Salvatore Bonaccorso pushed to branch master at Debian Security Tracker /
security-tracker
Commits:
861da87f by security tracker role at 2024-04-02T08:12:13+00:00
automatic update
- - - - -
1 changed file:
- data/CVE/list
Changes:
=====================================
data/CVE/list
=====================================
@@ -1,3 +1,227 @@
+CVE-2024-3165 (System->Maintenance-> Log Files in dotCMS dashboard is
providing the u ...)
+ TODO: check
+CVE-2024-3164 (In dotCMS dashboard, the Tools and Log Files tabs under System
\u2192 ...)
+ TODO: check
+CVE-2024-3160 (** DISPUTED ** A vulnerability, which was classified as
problematic, w ...)
+ TODO: check
+CVE-2024-3148 (A vulnerability, which was classified as critical, has been
found in D ...)
+ TODO: check
+CVE-2024-3147 (A vulnerability classified as problematic was found in DedeCMS
5.7. Th ...)
+ TODO: check
+CVE-2024-3146 (A vulnerability classified as problematic has been found in
DedeCMS 5. ...)
+ TODO: check
+CVE-2024-3145 (A vulnerability was found in DedeCMS 5.7. It has been rated as
problem ...)
+ TODO: check
+CVE-2024-3144 (A vulnerability was found in DedeCMS 5.7. It has been declared
as prob ...)
+ TODO: check
+CVE-2024-3143 (A vulnerability was found in DedeCMS 5.7. It has been
classified as pr ...)
+ TODO: check
+CVE-2024-3142 (A vulnerability was found in Clavister E10 and E80 up to
20240323 and ...)
+ TODO: check
+CVE-2024-3141 (A vulnerability has been found in Clavister E10 and E80 up to
20240323 ...)
+ TODO: check
+CVE-2024-3140 (A vulnerability, which was classified as problematic, was found
in Sou ...)
+ TODO: check
+CVE-2024-3139 (A vulnerability, which was classified as critical, has been
found in S ...)
+ TODO: check
+CVE-2024-3138 (** DISPUTED ** A vulnerability was found in francoisjacquet
RosarioSIS ...)
+ TODO: check
+CVE-2024-3137 (Improper Privilege Management in uvdesk/community-skeleton)
+ TODO: check
+CVE-2024-31005 (An issue in Bento4 Bento v.1.6.0-641 allows a remote attacker
to execu ...)
+ TODO: check
+CVE-2024-31004 (An issue in Bento4 Bento v.1.6.0-641 allows a remote attacker
to execu ...)
+ TODO: check
+CVE-2024-31003 (Buffer Overflow vulnerability in Bento4 Bento v.1.6.0-641
allows a rem ...)
+ TODO: check
+CVE-2024-31002 (Buffer Overflow vulnerability in Bento4 Bento v.1.6.0-641
allows a rem ...)
+ TODO: check
+CVE-2024-2925 (The Beaver Builder \u2013 WordPress Page Builder plugin for
WordPress ...)
+ TODO: check
+CVE-2024-2924 (The Creative Addons for Elementor plugin for WordPress is
vulnerable t ...)
+ TODO: check
+CVE-2024-2839 (The Colibri Page Builder plugin for WordPress is vulnerable to
Stored ...)
+ TODO: check
+CVE-2024-2791 (The Metform Elementor Contact Form Builder plugin for WordPress
is vul ...)
+ TODO: check
+CVE-2024-2369 (The Page Builder Gutenberg Blocks WordPress plugin before
3.1.7 does ...)
+ TODO: check
+CVE-2024-29276 (An issue was discovered in seeyonOA version 8, allows remote
attackers ...)
+ TODO: check
+CVE-2024-29086 (in OpenHarmony v3.2.4 and prior versions allow a local
attacker cause ...)
+ TODO: check
+CVE-2024-29074 (in OpenHarmony v3.2.4 and prior versions allow a local
attacker arbitr ...)
+ TODO: check
+CVE-2024-28951 (in OpenHarmony v4.0.0 and prior versions allow a local
attacker arbitr ...)
+ TODO: check
+CVE-2024-28226 (in OpenHarmony v4.0.0 and prior versions allow a remote
attacker cause ...)
+ TODO: check
+CVE-2024-27334 (Kofax Power PDF JPG File Parsing Out-Of-Bounds Read
Information Disclo ...)
+ TODO: check
+CVE-2024-27333 (Kofax Power PDF GIF File Parsing Out-Of-Bounds Read
Information Disclo ...)
+ TODO: check
+CVE-2024-27332 (PDF-XChange Editor JPG File Parsing Out-Of-Bounds Read
Information Dis ...)
