[Git][security-tracker-team/security-tracker][master] automatic update
Salvatore Bonaccorso (@carnil)
carnil at debian.org
Thu May 9 21:36:11 BST 2024
Salvatore Bonaccorso pushed to branch master at Debian Security Tracker / security-tracker
Commits:
459a3e8f by security tracker role at 2024-05-09T20:12:38+00:00
automatic update
- - - - -
1 changed file:
- data/CVE/list
Changes:
=====================================
data/CVE/list
=====================================
@@ -1,3 +1,373 @@
+CVE-2024-4685 (A vulnerability was found in Campcodes Complete Web-Based School Manag ...)
+ TODO: check
+CVE-2024-4684 (A vulnerability was found in Campcodes Complete Web-Based School Manag ...)
+ TODO: check
+CVE-2024-4683 (A vulnerability was found in Campcodes Complete Web-Based School Manag ...)
+ TODO: check
+CVE-2024-4682 (A vulnerability has been found in Campcodes Complete Web-Based School ...)
+ TODO: check
+CVE-2024-4681 (A vulnerability, which was classified as critical, was found in Campco ...)
+ TODO: check
+CVE-2024-4678 (A vulnerability was found in Campcodes Complete Web-Based School Manag ...)
+ TODO: check
+CVE-2024-4677 (A vulnerability was found in Campcodes Complete Web-Based School Manag ...)
+ TODO: check
+CVE-2024-4676 (A vulnerability was found in Campcodes Complete Web-Based School Manag ...)
+ TODO: check
+CVE-2024-4675 (A vulnerability has been found in Campcodes Complete Web-Based School ...)
+ TODO: check
+CVE-2024-4674 (A vulnerability, which was classified as problematic, was found in Cam ...)
+ TODO: check
+CVE-2024-4673 (A vulnerability, which was classified as problematic, has been found i ...)
+ TODO: check
+CVE-2024-4614
+ REJECTED
+CVE-2024-4606 (Deserialization of Untrusted Data vulnerability in BdThemes Ultimate S ...)
+ TODO: check
+CVE-2024-4605 (The Breakdance plugin for WordPress is vulnerable to Remote Code Execu ...)
+ TODO: check
+CVE-2024-4579
+ REJECTED
+CVE-2024-4572
+ REJECTED
+CVE-2024-4571
+ REJECTED
+CVE-2024-4567 (The Themify Shortcodes plugin for WordPress is vulnerable to Stored Cr ...)
+ TODO: check
+CVE-2024-4545 (All versions of EnterpriseDB Postgres Advanced Server (EPAS) from 15.0 ...)
+ TODO: check
+CVE-2024-4542 (The WP Shortcodes Plugin \u2014 Shortcodes Ultimate plugin for WordPre ...)
+ TODO: check
+CVE-2024-4463 (The Squelch Tabs and Accordions Shortcodes plugin for WordPress is vul ...)
+ TODO: check
+CVE-2024-4446 (The Content Views \u2013 Post Grid & Filter, Recent Posts, Category Po ...)
+ TODO: check
+CVE-2024-4441 (The XML Sitemap & Google News plugin for WordPress is vulnerable to Lo ...)
+ TODO: check
+CVE-2024-4425 (The access control inCemiPark software stores integration (e.g. FTP or ...)
+ TODO: check
+CVE-2024-4424 (The access control inCemiPark software does not properly validate user ...)
+ TODO: check
+CVE-2024-4423 (The access control inCemiPark software does not properly validate user ...)
+ TODO: check
+CVE-2024-4411 (The Mihdan: Yandex Turbo Feed plugin for WordPress is vulnerable to St ...)
+ TODO: check
+CVE-2024-4397 (The LearnPress \u2013 WordPress LMS Plugin plugin for WordPress is vul ...)
+ TODO: check
+CVE-2024-4386 (The Gallery Block (Meow Gallery) plugin for WordPress is vulnerable to ...)
+ TODO: check
+CVE-2024-4383 (The Simple Membership plugin for WordPress is vulnerable to Stored Cro ...)
+ TODO: check
+CVE-2024-4339 (The Prime Slider \u2013 Addons For Elementor (Revolution of a slider, ...)
+ TODO: check
+CVE-2024-4335 (The Rank Math SEO with AI Best SEO Tools plugin for WordPress is vulne ...)
