[Git][security-tracker-team/security-tracker][master] automatic update

[Salvatore Bonaccorso (@carnil)]

Salvatore Bonaccorso pushed to branch master at Debian Security Tracker / security-tracker


Commits:
4f654e3c by security tracker role at 2024-05-31T08:12:02+00:00
automatic update

- - - - -


1 changed file:

- data/CVE/list


Changes:

=====================================
data/CVE/list
=====================================
@@ -1,28 +1,66 @@
-CVE-2024-5499
+CVE-2024-5525 (Improper privilege management vulnerability in Astrotalks affecting ve ...)
+	TODO: check
+CVE-2024-5524 (Information exposure vulnerability in Astrotalks affecting version 10/ ...)
+	TODO: check
+CVE-2024-5523 (SQL injection vulnerability in Astrotalks affecting version 10/03/2023 ...)
+	TODO: check
+CVE-2024-5427 (The WPCafe \u2013 Online Food Ordering, Restaurant Menu, Delivery, and ...)
+	TODO: check
+CVE-2024-5418 (The DethemeKit For Elementor plugin for WordPress is vulnerable to Sto ...)
+	TODO: check
+CVE-2024-5345 (The Responsive Owl Carousel for Elementor plugin for WordPress is vuln ...)
+	TODO: check
+CVE-2024-4469 (The WP STAGING WordPress Backup Plugin  WordPress plugin before 3.5.0  ...)
+	TODO: check
+CVE-2024-4379 (The Premium Addons for Elementor plugin for WordPress is vulnerable to ...)
+	TODO: check
+CVE-2024-4376 (The Premium Addons for Elementor plugin for WordPress is vulnerable to ...)
+	TODO: check
+CVE-2024-4205 (The Premium Addons for Elementor plugin for WordPress is vulnerable to ...)
+	TODO: check
+CVE-2024-37032 (Ollama before 0.1.34 does not validate the format of the digest (sha25 ...)
+	TODO: check
+CVE-2024-37018 (The OpenDaylight 0.15.3 controller allows topology poisoning via API r ...)
+	TODO: check
+CVE-2024-37017 (asdcplib (aka AS-DCP Lib) 2.13.1 has a heap-based buffer over-read in  ...)
+	TODO: check
+CVE-2024-36246 (Missing authorization vulnerability exists in Unifier and Unifier Cast ...)
+	TODO: check
+CVE-2024-36119 (Statamic is a, Laravel + Git powered CMS designed for building website ...)
+	TODO: check
+CVE-2024-32850 (Improper neutralization of special elements used in a command ('Comman ...)
+	TODO: check
+CVE-2024-2793 (The Visual Website Collaboration, Feedback & Project Management \u2013 ...)
+	TODO: check
+CVE-2024-23847 (Incorrect default permissions issue exists in Unifier and Unifier Cast ...)
+	TODO: check
+CVE-2024-1298 (EDK2 contains a vulnerability when S3 sleep is activated where an Atta ...)
+	TODO: check
+CVE-2024-5499 (Out of bounds write in Streams API in Google Chrome prior to 125.0.642 ...)
 	- chromium <unfixed>
 	[bullseye] - chromium <end-of-life> (see #1061268)
 	[buster] - chromium <end-of-life> (see DSA 5046)
-CVE-2024-5498
+CVE-2024-5498 (Use after free in Presentation API in Google Chrome prior to 125.0.642 ...)
 	- chromium <unfixed>
 	[bullseye] - chromium <end-of-life> (see #1061268)
 	[buster] - chromium <end-of-life> (see DSA 5046)
-CVE-2024-5497
+CVE-2024-5497 (Out of bounds memory access in Keyboard Inputs in Google Chrome prior  ...)
 	- chromium <unfixed>
 	[bullseye] - chromium <end-of-life> (see #1061268)
 	[buster] - chromium <end-of-life> (see DSA 5046)
-CVE-2024-5496
+CVE-2024-5496 (Use after free in Media Session in Google Chrome prior to 125.0.6422.1 ...)
 	- chromium <unfixed>
 	[bullseye] - chromium <end-of-life> (see #1061268)
 	[buster] - chromium <end-of-life> (see DSA 5046)
-CVE-2024-5495
+CVE-2024-5495 (Use after free in Dawn in Google Chrome prior to 125.0.6422.141 allowe ...)
 	- chromium <unfixed>
 	[bullseye] - chromium <end-of-life> (see #1061268)
 	[buster] - chromium <end-of-life> (see DSA 5046)
-CVE-2024-5494
+CVE-2024-5494 (Use after free in Dawn in Google Chrome prior to 125.0.6422.141 allowe ...)
 	- chromium <unfixed>
 	[bullseye] - chromium <end-of-life> (see #1061268)
 	[buster] - chromium <end-of-life> (see DSA 5046)
-CVE-2024-5493
+CVE-2024-5493 (Heap buffer overflow in WebRTC in Google Chrome prior to 125.0.6422.14 ...)
 	- chromium <unfixed>
 	[bullseye] - chromium <end-of-life> (see #1061268)
 	[buster] - chromium <end-of-life> (see DSA 5046)
@@ -1985,6 +2023,7 @@ CVE-2024-4563 (The Progress MOVEit Automation configuration export function prio
 CVE-2024-4454 (WithSecure Elements Endpoint Protection Link Following Local Privilege ...)
 	NOT-FOR-US: WithSecure Elements Endpoint Protection
 CVE-2024-4453 (GStreamer EXIF Metadata Parsing Integer Overflow Remote Code Execution ...)
+	{DLA-3824-1}
 	- gst-plugins-base1.0 1.24.3-1
 	- gst-plugins-base0.10 <removed>
 	NOTE: https://gstreamer.freedesktop.org/security/sa-2024-0002.html
@@ -20572,8 +20611,8 @@ CVE-2024-27908 (A buffer overflow vulnerability was reported in the HTTPS servic
 	NOT-FOR-US: Lenovo
 CVE-2024-23592 (An authentication bypass vulnerability was reported in Lenovo devices  ...)
 	NOT-FOR-US: Lenovo
-CVE-2024-21506
-	REJECTED
+CVE-2024-21506 (Versions of the package pymongo before 4.6.3 are vulnerable to Out-of- ...)
+	TODO: check
 CVE-2024-1994 (The Image Watermark plugin for WordPress is vulnerable to unauthorized ...)
 	NOT-FOR-US: WordPress plugin
 CVE-2024-1428 (The Element Pack Elementor Addons (Header Footer, Free Template Librar ...)



View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/4f654e3c6bc85522ab03e3e00ababa1efec826de

-- 
This project does not include diff previews in email notifications.
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/4f654e3c6bc85522ab03e3e00ababa1efec826de
You're receiving this email because of your account on salsa.debian.org.


-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://alioth-lists.debian.net/pipermail/debian-security-tracker-commits/attachments/20240531/9c28d8ca/attachment.htm>