[Git][security-tracker-team/security-tracker][master] automatic update
Salvatore Bonaccorso (@carnil)
carnil at debian.org
Thu May 9 09:12:16 BST 2024
Salvatore Bonaccorso pushed to branch master at Debian Security Tracker / security-tracker
Commits:
a7277cec by security tracker role at 2024-05-09T08:12:01+00:00
automatic update
- - - - -
1 changed file:
- data/CVE/list
Changes:
=====================================
data/CVE/list
=====================================
@@ -1,3 +1,43 @@
+CVE-2024-4672 (A vulnerability classified as problematic was found in Campcodes Compl ...)
+ TODO: check
+CVE-2024-4597 (An issue has been discovered in GitLab EE affecting all versions from ...)
+ TODO: check
+CVE-2024-4539 (An issue has been discovered in GitLab CE/EE affecting all versions st ...)
+ TODO: check
+CVE-2024-3903 (The Add Custom CSS and JS WordPress plugin through 1.20 does not have ...)
+ TODO: check
+CVE-2024-3590 (The LetterPress WordPress plugin through 1.2.2 does not have CSRF che ...)
+ TODO: check
+CVE-2024-3582 (The UnGallery WordPress plugin through 2.2.4 does not have CSRF check ...)
+ TODO: check
+CVE-2024-3016 (NEC Platforms DT900 and DT900S Series 5.0.0.0 \u2013 v5.3.4.4, v5.4.0. ...)
+ TODO: check
+CVE-2024-34365 (** UNSUPPORTED WHEN ASSIGNED ** Improper Input Validation vulnerabilit ...)
+ TODO: check
+CVE-2024-34308 (TOTOLINK LR350 V9.3.5u.6369_B20220309 was discovered to contain a stac ...)
+ TODO: check
+CVE-2024-34196 (Totolink AC1200 Wireless Dual Band Gigabit Router A3002RU_V3 Firmware ...)
+ TODO: check
+CVE-2024-32672 (A Segmentation Fault issue discovered in Samsung Open Source Escargo ...)
+ TODO: check
+CVE-2024-32669 (Improper Input Validation vulnerability in Samsung Open Source escargo ...)
+ TODO: check
+CVE-2024-2651 (An issue has been discovered in GitLab CE/EE affecting all versions be ...)
+ TODO: check
+CVE-2024-2454 (An issue has been discovered in GitLab CE/EE affecting all versions st ...)
+ TODO: check
+CVE-2024-28759 (A crafted network packet may cause a buffer overrun in Wind River VxWo ...)
+ TODO: check
+CVE-2024-27793 (The issue was addressed with improved checks. This issue is fixed in i ...)
+ TODO: check
+CVE-2024-26517 (SQL Injection vulnerability in School Task Manager v.1.0 allows a remo ...)
+ TODO: check
+CVE-2023-6688 (An issue has been discovered in GitLab CE/EE affecting all versions st ...)
+ TODO: check
+CVE-2023-6682 (An issue has been discovered in GitLab CE/EE affecting all versions st ...)
+ TODO: check
+CVE-2023-5971 (The Save as PDF Plugin by Pdfcrowd WordPress plugin before 3.2.0 does ...)
+ TODO: check
CVE-2024-29510
- ghostscript <unfixed>
NOTE: https://ghostscript.readthedocs.io/en/gs10.03.1/News.html
@@ -917,13 +957,13 @@ CVE-2023-32873 (In keyInstall, there is a possible out of bounds write due to a
TODO: check
CVE-2023-32871 (In DA, there is a possible permission bypass due to an incorrect statu ...)
TODO: check
-CVE-2024-29857
+CVE-2024-29857 (An issue was discovered in Bouncy Castle Java Cryptography APIs before ...)
- bouncycastle <unfixed> (bug #1070655)
[bookworm] - bouncycastle <no-dsa> (Minor issue)
[bullseye] - bouncycastle <no-dsa> (Minor issue)
NOTE: https://github.com/bcgit/bc-java/issues/1635
NOTE: https://www.bouncycastle.org/latest_releases.html
-CVE-2024-30172
+CVE-2024-30172 (An issue was discovered in Bouncy Castle Java Cryptography APIs before ...)
