[Git][security-tracker-team/security-tracker][master] automatic update

Salvatore Bonaccorso (@carnil) Wed, 20 Mar 2024 13:13:21 -0700


Salvatore Bonaccorso pushed to branch master at Debian Security Tracker / 
security-tracker



Commits:
7e10c034 by security tracker role at 2024-03-20T20:12:21+00:00
automatic update

- - - - -


1 changed file:

- data/CVE/list


Changes:

=====================================
data/CVE/list
=====================================
@@ -1,28 +1,142 @@
-CVE-2024-2631
+CVE-2024-2721 (Deserialization of Untrusted Data vulnerability in Social Media 
Share  ...)
+       TODO: check
+CVE-2024-2716 (A vulnerability was found in Campcodes Complete Online DJ 
Booking Syst ...)
+       TODO: check
+CVE-2024-2715 (A vulnerability was found in Campcodes Complete Online DJ 
Booking Syst ...)
+       TODO: check
+CVE-2024-2714 (A vulnerability has been found in Campcodes Complete Online DJ 
Booking ...)
+       TODO: check
+CVE-2024-2713 (A vulnerability, which was classified as critical, was found in 
Campco ...)
+       TODO: check
+CVE-2024-2712 (A vulnerability, which was classified as critical, has been 
found in C ...)
+       TODO: check
+CVE-2024-2711 (A vulnerability was found in Tenda AC10U 15.03.06.48. It has 
been rate ...)
+       TODO: check
+CVE-2024-2710 (A vulnerability was found in Tenda AC10U 15.03.06.49. It has 
been decl ...)
+       TODO: check
+CVE-2024-2709 (A vulnerability was found in Tenda AC10U 15.03.06.49. It has 
been clas ...)
+       TODO: check
+CVE-2024-2708 (A vulnerability was found in Tenda AC10U 15.03.06.49 and 
classified as ...)
+       TODO: check
+CVE-2024-2707 (A vulnerability has been found in Tenda AC10U 15.03.06.49 and 
classifi ...)
+       TODO: check
+CVE-2024-2706 (A vulnerability, which was classified as critical, was found in 
Tenda  ...)
+       TODO: check
+CVE-2024-2705 (A vulnerability, which was classified as critical, has been 
found in T ...)
+       TODO: check
+CVE-2024-2704 (A vulnerability classified as critical was found in Tenda AC10U 
15.03. ...)
+       TODO: check
+CVE-2024-2703 (A vulnerability classified as critical has been found in Tenda 
AC10U 1 ...)
+       TODO: check
+CVE-2024-2702 (Missing Authorization vulnerability in Olive Themes Olive One 
Click De ...)
+       TODO: check
+CVE-2024-2690 (A vulnerability was found in SourceCodester Online Discussion 
Forum Si ...)
+       TODO: check
+CVE-2024-2687 (A vulnerability was found in Campcodes Online Job Finder System 
1.0 an ...)
+       TODO: check
+CVE-2024-2686 (A vulnerability has been found in Campcodes Online Job Finder 
System 1 ...)
+       TODO: check
+CVE-2024-2685 (A vulnerability, which was classified as problematic, was found 
in Cam ...)
+       TODO: check
+CVE-2024-2684 (A vulnerability, which was classified as problematic, has been 
found i ...)
+       TODO: check
+CVE-2024-2683 (A vulnerability classified as problematic was found in 
Campcodes Onlin ...)
+       TODO: check
+CVE-2024-2291 (In Progress MOVEit Transfer versions released before 2022.0.11 
(14.0.1 ...)
+       TODO: check
+CVE-2024-29419 (There is a Cross-site scripting (XSS) vulnerability in the 
Wireless se ...)
+       TODO: check
+CVE-2024-28868 (Umbraco is an ASP.NET content management system. Umbraco 10 
prior to 1 ...)
+       TODO: check
+CVE-2024-28735 (An incorrect access control issue in Unit4 Financials by Coda 
