Salvatore Bonaccorso pushed to branch master at Debian Security Tracker /
security-tracker
Commits:
df97ab30 by security tracker role at 2024-06-12T20:12:26+00:00
automatic update
- - - - -
1 changed file:
- data/CVE/list
Changes:
=====================================
data/CVE/list
=====================================
@@ -1,3 +1,169 @@
+CVE-2024-5909 (A problem with a protection mechanism in the Palo Alto Networks
Cortex ...)
+ TODO: check
+CVE-2024-5908 (A problem with the Palo Alto Networks GlobalProtect app can
result in ...)
+ TODO: check
+CVE-2024-5907 (A privilege escalation (PE) vulnerability in the Palo Alto
Networks Co ...)
+ TODO: check
+CVE-2024-5906 (A cross-site scripting (XSS) vulnerability in Palo Alto
Networks Prism ...)
+ TODO: check
+CVE-2024-5905 (A problem with a protection mechanism in the Palo Alto Networks
Cortex ...)
+ TODO: check
+CVE-2024-5898 (A vulnerability was found in itsourcecode Payroll Management
System 1. ...)
+ TODO: check
+CVE-2024-5897 (A vulnerability has been found in SourceCodester Employee and
Visitor ...)
+ TODO: check
+CVE-2024-5896 (A vulnerability, which was classified as critical, was found in
Source ...)
+ TODO: check
+CVE-2024-5895 (A vulnerability, which was classified as critical, has been
found in S ...)
+ TODO: check
+CVE-2024-5894 (A vulnerability classified as critical was found in
SourceCodester Onl ...)
+ TODO: check
+CVE-2024-5893 (A vulnerability classified as critical has been found in
SourceCodeste ...)
+ TODO: check
+CVE-2024-5891 (A vulnerability was found in Quay. If an attacker can obtain
the clien ...)
+ TODO: check
+CVE-2024-5798 (Vault and Vault Enterprise did not properly validate the JSON
Web Toke ...)
+ TODO: check
+CVE-2024-5759 (An improper privilege management vulnerability exists in
Tenable Secur ...)
+ TODO: check
+CVE-2024-5674 (The Newsletter - API v1 and v2 addon plugin for WordPress is
vulnerabl ...)
+ TODO: check
+CVE-2024-5560 (CWE-125: Out-of-bounds Read vulnerability exists that could
cause deni ...)
+ TODO: check
+CVE-2024-5559 (CWE-327: Use of a Broken or Risky Cryptographic Algorithm
vulnerabilit ...)
+ TODO: check
+CVE-2024-5558 (CWE-367: Time-of-check Time-of-use (TOCTOU) Race Condition
vulnerabili ...)
+ TODO: check
+CVE-2024-5557 (CWE-532: Insertion of Sensitive Information into Log File
vulnerabilit ...)
+ TODO: check
+CVE-2024-5468 (The WordPress Header Builder Plugin \u2013 Pearl plugin for
WordPress ...)
+ TODO: check
+CVE-2024-5313 (CWE-668: Exposure of the Resource Wrong Sphere vulnerability
exists th ...)
+ TODO: check
+CVE-2024-5266 (The Download Manager Pro plugin for WordPress is vulnerable to
Stored ...)
+ TODO: check
+CVE-2024-5211 (A path traversal vulnerability in mintplex-labs/anything-llm
allowed a ...)
+ TODO: check
+CVE-2024-5056 (CWE-552: Files or Directories Accessible to External Parties
vulnerabi ...)
+ TODO: check
+CVE-2024-4898 (The InstaWP Connect \u2013 1-click WP Staging & Migration
plugin for W ...)
+ TODO: check
+CVE-2024-4845 (The Icegram Express plugin for WordPress is vulnerable to SQL
Injectio ...)
+ TODO: check
+CVE-2024-3492 (The Events Manager \u2013 Calendar, Bookings, Tickets, and
more! plugi ...)
+ TODO: check
+CVE-2024-37878 (Cross Site Scripting vulnerability in TWCMS v.2.0.3 allows a
remote at ...)
+ TODO: check
+CVE-2024-37629 (SummerNote 0.8.18 is vulnerable to Cross Site Scripting (XSS)
via the ...)
+ TODO: check
+CVE-2024-37304 (NuGet Gallery is a package repository that powers nuget.org.
The NuGet ...)
+ TODO: check
+CVE-2024-37300 (OAuthenticator is software that allows OAuth2 identity
providers to be ...)
