Salvatore Bonaccorso pushed to branch master at Debian Security Tracker /
security-tracker
Commits:
bb6d802e by security tracker role at 2024-04-15T20:11:56+00:00
automatic update
- - - - -
1 changed file:
- data/CVE/list
Changes:
=====================================
data/CVE/list
=====================================
@@ -1,3 +1,255 @@
+CVE-2024-3804 (A vulnerability, which was classified as critical, has been
found in V ...)
+ TODO: check
+CVE-2024-3803 (A vulnerability classified as critical was found in Vesystem
Cloud Des ...)
+ TODO: check
+CVE-2024-3802 (Vulnerabilities in Celeste 22.x was vulnerable to takeover from
unauth ...)
+ TODO: check
+CVE-2024-3797 (A vulnerability was found in SourceCodester QR Code Bookmark
System 1. ...)
+ TODO: check
+CVE-2024-3796 (Vulnerability in WBSAirback 21.02.04, which consists of a
stored Cross ...)
+ TODO: check
+CVE-2024-3795 (Vulnerability in WBSAirback 21.02.04, which consists of a
stored Cross ...)
+ TODO: check
+CVE-2024-3794 (Vulnerability in WBSAirback 21.02.04, which consists of a
stored Cross ...)
+ TODO: check
+CVE-2024-3793 (Vulnerability in WBSAirback 21.02.04, which consists of a
stored Cross ...)
+ TODO: check
+CVE-2024-3792 (Vulnerability in WBSAirback 21.02.04, which consists of a
stored Cross ...)
+ TODO: check
+CVE-2024-3791 (Vulnerability in WBSAirback 21.02.04, which consists of a
stored Cross ...)
+ TODO: check
+CVE-2024-3790 (Vulnerability in WBSAirback 21.02.04, which consists of a
stored Cross ...)
+ TODO: check
+CVE-2024-3789 (Uncontrolled resource consumption vulnerability in White Bear
Solution ...)
+ TODO: check
+CVE-2024-3788 (Vulnerability in WBSAirback 21.02.04, which involves improper
neutrali ...)
+ TODO: check
+CVE-2024-3787 (Vulnerability in WBSAirback 21.02.04, which involves improper
neutrali ...)
+ TODO: check
+CVE-2024-3786 (Vulnerability in WBSAirback 21.02.04, which involves improper
neutrali ...)
+ TODO: check
+CVE-2024-3785 (Vulnerability in WBSAirback 21.02.04, which involves improper
neutrali ...)
+ TODO: check
+CVE-2024-3784 (Vulnerability in WBSAirback 21.02.04, which involves improper
neutrali ...)
+ TODO: check
+CVE-2024-3783 (The Backup Agents section in WBSAirback 21.02.04 is affected by
a Path ...)
+ TODO: check
+CVE-2024-3782 (Cross-Site Request Forgery vulnerability in WBSAirback
21.02.04, which ...)
+ TODO: check
+CVE-2024-3781 (Command injection vulnerability in the operating system.
Improper neut ...)
+ TODO: check
+CVE-2024-3780 (A vulnerability of Information Exposure has been found on
Technicolor ...)
+ TODO: check
+CVE-2024-32437 (Cross-Site Request Forgery (CSRF) vulnerability in impleCode
eCommerce ...)
+ TODO: check
+CVE-2024-32436 (Cross-Site Request Forgery (CSRF) vulnerability in
Codemenschen Gift V ...)
+ TODO: check
+CVE-2024-32435 (Cross-Site Request Forgery (CSRF) vulnerability in Affieasy
Team AffiE ...)
+ TODO: check
+CVE-2024-32434 (Cross-Site Request Forgery (CSRF) vulnerability in Tyche
Softwares Ord ...)
+ TODO: check
+CVE-2024-32433 (Cross-Site Request Forgery (CSRF) vulnerability in Themefic
BEAF.This ...)
