[Git][security-tracker-team/security-tracker][master] automatic update
Salvatore Bonaccorso (@carnil)
carnil at debian.org
Fri May 31 21:12:26 BST 2024
Salvatore Bonaccorso pushed to branch master at Debian Security Tracker / security-tracker
Commits:
389956b0 by security tracker role at 2024-05-31T20:12:01+00:00
automatic update
- - - - -
1 changed file:
- data/CVE/list
Changes:
=====================================
data/CVE/list
=====================================
@@ -1,3 +1,105 @@
+CVE-2024-5565 (The Vanna library uses a prompt function to present the user with visu ...)
+ TODO: check
+CVE-2024-5564 (A vulnerability was found in libndp. This flaw allows a local maliciou ...)
+ TODO: check
+CVE-2024-5538
+ REJECTED
+CVE-2024-5484
+ REJECTED
+CVE-2024-5436 (Type confusion in Snapchat LensCore could lead to denial of service or ...)
+ TODO: check
+CVE-2024-5347 (The Happy Addons for Elementor plugin for WordPress is vulnerable to S ...)
+ TODO: check
+CVE-2024-5176 (Insufficiently Protected Credentials vulnerability in Baxter Welch All ...)
+ TODO: check
+CVE-2024-5144
+ REJECTED
+CVE-2024-5041 (The Happy Addons for Elementor plugin for WordPress is vulnerable to S ...)
+ TODO: check
+CVE-2024-4160 (The Download Manager plugin for WordPress is vulnerable to Stored Cros ...)
+ TODO: check
+CVE-2024-36845 (An invalid pointer in the modbus_receive() function of libmodbus v3.1. ...)
+ TODO: check
+CVE-2024-36844 (libmodbus v3.1.6 was discovered to contain a use-after-free via the ct ...)
+ TODO: check
+CVE-2024-36843 (libmodbus v3.1.6 was discovered to contain a heap overflow via the mod ...)
+ TODO: check
+CVE-2024-36120 (javascript-deobfuscator removes common JavaScript obfuscation techniqu ...)
+ TODO: check
+CVE-2024-36108 (casgate is an Open Source Identity and Access Management system. In af ...)
+ TODO: check
+CVE-2024-35196 (Sentry is a developer-first error tracking and performance monitoring ...)
+ TODO: check
+CVE-2024-35142 (IBM Security Verify Access Docker 10.0.0 through 10.0.6 could allow a ...)
+ TODO: check
+CVE-2024-35140 (IBM Security Verify Access Docker 10.0.0 through 10.0.6 could allow a ...)
+ TODO: check
+CVE-2024-34000 (ID numbers displayed in the lesson overview report required additional ...)
+ TODO: check
+CVE-2024-33999 (The referrer URL used by MFA required additional sanitizing, rather th ...)
+ TODO: check
+CVE-2024-33998 (Insufficient escaping of participants' names in the participants page ...)
+ TODO: check
+CVE-2024-33997 (Additional sanitizing was required when opening the equation editor to ...)
+ TODO: check
+CVE-2024-33996 (Incorrect validation of allowed event types in a calendar web service ...)
+ TODO: check
+CVE-2024-31908 (IBM Planning Analytics Local 2.0 and 2.1 is vulnerable to stored cross ...)
+ TODO: check
+CVE-2024-31907 (IBM Planning Analytics Local 2.0 and 2.1 is vulnerable to cross-site s ...)
+ TODO: check
+CVE-2024-31889 (IBM Planning Analytics Local 2.0 and 2.1 is vulnerable to cross-site s ...)
+ TODO: check
+CVE-2024-31030 (An issue in coap_msg.c in Keith Cullen's FreeCoAP v.0.7 allows remote ...)
+ TODO: check
+CVE-2024-29848 (An unrestricted file upload vulnerability in web component of Ivanti A ...)
+ TODO: check
+CVE-2024-29846 (An unspecified SQL Injection vulnerability in Core server of Ivanti EP ...)
+ TODO: check
+CVE-2024-29830 (An unspecified SQL Injection vulnerability in Core server of Ivanti EP ...)
