[Git][security-tracker-team/security-tracker][master] automatic update

Salvatore Bonaccorso (@carnil) carnil at debian.org
Fri May 10 21:12:23 BST 2024 


Salvatore Bonaccorso pushed to branch master at Debian Security Tracker / security-tracker


Commits:
a9933148 by security tracker role at 2024-05-10T20:12:07+00:00
automatic update

- - - - -


1 changed file:

- data/CVE/list


Changes:

=====================================
data/CVE/list
=====================================
@@ -1,4 +1,211 @@
-CVE-2024-4671
+CVE-2024-4735 (A vulnerability has been found in Campcodes Legal Case Management Syst ...)
+	TODO: check
+CVE-2024-4732 (A vulnerability, which was classified as problematic, has been found i ...)
+	TODO: check
+CVE-2024-4731 (A vulnerability classified as problematic was found in Campcodes Legal ...)
+	TODO: check
+CVE-2024-4730 (A vulnerability classified as problematic has been found in Campcodes  ...)
+	TODO: check
+CVE-2024-4729 (A vulnerability was found in Campcodes Legal Case Management System 1. ...)
+	TODO: check
+CVE-2024-4728 (A vulnerability was found in Campcodes Legal Case Management System 1. ...)
+	TODO: check
+CVE-2024-4727 (A vulnerability was found in Campcodes Legal Case Management System 1. ...)
+	TODO: check
+CVE-2024-4726 (A vulnerability was found in Campcodes Legal Case Management System 1. ...)
+	TODO: check
+CVE-2024-4725 (A vulnerability has been found in Campcodes Legal Case Management Syst ...)
+	TODO: check
+CVE-2024-4724 (A vulnerability, which was classified as problematic, was found in Cam ...)
+	TODO: check
+CVE-2024-4723 (A vulnerability, which was classified as problematic, has been found i ...)
+	TODO: check
+CVE-2024-4722 (A vulnerability classified as problematic was found in Campcodes Compl ...)
+	TODO: check
+CVE-2024-4721 (A vulnerability classified as problematic has been found in Campcodes  ...)
+	TODO: check
+CVE-2024-4720 (A vulnerability was found in Campcodes Complete Web-Based School Manag ...)
+	TODO: check
+CVE-2024-4719 (A vulnerability was found in Campcodes Complete Web-Based School Manag ...)
+	TODO: check
+CVE-2024-4718 (A vulnerability was found in Campcodes Complete Web-Based School Manag ...)
+	TODO: check
+CVE-2024-4717 (A vulnerability was found in Campcodes Complete Web-Based School Manag ...)
+	TODO: check
+CVE-2024-4716 (A vulnerability has been found in Campcodes Complete Web-Based School  ...)
+	TODO: check
+CVE-2024-4715 (A vulnerability, which was classified as problematic, was found in Cam ...)
+	TODO: check
+CVE-2024-4714 (A vulnerability, which was classified as problematic, has been found i ...)
+	TODO: check
+CVE-2024-4713 (A vulnerability classified as problematic was found in Campcodes Compl ...)
+	TODO: check
+CVE-2024-4701 (A path traversal issue potentially leading to remote code execution in ...)
+	TODO: check
+CVE-2024-4699 (** UNSUPPORTED WHEN ASSIGNED ** A vulnerability, which was classified  ...)
+	TODO: check
+CVE-2024-4689 (Cross-Site Request Forgery (CSRF) vulnerability in ShortPixel ShortPix ...)
+	TODO: check
+CVE-2024-4688 (A vulnerability classified as problematic was found in Campcodes Compl ...)
+	TODO: check
+CVE-2024-4687 (A vulnerability classified as problematic has been found in Campcodes  ...)
+	TODO: check