+ TODO: check
+CVE-2024-32141 (Cross-Site Request Forgery (CSRF) vulnerability in Libsyn
Libsyn Publi ...)
+ TODO: check
+CVE-2024-32129 (URL Redirection to Untrusted Site ('Open Redirect')
vulnerability in F ...)
+ TODO: check
+CVE-2024-32104 (Cross-Site Request Forgery (CSRF) vulnerability in XLPlugins
NextMove ...)
+ TODO: check
+CVE-2024-32103 (Cross-Site Request Forgery (CSRF) vulnerability in
Siteimprove.This is ...)
+ TODO: check
+CVE-2024-32102 (Cross-Site Request Forgery (CSRF) vulnerability in Scott
Kingsley Clar ...)
+ TODO: check
+CVE-2024-32101 (Cross-Site Request Forgery (CSRF) vulnerability in Omnisend
Email Mark ...)
+ TODO: check
+CVE-2024-32099 (Cross-Site Request Forgery (CSRF) vulnerability in James Ward
WP Mail ...)
+ TODO: check
+CVE-2024-32097 (Cross-Site Request Forgery (CSRF) vulnerability in Eyal
Fitoussi GEO m ...)
+ TODO: check
+CVE-2024-32096 (Cross-Site Request Forgery (CSRF) vulnerability in DAEV.Tech
WP Migrat ...)
+ TODO: check
+CVE-2024-32095 (Cross-Site Request Forgery (CSRF) vulnerability in
MultiParcels MultiP ...)
+ TODO: check
+CVE-2024-32094 (Cross-Site Request Forgery (CSRF) vulnerability in
ChurchThemes Church ...)
+ TODO: check
+CVE-2024-32093 (Cross-Site Request Forgery (CSRF) vulnerability in Nose Graze
Novelist ...)
+ TODO: check
+CVE-2024-32092 (Cross-Site Request Forgery (CSRF) vulnerability in Michael
Bester Kimi ...)
+ TODO: check
+CVE-2024-32091 (Cross-Site Request Forgery (CSRF) vulnerability in Tonjoo
Sangar Slide ...)
+ TODO: check
+CVE-2024-32090 (Cross-Site Request Forgery (CSRF) vulnerability in Andy Moyle
Church A ...)
+ TODO: check
+CVE-2024-32089 (Cross-Site Request Forgery (CSRF) vulnerability in Supsystic
Digital P ...)
+ TODO: check
+CVE-2024-32088 (Cross-Site Request Forgery (CSRF) vulnerability in SeedProd
Coming Soo ...)
+ TODO: check
+CVE-2024-32085 (Cross-Site Request Forgery (CSRF) vulnerability in AitThemes
Citadela ...)
+ TODO: check
+CVE-2024-32084 (Cross-Site Request Forgery (CSRF) vulnerability in Gold
Plugins Before ...)
+ TODO: check
+CVE-2024-32035 (ImageSharp is a 2D graphics API. A vulnerability discovered in
the Ima ...)
+ TODO: check
+CVE-2024-31990 (Argo CD is a declarative, GitOps continuous delivery tool for
Kubernet ...)
+ TODO: check
+CVE-2024-31942 (Cross-Site Request Forgery (CSRF) vulnerability in Typps
Calendarista ...)
+ TODO: check
+CVE-2024-31941 (Cross-Site Request Forgery (CSRF) vulnerability in CodePeople
CP Media ...)
+ TODO: check
+CVE-2024-31940 (Cross-Site Request Forgery (CSRF) vulnerability in RedNao
Extra Produc ...)
+ TODO: check
+CVE-2024-31938 (Cross-Site Request Forgery (CSRF) vulnerability in Themeinwp
NewsXpres ...)
+ TODO: check
+CVE-2024-31933 (Cross-Site Request Forgery (CSRF) vulnerability in Live
Composer Team ...)
+ TODO: check
+CVE-2024-31923 (Cross-Site Request Forgery (CSRF) vulnerability in PluginOps
Feather L ...)
