Salvatore Bonaccorso pushed to branch master at Debian Security Tracker /
security-tracker
Commits:
112e76f2 by security tracker role at 2024-05-15T20:11:59+00:00
automatic update
- - - - -
1 changed file:
- data/CVE/list
Changes:
=====================================
data/CVE/list
=====================================
@@ -1,3 +1,175 @@
+CVE-2024-4910 (A vulnerability was found in Campcodes Complete Web-Based
School Manag ...)
+ TODO: check
+CVE-2024-4909 (A vulnerability was found in Campcodes Complete Web-Based
School Manag ...)
+ TODO: check
+CVE-2024-4908 (A vulnerability was found in Campcodes Complete Web-Based
School Manag ...)
+ TODO: check
+CVE-2024-4907 (A vulnerability has been found in Campcodes Complete Web-Based
School ...)
+ TODO: check
+CVE-2024-4906 (A vulnerability, which was classified as critical, was found in
Campco ...)
+ TODO: check
+CVE-2024-4905 (A vulnerability classified as critical has been found in
Kashipara Col ...)
+ TODO: check
+CVE-2024-4904 (A vulnerability was found in Byzoro Smart S200 Management
Platform up ...)
+ TODO: check
+CVE-2024-4903 (A vulnerability was found in Tongda OA 2017. It has been
declared as c ...)
+ TODO: check
+CVE-2024-4837 (In Progress Telerik Report Server, version 2024 Q1
(10.0.24.305) or ea ...)
+ TODO: check
+CVE-2024-4702 (The Mega Elements plugin for WordPress is vulnerable to Stored
Cross-S ...)
+ TODO: check
+CVE-2024-4670 (The All-in-One Video Gallery plugin for WordPress is vulnerable
to Loc ...)
+ TODO: check
+CVE-2024-4622 (If misconfigured, alpitronic Hypercharger EV charging devices
can expo ...)
+ TODO: check
+CVE-2024-4357 (An information disclosure vulnerability exists in Progress
Telerik Rep ...)
+ TODO: check
+CVE-2024-4202 (In Progress\xae Telerik\xae Reporting versions prior to 2024 Q2
(18.1. ...)
+ TODO: check
+CVE-2024-4200 (In Progress\xae Telerik\xae Reporting versions prior to 2024 Q2
(18.1. ...)
+ TODO: check
+CVE-2024-4010 (The Email Subscribers by Icegram Express plugin for WordPress
is vulne ...)
+ TODO: check
+CVE-2024-3970 (Server Side Request Forgery vulnerabilityhas been discovered in
OpenTe ...)
+ TODO: check
+CVE-2024-3968 (Remote Code Execution has been discovered in OpenText\u2122
iManager 3 ...)
+ TODO: check
+CVE-2024-3967 (Remote Code Execution has been discovered in OpenText\u2122
iManager 3 ...)
+ TODO: check
+CVE-2024-3892 (A local code execution vulnerability is possible in Telerik UI
for Win ...)
+ TODO: check
+CVE-2024-3488 (File Upload vulnerability in unauthenticated session found in
OpenText ...)
+ TODO: check
+CVE-2024-3487 (Broken Authentication vulnerability discovered in
OpenText\u2122 iMana ...)
+ TODO: check
+CVE-2024-3486 (XML External Entity injection vulnerability foundin
OpenText\u2122 iMa ...)
+ TODO: check
+CVE-2024-3485 (Server Side Request Forgery vulnerabilityhas been discovered in
OpenTe ...)
+ TODO: check
+CVE-2024-3484 (Path Traversal foundin OpenText\u2122 iManager 3.2.6.0200. This
can le ...)
+ TODO: check
+CVE-2024-3483 (Remote Code Execution has been discovered in OpenText\u2122
iManager 3 ...)
+ TODO: check
+CVE-2024-3319 (An issue was identified in the Identity Security Cloud (ISC)
Transform ...)
