Salvatore Bonaccorso pushed to branch master at Debian Security Tracker /
security-tracker
Commits:
459a3e8f by security tracker role at 2024-05-09T20:12:38+00:00
automatic update
- - - - -
1 changed file:
- data/CVE/list
Changes:
=====================================
data/CVE/list
=====================================
@@ -1,3 +1,373 @@
+CVE-2024-4685 (A vulnerability was found in Campcodes Complete Web-Based
School Manag ...)
+ TODO: check
+CVE-2024-4684 (A vulnerability was found in Campcodes Complete Web-Based
School Manag ...)
+ TODO: check
+CVE-2024-4683 (A vulnerability was found in Campcodes Complete Web-Based
School Manag ...)
+ TODO: check
+CVE-2024-4682 (A vulnerability has been found in Campcodes Complete Web-Based
School ...)
+ TODO: check
+CVE-2024-4681 (A vulnerability, which was classified as critical, was found in
Campco ...)
+ TODO: check
+CVE-2024-4678 (A vulnerability was found in Campcodes Complete Web-Based
School Manag ...)
+ TODO: check
+CVE-2024-4677 (A vulnerability was found in Campcodes Complete Web-Based
School Manag ...)
+ TODO: check
+CVE-2024-4676 (A vulnerability was found in Campcodes Complete Web-Based
School Manag ...)
+ TODO: check
+CVE-2024-4675 (A vulnerability has been found in Campcodes Complete Web-Based
School ...)
+ TODO: check
+CVE-2024-4674 (A vulnerability, which was classified as problematic, was found
in Cam ...)
+ TODO: check
+CVE-2024-4673 (A vulnerability, which was classified as problematic, has been
found i ...)
+ TODO: check
+CVE-2024-4614
+ REJECTED
+CVE-2024-4606 (Deserialization of Untrusted Data vulnerability in BdThemes
Ultimate S ...)
+ TODO: check
+CVE-2024-4605 (The Breakdance plugin for WordPress is vulnerable to Remote
Code Execu ...)
+ TODO: check
+CVE-2024-4579
+ REJECTED
+CVE-2024-4572
+ REJECTED
+CVE-2024-4571
+ REJECTED
+CVE-2024-4567 (The Themify Shortcodes plugin for WordPress is vulnerable to
Stored Cr ...)
+ TODO: check
+CVE-2024-4545 (All versions of EnterpriseDB Postgres Advanced Server (EPAS)
from 15.0 ...)
+ TODO: check
+CVE-2024-4542 (The WP Shortcodes Plugin \u2014 Shortcodes Ultimate plugin for
WordPre ...)
+ TODO: check
+CVE-2024-4463 (The Squelch Tabs and Accordions Shortcodes plugin for WordPress
is vul ...)
+ TODO: check
+CVE-2024-4446 (The Content Views \u2013 Post Grid & Filter, Recent Posts,
Category Po ...)
+ TODO: check
+CVE-2024-4441 (The XML Sitemap & Google News plugin for WordPress is
vulnerable to Lo ...)
+ TODO: check
+CVE-2024-4425 (The access control inCemiPark software stores integration (e.g.
FTP or ...)
+ TODO: check
+CVE-2024-4424 (The access control inCemiPark software does not properly
validate user ...)
+ TODO: check
+CVE-2024-4423 (The access control inCemiPark software does not properly
validate user ...)
+ TODO: check
+CVE-2024-4411 (The Mihdan: Yandex Turbo Feed plugin for WordPress is
vulnerable to St ...)
+ TODO: check
+CVE-2024-4397 (The LearnPress \u2013 WordPress LMS Plugin plugin for WordPress
is vul ...)
+ TODO: check
+CVE-2024-4386 (The Gallery Block (Meow Gallery) plugin for WordPress is
vulnerable to ...)
+ TODO: check
+CVE-2024-4383 (The Simple Membership plugin for WordPress is vulnerable to
Stored Cro ...)
+ TODO: check
+CVE-2024-4339 (The Prime Slider \u2013 Addons For Elementor (Revolution of a
slider, ...)
+ TODO: check
+CVE-2024-4335 (The Rank Math SEO with AI Best SEO Tools plugin for WordPress
is vulne ...)
+ TODO: check
+CVE-2024-4316 (The EmbedPress \u2013 Embed PDF, Google Docs, Vimeo, Wistia,
Embed You ...)