+ TODO: check
+CVE-2024-31922 (Cross-Site Request Forgery (CSRF) vulnerability in Anton
Aleksandrov W ...)
+ TODO: check
+CVE-2024-31921 (Cross-Site Request Forgery (CSRF) vulnerability in Etoile Web
Design U ...)
+ TODO: check
+CVE-2024-31920 (Cross-Site Request Forgery (CSRF) vulnerability in Tyche
Softwares Cur ...)
+ TODO: check
+CVE-2024-31576
+ REJECTED
+CVE-2024-31434 (Cross-Site Request Forgery (CSRF) vulnerability in Stefano
Lissa & The ...)
+ TODO: check
+CVE-2024-31433 (Cross-Site Request Forgery (CSRF) vulnerability in The Events
Calendar ...)
+ TODO: check
+CVE-2024-31432 (Missing Authorization vulnerability in StellarWP Restrict
Content.This ...)
+ TODO: check
+CVE-2024-31431 (Cross-Site Request Forgery (CSRF) vulnerability in Tyche
Softwares Pro ...)
+ TODO: check
+CVE-2024-31429 (Cross-Site Request Forgery (CSRF) vulnerability in Blossom
Themes Sara ...)
+ TODO: check
+CVE-2024-31428 (Cross-Site Request Forgery (CSRF) vulnerability in Rara Theme
The Conf ...)
+ TODO: check
+CVE-2024-31427 (Cross-Site Request Forgery (CSRF) vulnerability in Marker.Io
Marker.Io ...)
+ TODO: check
+CVE-2024-31426 (Cross-Site Request Forgery (CSRF) vulnerability in Data443
Inline Rela ...)
+ TODO: check
+CVE-2024-31425 (Cross-Site Request Forgery (CSRF) vulnerability in TMS
Amelia.This iss ...)
+ TODO: check
+CVE-2024-31424 (Cross-Site Request Forgery (CSRF) vulnerability in Hamid
Alinia - ideh ...)
+ TODO: check
+CVE-2024-31422 (Cross-Site Request Forgery (CSRF) vulnerability in Philippe
Bernard Fa ...)
+ TODO: check
+CVE-2024-31421 (Missing Authorization vulnerability in Supsystic Popup by
Supsystic.Th ...)
+ TODO: check
+CVE-2024-31389 (Cross-Site Request Forgery (CSRF) vulnerability in Ertano
MihanPanel.T ...)
+ TODO: check
+CVE-2024-31388 (Cross-Site Request Forgery (CSRF) vulnerability in Pauple
Table & Cont ...)
+ TODO: check
+CVE-2024-31385 (Cross-Site Request Forgery (CSRF) vulnerability in Reservation
Diary R ...)
+ TODO: check
+CVE-2024-31384 (Cross-Site Request Forgery (CSRF) vulnerability in Rara Theme
Spa and ...)
+ TODO: check
+CVE-2024-31383 (Cross-Site Request Forgery (CSRF) vulnerability in Pagelayer
PopularFX ...)
+ TODO: check
+CVE-2024-31382 (Cross-Site Request Forgery (CSRF) vulnerability in Creative
Themes HQ ...)
+ TODO: check
+CVE-2024-31381 (Cross-Site Request Forgery (CSRF) vulnerability in RebelCode
Spotlight ...)
+ TODO: check
+CVE-2024-31379 (Cross-Site Request Forgery (CSRF) vulnerability in Smash
Balloon Smash ...)
+ TODO: check
+CVE-2024-31378 (Cross-Site Request Forgery (CSRF) vulnerability in MailMunch
MailChimp ...)
+ TODO: check
+CVE-2024-31376 (Cross-Site Request Forgery (CSRF) vulnerability in Andrew
Rapps Dashbo ...)
+ TODO: check
+CVE-2024-31374 (Cross-Site Request Forgery (CSRF) vulnerability in AppPresser
Team App ...)