+ TODO: check
+CVE-2024-3318 (A file path traversal vulnerability was identified in the
DelimitedFil ...)
+ TODO: check
+CVE-2024-3317 (An improper access control was identified in the Identity
Security Clo ...)
+ TODO: check
+CVE-2024-3182 (Install-type password disclosure vulnerability inUniversal
Installer i ...)
+ TODO: check
+CVE-2024-35179 (Stalwart Mail Server is an open-source mail server. Prior to
version 0 ...)
+ TODO: check
+CVE-2024-35102 (Insecure Permissions vulnerability in VITEC AvediaServer
(Model avsrv- ...)
+ TODO: check
+CVE-2024-34955 (Code-projects Budget Management 1.0 is vulnerable to SQL
Injection via ...)
+ TODO: check
+CVE-2024-34954 (Code-projects Budget Management 1.0 is vulnerable to Cross
Site Script ...)
+ TODO: check
+CVE-2024-34913 (An arbitrary file upload vulnerability in r-pan-scaffolding
v5.0 and b ...)
+ TODO: check
+CVE-2024-34909 (An arbitrary file upload vulnerability in KYKMS v1.0.1 and
below allow ...)
+ TODO: check
+CVE-2024-34906 (An arbitrary file upload vulnerability in dootask v0.30.13
allows atta ...)
+ TODO: check
+CVE-2024-34101 (Acrobat Reader versions 20.005.30574, 24.002.20736 and earlier
Answer: ...)
+ TODO: check
+CVE-2024-34100 (Acrobat Reader versions 20.005.30574, 24.002.20736 and earlier
are aff ...)
+ TODO: check
+CVE-2024-34099 (Acrobat Reader versions 20.005.30574, 24.002.20736 and earlier
are aff ...)
+ TODO: check
+CVE-2024-34098 (Acrobat Reader versions 20.005.30574, 24.002.20736 and earlier
are aff ...)
+ TODO: check
+CVE-2024-34097 (Acrobat Reader versions 20.005.30574, 24.002.20736 and earlier
are aff ...)
+ TODO: check
+CVE-2024-34096 (Acrobat Reader versions 20.005.30574, 24.002.20736 and earlier
are aff ...)
+ TODO: check
+CVE-2024-34095 (Acrobat Reader versions 20.005.30574, 24.002.20736 and earlier
are aff ...)
+ TODO: check
+CVE-2024-34094 (Acrobat Reader versions 20.005.30574, 24.002.20736 and earlier
are aff ...)
+ TODO: check
+CVE-2024-34082 (Grav is a file-based Web platform. Prior to version 1.7.46, a
low priv ...)
+ TODO: check
+CVE-2024-34025 (CyberPower PowerPanel business application code contains a
hard-coded ...)
+ TODO: check
+CVE-2024-33625 (CyberPower PowerPanel business application code contains a
hard-coded ...)
+ TODO: check
+CVE-2024-33615 (A specially crafted Zip file containing path traversal
characters can ...)
+ TODO: check
+CVE-2024-32053 (Hard-coded credentials are used by the CyberPower PowerPanel
platfo ...)
+ TODO: check
+CVE-2024-32047 (Hard-coded credentials for the CyberPower PowerPanel test
server can ...)
+ TODO: check
+CVE-2024-32042 (The key used to encrypt passwords stored in the database can
be found ...)
+ TODO: check
+CVE-2024-31856 (An attacker with certain MQTT permissions can create malicious
message ...)
+ TODO: check
+CVE-2024-31410 (The devices which CyberPower PowerPanel manages use identical
certific ...)
+ TODO: check
+CVE-2024-31409 (Certain MQTT wildcards are not blocked on the CyberPower
PowerPanel ...)
+ TODO: check
+CVE-2024-31216 (The source-controller is a Kubernetes operator, specialised in
artifac ...)