+ TODO: check
+CVE-2024-4316 (The EmbedPress \u2013 Embed PDF, Google Docs, Vimeo, Wistia, Embed You ...)
+ TODO: check
+CVE-2024-4314 (The Hostel plugin for WordPress is vulnerable to Cross-Site Request Fo ...)
+ TODO: check
+CVE-2024-4312 (The Soccer Engine \u2013 Soccer Plugin for WordPress plugin for WordPr ...)
+ TODO: check
+CVE-2024-4193 (The Testimonial Slider plugin for WordPress is vulnerable to Stored Cr ...)
+ TODO: check
+CVE-2024-4158 (The Blocksy theme for WordPress is vulnerable to Stored Cross-Site Scr ...)
+ TODO: check
+CVE-2024-4150 (The Simple Basic Contact Form plugin for WordPress is vulnerable to Re ...)
+ TODO: check
+CVE-2024-4107 (The Elementor Website Builder \u2013 More than Just a Page Builder Pro ...)
+ TODO: check
+CVE-2024-4104 (The ADFO \u2013 Custom data in admin dashboard plugin for WordPress is ...)
+ TODO: check
+CVE-2024-4103 (The ADFO \u2013 Custom data in admin dashboard plugin for WordPress is ...)
+ TODO: check
+CVE-2024-4082 (The Joli FAQ SEO \u2013 WordPress FAQ Plugin plugin for WordPress is v ...)
+ TODO: check
+CVE-2024-4041 (The Yoast SEO plugin for WordPress is vulnerable to Reflected Cross-Si ...)
+ TODO: check
+CVE-2024-4038 (The The Back In Stock Notifier for WooCommerce | WooCommerce Waitlist ...)
+ TODO: check
+CVE-2024-3990 (The HT Mega \u2013 Absolute Addons For Elementor plugin for WordPress ...)
+ TODO: check
+CVE-2024-3989 (The HT Mega \u2013 Absolute Addons For Elementor plugin for WordPress ...)
+ TODO: check
+CVE-2024-3974 (The BuddyPress plugin for WordPress is vulnerable to Stored Cross-Site ...)
+ TODO: check
+CVE-2024-3954 (The Ditty plugin for WordPress is vulnerable to PHP Object Injection i ...)
+ TODO: check
+CVE-2024-3952 (The Advanced Ads \u2013Ad Manager & AdSense plugin for WordPress is vu ...)
+ TODO: check
+CVE-2024-3923 (The Beaver Builder \u2013 WordPress Page Builder plugin for WordPress ...)
+ TODO: check
+CVE-2024-3916 (The Swift Framework plugin for WordPress is vulnerable to Stored Cross ...)
+ TODO: check
+CVE-2024-3915 (The Swift Framework plugin for WordPress is vulnerable to unauthorized ...)
+ TODO: check
+CVE-2024-3831 (The Enter Addons \u2013 Ultimate Template Builder for Elementor plugin ...)
+ TODO: check
+CVE-2024-3809 (The Porto Theme - Functionality plugin for WordPress is vulnerable to ...)
+ TODO: check
+CVE-2024-3808 (The Porto Theme - Functionality plugin for WordPress is vulnerable to ...)
+ TODO: check
+CVE-2024-3807 (The Porto theme for WordPress is vulnerable to Local File Inclusion in ...)
+ TODO: check
+CVE-2024-3806 (The Porto theme for WordPress is vulnerable to Local File Inclusion in ...)
+ TODO: check
+CVE-2024-3727 (A flaw was found in the github.com/containers/image library. This flaw ...)
+ TODO: check
+CVE-2024-3722 (The Swift Performance Lite plugin for WordPress is vulnerable to unaut ...)
+ TODO: check
+CVE-2024-3680 (The Enter Addons \u2013 Ultimate Template Builder for Elementor plugin ...)
+ TODO: check
+CVE-2024-3595 (The Pure Chat \u2013 Live Chat Plugin & More! plugin for WordPress is ...)
+ TODO: check
+CVE-2024-3461 (KioWare for Windows (versions all through 8.35)allows to brute force t ...)
+ TODO: check
+CVE-2024-3460 (In KioWare for Windows (versions all through 8.34)it is possible to ex ...)
