[Git][security-tracker-team/security-tracker][master] automatic update

Salvatore Bonaccorso (@carnil) carnil at debian.org
Fri Sep 6 21:13:03 BST 2024 


Salvatore Bonaccorso pushed to branch master at Debian Security Tracker / security-tracker


Commits:
741dd860 by security tracker role at 2024-09-06T20:12:45+00:00
automatic update

- - - - -


1 changed file:

- data/CVE/list


Changes:

=====================================
data/CVE/list
=====================================
@@ -1,3 +1,103 @@
+CVE-2024-8517 (SPIP before 4.3.2, 4.2.16, and  4.1.18 is vulnerable to a command inje ...)
+	TODO: check
+CVE-2024-8509 (A vulnerability was found in Forklift Controller. There is no verifica ...)
+	TODO: check
+CVE-2024-8428 (The ForumWP \u2013 Forum & Discussion Board Plugin plugin for WordPres ...)
+	TODO: check
+CVE-2024-8394 (When aborting the verification of an OTR chat session, an attacker cou ...)
+	TODO: check
+CVE-2024-7652 (An error in the ECMA-262 specification relating to Async Generators co ...)
+	TODO: check
+CVE-2024-7622 (The Revision Manager TMC plugin for WordPress is vulnerable to unautho ...)
+	TODO: check
+CVE-2024-7611 (The Enter Addons \u2013 Ultimate Template Builder for Elementor plugin ...)
+	TODO: check
+CVE-2024-7599 (The Advanced Sermons plugin for WordPress is vulnerable to Stored Cros ...)
+	TODO: check
+CVE-2024-7493 (The WPCOM Member plugin for WordPress is vulnerable to privilege escal ...)
+	TODO: check
+CVE-2024-6445 (Improper Limitation of a Pathname to a Restricted Directory ('Path Tra ...)
+	TODO: check
+CVE-2024-45758 (H2O.ai H2O through 3.46.0.4 allows attackers to arbitrarily set the JD ...)
+	TODO: check
+CVE-2024-45405 (`gix-path` is a crate of the `gitoxide` project (an implementation of  ...)
+	TODO: check
+CVE-2024-45300 (alf.io is an open source ticket reservation system for conferences, tr ...)
+	TODO: check
+CVE-2024-45299 (alf.io is an open source ticket reservation system for conferences, tr ...)
+	TODO: check
+CVE-2024-45295
+	REJECTED
+CVE-2024-45294 (The HL7 FHIR Core Artifacts repository provides the java core object h ...)
+	TODO: check
+CVE-2024-45040 (gnark is a fast zk-SNARK library that offers a high-level API to desig ...)
+	TODO: check
+CVE-2024-45039 (gnark is a fast zk-SNARK library that offers a high-level API to desig ...)
+	TODO: check
+CVE-2024-44837 (A cross-site scripting (XSS) vulnerability in the component \bean\Mana ...)
+	TODO: check
+CVE-2024-44739 (Sourcecodester Simple Forum Website v1.0 has a SQL injection vulnerabi ...)
+	TODO: check
+CVE-2024-44408 (D-Link DIR-823G v1.0.2B05_20181207 is vulnerable to Information Disclo ...)
+	TODO: check
+CVE-2024-44402 (D-Link DI-8100G 17.12.20A1 is vulnerable to Command Injection via msp_ ...)
+	TODO: check
+CVE-2024-44401 (D-Link DI-8100G 17.12.20A1 is vulnerable to Command Injection via sub4 ...)
+	TODO: check
+CVE-2024-38642 (An improper certificate validation vulnerability has been reported to  ...)
+	TODO: check
+CVE-2024-38641 (An OS command injection vulnerability has been reported to affect seve ...)
+	TODO: check
+CVE-2024-38640 (A cross-site scripting (XSS) vulnerability has been reported to affect ...)
+	TODO: check
+CVE-2024-32771 (An improper restriction of excessive authentication attempts vulnerabi ...)
+	TODO: check
+CVE-2024-32763 (A buffer copy without checking size of input vulnerability has been re ...)
+	TODO: check
+CVE-2024-32762 (A cross-site scripting (XSS) vulnerability has been reported to affect ...)
+	TODO: check
+CVE-2024-27126 (A cross-site scripting (XSS) vulnerability has been reported to affect ...)
+	TODO: check
+CVE-2024-27125 (A cross-site scripting (XSS) vulnerability has been reported to affect ...)
+	TODO: check
+CVE-2024-27122 (A cross-site scripting (XSS) vulnerability has been reported to affect ...)
+	TODO: check
+CVE-2024-25584 (Dovecot accepts dot LF DOT LF symbol as end of DATA command. RFC requi ...)
+	TODO: check
+CVE-2024-21906 (An OS command injection vulnerability has been reported to affect seve ...)
+	TODO: check
+CVE-2024-21904 (A path traversal vulnerability has been reported to affect several QNA ...)
+	TODO: check
+CVE-2024-21903 (An OS command injection vulnerability has been reported to affect seve ...)
+	TODO: check
+CVE-2024-21898 (An OS command injection vulnerability has been reported to affect seve ...)
+	TODO: check
+CVE-2024-21897 (A cross-site scripting (XSS) vulnerability has been reported to affect ...)
+	TODO: check
+CVE-2024-1744 (Exposure of Sensitive Information to an Unauthorized Actor vulnerabili ...)
+	TODO: check
+CVE-2023-51368 (A NULL pointer dereference vulnerability has been reported to affect s ...)