v.2023Q4 ...)
+       TODO: check
+CVE-2024-28396 (An issue in MyPrestaModules ordersexport v.6.0.2 and before 
allows a r ...)
+       TODO: check
+CVE-2024-28395 (SQL injection vulnerability in Best-Kit bestkit_popup v.1.7.2 
and befo ...)
+       TODO: check
+CVE-2024-28392 (SQL injection vulnerability in pscartabandonmentpro v.2.0.11 
and befor ...)
+       TODO: check
+CVE-2024-28286 (In mz-automation libiec61850 v1.4.0, a NULL Pointer 
Dereference was de ...)
+       TODO: check
+CVE-2024-28231 (eprosima Fast DDS is a C++ implementation of the Data 
Distribution Ser ...)
+       TODO: check
+CVE-2024-28179 (Jupyter Server Proxy allows users to run arbitrary external 
processes  ...)
+       TODO: check
+CVE-2024-27286 (Zulip is an open-source team collaboration. When a user moves 
a Zulip  ...)
+       TODO: check
+CVE-2024-27105 (Frappe is a full-stack web application framework. Prior to 
versions 14 ...)
+       TODO: check
+CVE-2024-24813 (Frappe is a full-stack web application framework. Prior to 
versions 14 ...)
+       TODO: check
+CVE-2024-23821 (GeoServer is an open source software server written in Java 
that allow ...)
+       TODO: check
+CVE-2024-23819 (GeoServer is an open source software server written in Java 
that allow ...)
+       TODO: check
+CVE-2024-23818 (GeoServer is an open source software server written in Java 
that allow ...)
+       TODO: check
+CVE-2024-23721 (A Directory Traversal issue was discovered in process_post on 
Draytek  ...)
+       TODO: check
+CVE-2024-23643 (GeoServer is an open source software server written in Java 
that allow ...)
+       TODO: check
+CVE-2024-23642 (GeoServer is an open source software server written in Java 
that allow ...)
+       TODO: check
+CVE-2024-23640 (GeoServer is an open source software server written in Java 
that allow ...)
+       TODO: check
+CVE-2024-23634 (GeoServer is an open source software server written in Java 
that allow ...)
+       TODO: check
+CVE-2024-1992
+       REJECTED
+CVE-2024-1856 (In Progress\xae Telerik\xae Reporting versions prior to 2024 Q1 
(18.0. ...)
+       TODO: check
+CVE-2024-1811 (A potential vulnerability has been identified in OpenText 
ArcSight Pla ...)
+       TODO: check
+CVE-2024-1801 (In Progress\xae Telerik\xae Reporting versions prior to 2024 Q1 
(18.0. ...)
+       TODO: check
+CVE-2024-1800 (In Progress\xae Telerik\xae Report Server versions prior to 
2024 Q1 (1 ...)
+       TODO: check
+CVE-2023-52229 (Missing Authorization vulnerability in Save as PDF plugin by 
Pdfcrowd  ...)
+       TODO: check
+CVE-2023-51445 (GeoServer is an open source software server written in Java 
that allow ...)
+       TODO: check
+CVE-2023-51444 (GeoServer is an open source software server written in Java 
that allow ...)
+       TODO: check
+CVE-2023-50967 (latchset jose through version 11 allows attackers to cause a 
denial of ...)
+       TODO: check
+CVE-2023-45177 (IBM MQ 9.0 LTS, 9.1 LTS, 9.2 LTS, 9.3 LTS and 9.3 CD is 
vulnerable to  ...)
+       TODO: check
+CVE-2023-41877 (GeoServer is an open source software server written in Java 
that allow ...)
+       TODO: check
+CVE-2023-41038 (Firebird is a relational database. Versions 4.0.0 through 
4.0.3 and ve ...)
+       TODO: check
+CVE-2023-35888 (IBM Security Verify Governance 10.0.2 could allow a remote 
attacker to ...)
+       TODO: check
