[Git][security-tracker-team/security-tracker][master] automatic update
Salvatore Bonaccorso (@carnil)
carnil at debian.org
Thu May 23 21:12:14 BST 2024
Salvatore Bonaccorso pushed to branch master at Debian Security Tracker / security-tracker
Commits:
def2256a by security tracker role at 2024-05-23T20:11:54+00:00
automatic update
- - - - -
1 changed file:
- data/CVE/list
Changes:
=====================================
data/CVE/list
=====================================
@@ -1,3 +1,113 @@
+CVE-2024-5264 (Network Transfer with AES KHT in Thales Luna EFT 2.1 and above allows ...)
+ TODO: check
+CVE-2024-5258 (An authorization vulnerability exists within GitLab from versions 16.1 ...)
+ TODO: check
+CVE-2024-5202 (Arbitrary File Readin OpenText Dimensions RM allowsauthenticated users ...)
+ TODO: check
+CVE-2024-5201 (Privilege Escalationin OpenText Dimensions RM allows an authenticated ...)
+ TODO: check
+CVE-2024-5168 (Improper access control vulnerability in Prodys' Quantum Audio codec a ...)
+ TODO: check
+CVE-2024-5165 (In Eclipse Ditto versions 3.0.0 to 3.5.5, the user input of several in ...)
+ TODO: check
+CVE-2024-5143 (A user with device administrative privileges can change existing SMTP ...)
+ TODO: check
+CVE-2024-5085 (The Hash Form \u2013 Drag & Drop Form Builder plugin for WordPress is ...)
+ TODO: check
+CVE-2024-5084 (The Hash Form \u2013 Drag & Drop Form Builder plugin for WordPress is ...)
+ TODO: check
+CVE-2024-4779 (The Unlimited Elements For Elementor (Free Widgets, Addons, Templates) ...)
+ TODO: check
+CVE-2024-4575 (The LayerSlider plugin for WordPress is vulnerable to Stored Cross-Sit ...)
+ TODO: check
+CVE-2024-4471 (The 140+ Widgets | Best Addons For Elementor \u2013 FREE for WordPress ...)
+ TODO: check
+CVE-2024-4378 (The Premium Addons for Elementor plugin for WordPress is vulnerable to ...)
+ TODO: check
+CVE-2024-4365 (The Advanced iFrame plugin for WordPress is vulnerable to Stored Cross ...)
+ TODO: check
+CVE-2024-3997 (The Prime Slider \u2013 Addons For Elementor (Revolution of a slider, ...)
+ TODO: check
+CVE-2024-35570 (An arbitrary file upload vulnerability in the component \controller\Im ...)
+ TODO: check
+CVE-2024-35375 (There is an arbitrary file upload vulnerability on the media add .php ...)
+ TODO: check
+CVE-2024-35224 (OpenProject is the leading open source project management software. Op ...)
+ TODO: check
+CVE-2024-35223 (Dapr is a portable, event-driven, runtime for building distributed app ...)
+ TODO: check
+CVE-2024-35222 (Tauri is a framework for building binaries for all major desktop platf ...)
+ TODO: check
+CVE-2024-35197 (gitoxide is a pure Rust implementation of Git. On Windows, fetching re ...)
+ TODO: check
+CVE-2024-35186 (gitoxide is a pure Rust implementation of Git. During checkout, `gix-w ...)
+ TODO: check
+CVE-2024-35091 (J2EEFAST v2.7.0 was discovered to contain a SQL injection vulnerabilit ...)
+ TODO: check
+CVE-2024-35090 (J2EEFAST v2.7.0 was discovered to contain a SQL injection vulnerabilit ...)
+ TODO: check
+CVE-2024-35086 (J2EEFAST v2.7.0 was discovered to contain a SQL injection vulnerabilit ...)
+ TODO: check
+CVE-2024-35085 (J2EEFAST v2.7.0 was discovered to contain a SQL injection vulnerabilit ...)
+ TODO: check
+CVE-2024-35084 (J2EEFAST v2.7.0 was discovered to contain a SQL injection vulnerabilit ...)
+ TODO: check
+CVE-2024-35083 (J2EEFAST v2.7.0 was discovered to contain a SQL injection vulnerabilit ...)
+ TODO: check
+CVE-2024-35082 (J2EEFAST v2.7.0 was discovered to contain a SQL injection vulnerabilit ...)
+ TODO: check
+CVE-2024-35081 (LuckyFrameWeb v3.5.2 was discovered to contain an arbitrary file delet ...)
+ TODO: check
+CVE-2024-35080 (An arbitrary file upload vulnerability in the gok4 method of inxedu v2 ...)
+ TODO: check
+CVE-2024-35079 (An arbitrary file upload vulnerability in the uploadAudio method of in ...)
+ TODO: check
+CVE-2024-34936 (A SQL injection vulnerability in /view/event1.php in Campcodes Complet ...)
+ TODO: check
+CVE-2024-34935 (A SQL injection vulnerability in /view/conversation_history_admin.php ...)
+ TODO: check
+CVE-2024-34934 (A SQL injection vulnerability in /view/emarks_range_grade_update_form. ...)
+ TODO: check
+CVE-2024-34933 (A SQL injection vulnerability in /model/update_grade.php in Campcodes ...)
+ TODO: check
+CVE-2024-34932 (A SQL injection vulnerability in /model/update_exam.php in Campcodes C ...)