+ TODO: check
+CVE-2024-30312 (Acrobat Reader versions 20.005.30574, 24.002.20736 and earlier
Answer: ...)
+ TODO: check
+CVE-2024-30311 (Acrobat Reader versions 20.005.30574, 24.002.20736 and earlier
Answer: ...)
+ TODO: check
+CVE-2024-30310 (Acrobat Reader versions 20.005.30574, 24.002.20736 and earlier
are aff ...)
+ TODO: check
+CVE-2024-30284 (Acrobat Reader versions 20.005.30574, 24.002.20736 and earlier
are aff ...)
+ TODO: check
+CVE-2024-2248 (A Header Injection vulnerability in the JFrog platform in
versions bel ...)
+ TODO: check
+CVE-2024-28087 (In Bonitasoft runtime Community edition, the lack of dynamic
permissio ...)
+ TODO: check
+CVE-2024-28042 (SUBNET Solutions Inc. has identified vulnerabilities in
third-party co ...)
+ TODO: check
+CVE-2024-27593 (A stored cross-site scripting (XSS) vulnerability in the
Filter functi ...)
+ TODO: check
+CVE-2024-27353 (A memory corruption vulnerability in SdHost and SdMmcDevice in
Insyde ...)
+ TODO: check
+CVE-2024-25079 (A memory corruption vulnerability in HddPassword in Insyde
InsydeH2O k ...)
+ TODO: check
+CVE-2024-25078 (A memory corruption vulnerability in StorageSecurityCommandDxe
in Insy ...)
+ TODO: check
+CVE-2024-20394 (A vulnerability in Cisco AppDynamics Network Visibility Agent
could al ...)
+ TODO: check
+CVE-2024-20392 (A vulnerability in the web-based management API of Cisco
AsyncOS Softw ...)
+ TODO: check
+CVE-2024-20391 (A vulnerability in the Network Access Manager (NAM) module of
Cisco Se ...)
+ TODO: check
+CVE-2024-20383 (A vulnerability in the Cisco Crosswork NSO CLI and the ConfD
CLI could ...)
+ TODO: check
+CVE-2024-20369 (A vulnerability in the web-based management interface of Cisco
Crosswo ...)
+ TODO: check
+CVE-2024-20366 (A vulnerability in the Tail-f High Availability Cluster
Communications ...)
+ TODO: check
+CVE-2024-20258 (A vulnerability in the web-based management interface of Cisco
AsyncOS ...)
+ TODO: check
+CVE-2024-20257 (A vulnerability in the web-based management interface of Cisco
AsyncOS ...)
+ TODO: check
+CVE-2024-20256 (A vulnerability in the web-based management interface of Cisco
AsyncOS ...)
+ TODO: check
+CVE-2023-7258 (A denial of service exists in Gvisor Sandbox where a bug in
reference ...)
+ TODO: check
+CVE-2023-6324 (ThroughTek Kalay SDK uses a predictable PSK value in the DTLS
session ...)
+ TODO: check
+CVE-2023-6323 (ThroughTek Kalay SDK does not verify the authenticity of
received mess ...)
+ TODO: check
+CVE-2023-6322 (A stack-based buffer overflow vulnerability exists in the
message pars ...)
+ TODO: check
+CVE-2023-6321 (A command injection vulnerability exists in the IOCTL that
manages OTA ...)
+ TODO: check
+CVE-2023-5938 (Multiple functions use archives without properly validating the
filena ...)
+ TODO: check
+CVE-2023-5937 (On Windows systems, the Arc configuration files resulted to be
world-r ...)
+ TODO: check
+CVE-2023-5936 (On Unix systems (Linux, MacOS), Arc uses a temporary file with
unsafe ...)
+ TODO: check
+CVE-2023-5935 (When configuring Arc (e.g. during the first setup), a local web
interf ...)
+ TODO: check
+CVE-2023-40297 (Stakater Forecastle 1.0.139 and before allows %5C../ directory
travers ...)
