Salvatore Bonaccorso pushed to branch master at Debian Security Tracker /
security-tracker
Commits:
e6ed021b by security tracker role at 2024-06-05T20:11:59+00:00
automatic update
- - - - -
1 changed file:
- data/CVE/list
Changes:
=====================================
data/CVE/list
=====================================
@@ -1,3 +1,115 @@
+CVE-2024-5629 (An out-of-bounds read in the 'bson' module of PyMongo 4.6.2 or
earlier ...)
+ TODO: check
+CVE-2024-5571 (The EmbedPress \u2013 Embed PDF, Google Docs, Vimeo, Wistia,
Embed You ...)
+ TODO: check
+CVE-2024-5536 (The GamiPress \u2013 Link plugin for WordPress is vulnerable to
Stored ...)
+ TODO: check
+CVE-2024-5526 (Grafana OnCall is an easy-to-use on-call management tool that
will hel ...)
+ TODO: check
+CVE-2024-5459 (The Restaurant Menu and Food Ordering plugin for WordPress is
vulnerab ...)
+ TODO: check
+CVE-2024-5184 (The EmailGPT service contains a prompt injection
vulnerability.The ser ...)
+ TODO: check
+CVE-2024-5037 (A flaw was found in OpenShift's Telemeter. If certain
conditions are i ...)
+ TODO: check
+CVE-2024-4821 (The WP Shortcodes Plugin \u2014 Shortcodes Ultimate plugin for
WordPre ...)
+ TODO: check
+CVE-2024-4812 (A flaw was found in the Katello plugin for Foreman, where it is
possib ...)
+ TODO: check
+CVE-2024-4743 (The LifterLMS \u2013 WordPress LMS Plugin for eLearning plugin
for Wor ...)
+ TODO: check
+CVE-2024-4009 (Replay Attack in ABB, Busch-Jaeger, FTS Display (version 1.00)
and BC ...)
+ TODO: check
+CVE-2024-4008 (FDSK Leak in ABB, Busch-Jaeger, FTS Display (version 1.00) and
BCU (ve ...)
+ TODO: check
+CVE-2024-4001 (The Download Manager plugin for WordPress is vulnerable to
Stored Cros ...)
+ TODO: check
+CVE-2024-3716 (A flaw was found in foreman-installer when puppet-candlepin is
invoked ...)
+ TODO: check
+CVE-2024-3469 (The GP Premium plugin for WordPress is vulnerable to Reflected
Cross-S ...)
+ TODO: check
+CVE-2024-36837 (SQL Injection vulnerability in CRMEB v.5.2.2 allows a remote
attacker ...)
+ TODO: check
+CVE-2024-36670 (idccms v1.35 was discovered to contain a Cross-Site Request
Forgery (C ...)
+ TODO: check
+CVE-2024-36669 (idccms v1.35 was discovered to contain a Cross-Site Request
Forgery (C ...)
+ TODO: check
+CVE-2024-36668 (idccms v1.35 was discovered to contain a Cross-Site Request
Forgery (C ...)
+ TODO: check
+CVE-2024-36667 (idccms v1.35 was discovered to contain a Cross-Site Request
Forgery (C ...)
+ TODO: check
+CVE-2024-36129 (The OpenTelemetry Collector offers a vendor-agnostic
implementation on ...)
+ TODO: check
+CVE-2024-35674 (Missing Authorization vulnerability in Unlimited Elements
Unlimited El ...)
+ TODO: check
+CVE-2024-35673 (Cross-Site Request Forgery (CSRF) vulnerability in Pure Chat
by Ruby P ...)
+ TODO: check
+CVE-2024-31631
+ REJECTED
+CVE-2024-31630
+ REJECTED
+CVE-2024-31629
+ REJECTED
+CVE-2024-31628
+ REJECTED
+CVE-2024-31627
+ REJECTED
+CVE-2024-31626
+ REJECTED
+CVE-2024-31625
+ REJECTED
+CVE-2024-31624
+ REJECTED
+CVE-2024-31623
+ REJECTED
+CVE-2024-31622
+ REJECTED
+CVE-2024-28818 (An issue was discovered in Samsung Mobile Processor, Wearable
Processo ...)
+ TODO: check
+CVE-2024-27382 (An issue was discovered in Samsung Mobile Processor Exynos
980, Exynos ...)
+ TODO: check
+CVE-2024-27381 (An issue was discovered in Samsung Mobile Processor Exynos
980, Exynos ...)
+ TODO: check
+CVE-2024-27380 (An issue was discovered in Samsung Mobile Processor Exynos
980, Exynos ...)
+ TODO: check
+CVE-2024-27379 (An issue was discovered in Samsung Mobile Processor Exynos
980, Exynos ...)
+ TODO: check
+CVE-2024-27378 (An issue was discovered in Samsung Mobile Processor Exynos
980, Exynos ...)