+ TODO: check
+CVE-2024-34931 (A SQL injection vulnerability in /model/update_subject.php in Campcode ...)
+ TODO: check
+CVE-2024-34930 (A SQL injection vulnerability in /model/all_events1.php in Campcodes C ...)
+ TODO: check
+CVE-2024-34929 (A SQL injection vulnerability in /view/find_friends.php in Campcodes C ...)
+ TODO: check
+CVE-2024-34928 (A SQL injection vulnerability in /model/update_subject_routing.php in ...)
+ TODO: check
+CVE-2024-34927 (A SQL injection vulnerability in /model/update_classroom.php in Campco ...)
+ TODO: check
+CVE-2024-34060 (IrisEVTXModule is an interface module for Evtx2Splunk and Iris in orde ...)
+ TODO: check
+CVE-2024-32969 (vantage6 is an open-source infrastructure for privacy preserving analy ...)
+ TODO: check
+CVE-2024-31843 (An issue was discovered in Italtel Embrace 1.6.4. The Web application ...)
+ TODO: check
+CVE-2024-30280 (Acrobat Reader versions 20.005.30574, 24.002.20736 and earlier are aff ...)
+ TODO: check
+CVE-2024-30279 (Acrobat Reader versions 20.005.30574, 24.002.20736 and earlier are aff ...)
+ TODO: check
+CVE-2024-2861 (The ProfilePress plugin for WordPress is vulnerable to Stored Cross-Si ...)
+ TODO: check
+CVE-2024-2301 (Certain HP LaserJet Pro devices are potentially vulnerable to a Cross- ...)
+ TODO: check
+CVE-2024-28188 (Jupyter Scheduler is collection of extensions for programming jobs to ...)
+ TODO: check
+CVE-2024-26139 (OpenCTI is an open source platform allowing organizations to manage th ...)
+ TODO: check
+CVE-2024-1815 (The Spectra \u2013 WordPress Gutenberg Blocks plugin for WordPress is ...)
+ TODO: check
+CVE-2024-1814 (The Spectra \u2013 WordPress Gutenberg Blocks plugin for WordPress is ...)
+ TODO: check
+CVE-2024-1803 (The EmbedPress \u2013 Embed PDF, Google Docs, Vimeo, Wistia, Embed You ...)
+ TODO: check
+CVE-2023-4859
+ REJECTED
CVE-2024-5241 (A vulnerability was found in Huashi Private Cloud CDN Live Streaming A ...)
NOT-FOR-US: Huashi Private Cloud CDN Live Streaming Acceleration Server
CVE-2024-5240 (A vulnerability was found in Campcodes Complete Web-Based School Manag ...)
@@ -106,13 +216,13 @@ CVE-2024-36011 (In the Linux kernel, the following vulnerability has been resolv
[bullseye] - linux <not-affected> (Vulnerable code not present)
[buster] - linux <not-affected> (Vulnerable code not present)
NOTE: https://git.kernel.org/linus/d2706004a1b8b526592e823d7e52551b518a7941 (6.9)
-CVE-2024-1947
+CVE-2024-1947 (A denial of service (DoS) condition was discovered in GitLab CE/EE aff ...)
- gitlab <unfixed>
NOTE: https://about.gitlab.com/releases/2024/05/22/patch-release-gitlab-17-0-1-released/
-CVE-2023-6502
+CVE-2023-6502 (A Denial of Service (DoS) condition has been discovered in GitLab CE/E ...)
- gitlab <unfixed>
NOTE: https://about.gitlab.com/releases/2024/05/22/patch-release-gitlab-17-0-1-released/
-CVE-2023-7045
+CVE-2023-7045 (A CSRF vulnerability exists within GitLab CE/EE from versions 13.11 be ...)
- gitlab <unfixed>
NOTE: https://about.gitlab.com/releases/2024/05/22/patch-release-gitlab-17-0-1-released/
CVE-2024-2874 (An issue has been discovered in GitLab CE/EE affecting all versions be ...)
@@ -217893,7 +218003,7 @@ CVE-2021-36089 (Grok 7.6.6 through 9.2.0 has a heap-based buffer overflow in grk
- libgrokj2k 9.5.0-1 (bug #990525)
NOTE: https://bugs.chromium.org/p/oss-fuzz/issues/detail?id=33544
NOTE: https://github.com/google/oss-fuzz-vulns/blob/main/vulns/grok/OSV-2021-677.yaml
-CVE-2021-36088 (Fluent Bit (aka fluent-bit) 1.7.0 through 1.7,4 has a double free in f ...)
+CVE-2021-36088 (Fluent Bit (aka fluent-bit) 1.7.0 through 1.7.4 has a double free in f ...)
NOT-FOR-US: Fluent Bit
CVE-2021-36087 (The CIL compiler in SELinux 3.2 has a heap-based buffer over-read in e ...)
- libsepol 3.3-1 (bug #990526)
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/def2256a3afd41349964b0e3e9a294e7de657e83
--
This project does not include diff previews in email notifications.
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/def2256a3afd41349964b0e3e9a294e7de657e83
You're receiving this email because of your account on salsa.debian.org.
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://alioth-lists.debian.net/pipermail/debian-security-tracker-commits/attachments/20240523/d1ebb7ce/attachment-0001.htm>
More information about the debian-security-tracker-commits
mailing list