[Git][security-tracker-team/security-tracker][master] automatic update

Salvatore Bonaccorso (@carnil) Tue, 30 Apr 2024 13:12:57 -0700


Salvatore Bonaccorso pushed to branch master at Debian Security Tracker / 
security-tracker



Commits:
522a2023 by security tracker role at 2024-04-30T20:12:25+00:00
automatic update

- - - - -


1 changed file:

- data/CVE/list


Changes:

=====================================
data/CVE/list
=====================================
@@ -1,3 +1,113 @@
+CVE-2024-4340 (Passing a heavily nested list to sqlparse.parse() leads to a 
Denial of ...)
+       TODO: check
+CVE-2024-4337 (Adive Framework 2.0.8, does not sufficiently encode 
user-controlled in ...)
+       TODO: check
+CVE-2024-4336 (Adive Framework 2.0.8, does not sufficiently encode 
user-controlled in ...)
+       TODO: check
+CVE-2024-4185 (The Customer Email Verification for WooCommerce plugin for 
WordPress i ...)
+       TODO: check
+CVE-2024-3746 (The entire parent directory - C:\ScadaPro and its 
sub-directories and  ...)
+       TODO: check
+CVE-2024-3411 (Implementations of IPMI Authenticated sessions does not provide 
enough ...)
+       TODO: check
+CVE-2024-3072 (The ACF Front End Editor plugin for WordPress is vulnerable to 
unautho ...)
+       TODO: check
+CVE-2024-34088 (In FRRouting (FRR) through 9.1, it is possible for the 
get_edge() func ...)
+       TODO: check
+CVE-2024-33832 (OneNav v0.9.35-20240318 was discovered to contain a 
Server-Side Reques ...)
+       TODO: check
+CVE-2024-33831 (A stored cross-site scripting (XSS) vulnerability in the 
Advanced Expe ...)
+       TODO: check
+CVE-2024-33465 (Cross Site Scripting vulnerability in MajorDoMo before 
v.0662e5e allow ...)
+       TODO: check
+CVE-2024-33437 (An issue in CSS Exfil Protection v.1.1.0 allows a remote 
attacker to o ...)
+       TODO: check
+CVE-2024-33436 (An issue in CSS Exfil Protection v.1.1.0 allows a remote 
attacker to o ...)
+       TODO: check
+CVE-2024-33383 (Arbitrary File Read vulnerability in novel-plus 4.3.0 and 
before allow ...)
+       TODO: check
+CVE-2024-33371 (Cross Site Scripting vulnerability in DedeCMS v.5.7.113 allows 
a remot ...)
+       TODO: check
+CVE-2024-33332 (An issue discovered in SpringBlade 3.7.1 allows attackers to 
obtain se ...)
+       TODO: check
+CVE-2024-33309 (An issue in TVS Motor Company Limited TVS Connet Android 
v.4.5.1 and i ...)
+       TODO: check
+CVE-2024-33308 (An issue in TVS Motor Company Limited TVS Connet Android 
v.4.5.1 and i ...)
+       TODO: check
+CVE-2024-33275 (SQL injection vulnerability in Webbax supernewsletter v.1.4.21 
and bef ...)
+       TODO: check
+CVE-2024-33274 (Directory Traversal vulnerability in FME Modules customfields 
v.2.2.7  ...)
+       TODO: check
+CVE-2024-33273 (SQL injection vulnerability in shipup before v.3.3.0 allows a 
remote a ...)
+       TODO: check
+CVE-2024-33270 (An issue in FME Modules fileuploads v.2.0.3 and before and 
fixed in v2 ...)
+       TODO: check
+CVE-2024-33267 (SQL Injection vulnerability in Hero hfheropayment v.1.2.5 and 
before a ...)
+       TODO: check
+CVE-2024-33103 (An arbitrary file upload vulnerability in the Media Manager 
component  ...)
+       TODO: check
+CVE-2024-33102 (A stored cross-site scripting (XSS) vulnerability in the 
component /pu ...)
+       TODO: check
+CVE-2024-33101 (A stored cross-site scripting (XSS) vulnerability in the 
component /ac ...)
+       TODO: check
+CVE-2024-2877 (Vault Enterprise, when configured with performance standby 
nodes and a ...)
+       TODO: check
+CVE-2024-2663 (The ZD YouTube FLV Player plugin for WordPress is vulnerable to 
Server ...)
+       TODO: check
+CVE-2024-2617 (A vulnerability exists in the RTU500 that allows for 
authenticated and ...)
+       TODO: check
+CVE-2024-2378 (A vulnerability exists in the web-authentication component of 
the SDM6 ...)
+       TODO: check
+CVE-2024-2377 (A vulnerability exists in the too permissive HTTP response 
header web  ...)