+ TODO: check
CVE-2024-4894 (ITPison OMICARD EDM fails to properly filter specific URL
parameter, ...)
NOT-FOR-US: ITPison OMICARD EDM
CVE-2024-4893 (DigiWin EasyFlow .NET lacks validation for certain input
parameters, a ...)
@@ -109,6 +281,7 @@ CVE-2024-0437 (The Password Protected \u2013 Ultimate
Plugin to Password Protect
CVE-2023-33327 (Improper Privilege Management vulnerability in Teplitsa of
social tech ...)
TODO: check
CVE-2024-3044 (Unchecked script execution in Graphic on-click binding in
affected Lib ...)
+ {DSA-5690-1}
- libreoffice 4:24.2.3~rc1-2
NOTE:
https://www.libreoffice.org/about-us/security/advisories/cve-2024-3044/
CVE-2024-4871 (A vulnerability was found in Satellite. When running a remote
executio ...)
@@ -527,6 +700,7 @@ CVE-2024-4778 (Memory safety bugs present in Firefox 125.
Some of these bugs sho
- firefox 126.0-1
NOTE:
https://www.mozilla.org/en-US/security/advisories/mfsa2024-21/#CVE-2024-4778
CVE-2024-4777 (Memory safety bugs present in Firefox 125, Firefox ESR 115.10,
and Thu ...)
+ {DSA-5691-1}
- firefox 126.0-1
- firefox-esr 115.11.0esr-1
- thunderbird 1:115.11.0-1
@@ -552,6 +726,7 @@ CVE-2024-4771 (A memory allocation check was missing which
would lead to a use-a
- firefox 126.0-1
NOTE:
https://www.mozilla.org/en-US/security/advisories/mfsa2024-21/#CVE-2024-4771
CVE-2024-4770 (When saving a page to PDF, certain font styles could have led
to a pot ...)
+ {DSA-5691-1}
- firefox 126.0-1
- firefox-esr 115.11.0esr-1
- thunderbird 1:115.11.0-1
@@ -559,6 +734,7 @@ CVE-2024-4770 (When saving a page to PDF, certain font
styles could have led to
NOTE:
https://www.mozilla.org/en-US/security/advisories/mfsa2024-22/#CVE-2024-4770
NOTE:
https://www.mozilla.org/en-US/security/advisories/mfsa2024-23/#CVE-2024-4769
CVE-2024-4769 (When importing resources using Web Workers, error messages
would disti ...)
+ {DSA-5691-1}
- firefox 126.0-1
- firefox-esr 115.11.0esr-1
- thunderbird 1:115.11.0-1
@@ -566,6 +742,7 @@ CVE-2024-4769 (When importing resources using Web Workers,
error messages would
NOTE:
https://www.mozilla.org/en-US/security/advisories/mfsa2024-22/#CVE-2024-4769
NOTE:
https://www.mozilla.org/en-US/security/advisories/mfsa2024-23/#CVE-2024-4769
CVE-2024-4768 (A bug in popup notifications' interaction with WebAuthn made it
easier ...)
+ {DSA-5691-1}
- firefox 126.0-1
- firefox-esr 115.11.0esr-1
- thunderbird 1:115.11.0-1
@@ -573,6 +750,7 @@ CVE-2024-4768 (A bug in popup notifications' interaction
with WebAuthn made it e
NOTE:
https://www.mozilla.org/en-US/security/advisories/mfsa2024-22/#CVE-2024-4768
NOTE:
https://www.mozilla.org/en-US/security/advisories/mfsa2024-23/#CVE-2024-4768
CVE-2024-4767 (If the `browser.privatebrowsing.autostart` preference is
enabled, Inde ...)
