Salvatore Bonaccorso pushed to branch master at Debian Security Tracker /
security-tracker
Commits:
65aa002c by security tracker role at 2024-05-07T20:12:09+00:00
automatic update
- - - - -
1 changed file:
- data/CVE/list
Changes:
=====================================
data/CVE/list
=====================================
@@ -1,12 +1,177 @@
-CVE-2024-4559
+CVE-2024-4601 (An incorrect authentication vulnerability has been found in
Socomec Ne ...)
+ TODO: check
+CVE-2024-4600 (Cross-Site Request Forgery vulnerability in Socomec Net Vision,
versio ...)
+ TODO: check
+CVE-2024-4599 (Remote denial of service vulnerability in LAN Messenger
affecting vers ...)
+ TODO: check
+CVE-2024-4596 (A vulnerability was found in Kimai up to 2.15.0 and classified
as prob ...)
+ TODO: check
+CVE-2024-4595 (A vulnerability has been found in SEMCMS up to 4.8 and
classified as c ...)
+ TODO: check
+CVE-2024-4594 (A vulnerability, which was classified as problematic, was found
in Ded ...)
+ TODO: check
+CVE-2024-4593 (A vulnerability, which was classified as problematic, has been
found i ...)
+ TODO: check
+CVE-2024-4592 (A vulnerability classified as problematic was found in DedeCMS
5.7. Th ...)
+ TODO: check
+CVE-2024-4591 (A vulnerability classified as problematic has been found in
DedeCMS 5. ...)
+ TODO: check
+CVE-2024-4590 (A vulnerability was found in DedeCMS 5.7. It has been rated as
problem ...)
+ TODO: check
+CVE-2024-4589 (A vulnerability was found in DedeCMS 5.7. It has been declared
as prob ...)
+ TODO: check
+CVE-2024-4588 (A vulnerability was found in DedeCMS 5.7. It has been
classified as pr ...)
+ TODO: check
+CVE-2024-4587 (A vulnerability was found in DedeCMS 5.7 and classified as
problematic ...)
+ TODO: check
+CVE-2024-4586 (A vulnerability has been found in DedeCMS 5.7 and classified as
proble ...)
+ TODO: check
+CVE-2024-4585 (A vulnerability, which was classified as problematic, was found
in Ded ...)
+ TODO: check
+CVE-2024-4584 (A vulnerability, which was classified as problematic, has been
found i ...)
+ TODO: check
+CVE-2024-4583 (A vulnerability classified as problematic was found in Faraday
GM8181 ...)
+ TODO: check
+CVE-2024-4582 (A vulnerability classified as critical has been found in
Faraday GM818 ...)
+ TODO: check
+CVE-2024-4538 (IDOR vulnerability in Janto Ticketing Software affecting
version 4.3r1 ...)
+ TODO: check
+CVE-2024-4537 (IDOR vulnerability in Janto Ticketing Software affecting
version 4.3r1 ...)
+ TODO: check
+CVE-2024-4536 (In Eclipse Dataspace Components from version 0.2.1 to 0.6.2, in
the ED ...)
+ TODO: check
+CVE-2024-4346 (The Startklar Elementor Addons plugin for WordPress is
vulnerable to a ...)
+ TODO: check
+CVE-2024-4345 (The Startklar Elementor Addons plugin for WordPress is
vulnerable to a ...)
+ TODO: check
+CVE-2024-34523 (AChecker 1.5 allows remote attackers to read the contents of
arbitrary ...)
+ TODO: check
+CVE-2024-34517 (The Cypher component in Neo4j before 5.19.0 mishandles
IMMUTABLE privi ...)
+ TODO: check
+CVE-2024-34342 (react-pdf displays PDFs in React apps. If PDF.js is used to
load a mal ...)
+ TODO: check
+CVE-2024-34341 (Trix is a rich text editor. The Trix editor, versions prior to
2.1.1, ...)
+ TODO: check
+CVE-2024-34315 (CmsEasy v7.7.7.9 was discovered to contain a local file
inclusion vune ...)
+ TODO: check
+CVE-2024-34314 (CmsEasy v7.7.7.9 was discovered to contain a local file
inclusion vune ...)
