Salvatore Bonaccorso pushed to branch master at Debian Security Tracker /
security-tracker
Commits:
a7277cec by security tracker role at 2024-05-09T08:12:01+00:00
automatic update
- - - - -
1 changed file:
- data/CVE/list
Changes:
=====================================
data/CVE/list
=====================================
@@ -1,3 +1,43 @@
+CVE-2024-4672 (A vulnerability classified as problematic was found in
Campcodes Compl ...)
+ TODO: check
+CVE-2024-4597 (An issue has been discovered in GitLab EE affecting all
versions from ...)
+ TODO: check
+CVE-2024-4539 (An issue has been discovered in GitLab CE/EE affecting all
versions st ...)
+ TODO: check
+CVE-2024-3903 (The Add Custom CSS and JS WordPress plugin through 1.20 does
not have ...)
+ TODO: check
+CVE-2024-3590 (The LetterPress WordPress plugin through 1.2.2 does not have
CSRF che ...)
+ TODO: check
+CVE-2024-3582 (The UnGallery WordPress plugin through 2.2.4 does not have CSRF
check ...)
+ TODO: check
+CVE-2024-3016 (NEC Platforms DT900 and DT900S Series 5.0.0.0 \u2013 v5.3.4.4,
v5.4.0. ...)
+ TODO: check
+CVE-2024-34365 (** UNSUPPORTED WHEN ASSIGNED ** Improper Input Validation
vulnerabilit ...)
+ TODO: check
+CVE-2024-34308 (TOTOLINK LR350 V9.3.5u.6369_B20220309 was discovered to
contain a stac ...)
+ TODO: check
+CVE-2024-34196 (Totolink AC1200 Wireless Dual Band Gigabit Router A3002RU_V3
Firmware ...)
+ TODO: check
+CVE-2024-32672 (A Segmentation Fault issue discovered in Samsung Open Source
Escargo ...)
+ TODO: check
+CVE-2024-32669 (Improper Input Validation vulnerability in Samsung Open Source
escargo ...)
+ TODO: check
+CVE-2024-2651 (An issue has been discovered in GitLab CE/EE affecting all
versions be ...)
+ TODO: check
+CVE-2024-2454 (An issue has been discovered in GitLab CE/EE affecting all
versions st ...)
+ TODO: check
+CVE-2024-28759 (A crafted network packet may cause a buffer overrun in Wind
River VxWo ...)
+ TODO: check
+CVE-2024-27793 (The issue was addressed with improved checks. This issue is
fixed in i ...)
+ TODO: check
+CVE-2024-26517 (SQL Injection vulnerability in School Task Manager v.1.0
allows a remo ...)
+ TODO: check
+CVE-2023-6688 (An issue has been discovered in GitLab CE/EE affecting all
versions st ...)
+ TODO: check
+CVE-2023-6682 (An issue has been discovered in GitLab CE/EE affecting all
versions st ...)
+ TODO: check
+CVE-2023-5971 (The Save as PDF Plugin by Pdfcrowd WordPress plugin before
3.2.0 does ...)
+ TODO: check
CVE-2024-29510
- ghostscript <unfixed>
NOTE: https://ghostscript.readthedocs.io/en/gs10.03.1/News.html
@@ -917,13 +957,13 @@ CVE-2023-32873 (In keyInstall, there is a possible out of
bounds write due to a
TODO: check
CVE-2023-32871 (In DA, there is a possible permission bypass due to an
incorrect statu ...)
TODO: check
-CVE-2024-29857
+CVE-2024-29857 (An issue was discovered in Bouncy Castle Java Cryptography
APIs before ...)
- bouncycastle <unfixed> (bug #1070655)
[bookworm] - bouncycastle <no-dsa> (Minor issue)
[bullseye] - bouncycastle <no-dsa> (Minor issue)
NOTE: https://github.com/bcgit/bc-java/issues/1635
NOTE: https://www.bouncycastle.org/latest_releases.html
-CVE-2024-30172
+CVE-2024-30172 (An issue was discovered in Bouncy Castle Java Cryptography
APIs before ...)