+ {DSA-5691-1}
- firefox 126.0-1
- firefox-esr 115.11.0esr-1
- thunderbird 1:115.11.0-1
@@ -586,6 +764,7 @@ CVE-2024-4765 (Web application manifests were stored by
using an insecure MD5 ha
- firefox <not-affected> (Android-specific)
NOTE:
https://www.mozilla.org/en-US/security/advisories/mfsa2024-21/#CVE-2024-4765
CVE-2024-4367 (A type check was missing when handling fonts in PDF.js, which
would al ...)
+ {DSA-5691-1}
- firefox 126.0-1
- firefox-esr 115.11.0esr-1
- thunderbird 1:115.11.0-1
@@ -724,6 +903,7 @@ CVE-2024-0870 (The YITH WooCommerce Gift Cards plugin for
WordPress is vulnerabl
CVE-2023-6812 (The WP Compress \u2013 Image Optimizer [All-In-One plugin for
WordPres ...)
NOT-FOR-US: WordPress plugin
CVE-2024-4761 (Out of bounds write in V8 in Google Chrome prior to
124.0.6367.207 all ...)
+ {DSA-5689-1}
- chromium 124.0.6367.207-1
[bullseye] - chromium <end-of-life> (see #1061268)
[buster] - chromium <end-of-life> (see DSA 5046)
@@ -1858,21 +2038,25 @@ CVE-2023-6682 (An issue has been discovered in GitLab
CE/EE affecting all versio
CVE-2023-5971 (The Save as PDF Plugin by Pdfcrowd WordPress plugin before
3.2.0 does ...)
NOT-FOR-US: WordPress plugin
CVE-2024-29510
+ {DSA-5692-1}
- ghostscript <unfixed>
NOTE: https://ghostscript.readthedocs.io/en/gs10.03.1/News.html
NOTE:
https://cgit.ghostscript.com/cgi-bin/cgit.cgi/ghostpdl.git/commit/?id=3b1735085ecef20b29e8db3416ab36de93e86d1f
(ghostpdl-10.03.1)
NOTE: https://bugs.ghostscript.com/show_bug.cgi?id=707662
CVE-2024-33871
+ {DSA-5692-1}
- ghostscript <unfixed>
NOTE: https://ghostscript.readthedocs.io/en/gs10.03.1/News.html
NOTE:
https://cgit.ghostscript.com/cgi-bin/cgit.cgi/ghostpdl.git/commit/?id=7145885041bb52cc23964f0aa2aec1b1c82b5908
(ghostpdl-10.03.1)
NOTE: https://bugs.ghostscript.com/show_bug.cgi?id=707754
CVE-2024-33870
+ {DSA-5692-1}
- ghostscript <unfixed>
NOTE: https://ghostscript.readthedocs.io/en/gs10.03.1/News.html
NOTE:
https://cgit.ghostscript.com/cgi-bin/cgit.cgi/ghostpdl.git/commit/?id=79aef19c685984dc3da2dc090450407d9fbcff80
(ghostpdl-10.03.1)
NOTE: https://bugs.ghostscript.com/show_bug.cgi?id=707686
CVE-2024-33869
+ {DSA-5692-1}
- ghostscript <unfixed>
NOTE: https://ghostscript.readthedocs.io/en/gs10.03.1/News.html
NOTE:
https://cgit.ghostscript.com/cgi-bin/cgit.cgi/ghostpdl.git/commit/?id=5ae2e320d69a7d0973011796bd388cd5befa1a43
(ghostpdl-10.03.1)
@@ -6563,6 +6747,7 @@ CVE-2024-33851 (phpecc, as used in paragonie/phpecc
before 2.0.1, has a branch-b
CVE-2024-25050 (IBM i 7.2, 7.3, 7.4, 7.5 and IBM Rational Development Studio
for i 7.2 ...)
NOT-FOR-US: IBM
CVE-2023-52722 (An issue was discovered in Artifex Ghostscript through
10.01.0. psi/zm ...)