+ TODO: check
+CVE-2024-37297 (WooCommerce is an open-source e-commerce platform built on
WordPress. ...)
+ TODO: check
+CVE-2024-37040 (CWE-120: Buffer Copy without Checking Size of Input
(\u2018Classic Buf ...)
+ TODO: check
+CVE-2024-37039 (CWE-252: Unchecked Return Value vulnerability exists that
could cause ...)
+ TODO: check
+CVE-2024-37038 (CWE-276: Incorrect Default Permissions vulnerability exists
that could ...)
+ TODO: check
+CVE-2024-37037 (CWE-22: Improper Limitation of a Pathname to a Restricted
Directory (\ ...)
+ TODO: check
+CVE-2024-37036 (CWE-787: Out-of-bounds Write vulnerability exists that could
result in ...)
+ TODO: check
+CVE-2024-36840 (SQL Injection vulnerability in Boelter Blue System Management
v.1.3 al ...)
+ TODO: check
+CVE-2024-36761 (naga v0.14.0 was discovered to contain a stack overflow via
the compon ...)
+ TODO: check
+CVE-2024-36699 (GNU Debugger v8.2 to v14.2 was discovered to contain a buffer
overflow ...)
+ TODO: check
+CVE-2024-36691 (Insecure permissions in the AdminController.AjaxSave() method
of PPGo_ ...)
+ TODO: check
+CVE-2024-36265 (** UNSUPPORTED WHEN ASSIGNED ** Incorrect Authorization
vulnerability ...)
+ TODO: check
+CVE-2024-36264 (** UNSUPPORTED WHEN ASSIGNED ** Improper Authentication
vulnerability ...)
+ TODO: check
+CVE-2024-36263 (** UNSUPPORTED WHEN ASSIGNED ** Improper Neutralization of
Special Ele ...)
+ TODO: check
+CVE-2024-34065 (Strapi is an open-source content management system. By
combining two v ...)
+ TODO: check
+CVE-2024-31881 (IBM Db2 for Linux, UNIX and Windows (includes Db2 Connect
Server) 10.5 ...)
+ TODO: check
+CVE-2024-31217 (Strapi is an open-source content management system. Prior to
version 4 ...)
+ TODO: check
+CVE-2024-2747 (CWE-428: Unquoted search path or element vulnerability exists
in Easer ...)
+ TODO: check
+CVE-2024-2300 (HP Advance Mobile Applications for iOS and Android are
potentially vul ...)
+ TODO: check
+CVE-2024-2230
+ REJECTED
+CVE-2024-2092 (The Elementor Addon Elements plugin for WordPress is vulnerable
to Sto ...)
+ TODO: check
+CVE-2024-29181 (Strapi is an open-source content management system. Prior to
version 4 ...)
+ TODO: check
+CVE-2024-28964 (Dell Common Event Enabler, version 8.9.10.0 and prior, contain
an inse ...)
+ TODO: check
+CVE-2024-28762 (IBM Db2 for Linux, UNIX and Windows (includes DB2 Connect
Server) 10.5 ...)
+ TODO: check
+CVE-2024-25949 (Dell OS10 Networking Switches, versions10.5.6.x, 10.5.5.x,
10.5.4.x an ...)
+ TODO: check
+CVE-2024-24051 (Improper input validation of printing files in Monoprice
Select Mini V ...)
+ TODO: check
+CVE-2024-22855 (A cross-site scripting (XSS) vulnerability in the User
Maintenance sec ...)
+ TODO: check
+CVE-2024-1891 (A stored cross site scripting vulnerability exists in Tenable
Security ...)
+ TODO: check
+CVE-2024-1766 (The Download Manager plugin for WordPress is vulnerable to
Stored Cros ...)
+ TODO: check
+CVE-2024-1659 (Arbitrary File Upload vulnerability in MegaBIP software allows
attacke ...)
+ TODO: check
+CVE-2024-1577 (Remote Code Execution vulnerability in MegaBIP software allows
to exec ...)
+ TODO: check
+CVE-2024-1576 (SQL Injection vulnerability in MegaBIP software allows attacker
to obt ...)
+ TODO: check
+CVE-2024-0865 (CWE-798: Use of hard-coded credentials vulnerability exists
that could ...)
+ TODO: check
+CVE-2023-52177 (Missing Authorization vulnerability in SoftLab Integrate
Google Drive. ...)
+ TODO: check
+CVE-2023-52117 (Missing Authorization vulnerability in Metagauss
ProfileGrid.This issu ...)
+ TODO: check
+CVE-2023-51680 (Missing Authorization vulnerability in TechnoVama Quotes for
WooCommer ...)