+ TODO: check
+CVE-2024-29829 (An unspecified SQL Injection vulnerability in Core server of Ivanti EP ...)
+ TODO: check
+CVE-2024-29828 (An unspecified SQL Injection vulnerability in Core server of Ivanti EP ...)
+ TODO: check
+CVE-2024-29827 (An unspecified SQL Injection vulnerability in Core server of Ivanti EP ...)
+ TODO: check
+CVE-2024-29826 (An unspecified SQL Injection vulnerability in Core server of Ivanti EP ...)
+ TODO: check
+CVE-2024-29825 (An unspecified SQL Injection vulnerability in Core server of Ivanti EP ...)
+ TODO: check
+CVE-2024-29824 (An unspecified SQL Injection vulnerability in Core server of Ivanti EP ...)
+ TODO: check
+CVE-2024-29823 (An unspecified SQL Injection vulnerability in Core server of Ivanti EP ...)
+ TODO: check
+CVE-2024-29822 (An unspecified SQL Injection vulnerability in Core server of Ivanti EP ...)
+ TODO: check
+CVE-2024-28736 (An issue in Debezium Community debezium-ui v.2.5 allows a local attack ...)
+ TODO: check
+CVE-2024-23692 (Rejetto HTTP File Server, up to and including version 2.3m, is vulnera ...)
+ TODO: check
+CVE-2024-23316 (HTTP request desynchronization in Ping Identity PingAccess, all versio ...)
+ TODO: check
+CVE-2024-22338 (IBM Security Verify Access OIDC Provider 22.09 through 23.03 could dis ...)
+ TODO: check
+CVE-2024-22060 (An unrestricted file upload vulnerability in web component of Ivanti N ...)
+ TODO: check
+CVE-2024-22059 (A SQL injection vulnerability in web component of Ivanti Neurons for I ...)
+ TODO: check
+CVE-2024-22058 (A buffer overflow allows a low privilege user on the local machine tha ...)
+ TODO: check
+CVE-2024-1980
+ REJECTED
+CVE-2024-1275 (Use of Default Cryptographic Key vulnerability in Baxter Welch Ally Co ...)
+ TODO: check
+CVE-2023-7073 (The Auto Featured Image (Auto Post Thumbnail) plugin for WordPress is ...)
+ TODO: check
+CVE-2023-46810 (A local privilege escalation vulnerability in Ivanti Secure Access Cli ...)
+ TODO: check
+CVE-2023-38551 (A CRLF Injection vulnerability in Ivanti Connect Secure (9.x, 22.x) al ...)
+ TODO: check
+CVE-2023-38042 (A local privilege escalation vulnerability in Ivanti Secure Access Cli ...)
+ TODO: check
CVE-2024-5525 (Improper privilege management vulnerability in Astrotalks affecting ve ...)
NOT-FOR-US: Astrotalks
CVE-2024-5524 (Information exposure vulnerability in Astrotalks affecting version 10/ ...)
@@ -37,30 +139,37 @@ CVE-2024-23847 (Incorrect default permissions issue exists in Unifier and Unifie
CVE-2024-1298 (EDK2 contains a vulnerability when S3 sleep is activated where an Atta ...)
TODO: check
CVE-2024-5499 (Out of bounds write in Streams API in Google Chrome prior to 125.0.642 ...)
+ {DSA-5701-1}
- chromium 125.0.6422.141-1
[bullseye] - chromium <end-of-life> (see #1061268)
[buster] - chromium <end-of-life> (see DSA 5046)
CVE-2024-5498 (Use after free in Presentation API in Google Chrome prior to 125.0.642 ...)
+ {DSA-5701-1}
- chromium 125.0.6422.141-1
[bullseye] - chromium <end-of-life> (see #1061268)
[buster] - chromium <end-of-life> (see DSA 5046)
CVE-2024-5497 (Out of bounds memory access in Keyboard Inputs in Google Chrome prior ...)
+ {DSA-5701-1}
- chromium 125.0.6422.141-1
[bullseye] - chromium <end-of-life> (see #1061268)
[buster] - chromium <end-of-life> (see DSA 5046)
CVE-2024-5496 (Use after free in Media Session in Google Chrome prior to 125.0.6422.1 ...)