+CVE-2024-4686 (A vulnerability was found in Campcodes Complete Web-Based School Manag ...)
+	TODO: check
+CVE-2024-4631
+	REJECTED
+CVE-2024-4490 (The Elegant Themes Divi theme, Extra theme, and Divi Page Builder plug ...)
+	TODO: check
+CVE-2024-4481 (The Gutenberg Blocks with AI by Kadence WP plugin for WordPress is vul ...)
+	TODO: check
+CVE-2024-4449 (The Essential Addons for Elementor \u2013 Best Elementor Templates, Wi ...)
+	TODO: check
+CVE-2024-4448 (The Essential Addons for Elementor \u2013 Best Elementor Templates, Wi ...)
+	TODO: check
+CVE-2024-4444 (The LearnPress \u2013 WordPress LMS Plugin plugin for WordPress is vul ...)
+	TODO: check
+CVE-2024-4434 (The LearnPress \u2013 WordPress LMS Plugin plugin for WordPress is vul ...)
+	TODO: check
+CVE-2024-4398 (The HTML5 Audio Player- Best WordPress Audio Player Plugin plugin for  ...)
+	TODO: check
+CVE-2024-4280 (The White Label CMS plugin for WordPress is vulnerable to unauthorized ...)
+	TODO: check
+CVE-2024-4277 (The LearnPress \u2013 WordPress LMS Plugin plugin for WordPress is vul ...)
+	TODO: check
+CVE-2024-4275 (The Essential Addons for Elementor \u2013 Best Elementor Templates, Wi ...)
+	TODO: check
+CVE-2024-4232 (This vulnerability exists in Digisol Router (DG-GR1321: Hardware versi ...)
+	TODO: check
+CVE-2024-4231 (This vulnerability exists in Digisol Router (DG-GR1321: Hardware versi ...)
+	TODO: check
+CVE-2024-4129 (Improper Authentication vulnerability in Snow Software AB Snow License ...)
+	TODO: check
+CVE-2024-4044 (A deserialization of untrusted data vulnerability exists in common cod ...)
+	TODO: check
+CVE-2024-4039 (The The Orders Tracking for WooCommerce plugin for WordPress for WordP ...)
+	TODO: check
+CVE-2024-3956 (The Pods \u2013 Custom Content Types and Fields plugin for WordPress i ...)
+	TODO: check
+CVE-2024-3941 (The reCAPTCHA Jetpack WordPress plugin through 0.2.2 does not have CSR ...)
+	TODO: check
+CVE-2024-3940 (The reCAPTCHA Jetpack WordPress plugin through 0.2.2 does not have CSR ...)
+	TODO: check
+CVE-2024-3828 (The Spectra Pro plugin for WordPress is vulnerable to privilege escala ...)
+	TODO: check
+CVE-2024-3547 (The Unlimited Elements For Elementor (Free Widgets, Addons, Templates) ...)
+	TODO: check
+CVE-2024-34974 (Tenda AC18 v15.03.05.19 is vulnerable to Buffer Overflow in the formSe ...)
+	TODO: check
+CVE-2024-34946 (Tenda FH1206 V1.2.0.8(8155)_EN was discovered to contain a stack-based ...)
+	TODO: check
+CVE-2024-34945 (Tenda FH1206 V1.2.0.8(8155)_EN was discovered to contain a stack-based ...)
+	TODO: check
+CVE-2024-34944 (Tenda FH1206 V1.2.0.8(8155)_EN was discovered to contain a stack-based ...)
+	TODO: check
+CVE-2024-34943 (Tenda FH1206 V1.2.0.8(8155)_EN was discovered to contain a stack-based ...)
+	TODO: check
+CVE-2024-34942 (Tenda FH1206 V1.2.0.8(8155)_EN was discovered to contain a stack-based ...)
+	TODO: check
+CVE-2024-34828 (Cross-Site Request Forgery (CSRF) vulnerability in Andy Moyle Church A ...)
+	TODO: check
+CVE-2024-34827 (Cross-Site Request Forgery (CSRF) vulnerability in Cozmoslabs, Razvan  ...)
+	TODO: check
+CVE-2024-34825 (Cross-Site Request Forgery (CSRF) vulnerability in Warfare Plugins Soc ...)
+	TODO: check
+CVE-2024-34823 (Cross-Site Request Forgery (CSRF) vulnerability in Kiboko Labs Arigato ...)
+	TODO: check
