Salvatore Bonaccorso pushed to branch master at Debian Security Tracker /
security-tracker
Commits:
1f5f71b5 by security tracker role at 2024-06-14T20:14:24+00:00
automatic update
- - - - -
1 changed file:
- data/CVE/list
Changes:
=====================================
data/CVE/list
=====================================
@@ -1,3 +1,113 @@
+CVE-2024-5996 (The notification emails sent by Soar Cloud HR Portal contain a
link wi ...)
+ TODO: check
+CVE-2024-5934
+ REJECTED
+CVE-2024-5731 (A vulnerability in the IPS Manager, Central Manager, and Local
Manager ...)
+ TODO: check
+CVE-2024-5685 (Users with "User:edit" and "Self:api" permissionscan promote or
demote ...)
+ TODO: check
+CVE-2024-5671 (Insecure Deserialization in some workflows of the IPS Manager
allows u ...)
+ TODO: check
+CVE-2024-5659 (Rockwell Automation was made aware of a vulnerability that
causes all ...)
+ TODO: check
+CVE-2024-4863 (The Gutenberg Blocks with AI by Kadence WP \u2013 Page Builder
Feature ...)
+ TODO: check
+CVE-2024-3912 (Certain models of ASUS routers have an arbitrary firmware
upload vulne ...)
+ TODO: check
+CVE-2024-37889 (MyFinances is a web application for managing finances.
MyFinances has ...)
+ TODO: check
+CVE-2024-37888 (The Open Link is a CKEditor plugin, extending context menu
with a poss ...)
+ TODO: check
+CVE-2024-37887 (Nextcloud Server is a self hosted personal cloud system.
Private share ...)
+ TODO: check
+CVE-2024-37886 (user_oidc app is an OpenID Connect user backend for Nextcloud.
An atta ...)
+ TODO: check
+CVE-2024-37885 (The Nextcloud Desktop Client is a tool to synchronize files
from Nextc ...)
+ TODO: check
+CVE-2024-37884 (Nextcloud Server is a self hosted personal cloud system. A
malicious u ...)
+ TODO: check
+CVE-2024-37883 (Nextcloud Deck is a kanban style organization tool aimed at
personal p ...)
+ TODO: check
+CVE-2024-37882 (Nextcloud Server is a self hosted personal cloud system. A
recipient o ...)
+ TODO: check
+CVE-2024-37831 (Itsourcecode Payroll Management System 1.0 is vulnerable to
SQL Inject ...)
+ TODO: check
+CVE-2024-37645 (TRENDnet TEW-814DAP v1_(FW1.01B01) was discovered to contain a
stack o ...)
+ TODO: check
+CVE-2024-37644 (TRENDnet TEW-814DAP v1_(FW1.01B01) was discovered to contain a
hardcod ...)
+ TODO: check
+CVE-2024-37643 (TRENDnet TEW-814DAP v1_(FW1.01B01) was discovered to contain a
stack o ...)
+ TODO: check
+CVE-2024-37642 (TRENDnet TEW-814DAP v1_(FW1.01B01) was discovered to contain a
command ...)
+ TODO: check
+CVE-2024-37641 (TRENDnet TEW-814DAP v1_(FW1.01B01) was discovered to contain a
stack o ...)
+ TODO: check
+CVE-2024-37640 (TOTOLINK A3700R V9.1.2u.6165_20211012 was discovered to
contain a stac ...)
+ TODO: check
+CVE-2024-37639 (TOTOLINK A3700R V9.1.2u.6165_20211012 was discovered to
contain a stac ...)
+ TODO: check
+CVE-2024-37637 (TOTOLINK A3700R V9.1.2u.6165_20211012 was discovered to
contain a stac ...)
+ TODO: check
+CVE-2024-37369 (A privilege escalation vulnerability exists in the affected
product. T ...)
+ TODO: check
+CVE-2024-37368 (A user authentication vulnerability exists in the Rockwell
AutomationF ...)
+ TODO: check
+CVE-2024-37367 (A user authentication vulnerability exists in the Rockwell
Automation ...)
+ TODO: check
+CVE-2024-37317 (The Nextcloud Notes app is a distraction free notes taking app
for Nex ...)
+ TODO: check
+CVE-2024-37316 (Nextcloud Calendar is a calendar app for Nextcloud.
Authenticated user ...)
+ TODO: check
+CVE-2024-37315 (Nextcloud Server is a self hosted personal cloud system. An
attacker w ...)
+ TODO: check
+CVE-2024-37314 (Nextcloud Photos is a photo management app. Users can remove
photos fr ...)
+ TODO: check
+CVE-2024-37313 (Nextcloud server is a self hosted personal cloud system. Under
some ci ...)
+ TODO: check
+CVE-2024-37312 (user_oidc app is an OpenID Connect user backend for Nextcloud.
Missing ...)
+ TODO: check
+CVE-2024-37182 (Mattermost Desktop App versions <=5.7.0 fail to correctly
prompt for p ...)
+ TODO: check
+CVE-2024-36656 (In MintHCM 4.0.3, a registered user can execute arbitrary
JavaScript c ...)
+ TODO: check
+CVE-2024-36600 (Buffer Overflow Vulnerability in libcdio v2.1.0 allows an
attacker to ...)
+ TODO: check
+CVE-2024-36599 (A cross-site scripting (XSS) vulnerability in Aegon Life v1.0
allows a ...)
