Salvatore Bonaccorso pushed to branch master at Debian Security Tracker /
security-tracker
Commits:
389956b0 by security tracker role at 2024-05-31T20:12:01+00:00
automatic update
- - - - -
1 changed file:
- data/CVE/list
Changes:
=====================================
data/CVE/list
=====================================
@@ -1,3 +1,105 @@
+CVE-2024-5565 (The Vanna library uses a prompt function to present the user
with visu ...)
+ TODO: check
+CVE-2024-5564 (A vulnerability was found in libndp. This flaw allows a local
maliciou ...)
+ TODO: check
+CVE-2024-5538
+ REJECTED
+CVE-2024-5484
+ REJECTED
+CVE-2024-5436 (Type confusion in Snapchat LensCore could lead to denial of
service or ...)
+ TODO: check
+CVE-2024-5347 (The Happy Addons for Elementor plugin for WordPress is
vulnerable to S ...)
+ TODO: check
+CVE-2024-5176 (Insufficiently Protected Credentials vulnerability in Baxter
Welch All ...)
+ TODO: check
+CVE-2024-5144
+ REJECTED
+CVE-2024-5041 (The Happy Addons for Elementor plugin for WordPress is
vulnerable to S ...)
+ TODO: check
+CVE-2024-4160 (The Download Manager plugin for WordPress is vulnerable to
Stored Cros ...)
+ TODO: check
+CVE-2024-36845 (An invalid pointer in the modbus_receive() function of
libmodbus v3.1. ...)
+ TODO: check
+CVE-2024-36844 (libmodbus v3.1.6 was discovered to contain a use-after-free
via the ct ...)
+ TODO: check
+CVE-2024-36843 (libmodbus v3.1.6 was discovered to contain a heap overflow via
the mod ...)
+ TODO: check
+CVE-2024-36120 (javascript-deobfuscator removes common JavaScript obfuscation
techniqu ...)
+ TODO: check
+CVE-2024-36108 (casgate is an Open Source Identity and Access Management
system. In af ...)
+ TODO: check
+CVE-2024-35196 (Sentry is a developer-first error tracking and performance
monitoring ...)
+ TODO: check
+CVE-2024-35142 (IBM Security Verify Access Docker 10.0.0 through 10.0.6 could
allow a ...)
+ TODO: check
+CVE-2024-35140 (IBM Security Verify Access Docker 10.0.0 through 10.0.6 could
allow a ...)
+ TODO: check
+CVE-2024-34000 (ID numbers displayed in the lesson overview report required
additional ...)
+ TODO: check
+CVE-2024-33999 (The referrer URL used by MFA required additional sanitizing,
rather th ...)
+ TODO: check
+CVE-2024-33998 (Insufficient escaping of participants' names in the
participants page ...)
+ TODO: check
+CVE-2024-33997 (Additional sanitizing was required when opening the equation
editor to ...)
+ TODO: check
+CVE-2024-33996 (Incorrect validation of allowed event types in a calendar web
service ...)
+ TODO: check
+CVE-2024-31908 (IBM Planning Analytics Local 2.0 and 2.1 is vulnerable to
stored cross ...)
+ TODO: check
+CVE-2024-31907 (IBM Planning Analytics Local 2.0 and 2.1 is vulnerable to
cross-site s ...)
+ TODO: check
+CVE-2024-31889 (IBM Planning Analytics Local 2.0 and 2.1 is vulnerable to
cross-site s ...)
+ TODO: check
+CVE-2024-31030 (An issue in coap_msg.c in Keith Cullen's FreeCoAP v.0.7 allows
remote ...)
+ TODO: check
+CVE-2024-29848 (An unrestricted file upload vulnerability in web component of
Ivanti A ...)
+ TODO: check
+CVE-2024-29846 (An unspecified SQL Injection vulnerability in Core server of
Ivanti EP ...)
+ TODO: check
+CVE-2024-29830 (An unspecified SQL Injection vulnerability in Core server of
Ivanti EP ...)
+ TODO: check
+CVE-2024-29829 (An unspecified SQL Injection vulnerability in Core server of
Ivanti EP ...)