+ TODO: check
+CVE-2024-34084 (Minder's `HandleGithubWebhook` is susceptible to a denial of
service a ...)
+ TODO: check
+CVE-2024-33860 (An issue was discovered in Logpoint before 7.4.0. It allows
Local File ...)
+ TODO: check
+CVE-2024-33859 (An issue was discovered in Logpoint before 7.4.0. HTML code
sent throu ...)
+ TODO: check
+CVE-2024-33858 (An issue was discovered in Logpoint before 7.4.0. A path
injection vul ...)
+ TODO: check
+CVE-2024-33857 (An issue was discovered in Logpoint before 7.4.0. Due to a
lack of inp ...)
+ TODO: check
+CVE-2024-33856 (An issue was discovered in Logpoint before 7.4.0. An attacker
can enum ...)
+ TODO: check
+CVE-2024-33783 (MP-SPDZ v0.3.8 was discovered to contain a segmentation
violation via ...)
+ TODO: check
+CVE-2024-33782 (MP-SPDZ v0.3.8 was discovered to contain a stack overflow via
the func ...)
+ TODO: check
+CVE-2024-33781 (MP-SPDZ v0.3.8 was discovered to contain a stack overflow via
the func ...)
+ TODO: check
+CVE-2024-33780 (MP-SPDZ v0.3.8 was discovered to contain a segmentation
violation via ...)
+ TODO: check
+CVE-2024-33748 (Cross-site scripting (XSS) vulnerability in the search
function in Mvn ...)
+ TODO: check
+CVE-2024-33434 (An issue in tiagorlampert CHAOS before
1b451cf62582295b7225caf5a7b506f ...)
+ TODO: check
+CVE-2024-33164 (J2EEFAST v2.7.0 was discovered to contain a SQL injection
vulnerabilit ...)
+ TODO: check
+CVE-2024-33161 (J2EEFAST v2.7.0 was discovered to contain a SQL injection
vulnerabilit ...)
+ TODO: check
+CVE-2024-33155 (J2EEFAST v2.7.0 was discovered to contain a SQL injection
vulnerabilit ...)
+ TODO: check
+CVE-2024-33153 (J2EEFAST v2.7.0 was discovered to contain a SQL injection
vulnerabilit ...)
+ TODO: check
+CVE-2024-33149 (J2EEFAST v2.7.0 was discovered to contain a SQL injection
vulnerabilit ...)
+ TODO: check
+CVE-2024-33148 (J2EEFAST v2.7.0 was discovered to contain a SQL injection
vulnerabilit ...)
+ TODO: check
+CVE-2024-33147 (J2EEFAST v2.7.0 was discovered to contain a SQL injection
vulnerabilit ...)
+ TODO: check
+CVE-2024-33146 (J2EEFAST v2.7.0 was discovered to contain a SQL injection
vulnerabilit ...)
+ TODO: check
+CVE-2024-33144 (J2EEFAST v2.7.0 was discovered to contain a SQL injection
vulnerabilit ...)
+ TODO: check
+CVE-2024-33139 (J2EEFAST v2.7.0 was discovered to contain a SQL injection
vulnerabilit ...)
+ TODO: check
+CVE-2024-33124 (Roothub v2.6 was discovered to contain a SQL injection
vulnerability v ...)
+ TODO: check
+CVE-2024-33122 (Roothub v2.6 was discovered to contain a SQL injection
vulnerability v ...)
+ TODO: check
+CVE-2024-33120 (Roothub v2.5 was discovered to contain an arbitrary file
upload vulner ...)
+ TODO: check
+CVE-2024-32867 (Suricata is a network Intrusion Detection System, Intrusion
Prevention ...)
+ TODO: check
+CVE-2024-32664 (Suricata is a network Intrusion Detection System, Intrusion
Prevention ...)
+ TODO: check
+CVE-2024-32663 (Suricata is a network Intrusion Detection System, Intrusion
Prevention ...)
+ TODO: check
+CVE-2024-32371 (An issue in HSC Cybersecurity HC Mailinspector 5.2.17-3
through 5.2.18 ...)