+ TODO: check
+CVE-2024-4314 (The Hostel plugin for WordPress is vulnerable to Cross-Site
Request Fo ...)
+ TODO: check
+CVE-2024-4312 (The Soccer Engine \u2013 Soccer Plugin for WordPress plugin for
WordPr ...)
+ TODO: check
+CVE-2024-4193 (The Testimonial Slider plugin for WordPress is vulnerable to
Stored Cr ...)
+ TODO: check
+CVE-2024-4158 (The Blocksy theme for WordPress is vulnerable to Stored
Cross-Site Scr ...)
+ TODO: check
+CVE-2024-4150 (The Simple Basic Contact Form plugin for WordPress is
vulnerable to Re ...)
+ TODO: check
+CVE-2024-4107 (The Elementor Website Builder \u2013 More than Just a Page
Builder Pro ...)
+ TODO: check
+CVE-2024-4104 (The ADFO \u2013 Custom data in admin dashboard plugin for
WordPress is ...)
+ TODO: check
+CVE-2024-4103 (The ADFO \u2013 Custom data in admin dashboard plugin for
WordPress is ...)
+ TODO: check
+CVE-2024-4082 (The Joli FAQ SEO \u2013 WordPress FAQ Plugin plugin for
WordPress is v ...)
+ TODO: check
+CVE-2024-4041 (The Yoast SEO plugin for WordPress is vulnerable to Reflected
Cross-Si ...)
+ TODO: check
+CVE-2024-4038 (The The Back In Stock Notifier for WooCommerce | WooCommerce
Waitlist ...)
+ TODO: check
+CVE-2024-3990 (The HT Mega \u2013 Absolute Addons For Elementor plugin for
WordPress ...)
+ TODO: check
+CVE-2024-3989 (The HT Mega \u2013 Absolute Addons For Elementor plugin for
WordPress ...)
+ TODO: check
+CVE-2024-3974 (The BuddyPress plugin for WordPress is vulnerable to Stored
Cross-Site ...)
+ TODO: check
+CVE-2024-3954 (The Ditty plugin for WordPress is vulnerable to PHP Object
Injection i ...)
+ TODO: check
+CVE-2024-3952 (The Advanced Ads \u2013Ad Manager & AdSense plugin for
WordPress is vu ...)
+ TODO: check
+CVE-2024-3923 (The Beaver Builder \u2013 WordPress Page Builder plugin for
WordPress ...)
+ TODO: check
+CVE-2024-3916 (The Swift Framework plugin for WordPress is vulnerable to
Stored Cross ...)
+ TODO: check
+CVE-2024-3915 (The Swift Framework plugin for WordPress is vulnerable to
unauthorized ...)
+ TODO: check
+CVE-2024-3831 (The Enter Addons \u2013 Ultimate Template Builder for Elementor
plugin ...)
+ TODO: check
+CVE-2024-3809 (The Porto Theme - Functionality plugin for WordPress is
vulnerable to ...)
+ TODO: check
+CVE-2024-3808 (The Porto Theme - Functionality plugin for WordPress is
vulnerable to ...)
+ TODO: check
+CVE-2024-3807 (The Porto theme for WordPress is vulnerable to Local File
Inclusion in ...)
+ TODO: check
+CVE-2024-3806 (The Porto theme for WordPress is vulnerable to Local File
Inclusion in ...)
+ TODO: check
+CVE-2024-3727 (A flaw was found in the github.com/containers/image library.
This flaw ...)
+ TODO: check
+CVE-2024-3722 (The Swift Performance Lite plugin for WordPress is vulnerable
to unaut ...)
+ TODO: check
+CVE-2024-3680 (The Enter Addons \u2013 Ultimate Template Builder for Elementor
plugin ...)
+ TODO: check
+CVE-2024-3595 (The Pure Chat \u2013 Live Chat Plugin & More! plugin for
WordPress is ...)
+ TODO: check
+CVE-2024-3461 (KioWare for Windows (versions all through 8.35)allows to brute
force t ...)
+ TODO: check
+CVE-2024-3460 (In KioWare for Windows (versions all through 8.34)it is
possible to ex ...)
+ TODO: check
+CVE-2024-3459 (KioWare for Windows (versions allthrough 8.34)allows to escape
the env ...)