+       TODO: check
+CVE-2024-29384 (An issue in CSS Exfil Protection v.1.1.0 allows a remote 
attacker to o ...)
+       TODO: check
+CVE-2024-29320 (Wallos before 1.15.3 is vulnerable to SQL Injection via the 
category a ...)
+       TODO: check
+CVE-2024-28716 (An issue in OpenStack Storlets yoga-eom allows a remote 
attacker to ex ...)
+       TODO: check
+CVE-2024-28269 (ReCrystallize Server 5.10.0.0 allows administrators to upload 
files to ...)
+       TODO: check
+CVE-2024-26331 (ReCrystallize Server 5.10.0.0 uses a authorization mechanism 
that reli ...)
+       TODO: check
+CVE-2024-25938 (A use-after-free vulnerability exists in the way Foxit Reader 
2024.1.0 ...)
+       TODO: check
+CVE-2024-25648 (A use-after-free vulnerability exists in the way Foxit Reader 
2024.1.0 ...)
+       TODO: check
+CVE-2024-25575 (A type confusion vulnerability vulnerability exists in the way 
Foxit R ...)
+       TODO: check
+CVE-2024-23774 (An issue was discovered in Quest KACE Agent for Windows 
12.0.38 and 13 ...)
+       TODO: check
+CVE-2024-23773 (An issue was discovered in Quest KACE Agent for Windows 
12.0.38 and 13 ...)
+       TODO: check
+CVE-2024-23772 (An issue was discovered in Quest KACE Agent for Windows 
12.0.38 and 13 ...)
+       TODO: check
+CVE-2024-23463 (Anti-tampering protection of the Zscaler Client Connector can 
be bypas ...)
+       TODO: check
+CVE-2024-22546 (TRENDnet TEW-815DAP 1.0.2.0 is vulnerable to Command Injection 
via the ...)
+       TODO: check
+CVE-2024-22405 (XADMaster is an objective-C library for archive and file 
unarchiving a ...)
+       TODO: check
+CVE-2024-1895 (The Event Monster \u2013 Event Management, Tickets Booking, 
Upcoming E ...)
+       TODO: check
+CVE-2023-50915 (An issue exists in GalaxyClientService.exe in GOG Galaxy 
(Beta) 2.0.67 ...)
+       TODO: check
+CVE-2023-50914 (A Privilege Escalation issue in the inter-process 
communication proced ...)
+       TODO: check
+CVE-2023-50059 (An issue ingalxe.com Galxe platform 1.0 allows a remote 
attacker to ob ...)
+       TODO: check
+CVE-2023-50053 (An issue in Foundation.app Foundation platform 1.0 allows a 
remote att ...)
+       TODO: check
+CVE-2023-49473 (Shenzhen JF6000 Cloud Media Collaboration Processing Platform 
firmware ...)
+       TODO: check
+CVE-2023-46304 (modules/Users/models/Module.php in Vtiger CRM 7.5.0 allows a 
remote au ...)
+       TODO: check
+CVE-2023-45385 (ProQuality pqprintshippinglabels before v.4.15.0 is vulnerable 
to Dire ...)
+       TODO: check
+CVE-2023-38002 (IBM Storage Scale 5.1.0.0 through 5.1.9.2 could allow an 
authenticated ...)
+       TODO: check
+CVE-2023-36268 (An issue in The Document Foundation Libreoffice v.7.4.7 allows 
a remot ...)
+       TODO: check
 CVE-2024-29040
        - tpm2-tss <unfixed> (bug #1070140)
        NOTE: 
https://github.com/tpm2-software/tpm2-tss/commit/710cd0b6adf3a063f34a8e92da46df7a107d9a99
 (4.1.0)
@@ -10898,7 +11008,7 @@ CVE-2023-47430 (Stack-buffer-overflow vulnerability in 
ReadyMedia (MiniDLNA) v1.
        NOTE: https://sourceforge.net/p/minidlna/bugs/361/
        NOTE: TiVo support not enabled in the Debian builds
 CVE-2024-30205 (In Emacs before 29.3, Org mode considers contents of remote 
files to b ...)
-       {DLA-3801-1}
+       {DLA-3802-1 DLA-3801-1}
        - emacs 1:29.3+1-1 (bug #1067630)
        [bookworm] - emacs <no-dsa> (Minor issue, will be fixed via point 
release)
        [bullseye] - emacs <no-dsa> (Minor issue, will be fixed via point 
release)
@@ -10911,7 +11021,7 @@ CVE-2024-30205 (In Emacs before 29.3, Org mode 
considers contents of remote file
        NOTE: https://list.orgmode.org/[email protected]/T/#t
        NOTE: 
https://git.savannah.gnu.org/cgit/emacs/org-mode.git/commit/?id=4255d5dcc0657915f90e4fba7e0a5514cced514d
 (release_9.6.23)
 CVE-2024-30204 (In Emacs before 29.3, LaTeX preview is enabled by default for 
e-mail a ...)
-       {DLA-3801-1}
+       {DLA-3802-1 DLA-3801-1}