+ {DSA-5692-1}
- ghostscript 10.02.0~dfsg-1
NOTE:
https://cgit.ghostscript.com/cgi-bin/cgit.cgi/ghostpdl.git/commit/?id=afd7188f74918cb51b5fb89f52b54eb16e8acfd1
(ghostpdl-10.03.0rc1)
NOTE:
https://cgit.ghostscript.com/cgi-bin/cgit.cgi/ghostpdl.git/commit/?id=1ff9a695947967d2d327c45bf5145dd381fc1745
(ghostpdl-10.02.0)
@@ -12740,7 +12925,7 @@ CVE-2024-0083 (NVIDIA ChatRTX for Windows contains a
vulnerability in the UI, wh
NOT-FOR-US: NVIDIA ChatRTX
CVE-2024-0082 (NVIDIA ChatRTX for Windows contains a vulnerability in the UI,
where a ...)
NOT-FOR-US: NVIDIA ChatRTX
-CVE-2024-25743
+CVE-2024-25743 (In the Linux kernel through 6.7.2, an untrusted hypervisor can
inject ...)
- linux <unfixed>
NOTE:
https://www.amd.com/en/resources/product-security/bulletin/amd-sb-3008.html
CVE-2024-25742
@@ -44700,7 +44885,7 @@ CVE-2023-6038 (A Local File Inclusion (LFI)
vulnerability exists in the h2o-3 RE
NOT-FOR-US: H2O (h2ai) (not the same as src:h2o)
CVE-2023-6023 (An attacker can read any file on the filesystem on the server
hosting ...)
NOT-FOR-US: ModelDB
-CVE-2023-6022 (An attacker is able to steal secrets and potentially gain
remote code ...)
+CVE-2023-6022 (Cross-Site Request Forgery (CSRF) in GitHub repository
prefecthq/prefe ...)
NOT-FOR-US: Prefect
CVE-2023-6021 (LFI in Ray's log API endpoint allows attackers to read any file
on the ...)
NOT-FOR-US: Ray's log API endpoint
@@ -94111,7 +94296,7 @@ CVE-2023-24165 (Tenda AC18 V15.03.05.19 is vulnerable
to Buffer Overflow via /go
NOT-FOR-US: Tenda
CVE-2023-24164 (Tenda AC18 V15.03.05.19 is vulnerable to Buffer Overflow via
/goform/F ...)
NOT-FOR-US: Tenda
-CVE-2023-24163 (SQL Inection vulnerability in Dromara hutool v5.8.11 allows
attacker t ...)
+CVE-2023-24163 (SQL Inection vulnerability in Dromara hutool before 5.8.21
allows atta ...)
NOT-FOR-US: Dromara hutool
CVE-2023-24162 (Deserialization vulnerability in Dromara Hutool v5.8.11 allows
attacke ...)
NOT-FOR-US: Dromara hutool
@@ -277154,7 +277339,8 @@ CVE-2020-23066
NOTE: Duplicate CVE of CVE-2020-17480
CVE-2020-23065 (Cross Site Scripting vulnerabiltiy in eZ Systems AS eZPublish
Platform ...)
NOT-FOR-US: eZ Systems AS eZPublish
-CVE-2020-23064 (Cross Site Scripting vulnerability in jQuery 2.2.0 through 3.x
before ...)
+CVE-2020-23064
+ REJECTED
- jquery <removed>
[buster] - jquery <ignored> (Fix possibly breaks existing applications)
NOTE: https://snyk.io/vuln/SNYK-JS-JQUERY-565129
View it on GitLab:
https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/112e76f234097ac1c79ea519aab122754064d4d3
--
View it on GitLab:
https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/112e76f234097ac1c79ea519aab122754064d4d3
You're receiving this email because of your account on salsa.debian.org.
_______________________________________________
debian-security-tracker-commits mailing list
[email protected]
https://alioth-lists.debian.net/cgi-bin/mailman/listinfo/debian-security-tracker-commits