+ TODO: check
+CVE-2024-3070 (The Last Viewed Posts by WPBeginner plugin for WordPress is
vulnerable ...)
+ TODO: check
+CVE-2024-3068 (The Custom Field Suite plugin for WordPress is vulnerable to
Stored Cr ...)
+ TODO: check
+CVE-2024-34559 (Insertion of Sensitive Information into Log File vulnerability
in Ghos ...)
+ TODO: check
+CVE-2024-34557 (Cross-Site Request Forgery (CSRF) vulnerability in UkrSolution
Barcode ...)
+ TODO: check
+CVE-2024-34556 (Exposure of Sensitive Information to an Unauthorized Actor
vulnerabili ...)
+ TODO: check
+CVE-2024-34550 (Insertion of Sensitive Information into Log File vulnerability
in Alex ...)
+ TODO: check
+CVE-2024-34549 (Exposure of Sensitive Information to an Unauthorized Actor
vulnerabili ...)
+ TODO: check
+CVE-2024-34445 (Improper Neutralization of Input During Web Page Generation
('Cross-si ...)
+ TODO: check
+CVE-2024-34441 (Improper Neutralization of Input During Web Page Generation
('Cross-si ...)
+ TODO: check
+CVE-2024-34439 (Cross-Site Request Forgery (CSRF) vulnerability in divSpot DS
Site Mes ...)
+ TODO: check
+CVE-2024-34437 (Improper Neutralization of Input During Web Page Generation
('Cross-si ...)
+ TODO: check
+CVE-2024-34436 (Improper Neutralization of Input During Web Page Generation
('Cross-si ...)
+ TODO: check
+CVE-2024-34433 (Deserialization of Untrusted Data vulnerability in OCDI One
Click Demo ...)
+ TODO: check
+CVE-2024-34432 (Improper Neutralization of Input During Web Page Generation
('Cross-si ...)
+ TODO: check
+CVE-2024-34431 (Improper Neutralization of Input During Web Page Generation
('Cross-si ...)
+ TODO: check
+CVE-2024-34430 (Improper Neutralization of Input During Web Page Generation
('Cross-si ...)
+ TODO: check
+CVE-2024-34429 (Improper Neutralization of Input During Web Page Generation
('Cross-si ...)
+ TODO: check
+CVE-2024-34428 (Improper Neutralization of Input During Web Page Generation
('Cross-si ...)
+ TODO: check
+CVE-2024-34427 (Cross-Site Request Forgery (CSRF) vulnerability in Huseyin
Berberoglu ...)
+ TODO: check
+CVE-2024-34426 (Improper Neutralization of Input During Web Page Generation
('Cross-si ...)
+ TODO: check
+CVE-2024-34425 (Improper Neutralization of Input During Web Page Generation
('Cross-si ...)
+ TODO: check
+CVE-2024-34424 (Improper Neutralization of Input During Web Page Generation
('Cross-si ...)
+ TODO: check
+CVE-2024-34423 (Improper Neutralization of Input During Web Page Generation
('Cross-si ...)
+ TODO: check
+CVE-2024-34422 (Improper Neutralization of Input During Web Page Generation
('Cross-si ...)
+ TODO: check
+CVE-2024-34421 (Improper Neutralization of Input During Web Page Generation
('Cross-si ...)
+ TODO: check
+CVE-2024-34420 (Improper Neutralization of Input During Web Page Generation
('Cross-si ...)
+ TODO: check
+CVE-2024-34419 (Improper Neutralization of Input During Web Page Generation
('Cross-si ...)
+ TODO: check
+CVE-2024-34418 (Improper Neutralization of Input During Web Page Generation
('Cross-si ...)
+ TODO: check
+CVE-2024-34417 (Improper Neutralization of Input During Web Page Generation
('Cross-si ...)
+ TODO: check
+CVE-2024-34415 (Improper Neutralization of Input During Web Page Generation
('Cross-si ...)
+ TODO: check
+CVE-2024-34354 (CMSaaSStarter is a SaaS template/boilerplate built with
SvelteKit, Tai ...)
+ TODO: check
+CVE-2024-34352 (1Panel is an open source Linux server operation and
maintenance manage ...)
+ TODO: check
+CVE-2024-34351 (Next.js is a React framework that can provide building blocks
to creat ...)