+CVE-2024-34818 (Cross-Site Request Forgery (CSRF) vulnerability in WebinarPress.This i ...)
+	TODO: check
+CVE-2024-34817 (Cross-Site Request Forgery (CSRF) vulnerability in CRM Perks Integrati ...)
+	TODO: check
+CVE-2024-34816 (Cross-Site Request Forgery (CSRF) vulnerability in Revmakx WPCal.Io \u ...)
+	TODO: check
+CVE-2024-34814 (Cross-Site Request Forgery (CSRF) vulnerability in ThemeFuse Unyson.Th ...)
+	TODO: check
+CVE-2024-34695 (WOWS Karma is a reputation system for Wargaming's World of Warships. A ...)
+	TODO: check
+CVE-2024-34360 (go-spacemesh is a Go implementation of the Spacemesh protocol full nod ...)
+	TODO: check
+CVE-2024-34359 (llama-cpp-python is the Python bindings for llama.cpp. `llama-cpp-pyth ...)
+	TODO: check
+CVE-2024-34349 (Sylius is an open source eCommerce platform. Prior to 1.12.16 and 1.13 ...)
+	TODO: check
+CVE-2024-34310 (Jin Fang Times Content Management System v3.2.3 was discovered to cont ...)
+	TODO: check
+CVE-2024-34245 (An arbitrary file read vulnerability in DedeCMS v5.7.114 allows authen ...)
+	TODO: check
+CVE-2024-34199 (TinyWeb 1.94 and below allows unauthenticated remote attackers to caus ...)
+	TODO: check
+CVE-2024-34079 (octo-sts is a GitHub App that acts like a Security Token Service (STS) ...)
+	TODO: check
+CVE-2024-34070 (Froxlor is open source server administration software. Prior to 2.1.9, ...)
+	TODO: check
+CVE-2024-33819 (Globitel KSA SpeechLog v8.1 was discovered to contain a stored cross-s ...)
+	TODO: check
+CVE-2024-33818 (Globitel KSA SpeechLog v8.1 was discovered to contain an Insecure Dire ...)
+	TODO: check
+CVE-2024-33774 (A buffer overflow vulnerability in /bin/boa on D-Link DIR-619L Rev.B 2 ...)
+	TODO: check
+CVE-2024-33773 (A buffer overflow vulnerability in /bin/boa on D-Link DIR-619L Rev.B 2 ...)
+	TODO: check
+CVE-2024-33772 (A buffer overflow vulnerability in /bin/boa on D-Link DIR-619L Rev.B 2 ...)
+	TODO: check
+CVE-2024-33771 (A buffer overflow vulnerability in /bin/boa on D-Link DIR-619L Rev.B 2 ...)
+	TODO: check
+CVE-2024-32985 (Stellar-core is a reference implementation for the peer-to-peer agent  ...)
+	TODO: check
+CVE-2024-32964 (Lobe Chat is a chatbot framework that supports speech synthesis, multi ...)
+	TODO: check
+CVE-2024-32776 (Missing Authorization vulnerability in AppPresser Team AppPresser.This ...)
+	TODO: check
+CVE-2024-31441 (DataEase is an open source data visualization analysis tool. Due to th ...)
+	TODO: check
+CVE-2024-31113 (Cross-Site Request Forgery (CSRF) vulnerability in Easy Digital Downlo ...)
+	TODO: check
+CVE-2024-30802 (An issue in Vehicle Management System 7.31.0.3_20230412 allows an atta ...)
+	TODO: check
+CVE-2024-30801 (SQL Injection vulnerability in Cloud based customer service management ...)
+	TODO: check
+CVE-2024-30055 (Microsoft Edge (Chromium-based) Spoofing Vulnerability)
+	TODO: check
+CVE-2024-2749 (The VikBooking Hotel Booking Engine & PMS WordPress plugin before 1.6. ...)
+	TODO: check
+CVE-2024-2662 (The Unlimited Elements For Elementor (Free Widgets, Addons, Templates) ...)
+	TODO: check
+CVE-2024-2441 (The VikBooking Hotel Booking Engine & PMS WordPress plugin before 1.6. ...)
+	TODO: check
+CVE-2024-2257 (This vulnerability exists in Digisol Router (DG-GR1321: Hardware versi ...)
+	TODO: check