+ TODO: check
+CVE-2024-3459 (KioWare for Windows (versions allthrough 8.34)allows to escape the env ...)
+ TODO: check
+CVE-2024-3070 (The Last Viewed Posts by WPBeginner plugin for WordPress is vulnerable ...)
+ TODO: check
+CVE-2024-3068 (The Custom Field Suite plugin for WordPress is vulnerable to Stored Cr ...)
+ TODO: check
+CVE-2024-34559 (Insertion of Sensitive Information into Log File vulnerability in Ghos ...)
+ TODO: check
+CVE-2024-34557 (Cross-Site Request Forgery (CSRF) vulnerability in UkrSolution Barcode ...)
+ TODO: check
+CVE-2024-34556 (Exposure of Sensitive Information to an Unauthorized Actor vulnerabili ...)
+ TODO: check
+CVE-2024-34550 (Insertion of Sensitive Information into Log File vulnerability in Alex ...)
+ TODO: check
+CVE-2024-34549 (Exposure of Sensitive Information to an Unauthorized Actor vulnerabili ...)
+ TODO: check
+CVE-2024-34445 (Improper Neutralization of Input During Web Page Generation ('Cross-si ...)
+ TODO: check
+CVE-2024-34441 (Improper Neutralization of Input During Web Page Generation ('Cross-si ...)
+ TODO: check
+CVE-2024-34439 (Cross-Site Request Forgery (CSRF) vulnerability in divSpot DS Site Mes ...)
+ TODO: check
+CVE-2024-34437 (Improper Neutralization of Input During Web Page Generation ('Cross-si ...)
+ TODO: check
+CVE-2024-34436 (Improper Neutralization of Input During Web Page Generation ('Cross-si ...)
+ TODO: check
+CVE-2024-34433 (Deserialization of Untrusted Data vulnerability in OCDI One Click Demo ...)
+ TODO: check
+CVE-2024-34432 (Improper Neutralization of Input During Web Page Generation ('Cross-si ...)
+ TODO: check
+CVE-2024-34431 (Improper Neutralization of Input During Web Page Generation ('Cross-si ...)
+ TODO: check
+CVE-2024-34430 (Improper Neutralization of Input During Web Page Generation ('Cross-si ...)
+ TODO: check
+CVE-2024-34429 (Improper Neutralization of Input During Web Page Generation ('Cross-si ...)
+ TODO: check
+CVE-2024-34428 (Improper Neutralization of Input During Web Page Generation ('Cross-si ...)
+ TODO: check
+CVE-2024-34427 (Cross-Site Request Forgery (CSRF) vulnerability in Huseyin Berberoglu ...)
+ TODO: check
+CVE-2024-34426 (Improper Neutralization of Input During Web Page Generation ('Cross-si ...)
+ TODO: check
+CVE-2024-34425 (Improper Neutralization of Input During Web Page Generation ('Cross-si ...)
+ TODO: check
+CVE-2024-34424 (Improper Neutralization of Input During Web Page Generation ('Cross-si ...)
+ TODO: check
+CVE-2024-34423 (Improper Neutralization of Input During Web Page Generation ('Cross-si ...)
+ TODO: check
+CVE-2024-34422 (Improper Neutralization of Input During Web Page Generation ('Cross-si ...)
+ TODO: check
+CVE-2024-34421 (Improper Neutralization of Input During Web Page Generation ('Cross-si ...)
+ TODO: check
+CVE-2024-34420 (Improper Neutralization of Input During Web Page Generation ('Cross-si ...)
+ TODO: check
+CVE-2024-34419 (Improper Neutralization of Input During Web Page Generation ('Cross-si ...)
+ TODO: check
+CVE-2024-34418 (Improper Neutralization of Input During Web Page Generation ('Cross-si ...)
+ TODO: check
+CVE-2024-34417 (Improper Neutralization of Input During Web Page Generation ('Cross-si ...)
+ TODO: check
+CVE-2024-34415 (Improper Neutralization of Input During Web Page Generation ('Cross-si ...)
+ TODO: check
+CVE-2024-34354 (CMSaaSStarter is a SaaS template/boilerplate built with SvelteKit, Tai ...)
+ TODO: check
+CVE-2024-34352 (1Panel is an open source Linux server operation and maintenance manage ...)