+ TODO: check
+CVE-2023-51679 (Missing Authorization vulnerability in BulkGate BulkGate SMS
Plugin fo ...)
+ TODO: check
+CVE-2023-51671 (Missing Authorization vulnerability in FunnelKit FunnelKit
Checkout.Th ...)
+ TODO: check
+CVE-2023-51670 (Missing Authorization vulnerability in FunnelKit FunnelKit
Checkout.Th ...)
+ TODO: check
+CVE-2023-51537 (Missing Authorization vulnerability in Awesome Support Team
Awesome Su ...)
+ TODO: check
+CVE-2023-51526 (Missing Authorization vulnerability in Brett Shumaker Simple
Staff Lis ...)
+ TODO: check
+CVE-2023-51524 (Missing Authorization vulnerability in weForms.This issue
affects weFo ...)
+ TODO: check
+CVE-2023-51413 (Missing Authorization vulnerability in Piotnet Forms.This
issue affect ...)
+ TODO: check
+CVE-2023-49559 (An issue in vektah gqlparser open-source-library v.2.5.10
allows a rem ...)
+ TODO: check
+CVE-2023-48280 (Missing Authorization vulnerability in Consensu.IO
Consensu.Io.This is ...)
+ TODO: check
+CVE-2023-47845 (Cross-Site Request Forgery (CSRF) vulnerability in Lim Kai
Yang Grab & ...)
+ TODO: check
+CVE-2023-47828 (Missing Authorization vulnerability in Mandrill
wpMandrill.This issue ...)
+ TODO: check
+CVE-2023-44234 (Missing Authorization vulnerability in Bastianon Massimo WP
GPX Map.Th ...)
+ TODO: check
+CVE-2023-41240 (Missing Authorization vulnerability in Vark Pricing Deals for
WooComme ...)
+ TODO: check
+CVE-2023-40672 (Missing Authorization vulnerability in Hardik Chavada Sticky
Social Me ...)
+ TODO: check
+CVE-2023-40603 (Missing Authorization vulnerability in Gangesh Matta Simple
Org Chart. ...)
+ TODO: check
+CVE-2023-40209 (Missing Authorization vulnerability in Himalaya Saxena
Highcompress Im ...)
+ TODO: check
+CVE-2023-38395 (Missing Authorization vulnerability in Afzal Multani WP Clone
Menu.Thi ...)
+ TODO: check
CVE-2024-5892 (The Divi Torque Lite \u2013 Divi Theme and Extra Theme plugin
for Word ...)
NOT-FOR-US: WordPress plugin
CVE-2024-5873
@@ -18,7 +184,7 @@ CVE-2024-5777
REJECTED
CVE-2024-5776
REJECTED
-CVE-2024-5739 (The in-app browser of LINE iOS versions below 14.9.0 contains a
Univer ...)
+CVE-2024-5739 (The in-app browser of LINE client for iOS versions below 14.9.0
contai ...)
NOT-FOR-US: LINE iOS
CVE-2024-5646 (The Futurio Extra plugin for WordPress is vulnerable to Stored
Cross-S ...)
NOT-FOR-US: WordPress plugin
@@ -438,12 +604,14 @@ CVE-2023-38533 (A vulnerability has been identified in
TIA Administrator (All ve
CVE-2023-33922 (Missing Authorization vulnerability in Elementor Elementor
Website Bui ...)
NOT-FOR-US: WordPress plugin
CVE-2024-5702 (Memory corruption in the networking stack could have led to a
potentia ...)
+ {DSA-5709-1}
- firefox-esr 115.12.0esr-1
NOTE:
https://www.mozilla.org/en-US/security/advisories/mfsa2024-26/#CVE-2024-5702
CVE-2024-5701 (Memory safety bugs present in Firefox 126. Some of these bugs
showed e ...)
- firefox 127.0-1
NOTE:
https://www.mozilla.org/en-US/security/advisories/mfsa2024-25/#CVE-2024-5701
CVE-2024-5700 (Memory safety bugs present in Firefox 126, Firefox ESR 115.11,
and Thu ...)
+ {DSA-5709-1}
- firefox 127.0-1
- firefox-esr 115.12.0esr-1
NOTE:
https://www.mozilla.org/en-US/security/advisories/mfsa2024-25/#CVE-2024-5700
@@ -458,6 +626,7 @@ CVE-2024-5697 (A website was able to detect when a user
took a screenshot of a p
- firefox 127.0-1
NOTE:
https://www.mozilla.org/en-US/security/advisories/mfsa2024-25/#CVE-2024-5697
CVE-2024-5696 (By manipulating the text in an `<input>` tag, an attacker
could ...)