+ {DSA-5701-1}
- chromium 125.0.6422.141-1
[bullseye] - chromium <end-of-life> (see #1061268)
[buster] - chromium <end-of-life> (see DSA 5046)
CVE-2024-5495 (Use after free in Dawn in Google Chrome prior to 125.0.6422.141 allowe ...)
+ {DSA-5701-1}
- chromium 125.0.6422.141-1
[bullseye] - chromium <end-of-life> (see #1061268)
[buster] - chromium <end-of-life> (see DSA 5046)
CVE-2024-5494 (Use after free in Dawn in Google Chrome prior to 125.0.6422.141 allowe ...)
+ {DSA-5701-1}
- chromium 125.0.6422.141-1
[bullseye] - chromium <end-of-life> (see #1061268)
[buster] - chromium <end-of-life> (see DSA 5046)
CVE-2024-5493 (Heap buffer overflow in WebRTC in Google Chrome prior to 125.0.6422.14 ...)
+ {DSA-5701-1}
- chromium 125.0.6422.141-1
[bullseye] - chromium <end-of-life> (see #1061268)
[buster] - chromium <end-of-life> (see DSA 5046)
@@ -616,7 +725,7 @@ CVE-2024-4358 (In Progress Telerik Report Server, version 2024 Q1 (10.0.24.305)
NOT-FOR-US: Progress Telerik Report Server
CVE-2024-3412 (The WP STAGING WordPress Backup Plugin \u2013 Migration Backup Restore ...)
NOT-FOR-US: WordPress plugin
-CVE-2024-36470 (In JetBrains TeamCity before 2022.04.6, 2022.10.5, 2023.05.5, 2023.11. ...)
+CVE-2024-36470 (In JetBrains TeamCity before 2022.04.7, 2022.10.6, 2023.05.6, 2023.11. ...)
NOT-FOR-US: JetBrains TeamCity
CVE-2024-36427 (The file-serving function in TARGIT Decision Suite 23.2.15007 allows a ...)
NOT-FOR-US: TARGIT Decision Suite
@@ -632,27 +741,27 @@ CVE-2024-36374 (In JetBrains TeamCity before 2024.03.2 stored XSS via build step
NOT-FOR-US: JetBrains TeamCity
CVE-2024-36373 (In JetBrains TeamCity before 2024.03.2 several stored XSS in untrusted ...)
NOT-FOR-US: JetBrains TeamCity
-CVE-2024-36372 (In JetBrains TeamCity before 2023.05.5 reflected XSS on the subscripti ...)
+CVE-2024-36372 (In JetBrains TeamCity before 2023.05.6 reflected XSS on the subscripti ...)
NOT-FOR-US: JetBrains TeamCity
-CVE-2024-36371 (In JetBrains TeamCity before 2023.05.5, 2023.11.5 stored XSS in Commit ...)
+CVE-2024-36371 (In JetBrains TeamCity before 2023.05.6, 2023.11.5 stored XSS in Commit ...)
NOT-FOR-US: JetBrains TeamCity
-CVE-2024-36370 (In JetBrains TeamCity before 2022.04.6, 2022.10.5, 2023.05.5, 2023.11. ...)
+CVE-2024-36370 (In JetBrains TeamCity before 2022.04.7, 2022.10.6, 2023.05.6, 2023.11. ...)
NOT-FOR-US: JetBrains TeamCity
-CVE-2024-36369 (In JetBrains TeamCity before 2022.04.6, 2022.10.5, 2023.05.5, 2023.11. ...)
+CVE-2024-36369 (In JetBrains TeamCity before 2022.04.7, 2022.10.6, 2023.05.6, 2023.11. ...)
NOT-FOR-US: JetBrains TeamCity
-CVE-2024-36368 (In JetBrains TeamCity before 2022.04.6, 2022.10.5, 2023.05.5, 2023.11. ...)
+CVE-2024-36368 (In JetBrains TeamCity before 2022.04.7, 2022.10.6, 2023.05.6, 2023.11. ...)