+ TODO: check
+CVE-2024-29828 (An unspecified SQL Injection vulnerability in Core server of
Ivanti EP ...)
+ TODO: check
+CVE-2024-29827 (An unspecified SQL Injection vulnerability in Core server of
Ivanti EP ...)
+ TODO: check
+CVE-2024-29826 (An unspecified SQL Injection vulnerability in Core server of
Ivanti EP ...)
+ TODO: check
+CVE-2024-29825 (An unspecified SQL Injection vulnerability in Core server of
Ivanti EP ...)
+ TODO: check
+CVE-2024-29824 (An unspecified SQL Injection vulnerability in Core server of
Ivanti EP ...)
+ TODO: check
+CVE-2024-29823 (An unspecified SQL Injection vulnerability in Core server of
Ivanti EP ...)
+ TODO: check
+CVE-2024-29822 (An unspecified SQL Injection vulnerability in Core server of
Ivanti EP ...)
+ TODO: check
+CVE-2024-28736 (An issue in Debezium Community debezium-ui v.2.5 allows a
local attack ...)
+ TODO: check
+CVE-2024-23692 (Rejetto HTTP File Server, up to and including version 2.3m, is
vulnera ...)
+ TODO: check
+CVE-2024-23316 (HTTP request desynchronization in Ping Identity PingAccess,
all versio ...)
+ TODO: check
+CVE-2024-22338 (IBM Security Verify Access OIDC Provider 22.09 through 23.03
could dis ...)
+ TODO: check
+CVE-2024-22060 (An unrestricted file upload vulnerability in web component of
Ivanti N ...)
+ TODO: check
+CVE-2024-22059 (A SQL injection vulnerability in web component of Ivanti
Neurons for I ...)
+ TODO: check
+CVE-2024-22058 (A buffer overflow allows a low privilege user on the local
machine tha ...)
+ TODO: check
+CVE-2024-1980
+ REJECTED
+CVE-2024-1275 (Use of Default Cryptographic Key vulnerability in Baxter Welch
Ally Co ...)
+ TODO: check
+CVE-2023-7073 (The Auto Featured Image (Auto Post Thumbnail) plugin for
WordPress is ...)
+ TODO: check
+CVE-2023-46810 (A local privilege escalation vulnerability in Ivanti Secure
Access Cli ...)
+ TODO: check
+CVE-2023-38551 (A CRLF Injection vulnerability in Ivanti Connect Secure (9.x,
22.x) al ...)
+ TODO: check
+CVE-2023-38042 (A local privilege escalation vulnerability in Ivanti Secure
Access Cli ...)
+ TODO: check
CVE-2024-5525 (Improper privilege management vulnerability in Astrotalks
affecting ve ...)
NOT-FOR-US: Astrotalks
CVE-2024-5524 (Information exposure vulnerability in Astrotalks affecting
version 10/ ...)
@@ -37,30 +139,37 @@ CVE-2024-23847 (Incorrect default permissions issue exists
in Unifier and Unifie
CVE-2024-1298 (EDK2 contains a vulnerability when S3 sleep is activated where
an Atta ...)
TODO: check
CVE-2024-5499 (Out of bounds write in Streams API in Google Chrome prior to
125.0.642 ...)
+ {DSA-5701-1}
- chromium 125.0.6422.141-1
[bullseye] - chromium <end-of-life> (see #1061268)
[buster] - chromium <end-of-life> (see DSA 5046)
CVE-2024-5498 (Use after free in Presentation API in Google Chrome prior to
125.0.642 ...)
+ {DSA-5701-1}
- chromium 125.0.6422.141-1
[bullseye] - chromium <end-of-life> (see #1061268)
[buster] - chromium <end-of-life> (see DSA 5046)
CVE-2024-5497 (Out of bounds memory access in Keyboard Inputs in Google Chrome
prior ...)
+ {DSA-5701-1}
- chromium 125.0.6422.141-1
[bullseye] - chromium <end-of-life> (see #1061268)
[buster] - chromium <end-of-life> (see DSA 5046)
CVE-2024-5496 (Use after free in Media Session in Google Chrome prior to
125.0.6422.1 ...)