- bouncycastle <unfixed> (bug #1070655)
[bookworm] - bouncycastle <no-dsa> (Minor issue)
[bullseye] - bouncycastle <no-dsa> (Minor issue)
@@ -5240,7 +5280,7 @@ CVE-2022-48682 (In deletefiles in FDUPES before 2.2.0, a TOCTOU race condition a
[buster] - fdupes <postponed> (Minor issue)
NOTE: https://bugzilla.suse.com/show_bug.cgi?id=1200381
NOTE: https://github.com/adrianlopezroche/fdupes/commit/85680897148f1ac33b55418e00334116e419717f (v2.2.0)
-CVE-2024-27282 [Arbitrary memory address read vulnerability with Regex search]
+CVE-2024-27282 (An issue was discovered in Ruby 3.x through 3.3.0. If attacker-supplie ...)
{DSA-5677-1}
- ruby3.2 <unfixed> (bug #1069968)
- ruby3.1 <unfixed> (bug #1069969)
@@ -5757,7 +5797,7 @@ CVE-2024-25583 (A crafted response from an upstream server the recursor has been
NOTE: Fixed by: https://github.com/PowerDNS/pdns/commit/e1247da968077ee7c58fa41447057ee2a2b09fc9 (rec-4.8.8)
CVE-2024-3154 (A flaw was found in cri-o, where an arbitrary systemd property can be ...)
- cri-o <itp> (bug #979702)
-CVE-2024-30171
+CVE-2024-30171 (An issue was discovered in Bouncy Castle Java TLS API and JSSE Provide ...)
- bouncycastle <unfixed> (bug #1070655)
[bookworm] - bouncycastle <no-dsa> (Minor issue)
[bullseye] - bouncycastle <no-dsa> (Minor issue)
@@ -11535,6 +11575,7 @@ CVE-2024-31498 (Yubico ykman-gui (aka YubiKey Manager GUI) before 1.2.6 on Windo
CVE-2024-31212 (InstantCMS is a free and open source content management system. A SQL ...)
NOT-FOR-US: InstantCMS
CVE-2024-31210 (WordPress is an open publishing platform for the Web. It's possible fo ...)
+ {DSA-5685-1}
- wordpress 6.4.3+dfsg1-1
[buster] - wordpress 5.0.21+dfsg1-0+deb10u1
NOTE: https://wordpress.org/news/2024/01/wordpress-6-4-3-maintenance-and-security-release/
@@ -15805,7 +15846,7 @@ CVE-2020-36826 (A vulnerability was found in AwesomestCode LiveBot. It has been
NOT-FOR-US: AwesomestCode LiveBot
CVE-2020-36825 (A vulnerability has been found in cyberaz0r WebRAT up to 20191222 and ...)
NOT-FOR-US: cyberaz0r WebRAT
-CVE-2024-27281 [RCE vulnerability with .rdoc_options in RDoc]
+CVE-2024-27281 (An issue was discovered in RDoc 6.3.3 through 6.6.2, as distributed in ...)
{DSA-5677-1}
- ruby3.2 <unfixed> (bug #1067802)
- ruby3.1 <unfixed> (bug #1067803)
@@ -15813,7 +15854,7 @@ CVE-2024-27281 [RCE vulnerability with .rdoc_options in RDoc]
- ruby2.5 <removed>
NOTE: https://www.ruby-lang.org/en/news/2024/03/21/rce-rdoc-cve-2024-27281/
NOTE: https://github.com/ruby/rdoc/commit/da7a0c7553ef7250ca665a3fecdc01dbaacbb43d (v6.6.3)
-CVE-2024-27280 [Buffer overread vulnerability in StringIO]
+CVE-2024-27280 (A buffer-overread issue was discovered in StringIO 3.0.1, as distribut ...)
{DSA-5677-1}
- ruby3.2 <not-affected> (Fixed before initial upload to Debian)
- ruby3.1 <unfixed> (bug #1069966)
@@ -16127,6 +16168,7 @@ CVE-2024-23494 (SQL injection vulnerability exists in GetDIAE_unListParameters.)
CVE-2024-0957 (The WooCommerce PDF Invoices, Packing Slips, Delivery Notes and Shippi ...)