        - emacs 1:29.3+1-1 (bug #1067630)
        [bookworm] - emacs <no-dsa> (Minor issue, will be fixed via point 
release)
        [bullseye] - emacs <no-dsa> (Minor issue, will be fixed via point 
release)
@@ -10924,7 +11034,7 @@ CVE-2024-30204 (In Emacs before 29.3, LaTeX preview is 
enabled by default for e-
        NOTE: org-mode/9.5.2+dfsh-5 dropped all lisp files from the produced 
binary packages
        NOTE: making an empty dependency package only.
 CVE-2024-30203 (In Emacs before 29.3, Gnus treats inline MIME contents as 
trusted.)
-       {DLA-3801-1}
+       {DLA-3802-1 DLA-3801-1}
        - emacs 1:29.3+1-1 (bug #1067630)
        [bookworm] - emacs <no-dsa> (Minor issue, will be fixed via point 
release)
        [bullseye] - emacs <no-dsa> (Minor issue, will be fixed via point 
release)
@@ -12938,6 +13048,7 @@ CVE-2023-7085 (The Scalable Vector Graphics (SVG) 
WordPress plugin through 3.4 d
 CVE-2023-6821 (The Error Log Viewer by BestWebSoft WordPress plugin before 
1.1.3 cont ...)
        NOT-FOR-US: WordPress plugin
 CVE-2023-41334 (Astropy is a project for astronomy in Python that fosters 
interoperabi ...)
+       {DLA-3803-1}
        - astropy 5.3.3-1
        NOTE: 
https://github.com/astropy/astropy/security/advisories/GHSA-h2x6-5jx5-46hf
        NOTE: 
https://github.com/astropy/astropy/commit/22057d37b1313f5f5a9b5783df0a091d978dccb5
 (v5.3.3)
@@ -260177,8 +260288,8 @@ CVE-2020-27480
        RESERVED
 CVE-2020-27479
        RESERVED
-CVE-2020-27478
-       RESERVED
+CVE-2020-27478 (Cross Site Scripting vulnerability found in Simplcommerce 
v.40734964b0 ...)
+       TODO: check
 CVE-2020-27477
        RESERVED
 CVE-2020-27476
@@ -316053,8 +316164,8 @@ CVE-2019-20326 (A heap-based buffer overflow in 
_cairo_image_surface_create_from
        [buster] - gthumb 3:3.6.2-4+deb10u1
        NOTE: 
https://gitlab.gnome.org/GNOME/gthumb/commit/14860321ce3235d420498c4f81f21003d1fb78f4
 (3.8.3)
        NOTE: 
https://gitlab.gnome.org/GNOME/gthumb/commit/4faa5ce2358812d23a1147953ee76f59631590ad
 (master)
-CVE-2020-5200
-       RESERVED
+CVE-2020-5200 (Minerbabe through V4.16 ships with SSH host keys baked into the 
instal ...)
+       TODO: check
 CVE-2020-5199
        RESERVED
 CVE-2020-5198
@@ -321869,16 +321980,16 @@ CVE-2019-19757 (An internal product security audit 
of Lenovo XClarity Administra
        NOT-FOR-US: Lenovo
 CVE-2019-19756 (An internal product security audit of Lenovo XClarity 
Administrator (L ...)
        NOT-FOR-US: Lenovo
-CVE-2019-19755
-       RESERVED
-CVE-2019-19754
-       RESERVED
-CVE-2019-19753
-       RESERVED
-CVE-2019-19752
-       RESERVED
-CVE-2019-19751
-       RESERVED
+CVE-2019-19755 (ethOS through 1.3.3 ships with SSH host keys baked into the 
installati ...)
+       TODO: check
+CVE-2019-19754 (HiveOS through 0.6-102@191212 ships with SSH host keys baked 
into the  ...)
+       TODO: check
+CVE-2019-19753 (SimpleMiningOS through v1259 ships with SSH host keys baked 
into the i ...)
+       TODO: check
+CVE-2019-19752 (nvOC through 3.2 ships with SSH host keys baked into the 
installation  ...)
+       TODO: check
+CVE-2019-19751 (easyMINE before 2019-12-05 ships with SSH host keys baked into 
the ins ...)
+       TODO: check
 CVE-2019-19750 (minerstat msOS before 2019-10-23 does not have a unique SSH 
key for ea ...)
        NOT-FOR-US: minerstat msOS
 CVE-2019-19749



View it on GitLab: 
https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/522a2023b5ec5a418352bee084e46e73d3cc8c18

-- 
View it on GitLab: 
https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/522a2023b5ec5a418352bee084e46e73d3cc8c18
You're receiving this email because of your account on salsa.debian.org.

_______________________________________________
debian-security-tracker-commits mailing list
[email protected]
https://alioth-lists.debian.net/cgi-bin/mailman/listinfo/debian-security-tracker-commits

[Git][security-tracker-team/security-tracker][master] automatic update

Reply via email to