+ {DSA-5709-1}
- firefox 127.0-1
- firefox-esr 115.12.0esr-1
NOTE:
https://www.mozilla.org/en-US/security/advisories/mfsa2024-25/#CVE-2024-5696
@@ -469,6 +638,7 @@ CVE-2024-5694 (An attacker could have caused a
use-after-free in the JavaScript
- firefox 127.0-1
NOTE:
https://www.mozilla.org/en-US/security/advisories/mfsa2024-25/#CVE-2024-5694
CVE-2024-5693 (Offscreen Canvas did not properly track cross-origin tainting,
which c ...)
+ {DSA-5709-1}
- firefox 127.0-1
- firefox-esr 115.12.0esr-1
NOTE:
https://www.mozilla.org/en-US/security/advisories/mfsa2024-25/#CVE-2024-5693
@@ -479,11 +649,13 @@ CVE-2024-5692 (On Windows, when using the 'Save As'
functionality, an attacker c
NOTE:
https://www.mozilla.org/en-US/security/advisories/mfsa2024-25/#CVE-2024-5692
NOTE:
https://www.mozilla.org/en-US/security/advisories/mfsa2024-26/#CVE-2024-5692
CVE-2024-5691 (By tricking the browser with a `X-Frame-Options` header, a
sandboxed i ...)
+ {DSA-5709-1}
- firefox 127.0-1
- firefox-esr 115.12.0esr-1
NOTE:
https://www.mozilla.org/en-US/security/advisories/mfsa2024-25/#CVE-2024-5691
NOTE:
https://www.mozilla.org/en-US/security/advisories/mfsa2024-26/#CVE-2024-5691
CVE-2024-5690 (By monitoring the time certain operations take, an attacker
could have ...)
+ {DSA-5709-1}
- firefox 127.0-1
- firefox-esr 115.12.0esr-1
NOTE:
https://www.mozilla.org/en-US/security/advisories/mfsa2024-25/#CVE-2024-5690
@@ -492,6 +664,7 @@ CVE-2024-5689 (In addition to detecting when a user was
taking a screenshot (XXX
- firefox 127.0-1
NOTE:
https://www.mozilla.org/en-US/security/advisories/mfsa2024-25/#CVE-2024-5689
CVE-2024-5688 (If a garbage collection was triggered at the right time, a
use-after-f ...)
+ {DSA-5709-1}
- firefox 127.0-1
- firefox-esr 115.12.0esr-1
NOTE:
https://www.mozilla.org/en-US/security/advisories/mfsa2024-25/#CVE-2024-5688
@@ -693,9 +866,9 @@ CVE-2023-6748 (The Custom Field Template plugin for
WordPress is vulnerable to S
NOT-FOR-US: WordPress plugin
CVE-2023-6745 (The Custom Field Template plugin for WordPress is vulnerable to
Stored ...)
NOT-FOR-US: WordPress plugin
-CVE-2024-5203
+CVE-2024-5203 (A Cross-site request forgery (CSRF) flaw was found in Keycloak
and occ ...)
NOT-FOR-US: Keycloak
-CVE-2024-3183
+CVE-2024-3183 (A vulnerability was found in FreeIPA in a way when a Kerberos
TGS-REQ ...)
- freeipa <unfixed>
NOTE: https://bugzilla.redhat.com/show_bug.cgi?id=2270685
CVE-2024-2698 (A vulnerability was found in FreeIPA in how the initial
implementation ...)
@@ -1252,7 +1425,7 @@ CVE-2024-36965 (In the Linux kernel, the following
vulnerability has been resolv
[bullseye] - linux <not-affected> (Vulnerable code not present)
[buster] - linux <not-affected> (Vulnerable code not present)
NOTE:
https://git.kernel.org/linus/331f91d86f71d0bb89a44217cc0b2a22810bbd42 (6.10-rc1)
-CVE-2024-5742
+CVE-2024-5742 (A vulnerability was found in GNU Nano that allows a possible
privilege ...)
- nano 8.0-1
[bookworm] - nano <no-dsa> (Minor issue)
[bullseye] - nano <no-dsa> (Minor issue)
@@ -1425,11 +1598,11 @@ CVE-2023-49221 (Precor touchscreen console P62, P80,
and P82 could allow a remot
NOT-FOR-US: Precor touchscreen console
CVE-2024-37280
- elasticsearch <removed>
-CVE-2024-23445
+CVE-2024-23445 (It was identified that if a cross-cluster API key
https://www.elastic ...)