+ TODO: check
+CVE-2024-34350 (Next.js is a React framework that can provide building blocks
to creat ...)
+ TODO: check
+CVE-2024-34345 (The CycloneDX JavaScript library contains the core
functionality of OW ...)
+ TODO: check
+CVE-2024-34338 (A Blind command injection vulnerability in Tenda O3V2
V1.0.0.12 and ea ...)
+ TODO: check
+CVE-2024-34220 (Sourcecodester Human Resource Management System 1.0 is
vulnerable to S ...)
+ TODO: check
+CVE-2024-34219 (TOTOLINK CP450 V4.1.0cu.747_B20191224 was discovered to
contain a vuln ...)
+ TODO: check
+CVE-2024-34218 (TOTOLINK outdoor CPE CP450 v4.1.0cu.747_B20191224 was
discovered to co ...)
+ TODO: check
+CVE-2024-34217 (TOTOLINK CP450 v4.1.0cu.747_B20191224 was discovered to
contain a stac ...)
+ TODO: check
+CVE-2024-34215 (TOTOLINK CP450 v4.1.0cu.747_B20191224 was discovered to
contain a stac ...)
+ TODO: check
+CVE-2024-34213 (TOTOLINK CP450 v4.1.0cu.747_B20191224 was discovered to
contain a stac ...)
+ TODO: check
+CVE-2024-34212 (TOTOLINK CP450 v4.1.0cu.747_B20191224 was discovered to
contain a stac ...)
+ TODO: check
+CVE-2024-34211 (TOTOLINK CP450 v4.1.0cu.747_B20191224 was discovered to
contain a hard ...)
+ TODO: check
+CVE-2024-34210 (TOTOLINK outdoor CPE CP450 v4.1.0cu.747_B20191224 was
discovered to co ...)
+ TODO: check
+CVE-2024-34209 (TOTOLINK CP450 v4.1.0cu.747_B20191224 was discovered to
contain a stac ...)
+ TODO: check
+CVE-2024-34207 (TOTOLINK CP450 v4.1.0cu.747_B20191224 was discovered to
contain a stac ...)
+ TODO: check
+CVE-2024-34206 (TOTOLINK outdoor CPE CP450 v4.1.0cu.747_B20191224 was
discovered to co ...)
+ TODO: check
+CVE-2024-34205 (TOTOLINK CP450 v4.1.0cu.747_B20191224 was discovered to
contain a comm ...)
+ TODO: check
+CVE-2024-34204 (TOTOLINK outdoor CPE CP450 v4.1.0cu.747_B20191224 was
discovered to co ...)
+ TODO: check
+CVE-2024-34203 (TOTOLINK CP450 v4.1.0cu.747_B20191224 was discovered to
contain a stac ...)
+ TODO: check
+CVE-2024-34202 (TOTOLINK CP450 v4.1.0cu.747_B20191224 was discovered to
contain a stac ...)
+ TODO: check
+CVE-2024-34201 (TOTOLINK CP450 v4.1.0cu.747_B20191224 was discovered to
contain a stac ...)
+ TODO: check
+CVE-2024-34200 (TOTOLINK CPE CP450 v4.1.0cu.747_B20191224 was discovered to
contain a ...)
+ TODO: check
+CVE-2024-34074 (Frappe is a full-stack web application framework. Prior to
15.26.0 and ...)
+ TODO: check
+CVE-2024-33877 (HDF5 Library through 1.14.3 has a heap-based buffer overflow
in H5T__c ...)
+ TODO: check
+CVE-2024-33876 (HDF5 Library through 1.14.3 has a heap buffer overflow in
H5S__point_d ...)
+ TODO: check
+CVE-2024-33875 (HDF5 Library through 1.14.3 has a heap-based buffer overflow
in H5O__l ...)
+ TODO: check
+CVE-2024-33874 (HDF5 Library through 1.14.3 has a heap buffer overflow in
H5O__mtime_n ...)
+ TODO: check
+CVE-2024-33873 (HDF5 Library through 1.14.3 has a heap-based buffer overflow
in H5D__s ...)
+ TODO: check
+CVE-2024-33454 (Buffer Overflow vulnerability in esp-idf v.5.1 allows a remote
attacke ...)
+ TODO: check
+CVE-2024-32874 (Frigate is a network video recorder (NVR) with realtime local
object d ...)