+	TODO: check
+CVE-2023-51367 (A buffer copy without checking size of input vulnerability has been re ...)
+	TODO: check
+CVE-2023-51366 (A path traversal vulnerability has been reported to affect several QNA ...)
+	TODO: check
+CVE-2023-50366 (A cross-site scripting (XSS) vulnerability has been reported to affect ...)
+	TODO: check
+CVE-2023-50360 (A SQL injection vulnerability has been reported to affect Video Statio ...)
+	TODO: check
+CVE-2023-47563 (An OS command injection vulnerability has been reported to affect Vide ...)
+	TODO: check
+CVE-2023-45038 (An improper authentication vulnerability has been reported to affect M ...)
+	TODO: check
+CVE-2023-39300 (An OS command injection vulnerability has been reported to affect lega ...)
+	TODO: check
+CVE-2023-39298 (A missing authorization vulnerability has been reported to affect seve ...)
+	TODO: check
+CVE-2023-34979 (An OS command injection vulnerability has been reported to affect seve ...)
+	TODO: check
+CVE-2023-34974 (An OS command injection vulnerability has been reported to affect seve ...)
+	TODO: check
 CVE-2024-45498
 	- airflow <itp> (bug #819700)
 CVE-2024-45034
@@ -35,10 +135,10 @@ CVE-2024-34155
 	NOTE: https://go.dev/issue/69138
 	NOTE: https://github.com/golang/go/commit/53487e5477151ed75da50e50a0ba8f1ca64c00a3 (go1.23.1)
 	NOTE: https://github.com/golang/go/commit/b232596139dbe96a62edbe3a2a203e856bf556eb (go1.22.7)
-CVE-2023-52916 [media: aspeed: Fix memory overwrite if timing is 1600x900]
+CVE-2023-52916 (In the Linux kernel, the following vulnerability has been resolved:  m ...)
 	- linux 6.6.8-1
 	NOTE: https://git.kernel.org/linus/c281355068bc258fd619c5aefd978595bede7bfe (6.6-rc1)
-CVE-2023-52915 [media: dvb-usb-v2: af9035: Fix null-ptr-deref in af9035_i2c_master_xfer]
+CVE-2023-52915 (In the Linux kernel, the following vulnerability has been resolved:  m ...)
 	- linux 6.5.6-1
 	[bookworm] - linux 6.1.55-1
 	[bullseye] - linux 5.10.197-1
@@ -1583,11 +1683,11 @@ CVE-2024-45233 (An issue was discovered in powermail extension through 12.3.5 fo
 	NOT-FOR-US: TYPO3 extension
 CVE-2024-45232 (An issue was discovered in powermail extension through 12.3.5 for TYPO ...)
 	NOT-FOR-US: TYPO3 extension
-CVE-2024-45059 (i-Educar is free, completely online school management software that al ...)
+CVE-2024-45059 (i-Educar is free, fully online school management software that can be  ...)
 	NOT-FOR-US: i-Educar
-CVE-2024-45058 (i-Educar is free, completely online school management software that al ...)
+CVE-2024-45058 (i-Educar is free, fully online school management software that can be  ...)
 	NOT-FOR-US: i-Educar
-CVE-2024-45057 (i-Educar is free, completely online school management software that al ...)
+CVE-2024-45057 (i-Educar is free, fully online school management software that can be  ...)
 	NOT-FOR-US: i-Educar
 CVE-2024-45048 (PHPSpreadsheet is a pure PHP library for reading and writing spreadshe ...)
 	NOT-FOR-US: PHPSpreadsheet
@@ -1616,9 +1716,9 @@ CVE-2024-7447 (The Interactive Contact Form and Multi Step Form Builder with Dra
 	NOT-FOR-US: WordPress plugin
 CVE-2024-7269 (Improper Neutralization of Input During Web Page Generation vulnerabil ...)
 	NOT-FOR-US: ConnX ESP HR Management
-CVE-2024-6450 (HyperViewGeoportal Toolkit in versions though8.2.4 is vulnerable to Re ...)
+CVE-2024-6450 (HyperViewGeoportal Toolkit in versions lower than 8.5.0 is vulnerable  ...)
 	NOT-FOR-US: HyperView Geoportal Toolkit
-CVE-2024-6449 (HyperViewGeoportal Toolkit in versions though8.2.4 does not restrict c ...)
+CVE-2024-6449 (HyperViewGeoportal Toolkit in versions lower than8.5.0does not restric ...)
 	NOT-FOR-US: HyperView Geoportal Toolkit
 CVE-2024-6053 (Improper access control in the clipboard synchronization feature in Te ...)
 	NOT-FOR-US: TeamViewer
@@ -195323,8 +195423,8 @@ CVE-2022-27594
 	RESERVED
 CVE-2022-27593 (An externally controlled reference to a resource vulnerability has bee ...)
 	NOT-FOR-US: QNAP
-CVE-2022-27592
-	RESERVED
+CVE-2022-27592 (An unquoted search path or element vulnerability has been reported to  ...)
+	TODO: check
 CVE-2022-27591
 	RESERVED
 CVE-2022-27590



View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/741dd860e59f122c562d13e79e326d14e7ec0cf6

-- 
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/741dd860e59f122c562d13e79e326d14e7ec0cf6
You're receiving this email because of your account on salsa.debian.org.


-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://alioth-lists.debian.net/pipermail/debian-security-tracker-commits/attachments/20240906/ad041a63/attachment.htm>

More information about the debian-security-tracker-commits mailing list