NOT-FOR-US: JetBrains TeamCity
-CVE-2024-36367 (In JetBrains TeamCity before 2022.04.6, 2022.10.5, 2023.05.5, 2023.11. ...)
+CVE-2024-36367 (In JetBrains TeamCity before 2022.04.7, 2022.10.6, 2023.05.6, 2023.11. ...)
NOT-FOR-US: JetBrains TeamCity
-CVE-2024-36366 (In JetBrains TeamCity before 2022.04.6, 2022.10.5, 2023.05.5, 2023.11. ...)
+CVE-2024-36366 (In JetBrains TeamCity before 2022.04.7, 2022.10.6, 2023.05.6, 2023.11. ...)
NOT-FOR-US: JetBrains TeamCity
-CVE-2024-36365 (In JetBrains TeamCity before 2022.04.6, 2022.10.5, 2023.05.5, 2023.11. ...)
+CVE-2024-36365 (In JetBrains TeamCity before 2022.04.7, 2022.10.6, 2023.05.6, 2023.11. ...)
NOT-FOR-US: JetBrains TeamCity
-CVE-2024-36364 (In JetBrains TeamCity before 2022.04.6, 2022.10.5, 2023.05.5, 2023.11. ...)
+CVE-2024-36364 (In JetBrains TeamCity before 2022.04.7, 2022.10.6, 2023.05.6, 2023.11. ...)
NOT-FOR-US: JetBrains TeamCity
-CVE-2024-36363 (In JetBrains TeamCity before 2022.04.6, 2022.10.5, 2023.05.5, 2023.11. ...)
+CVE-2024-36363 (In JetBrains TeamCity before 2022.04.7, 2022.10.6, 2023.05.6, 2023.11. ...)
NOT-FOR-US: JetBrains TeamCity
-CVE-2024-36362 (In JetBrains TeamCity before 2022.04.6, 2022.10.5, 2023.05.5, 2023.11. ...)
+CVE-2024-36362 (In JetBrains TeamCity before 2022.04.7, 2022.10.6, 2023.05.6, 2023.11. ...)
NOT-FOR-US: JetBrains TeamCity
CVE-2024-36016 (In the Linux kernel, the following vulnerability has been resolved: t ...)
- linux 6.8.12-1
@@ -178235,10 +178344,10 @@ CVE-2022-25040
RESERVED
CVE-2022-25039
RESERVED
-CVE-2022-25038
- RESERVED
-CVE-2022-25037
- RESERVED
+CVE-2022-25038 (wanEditor v4.7.11 was discovered to contain a cross-site scripting (XS ...)
+ TODO: check
+CVE-2022-25037 (An issue in wanEditor v4.7.11 and fixed in v.4.7.12 and v.5 was discov ...)
+ TODO: check
CVE-2022-25036
RESERVED
CVE-2022-25035
@@ -194100,8 +194209,8 @@ CVE-2022-21824 (Due to the formatting logic of the "console.table()" function it
[stretch] - nodejs <end-of-life> (Nodejs in stretch not covered by security support)
NOTE: https://nodejs.org/en/blog/vulnerability/jan-2022-security-releases/#prototype-pollution-via-console-table-properties-low-cve-2022-21824
NOTE: https://github.com/nodejs/node/commit/be69403528da99bf3df9e1dc47186f18ba59cb5e (v12.x)
-CVE-2021-44534
- RESERVED
+CVE-2021-44534 (Insufficient user input filtering leads to arbitrary file read by non- ...)
+ TODO: check
CVE-2021-44533 (Node.js < 12.22.9, < 14.18.3, < 16.13.2, and < 17.3.1 did not handle m ...)
{DSA-5170-1}
- nodejs 12.22.9~dfsg-1 (bug #1004177)
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/389956b0e403c2cc6e00a52218d73a3bfdbbf301
--
This project does not include diff previews in email notifications.
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/389956b0e403c2cc6e00a52218d73a3bfdbbf301
You're receiving this email because of your account on salsa.debian.org.
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://alioth-lists.debian.net/pipermail/debian-security-tracker-commits/attachments/20240531/4b3b08d7/attachment-0001.htm>
More information about the debian-security-tracker-commits
mailing list