[Git][security-tracker-team/security-tracker][master] automatic update
Salvatore Bonaccorso (@carnil)
carnil at debian.org
Thu Sep 19 09:12:04 BST 2024
Salvatore Bonaccorso pushed to branch master at Debian Security Tracker / security-tracker
Commits:
878d1793 by security tracker role at 2024-09-19T08:11:57+00:00
automatic update
- - - - -
1 changed file:
- data/CVE/list
Changes:
=====================================
data/CVE/list
=====================================
@@ -1,3 +1,43 @@
+CVE-2024-8850 (The MC4WP: Mailchimp for WordPress plugin for WordPress is vulnerable ...)
+ TODO: check
+CVE-2024-8364 (The WP Custom Fields Search plugin for WordPress is vulnerable to Stor ...)
+ TODO: check
+CVE-2024-7254 (Any project that parses untrusted Protocol Buffers datacontaining an a ...)
+ TODO: check
+CVE-2024-47089 (This vulnerability exists in the Apex Softcell LD Geo due to improper ...)
+ TODO: check
+CVE-2024-47088 (This vulnerability exists in Apex Softcell LD Geo due to missing restr ...)
+ TODO: check
+CVE-2024-47087 (This vulnerability exists in Apex Softcell LD Geo due to improper vali ...)
+ TODO: check
+CVE-2024-47086 (This vulnerability exists in Apex Softcell LD DP Back Office due to im ...)
+ TODO: check
+CVE-2024-47085 (This vulnerability exists in Apex Softcell LD DP Back Office due to im ...)
+ TODO: check
+CVE-2024-47059 (When logging in with the correct username and incorrect weak password, ...)
+ TODO: check
+CVE-2024-47058 (With access to edit a Mautic form, the attacker can add Cross-Site Scr ...)
+ TODO: check
+CVE-2024-47050 (Prior to this patch being applied, Mautic's tracking was vulnerable to ...)
+ TODO: check
+CVE-2024-46946 (langchain_experimental (aka LangChain Experimental) 0.1.17 through 0.3 ...)
+ TODO: check
+CVE-2024-46377 (Best House Rental Management System 1.0 contains an arbitrary file upl ...)
+ TODO: check
+CVE-2024-46376 (Best House Rental Management System 1.0 contains an arbitrary file upl ...)
+ TODO: check
+CVE-2024-46375 (Best House Rental Management System 1.0 contains an arbitrary file upl ...)
+ TODO: check
+CVE-2024-46374 (Best House Rental Management System 1.0 contains a SQL injection vulne ...)
+ TODO: check
+CVE-2024-46373 (Dedecms V5.7.115 contains an arbitrary code execution via file upload ...)
+ TODO: check
+CVE-2024-46372 (DedeCMS 5.7.115 is vulnerable to Cross Site Scripting (XSS) via the ad ...)
+ TODO: check
+CVE-2024-40568 (Buffer Overflow vulnerability in btstack mesh commit before v.864e2f2b ...)
+ TODO: check
+CVE-2024-37406 (In Brave Android prior to v1.67.116, domains in the Brave Shields popu ...)
+ TODO: check
CVE-2024-8969 (OMFLOW from The SYSCOM Group has a vulnerability involving the exposur ...)
NOT-FOR-US: OMFLOW
CVE-2024-8957 (PTZOptics PT30X-SDI/NDI-xx before firmware 6.3.40 is vulnerable to an ...)
@@ -4352,19 +4392,19 @@ CVE-2024-5024 (The Memberpress plugin for WordPress is vulnerable to Reflected C
CVE-2024-4401 (The Elementor Addon Elements plugin for WordPress is vulnerable to Sto ...)
NOT-FOR-US: WordPress plugin
CVE-2024-45492 (An issue was discovered in libexpat before 2.6.3. nextScaffoldPart in ...)
- {DSA-5770-1}
+ {DSA-5770-1 DLA-3893-1}
- expat 2.6.2-2 (bug #1080152)
NOTE: https://github.com/libexpat/libexpat/pull/892
NOTE: https://github.com/libexpat/libexpat/issues/889
NOTE: https://github.com/libexpat/libexpat/commit/29ef43a0bab633b41e71dd6d900fff5f6b3ad5e4 (R_2_6_3)
CVE-2024-45491 (An issue was discovered in libexpat before 2.6.3. dtdCopy in xmlparse. ...)
- {DSA-5770-1}
+ {DSA-5770-1 DLA-3893-1}
- expat 2.6.2-2 (bug #1080150)
NOTE: https://github.com/libexpat/libexpat/pull/891
NOTE: https://github.com/libexpat/libexpat/issues/888
NOTE: https://github.com/libexpat/libexpat/commit/b8a7dca4670973347892cfc452b24d9001dcd6f5 (R_2_6_3)
CVE-2024-45490 (An issue was discovered in libexpat before 2.6.3. xmlparse.c does not ...)
- {DSA-5770-1}
+ {DSA-5770-1 DLA-3893-1}
- expat 2.6.2-2 (bug #1080149)
NOTE: https://github.com/libexpat/libexpat/pull/890
NOTE: https://github.com/libexpat/libexpat/issues/887
@@ -39926,7 +39966,7 @@ CVE-2024-0334 (The Jeg Elementor Kit plugin for WordPress is vulnerable to Store
CVE-2023-7241 (Privilege Escalationin WRSA.EXE in Webroot Antivirus 8.0.1X- 9.0.35.12 ...)
NOT-FOR-US: Webroot Antivirus
CVE-2023-49606 (A use-after-free vulnerability exists in the HTTP Connection Headers p ...)