+ TODO: check
+CVE-2024-32739 (A sql injection vulnerability exists in CyberPower PowerPanel
Enterpri ...)
+ TODO: check
+CVE-2024-32738 (A sql injection vulnerability exists in CyberPower PowerPanel
Enterpri ...)
+ TODO: check
+CVE-2024-32737 (A sql injection vulnerability exists in CyberPower PowerPanel
Enterpri ...)
+ TODO: check
+CVE-2024-32736 (A sql injection vulnerability exists in CyberPower PowerPanel
Enterpri ...)
+ TODO: check
+CVE-2024-32735 (An issue regarding missing authentication for certain
utilities exists ...)
+ TODO: check
+CVE-2024-32724 (Missing Authorization vulnerability in Woo product importer
Sharkdrops ...)
+ TODO: check
+CVE-2024-32719 (Missing Authorization vulnerability in WP Club Manager.This
issue affe ...)
+ TODO: check
+CVE-2024-32717 (Missing Authorization vulnerability in WPDeveloper
SchedulePress.This ...)
+ TODO: check
+CVE-2024-32712 (Missing Authorization vulnerability in Podlove Podlove Podcast
Publish ...)
+ TODO: check
+CVE-2024-32655 (Npgsql is the .NET data provider for PostgreSQL. In 8.0.2 and
earlier, ...)
+ TODO: check
+CVE-2024-32624 (HDF5 Library through 1.14.3 contains a heap-based buffer
overflow in H ...)
+ TODO: check
+CVE-2024-32623 (HDF5 Library through 1.14.3 contains a heap-based buffer
overflow in H ...)
+ TODO: check
+CVE-2024-32622 (HDF5 Library through 1.14.3 contains a out-of-bounds read
operation in ...)
+ TODO: check
+CVE-2024-32621 (HDF5 Library through 1.14.3 contains a heap-based buffer
overflow in H ...)
+ TODO: check
+CVE-2024-32620 (HDF5 Library through 1.14.3 contains a heap-based buffer
over-read in ...)
+ TODO: check
+CVE-2024-32619 (HDF5 Library through 1.14.3 contains a heap-based buffer
overflow in H ...)
+ TODO: check
+CVE-2024-32618 (HDF5 Library through 1.14.3 contains a heap-based buffer
overflow in H ...)
+ TODO: check
+CVE-2024-32617 (HDF5 Library through 1.14.3 contains a heap-based buffer
over-read cau ...)
+ TODO: check
+CVE-2024-32616 (HDF5 Library through 1.14.3 contains a heap-based buffer
over-read in ...)
+ TODO: check
+CVE-2024-32615 (HDF5 Library through 1.14.3 contains a heap-based buffer
overflow in H ...)
+ TODO: check
+CVE-2024-32614 (HDF5 Library through 1.14.3 has a SEGV in H5VM_memcpyvv in
H5VM.c.)
+ TODO: check
+CVE-2024-32613 (HDF5 Library through 1.14.3 contains a heap-based buffer
over-read in ...)
+ TODO: check
+CVE-2024-32612 (HDF5 Library through 1.14.3 contains a heap-based buffer
over-read in ...)
+ TODO: check
+CVE-2024-32611 (HDF5 Library through 1.14.3 may use an uninitialized value in
H5A__att ...)
+ TODO: check
+CVE-2024-32610 (HDF5 Library through 1.14.3 has a SEGV in H5T_close_real in
H5T.c, res ...)
+ TODO: check
+CVE-2024-32609 (HDF5 Library through 1.14.3 allows stack consumption in the
function H ...)
+ TODO: check
+CVE-2024-32607 (HDF5 Library through 1.14.3 has a SEGV in H5A__close in
H5Aint.c, resu ...)
+ TODO: check
+CVE-2024-32606 (HDF5 Library through 1.14.3 may attempt to dereference
uninitialized v ...)
+ TODO: check
+CVE-2024-32605 (HDF5 Library through 1.14.3 has a heap-based buffer over-read
in H5VM_ ...)
+ TODO: check
+CVE-2024-31954 (An issue was discovered in the installer in Samsung Portable
SSD for T ...)
+ TODO: check
+CVE-2024-31953 (An issue was discovered in Samsung Magician 8.0.0 on macOS.
Because it ...)