+ TODO: check
+CVE-2024-31373 (Cross-Site Request Forgery (CSRF) vulnerability in E2Pdf.This
issue af ...)
+ TODO: check
+CVE-2024-31219 (Discourse-reactions is a plugin that allows user to add their
reaction ...)
+ TODO: check
+CVE-2024-30840 (A Stack Overflow vulnerability in Tenda AC15 v15.03.05.18
allows attac ...)
+ TODO: check
+CVE-2024-30546 (Cross-Site Request Forgery (CSRF) vulnerability in Pixelite
Login With ...)
+ TODO: check
+CVE-2024-30220 (Command injection vulnerability in MZK-MF300N all firmware
versions al ...)
+ TODO: check
+CVE-2024-30219 (Active debug code vulnerability exists in MZK-MF300N all
firmware vers ...)
+ TODO: check
+CVE-2024-2659 (A command injection vulnerability was identified in SMM/SMM2
and FPC t ...)
+ TODO: check
+CVE-2024-29219 (Out-of-bounds read vulnerability exists in KV STUDIO Ver.11.64
and ear ...)
+ TODO: check
+CVE-2024-29218 (Out-of-bounds write vulnerability exists in KV STUDIO
Ver.11.64 and ea ...)
+ TODO: check
+CVE-2024-28957 (Generation of predictable identifiers issue exists in Cente
middleware ...)
+ TODO: check
+CVE-2024-28894 (Out-of-bounds read vulnerability caused by improper checking
of the op ...)
+ TODO: check
+CVE-2024-28558 (SQL Injection vulnerability in sourcecodester Petrol pump
management s ...)
+ TODO: check
+CVE-2024-28557 (SQL Injection vulnerability in Sourcecodester php task
management syst ...)
+ TODO: check
+CVE-2024-28556 (SQL Injection vulnerability in Sourcecodester php task
management syst ...)
+ TODO: check
+CVE-2024-28099 (VT STUDIO Ver.8.32 and earlier contains an issue with the DLL
search p ...)
+ TODO: check
+CVE-2024-28056 (Amazon AWS Amplify CLI before 12.10.1 incorrectly configures
the role ...)
+ TODO: check
+CVE-2024-26023 (OS command injection vulnerability in BUFFALO wireless LAN
routers all ...)
+ TODO: check
+CVE-2024-24898 (Exposure of Sensitive Information to an Unauthorized Actor
vulnerabili ...)
+ TODO: check
+CVE-2024-24891 (Exposure of Sensitive Information to an Unauthorized Actor
vulnerabili ...)
+ TODO: check
+CVE-2024-24487 (An issue discovered in silex technology DS-600 Firmware
v.1.4.1 allows ...)
+ TODO: check
+CVE-2024-24486 (An issue discovered in silex technology DS-600 Firmware
v.1.4.1 allows ...)
+ TODO: check
+CVE-2024-24485 (An issue discovered in silex technology DS-600 Firmware
v.1.4.1 allows ...)
+ TODO: check
+CVE-2024-23911 (Out-of-bounds read vulnerability caused by improper checking
of the op ...)
+ TODO: check
+CVE-2024-23594 (A buffer overflow vulnerability was reported in a system
recovery boo ...)
+ TODO: check
+CVE-2024-23593 (A vulnerability was reported in a system recovery bootloader
that was ...)
+ TODO: check
+CVE-2024-23560 (HCL DevOps Deploy / HCL Launch could be vulnerable to
incomplete revoc ...)
+ TODO: check
+CVE-2024-23559 (HCL DevOps Deploy / Launch is generating an obsolete HTTP
header.)
+ TODO: check
+CVE-2024-23486 (Plaintext storage of a password issue exists in BUFFALO
wireless LAN r ...)
+ TODO: check
+CVE-2024-22439 (A potential security vulnerability has been identified in HPE
FlexFabr ...)
+ TODO: check
+CVE-2024-22438 (A potential security vulnerability has been identified in
Hewlett Pack ...)