+CVE-2022-4963 (A vulnerability was found in Folio Spring Module Core up to 
1.1.5. It  ...)
+       TODO: check
+CVE-2024-2631 (Inappropriate implementation in iOS in Google Chrome prior to 
123.0.63 ...)
        - chromium <unfixed>
        [bullseye] - chromium <end-of-life> (see #1061268)
        [buster] - chromium <end-of-life> (see DSA 5046)
-CVE-2024-2630
+CVE-2024-2630 (Inappropriate implementation in iOS in Google Chrome prior to 
123.0.63 ...)
        - chromium <unfixed>
        [bullseye] - chromium <end-of-life> (see #1061268)
        [buster] - chromium <end-of-life> (see DSA 5046)
-CVE-2024-2629
+CVE-2024-2629 (Incorrect security UI in iOS in Google Chrome prior to 
123.0.6312.58 a ...)
        - chromium <unfixed>
        [bullseye] - chromium <end-of-life> (see #1061268)
        [buster] - chromium <end-of-life> (see DSA 5046)
-CVE-2024-2628
+CVE-2024-2628 (Inappropriate implementation in Downloads in Google Chrome 
prior to 12 ...)
        - chromium <unfixed>
        [bullseye] - chromium <end-of-life> (see #1061268)
        [buster] - chromium <end-of-life> (see DSA 5046)
-CVE-2024-2627
+CVE-2024-2627 (Use after free in Canvas in Google Chrome prior to 
123.0.6312.58 allow ...)
        - chromium <unfixed>
        [bullseye] - chromium <end-of-life> (see #1061268)
        [buster] - chromium <end-of-life> (see DSA 5046)
-CVE-2024-2626
+CVE-2024-2626 (Out of bounds read in Swiftshader in Google Chrome prior to 
123.0.6312 ...)
        - chromium <unfixed>
        [bullseye] - chromium <end-of-life> (see #1061268)
        [buster] - chromium <end-of-life> (see DSA 5046)
-CVE-2024-2625
+CVE-2024-2625 (Object lifecycle issue in V8 in Google Chrome prior to 
123.0.6312.58 a ...)
        - chromium <unfixed>
        [bullseye] - chromium <end-of-life> (see #1061268)
        [buster] - chromium <end-of-life> (see DSA 5046)
@@ -2543,7 +2657,8 @@ CVE-2023-49785 (NextChat, also known as ChatGPT-Next-Web, 
is a cross-platform ch
        NOT-FOR-US: NextChat
 CVE-2023-49453 (Reflected cross-site scripting (XSS) vulnerability in 
Racktables v0.22 ...)
        - racktables <itp> (bug #629531)
-CVE-2024-2370 (Unrestricted file upload vulnerability in ManageEngine Desktop 
Central ...)
+CVE-2024-2370
+       REJECTED
        NOT-FOR-US: ManageEngine
 CVE-2024-2357 (The Libreswan Project was notified of an issue causing 
libreswan to re ...)
        - libreswan 4.14-1 (bug #1066059)
@@ -3124,7 +3239,8 @@ CVE-2024-0203 (The Digits plugin for WordPress is 
vulnerable to Cross-Site Reque
        NOT-FOR-US: WordPress plugin
 CVE-2023-48725 (A stack-based buffer overflow vulnerability exists in the JSON 
Parsing ...)
        NOT-FOR-US: Netgear
-CVE-2023-47691 (Missing Authorization vulnerability in Podlove Podlove Web 
Player.This ...)
+CVE-2023-47691
+       REJECTED
        NOT-FOR-US: WordPress plugin
 CVE-2023-42662 (JFrog Artifactory versions 7.59 and above, but below 7.59.18, 
7.63.18, ...)
        NOT-FOR-US: JFrog Artifactory
@@ -7395,6 +7511,7 @@ CVE-2024-25288 (SLIMS (Senayan Library Management 
Systems) 9 Bulian v9.6.1 is vu
 CVE-2024-25249 (An issue in He3 App for macOS version 2.0.17, allows remote 
attackers  ...)
        NOT-FOR-US: He3 App for macOS
 CVE-2024-25117 (php-svg-lib is a scalable vector graphics (SVG) file 
parsing/rendering ...)
+       {DSA-5642-1}
        - php-dompdf-svg-lib 0.5.2-1 (bug #1064781)
        NOTE: 