+ TODO: check
+CVE-2024-27377 (An issue was discovered in Samsung Mobile Processor Exynos
980, Exynos ...)
+ TODO: check
+CVE-2024-27376 (An issue was discovered in Samsung Mobile Processor Exynos
980, Exynos ...)
+ TODO: check
+CVE-2024-27375 (An issue was discovered in Samsung Mobile Processor Exynos
980, Exynos ...)
+ TODO: check
+CVE-2024-27374 (An issue was discovered in Samsung Mobile Processor Exynos
980, Exynos ...)
+ TODO: check
+CVE-2024-27373 (An issue was discovered in Samsung Mobile Processor Exynos
980, Exynos ...)
+ TODO: check
+CVE-2024-27372 (An issue was discovered in Samsung Mobile Processor Exynos
980, Exynos ...)
+ TODO: check
+CVE-2024-27371 (An issue was discovered in Samsung Mobile Processor Exynos
980, Exynos ...)
+ TODO: check
+CVE-2024-27370 (An issue was discovered in Samsung Mobile Processor Exynos
980, Exynos ...)
+ TODO: check
+CVE-2024-20405 (A vulnerability in the web-based management interface of Cisco
Finesse ...)
+ TODO: check
+CVE-2024-20404 (A vulnerability in the web-based management interface of Cisco
Finesse ...)
+ TODO: check
+CVE-2024-1662 (Exposure of Sensitive Information to an Unauthorized Actor
vulnerabili ...)
+ TODO: check
+CVE-2024-1272 (Inclusion of Sensitive Information in Source Code vulnerability
in TNB ...)
+ TODO: check
+CVE-2023-6734
+ REJECTED
+CVE-2023-50804 (An issue was discovered in Samsung Mobile Processor,
Automotive Proces ...)
+ TODO: check
+CVE-2023-50803 (An issue was discovered in Samsung Mobile Processor,
Automotive Proces ...)
+ TODO: check
+CVE-2023-49928 (An issue was discovered in Samsung Mobile Processor,
Automotive Proces ...)
+ TODO: check
+CVE-2023-49927 (An issue was discovered in Samsung Mobile Processor,
Automotive Proces ...)
+ TODO: check
CVE-2024-5636 (A vulnerability was found in itsourcecode Bakery Online
Ordering Syste ...)
NOT-FOR-US: Bakery Online Ordering System
CVE-2024-5635 (A vulnerability was found in itsourcecode Bakery Online
Ordering Syste ...)
@@ -407,7 +519,7 @@ CVE-2024-5387
REJECTED
CVE-2024-5214
REJECTED
-CVE-2024-5171
+CVE-2024-5171 (Integer overflow in libaom internal functionimg_alloc_helper
can lead ...)
- aom 3.8.2-3
NOTE: https://issues.chromium.org/issues/332382766
NOTE:
https://aomedia.googlesource.com/aom/+/19d9966572a410804349e1a8ee2017fed49a6dab
@@ -820,7 +932,7 @@ CVE-2024-22058 (A buffer overflow allows a low privilege
user on the local machi
NOT-FOR-US: Ivanti
CVE-2024-1980
REJECTED
-CVE-2024-1275 (Use of Default Cryptographic Key vulnerability in Baxter Welch
Ally Co ...)
+CVE-2024-1275 (Use of Default Cryptographic Key vulnerability in Baxter Welch
Allyn C ...)
NOT-FOR-US: Baxter Welch Ally Connex Spot Monitor
CVE-2023-7073 (The Auto Featured Image (Auto Post Thumbnail) plugin for
WordPress is ...)
NOT-FOR-US: WordPress plugin
@@ -884,7 +996,7 @@ CVE-2024-5498 (Use after free in Presentation API in Google
Chrome prior to 125.
- chromium 125.0.6422.141-1
[bullseye] - chromium <end-of-life> (see #1061268)
[buster] - chromium <end-of-life> (see DSA 5046)
-CVE-2024-5497 (Out of bounds memory access in Keyboard Inputs in Google Chrome
prior ...)
+CVE-2024-5497 (Out of bounds memory access in Browser UI in Google Chrome
prior to 12 ...)
{DSA-5701-1}
- chromium 125.0.6422.141-1
[bullseye] - chromium <end-of-life> (see #1061268)
@@ -10275,7 +10387,7 @@ CVE-2023-52654 (In the Linux kernel, the following
vulnerability has been resolv
[bullseye] - linux 5.10.205-1
[buster] - linux <not-affected> (Vulnerable code not present)
NOTE:
https://git.kernel.org/linus/705318a99a138c29a512a72c3e0043b3cd7f55f4 (6.7-rc5)
-CVE-2024-24790
+CVE-2024-24790 (The various Is methods (IsPrivate, IsLoopback, etc) did not
work as ex ...)