+ TODO: check
+CVE-2024-32370 (An issue in HSC Cybersecurity HC Mailinspector 5.2.17-3
through 5.2.18 ...)
+ TODO: check
+CVE-2024-32369 (SQL Injection vulnerability in HSC Cybersecurity HC
Mailinspector 5.2. ...)
+ TODO: check
+CVE-2024-31456 (GLPI is a Free Asset and IT Management Software package. Prior
to 10.0 ...)
+ TODO: check
+CVE-2024-29889 (GLPI is a Free Asset and IT Management Software package. Prior
to 10.0 ...)
+ TODO: check
+CVE-2024-29210 (A local privilege escalation (LPE) vulnerability has been
identified i ...)
+ TODO: check
+CVE-2024-29209 (A medium severity vulnerability has been identified in the
update mech ...)
+ TODO: check
+CVE-2024-29208 (An Unverified Password Change could allow a malicious actor
with API a ...)
+ TODO: check
+CVE-2024-29207 (An Improper Certificate Validation could allow a malicious
actor with ...)
+ TODO: check
+CVE-2024-29206 (An Improper Access Control could allow a malicious actor
authenticated ...)
+ TODO: check
+CVE-2024-29150 (An issue was discovered in Alcatel-Lucent ALE NOE deskphones
through 8 ...)
+ TODO: check
+CVE-2024-29149 (An issue was discovered in Alcatel-Lucent ALE NOE deskphones
through 8 ...)
+ TODO: check
+CVE-2024-28148 (An authenticated user could potentially access metadata for a
datasour ...)
+ TODO: check
+CVE-2024-25514 (RuvarOA v6.01 and v12.01 were discovered to contain a SQL
injection vu ...)
+ TODO: check
+CVE-2024-25513 (RuvarOA v6.01 and v12.01 were discovered to contain a SQL
injection vu ...)
+ TODO: check
+CVE-2024-25512 (RuvarOA v6.01 and v12.01 were discovered to contain a SQL
injection vu ...)
+ TODO: check
+CVE-2024-25511 (RuvarOA v6.01 and v12.01 were discovered to contain a SQL
injection vu ...)
+ TODO: check
+CVE-2024-25510 (RuvarOA v6.01 and v12.01 were discovered to contain a SQL
injection vu ...)
+ TODO: check
+CVE-2024-25509 (RuvarOA v6.01 and v12.01 were discovered to contain a SQL
injection vu ...)
+ TODO: check
+CVE-2024-25508 (RuvarOA v6.01 and v12.01 were discovered to contain a SQL
injection vu ...)
+ TODO: check
+CVE-2024-25507 (RuvarOA v6.01 and v12.01 were discovered to contain a SQL
injection vu ...)
+ TODO: check
+CVE-2023-7240 (An improper authorization level has been detected in the login
panel. ...)
+ TODO: check
+CVE-2023-6810 (The ClickCease Click Fraud Protection plugin for WordPress is
vulnerab ...)
+ TODO: check
+CVE-2023-46012 (Buffer Overflow vulnerability LINKSYS EA7500 3.0.1.207964
allows a rem ...)
+ TODO: check
+CVE-2023-42757 (Process Explorer before 17.04 allows attackers to make it
functionally ...)
+ TODO: check
+CVE-2024-4559 (Heap buffer overflow in WebAudio in Google Chrome prior to
124.0.6367. ...)
- chromium <unfixed>
[bullseye] - chromium <end-of-life> (see #1061268)
[buster] - chromium <end-of-life> (see DSA 5046)
-CVE-2024-4558
+CVE-2024-4558 (Use after free in ANGLE in Google Chrome prior to
124.0.6367.155 allow ...)
- chromium <unfixed>
[bullseye] - chromium <end-of-life> (see #1061268)
[buster] - chromium <end-of-life> (see DSA 5046)
-CVE-2024-34397 [GDBus signal subscriptions for well-known names are vulnerable
to unicast spoofing]
+CVE-2024-34397 (An issue was discovered in GNOME GLib before 2.78.5, and
2.79.x and 2. ...)