https://github.com/dompdf/php-svg-lib/security/advisories/GHSA-f3qr-qr4x-j273
        NOTE: 
https://github.com/dompdf/php-svg-lib/commit/732faa9fb4309221e2bd9b2fda5de44f947133aa
 (0.5.2)
@@ -13761,19 +13878,19 @@ CVE-2020-36772 (CloudLinux  CageFS 7.0.8-2 or below 
insufficiently restricts fil
        NOT-FOR-US: CloudLinux CageFS
 CVE-2020-36771 (CloudLinux  CageFS 7.1.1-1 or below passes the authentication 
token as ...)
        NOT-FOR-US: CloudLinux CageFS
-CVE-2023-46841 [x86: shadow stack vs exceptions from emulation stubs]
+CVE-2023-46841 (Recent x86 CPUs offer functionality named Control-flow 
Enforcement Tec ...)
        - xen 4.17.3+36-g54dacb5c02-1
        [bookworm] - xen <postponed> (Minor issue, fix along in next DSA)
        [bullseye] - xen <end-of-life> (EOLed in Bullseye)
        [buster] - xen <not-affected> (Vulnerable code not present)
        NOTE: https://xenbits.xen.org/xsa/advisory-451.html
-CVE-2023-46840 [VT-d: Failure to quarantine devices in !HVM builds]
+CVE-2023-46840 (Incorrect placement of a preprocessor directive in source code 
results ...)
        - xen 4.17.3+10-g091466ba55-1
        [bookworm] - xen 4.17.3+10-g091466ba55-1~deb12u1
        [bullseye] - xen <not-affected> (Vulnerable code not present)
        [buster] - xen <not-affected> (Vulnerable code not present)
        NOTE: https://xenbits.xen.org/xsa/advisory-450.html
-CVE-2023-46839 [pci: phantom functions assigned to incorrect contexts]
+CVE-2023-46839 (PCI devices can make use of a functionality called phantom 
functions,  ...)
        - xen 4.17.3+10-g091466ba55-1
        [bookworm] - xen 4.17.3+10-g091466ba55-1~deb12u1
        [bullseye] - xen <end-of-life> (EOLed in Bullseye)
@@ -21588,11 +21705,13 @@ CVE-2023-6753 (Path Traversal in GitHub repository 
mlflow/mlflow prior to 2.9.2.
 CVE-2023-50263 (Nautobot is a Network Source of Truth and Network Automation 
Platform  ...)
        NOT-FOR-US: Nautobot
 CVE-2023-50252 (php-svg-lib is an SVG file parsing / rendering library. Prior 
to versi ...)
+       {DSA-5642-1}
        - php-dompdf-svg-lib 0.5.1-1 (bug #1058641)
        NOTE: 
https://github.com/dompdf/php-svg-lib/security/advisories/GHSA-jq98-9543-m4cr
        NOTE: Fixed by: 
https://github.com/dompdf/php-svg-lib/commit/08ce6a96d63ad7216315fae34a61c886dd2dc030
 (0.5.1)
        TODO: check, other packages are embedding  the library: civicrm, 
icinga-php-thirdparty and icingaweb2 to be checked
 CVE-2023-50251 (php-svg-lib is an SVG file parsing / rendering library. Prior 
to versi ...)
+       {DSA-5642-1}
        - php-dompdf-svg-lib 0.5.1-1 (bug #1058641)
        NOTE: 
https://github.com/dompdf/php-svg-lib/security/advisories/GHSA-ff5x-7qg5-vwf2
        NOTE: Fixed by: 
https://github.com/dompdf/php-svg-lib/commit/88163cbe562d9b391b3a352e54d9c89d02d77ee0
 (0.5.1)



View it on GitLab: 
https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/7e10c03435d4db02cb1173c49bfd93f5ea5c03ef

-- 
View it on GitLab: 
https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/7e10c03435d4db02cb1173c49bfd93f5ea5c03ef
You're receiving this email because of your account on salsa.debian.org.

_______________________________________________
debian-security-tracker-commits mailing list
[email protected]
https://alioth-lists.debian.net/cgi-bin/mailman/listinfo/debian-security-tracker-commits

[Git][security-tracker-team/security-tracker][master] automatic update

Reply via email to