- elasticsearch <removed>
CVE-2024-37279
- kibana <itp> (bug #700337)
-CVE-2024-5154
+CVE-2024-5154 (A flaw was found in cri-o. A malicious container can create a
symbolic ...)
- cri-o <itp> (bug #979702)
CVE-2024-5640 (The Prime Slider \u2013 Addons For Elementor (Revolution of a
slider, ...)
NOT-FOR-US: WordPress plugin
@@ -13114,7 +13287,7 @@ CVE-2024-34469 (Rukovoditel before 3.5.3 allows XSS via
user_photo to index.php?
NOT-FOR-US: Rukovoditel
CVE-2024-34468 (Rukovoditel before 3.5.3 allows XSS via user_photo to My Page.)
NOT-FOR-US: Rukovoditel
-CVE-2024-34467 (ThinkPHP 8.0.3 allows remote attackers to discover the
PHPSESSION cook ...)
+CVE-2024-34467 (ThinkPHP 8.0.3 allows remote attackers to exploit XSS due to
inadequat ...)
NOT-FOR-US: ThinkPHP
CVE-2024-34462 (Alinto SOGo through 5.10.0 allows XSS during attachment
preview.)
- sogo <unfixed> (bug #1071163)
@@ -16080,6 +16253,7 @@ CVE-2024-26980 (In the Linux kernel, the following
vulnerability has been resolv
NOTE:
https://git.kernel.org/linus/c119f4ede3fa90a9463f50831761c28f989bfb20 (6.9-rc6)
CVE-2024-26979
REJECTED
+ {DSA-5681-1}
CVE-2024-26978 (In the Linux kernel, the following vulnerability has been
resolved: s ...)
{DSA-5681-1}
- linux 6.7.12-1
@@ -87939,7 +88113,7 @@ CVE-2023-29414 (A CWE-120: Buffer Copy without Checking
Size of Input (Classic B
NOT-FOR-US: Schneider
CVE-2023-29413 (A CWE-306: Missing Authentication for Critical Function
vulnerability ...)
NOT-FOR-US: Schneider
-CVE-2023-29412 (A CWE-78: Improper Handling of Case Sensitivity vulnerability
exists t ...)
+CVE-2023-29412 (CWE-78: Improper Neutralization of Special Elements used in an
OS Comm ...)
NOT-FOR-US: Schneider
CVE-2023-29411 (A CWE-306: Missing Authentication for Critical Function
vulnerability ...)
NOT-FOR-US: Schneider
@@ -88544,8 +88718,8 @@ CVE-2023-29269
RESERVED
CVE-2023-29268 (The Splus Server component of TIBCO Software Inc.'s TIBCO
Spotfire Sta ...)
NOT-FOR-US: TIBCO
-CVE-2023-29267
- RESERVED
+CVE-2023-29267 (IBM Db2 for Linux, UNIX and Windows (includes Db2 Connect
Server) 10.5 ...)
+ TODO: check
CVE-2023-29266
RESERVED
CVE-2023-29265
@@ -101864,8 +102038,8 @@ CVE-2023-25032 (Auth. (admin+) Stored Cross-Site
Scripting (XSS) vulnerability i
NOT-FOR-US: WordPress plugin
CVE-2023-25031 (Auth. (admin+) Stored Cross-Site Scripting (XSS) vulnerability
in Kibo ...)
NOT-FOR-US: WordPress plugin
-CVE-2023-25030
- RESERVED
+CVE-2023-25030 (Missing Authorization vulnerability in Buy Me a Coffee.This
issue affe ...)
+ TODO: check
CVE-2023-25029 (Cross-Site Request Forgery (CSRF) vulnerability in utahta WP
Social Bo ...)
NOT-FOR-US: WordPress plugin
CVE-2023-25028 (Auth. (admin+) Stored Cross-Site Scripting (XSS) vulnerability
in chuy ...)
View it on GitLab:
https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/df97ab30b9e5d79cea3e92a2841c78cb74975e8c
--
This project does not include diff previews in email notifications.
View it on GitLab:
https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/df97ab30b9e5d79cea3e92a2841c78cb74975e8c
You're receiving this email because of your account on salsa.debian.org.
_______________________________________________
debian-security-tracker-commits mailing list
[email protected]
https://alioth-lists.debian.net/cgi-bin/mailman/listinfo/debian-security-tracker-commits
