[Git][security-tracker-team/security-tracker][master] automatic update
Salvatore Bonaccorso (@carnil)
carnil at debian.org
Wed May 15 21:12:18 BST 2024
Salvatore Bonaccorso pushed to branch master at Debian Security Tracker / security-tracker
Commits:
112e76f2 by security tracker role at 2024-05-15T20:11:59+00:00
automatic update
- - - - -
1 changed file:
- data/CVE/list
Changes:
=====================================
data/CVE/list
=====================================
@@ -1,3 +1,175 @@
+CVE-2024-4910 (A vulnerability was found in Campcodes Complete Web-Based School Manag ...)
+ TODO: check
+CVE-2024-4909 (A vulnerability was found in Campcodes Complete Web-Based School Manag ...)
+ TODO: check
+CVE-2024-4908 (A vulnerability was found in Campcodes Complete Web-Based School Manag ...)
+ TODO: check
+CVE-2024-4907 (A vulnerability has been found in Campcodes Complete Web-Based School ...)
+ TODO: check
+CVE-2024-4906 (A vulnerability, which was classified as critical, was found in Campco ...)
+ TODO: check
+CVE-2024-4905 (A vulnerability classified as critical has been found in Kashipara Col ...)
+ TODO: check
+CVE-2024-4904 (A vulnerability was found in Byzoro Smart S200 Management Platform up ...)
+ TODO: check
+CVE-2024-4903 (A vulnerability was found in Tongda OA 2017. It has been declared as c ...)
+ TODO: check
+CVE-2024-4837 (In Progress Telerik Report Server, version 2024 Q1 (10.0.24.305) or ea ...)
+ TODO: check
+CVE-2024-4702 (The Mega Elements plugin for WordPress is vulnerable to Stored Cross-S ...)
+ TODO: check
+CVE-2024-4670 (The All-in-One Video Gallery plugin for WordPress is vulnerable to Loc ...)
+ TODO: check
+CVE-2024-4622 (If misconfigured, alpitronic Hypercharger EV charging devices can expo ...)
+ TODO: check
+CVE-2024-4357 (An information disclosure vulnerability exists in Progress Telerik Rep ...)
+ TODO: check
+CVE-2024-4202 (In Progress\xae Telerik\xae Reporting versions prior to 2024 Q2 (18.1. ...)
+ TODO: check
+CVE-2024-4200 (In Progress\xae Telerik\xae Reporting versions prior to 2024 Q2 (18.1. ...)
+ TODO: check
+CVE-2024-4010 (The Email Subscribers by Icegram Express plugin for WordPress is vulne ...)
+ TODO: check
+CVE-2024-3970 (Server Side Request Forgery vulnerabilityhas been discovered in OpenTe ...)
+ TODO: check
+CVE-2024-3968 (Remote Code Execution has been discovered in OpenText\u2122 iManager 3 ...)
+ TODO: check
+CVE-2024-3967 (Remote Code Execution has been discovered in OpenText\u2122 iManager 3 ...)
+ TODO: check
+CVE-2024-3892 (A local code execution vulnerability is possible in Telerik UI for Win ...)
+ TODO: check
+CVE-2024-3488 (File Upload vulnerability in unauthenticated session found in OpenText ...)
+ TODO: check
+CVE-2024-3487 (Broken Authentication vulnerability discovered in OpenText\u2122 iMana ...)
+ TODO: check
+CVE-2024-3486 (XML External Entity injection vulnerability foundin OpenText\u2122 iMa ...)
+ TODO: check
+CVE-2024-3485 (Server Side Request Forgery vulnerabilityhas been discovered in OpenTe ...)
+ TODO: check
+CVE-2024-3484 (Path Traversal foundin OpenText\u2122 iManager 3.2.6.0200. This can le ...)
+ TODO: check
+CVE-2024-3483 (Remote Code Execution has been discovered in OpenText\u2122 iManager 3 ...)
+ TODO: check
+CVE-2024-3319 (An issue was identified in the Identity Security Cloud (ISC) Transform ...)
+ TODO: check
+CVE-2024-3318 (A file path traversal vulnerability was identified in the DelimitedFil ...)
+ TODO: check
+CVE-2024-3317 (An improper access control was identified in the Identity Security Clo ...)
+ TODO: check
+CVE-2024-3182 (Install-type password disclosure vulnerability inUniversal Installer i ...)
+ TODO: check
+CVE-2024-35179 (Stalwart Mail Server is an open-source mail server. Prior to version 0 ...)