- bouncycastle <unfixed> (bug #1070655)
[bookworm] - bouncycastle <no-dsa> (Minor issue)
[bullseye] - bouncycastle <no-dsa> (Minor issue)
@@ -5240,7 +5280,7 @@ CVE-2022-48682 (In deletefiles in FDUPES before 2.2.0, a
TOCTOU race condition a
[buster] - fdupes <postponed> (Minor issue)
NOTE: https://bugzilla.suse.com/show_bug.cgi?id=1200381
NOTE:
https://github.com/adrianlopezroche/fdupes/commit/85680897148f1ac33b55418e00334116e419717f
(v2.2.0)
-CVE-2024-27282 [Arbitrary memory address read vulnerability with Regex search]
+CVE-2024-27282 (An issue was discovered in Ruby 3.x through 3.3.0. If
attacker-supplie ...)
{DSA-5677-1}
- ruby3.2 <unfixed> (bug #1069968)
- ruby3.1 <unfixed> (bug #1069969)
@@ -5757,7 +5797,7 @@ CVE-2024-25583 (A crafted response from an upstream
server the recursor has been
NOTE: Fixed by:
https://github.com/PowerDNS/pdns/commit/e1247da968077ee7c58fa41447057ee2a2b09fc9
(rec-4.8.8)
CVE-2024-3154 (A flaw was found in cri-o, where an arbitrary systemd property
can be ...)
- cri-o <itp> (bug #979702)
-CVE-2024-30171
+CVE-2024-30171 (An issue was discovered in Bouncy Castle Java TLS API and JSSE
Provide ...)
- bouncycastle <unfixed> (bug #1070655)
[bookworm] - bouncycastle <no-dsa> (Minor issue)
[bullseye] - bouncycastle <no-dsa> (Minor issue)
@@ -11535,6 +11575,7 @@ CVE-2024-31498 (Yubico ykman-gui (aka YubiKey Manager
GUI) before 1.2.6 on Windo
CVE-2024-31212 (InstantCMS is a free and open source content management
system. A SQL ...)
NOT-FOR-US: InstantCMS
CVE-2024-31210 (WordPress is an open publishing platform for the Web. It's
possible fo ...)
+ {DSA-5685-1}
- wordpress 6.4.3+dfsg1-1
[buster] - wordpress 5.0.21+dfsg1-0+deb10u1
NOTE:
https://wordpress.org/news/2024/01/wordpress-6-4-3-maintenance-and-security-release/
@@ -15805,7 +15846,7 @@ CVE-2020-36826 (A vulnerability was found in
AwesomestCode LiveBot. It has been
NOT-FOR-US: AwesomestCode LiveBot
CVE-2020-36825 (A vulnerability has been found in cyberaz0r WebRAT up to
20191222 and ...)
NOT-FOR-US: cyberaz0r WebRAT
-CVE-2024-27281 [RCE vulnerability with .rdoc_options in RDoc]
+CVE-2024-27281 (An issue was discovered in RDoc 6.3.3 through 6.6.2, as
distributed in ...)
{DSA-5677-1}
- ruby3.2 <unfixed> (bug #1067802)
- ruby3.1 <unfixed> (bug #1067803)
@@ -15813,7 +15854,7 @@ CVE-2024-27281 [RCE vulnerability with .rdoc_options in
RDoc]
- ruby2.5 <removed>
NOTE:
https://www.ruby-lang.org/en/news/2024/03/21/rce-rdoc-cve-2024-27281/
NOTE:
https://github.com/ruby/rdoc/commit/da7a0c7553ef7250ca665a3fecdc01dbaacbb43d
(v6.6.3)
-CVE-2024-27280 [Buffer overread vulnerability in StringIO]
+CVE-2024-27280 (A buffer-overread issue was discovered in StringIO 3.0.1, as
distribut ...)
{DSA-5677-1}
- ruby3.2 <not-affected> (Fixed before initial upload to Debian)
- ruby3.1 <unfixed> (bug #1069966)
@@ -16127,6 +16168,7 @@ CVE-2024-23494 (SQL injection vulnerability exists in
GetDIAE_unListParameters.)
CVE-2024-0957 (The WooCommerce PDF Invoices, Packing Slips, Delivery Notes and
Shippi ...)
NOT-FOR-US: WordPress plugin
CVE-2023-42956 (The issue was addressed with improved memory handling. This
issue is f ...)