+ TODO: check
+CVE-2024-27331 (PDF-XChange Editor EMF File Parsing Out-Of-Bounds Read
Information Dis ...)
+ TODO: check
+CVE-2024-27330 (PDF-XChange Editor EMF File Parsing Out-Of-Bounds Read
Information Dis ...)
+ TODO: check
+CVE-2024-27329 (PDF-XChange Editor XPS File Parsing Out-Of-Bounds Read
Information Dis ...)
+ TODO: check
+CVE-2024-27328 (PDF-XChange Editor EMF File Parsing Out-Of-Bounds Read
Information Dis ...)
+ TODO: check
+CVE-2024-27327 (PDF-XChange Editor PDF File Parsing Out-Of-Bounds Write Remote
Code Ex ...)
+ TODO: check
+CVE-2024-27326 (PDF-XChange Editor XPS File Parsing Out-Of-Bounds Read
Information Dis ...)
+ TODO: check
+CVE-2024-27325 (PDF-XChange Editor EMF File Parsing Out-Of-Bounds Read
Information Dis ...)
+ TODO: check
+CVE-2024-27324 (PDF-XChange Editor TIF File Parsing Out-Of-Bounds Read
Information Dis ...)
+ TODO: check
+CVE-2024-27323 (PDF-XChange Editor Updater Improper Certificate Validation
Remote Code ...)
+ TODO: check
+CVE-2024-26684 (In the Linux kernel, the following vulnerability has been
resolved: n ...)
+ TODO: check
+CVE-2024-26683 (In the Linux kernel, the following vulnerability has been
resolved: w ...)
+ TODO: check
+CVE-2024-26682 (In the Linux kernel, the following vulnerability has been
resolved: w ...)
+ TODO: check
+CVE-2024-26681 (In the Linux kernel, the following vulnerability has been
resolved: n ...)
+ TODO: check
+CVE-2024-26680 (In the Linux kernel, the following vulnerability has been
resolved: n ...)
+ TODO: check
+CVE-2024-26679 (In the Linux kernel, the following vulnerability has been
resolved: i ...)
+ TODO: check
+CVE-2024-26678 (In the Linux kernel, the following vulnerability has been
resolved: x ...)
+ TODO: check
+CVE-2024-26677 (In the Linux kernel, the following vulnerability has been
resolved: r ...)
+ TODO: check
+CVE-2024-26676 (In the Linux kernel, the following vulnerability has been
resolved: a ...)
+ TODO: check
+CVE-2024-26675 (In the Linux kernel, the following vulnerability has been
resolved: p ...)
+ TODO: check
+CVE-2024-26674 (In the Linux kernel, the following vulnerability has been
resolved: x ...)
+ TODO: check
+CVE-2024-26673 (In the Linux kernel, the following vulnerability has been
resolved: n ...)
+ TODO: check
+CVE-2024-26672 (In the Linux kernel, the following vulnerability has been
resolved: d ...)
+ TODO: check
+CVE-2024-26671 (In the Linux kernel, the following vulnerability has been
resolved: b ...)
+ TODO: check
+CVE-2024-26670 (In the Linux kernel, the following vulnerability has been
resolved: a ...)
+ TODO: check
+CVE-2024-26669 (In the Linux kernel, the following vulnerability has been
resolved: n ...)
+ TODO: check
+CVE-2024-26668 (In the Linux kernel, the following vulnerability has been
resolved: n ...)
+ TODO: check
+CVE-2024-26667 (In the Linux kernel, the following vulnerability has been
resolved: d ...)
+ TODO: check
+CVE-2024-26666 (In the Linux kernel, the following vulnerability has been
resolved: w ...)
+ TODO: check
+CVE-2024-26665 (In the Linux kernel, the following vulnerability has been
resolved: t ...)
+ TODO: check
+CVE-2024-26664 (In the Linux kernel, the following vulnerability has been
resolved: h ...)
+ TODO: check
+CVE-2024-26663 (In the Linux kernel, the following vulnerability has been
resolved: t ...)
+ TODO: check
+CVE-2024-26662 (In the Linux kernel, the following vulnerability has been
resolved: d ...)
+ TODO: check
+CVE-2024-26661 (In the Linux kernel, the following vulnerability has been
resolved: d ...)
+ TODO: check
+CVE-2024-26660 (In the Linux kernel, the following vulnerability has been
resolved: d ...)
+ TODO: check
+CVE-2024-26659 (In the Linux kernel, the following vulnerability has been
resolved: x ...)
+ TODO: check
+CVE-2024-26658 (In the Linux kernel, the following vulnerability has been
resolved: b ...)
+ TODO: check
+CVE-2024-26657 (In the Linux kernel, the following vulnerability has been
resolved: d ...)