+ {DSA-5701-1}
- chromium 125.0.6422.141-1
[bullseye] - chromium <end-of-life> (see #1061268)
[buster] - chromium <end-of-life> (see DSA 5046)
CVE-2024-5495 (Use after free in Dawn in Google Chrome prior to 125.0.6422.141
allowe ...)
+ {DSA-5701-1}
- chromium 125.0.6422.141-1
[bullseye] - chromium <end-of-life> (see #1061268)
[buster] - chromium <end-of-life> (see DSA 5046)
CVE-2024-5494 (Use after free in Dawn in Google Chrome prior to 125.0.6422.141
allowe ...)
+ {DSA-5701-1}
- chromium 125.0.6422.141-1
[bullseye] - chromium <end-of-life> (see #1061268)
[buster] - chromium <end-of-life> (see DSA 5046)
CVE-2024-5493 (Heap buffer overflow in WebRTC in Google Chrome prior to
125.0.6422.14 ...)
+ {DSA-5701-1}
- chromium 125.0.6422.141-1
[bullseye] - chromium <end-of-life> (see #1061268)
[buster] - chromium <end-of-life> (see DSA 5046)
@@ -616,7 +725,7 @@ CVE-2024-4358 (In Progress Telerik Report Server, version
2024 Q1 (10.0.24.305)
NOT-FOR-US: Progress Telerik Report Server
CVE-2024-3412 (The WP STAGING WordPress Backup Plugin \u2013 Migration Backup
Restore ...)
NOT-FOR-US: WordPress plugin
-CVE-2024-36470 (In JetBrains TeamCity before 2022.04.6, 2022.10.5, 2023.05.5,
2023.11. ...)
+CVE-2024-36470 (In JetBrains TeamCity before 2022.04.7, 2022.10.6, 2023.05.6,
2023.11. ...)
NOT-FOR-US: JetBrains TeamCity
CVE-2024-36427 (The file-serving function in TARGIT Decision Suite 23.2.15007
allows a ...)
NOT-FOR-US: TARGIT Decision Suite
@@ -632,27 +741,27 @@ CVE-2024-36374 (In JetBrains TeamCity before 2024.03.2
stored XSS via build step
NOT-FOR-US: JetBrains TeamCity
CVE-2024-36373 (In JetBrains TeamCity before 2024.03.2 several stored XSS in
untrusted ...)
NOT-FOR-US: JetBrains TeamCity
-CVE-2024-36372 (In JetBrains TeamCity before 2023.05.5 reflected XSS on the
subscripti ...)
+CVE-2024-36372 (In JetBrains TeamCity before 2023.05.6 reflected XSS on the
subscripti ...)
NOT-FOR-US: JetBrains TeamCity
-CVE-2024-36371 (In JetBrains TeamCity before 2023.05.5, 2023.11.5 stored XSS
in Commit ...)
+CVE-2024-36371 (In JetBrains TeamCity before 2023.05.6, 2023.11.5 stored XSS
in Commit ...)
NOT-FOR-US: JetBrains TeamCity
-CVE-2024-36370 (In JetBrains TeamCity before 2022.04.6, 2022.10.5, 2023.05.5,
2023.11. ...)
+CVE-2024-36370 (In JetBrains TeamCity before 2022.04.7, 2022.10.6, 2023.05.6,
2023.11. ...)
NOT-FOR-US: JetBrains TeamCity
-CVE-2024-36369 (In JetBrains TeamCity before 2022.04.6, 2022.10.5, 2023.05.5,
2023.11. ...)
+CVE-2024-36369 (In JetBrains TeamCity before 2022.04.7, 2022.10.6, 2023.05.6,
2023.11. ...)
NOT-FOR-US: JetBrains TeamCity
-CVE-2024-36368 (In JetBrains TeamCity before 2022.04.6, 2022.10.5, 2023.05.5,
2023.11. ...)
+CVE-2024-36368 (In JetBrains TeamCity before 2022.04.7, 2022.10.6, 2023.05.6,
2023.11. ...)
NOT-FOR-US: JetBrains TeamCity
-CVE-2024-36367 (In JetBrains TeamCity before 2022.04.6, 2022.10.5, 2023.05.5,
2023.11. ...)