+ {DSA-5684-1}
- webkit2gtk 2.44.0-1
[buster] - webkit2gtk <end-of-life> (EOL in buster LTS)
- wpewebkit 2.44.1-1
@@ -16136,6 +16178,7 @@ CVE-2023-42956 (The issue was addressed with improved
memory handling. This issu
CVE-2023-42954 (A privilege escalation issue existed in FileMaker Server,
potentially ...)
NOT-FOR-US: Claris FileMaker Server
CVE-2023-42950 (A use after free issue was addressed with improved memory
management. ...)
+ {DSA-5684-1}
- webkit2gtk 2.44.0-1
[buster] - webkit2gtk <end-of-life> (EOL in buster LTS)
- wpewebkit 2.44.1-1
@@ -19682,6 +19725,7 @@ CVE-2024-23286 (A buffer overflow issue was addressed
with improved memory handl
CVE-2024-23285 (This issue was addressed with improved handling of symlinks.
This issu ...)
NOT-FOR-US: Apple
CVE-2024-23284 (A logic issue was addressed with improved state management.
This issue ...)
+ {DSA-5684-1}
- webkit2gtk 2.44.0-1
[buster] - webkit2gtk <end-of-life> (EOL in buster LTS)
- wpewebkit 2.44.1-1
@@ -19693,6 +19737,7 @@ CVE-2024-23283 (A privacy issue was addressed with
improved private data redacti
CVE-2024-23281 (This issue was addressed with improved state management. This
issue is ...)
NOT-FOR-US: Apple
CVE-2024-23280 (An injection issue was addressed with improved validation.
This issue ...)
+ {DSA-5684-1}
- webkit2gtk 2.44.0-1
[buster] - webkit2gtk <end-of-life> (EOL in buster LTS)
- wpewebkit 2.44.1-1
@@ -19730,6 +19775,7 @@ CVE-2024-23265 (A memory corruption vulnerability was
addressed with improved lo
CVE-2024-23264 (A validation issue was addressed with improved input
sanitization. Thi ...)
NOT-FOR-US: Apple
CVE-2024-23263 (A logic issue was addressed with improved validation. This
issue is fi ...)
+ {DSA-5684-1}
- webkit2gtk 2.44.0-1
[buster] - webkit2gtk <end-of-life> (EOL in buster LTS)
- wpewebkit 2.44.1-1
@@ -19749,6 +19795,7 @@ CVE-2024-23257 (The issue was addressed with improved
memory handling. This issu
CVE-2024-23255 (An authentication issue was addressed with improved state
management. ...)
NOT-FOR-US: Apple
CVE-2024-23254 (The issue was addressed with improved UI handling. This issue
is fixed ...)
+ {DSA-5684-1}
- webkit2gtk 2.44.0-1
[buster] - webkit2gtk <end-of-life> (EOL in buster LTS)
- wpewebkit 2.44.1-1
@@ -19759,6 +19806,7 @@ CVE-2024-23253 (A permissions issue was addressed with
additional restrictions.
NOT-FOR-US: Apple
CVE-2024-23252
REJECTED
+ {DSA-5684-1}
CVE-2024-23250 (An access issue was addressed with improved access
restrictions. This ...)
NOT-FOR-US: Apple
CVE-2024-23249 (The issue was addressed with improved memory handling. This
issue is f ...)
@@ -24468,6 +24516,7 @@ CVE-2023-42853 (A logic issue was addressed with
improved checks. This issue is
CVE-2023-42848 (The issue was addressed with improved bounds checks. This
issue is fix ...)
NOT-FOR-US: Apple
CVE-2023-42843 (An inconsistent user interface issue was addressed with
improved state ...)
+ {DSA-5684-1}
- webkit2gtk 2.44.0-1
[buster] - webkit2gtk <end-of-life> (EOL in buster LTS)
- wpewebkit 2.44.1-1
@@ -48381,7 +48430,7 @@ CVE-2023-5595 (Denial of Service in GitHub repository
gpac/gpac prior to 2.3.0-D
CVE-2023-5575 (Improper access control in the permission inheritance in
Devolutions S ...)
NOT-FOR-US: Devolutions Server
CVE-2023-5561 (WordPress does not properly restrict which user fields are
searchable ...)