+ TODO: check
+CVE-2024-35102 (Insecure Permissions vulnerability in VITEC AvediaServer (Model avsrv- ...)
+ TODO: check
+CVE-2024-34955 (Code-projects Budget Management 1.0 is vulnerable to SQL Injection via ...)
+ TODO: check
+CVE-2024-34954 (Code-projects Budget Management 1.0 is vulnerable to Cross Site Script ...)
+ TODO: check
+CVE-2024-34913 (An arbitrary file upload vulnerability in r-pan-scaffolding v5.0 and b ...)
+ TODO: check
+CVE-2024-34909 (An arbitrary file upload vulnerability in KYKMS v1.0.1 and below allow ...)
+ TODO: check
+CVE-2024-34906 (An arbitrary file upload vulnerability in dootask v0.30.13 allows atta ...)
+ TODO: check
+CVE-2024-34101 (Acrobat Reader versions 20.005.30574, 24.002.20736 and earlier Answer: ...)
+ TODO: check
+CVE-2024-34100 (Acrobat Reader versions 20.005.30574, 24.002.20736 and earlier are aff ...)
+ TODO: check
+CVE-2024-34099 (Acrobat Reader versions 20.005.30574, 24.002.20736 and earlier are aff ...)
+ TODO: check
+CVE-2024-34098 (Acrobat Reader versions 20.005.30574, 24.002.20736 and earlier are aff ...)
+ TODO: check
+CVE-2024-34097 (Acrobat Reader versions 20.005.30574, 24.002.20736 and earlier are aff ...)
+ TODO: check
+CVE-2024-34096 (Acrobat Reader versions 20.005.30574, 24.002.20736 and earlier are aff ...)
+ TODO: check
+CVE-2024-34095 (Acrobat Reader versions 20.005.30574, 24.002.20736 and earlier are aff ...)
+ TODO: check
+CVE-2024-34094 (Acrobat Reader versions 20.005.30574, 24.002.20736 and earlier are aff ...)
+ TODO: check
+CVE-2024-34082 (Grav is a file-based Web platform. Prior to version 1.7.46, a low priv ...)
+ TODO: check
+CVE-2024-34025 (CyberPower PowerPanel business application code contains a hard-coded ...)
+ TODO: check
+CVE-2024-33625 (CyberPower PowerPanel business application code contains a hard-coded ...)
+ TODO: check
+CVE-2024-33615 (A specially crafted Zip file containing path traversal characters can ...)
+ TODO: check
+CVE-2024-32053 (Hard-coded credentials are used by the CyberPower PowerPanel platfo ...)
+ TODO: check
+CVE-2024-32047 (Hard-coded credentials for the CyberPower PowerPanel test server can ...)
+ TODO: check
+CVE-2024-32042 (The key used to encrypt passwords stored in the database can be found ...)
+ TODO: check
+CVE-2024-31856 (An attacker with certain MQTT permissions can create malicious message ...)
+ TODO: check
+CVE-2024-31410 (The devices which CyberPower PowerPanel manages use identical certific ...)
+ TODO: check
+CVE-2024-31409 (Certain MQTT wildcards are not blocked on the CyberPower PowerPanel ...)
+ TODO: check
+CVE-2024-31216 (The source-controller is a Kubernetes operator, specialised in artifac ...)
+ TODO: check
+CVE-2024-30312 (Acrobat Reader versions 20.005.30574, 24.002.20736 and earlier Answer: ...)
+ TODO: check
+CVE-2024-30311 (Acrobat Reader versions 20.005.30574, 24.002.20736 and earlier Answer: ...)
+ TODO: check
+CVE-2024-30310 (Acrobat Reader versions 20.005.30574, 24.002.20736 and earlier are aff ...)
+ TODO: check
+CVE-2024-30284 (Acrobat Reader versions 20.005.30574, 24.002.20736 and earlier are aff ...)
+ TODO: check
+CVE-2024-2248 (A Header Injection vulnerability in the JFrog platform in versions bel ...)
+ TODO: check
+CVE-2024-28087 (In Bonitasoft runtime Community edition, the lack of dynamic permissio ...)
+ TODO: check
+CVE-2024-28042 (SUBNET Solutions Inc. has identified vulnerabilities in third-party co ...)
+ TODO: check
+CVE-2024-27593 (A stored cross-site scripting (XSS) vulnerability in the Filter functi ...)
+ TODO: check
+CVE-2024-27353 (A memory corruption vulnerability in SdHost and SdMmcDevice in Insyde ...)