+ TODO: check
+CVE-2024-34351 (Next.js is a React framework that can provide building blocks to creat ...)
+ TODO: check
+CVE-2024-34350 (Next.js is a React framework that can provide building blocks to creat ...)
+ TODO: check
+CVE-2024-34345 (The CycloneDX JavaScript library contains the core functionality of OW ...)
+ TODO: check
+CVE-2024-34338 (A Blind command injection vulnerability in Tenda O3V2 V1.0.0.12 and ea ...)
+ TODO: check
+CVE-2024-34220 (Sourcecodester Human Resource Management System 1.0 is vulnerable to S ...)
+ TODO: check
+CVE-2024-34219 (TOTOLINK CP450 V4.1.0cu.747_B20191224 was discovered to contain a vuln ...)
+ TODO: check
+CVE-2024-34218 (TOTOLINK outdoor CPE CP450 v4.1.0cu.747_B20191224 was discovered to co ...)
+ TODO: check
+CVE-2024-34217 (TOTOLINK CP450 v4.1.0cu.747_B20191224 was discovered to contain a stac ...)
+ TODO: check
+CVE-2024-34215 (TOTOLINK CP450 v4.1.0cu.747_B20191224 was discovered to contain a stac ...)
+ TODO: check
+CVE-2024-34213 (TOTOLINK CP450 v4.1.0cu.747_B20191224 was discovered to contain a stac ...)
+ TODO: check
+CVE-2024-34212 (TOTOLINK CP450 v4.1.0cu.747_B20191224 was discovered to contain a stac ...)
+ TODO: check
+CVE-2024-34211 (TOTOLINK CP450 v4.1.0cu.747_B20191224 was discovered to contain a hard ...)
+ TODO: check
+CVE-2024-34210 (TOTOLINK outdoor CPE CP450 v4.1.0cu.747_B20191224 was discovered to co ...)
+ TODO: check
+CVE-2024-34209 (TOTOLINK CP450 v4.1.0cu.747_B20191224 was discovered to contain a stac ...)
+ TODO: check
+CVE-2024-34207 (TOTOLINK CP450 v4.1.0cu.747_B20191224 was discovered to contain a stac ...)
+ TODO: check
+CVE-2024-34206 (TOTOLINK outdoor CPE CP450 v4.1.0cu.747_B20191224 was discovered to co ...)
+ TODO: check
+CVE-2024-34205 (TOTOLINK CP450 v4.1.0cu.747_B20191224 was discovered to contain a comm ...)
+ TODO: check
+CVE-2024-34204 (TOTOLINK outdoor CPE CP450 v4.1.0cu.747_B20191224 was discovered to co ...)
+ TODO: check
+CVE-2024-34203 (TOTOLINK CP450 v4.1.0cu.747_B20191224 was discovered to contain a stac ...)
+ TODO: check
+CVE-2024-34202 (TOTOLINK CP450 v4.1.0cu.747_B20191224 was discovered to contain a stac ...)
+ TODO: check
+CVE-2024-34201 (TOTOLINK CP450 v4.1.0cu.747_B20191224 was discovered to contain a stac ...)
+ TODO: check
+CVE-2024-34200 (TOTOLINK CPE CP450 v4.1.0cu.747_B20191224 was discovered to contain a ...)
+ TODO: check
+CVE-2024-34074 (Frappe is a full-stack web application framework. Prior to 15.26.0 and ...)
+ TODO: check
+CVE-2024-33877 (HDF5 Library through 1.14.3 has a heap-based buffer overflow in H5T__c ...)
+ TODO: check
+CVE-2024-33876 (HDF5 Library through 1.14.3 has a heap buffer overflow in H5S__point_d ...)
+ TODO: check
+CVE-2024-33875 (HDF5 Library through 1.14.3 has a heap-based buffer overflow in H5O__l ...)
+ TODO: check
+CVE-2024-33874 (HDF5 Library through 1.14.3 has a heap buffer overflow in H5O__mtime_n ...)
+ TODO: check
+CVE-2024-33873 (HDF5 Library through 1.14.3 has a heap-based buffer overflow in H5D__s ...)
+ TODO: check
+CVE-2024-33454 (Buffer Overflow vulnerability in esp-idf v.5.1 allows a remote attacke ...)