- golang-1.22 1.22.4-1
- golang-1.21 1.21.11-1
- golang-1.19 <removed>
@@ -10283,7 +10395,7 @@ CVE-2024-24790
- golang-1.11 <removed>
NOTE: https://groups.google.com/g/golang-announce/c/XbxouI9gY7k
NOTE: https://github.com/golang/go/issues/67680
-CVE-2024-24789
+CVE-2024-24789 (The archive/zip package's handling of certain types of invalid
zip fil ...)
- golang-1.22 1.22.4-1
- golang-1.21 1.21.11-1
- golang-1.19 <removed>
@@ -10440,7 +10552,7 @@ CVE-2024-4345 (The Startklar Elementor Addons plugin
for WordPress is vulnerable
NOT-FOR-US: WordPress plugin
CVE-2024-34523 (AChecker 1.5 allows remote attackers to read the contents of
arbitrary ...)
NOT-FOR-US: AChecker
-CVE-2024-34517 (The Cypher component in Neo4j before 5.19.0 mishandles
IMMUTABLE privi ...)
+CVE-2024-34517 (The Cypher component in Neo4j between v.5.0.0 and v.5.19.0
mishandles ...)
NOT-FOR-US: Neo4j Cypher
CVE-2024-34342 (react-pdf displays PDFs in React apps. If PDF.js is used to
load a mal ...)
NOT-FOR-US: react-pdf
@@ -13415,6 +13527,7 @@ CVE-2024-0334 (The Jeg Elementor Kit plugin for
WordPress is vulnerable to Store
CVE-2023-7241 (Privilege Escalationin WRSA.EXE in Webroot Antivirus 8.0.1X-
9.0.35.12 ...)
NOT-FOR-US: Webroot Antivirus
CVE-2023-49606 (A use-after-free vulnerability exists in the HTTP Connection
Headers p ...)
+ {DSA-5705-1}
- tinyproxy 1.11.1-4 (bug #1070395)
[buster] - tinyproxy <postponed> (Not exploitable easily for RCE; but
fix with next update)
NOTE:
https://talosintelligence.com/vulnerability_reports/TALOS-2023-1889
@@ -23554,7 +23667,7 @@ CVE-2023-51571 (Voltronic Power ViewPower Pro
SocketService Missing Authenticati
CVE-2023-51570 (Voltronic Power ViewPower Pro Deserialization of Untrusted
Data Remote ...)
NOT-FOR-US: Voltronic Power ViewPower Pro
CVE-2024-28219 (In _imagingcms.c in Pillow before 10.3.0, a buffer overflow
exists bec ...)
- {DLA-3786-1}
+ {DSA-5704-1 DLA-3786-1}
- pillow 10.3.0-1
NOTE:
https://pillow.readthedocs.io/en/stable/releasenotes/10.3.0.html#security
NOTE:
https://github.com/python-pillow/Pillow/commit/2a93aba5cfcf6e241ab4f9392c13e3b74032c061
(10.3.0)
@@ -41202,7 +41315,7 @@ CVE-2023-50694 (An issue in dom96 HTTPbeast v.0.4.1 and
before allows a remote a
CVE-2023-50693 (An issue in Jester v.0.6.0 and before allows a remote attacker
to send ...)
NOT-FOR-US: dom96 Jester
CVE-2023-50447 (Pillow through 10.1.0 allows PIL.ImageMath.eval Arbitrary Code
Executi ...)
- {DLA-3724-1}
+ {DSA-5704-1 DLA-3724-1}
- pillow 10.2.0-1 (bug #1061172)
NOTE: https://duartecsantos.github.io/2023-01-02-CVE-2023-50447/
NOTE:
https://pillow.readthedocs.io/en/stable/releasenotes/10.2.0.html#imagemath-eval-restricted-environment-keys
@@ -55360,7 +55473,7 @@ CVE-2023-46352 (In the module "Pixel Plus: Events +
CAPI + Pixel Catalog for Fac
CVE-2023-46176 (IBM MQ Appliance 9.3 CD could allow a local attacker to gain
elevated ...)
NOT-FOR-US: IBM
CVE-2023-44271 (An issue was discovered in Pillow before 10.0.0. It is a
Denial of Ser ...)
- {DLA-3768-1}
+ {DSA-5704-1 DLA-3768-1}
- pillow 10.0.0-1
NOTE: https://github.com/python-pillow/Pillow/pull/7244
NOTE:
https://github.com/python-pillow/Pillow/commit/1fe1bb49c452b0318cad12ea9d97c3bef188e9a7
(10.0.0)
View it on GitLab:
https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/e6ed021ba25e449b72993ede49b475c024aa8f20
--
This project does not include diff previews in email notifications.
View it on GitLab:
https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/e6ed021ba25e449b72993ede49b475c024aa8f20
You're receiving this email because of your account on salsa.debian.org.
_______________________________________________
debian-security-tracker-commits mailing list
[email protected]
https://alioth-lists.debian.net/cgi-bin/mailman/listinfo/debian-security-tracker-commits