- {DLA-3658-1}
+ {DSA-5685-1 DLA-3658-1}
- wordpress 6.3.2+dfsg1-1
NOTE:
https://wordpress.org/documentation/wordpress-version/version-6-3-2/
NOTE: https://core.trac.wordpress.org/changeset/56840/
@@ -48826,7 +48875,7 @@ CVE-2023-41680 (A improper neutralization of input
during web page generation ('
CVE-2023-40682 (IBM App Connect Enterprise 12.0.1.0 through 12.0.8.0 contains
an unspe ...)
NOT-FOR-US: OVM
CVE-2023-39999 (Exposure of Sensitive Information to an Unauthorized Actor in
WordPres ...)
- {DLA-3658-1}
+ {DSA-5685-1 DLA-3658-1}
- wordpress 6.3.2+dfsg1-1
NOTE:
https://wordpress.org/documentation/wordpress-version/version-6-3-2/
NOTE: https://core.trac.wordpress.org/changeset/56843/
@@ -68828,7 +68877,7 @@ CVE-2023-2765 (A vulnerability has been found in Weaver
OA up to 9.5 and classif
CVE-2023-2756 (SQL Injection in GitHub repository
pimcore/customer-data-framework pri ...)
NOT-FOR-US: pimcore
CVE-2023-2745 (WordPress Core is vulnerable to Directory Traversal in versions
up to, ...)
- {DLA-3462-1}
+ {DSA-5685-1 DLA-3462-1}
- wordpress 6.2.1+dfsg1-1 (bug #1036296)
NOTE: https://core.trac.wordpress.org/changeset?old=55765&new=55765
NOTE:
https://wordpress.org/news/2023/05/wordpress-6-2-1-maintenance-security-release/
@@ -117279,7 +117328,7 @@ CVE-2022-43280 (wasm-interp v1.0.29 was discovered to
contain an out-of-bounds r
- wabt 1.0.30-1 (unimportant)
NOTE: https://github.com/WebAssembly/wabt/issues/1982
NOTE: Crash in CLI tool, no security impact
-CVE-2022-43279 (LimeSurvey v5.4.4 was discovered to contain a SQL injection
vulnerabil ...)
+CVE-2022-43279 (LimeSurvey before v5.0.4 was discovered to contain a SQL
injection vul ...)
- limesurvey <itp> (bug #472802)
CVE-2022-43278 (Canteen Management System v1.0 was discovered to contain a SQL
injecti ...)
NOT-FOR-US: Canteen Management System
@@ -131493,7 +131542,7 @@ CVE-2022-38166 (In F-Secure Endpoint Protection for
Windows and macOS before cha
NOT-FOR-US: F-Secure
CVE-2022-38165 (Arbitrary file write in F-Secure Policy Manager through
2022-08-10 all ...)
NOT-FOR-US: WithSecure
-CVE-2022-38164 (WithSecure through 2022-08-10 allows attackers to cause a
denial of se ...)
+CVE-2022-38164 (A vulnerability affecting F-Secure SAFE browser for Android
and iOS wa ...)
NOT-FOR-US: WithSecure
CVE-2022-38163 (A Drag and Drop spoof vulnerability was discovered in F-Secure
SAFE Br ...)
NOT-FOR-US: WithSecure
@@ -226170,7 +226219,7 @@ CVE-2021-30082 (An issue was discovered in Gris CMS
v0.1. There is a Persistent
NOT-FOR-US: Gris CMS
CVE-2021-30081 (An issue was discovered in emlog 6.0.0stable. There is a SQL
Injection ...)
NOT-FOR-US: emlog
-CVE-2021-30080 (An issue was discovered in the route lookup process in beego
through 2 ...)
+CVE-2021-30080 (An issue was discovered in the route lookup process in beego
before 1. ...)
NOT-FOR-US: Beego
CVE-2021-30079
RESERVED
View it on GitLab:
https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/a7277cec7a0b050c02d41f8275547616ad1f3069
--
View it on GitLab:
https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/a7277cec7a0b050c02d41f8275547616ad1f3069
You're receiving this email because of your account on salsa.debian.org.
_______________________________________________
debian-security-tracker-commits mailing list
[email protected]
https://alioth-lists.debian.net/cgi-bin/mailman/listinfo/debian-security-tracker-commits