+ TODO: check
+CVE-2024-32874 (Frigate is a network video recorder (NVR) with realtime local object d ...)
+ TODO: check
+CVE-2024-32739 (A sql injection vulnerability exists in CyberPower PowerPanel Enterpri ...)
+ TODO: check
+CVE-2024-32738 (A sql injection vulnerability exists in CyberPower PowerPanel Enterpri ...)
+ TODO: check
+CVE-2024-32737 (A sql injection vulnerability exists in CyberPower PowerPanel Enterpri ...)
+ TODO: check
+CVE-2024-32736 (A sql injection vulnerability exists in CyberPower PowerPanel Enterpri ...)
+ TODO: check
+CVE-2024-32735 (An issue regarding missing authentication for certain utilities exists ...)
+ TODO: check
+CVE-2024-32724 (Missing Authorization vulnerability in Woo product importer Sharkdrops ...)
+ TODO: check
+CVE-2024-32719 (Missing Authorization vulnerability in WP Club Manager.This issue affe ...)
+ TODO: check
+CVE-2024-32717 (Missing Authorization vulnerability in WPDeveloper SchedulePress.This ...)
+ TODO: check
+CVE-2024-32712 (Missing Authorization vulnerability in Podlove Podlove Podcast Publish ...)
+ TODO: check
+CVE-2024-32655 (Npgsql is the .NET data provider for PostgreSQL. In 8.0.2 and earlier, ...)
+ TODO: check
+CVE-2024-32624 (HDF5 Library through 1.14.3 contains a heap-based buffer overflow in H ...)
+ TODO: check
+CVE-2024-32623 (HDF5 Library through 1.14.3 contains a heap-based buffer overflow in H ...)
+ TODO: check
+CVE-2024-32622 (HDF5 Library through 1.14.3 contains a out-of-bounds read operation in ...)
+ TODO: check
+CVE-2024-32621 (HDF5 Library through 1.14.3 contains a heap-based buffer overflow in H ...)
+ TODO: check
+CVE-2024-32620 (HDF5 Library through 1.14.3 contains a heap-based buffer over-read in ...)
+ TODO: check
+CVE-2024-32619 (HDF5 Library through 1.14.3 contains a heap-based buffer overflow in H ...)
+ TODO: check
+CVE-2024-32618 (HDF5 Library through 1.14.3 contains a heap-based buffer overflow in H ...)
+ TODO: check
+CVE-2024-32617 (HDF5 Library through 1.14.3 contains a heap-based buffer over-read cau ...)
+ TODO: check
+CVE-2024-32616 (HDF5 Library through 1.14.3 contains a heap-based buffer over-read in ...)
+ TODO: check
+CVE-2024-32615 (HDF5 Library through 1.14.3 contains a heap-based buffer overflow in H ...)
+ TODO: check
+CVE-2024-32614 (HDF5 Library through 1.14.3 has a SEGV in H5VM_memcpyvv in H5VM.c.)
+ TODO: check
+CVE-2024-32613 (HDF5 Library through 1.14.3 contains a heap-based buffer over-read in ...)
+ TODO: check
+CVE-2024-32612 (HDF5 Library through 1.14.3 contains a heap-based buffer over-read in ...)
+ TODO: check
+CVE-2024-32611 (HDF5 Library through 1.14.3 may use an uninitialized value in H5A__att ...)
+ TODO: check
+CVE-2024-32610 (HDF5 Library through 1.14.3 has a SEGV in H5T_close_real in H5T.c, res ...)
+ TODO: check
+CVE-2024-32609 (HDF5 Library through 1.14.3 allows stack consumption in the function H ...)
+ TODO: check
+CVE-2024-32607 (HDF5 Library through 1.14.3 has a SEGV in H5A__close in H5Aint.c, resu ...)
+ TODO: check
+CVE-2024-32606 (HDF5 Library through 1.14.3 may attempt to dereference uninitialized v ...)
+ TODO: check
+CVE-2024-32605 (HDF5 Library through 1.14.3 has a heap-based buffer over-read in H5VM_ ...)
+ TODO: check
+CVE-2024-31954 (An issue was discovered in the installer in Samsung Portable SSD for T ...)
