiving this email because of your account on salsa.debian.org.
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://alioth-lists.debian.net/pipermail/debian-security-tracker-commits/attachments/20240507/9215258a/attachment.htm>
More information about the debian-security-tracker-commits
mailing list