+ TODO: check
+CVE-2024-25079 (A memory corruption vulnerability in HddPassword in Insyde InsydeH2O k ...)
+ TODO: check
+CVE-2024-25078 (A memory corruption vulnerability in StorageSecurityCommandDxe in Insy ...)
+ TODO: check
+CVE-2024-20394 (A vulnerability in Cisco AppDynamics Network Visibility Agent could al ...)
+ TODO: check
+CVE-2024-20392 (A vulnerability in the web-based management API of Cisco AsyncOS Softw ...)
+ TODO: check
+CVE-2024-20391 (A vulnerability in the Network Access Manager (NAM) module of Cisco Se ...)
+ TODO: check
+CVE-2024-20383 (A vulnerability in the Cisco Crosswork NSO CLI and the ConfD CLI could ...)
+ TODO: check
+CVE-2024-20369 (A vulnerability in the web-based management interface of Cisco Crosswo ...)
+ TODO: check
+CVE-2024-20366 (A vulnerability in the Tail-f High Availability Cluster Communications ...)
+ TODO: check
+CVE-2024-20258 (A vulnerability in the web-based management interface of Cisco AsyncOS ...)
+ TODO: check
+CVE-2024-20257 (A vulnerability in the web-based management interface of Cisco AsyncOS ...)
+ TODO: check
+CVE-2024-20256 (A vulnerability in the web-based management interface of Cisco AsyncOS ...)
+ TODO: check
+CVE-2023-7258 (A denial of service exists in Gvisor Sandbox where a bug in reference ...)
+ TODO: check
+CVE-2023-6324 (ThroughTek Kalay SDK uses a predictable PSK value in the DTLS session ...)
+ TODO: check
+CVE-2023-6323 (ThroughTek Kalay SDK does not verify the authenticity of received mess ...)
+ TODO: check
+CVE-2023-6322 (A stack-based buffer overflow vulnerability exists in the message pars ...)
+ TODO: check
+CVE-2023-6321 (A command injection vulnerability exists in the IOCTL that manages OTA ...)
+ TODO: check
+CVE-2023-5938 (Multiple functions use archives without properly validating the filena ...)
+ TODO: check
+CVE-2023-5937 (On Windows systems, the Arc configuration files resulted to be world-r ...)
+ TODO: check
+CVE-2023-5936 (On Unix systems (Linux, MacOS), Arc uses a temporary file with unsafe ...)
+ TODO: check
+CVE-2023-5935 (When configuring Arc (e.g. during the first setup), a local web interf ...)
+ TODO: check
+CVE-2023-40297 (Stakater Forecastle 1.0.139 and before allows %5C../ directory travers ...)
+ TODO: check
CVE-2024-4894 (ITPison OMICARD EDM fails to properly filter specific URL parameter, ...)
NOT-FOR-US: ITPison OMICARD EDM
CVE-2024-4893 (DigiWin EasyFlow .NET lacks validation for certain input parameters, a ...)
@@ -109,6 +281,7 @@ CVE-2024-0437 (The Password Protected \u2013 Ultimate Plugin to Password Protect
CVE-2023-33327 (Improper Privilege Management vulnerability in Teplitsa of social tech ...)
TODO: check
CVE-2024-3044 (Unchecked script execution in Graphic on-click binding in affected Lib ...)
+ {DSA-5690-1}
- libreoffice 4:24.2.3~rc1-2
NOTE: https://www.libreoffice.org/about-us/security/advisories/cve-2024-3044/
CVE-2024-4871 (A vulnerability was found in Satellite. When running a remote executio ...)
@@ -527,6 +700,7 @@ CVE-2024-4778 (Memory safety bugs present in Firefox 125. Some of these bugs sho
- firefox 126.0-1
NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2024-21/#CVE-2024-4778
CVE-2024-4777 (Memory safety bugs present in Firefox 125, Firefox ESR 115.10, and Thu ...)
+ {DSA-5691-1}
- firefox 126.0-1
- firefox-esr 115.11.0esr-1
- thunderbird 1:115.11.0-1
@@ -552,6 +726,7 @@ CVE-2024-4771 (A memory allocation check was missing which would lead to a use-a
- firefox 126.0-1
NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2024-21/#CVE-2024-4771
CVE-2024-4770 (When saving a page to PDF, certain font styles could have led to a pot ...)