+ TODO: check
+CVE-2024-31952 (An issue was discovered in Samsung Magician 8.0.0 on macOS.
Because sy ...)
+ TODO: check
+CVE-2024-31803 (Buffer Overflow vulnerability in emp-ot v.0.2.4 allows a
remote attack ...)
+ TODO: check
+CVE-2024-2923 (The Magical Addons For Elementor ( Header Footer Builder, Free
Element ...)
+ TODO: check
+CVE-2024-2846 (The Visual Footer Credit Remover plugin for WordPress is
vulnerable to ...)
+ TODO: check
+CVE-2024-2785 (The The Plus Addons for Elementor plugin for WordPress is
vulnerable t ...)
+ TODO: check
+CVE-2024-2290 (The Advanced Ads plugin for WordPress is vulnerable to PHP
Object Inje ...)
+ TODO: check
+CVE-2024-29800 (Deserialization of Untrusted Data vulnerability in Timber Team
& Contr ...)
+ TODO: check
+CVE-2024-29166 (HDF5 through 1.14.3 contains a buffer overflow in
H5O__linfo_decode, r ...)
+ TODO: check
+CVE-2024-29165 (HDF5 through 1.14.3 contains a buffer overflow in
H5Z__filter_fletcher ...)
+ TODO: check
+CVE-2024-29164 (HDF5 through 1.14.3 contains a stack buffer overflow in
H5R__decode_he ...)
+ TODO: check
+CVE-2024-29163 (HDF5 through 1.14.3 contains a heap buffer overflow in
H5T__bit_find, ...)
+ TODO: check
+CVE-2024-29162 (HDF5 through 1.13.3 and/or 1.14.2 contains a stack buffer
overflow in ...)
+ TODO: check
+CVE-2024-29161 (HDF5 through 1.14.3 contains a heap buffer overflow in
H5A__attr_relea ...)
+ TODO: check
+CVE-2024-29160 (HDF5 through 1.14.3 contains a heap buffer overflow in
H5HG__cache_hea ...)
+ TODO: check
+CVE-2024-29159 (HDF5 through 1.14.3 contains a buffer overflow in
H5Z__filter_scaleoff ...)
+ TODO: check
+CVE-2024-29158 (HDF5 through 1.14.3 contains a stack buffer overflow in
H5FL_arr_mallo ...)
+ TODO: check
+CVE-2024-29157 (HDF5 through 1.14.3 contains a heap buffer overflow in
H5HG_read, resu ...)
+ TODO: check
+CVE-2024-28075 (The SolarWinds Access Rights Manager was susceptible to Remote
Code Ex ...)
+ TODO: check
+CVE-2024-24157 (Gnuboard g6 / https://github.com/gnuboard/g6 commit
c2cc1f5069e00491ea ...)
+ TODO: check
+CVE-2024-23473 (The SolarWinds Access Rights Manager was found to contain a
hard-coded ...)
+ TODO: check
+CVE-2024-22910 (Cross Site Scripting (XSS) vulnerability in CrushFTP v.10.6.0
and v.10 ...)
+ TODO: check
+CVE-2024-1693 (The SP Project & Document Manager plugin for WordPress is
vulnerable t ...)
+ TODO: check
+CVE-2024-1467 (The Starter Templates \u2014 Elementor, WordPress & Beaver
Builder Tem ...)
+ TODO: check
+CVE-2024-1230 (The SimpleShop plugin for WordPress is vulnerable to Cross-Site
Reques ...)
+ TODO: check
+CVE-2024-1229 (The SimpleShop plugin for WordPress is vulnerable to
unauthorized disc ...)
+ TODO: check
+CVE-2024-1166 (The Image Hover Effects \u2013 Elementor Addon plugin for
WordPress is ...)
+ TODO: check
+CVE-2024-0445 (The The Plus Addons for Elementor plugin for WordPress is
vulnerable t ...)
+ TODO: check
+CVE-2023-6327 (The ShopLentor (formerly WooLentor) plugin for WordPress is
vulnerable ...)