+ TODO: check
+CVE-2024-26656 (In the Linux kernel, the following vulnerability has been
resolved: d ...)
+ TODO: check
+CVE-2024-25187 (Server Side Request Forgery (SSRF) vulnerability in 71cms
v1.0.0, allo ...)
+ TODO: check
+CVE-2024-24581 (in OpenHarmony v4.0.0 and prior versions allow a local
attacker arbitr ...)
+ TODO: check
+CVE-2024-23119 (Centreon insertGraphTemplate SQL Injection Remote Code
Execution Vulne ...)
+ TODO: check
+CVE-2024-23118 (Centreon updateContactHostCommands SQL Injection Remote Code
Execution ...)
+ TODO: check
+CVE-2024-23117 (Centreon updateContactServiceCommands SQL Injection Remote
Code Execut ...)
+ TODO: check
+CVE-2024-23116 (Centreon updateLCARelation SQL Injection Remote Code Execution
Vulnera ...)
+ TODO: check
+CVE-2024-23115 (Centreon updateGroups SQL Injection Remote Code Execution
Vulnerabilit ...)
+ TODO: check
+CVE-2024-22180 (in OpenHarmony v4.0.0 and prior versions allow a local
attacker cause ...)
+ TODO: check
+CVE-2024-22177 (in OpenHarmony v3.2.4 and prior versions allow a local
attacker cause ...)
+ TODO: check
+CVE-2024-22098 (in OpenHarmony v3.2.4 and prior versions allow a local
attacker arbitr ...)
+ TODO: check
+CVE-2024-22092 (in OpenHarmony v3.2.4 and prior versions allow a remote
attacker bypas ...)
+ TODO: check
+CVE-2024-21834 (in OpenHarmony v3.2.4 and prior versions allow a local
attacker cause ...)
+ TODO: check
+CVE-2024-20854 (Improper handling of insufficient privileges vulnerability in
Samsung ...)
+ TODO: check
+CVE-2024-20853 (Improper verification of intent by broadcast receiver
vulnerability in ...)
+ TODO: check
+CVE-2024-20852 (Improper verification of intent by broadcast receiver
vulnerability in ...)
+ TODO: check
+CVE-2024-20851 (Improper access control vulnerability in Samsung Data Store
prior to v ...)
+ TODO: check
+CVE-2024-20850 (Use of Implicit Intent for Sensitive Communication in Samsung
Pay prio ...)
+ TODO: check
+CVE-2024-20849 (Out-of-bound Write vulnerability in chunk parsing
implementation of li ...)
+ TODO: check
+CVE-2024-20848 (Out-of-bound Write vulnerability in text parsing
implementation of lib ...)
+ TODO: check
+CVE-2024-20847 (Improper Access Control vulnerability in StorageManagerService
prior t ...)
+ TODO: check
+CVE-2024-20846 (Out-of-bounds write vulnerability while decoding hcr of
libsavsac.so p ...)
+ TODO: check
+CVE-2024-20845 (Out-of-bounds write vulnerability while releasing memory in
libsavsac. ...)
+ TODO: check
+CVE-2024-20844 (Out-of-bounds write vulnerability while parsing remaining
codewords in ...)
+ TODO: check
+CVE-2024-20843 (Out-of-bound write vulnerability in command parsing
implementation of ...)
+ TODO: check
+CVE-2024-20842 (Improper Input Validation vulnerability in handling apdu of
libsec-ril ...)
+ TODO: check
+CVE-2024-20799 (Adobe Experience Manager versions 6.5.19 and earlier are
affected by a ...)
+ TODO: check
+CVE-2024-1863 (Sante PACS Server Token Endpoint SQL Injection Remote Code
Execution V ...)
+ TODO: check
+CVE-2024-1504 (The SecuPress Free \u2014 WordPress Security plugin for
WordPress is v ...)
+ TODO: check
+CVE-2024-1274 (The My Calendar WordPress plugin before 3.4.24 does not
sanitise and e ...)
+ TODO: check
+CVE-2024-1179 (TP-Link Omada ER605 DHCPv6 Client Options Stack-based Buffer
Overflow ...)
+ TODO: check
+CVE-2024-0637 (Centreon updateDirectory SQL Injection Remote Code Execution
Vulnerabi ...)
+ TODO: check
+CVE-2023-52636 (In the Linux kernel, the following vulnerability has been
resolved: l ...)
+ TODO: check
+CVE-2023-52635 (In the Linux kernel, the following vulnerability has been
resolved: P ...)
+ TODO: check
+CVE-2023-52634 (In the Linux kernel, the following vulnerability has been
resolved: d ...)
+ TODO: check
+CVE-2023-52633 (In the Linux kernel, the following vulnerability has been
resolved: u ...)