+ {DSA-5682-1}
- glib2.0 2.80.0-10
NOTE: https://gitlab.gnome.org/GNOME/glib/-/issues/3268
NOTE: Fixes: https://gitlab.gnome.org/GNOME/glib/-/issues/3268#fixes
@@ -155,7 +320,7 @@ CVE-2024-3752 (The Crelly Slider WordPress plugin through
1.4.5 does not sanitis
NOT-FOR-US: WordPress plugin
CVE-2024-3661 (By design, the DHCP protocol does not authenticate messages,
including ...)
TODO: check
-CVE-2024-3576 (The NPort 5100A Series prior to version 1.6 is affected by web
server ...)
+CVE-2024-3576 (The NPort 5100A Series firmware version v1.6 and prior versions
are af ...)
NOT-FOR-US: Moxa
CVE-2024-34538 (Mateso PasswordSafe through 8.13.9.26689 has Weak
Cryptography.)
NOT-FOR-US: Mateso PasswordSafe
@@ -9491,7 +9656,8 @@ CVE-2024-3136 (The MasterStudy LMS plugin for WordPress
is vulnerable to Local F
NOT-FOR-US: WordPress plugin
CVE-2024-3097 (The WordPress Gallery Plugin \u2013 NextGEN Gallery plugin for
WordPre ...)
NOT-FOR-US: WordPress plugin
-CVE-2024-3093 (The Font Farsi plugin for WordPress is vulnerable to Stored
Cross-Site ...)
+CVE-2024-3093
+ REJECTED
NOT-FOR-US: WordPress plugin
CVE-2024-3064 (The Elementor Addons, Widgets and Enhancements \u2013 Stax
plugin for ...)
NOT-FOR-US: WordPress plugin
@@ -12227,7 +12393,7 @@ CVE-2024-27983 (An attacker can make the Node.js HTTP/2
server completely unavai
- nodejs 18.20.1+dfsg-1 (bug #1068347)
NOTE:
https://nodejs.org/en/blog/vulnerability/april-2024-security-releases/
NOTE: Fixed by:
https://github.com/nodejs/node/commit/0fb816dbccde955cd24acc1b16497a91fab507c8
(v18.20.1)
-CVE-2024-27982
+CVE-2024-27982 (The team has identified a critical vulnerability in the http
server of ...)
- nodejs 18.20.1+dfsg-1 (bug #1068347)
NOTE:
https://nodejs.org/en/blog/vulnerability/april-2024-security-releases/
NOTE: Fixed by:
https://github.com/nodejs/node/commit/5d4d5848cf557fba6dc0bfdd020471ea607950ca
(v18.20.1)
@@ -51904,7 +52070,7 @@ CVE-2023-41305 (Vulnerability of 5G messages being sent
without being encrypted
NOT-FOR-US: Huawei
CVE-2023-3767 (An OS command injection vulnerability has been found on EasyPHP
Webse ...)
NOT-FOR-US: EasyPHP Webserver
-CVE-2023-38907 (An issue in TPLink Smart bulb Tapo series L530 v.1.0.0 and
Tapo Applic ...)
+CVE-2023-38907 (An issue in TPLink Smart Bulb Tapo series L530 before 1.2.4,
L510E bef ...)
NOT-FOR-US: TP-Link
CVE-2022-48606 (Stability-related vulnerability in the binder background
management an ...)
NOT-FOR-US: Huawei
@@ -56543,11 +56709,11 @@ CVE-2023-39141 (webui-aria2 commit 4fe2e was
discovered to contain a path traver
NOT-FOR-US: webui-aria2
CVE-2023-38996 (An issue in all versions of Douran DSGate allows a local
authenticated ...)
NOT-FOR-US: Douran DSGate
-CVE-2023-38909 (An issue in TPLink Smart bulb Tapo series L530 v.1.0.0 and
Tapo Applic ...)
+CVE-2023-38909 (An issue in TPLink Smart Bulb Tapo series L530 before 1.2.4,
L510E bef ...)
NOT-FOR-US: TPLink
-CVE-2023-38908 (An issue in TPLink Smart bulb Tapo series L530 v.1.0.0 and
Tapo Applic ...)