+ TODO: check
CVE-2024-33655
- unbound 1.20.0-1
NOTE: https://nlnetlabs.nl/downloads/unbound/CVE-2024-33655.txt
@@ -10,7 +380,7 @@ CVE-2024-4693 [virtio-pci: fix use of a released vector]
NOTE: https://gitlab.com/qemu-project/qemu/-/issues/2321
NOTE: Introduced by:
https://gitlab.com/qemu-project/qemu/-/commit/f9a09ca3ea69d108d828b7c82f1bd61b2df6fc96
(v8.0.0-rc0)
NOTE: Fixed by:
https://gitlab.com/qemu-project/qemu/-/commit/fcbb086ae590e910614fe5b8bf76e264f71ef304
(v8.2.3)
-CVE-2024-4317 [Restrict visibility of "pg_stats_ext" and "pg_stats_ext_exprs"
entries to the table owner]
+CVE-2024-4317 (Missing authorization in PostgreSQL built-in views pg_stats_ext
and pg ...)
- postgresql-16 16.3-1
- postgresql-15 <removed>
[bookworm] - postgresql-15 <no-dsa> (Minor issue; can be fixed via
point release)
@@ -253,32 +623,32 @@ CVE-2024-1438 (Missing Authorization vulnerability in
PressFore Rolo Slider.This
NOT-FOR-US: WordPress plugin
CVE-2023-41651 (Missing Authorization vulnerability in Multi-column Tag
Map.This issue ...)
NOT-FOR-US: WordPress plugin
-CVE-2024-27397 [netfilter: nf_tables: use timestamp to check for set element
timeout]
+CVE-2024-27397 (In the Linux kernel, the following vulnerability has been
resolved: n ...)
- linux 6.7.7-1
NOTE:
https://git.kernel.org/linus/7395dfacfff65e9938ac0889dafa1ab01e987d15 (6.8-rc4)
-CVE-2024-27396 [net: gtp: Fix Use-After-Free in gtp_dellink]
+CVE-2024-27396 (In the Linux kernel, the following vulnerability has been
resolved: n ...)
- linux <unfixed>
[bookworm] - linux 6.1.90-1
[bullseye] - linux 5.10.216-1
NOTE:
https://git.kernel.org/linus/f2a904107ee2b647bb7794a1a82b67740d7c8a64 (6.9-rc6)
-CVE-2024-27395 [net: openvswitch: Fix Use-After-Free in ovs_ct_exit]
+CVE-2024-27395 (In the Linux kernel, the following vulnerability has been
resolved: n ...)
- linux <unfixed>
[bookworm] - linux 6.1.90-1
[bullseye] - linux 5.10.216-1
NOTE:
https://git.kernel.org/linus/5ea7b72d4fac2fdbc0425cd8f2ea33abe95235b2 (6.9-rc6)
-CVE-2024-27394 [tcp: Fix Use-After-Free in tcp_ao_connect_init]
+CVE-2024-27394 (In the Linux kernel, the following vulnerability has been
resolved: t ...)
- linux <unfixed>
[bookworm] - linux <not-affected> (Vulnerable code not present)
[bullseye] - linux <not-affected> (Vulnerable code not present)
[buster] - linux <not-affected> (Vulnerable code not present)
NOTE:
https://git.kernel.org/linus/80e679b352c3ce5158f3f778cfb77eb767e586fb (6.9-rc6)
-CVE-2024-27393 [xen-netfront: Add missing skb_mark_for_recycle]
+CVE-2024-27393 (In the Linux kernel, the following vulnerability has been
resolved: x ...)
- linux <unfixed>
[bookworm] - linux 6.1.85-1
[buster] - linux <not-affected> (Vulnerable code not present)
NOTE:
https://git.kernel.org/linus/037965402a010898d34f4e35327d22c0a95cd51f (6.9-rc3)
NOTE: https://www.openwall.com/lists/oss-security/2024/05/08/1
-CVE-2023-52654 [io_uring/af_unix: disable sending io_uring over sockets]
+CVE-2023-52654 (In the Linux kernel, the following vulnerability has been
resolved: i ...)
- linux 6.6.8-1
[bookworm] - linux 6.1.69-1
[bullseye] - linux 5.10.205-1
@@ -463,7 +833,7 @@ CVE-2024-33781 (MP-SPDZ v0.3.8 was discovered to contain a
stack overflow via th
NOT-FOR-US: MP-SPDZ
CVE-2024-33780 (MP-SPDZ v0.3.8 was discovered to contain a segmentation
violation via ...)