+ TODO: check
+CVE-2024-22437 (A potential security vulnerability has been identified in VSS
Provider ...)
+ TODO: check
+CVE-2024-22435 (A potential security vulnerability has been identified in Web
ViewPoin ...)
+ TODO: check
+CVE-2024-22014 (An issue discovered in 360 Total Security Antivirus through
11.0.0.106 ...)
+ TODO: check
+CVE-2023-4857 (An authentication bypass vulnerability was identified in
SMM/SMM2 and ...)
+ TODO: check
+CVE-2023-4856 (A format string vulnerability was identified in SMM/SMM2 and
FPC that ...)
+ TODO: check
+CVE-2023-4855 (A command injection vulnerability was identified in SMM/SMM2
and FPC t ...)
+ TODO: check
+CVE-2023-48710 (iTop is an IT service management platform. Files from the
`env-produc ...)
+ TODO: check
+CVE-2023-48709 (iTop is an IT service management platform. When exporting
data from b ...)
+ TODO: check
+CVE-2023-47626 (iTop is an IT service management platform. When
displaying/editing th ...)
+ TODO: check
+CVE-2023-47622 (iTop is an IT service management platform. When dashlet are
refreshed ...)
+ TODO: check
+CVE-2023-47123 (iTop is an IT service management platform. By filling
malicious code ...)
+ TODO: check
+CVE-2023-45808 (iTop is an IT service management platform. When creating or
updating ...)
+ TODO: check
+CVE-2023-45503 (SQL Injection vulnerability in Macrob7 Macs CMS 1.1.4f, allows
remote ...)
+ TODO: check
+CVE-2023-44396 (iTop is an IT service management platform. Dashlet edits ajax
endpoin ...)
+ TODO: check
+CVE-2023-43790 (iTop is an IT service management platform. By manipulating
HTTP queri ...)
+ TODO: check
+CVE-2023-38511 (iTop is an IT service management platform. Dashboard editor :
can loa ...)
+ TODO: check
CVE-2024-XXXX [validate a server certificate in a TLS-based server-server
connection]
- ngircd 27~rc1-1
NOTE: https://github.com/ngircd/ngircd/issues/120
@@ -32,7 +284,7 @@ CVE-2024-3766 (A vulnerability, which was classified as
problematic, has been fo
NOT-FOR-US: slowlyo OwlAdmin
CVE-2024-3765 (A vulnerability classified as critical was found in Xiongmai
AHB7804R- ...)
NOT-FOR-US: Xiongmai
-CVE-2024-3764 (A vulnerability classified as problematic has been found in
Tuya Camer ...)
+CVE-2024-3764 (** DISPUTED ** A vulnerability classified as problematic has
been foun ...)
NOT-FOR-US: Tuya Camera
CVE-2024-3763 (A vulnerability was found in Emlog Pro 2.2.10. It has been
rated as pr ...)
NOT-FOR-US: Emlog Pro
@@ -517,6 +769,7 @@ CVE-2024-1874
NOTE: Only affects improper handling of command line arguments on
Windows
NOTE:
https://github.com/php/php-src/commit/e3c784f2bfb6029b49d27783b2efc87ee6923f79
CVE-2024-2756
+ {DSA-5661-1 DSA-5660-1}
- php8.2 8.2.18-1
- php7.4 <removed>
- php7.3 <removed>
@@ -524,6 +777,7 @@ CVE-2024-2756
NOTE:
https://github.com/php/php-src/security/advisories/GHSA-wpj3-hf5j-x4v4
NOTE:
https://github.com/php/php-src/commit/093c08af25fb323efa0c8e6154aa9fdeae3d3b53
CVE-2024-3096
+ {DSA-5661-1 DSA-5660-1}
- php8.2 8.2.18-1
- php7.4 <removed>
- php7.3 <removed>
@@ -3995,7 +4249,7 @@ CVE-2023-52637 (In the Linux kernel, the following
vulnerability has been resolv
[buster] - linux <not-affected> (Vulnerable code not present)
NOTE:
https://git.kernel.org/linus/efe7cf828039aedb297c1f9920b638fffee6aabc (6.8-rc5)
CVE-2024-31083 (A use-after-free vulnerability was found in the
ProcRenderAddGlyphs() ...)