+CVE-2024-36367 (In JetBrains TeamCity before 2022.04.7, 2022.10.6, 2023.05.6,
2023.11. ...)
NOT-FOR-US: JetBrains TeamCity
-CVE-2024-36366 (In JetBrains TeamCity before 2022.04.6, 2022.10.5, 2023.05.5,
2023.11. ...)
+CVE-2024-36366 (In JetBrains TeamCity before 2022.04.7, 2022.10.6, 2023.05.6,
2023.11. ...)
NOT-FOR-US: JetBrains TeamCity
-CVE-2024-36365 (In JetBrains TeamCity before 2022.04.6, 2022.10.5, 2023.05.5,
2023.11. ...)
+CVE-2024-36365 (In JetBrains TeamCity before 2022.04.7, 2022.10.6, 2023.05.6,
2023.11. ...)
NOT-FOR-US: JetBrains TeamCity
-CVE-2024-36364 (In JetBrains TeamCity before 2022.04.6, 2022.10.5, 2023.05.5,
2023.11. ...)
+CVE-2024-36364 (In JetBrains TeamCity before 2022.04.7, 2022.10.6, 2023.05.6,
2023.11. ...)
NOT-FOR-US: JetBrains TeamCity
-CVE-2024-36363 (In JetBrains TeamCity before 2022.04.6, 2022.10.5, 2023.05.5,
2023.11. ...)
+CVE-2024-36363 (In JetBrains TeamCity before 2022.04.7, 2022.10.6, 2023.05.6,
2023.11. ...)
NOT-FOR-US: JetBrains TeamCity
-CVE-2024-36362 (In JetBrains TeamCity before 2022.04.6, 2022.10.5, 2023.05.5,
2023.11. ...)
+CVE-2024-36362 (In JetBrains TeamCity before 2022.04.7, 2022.10.6, 2023.05.6,
2023.11. ...)
NOT-FOR-US: JetBrains TeamCity
CVE-2024-36016 (In the Linux kernel, the following vulnerability has been
resolved: t ...)
- linux 6.8.12-1
@@ -178235,10 +178344,10 @@ CVE-2022-25040
RESERVED
CVE-2022-25039
RESERVED
-CVE-2022-25038
- RESERVED
-CVE-2022-25037
- RESERVED
+CVE-2022-25038 (wanEditor v4.7.11 was discovered to contain a cross-site
scripting (XS ...)
+ TODO: check
+CVE-2022-25037 (An issue in wanEditor v4.7.11 and fixed in v.4.7.12 and v.5
was discov ...)
+ TODO: check
CVE-2022-25036
RESERVED
CVE-2022-25035
@@ -194100,8 +194209,8 @@ CVE-2022-21824 (Due to the formatting logic of the
"console.table()" function it
[stretch] - nodejs <end-of-life> (Nodejs in stretch not covered by
security support)
NOTE:
https://nodejs.org/en/blog/vulnerability/jan-2022-security-releases/#prototype-pollution-via-console-table-properties-low-cve-2022-21824
NOTE:
https://github.com/nodejs/node/commit/be69403528da99bf3df9e1dc47186f18ba59cb5e
(v12.x)
-CVE-2021-44534
- RESERVED
+CVE-2021-44534 (Insufficient user input filtering leads to arbitrary file read
by non- ...)
+ TODO: check
CVE-2021-44533 (Node.js < 12.22.9, < 14.18.3, < 16.13.2, and < 17.3.1 did not
handle m ...)
{DSA-5170-1}
- nodejs 12.22.9~dfsg-1 (bug #1004177)
View it on GitLab:
https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/389956b0e403c2cc6e00a52218d73a3bfdbbf301
--
This project does not include diff previews in email notifications.
View it on GitLab:
https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/389956b0e403c2cc6e00a52218d73a3bfdbbf301
You're receiving this email because of your account on salsa.debian.org.
_______________________________________________
debian-security-tracker-commits mailing list
[email protected]
https://alioth-lists.debian.net/cgi-bin/mailman/listinfo/debian-security-tracker-commits
