[Git][security-tracker-team/security-tracker][master] automatic update

Salvatore Bonaccorso (@carnil) carnil at debian.org
Mon May 27 21:12:38 BST 2024 


Salvatore Bonaccorso pushed to branch master at Debian Security Tracker / security-tracker


Commits:
60065691 by security tracker role at 2024-05-27T20:12:17+00:00
automatic update

- - - - -


1 changed file:

- data/CVE/list


Changes:

=====================================
data/CVE/list
=====================================
@@ -1,3 +1,57 @@
+CVE-2024-5409 (RhinOS 3.0-1190 is vulnerable to an XSS via the "tamper" parameter in  ...)
+	TODO: check
+CVE-2024-5408 (Vulnerability in RhinOS 3.0-1190 consisting of an XSS through the "sea ...)
+	TODO: check
+CVE-2024-5407 (A vulnerability in RhinOS 3.0-1190 could allow PHP code injection thro ...)
+	TODO: check
+CVE-2024-5406 (A vulnerability had been discovered in WinNMP 19.02 consisting of an X ...)
+	TODO: check
+CVE-2024-5405 (A vulnerability had been discovered in WinNMP 19.02 consisting of an X ...)
+	TODO: check
+CVE-2024-3381
+	REJECTED
+CVE-2024-36383 (An issue was discovered in Logpoint SAML Authentication before 6.0.3.  ...)
+	TODO: check
+CVE-2024-36105 (dbt enables data analysts and engineers to transform their data using  ...)
+	TODO: check
+CVE-2024-36037 (Zoho ManageEngine ADAudit Plus versions 7260 and below allows unauthor ...)
+	TODO: check
+CVE-2024-36036 (Zoho ManageEngine ADAudit Plus versions 7260 and below allows unauthor ...)
+	TODO: check
+CVE-2024-35238 (Minder by Stacklok is an open source software supply chain security pl ...)
+	TODO: check
+CVE-2024-35237 (MIT IdentiBot is an open-source Discord bot written in Node.js that ve ...)
+	TODO: check
+CVE-2024-35236 (Audiobookshelf is a self-hosted audiobook and podcast server. Prior to ...)
+	TODO: check
+CVE-2024-35231 (rack-contrib provides contributed rack middleware and utilities for Ra ...)
+	TODO: check
+CVE-2024-35229 (ZKsync Era is a layer 2 rollup that uses zero-knowledge proofs to scal ...)
+	TODO: check
+CVE-2024-35219 (OpenAPI Generator allows generation of API client libraries (SDK gener ...)
+	TODO: check
+CVE-2024-35182 (Meshery is an open source, cloud native manager that enables the desig ...)
+	TODO: check
+CVE-2024-35181 (Meshery is an open source, cloud native manager that enables the desig ...)
+	TODO: check
+CVE-2024-34923 (In Avocent DSR2030 Appliance firmware 03.04.00.07 before 03.07.01.23,  ...)
+	TODO: check
+CVE-2024-34477 (configureNFS in lib/common/functions.sh in FOG through 1.5.10 allows l ...)
+	TODO: check
+CVE-2024-32978 (Kaminari is a paginator for web app frameworks and object relational m ...)
+	TODO: check
+CVE-2024-29415 (The ip package through 2.0.1 for Node.js might allow SSRF because some ...)
+	TODO: check
+CVE-2024-27310 (Zoho ManageEngineADSelfService Plus versions below6401 are vulnerable  ...)
+	TODO: check
+CVE-2024-0851 (Improper Neutralization of Special Elements used in an SQL Command ('S ...)
+	TODO: check
+CVE-2023-6349 (A heap overflow vulnerability exists in libvpx -Encoding a frame that  ...)
+	TODO: check
+CVE-2023-50977 (In GNOME Shell through 45.2, unauthenticated remote code execution can ...)
+	TODO: check
+CVE-2022-4969 (A vulnerability, which was classified as critical, has been found in b ...)
+	TODO: check
 CVE-2024-5403 (ASKEY 5G NR Small Cell fails to properly filter user input for certain ...)
 	NOT-FOR-US: ASKEY
 CVE-2024-5400 (Openfind Mail2000 does not properly filter parameters of specific CGI. ...)
@@ -1527,6 +1581,7 @@ CVE-2024-3268 (The YouTube Video Gallery by YouTube Showcase \u2013 Video Galler
 CVE-2024-36052 (RARLAB WinRAR before 7.00, on Windows, allows attackers to spoof the s ...)
 	NOT-FOR-US: WinRAR
 CVE-2024-36039 (PyMySQL through 1.1.0 allows SQL injection if used with untrusted JSON ...)
+	{DLA-3822-1}
 	- python-pymysql <unfixed> (bug #1071628)
 	NOTE: https://github.com/advisories/GHSA-v9hf-5j83-6xpp
 	NOTE: https://github.com/PyMySQL/PyMySQL/commit/521e40050cb386a499f68f483fefd144c493053c (v1.1.1)
@@ -17012,7 +17067,7 @@ CVE-2024-3662 (The WPZOOM Social Feed Widget & Block plugin for WordPress is vul
 CVE-2023-6494 (The WPC Smart Quick View for WooCommerce plugin for WordPress is vulne ...)
 	NOT-FOR-US: WordPress plugin
 CVE-2024-32487 (less through 653 allows OS command execution via a newline character i ...)
-	{DSA-5679-1}
+	{DSA-5679-1 DLA-3823-1}
 	- less 590-2.1 (bug #1068938)
 	NOTE: https://www.openwall.com/lists/oss-security/2024/04/12/5
 	NOTE: Fixed by: https://github.com/gwsw/less/commit/007521ac3c95bc76e3d59c6dbfe75d06c8075c33
@@ -20962,7 +21017,8 @@ CVE-2024-3209 (A vulnerability was found in UPX up to 4.2.2. It has been rated a
 	TODO: check upstream report status, seems not filled as issue
 CVE-2024-3207 (A vulnerability was found in ermig1979 Simd up to 6.0.134. It has been ...)
 	NOT-FOR-US: ermig1979 Simd
-CVE-2024-3205 (A vulnerability was found in yaml libyaml up to 0.2.5 and classified a ...)
+CVE-2024-3205
+	REJECTED
 	NOTE: Non issue reported for libyaml:
 	NOTE: https://github.com/yaml/libyaml/issues/258#issuecomment-2058613931
 	NOTE: https://vuldb.com/?submit.304561
@@ -33345,7 +33401,7 @@ CVE-2024-26318 (Serenity before 6.8.0 allows XSS via an email link because Login
 CVE-2024-24722 (An unquoted service path vulnerability in the 12d Synergy Server and F ...)
 	NOT-FOR-US: 12d Synergy Server
 CVE-2022-48624 (close_altfile in filename.c in less before 606 omits shell_quote calls ...)
-	{DSA-5679-1}
+	{DSA-5679-1 DLA-3823-1}
 	- less 590-2.1 (bug #1064293)
 	NOTE: https://github.com/gwsw/less/commit/c6ac6de49698be84d264a0c4c0c40bb870b10144 (v606)
 CVE-2020-36774 (plugins/gtk+/glade-gtk-box.c in GNOME Glade before 3.38.1 and 3.39.x b ...)



View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/600656915a35b382d9da8336b88971998f46641d

-- 
This project does not include diff previews in email notifications.
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/600656915a35b382d9da8336b88971998f46641d
You're receiving this email because of your account on salsa.debian.org.


-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://alioth-lists.debian.net/pipermail/debian-security-tracker-commits/attachments/20240527/40378c1c/attachment.htm>

More information about the debian-security-tracker-commits mailing list