[Git][security-tracker-team/security-tracker][master] automatic update

[Salvatore Bonaccorso (@carnil)]

Salvatore Bonaccorso pushed to branch master at Debian Security Tracker / 
security-tracker


Commits:
def2256a by security tracker role at 2024-05-23T20:11:54+00:00
automatic update

- - - - -


1 changed file:

- data/CVE/list


Changes:

=====================================
data/CVE/list
=====================================
@@ -1,3 +1,113 @@
+CVE-2024-5264 (Network Transfer with AES KHT in Thales Luna EFT 2.1 and above 
allows  ...)
+       TODO: check
+CVE-2024-5258 (An authorization vulnerability exists within GitLab from 
versions 16.1 ...)
+       TODO: check
+CVE-2024-5202 (Arbitrary File Readin OpenText Dimensions RM 
allowsauthenticated users ...)
+       TODO: check
+CVE-2024-5201 (Privilege Escalationin OpenText Dimensions RM allows an 
authenticated  ...)
+       TODO: check
+CVE-2024-5168 (Improper access control vulnerability in Prodys' Quantum Audio 
codec a ...)
+       TODO: check
+CVE-2024-5165 (In Eclipse Ditto versions 3.0.0 to 3.5.5, the user input of 
several in ...)
+       TODO: check
+CVE-2024-5143 (A user with device administrative privileges can change 
existing SMTP  ...)
+       TODO: check
+CVE-2024-5085 (The Hash Form \u2013 Drag & Drop Form Builder plugin for 
WordPress is  ...)
+       TODO: check
+CVE-2024-5084 (The Hash Form \u2013 Drag & Drop Form Builder plugin for 
WordPress is  ...)
+       TODO: check
+CVE-2024-4779 (The Unlimited Elements For Elementor (Free Widgets, Addons, 
Templates) ...)
+       TODO: check
+CVE-2024-4575 (The LayerSlider plugin for WordPress is vulnerable to Stored 
Cross-Sit ...)
+       TODO: check
+CVE-2024-4471 (The 140+ Widgets | Best Addons For Elementor \u2013 FREE for 
WordPress ...)
+       TODO: check
+CVE-2024-4378 (The Premium Addons for Elementor plugin for WordPress is 
vulnerable to ...)
+       TODO: check
+CVE-2024-4365 (The Advanced iFrame plugin for WordPress is vulnerable to 
Stored Cross ...)
+       TODO: check
+CVE-2024-3997 (The Prime Slider \u2013 Addons For Elementor (Revolution of a 
slider,  ...)
+       TODO: check
+CVE-2024-35570 (An arbitrary file upload vulnerability in the component 
\controller\Im ...)
+       TODO: check
+CVE-2024-35375 (There is an arbitrary file upload vulnerability on the media 
add .php  ...)
+       TODO: check
+CVE-2024-35224 (OpenProject is the leading open source project management 
software. Op ...)
+       TODO: check
+CVE-2024-35223 (Dapr is a portable, event-driven, runtime for building 
distributed app ...)
+       TODO: check
+CVE-2024-35222 (Tauri is a framework for building binaries for all major 
desktop platf ...)
+       TODO: check
+CVE-2024-35197 (gitoxide is a pure Rust implementation of Git. On Windows, 
fetching re ...)
+       TODO: check
+CVE-2024-35186 (gitoxide is a pure Rust implementation of Git. During 
checkout, `gix-w ...)
+       TODO: check
+CVE-2024-35091 (J2EEFAST v2.7.0 was discovered to contain a SQL injection 
vulnerabilit ...)
+       TODO: check
+CVE-2024-35090 (J2EEFAST v2.7.0 was discovered to contain a SQL injection 
vulnerabilit ...)
+       TODO: check
+CVE-2024-35086 (J2EEFAST v2.7.0 was discovered to contain a SQL injection 
vulnerabilit ...)
+       TODO: check
+CVE-2024-35085 (J2EEFAST v2.7.0 was discovered to contain a SQL injection 
vulnerabilit ...)
+       TODO: check
+CVE-2024-35084 (J2EEFAST v2.7.0 was discovered to contain a SQL injection 
vulnerabilit ...)
+       TODO: check
+CVE-2024-35083 (J2EEFAST v2.7.0 was discovered to contain a SQL injection 
vulnerabilit ...)
+       TODO: check
+CVE-2024-35082 (J2EEFAST v2.7.0 was discovered to contain a SQL injection 
vulnerabilit ...)
+       TODO: check
+CVE-2024-35081 (LuckyFrameWeb v3.5.2 was discovered to contain an arbitrary 
file delet ...)
+       TODO: check
+CVE-2024-35080 (An arbitrary file upload vulnerability in the gok4 method of 
inxedu v2 ...)
+       TODO: check
+CVE-2024-35079 (An arbitrary file upload vulnerability in the uploadAudio 
method of in ...)
+       TODO: check
+CVE-2024-34936 (A SQL injection vulnerability in /view/event1.php in Campcodes 
Complet ...)
+       TODO: check
+CVE-2024-34935 (A SQL injection vulnerability in 
/view/conversation_history_admin.php  ...)
+       TODO: check
+CVE-2024-34934 (A SQL injection vulnerability in 
/view/emarks_range_grade_update_form. ...)
+       TODO: check
+CVE-2024-34933 (A SQL injection vulnerability in /model/update_grade.php in 
Campcodes  ...)
+       TODO: check
+CVE-2024-34932 (A SQL injection vulnerability in /model/update_exam.php in 
Campcodes C ...)
+       TODO: check
