[Git][security-tracker-team/security-tracker][master] automatic update

Salvatore Bonaccorso (@carnil) Tue, 23 Apr 2024 01:12:23 -0700


Salvatore Bonaccorso pushed to branch master at Debian Security Tracker / 
security-tracker



Commits:
317d173b by security tracker role at 2024-04-23T08:11:57+00:00
automatic update

- - - - -


1 changed file:

- data/CVE/list


Changes:

=====================================
data/CVE/list
=====================================
@@ -1,3 +1,55 @@
+CVE-2024-4031 (Unquoted Search Path or Element vulnerability in Logitech MEVO 
WEBCAM  ...)
+       TODO: check
+CVE-2024-3889 (The Royal Elementor Addons and Templates plugin for WordPress 
is vulne ...)
+       TODO: check
+CVE-2024-3664 (The Quick Featured Images plugin for WordPress is vulnerable to 
unauth ...)
+       TODO: check
+CVE-2024-3293 (The rtMedia for WordPress, BuddyPress and bbPress plugin for 
WordPress ...)
+       TODO: check
+CVE-2024-32657 (Hydra is a Continuous Integration service for Nix based 
projects. Atta ...)
+       TODO: check
+CVE-2024-32656 (Ant Media Server is live streaming engine software. A local 
privilege  ...)
+       TODO: check
+CVE-2024-32653 (jadx is a  Dex to Java decompiler. Prior to version 1.5.0,  
the packag ...)
+       TODO: check
+CVE-2024-32480 (LibreNMS is an open-source, PHP/MySQL/SNMP-based network 
monitoring sy ...)
+       TODO: check
+CVE-2024-32479 (LibreNMS is an open-source, PHP/MySQL/SNMP-based network 
monitoring sy ...)
+       TODO: check
+CVE-2024-32461 (LibreNMS is an open-source, PHP/MySQL/SNMP-based network 
monitoring sy ...)
+       TODO: check
+CVE-2024-32394 (An issue in ruijie.com/cn RG-RSR10-01G-T(WA)-S 
RSR_3.0(1)B9P2_RSR10-01 ...)
+       TODO: check
+CVE-2024-31857 (Forminator prior to 1.15.4 contains a cross-site scripting 
vulnerabili ...)
+       TODO: check
+CVE-2024-31077 (Forminator prior to 1.29.3 contains a SQL injection 
vulnerability. If  ...)
+       TODO: check
+CVE-2024-31036 (A heap-buffer-overflow vulnerability in the read_byte function 
in Nano ...)
+       TODO: check
+CVE-2024-2799 (The Royal Elementor Addons and Templates plugin for WordPress 
is vulne ...)
+       TODO: check
+CVE-2024-2798 (The Royal Elementor Addons and Templates plugin for WordPress 
is vulne ...)
+       TODO: check
+CVE-2024-2760 (Bkav Home v7816, build 2403161130 is vulnerable to a Memory 
Informatio ...)
+       TODO: check
+CVE-2024-2493 (Session Hijacking vulnerability in Hitachi Ops Center 
Analyzer.This is ...)
+       TODO: check
+CVE-2024-29368 (An issue discovered in moziloCMS v2.0 allows attackers to 
bypass file  ...)
+       TODO: check
+CVE-2024-28890 (Forminator prior to 1.29.0 contains an unrestricted upload of 
file wit ...)
+       TODO: check
+CVE-2024-27574 (SQL Injection vulnerability in Trainme Academy version Ichin 
v.1.3.2 a ...)
+       TODO: check
+CVE-2024-21511 (Versions of the package mysql2 before 3.9.7 are vulnerable to 
Arbitrar ...)
+       TODO: check
+CVE-2024-1241 (Watchdog Antivirus v1.6.415 is vulnerable to a Denial of 
Service vulne ...)
+       TODO: check
+CVE-2023-6833 (Insertion of Sensitive Information into Log File vulnerability 
in Hita ...)
+       TODO: check
+CVE-2023-48184 (QuickJS before 7414e5f has a quickjs.h JS_FreeValueRT 
use-after-free b ...)
+       TODO: check
+CVE-2023-48183 (QuickJS before c4cdd61 has a build_for_in_iterator NULL 
pointer derefe ...)
+       TODO: check
 CVE-2024-4040 (VFS Sandbox Escape in CrushFTP in all versions before 10.7.1 
and 11.1. ...)
        NOT-FOR-US: CrushFTP
 CVE-2024-4026 (Cross-Site Scripting (XSS) vulnerability in the Holded 
application. Th ...)
@@ -118,27 +170,27 @@ CVE-2018-25101 (A vulnerability, which was classified as 
problematic, has been f
        NOT-FOR-US: Koha Library Management System
 CVE-2015-10132 (A vulnerability classified as problematic was found in Thimo 
