[Git][security-tracker-team/security-tracker][master] automatic update
Salvatore Bonaccorso (@carnil)
carnil at debian.org
Thu Oct 3 09:12:09 BST 2024
Salvatore Bonaccorso pushed to branch master at Debian Security Tracker / security-tracker
Commits:
60f5017b by security tracker role at 2024-10-03T08:12:03+00:00
automatic update
- - - - -
1 changed file:
- data/CVE/list
Changes:
=====================================
data/CVE/list
=====================================
@@ -1,3 +1,23 @@
+CVE-2024-8352 (The Social Web Suite \u2013 Social Media Auto Post, Social Media Auto ...)
+ TODO: check
+CVE-2024-8159 (Deep Freeze 9.00.020.5760 is vulnerable to an out-of-bounds read vulne ...)
+ TODO: check
+CVE-2024-47616 (Pomerium is an identity and context-aware access proxy. The Pomerium d ...)
+ TODO: check
+CVE-2024-47136 (Out-of-bounds read vulnerability exists in Kostac PLC Programming Soft ...)
+ TODO: check
+CVE-2024-47135 (Stack-based buffer overflow vulnerability exists in Kostac PLC Program ...)
+ TODO: check
+CVE-2024-47134 (Out-of-bounds write vulnerability exists in Kostac PLC Programming Sof ...)
+ TODO: check
+CVE-2024-45519 (The postjournal service in Zimbra Collaboration (ZCS) before 8.8.15 Pa ...)
+ TODO: check
+CVE-2024-42504 (A security vulnerability in HPE IceWall Agent products could be exploi ...)
+ TODO: check
+CVE-2024-28888 (A use-after-free vulnerability exists in the way Foxit Reade 2024.1.0. ...)
+ TODO: check
+CVE-2024-24117 (Insecure Permissions vulnerability in Ruijie RG-NBS2009G-P RGOS v.10.4 ...)
+ TODO: check
CVE-2024-9441 (The Linear eMerge e3-Series through version 1.00-07 is vulnerable to a ...)
NOT-FOR-US: Linear eMerge e3-Series
CVE-2024-9440 (Slim Select 2.0 versions through 2.9.0 are affected by a potential cro ...)
@@ -27473,6 +27493,7 @@ CVE-2024-30465 (Missing Authorization vulnerability in Pagelayer Team PageLayer.
CVE-2024-30464 (Missing Authorization vulnerability in WPZOOM Social Icons Widget & Bl ...)
NOT-FOR-US: WordPress plugin
CVE-2024-8925 [Erroneous parsing of multipart form data]
+ {DSA-5780-1}
- php8.2 8.2.24-1
- php7.4 <removed>
NOTE: Fixed in 8.3.12, 8.2.24
@@ -27486,12 +27507,14 @@ CVE-2024-9026 [Logs from childrens may be altered]
NOTE: https://github.com/php/php-src/commit/1f8e16172c7961045c2b0f34ba7613e3f21cdee8 (PHP-8.2.24)
NOTE: Introduced by: https://github.com/php/php-src/commit/0bc6a66a7a0624e63edcd2499f91b227cdb77f47 (php-7.4.4RC1)
CVE-2024-8927 [cgi.force_redirect configuration is byppassible due to the environment variable collision]
+ {DSA-5780-1}
- php8.2 8.2.24-1
- php7.4 <removed>
NOTE: Fixed in 8.3.12, 8.2.24
NOTE: https://github.com/php/php-src/security/advisories/GHSA-94p6-54jq-9mwp
NOTE: https://github.com/php/php-src/commit/48808d98f4fc2a05193cdcc1aedd6c66816450f1 (PHP-8.2.24)
CVE-2024-8926 [Bypass of CVE-2024-4577, Parameter Injection Vulnerability]
+ {DSA-5780-1}
- php8.2 <not-affected> (Windows-specific)
- php7.4 <not-affected> (Windows-specific)
NOTE: Fixed in 8.3.12, 8.2.24
@@ -71670,7 +71693,7 @@ CVE-2024-23659 (SPIP before 4.1.14 and 4.2.x before 4.2.8 allows XSS via the nam
NOTE: https://git.spip.net/spip/bigup/commit/ada821c076d67d1147a195178223d0b4a6d8cecc
NOTE: https://git.spip.net/spip/bigup/commit/0757f015717cb72b84dba0e9a375ec71caddf1c2
NOTE: https://blog.spip.net/Mise-a-jour-de-maintenance-et-securite-sortie-de-SPIP-4-2-8-SPIP-4-1-14.html?lang=fr
-CVE-2023-6955 (An improper access control vulnerability exists in GitLab Remote Devel ...)
+CVE-2023-6955 (A missing authorization check vulnerability exists in GitLab Remote De ...)
- gitlab 16.6.5-3
CVE-2023-4812 (An issue has been discovered in GitLab EE affecting all versions start ...)
- gitlab 16.6.5-3
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/60f5017b172fca553a59ea8ae999dccb3c1c4f65
--
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/60f5017b172fca553a59ea8ae999dccb3c1c4f65
You're receiving this email because of your account on salsa.debian.org.
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://alioth-lists.debian.net/pipermail/debian-security-tracker-commits/attachments/20241003/b3091583/attachment.htm>
More information about the debian-security-tracker-commits
mailing list