NOT-FOR-US: WordPress plugin
CVE-2023-42956 (The issue was addressed with improved memory handling. This issue is f ...)
+ {DSA-5684-1}
- webkit2gtk 2.44.0-1
[buster] - webkit2gtk <end-of-life> (EOL in buster LTS)
- wpewebkit 2.44.1-1
@@ -16136,6 +16178,7 @@ CVE-2023-42956 (The issue was addressed with improved memory handling. This issu
CVE-2023-42954 (A privilege escalation issue existed in FileMaker Server, potentially ...)
NOT-FOR-US: Claris FileMaker Server
CVE-2023-42950 (A use after free issue was addressed with improved memory management. ...)
+ {DSA-5684-1}
- webkit2gtk 2.44.0-1
[buster] - webkit2gtk <end-of-life> (EOL in buster LTS)
- wpewebkit 2.44.1-1
@@ -19682,6 +19725,7 @@ CVE-2024-23286 (A buffer overflow issue was addressed with improved memory handl
CVE-2024-23285 (This issue was addressed with improved handling of symlinks. This issu ...)
NOT-FOR-US: Apple
CVE-2024-23284 (A logic issue was addressed with improved state management. This issue ...)
+ {DSA-5684-1}
- webkit2gtk 2.44.0-1
[buster] - webkit2gtk <end-of-life> (EOL in buster LTS)
- wpewebkit 2.44.1-1
@@ -19693,6 +19737,7 @@ CVE-2024-23283 (A privacy issue was addressed with improved private data redacti
CVE-2024-23281 (This issue was addressed with improved state management. This issue is ...)
NOT-FOR-US: Apple
CVE-2024-23280 (An injection issue was addressed with improved validation. This issue ...)
+ {DSA-5684-1}
- webkit2gtk 2.44.0-1
[buster] - webkit2gtk <end-of-life> (EOL in buster LTS)
- wpewebkit 2.44.1-1
@@ -19730,6 +19775,7 @@ CVE-2024-23265 (A memory corruption vulnerability was addressed with improved lo
CVE-2024-23264 (A validation issue was addressed with improved input sanitization. Thi ...)
NOT-FOR-US: Apple
CVE-2024-23263 (A logic issue was addressed with improved validation. This issue is fi ...)
+ {DSA-5684-1}
- webkit2gtk 2.44.0-1
[buster] - webkit2gtk <end-of-life> (EOL in buster LTS)
- wpewebkit 2.44.1-1
@@ -19749,6 +19795,7 @@ CVE-2024-23257 (The issue was addressed with improved memory handling. This issu
CVE-2024-23255 (An authentication issue was addressed with improved state management. ...)
NOT-FOR-US: Apple
CVE-2024-23254 (The issue was addressed with improved UI handling. This issue is fixed ...)
+ {DSA-5684-1}
- webkit2gtk 2.44.0-1
[buster] - webkit2gtk <end-of-life> (EOL in buster LTS)
- wpewebkit 2.44.1-1
@@ -19759,6 +19806,7 @@ CVE-2024-23253 (A permissions issue was addressed with additional restrictions.
NOT-FOR-US: Apple
CVE-2024-23252
REJECTED
+ {DSA-5684-1}
CVE-2024-23250 (An access issue was addressed with improved access restrictions. This ...)
NOT-FOR-US: Apple
CVE-2024-23249 (The issue was addressed with improved memory handling. This issue is f ...)
@@ -24468,6 +24516,7 @@ CVE-2023-42853 (A logic issue was addressed with improved checks. This issue is
CVE-2023-42848 (The issue was addressed with improved bounds checks. This issue is fix ...)
NOT-FOR-US: Apple
CVE-2023-42843 (An inconsistent user interface issue was addressed with improved state ...)
+ {DSA-5684-1}
- webkit2gtk 2.44.0-1
[buster] - webkit2gtk <end-of-life> (EOL in buster LTS)
- wpewebkit 2.44.1-1
@@ -48381,7 +48430,7 @@ CVE-2023-5595 (Denial of Service in GitHub repository gpac/gpac prior to 2.3.0-D
CVE-2023-5575 (Improper access control in the permission inheritance in Devolutions S ...)
NOT-FOR-US: Devolutions Server
CVE-2023-5561 (WordPress does not properly restrict which user fields are searchable ...)