Grauerhol ...)
        NOT-FOR-US: WordPress plugin
-CVE-2024-32041 [OutOfBound Read in zgfx_decompress_segment]
+CVE-2024-32041 (FreeRDP is a free implementation of the Remote Desktop 
Protocol. FreeR ...)
        - freerdp3 <not-affected> (Fixed with initial upload to Debian unstable)
        - freerdp2 <unfixed>
        NOTE: https://www.freerdp.com/2024/04/17/2_11_6-release
-CVE-2024-32039 [Integer overflow & OutOfBound Write in 
clear_decompress_residual_data]
+CVE-2024-32039 (FreeRDP is a free implementation of the Remote Desktop 
Protocol. FreeR ...)
        - freerdp3 <not-affected> (Fixed with initial upload to Debian unstable)
        - freerdp2 <unfixed>
        NOTE: https://www.freerdp.com/2024/04/17/2_11_6-release
-CVE-2024-32040 [integer underflow in nsc_rle_decode]
+CVE-2024-32040 (FreeRDP is a free implementation of the Remote Desktop 
Protocol. FreeR ...)
        - freerdp3 <not-affected> (Fixed with initial upload to Debian unstable)
        - freerdp2 <unfixed>
        NOTE: https://www.freerdp.com/2024/04/17/2_11_6-release
-CVE-2024-32458 [OutOfBound Read in planar_skip_plane_rle]
+CVE-2024-32458 (FreeRDP is a free implementation of the Remote Desktop 
Protocol. FreeR ...)
        - freerdp3 <not-affected> (Fixed with initial upload to Debian unstable)
        - freerdp2 <unfixed>
        NOTE: https://www.freerdp.com/2024/04/17/2_11_6-release
-CVE-2024-32459 [OutOfBound Read in ncrush_decompress]
+CVE-2024-32459 (FreeRDP is a free implementation of the Remote Desktop 
Protocol. FreeR ...)
        - freerdp3 <not-affected> (Fixed with initial upload to Debian unstable)
        - freerdp2 <unfixed>
        NOTE: https://www.freerdp.com/2024/04/17/2_11_6-release
-CVE-2024-32460 [Low] OutOfBound Read in interleaved_decompress]
+CVE-2024-32460 (FreeRDP is a free implementation of the Remote Desktop 
Protocol. FreeR ...)
        - freerdp3 <not-affected> (Fixed with initial upload to Debian unstable)
        - freerdp2 <unfixed>
        NOTE: https://www.freerdp.com/2024/04/17/2_11_6-release
@@ -727,7 +779,7 @@ CVE-2024-26921 (In the Linux kernel, the following 
vulnerability has been resolv
        - linux <unfixed>
        [bookworm] - linux 6.1.85-1
        NOTE: 
https://git.kernel.org/linus/18685451fc4e546fc0e718580d32df3c0e5c8272 (6.9-rc2)
-CVE-2024-3177
+CVE-2024-3177 (A security issue was discovered in Kubernetes where users may 
be able  ...)
        - kubernetes 1.20.5+really1.20.2-1
        NOTE: Server components no longer built since 1.20.5+really1.20.2-1, 
marking that as fixed version
        NOTE: The source package itself it still vulnerable, but custom 
rebuilds are not really a usecase here
@@ -1092,6 +1144,7 @@ CVE-2023-39367 (An OS command injection vulnerability 
exists in the web interfac
 CVE-2023-36505 (Improper Input Validation vulnerability in Saturday Drive 
Ninja Forms  ...)
        NOT-FOR-US: WordPress plugin
 CVE-2024-2961 (The iconv() function in the GNU C Library versions 2.39 and 
older may  ...)
+       {DSA-5673-1}
        - glibc 2.37-18 (bug #1069191)
        NOTE: https://www.openwall.com/lists/oss-security/2024/04/17/9
        NOTE: https://www.openwall.com/lists/oss-security/2024/04/18/4



View it on GitLab: 
https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/317d173b5066b94c36fa1a66e8d2f0929a44923e

-- 
View it on GitLab: 
https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/317d173b5066b94c36fa1a66e8d2f0929a44923e
You're receiving this email because of your account on salsa.debian.org.

_______________________________________________
debian-security-tracker-commits mailing list
[email protected]
https://alioth-lists.debian.net/cgi-bin/mailman/listinfo/debian-security-tracker-commits

[Git][security-tracker-team/security-tracker][master] automatic update

Reply via email to