NOT-FOR-US: MP-SPDZ
-CVE-2024-33748 (Cross-site scripting (XSS) vulnerability in the search
function in Mvn ...)
+CVE-2024-33748 (Cross-site scripting (XSS) vulnerability in the search
function in Mav ...)
NOT-FOR-US: MvnRepository MS Basic
CVE-2024-33434 (An issue in tiagorlampert CHAOS before
1b451cf62582295b7225caf5a7b506f ...)
NOT-FOR-US: tiagorlampert CHAOS
@@ -25167,6 +25537,7 @@ CVE-2024-1597 (pgjdbc, the PostgreSQL JDBC Driver,
allows attacker to inject SQL
NOTE:
https://github.com/pgjdbc/pgjdbc/commit/b9b3777671c8a5cc580e1985f61337d39d47c730
(REL42.2.28)
NOTE:
https://github.com/pgjdbc/pgjdbc/commit/990d63f6be401ab40de5eb303a75924c9e71903c
(REL42.2.28)
CVE-2024-1580 (An integer overflow in dav1d AV1 decoder that can occur when
decoding ...)
+ {DSA-5686-1}
- dav1d 1.4.0-1 (bug #1064310)
NOTE:
https://code.videolan.org/videolan/dav1d/commit/2b475307dc11be9a1c3cc4358102c76a7f386a51
(1.4.0)
NOTE: https://bugs.chromium.org/p/project-zero/issues/detail?id=2502
@@ -74353,8 +74724,8 @@ CVE-2023-29883
RESERVED
CVE-2023-29882
RESERVED
-CVE-2023-29881
- RESERVED
+CVE-2023-29881 (phpok 6.4.003 is vulnerable to SQL injection in the function
index_f() ...)
+ TODO: check
CVE-2023-29880
RESERVED
CVE-2023-29879
@@ -146709,24 +147080,24 @@ CVE-2022-32511 (jmespath.rb (aka JMESPath for Ruby)
before 1.6.1 uses JSON.load
[bullseye] - ruby-jmespath <no-dsa> (Minor issue)
NOTE: https://github.com/jmespath/jmespath.rb/pull/55
NOTE:
https://github.com/jmespath/jmespath.rb/commit/e8841280053a9d9a0c90f36223f926c8b9e4ec49
(v1.6.1)
-CVE-2022-32510
- RESERVED
-CVE-2022-32509
- RESERVED
-CVE-2022-32508
- RESERVED
-CVE-2022-32507
- RESERVED
-CVE-2022-32506
- RESERVED
-CVE-2022-32505
- RESERVED
-CVE-2022-32504
- RESERVED
-CVE-2022-32503
- RESERVED
-CVE-2022-32502
- RESERVED
+CVE-2022-32510 (An issue was discovered on certain Nuki Home Solutions
devices. The HT ...)
+ TODO: check
+CVE-2022-32509 (An issue was discovered on certain Nuki Home Solutions
devices. Lack o ...)
+ TODO: check
+CVE-2022-32508 (An issue was discovered on certain Nuki Home Solutions
devices. By sen ...)
+ TODO: check
+CVE-2022-32507 (An issue was discovered on certain Nuki Home Solutions
devices. Some B ...)
+ TODO: check
+CVE-2022-32506 (An issue was discovered on certain Nuki Home Solutions
devices. An att ...)
+ TODO: check
+CVE-2022-32505 (An issue was discovered on certain Nuki Home Solutions
devices. It is ...)
+ TODO: check
+CVE-2022-32504 (An issue was discovered on certain Nuki Home Solutions
devices. The co ...)
+ TODO: check
+CVE-2022-32503 (An issue was discovered on certain Nuki Home Solutions
devices. An att ...)
+ TODO: check
+CVE-2022-32502 (An issue was discovered on certain Nuki Home Solutions
devices. There ...)
+ TODO: check
CVE-2022-32501
RESERVED
CVE-2022-32500
View it on GitLab:
https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/459a3e8ff512e749a6c7fb96b6bd194268e20ce1
--
View it on GitLab:
https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/459a3e8ff512e749a6c7fb96b6bd194268e20ce1
You're receiving this email because of your account on salsa.debian.org.
_______________________________________________
debian-security-tracker-commits mailing list
[email protected]
https://alioth-lists.debian.net/cgi-bin/mailman/listinfo/debian-security-tracker-commits
