Salvatore Bonaccorso pushed to branch master at Debian Security Tracker /
security-tracker
Commits:
4f654e3c by security tracker role at 2024-05-31T08:12:02+00:00
automatic update
- - - - -
1 changed file:
- data/CVE/list
Changes:
=====================================
data/CVE/list
=====================================
@@ -1,28 +1,66 @@
-CVE-2024-5499
+CVE-2024-5525 (Improper privilege management vulnerability in Astrotalks
affecting ve ...)
+ TODO: check
+CVE-2024-5524 (Information exposure vulnerability in Astrotalks affecting
version 10/ ...)
+ TODO: check
+CVE-2024-5523 (SQL injection vulnerability in Astrotalks affecting version
10/03/2023 ...)
+ TODO: check
+CVE-2024-5427 (The WPCafe \u2013 Online Food Ordering, Restaurant Menu,
Delivery, and ...)
+ TODO: check
+CVE-2024-5418 (The DethemeKit For Elementor plugin for WordPress is vulnerable
to Sto ...)
+ TODO: check
+CVE-2024-5345 (The Responsive Owl Carousel for Elementor plugin for WordPress
is vuln ...)
+ TODO: check
+CVE-2024-4469 (The WP STAGING WordPress Backup Plugin WordPress plugin before
3.5.0 ...)
+ TODO: check
+CVE-2024-4379 (The Premium Addons for Elementor plugin for WordPress is
vulnerable to ...)
+ TODO: check
+CVE-2024-4376 (The Premium Addons for Elementor plugin for WordPress is
vulnerable to ...)
+ TODO: check
+CVE-2024-4205 (The Premium Addons for Elementor plugin for WordPress is
vulnerable to ...)
+ TODO: check
+CVE-2024-37032 (Ollama before 0.1.34 does not validate the format of the
digest (sha25 ...)
+ TODO: check
+CVE-2024-37018 (The OpenDaylight 0.15.3 controller allows topology poisoning
via API r ...)
+ TODO: check
+CVE-2024-37017 (asdcplib (aka AS-DCP Lib) 2.13.1 has a heap-based buffer
over-read in ...)
+ TODO: check
+CVE-2024-36246 (Missing authorization vulnerability exists in Unifier and
Unifier Cast ...)
+ TODO: check
+CVE-2024-36119 (Statamic is a, Laravel + Git powered CMS designed for building
website ...)
+ TODO: check
+CVE-2024-32850 (Improper neutralization of special elements used in a command
('Comman ...)
+ TODO: check
+CVE-2024-2793 (The Visual Website Collaboration, Feedback & Project Management
\u2013 ...)
+ TODO: check
+CVE-2024-23847 (Incorrect default permissions issue exists in Unifier and
Unifier Cast ...)
+ TODO: check
+CVE-2024-1298 (EDK2 contains a vulnerability when S3 sleep is activated where
an Atta ...)
+ TODO: check
+CVE-2024-5499 (Out of bounds write in Streams API in Google Chrome prior to
125.0.642 ...)
- chromium <unfixed>
[bullseye] - chromium <end-of-life> (see #1061268)
[buster] - chromium <end-of-life> (see DSA 5046)
-CVE-2024-5498
+CVE-2024-5498 (Use after free in Presentation API in Google Chrome prior to
125.0.642 ...)
- chromium <unfixed>
[bullseye] - chromium <end-of-life> (see #1061268)
[buster] - chromium <end-of-life> (see DSA 5046)
-CVE-2024-5497
+CVE-2024-5497 (Out of bounds memory access in Keyboard Inputs in Google Chrome
prior ...)
- chromium <unfixed>
[bullseye] - chromium <end-of-life> (see #1061268)
[buster] - chromium <end-of-life> (see DSA 5046)
-CVE-2024-5496
+CVE-2024-5496 (Use after free in Media Session in Google Chrome prior to
125.0.6422.1 ...)
- chromium <unfixed>
[bullseye] - chromium <end-of-life> (see #1061268)
[buster] - chromium <end-of-life> (see DSA 5046)
-CVE-2024-5495
+CVE-2024-5495 (Use after free in Dawn in Google Chrome prior to 125.0.6422.141
allowe ...)
- chromium <unfixed>
[bullseye] - chromium <end-of-life> (see #1061268)
[buster] - chromium <end-of-life> (see DSA 5046)
-CVE-2024-5494
+CVE-2024-5494 (Use after free in Dawn in Google Chrome prior to 125.0.6422.141
allowe ...)
- chromium <unfixed>
[bullseye] - chromium <end-of-life> (see #1061268)
[buster] - chromium <end-of-life> (see DSA 5046)
-CVE-2024-5493
+CVE-2024-5493 (Heap buffer overflow in WebRTC in Google Chrome prior to
125.0.6422.14 ...)
- chromium <unfixed>
[bullseye] - chromium <end-of-life> (see #1061268)
[buster] - chromium <end-of-life> (see DSA 5046)
@@ -1985,6 +2023,7 @@ CVE-2024-4563 (The Progress MOVEit Automation
configuration export function prio
CVE-2024-4454 (WithSecure Elements Endpoint Protection Link Following Local
Privilege ...)
NOT-FOR-US: WithSecure Elements Endpoint Protection
CVE-2024-4453 (GStreamer EXIF Metadata Parsing Integer Overflow Remote Code
Execution ...)
+ {DLA-3824-1}
- gst-plugins-base1.0 1.24.3-1
- gst-plugins-base0.10 <removed>
NOTE: https://gstreamer.freedesktop.org/security/sa-2024-0002.html
@@ -20572,8 +20611,8 @@ CVE-2024-27908 (A buffer overflow vulnerability was
reported in the HTTPS servic
NOT-FOR-US: Lenovo
CVE-2024-23592 (An authentication bypass vulnerability was reported in Lenovo
devices ...)
NOT-FOR-US: Lenovo
-CVE-2024-21506
- REJECTED
+CVE-2024-21506 (Versions of the package pymongo before 4.6.3 are vulnerable to
Out-of- ...)
+ TODO: check
CVE-2024-1994 (The Image Watermark plugin for WordPress is vulnerable to
unauthorized ...)
NOT-FOR-US: WordPress plugin
CVE-2024-1428 (The Element Pack Elementor Addons (Header Footer, Free Template
Librar ...)
View it on GitLab:
https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/4f654e3c6bc85522ab03e3e00ababa1efec826de
--
This project does not include diff previews in email notifications.
View it on GitLab:
https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/4f654e3c6bc85522ab03e3e00ababa1efec826de
You're receiving this email because of your account on salsa.debian.org.
_______________________________________________
debian-security-tracker-commits mailing list
[email protected]
https://alioth-lists.debian.net/cgi-bin/mailman/listinfo/debian-security-tracker-commits