+ TODO: check
+CVE-2024-31953 (An issue was discovered in Samsung Magician 8.0.0 on macOS. Because it ...)
+ TODO: check
+CVE-2024-31952 (An issue was discovered in Samsung Magician 8.0.0 on macOS. Because sy ...)
+ TODO: check
+CVE-2024-31803 (Buffer Overflow vulnerability in emp-ot v.0.2.4 allows a remote attack ...)
+ TODO: check
+CVE-2024-2923 (The Magical Addons For Elementor ( Header Footer Builder, Free Element ...)
+ TODO: check
+CVE-2024-2846 (The Visual Footer Credit Remover plugin for WordPress is vulnerable to ...)
+ TODO: check
+CVE-2024-2785 (The The Plus Addons for Elementor plugin for WordPress is vulnerable t ...)
+ TODO: check
+CVE-2024-2290 (The Advanced Ads plugin for WordPress is vulnerable to PHP Object Inje ...)
+ TODO: check
+CVE-2024-29800 (Deserialization of Untrusted Data vulnerability in Timber Team & Contr ...)
+ TODO: check
+CVE-2024-29166 (HDF5 through 1.14.3 contains a buffer overflow in H5O__linfo_decode, r ...)
+ TODO: check
+CVE-2024-29165 (HDF5 through 1.14.3 contains a buffer overflow in H5Z__filter_fletcher ...)
+ TODO: check
+CVE-2024-29164 (HDF5 through 1.14.3 contains a stack buffer overflow in H5R__decode_he ...)
+ TODO: check
+CVE-2024-29163 (HDF5 through 1.14.3 contains a heap buffer overflow in H5T__bit_find, ...)
+ TODO: check
+CVE-2024-29162 (HDF5 through 1.13.3 and/or 1.14.2 contains a stack buffer overflow in ...)
+ TODO: check
+CVE-2024-29161 (HDF5 through 1.14.3 contains a heap buffer overflow in H5A__attr_relea ...)
+ TODO: check
+CVE-2024-29160 (HDF5 through 1.14.3 contains a heap buffer overflow in H5HG__cache_hea ...)
+ TODO: check
+CVE-2024-29159 (HDF5 through 1.14.3 contains a buffer overflow in H5Z__filter_scaleoff ...)
+ TODO: check
+CVE-2024-29158 (HDF5 through 1.14.3 contains a stack buffer overflow in H5FL_arr_mallo ...)
+ TODO: check
+CVE-2024-29157 (HDF5 through 1.14.3 contains a heap buffer overflow in H5HG_read, resu ...)
+ TODO: check
+CVE-2024-28075 (The SolarWinds Access Rights Manager was susceptible to Remote Code Ex ...)
+ TODO: check
+CVE-2024-24157 (Gnuboard g6 / https://github.com/gnuboard/g6 commit c2cc1f5069e00491ea ...)
+ TODO: check
+CVE-2024-23473 (The SolarWinds Access Rights Manager was found to contain a hard-coded ...)
+ TODO: check
+CVE-2024-22910 (Cross Site Scripting (XSS) vulnerability in CrushFTP v.10.6.0 and v.10 ...)
+ TODO: check
+CVE-2024-1693 (The SP Project & Document Manager plugin for WordPress is vulnerable t ...)
+ TODO: check
+CVE-2024-1467 (The Starter Templates \u2014 Elementor, WordPress & Beaver Builder Tem ...)
+ TODO: check
+CVE-2024-1230 (The SimpleShop plugin for WordPress is vulnerable to Cross-Site Reques ...)
+ TODO: check
+CVE-2024-1229 (The SimpleShop plugin for WordPress is vulnerable to unauthorized disc ...)
+ TODO: check
+CVE-2024-1166 (The Image Hover Effects \u2013 Elementor Addon plugin for WordPress is ...)
+ TODO: check
+CVE-2024-0445 (The The Plus Addons for Elementor plugin for WordPress is vulnerable t ...)
+ TODO: check
+CVE-2023-6327 (The ShopLentor (formerly WooLentor) plugin for WordPress is vulnerable ...)