+CVE-2024-28781 (IBM UrbanCode Deploy (UCD) 7.0 through 7.0.5.20, 7.1 through 7.1.2.16, ...)
+	TODO: check
+CVE-2024-27269 (IBM QRadar SIEM 7.5 could allow a privileged user to configure user ma ...)
+	TODO: check
+CVE-2024-22345 (IBM TXSeries for Multiplatforms 8.2 transmits or stores authentication ...)
+	TODO: check
+CVE-2024-22344 (IBM TXSeries for Multiplatforms 8.2 is vulnerable to HTML injection. A ...)
+	TODO: check
+CVE-2024-22343 (IBM TXSeries for Multiplatforms 8.2 allows web pages to be stored loca ...)
+	TODO: check
+CVE-2024-22064 (ZTE ZXUN-ePDG product, which serves as the network node of the VoWifi  ...)
+	TODO: check
+CVE-2024-0100 (NVIDIA Triton Inference Server for Linux contains a vulnerability in t ...)
+	TODO: check
+CVE-2024-0098 (NVIDIA ChatRTX for Windows contains a vulnerability in the ChatRTX UI  ...)
+	TODO: check
+CVE-2024-0097 (NVIDIA ChatRTX for Windows contains a vulnerability in ChatRTX UI, whe ...)
+	TODO: check
+CVE-2024-0096 (NVIDIA ChatRTX for Windows contains a vulnerability in Chat RTX UI, wh ...)
+	TODO: check
+CVE-2024-0088 (NVIDIA Triton Inference Server for Linux contains a vulnerability in s ...)
+	TODO: check
+CVE-2024-0087 (NVIDIA Triton Inference Server for Linux contains a vulnerability wher ...)
+	TODO: check
+CVE-2023-38264 (The IBM SDK, Java Technology Edition's Object Request Broker (ORB) 7.1 ...)
+	TODO: check
+CVE-2023-37526 (HCL DRYiCE Lucy (now AEX) is affected by a Cross Origin Resource Shari ...)
+	TODO: check
+CVE-2024-4671 (Use after free in Visuals in Google Chrome prior to 124.0.6367.201 all ...)
+	{DSA-5687-1}
 	- chromium 124.0.6367.201-1
 	[bullseye] - chromium <end-of-life> (see #1061268)
 	[buster] - chromium <end-of-life> (see DSA 5046)
@@ -288,7 +495,7 @@ CVE-2024-32717 (Missing Authorization vulnerability in WPDeveloper SchedulePress
 	NOT-FOR-US: WordPress plugin
 CVE-2024-32712 (Missing Authorization vulnerability in Podlove Podlove Podcast Publish ...)
 	NOT-FOR-US: WordPress plugin
-CVE-2024-32655 (Npgsql is the .NET data provider for PostgreSQL. In 8.0.2 and earlier, ...)
+CVE-2024-32655 (Npgsql is the .NET data provider for PostgreSQL. The `WriteBind()` met ...)
 	- npgsql <unfixed> (bug #1070859)
 	NOTE: https://github.com/npgsql/npgsql/security/advisories/GHSA-x9vc-6hfv-hg8c
 	NOTE: https://github.com/npgsql/npgsql/commit/f7e7ead0702d776a8f551f5786c4cac2d65c4bc6
@@ -481,7 +688,7 @@ CVE-2024-33655
 	- unbound 1.20.0-1
 	NOTE: https://nlnetlabs.nl/downloads/unbound/CVE-2024-33655.txt
 	NOTE: Fixed by: https://github.com/NLnetLabs/unbound/commit/c3206f4568f60c486be6d165b1f2b5b254fea3de (release-1.20.0rc1)
-CVE-2024-4693 [virtio-pci: fix use of a released vector]
+CVE-2024-4693 (A flaw was found in the QEMU Virtio PCI Bindings (hw/virtio/virtio-pci ...)
 	- qemu 1:8.2.3+ds-1
 	[bookworm] - qemu <not-affected> (Vulnerable code not present)
 	[bullseye] - qemu <not-affected> (Vulnerable code not present)
@@ -1484,7 +1691,8 @@ CVE-2024-4501 (A vulnerability was found in Ruijie RG-UAC up to 20240428. It has
 	NOT-FOR-US: Ruijie RG-UAC
 CVE-2024-4500 (A vulnerability was found in SourceCodester Prison Management System 1 ...)
 	NOT-FOR-US: SourceCodester Prison Management System
-CVE-2024-34511 (Component Server in Gradio before 4.13 does not properly consider _is_ ...)
+CVE-2024-34511
+	REJECTED
 	NOT-FOR-US: Gradio