+ TODO: check
+CVE-2023-52632 (In the Linux kernel, the following vulnerability has been
resolved: d ...)
+ TODO: check
+CVE-2023-52631 (In the Linux kernel, the following vulnerability has been
resolved: f ...)
+ TODO: check
+CVE-2023-52630 (In the Linux kernel, the following vulnerability has been
resolved: b ...)
+ TODO: check
+CVE-2023-51573 (Voltronic Power ViewPower Pro updateManagerPassword Exposed
Dangerous ...)
+ TODO: check
+CVE-2023-51572 (Voltronic Power ViewPower Pro getMacAddressByIp Command
Injection Remo ...)
+ TODO: check
+CVE-2023-51571 (Voltronic Power ViewPower Pro SocketService Missing
Authentication Den ...)
+ TODO: check
+CVE-2023-51570 (Voltronic Power ViewPower Pro Deserialization of Untrusted
Data Remote ...)
+ TODO: check
CVE-2024-28219
- pillow <unfixed>
NOTE:
https://pillow.readthedocs.io/en/stable/releasenotes/10.3.0.html#security
@@ -3010,7 +3234,7 @@ CVE-2024-29419 (There is a Cross-site scripting (XSS)
vulnerability in the Wirel
NOT-FOR-US: TOTOLINK
CVE-2024-28868 (Umbraco is an ASP.NET content management system. Umbraco 10
prior to 1 ...)
NOT-FOR-US: Umbraco
-CVE-2024-28735 (An incorrect access control issue in Unit4 Financials by Coda
v.2023Q4 ...)
+CVE-2024-28735 (Unit4 Financials by Coda versions prior to 2023Q4 suffer from
an incor ...)
NOT-FOR-US: Unit4 Financials by Coda
CVE-2024-28396 (An issue in MyPrestaModules ordersexport v.6.0.2 and before
allows a r ...)
NOT-FOR-US: PrestaShop module
@@ -3481,7 +3705,7 @@ CVE-2024-29089 (Improper Neutralization of Input During
Web Page Generation ('Cr
NOT-FOR-US: WordPress plugin
CVE-2024-29027 (Parse Server is an open source backend that can be deployed to
any inf ...)
NOT-FOR-US: Parse Server
-CVE-2024-28734 (Cross Site Scripting vulnerability in Unit4 Financials by Coda
v.2024Q ...)
+CVE-2024-28734 (Cross Site Scripting vulnerability in Unit4 Financials by Coda
prior t ...)
NOT-FOR-US: Unit4 Financials by Coda
CVE-2024-28595 (SQL Injection vulnerability in Employee Management System v1.0
allows ...)
NOT-FOR-US: Employee Management System
@@ -13646,7 +13870,7 @@ CVE-2024-1312 (A use-after-free flaw was found in the
Linux kernel's Memory Mana
[bullseye] - linux <not-affected> (Vulnerable code not present)
[buster] - linux <not-affected> (Vulnerable code not present)
NOTE:
https://git.kernel.org/linus/657b5146955eba331e01b9a6ae89ce2e716ba306 (6.5-rc4)
-CVE-2024-1300
+CVE-2024-1300 (A vulnerability in the Eclipse Vert.x toolkit causes a memory
leak in ...)
NOT-FOR-US: Eclipse Vertx
CVE-2024-1066 (An issue has been discovered in GitLab EE affecting all
versions from ...)
- gitlab 16.6.7-1
@@ -135441,7 +135665,7 @@ CVE-2022-31631
NOTE: PHP Bug: https://bugs.php.net/bug.php?id=81740
NOTE: Fixed by:
https://github.com/php/php-src/commit/921b6813da3237a83e908998483f46ae3d8bacba
(php-8.0.27)
NOTE: Improvement:
https://github.com/php/php-src/commit/a6a80eefe0413c91acd922bc58590a4db7979af0
-CVE-2022-31630 (In PHP versions prior to 7.4.33, 8.0.25 and 8.2.12, when using
imagelo ...)
+CVE-2022-31630 (In PHP versions prior to 7.4.33, 8.0.25 and 8.1.12, when using
imagelo ...)
{DSA-5277-1}
- php8.1 8.1.12-1
- php7.4 <removed>
View it on GitLab:
https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/861da87f37247b3a1c731cf0d9cae37a94392e6c
--
View it on GitLab:
https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/861da87f37247b3a1c731cf0d9cae37a94392e6c
You're receiving this email because of your account on salsa.debian.org.
_______________________________________________
debian-security-tracker-commits mailing list
[email protected]
https://alioth-lists.debian.net/cgi-bin/mailman/listinfo/debian-security-tracker-commits