+ {DSA-5691-1}
- firefox 126.0-1
- firefox-esr 115.11.0esr-1
- thunderbird 1:115.11.0-1
@@ -559,6 +734,7 @@ CVE-2024-4770 (When saving a page to PDF, certain font styles could have led to
NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2024-22/#CVE-2024-4770
NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2024-23/#CVE-2024-4769
CVE-2024-4769 (When importing resources using Web Workers, error messages would disti ...)
+ {DSA-5691-1}
- firefox 126.0-1
- firefox-esr 115.11.0esr-1
- thunderbird 1:115.11.0-1
@@ -566,6 +742,7 @@ CVE-2024-4769 (When importing resources using Web Workers, error messages would
NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2024-22/#CVE-2024-4769
NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2024-23/#CVE-2024-4769
CVE-2024-4768 (A bug in popup notifications' interaction with WebAuthn made it easier ...)
+ {DSA-5691-1}
- firefox 126.0-1
- firefox-esr 115.11.0esr-1
- thunderbird 1:115.11.0-1
@@ -573,6 +750,7 @@ CVE-2024-4768 (A bug in popup notifications' interaction with WebAuthn made it e
NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2024-22/#CVE-2024-4768
NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2024-23/#CVE-2024-4768
CVE-2024-4767 (If the `browser.privatebrowsing.autostart` preference is enabled, Inde ...)
+ {DSA-5691-1}
- firefox 126.0-1
- firefox-esr 115.11.0esr-1
- thunderbird 1:115.11.0-1
@@ -586,6 +764,7 @@ CVE-2024-4765 (Web application manifests were stored by using an insecure MD5 ha
- firefox <not-affected> (Android-specific)
NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2024-21/#CVE-2024-4765
CVE-2024-4367 (A type check was missing when handling fonts in PDF.js, which would al ...)
+ {DSA-5691-1}
- firefox 126.0-1
- firefox-esr 115.11.0esr-1
- thunderbird 1:115.11.0-1
@@ -724,6 +903,7 @@ CVE-2024-0870 (The YITH WooCommerce Gift Cards plugin for WordPress is vulnerabl
CVE-2023-6812 (The WP Compress \u2013 Image Optimizer [All-In-One plugin for WordPres ...)
NOT-FOR-US: WordPress plugin
CVE-2024-4761 (Out of bounds write in V8 in Google Chrome prior to 124.0.6367.207 all ...)
+ {DSA-5689-1}
- chromium 124.0.6367.207-1
[bullseye] - chromium <end-of-life> (see #1061268)
[buster] - chromium <end-of-life> (see DSA 5046)
@@ -1858,21 +2038,25 @@ CVE-2023-6682 (An issue has been discovered in GitLab CE/EE affecting all versio
CVE-2023-5971 (The Save as PDF Plugin by Pdfcrowd WordPress plugin before 3.2.0 does ...)
NOT-FOR-US: WordPress plugin
CVE-2024-29510
+ {DSA-5692-1}
- ghostscript <unfixed>
NOTE: https://ghostscript.readthedocs.io/en/gs10.03.1/News.html
NOTE: https://cgit.ghostscript.com/cgi-bin/cgit.cgi/ghostpdl.git/commit/?id=3b1735085ecef20b29e8db3416ab36de93e86d1f (ghostpdl-10.03.1)
NOTE: https://bugs.ghostscript.com/show_bug.cgi?id=707662
CVE-2024-33871
+ {DSA-5692-1}
- ghostscript <unfixed>
NOTE: https://ghostscript.readthedocs.io/en/gs10.03.1/News.html
NOTE: https://cgit.ghostscript.com/cgi-bin/cgit.cgi/ghostpdl.git/commit/?id=7145885041bb52cc23964f0aa2aec1b1c82b5908 (ghostpdl-10.03.1)
NOTE: https://bugs.ghostscript.com/show_bug.cgi?id=707754
CVE-2024-33870
+ {DSA-5692-1}
- ghostscript <unfixed>
NOTE: https://ghostscript.readthedocs.io/en/gs10.03.1/News.html
NOTE: https://cgit.ghostscript.com/cgi-bin/cgit.cgi/ghostpdl.git/commit/?id=79aef19c685984dc3da2dc090450407d9fbcff80 (ghostpdl-10.03.1)
NOTE: https://bugs.ghostscript.com/show_bug.cgi?id=707686
CVE-2024-33869
+ {DSA-5692-1}
- ghostscript <unfixed>
NOTE: https://ghostscript.readthedocs.io/en/gs10.03.1/News.html
NOTE: https://cgit.ghostscript.com/cgi-bin/cgit.cgi/ghostpdl.git/commit/?id=5ae2e320d69a7d0973011796bd388cd5befa1a43 (ghostpdl-10.03.1)
@@ -6563,6 +6747,7 @@ CVE-2024-33851 (phpecc, as used in paragonie/phpecc before 2.0.1, has a branch-b
CVE-2024-25050 (IBM i 7.2, 7.3, 7.4, 7.5 and IBM Rational Development Studio for i 7.2 ...)