 CVE-2024-34510 (Gradio before 4.20 allows credential leakage on Windows.)
 	NOT-FOR-US: Gradio
@@ -25645,6 +25853,7 @@ CVE-2024-25623 (Mastodon is a free, open-source social network server based on A
 CVE-2024-1633 (During the secure boot, bl2 (the second stage of the bootloader) loops ...)
 	NOT-FOR-US: Renesas
 CVE-2024-1597 (pgjdbc, the PostgreSQL JDBC Driver, allows attacker to inject SQL if u ...)
+	{DLA-3812-1}
 	- libpgjava 42.7.2-1
 	NOTE: https://github.com/pgjdbc/pgjdbc/security/advisories/GHSA-24rp-q3w6-vc56
 	NOTE: https://github.com/pgjdbc/pgjdbc/commit/93b0fcb2711d9c1e3a2a03134369738a02a58b40 (REL42.7.2)
@@ -84588,7 +84797,7 @@ CVE-2023-26865 (SQL injection vulnerability found in PrestaShop bdroppy v.2.2.12
 CVE-2023-26864 (SQL injection vulnerability found in PrestaShop smplredirectionsmanage ...)
 	NOT-FOR-US: PrestaShop
 CVE-2023-26863
-	RESERVED
+	REJECTED
 CVE-2023-26862
 	RESERVED
 CVE-2023-26861 (SQL injection vulnerability found in PrestaShop vivawallet v.1.7.10 an ...)
@@ -85194,8 +85403,8 @@ CVE-2023-26568 (Unauthenticated SQL injection in the GetStudentGroupStudents met
 	NOT-FOR-US: IDAttend's IDWeb application
 CVE-2023-26567 (Sangoma FreePBX 1805 through 2302 (when obtained as a ,.ISO file) plac ...)
 	NOT-FOR-US: Sangoma
-CVE-2023-26566
-	RESERVED
+CVE-2023-26566 (Sangoma FreePBX 1805 through 2203 on Linux contains hardcoded credenti ...)
+	TODO: check
 CVE-2023-26565
 	RESERVED
 CVE-2023-26564 (The Syncfusion EJ2 ASPCore File Provider 3ac357f is vulnerable to Mode ...)
@@ -85324,7 +85533,7 @@ CVE-2022-48347 (The MediaProvider module has a vulnerability in permission verif
 CVE-2022-48346 (The HwContacts module has a logic bypass vulnerability. Successful exp ...)
 	NOT-FOR-US: Huawei
 CVE-2020-36662
-	RESERVED
+	REJECTED
 CVE-2015-10087 (** UNSUPPORTED WHEN ASSIGNED ** A vulnerability has been found in UpTh ...)
 	NOT-FOR-US: WordPress theme
 CVE-2015-10086 (A vulnerability, which was classified as critical, was found in OpenCy ...)
@@ -357837,7 +358046,7 @@ CVE-2019-11841 (A message-forgery issue was discovered in crypto/openpgp/clearsi
 	NOTE: but not the first ("ignores the value of [the Hash] header"), as hinted at reporter's 2019-05-09 note:
 	NOTE: https://packetstormsecurity.com/files/152840/Go-Cryptography-Libraries-Cleartext-Message-Spoofing.html
 	NOTE: Upstream feels that this is not a security issue. See https://github.com/golang/go/issues/41200.
-CVE-2019-11840 (An issue was discovered in supplementary Go cryptography libraries, ak ...)
+CVE-2019-11840 (An issue was discovered in the supplementary Go cryptography library,  ...)
 	{DLA-3455-1 DLA-2527-1 DLA-2454-1 DLA-2442-1 DLA-2402-1 DLA-1840-1}
 	- golang-go.crypto 1:0.0~git20200221.2aa609c-1
 	NOTE: https://github.com/golang/go/issues/30965



View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/a99331481204219911ad16f138e64932bd0036a0

-- 
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/a99331481204219911ad16f138e64932bd0036a0
You're receiving this email because of your account on salsa.debian.org.


-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://alioth-lists.debian.net/pipermail/debian-security-tracker-commits/attachments/20240510/85c58e48/attachment.htm>

More information about the debian-security-tracker-commits mailing list