- {DSA-5657-1}
+ {DSA-5657-1 DLA-3787-1}
- xorg-server 2:21.1.11-3
- xwayland 2:23.2.6-1
[bookworm] - xwayland <no-dsa> (Minor issue; Xwayland shouldn't be
running as root)
@@ -4010,14 +4264,14 @@ CVE-2024-31082 (A heap-based buffer over-read
vulnerability was found in the X.o
NOTE: https://lists.x.org/archives/xorg-announce/2024-April/003497.html
NOTE: Affects the XQuartz (X11 server and client libraries for macOS)
component
CVE-2024-31081 (A heap-based buffer over-read vulnerability was found in the
X.org ser ...)
- {DSA-5657-1}
+ {DSA-5657-1 DLA-3787-1}
- xorg-server 2:21.1.11-3
- xwayland 2:23.2.6-1
[bookworm] - xwayland <no-dsa> (Minor issue; Xwayland shouldn't be
running as root)
NOTE: Fixed by:
https://gitlab.freedesktop.org/xorg/xserver/-/commit/3e77295f888c67fc7645db5d0c00926a29ffecee
NOTE: https://lists.x.org/archives/xorg-announce/2024-April/003497.html
CVE-2024-31080 (A heap-based buffer over-read vulnerability was found in the
X.org ser ...)
- {DSA-5657-1}
+ {DSA-5657-1 DLA-3787-1}
- xorg-server 2:21.1.11-3
- xwayland 2:23.2.6-1
[bookworm] - xwayland <no-dsa> (Minor issue; Xwayland shouldn't be
running as root)
@@ -49365,7 +49619,7 @@ CVE-2023-40224 (MISP 2.4.174 allows XSS in
app/View/Events/index.ctp.)
CVE-2023-40014 (OpenZeppelin Contracts is a library for secure smart contract
developm ...)
NOT-FOR-US: OpenZeppelin Contracts
CVE-2023-3824 (In PHP version 8.0.* before 8.0.30, 8.1.* before 8.1.22, and
8.2.* bef ...)
- {DLA-3555-1}
+ {DSA-5661-1 DSA-5660-1 DLA-3555-1}
- php8.2 8.2.10-1 (bug #1043477)
[bookworm] - php8.2 <postponed> (Fix along in future update)
- php7.4 <removed>
@@ -49374,7 +49628,7 @@ CVE-2023-3824 (In PHP version 8.0.* before 8.0.30,
8.1.* before 8.1.22, and 8.2.
NOTE:
https://github.com/php/php-src/commit/80316123f3e9dcce8ac419bd9dd43546e2ccb5ef
(php-8.0.30)
NOTE: Fixed in: 8.0.30, 8.1.22, 8.2.8
CVE-2023-3823 (In PHP versions 8.0.* before 8.0.30, 8.1.* before 8.1.22, and
8.2.* be ...)
- {DLA-3555-1}
+ {DSA-5661-1 DSA-5660-1 DLA-3555-1}
- php8.2 8.2.10-1 (bug #1043477)
[bookworm] - php8.2 <postponed> (Fix along in future update)
- php7.4 <removed>
View it on GitLab:
https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/bb6d802efef1bb72588321b178d05abfc9af6cd5
--
View it on GitLab:
https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/bb6d802efef1bb72588321b178d05abfc9af6cd5
You're receiving this email because of your account on salsa.debian.org.
_______________________________________________
debian-security-tracker-commits mailing list
[email protected]
https://alioth-lists.debian.net/cgi-bin/mailman/listinfo/debian-security-tracker-commits