+ TODO: check
CVE-2024-33655
- unbound 1.20.0-1
NOTE: https://nlnetlabs.nl/downloads/unbound/CVE-2024-33655.txt
@@ -10,7 +380,7 @@ CVE-2024-4693 [virtio-pci: fix use of a released vector]
NOTE: https://gitlab.com/qemu-project/qemu/-/issues/2321
NOTE: Introduced by: https://gitlab.com/qemu-project/qemu/-/commit/f9a09ca3ea69d108d828b7c82f1bd61b2df6fc96 (v8.0.0-rc0)
NOTE: Fixed by: https://gitlab.com/qemu-project/qemu/-/commit/fcbb086ae590e910614fe5b8bf76e264f71ef304 (v8.2.3)
-CVE-2024-4317 [Restrict visibility of "pg_stats_ext" and "pg_stats_ext_exprs" entries to the table owner]
+CVE-2024-4317 (Missing authorization in PostgreSQL built-in views pg_stats_ext and pg ...)
- postgresql-16 16.3-1
- postgresql-15 <removed>
[bookworm] - postgresql-15 <no-dsa> (Minor issue; can be fixed via point release)
@@ -253,32 +623,32 @@ CVE-2024-1438 (Missing Authorization vulnerability in PressFore Rolo Slider.This
NOT-FOR-US: WordPress plugin
CVE-2023-41651 (Missing Authorization vulnerability in Multi-column Tag Map.This issue ...)
NOT-FOR-US: WordPress plugin
-CVE-2024-27397 [netfilter: nf_tables: use timestamp to check for set element timeout]
+CVE-2024-27397 (In the Linux kernel, the following vulnerability has been resolved: n ...)
- linux 6.7.7-1
NOTE: https://git.kernel.org/linus/7395dfacfff65e9938ac0889dafa1ab01e987d15 (6.8-rc4)
-CVE-2024-27396 [net: gtp: Fix Use-After-Free in gtp_dellink]
+CVE-2024-27396 (In the Linux kernel, the following vulnerability has been resolved: n ...)
- linux <unfixed>
[bookworm] - linux 6.1.90-1
[bullseye] - linux 5.10.216-1
NOTE: https://git.kernel.org/linus/f2a904107ee2b647bb7794a1a82b67740d7c8a64 (6.9-rc6)
-CVE-2024-27395 [net: openvswitch: Fix Use-After-Free in ovs_ct_exit]
+CVE-2024-27395 (In the Linux kernel, the following vulnerability has been resolved: n ...)
- linux <unfixed>
[bookworm] - linux 6.1.90-1
[bullseye] - linux 5.10.216-1
NOTE: https://git.kernel.org/linus/5ea7b72d4fac2fdbc0425cd8f2ea33abe95235b2 (6.9-rc6)
-CVE-2024-27394 [tcp: Fix Use-After-Free in tcp_ao_connect_init]
+CVE-2024-27394 (In the Linux kernel, the following vulnerability has been resolved: t ...)
- linux <unfixed>
[bookworm] - linux <not-affected> (Vulnerable code not present)
[bullseye] - linux <not-affected> (Vulnerable code not present)
[buster] - linux <not-affected> (Vulnerable code not present)
NOTE: https://git.kernel.org/linus/80e679b352c3ce5158f3f778cfb77eb767e586fb (6.9-rc6)
-CVE-2024-27393 [xen-netfront: Add missing skb_mark_for_recycle]
+CVE-2024-27393 (In the Linux kernel, the following vulnerability has been resolved: x ...)
- linux <unfixed>
[bookworm] - linux 6.1.85-1
[buster] - linux <not-affected> (Vulnerable code not present)
NOTE: https://git.kernel.org/linus/037965402a010898d34f4e35327d22c0a95cd51f (6.9-rc3)
NOTE: https://www.openwall.com/lists/oss-security/2024/05/08/1
-CVE-2023-52654 [io_uring/af_unix: disable sending io_uring over sockets]
+CVE-2023-52654 (In the Linux kernel, the following vulnerability has been resolved: i ...)
- linux 6.6.8-1
[bookworm] - linux 6.1.69-1
[bullseye] - linux 5.10.205-1
@@ -463,7 +833,7 @@ CVE-2024-33781 (MP-SPDZ v0.3.8 was discovered to contain a stack overflow via th
NOT-FOR-US: MP-SPDZ
CVE-2024-33780 (MP-SPDZ v0.3.8 was discovered to contain a segmentation violation via ...)
