[Git][security-tracker-team/security-tracker][master] automatic update

Thu Oct 3 09:12:09 BST 2024


Salvatore Bonaccorso pushed to branch master at Debian Security Tracker / security-tracker


Commits:
60f5017b by security tracker role at 2024-10-03T08:12:03+00:00
automatic update

- - - - -


1 changed file:

- data/CVE/list


Changes:

=====================================
data/CVE/list
=====================================
@@ -1,3 +1,23 @@
+CVE-2024-8352 (The Social Web Suite \u2013 Social Media Auto Post, Social Media Auto  ...)
+	TODO: check
+CVE-2024-8159 (Deep Freeze 9.00.020.5760 is vulnerable to an out-of-bounds read vulne ...)
+	TODO: check
+CVE-2024-47616 (Pomerium is an identity and context-aware access proxy. The Pomerium d ...)
+	TODO: check
+CVE-2024-47136 (Out-of-bounds read vulnerability exists in Kostac PLC Programming Soft ...)
+	TODO: check
+CVE-2024-47135 (Stack-based buffer overflow vulnerability exists in Kostac PLC Program ...)
+	TODO: check
+CVE-2024-47134 (Out-of-bounds write vulnerability exists in Kostac PLC Programming Sof ...)
+	TODO: check
+CVE-2024-45519 (The postjournal service in Zimbra Collaboration (ZCS) before 8.8.15 Pa ...)
+	TODO: check
+CVE-2024-42504 (A security vulnerability in HPE IceWall Agent products could be exploi ...)
+	TODO: check
+CVE-2024-28888 (A use-after-free vulnerability exists in the way Foxit Reade 2024.1.0. ...)
+	TODO: check
+CVE-2024-24117 (Insecure Permissions vulnerability in Ruijie RG-NBS2009G-P RGOS v.10.4 ...)
+	TODO: check
 CVE-2024-9441 (The Linear eMerge e3-Series through version 1.00-07 is vulnerable to a ...)
 	NOT-FOR-US: Linear eMerge e3-Series
 CVE-2024-9440 (Slim Select 2.0 versions through 2.9.0 are affected by a potential cro ...)
@@ -27473,6 +27493,7 @@ CVE-2024-30465 (Missing Authorization vulnerability in Pagelayer Team PageLayer.
 CVE-2024-30464 (Missing Authorization vulnerability in WPZOOM Social Icons Widget & Bl ...)
 	NOT-FOR-US: WordPress plugin
 CVE-2024-8925 [Erroneous parsing of multipart form data]
+	{DSA-5780-1}
 	- php8.2 8.2.24-1
 	- php7.4 <removed>
 	NOTE: Fixed in 8.3.12, 8.2.24
@@ -27486,12 +27507,14 @@ CVE-2024-9026 [Logs from childrens may be altered]
 	NOTE: https://github.com/php/php-src/commit/1f8e16172c7961045c2b0f34ba7613e3f21cdee8 (PHP-8.2.24)
 	NOTE: Introduced by: https://github.com/php/php-src/commit/0bc6a66a7a0624e63edcd2499f91b227cdb77f47 (php-7.4.4RC1)
 CVE-2024-8927 [cgi.force_redirect configuration is byppassible due to the environment variable collision]
+	{DSA-5780-1}
 	- php8.2 8.2.24-1
 	- php7.4 <removed>
 	NOTE: Fixed in 8.3.12, 8.2.24
 	NOTE: https://github.com/php/php-src/security/advisories/GHSA-94p6-54jq-9mwp
 	NOTE: https://github.com/php/php-src/commit/48808d98f4fc2a05193cdcc1aedd6c66816450f1 (PHP-8.2.24)
 CVE-2024-8926 [Bypass of CVE-2024-4577, Parameter Injection Vulnerability]
+	{DSA-5780-1}
 	- php8.2 <not-affected> (Windows-specific)
 	- php7.4 <not-affected> (Windows-specific)
 	NOTE: Fixed in 8.3.12, 8.2.24
@@ -71670,7 +71693,7 @@ CVE-2024-23659 (SPIP before 4.1.14 and 4.2.x before 4.2.8 allows XSS via the nam
 	NOTE: https://git.spip.net/spip/bigup/commit/ada821c076d67d1147a195178223d0b4a6d8cecc
 	NOTE: https://git.spip.net/spip/bigup/commit/0757f015717cb72b84dba0e9a375ec71caddf1c2
 	NOTE: https://blog.spip.net/Mise-a-jour-de-maintenance-et-securite-sortie-de-SPIP-4-2-8-SPIP-4-1-14.html?lang=fr
-CVE-2023-6955 (An improper access control vulnerability exists in GitLab Remote Devel ...)
+CVE-2023-6955 (A missing authorization check vulnerability exists in GitLab Remote De ...)
 	- gitlab 16.6.5-3
 CVE-2023-4812 (An issue has been discovered in GitLab EE affecting all versions start ...)
 	- gitlab 16.6.5-3



View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/60f5017b172fca553a59ea8ae999dccb3c1c4f65

-- 
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/60f5017b172fca553a59ea8ae999dccb3c1c4f65
You're receiving this email because of your account on salsa.debian.org.


-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://alioth-lists.debian.net/pipermail/debian-security-tracker-commits/attachments/20241003/b3091583/attachment.htm>