+CVE-2023-38908 (An issue in TPLink Smart Bulb Tapo series L530 before 1.2.4,
L510E bef ...)
NOT-FOR-US: TPLink
-CVE-2023-38906 (An issue in TPLink Smart bulb Tapo series L530 v.1.0.0 and
Tapo Applic ...)
+CVE-2023-38906 (An issue in TPLink Smart Bulb Tapo series L530 1.1.9, L510E
1.0.8, L63 ...)
NOT-FOR-US: TPLink
CVE-2023-38732 (IBM Robotic Process Automation 21.0.0 through 21.0.7 server
could allo ...)
NOT-FOR-US: IBM
@@ -69734,8 +69900,8 @@ CVE-2023-31236 (Auth. (admin+) Stored Cross-Site
Scripting (XSS) vulnerability i
NOT-FOR-US: WordPress plugin
CVE-2023-31235 (Cross-Site Request Forgery (CSRF) vulnerability in Roland
Barker, xnau ...)
NOT-FOR-US: WordPress plugin
-CVE-2023-31234
- RESERVED
+CVE-2023-31234 (Missing Authorization vulnerability in Tilda Publishing.This
issue aff ...)
+ TODO: check
CVE-2023-31233 (Auth. (admin+) Stored Cross-Site Scripting (XSS) vulnerability
in Haoq ...)
NOT-FOR-US: WordPress plugin
CVE-2023-31232 (Auth. (admin+) Stored Cross-Site Scripting (XSS) vulnerability
in Davi ...)
@@ -131228,7 +131394,7 @@ CVE-2022-35242 (Unauthenticated plugin settings
change vulnerability in 59sec TH
NOT-FOR-US: WordPress plugin
CVE-2022-35235 (Authenticated (admin+) Arbitrary File Read vulnerability in
XplodedThe ...)
NOT-FOR-US: WordPress plugin
-CVE-2022-31474 (Directory Traversal vulnerability in iThemes BackupBuddy
plugin 8.5.8. ...)
+CVE-2022-31474 (Improper Limitation of a Pathname to a Restricted Directory
('Path Tra ...)
NOT-FOR-US: WordPress plugin
CVE-2022-29476 (Unauthenticated Stored Cross-Site Scripting (XSS)
vulnerability in 8 D ...)
NOT-FOR-US: WordPress plugin
@@ -133406,7 +133572,7 @@ CVE-2022-37251 (Craft CMS 4.2.0.1 is vulnerable to
Cross Site Scripting (XSS) vi
CVE-2022-37250 (Craft CMS 4.2.0.1 suffers from Stored Cross Site Scripting
(XSS) in /a ...)
NOT-FOR-US: Craft CMS
CVE-2022-37249
- RESERVED
+ REJECTED
CVE-2022-37248 (Craft CMS 4.2.0.1 is vulnerable to Cross Site Scripting (XSS)
via src/ ...)
NOT-FOR-US: Craft CMS
CVE-2022-37247 (Craft CMS 4.2.0.1 is vulnerable to stored a cross-site
scripting (XSS) ...)
@@ -140723,7 +140889,8 @@ CVE-2022-34625 (Mealie1.0.0beta3 was discovered to
contain a Server-Side Templat
NOT-FOR-US: hay-kot/mealie
CVE-2022-34624 (Mealie1.0.0beta3 does not terminate download tokens after a
user logs ...)
NOT-FOR-US: Mealie
-CVE-2022-34623 (Mealie1.0.0beta3 is vulnerable to user enumeration via timing
response ...)
+CVE-2022-34623
+ REJECTED
NOT-FOR-US: Mealie
CVE-2022-34622
RESERVED
View it on GitLab:
https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/65aa002ccd4ee7f7331aadcd693237cd33907a47
--
View it on GitLab:
https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/65aa002ccd4ee7f7331aadcd693237cd33907a47
You're receiving this email because of your account on salsa.debian.org.
_______________________________________________
debian-security-tracker-commits mailing list
[email protected]
https://alioth-lists.debian.net/cgi-bin/mailman/listinfo/debian-security-tracker-commits