- {DSA-5705-1}
+ {DSA-5705-1 DLA-3892-1}
- tinyproxy 1.11.1-4 (bug #1070395)
[buster] - tinyproxy <postponed> (Not exploitable easily for RCE; but fix with next update)
NOTE: https://talosintelligence.com/vulnerability_reports/TALOS-2023-1889
@@ -65060,7 +65100,7 @@ CVE-2023-52426 (libexpat through 2.5.0 allows recursive XML Entity Expansion if
NOTE: CVE is for fixing billion laughs attacks for users compiling *without* XML_DTD defined,
NOTE: which is not the case for Debian.
CVE-2023-52425 (libexpat through 2.5.0 allows a denial of service (resource consumptio ...)
- {DLA-3783-1}
+ {DLA-3893-1 DLA-3783-1}
- expat 2.6.0-1 (bug #1063238)
[bookworm] - expat <no-dsa> (Minor issue; can be fixed via point release)
NOTE: https://github.com/libexpat/libexpat/pull/789
@@ -96950,7 +96990,7 @@ CVE-2023-31431 (A buffer overflow vulnerability in \u201cdiagstatus\u201d comman
NOT-FOR-US: Brocade
CVE-2023-31430 (A buffer overflow vulnerability in \u201csecpolicydelete\u201d command ...)
NOT-FOR-US: Brocade
-CVE-2023-31429 (Brocade Fabric OS before Brocade Fabric OS v9.1.1c, v9.2.0 contains a ...)
+CVE-2023-31429 (Brocade Fabric OS before Brocade Fabric OS 9.1.1c, 9.2.0 contains a vu ...)
NOT-FOR-US: Brocade
CVE-2023-31428 (Brocade Fabric OS before Brocade Fabric OS v9.1.1c, v9.2.0 contains a ...)
NOT-FOR-US: Brocade
@@ -109981,8 +110021,8 @@ CVE-2023-1966 (Instruments with Illumina Universal Copy Service v1.x and v2.x co
NOT-FOR-US: Illumina
CVE-2023-1965 (An issue has been discovered in GitLab EE affecting all versions start ...)
- gitlab <not-affected> (Specific to EE)
-CVE-2023-30464
- RESERVED
+CVE-2023-30464 (CoreDNS through 1.10.1 enables attackers to achieve DNS cache poisonin ...)
+ TODO: check
CVE-2023-30463 (Altran picoTCP through 1.7.0 allows memory corruption (and subsequent ...)
NOT-FOR-US: picoTCP
CVE-2023-30462
@@ -138730,8 +138770,8 @@ CVE-2022-4535
RESERVED
CVE-2022-4534
RESERVED
-CVE-2022-4533
- RESERVED
+CVE-2022-4533 (The Limit Login Attempts Plus plugin for WordPress is vulnerable to IP ...)
+ TODO: check
CVE-2022-4532 (The LOGIN AND REGISTRATION ATTEMPTS LIMIT plugin for WordPress is vuln ...)
NOT-FOR-US: WordPress plugin
CVE-2022-4531
@@ -161989,6 +162029,7 @@ CVE-2022-40470 (Phpgurukul Blood Donor Management System 1.0 allows Cross Site S
CVE-2022-40469 (iKuai OS v3.6.7 was discovered to contain an authenticated remote code ...)
NOT-FOR-US: iKuai8
CVE-2022-40468 (Potential leak of left-over heap data if custom error page templates c ...)
+ {DLA-3892-1}
- tinyproxy 1.11.1-2 (bug #1021015)
[buster] - tinyproxy <postponed> (Minor issue)
NOTE: https://github.com/tinyproxy/tinyproxy/issues/457
@@ -203840,12 +203881,12 @@ CVE-2022-25772 (A cross-site scripting (XSS) vulnerability in the web tracking c
NOT-FOR-US: Mautic
CVE-2022-25771
RESERVED
-CVE-2022-25770
- RESERVED
+CVE-2022-25770 (Mautic allows you to update the application via an upgrade script. Th ...)
+ TODO: check
CVE-2022-25769 (ImpactThe default .htaccess file has some restrictions in the access t ...)
TODO: check
-CVE-2022-25768
- RESERVED
+CVE-2022-25768 (The logic in place to facilitate the update process via the user inter ...)
+ TODO: check
CVE-2022-25763 (Improper Input Validation vulnerability in HTTP/2 request validation o ...)
{DSA-5206-1 DLA-3279-1}
- trafficserver 9.1.3+ds-1
@@ -268896,8 +268937,8 @@ CVE-2021-3420 (A flaw was found in newlib in versions prior to 4.0.0. Improper o
[buster] - libnewlib-nano <no-dsa> (Minor issue)
NOTE: Fix in picolibc: https://keithp.com/cgit/picolibc.git/commit/newlib/libc/stdlib/mallocr.c?id=aa106b29a6a8a1b0df9e334704292cbc32f2d44e
NOTE: https://sourceware.org/git/?p=newlib-cygwin.git;a=commit;h=aa106b29a6a8a1b0df9e334704292cbc32f2d44e
-CVE-2021-27917
- RESERVED
+CVE-2021-27917 (Prior to this patch, a stored XSS vulnerability existed in the contact ...)
+ TODO: check
CVE-2021-27916 (Prior to the patched version, logged in users of Mautic are vulnerable ...)
TODO: check
CVE-2021-27915 (Prior to the patched version, there is an XSS vulnerability in the des ...)
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/878d1793421173d7016511eb89dd85529daa3918
--
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/878d1793421173d7016511eb89dd85529daa3918
You're receiving this email because of your account on salsa.debian.org.
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://alioth-lists.debian.net/pipermail/debian-security-tracker-commits/attachments/20240919/1c183c68/attachment.htm>
More information about the debian-security-tracker-commits
mailing list