NOT-FOR-US: MP-SPDZ
-CVE-2024-33748 (Cross-site scripting (XSS) vulnerability in the search function in Mvn ...)
+CVE-2024-33748 (Cross-site scripting (XSS) vulnerability in the search function in Mav ...)
NOT-FOR-US: MvnRepository MS Basic
CVE-2024-33434 (An issue in tiagorlampert CHAOS before 1b451cf62582295b7225caf5a7b506f ...)
NOT-FOR-US: tiagorlampert CHAOS
@@ -25167,6 +25537,7 @@ CVE-2024-1597 (pgjdbc, the PostgreSQL JDBC Driver, allows attacker to inject SQL
NOTE: https://github.com/pgjdbc/pgjdbc/commit/b9b3777671c8a5cc580e1985f61337d39d47c730 (REL42.2.28)
NOTE: https://github.com/pgjdbc/pgjdbc/commit/990d63f6be401ab40de5eb303a75924c9e71903c (REL42.2.28)
CVE-2024-1580 (An integer overflow in dav1d AV1 decoder that can occur when decoding ...)
+ {DSA-5686-1}
- dav1d 1.4.0-1 (bug #1064310)
NOTE: https://code.videolan.org/videolan/dav1d/commit/2b475307dc11be9a1c3cc4358102c76a7f386a51 (1.4.0)
NOTE: https://bugs.chromium.org/p/project-zero/issues/detail?id=2502
@@ -74353,8 +74724,8 @@ CVE-2023-29883
RESERVED
CVE-2023-29882
RESERVED
-CVE-2023-29881
- RESERVED
+CVE-2023-29881 (phpok 6.4.003 is vulnerable to SQL injection in the function index_f() ...)
+ TODO: check
CVE-2023-29880
RESERVED
CVE-2023-29879
@@ -146709,24 +147080,24 @@ CVE-2022-32511 (jmespath.rb (aka JMESPath for Ruby) before 1.6.1 uses JSON.load
[bullseye] - ruby-jmespath <no-dsa> (Minor issue)
NOTE: https://github.com/jmespath/jmespath.rb/pull/55
NOTE: https://github.com/jmespath/jmespath.rb/commit/e8841280053a9d9a0c90f36223f926c8b9e4ec49 (v1.6.1)
-CVE-2022-32510
- RESERVED
-CVE-2022-32509
- RESERVED
-CVE-2022-32508
- RESERVED
-CVE-2022-32507
- RESERVED
-CVE-2022-32506
- RESERVED
-CVE-2022-32505
- RESERVED
-CVE-2022-32504
- RESERVED
-CVE-2022-32503
- RESERVED
-CVE-2022-32502
- RESERVED
+CVE-2022-32510 (An issue was discovered on certain Nuki Home Solutions devices. The HT ...)
+ TODO: check
+CVE-2022-32509 (An issue was discovered on certain Nuki Home Solutions devices. Lack o ...)
+ TODO: check
+CVE-2022-32508 (An issue was discovered on certain Nuki Home Solutions devices. By sen ...)
+ TODO: check
+CVE-2022-32507 (An issue was discovered on certain Nuki Home Solutions devices. Some B ...)
+ TODO: check
+CVE-2022-32506 (An issue was discovered on certain Nuki Home Solutions devices. An att ...)
+ TODO: check
+CVE-2022-32505 (An issue was discovered on certain Nuki Home Solutions devices. It is ...)
+ TODO: check
+CVE-2022-32504 (An issue was discovered on certain Nuki Home Solutions devices. The co ...)
+ TODO: check
+CVE-2022-32503 (An issue was discovered on certain Nuki Home Solutions devices. An att ...)
+ TODO: check
+CVE-2022-32502 (An issue was discovered on certain Nuki Home Solutions devices. There ...)
+ TODO: check
CVE-2022-32501
RESERVED
CVE-2022-32500
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/459a3e8ff512e749a6c7fb96b6bd194268e20ce1
--
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/459a3e8ff512e749a6c7fb96b6bd194268e20ce1
You're receiving this email because of your account on salsa.debian.org.
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://alioth-lists.debian.net/pipermail/debian-security-tracker-commits/attachments/20240509/b45fd7e9/attachment-0001.htm>
More information about the debian-security-tracker-commits
mailing list