+CVE-2024-34931 (A SQL injection vulnerability in /model/update_subject.php in 
Campcode ...)
+       TODO: check
+CVE-2024-34930 (A SQL injection vulnerability in /model/all_events1.php in 
Campcodes C ...)
+       TODO: check
+CVE-2024-34929 (A SQL injection vulnerability in /view/find_friends.php in 
Campcodes C ...)
+       TODO: check
+CVE-2024-34928 (A SQL injection vulnerability in 
/model/update_subject_routing.php in  ...)
+       TODO: check
+CVE-2024-34927 (A SQL injection vulnerability in /model/update_classroom.php 
in Campco ...)
+       TODO: check
+CVE-2024-34060 (IrisEVTXModule is an interface module for Evtx2Splunk and Iris 
in orde ...)
+       TODO: check
+CVE-2024-32969 (vantage6 is an open-source infrastructure for privacy 
preserving analy ...)
+       TODO: check
+CVE-2024-31843 (An issue was discovered in Italtel Embrace 1.6.4. The Web 
application  ...)
+       TODO: check
+CVE-2024-30280 (Acrobat Reader versions 20.005.30574, 24.002.20736 and earlier 
are aff ...)
+       TODO: check
+CVE-2024-30279 (Acrobat Reader versions 20.005.30574, 24.002.20736 and earlier 
are aff ...)
+       TODO: check
+CVE-2024-2861 (The ProfilePress plugin for WordPress is vulnerable to Stored 
Cross-Si ...)
+       TODO: check
+CVE-2024-2301 (Certain HP LaserJet Pro devices are potentially vulnerable to a 
Cross- ...)
+       TODO: check
+CVE-2024-28188 (Jupyter Scheduler is collection of extensions for programming 
jobs to  ...)
+       TODO: check
+CVE-2024-26139 (OpenCTI is an open source platform allowing organizations to 
manage th ...)
+       TODO: check
+CVE-2024-1815 (The Spectra \u2013 WordPress Gutenberg Blocks plugin for 
WordPress is  ...)
+       TODO: check
+CVE-2024-1814 (The Spectra \u2013 WordPress Gutenberg Blocks plugin for 
WordPress is  ...)
+       TODO: check
+CVE-2024-1803 (The EmbedPress \u2013 Embed PDF, Google Docs, Vimeo, Wistia, 
Embed You ...)
+       TODO: check
+CVE-2023-4859
+       REJECTED
 CVE-2024-5241 (A vulnerability was found in Huashi Private Cloud CDN Live 
Streaming A ...)
        NOT-FOR-US: Huashi Private Cloud CDN Live Streaming Acceleration Server
 CVE-2024-5240 (A vulnerability was found in Campcodes Complete Web-Based 
School Manag ...)
@@ -106,13 +216,13 @@ CVE-2024-36011 (In the Linux kernel, the following 
vulnerability has been resolv
        [bullseye] - linux <not-affected> (Vulnerable code not present)
        [buster] - linux <not-affected> (Vulnerable code not present)
        NOTE: 
https://git.kernel.org/linus/d2706004a1b8b526592e823d7e52551b518a7941 (6.9)
-CVE-2024-1947
+CVE-2024-1947 (A denial of service (DoS) condition was discovered in GitLab 
CE/EE aff ...)
        - gitlab <unfixed>
        NOTE: 
https://about.gitlab.com/releases/2024/05/22/patch-release-gitlab-17-0-1-released/
-CVE-2023-6502
+CVE-2023-6502 (A Denial of Service (DoS) condition has been discovered in 
GitLab CE/E ...)
        - gitlab <unfixed>
        NOTE: 
https://about.gitlab.com/releases/2024/05/22/patch-release-gitlab-17-0-1-released/
-CVE-2023-7045
+CVE-2023-7045 (A CSRF vulnerability exists within GitLab CE/EE from versions 
13.11 be ...)
        - gitlab <unfixed>
        NOTE: 
https://about.gitlab.com/releases/2024/05/22/patch-release-gitlab-17-0-1-released/
 CVE-2024-2874 (An issue has been discovered in GitLab CE/EE affecting all 
versions be ...)
@@ -217893,7 +218003,7 @@ CVE-2021-36089 (Grok 7.6.6 through 9.2.0 has a 
heap-based buffer overflow in grk
        - libgrokj2k 9.5.0-1 (bug #990525)
        NOTE: https://bugs.chromium.org/p/oss-fuzz/issues/detail?id=33544
        NOTE: 
https://github.com/google/oss-fuzz-vulns/blob/main/vulns/grok/OSV-2021-677.yaml
-CVE-2021-36088 (Fluent Bit (aka fluent-bit) 1.7.0 through 1.7,4 has a double 
free in f ...)
+CVE-2021-36088 (Fluent Bit (aka fluent-bit) 1.7.0 through 1.7.4 has a double 
free in f ...)
        NOT-FOR-US: Fluent Bit
 CVE-2021-36087 (The CIL compiler in SELinux 3.2 has a heap-based buffer 
over-read in e ...)
        - libsepol 3.3-1 (bug #990526)



View it on GitLab: 
https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/def2256a3afd41349964b0e3e9a294e7de657e83

-- 
This project does not include diff previews in email notifications.
View it on GitLab: 
https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/def2256a3afd41349964b0e3e9a294e7de657e83
You're receiving this email because of your account on salsa.debian.org.



_______________________________________________
debian-security-tracker-commits mailing list
debian-security-tracker-commits@alioth-lists.debian.net
https://alioth-lists.debian.net/cgi-bin/mailman/listinfo/debian-security-tracker-commits