NOT-FOR-US: IBM
CVE-2023-52722 (An issue was discovered in Artifex Ghostscript through 10.01.0. psi/zm ...)
+ {DSA-5692-1}
- ghostscript 10.02.0~dfsg-1
NOTE: https://cgit.ghostscript.com/cgi-bin/cgit.cgi/ghostpdl.git/commit/?id=afd7188f74918cb51b5fb89f52b54eb16e8acfd1 (ghostpdl-10.03.0rc1)
NOTE: https://cgit.ghostscript.com/cgi-bin/cgit.cgi/ghostpdl.git/commit/?id=1ff9a695947967d2d327c45bf5145dd381fc1745 (ghostpdl-10.02.0)
@@ -12740,7 +12925,7 @@ CVE-2024-0083 (NVIDIA ChatRTX for Windows contains a vulnerability in the UI, wh
NOT-FOR-US: NVIDIA ChatRTX
CVE-2024-0082 (NVIDIA ChatRTX for Windows contains a vulnerability in the UI, where a ...)
NOT-FOR-US: NVIDIA ChatRTX
-CVE-2024-25743
+CVE-2024-25743 (In the Linux kernel through 6.7.2, an untrusted hypervisor can inject ...)
- linux <unfixed>
NOTE: https://www.amd.com/en/resources/product-security/bulletin/amd-sb-3008.html
CVE-2024-25742
@@ -44700,7 +44885,7 @@ CVE-2023-6038 (A Local File Inclusion (LFI) vulnerability exists in the h2o-3 RE
NOT-FOR-US: H2O (h2ai) (not the same as src:h2o)
CVE-2023-6023 (An attacker can read any file on the filesystem on the server hosting ...)
NOT-FOR-US: ModelDB
-CVE-2023-6022 (An attacker is able to steal secrets and potentially gain remote code ...)
+CVE-2023-6022 (Cross-Site Request Forgery (CSRF) in GitHub repository prefecthq/prefe ...)
NOT-FOR-US: Prefect
CVE-2023-6021 (LFI in Ray's log API endpoint allows attackers to read any file on the ...)
NOT-FOR-US: Ray's log API endpoint
@@ -94111,7 +94296,7 @@ CVE-2023-24165 (Tenda AC18 V15.03.05.19 is vulnerable to Buffer Overflow via /go
NOT-FOR-US: Tenda
CVE-2023-24164 (Tenda AC18 V15.03.05.19 is vulnerable to Buffer Overflow via /goform/F ...)
NOT-FOR-US: Tenda
-CVE-2023-24163 (SQL Inection vulnerability in Dromara hutool v5.8.11 allows attacker t ...)
+CVE-2023-24163 (SQL Inection vulnerability in Dromara hutool before 5.8.21 allows atta ...)
NOT-FOR-US: Dromara hutool
CVE-2023-24162 (Deserialization vulnerability in Dromara Hutool v5.8.11 allows attacke ...)
NOT-FOR-US: Dromara hutool
@@ -277154,7 +277339,8 @@ CVE-2020-23066
NOTE: Duplicate CVE of CVE-2020-17480
CVE-2020-23065 (Cross Site Scripting vulnerabiltiy in eZ Systems AS eZPublish Platform ...)
NOT-FOR-US: eZ Systems AS eZPublish
-CVE-2020-23064 (Cross Site Scripting vulnerability in jQuery 2.2.0 through 3.x before ...)
+CVE-2020-23064
+ REJECTED
- jquery <removed>
[buster] - jquery <ignored> (Fix possibly breaks existing applications)
NOTE: https://snyk.io/vuln/SNYK-JS-JQUERY-565129
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/112e76f234097ac1c79ea519aab122754064d4d3
--
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/112e76f234097ac1c79ea519aab122754064d4d3
You're receiving this email because of your account on salsa.debian.org.
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://alioth-lists.debian.net/pipermail/debian-security-tracker-commits/attachments/20240515/47302837/attachment-0001.htm>
More information about the debian-security-tracker-commits
mailing list