- {DLA-3658-1}
+ {DSA-5685-1 DLA-3658-1}
- wordpress 6.3.2+dfsg1-1
NOTE: https://wordpress.org/documentation/wordpress-version/version-6-3-2/
NOTE: https://core.trac.wordpress.org/changeset/56840/
@@ -48826,7 +48875,7 @@ CVE-2023-41680 (A improper neutralization of input during web page generation ('
CVE-2023-40682 (IBM App Connect Enterprise 12.0.1.0 through 12.0.8.0 contains an unspe ...)
NOT-FOR-US: OVM
CVE-2023-39999 (Exposure of Sensitive Information to an Unauthorized Actor in WordPres ...)
- {DLA-3658-1}
+ {DSA-5685-1 DLA-3658-1}
- wordpress 6.3.2+dfsg1-1
NOTE: https://wordpress.org/documentation/wordpress-version/version-6-3-2/
NOTE: https://core.trac.wordpress.org/changeset/56843/
@@ -68828,7 +68877,7 @@ CVE-2023-2765 (A vulnerability has been found in Weaver OA up to 9.5 and classif
CVE-2023-2756 (SQL Injection in GitHub repository pimcore/customer-data-framework pri ...)
NOT-FOR-US: pimcore
CVE-2023-2745 (WordPress Core is vulnerable to Directory Traversal in versions up to, ...)
- {DLA-3462-1}
+ {DSA-5685-1 DLA-3462-1}
- wordpress 6.2.1+dfsg1-1 (bug #1036296)
NOTE: https://core.trac.wordpress.org/changeset?old=55765&new=55765
NOTE: https://wordpress.org/news/2023/05/wordpress-6-2-1-maintenance-security-release/
@@ -117279,7 +117328,7 @@ CVE-2022-43280 (wasm-interp v1.0.29 was discovered to contain an out-of-bounds r
- wabt 1.0.30-1 (unimportant)
NOTE: https://github.com/WebAssembly/wabt/issues/1982
NOTE: Crash in CLI tool, no security impact
-CVE-2022-43279 (LimeSurvey v5.4.4 was discovered to contain a SQL injection vulnerabil ...)
+CVE-2022-43279 (LimeSurvey before v5.0.4 was discovered to contain a SQL injection vul ...)
- limesurvey <itp> (bug #472802)
CVE-2022-43278 (Canteen Management System v1.0 was discovered to contain a SQL injecti ...)
NOT-FOR-US: Canteen Management System
@@ -131493,7 +131542,7 @@ CVE-2022-38166 (In F-Secure Endpoint Protection for Windows and macOS before cha
NOT-FOR-US: F-Secure
CVE-2022-38165 (Arbitrary file write in F-Secure Policy Manager through 2022-08-10 all ...)
NOT-FOR-US: WithSecure
-CVE-2022-38164 (WithSecure through 2022-08-10 allows attackers to cause a denial of se ...)
+CVE-2022-38164 (A vulnerability affecting F-Secure SAFE browser for Android and iOS wa ...)
NOT-FOR-US: WithSecure
CVE-2022-38163 (A Drag and Drop spoof vulnerability was discovered in F-Secure SAFE Br ...)
NOT-FOR-US: WithSecure
@@ -226170,7 +226219,7 @@ CVE-2021-30082 (An issue was discovered in Gris CMS v0.1. There is a Persistent
NOT-FOR-US: Gris CMS
CVE-2021-30081 (An issue was discovered in emlog 6.0.0stable. There is a SQL Injection ...)
NOT-FOR-US: emlog
-CVE-2021-30080 (An issue was discovered in the route lookup process in beego through 2 ...)
+CVE-2021-30080 (An issue was discovered in the route lookup process in beego before 1. ...)
NOT-FOR-US: Beego
CVE-2021-30079
RESERVED
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/a7277cec7a0b050c02d41f8275547616ad1f3069
--
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/a7277cec7a0b050c02d41f8275547616ad1f3069
You're receiving this email because of your account on salsa.debian.org.
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://alioth-lists.debian.net/pipermail/debian-security-tracker-commits/attachments/20240509/376a2615/attachment-0001.htm>
More information about the debian-security-tracker-commits
mailing list