+ TODO: check
+CVE-2024-36598 (An arbitrary file upload vulnerability in Aegon Life v1.0
allows attac ...)
+ TODO: check
+CVE-2024-36597 (Aegon Life v1.0 was discovered to contain a SQL injection
vulnerabilit ...)
+ TODO: check
+CVE-2024-36459 (A CRLF cross-site scripting vulnerability has been identified
in certa ...)
+ TODO: check
+CVE-2024-36287 (Mattermost Desktop App versions <=5.7.0 fail to disable
certain Electr ...)
+ TODO: check
+CVE-2024-34694 (LNbits is a Lightning wallet and accounts system. Paying
invoices in E ...)
+ TODO: check
+CVE-2024-34539 (Hardcoded credentials in TerraMaster TOS firmware through 5.1
allow a ...)
+ TODO: check
+CVE-2024-34012 (Local privilege escalation due to insecure folder permissions.
The fol ...)
+ TODO: check
+CVE-2024-33377 (LB-LINK BL-W1210M v2.0 was discovered to contain a
clickjacking vulner ...)
+ TODO: check
+CVE-2024-33375 (LB-LINK BL-W1210M v2.0 was discovered to store user
credentials in pla ...)
+ TODO: check
+CVE-2024-33374 (Incorrect access control in the UART/Serial interface on the
LB-LINK B ...)
+ TODO: check
+CVE-2024-33373 (An issue in the LB-LINK BL-W1210M v2.0 router allows attackers
to bypa ...)
+ TODO: check
+CVE-2024-2472 (The LatePoint Plugin plugin for WordPress is vulnerable to
unauthorize ...)
+ TODO: check
+CVE-2024-2024 (The Folders Pro plugin for WordPress is vulnerable to arbitrary
file u ...)
+ TODO: check
+CVE-2024-2023 (The Folders and Folders Pro plugin for WordPress is vulnerable
to Dire ...)
+ TODO: check
+CVE-2024-24320 (Directory Traversal vulnerability in Mgt-commerce CloudPanel
v.2.0.0 t ...)
+ TODO: check
+CVE-2024-23442 (An open redirect issue was discovered in Kibana that could
lead to a u ...)
+ TODO: check
+CVE-2023-51376 (Missing Authorization vulnerability in Brainstorm Force
ProjectHuddle ...)
+ TODO: check
CVE-2024-5995 (The notification emails sent by Soar Cloud HR Portal contain a
link wi ...)
NOT-FOR-US: Soar Cloud
CVE-2024-5994 (The WP Go Maps (formerly WP Google Maps) plugin for WordPress
is vulne ...)
@@ -318,7 +428,7 @@ CVE-2023-35045 (Missing Authorization vulnerability in Fat
Rat Fat Rat Collect.T
NOT-FOR-US: WordPress plugin
CVE-2023-35040 (Missing Authorization vulnerability in SendPress SendPress
Newsletters ...)
NOT-FOR-US: WordPress plugin
-CVE-2024-25142
+CVE-2024-25142 (Use of Web Browser Cache Containing Sensitive Information
vulnerabilit ...)
- airflow <itp> (bug #819700)
CVE-2024-5952 (Deep Sea Electronics DSE855 Restart Missing Authentication
Denial-of-S ...)
NOT-FOR-US: Deep Sea Electronics DSE855 devices
@@ -930,7 +1040,8 @@ CVE-2024-36840 (SQL Injection vulnerability in Boelter
Blue System Management v.
NOT-FOR-US: Boelter Blue System Management
CVE-2024-36761 (naga v0.14.0 was discovered to contain a stack overflow via
the compon ...)
NOT-FOR-US: naga
-CVE-2024-36699 (GNU Debugger v8.2 to v14.2 was discovered to contain a buffer
overflow ...)
+CVE-2024-36699
+ REJECTED
TODO: check
CVE-2024-36691 (Insecure permissions in the AdminController.AjaxSave() method
of PPGo_ ...)
NOT-FOR-US: PPGo_Jobs
@@ -1081,74 +1192,92 @@ CVE-2024-0160 (Dell Client Platform contains an
incorrect authorization vulnerab
CVE-2024-25131
NOT-FOR-US: MustGather.managed.openshift.io Custom Defined Resource
(CRD)
CVE-2024-5847 (Use after free in PDFium in Google Chrome prior to
126.0.6478.54 allow ...)
+ {DSA-5710-1}
- chromium 126.0.6478.56-1
[bullseye] - chromium <end-of-life> (see #1061268)
[buster] - chromium <end-of-life> (see DSA 5046)
CVE-2024-5846 (Use after free in PDFium in Google Chrome prior to
126.0.6478.54 allow ...)
+ {DSA-5710-1}
- chromium 126.0.6478.56-1
[bullseye] - chromium <end-of-life> (see #1061268)
[buster] - chromium <end-of-life> (see DSA 5046)
CVE-2024-5845 (Use after free in Audio in Google Chrome prior to 126.0.6478.54
allowe ...)
+ {DSA-5710-1}
- chromium 126.0.6478.56-1
[bullseye] - chromium <end-of-life> (see #1061268)
[buster] - chromium <end-of-life> (see DSA 5046)
CVE-2024-5844 (Heap buffer overflow in Tab Strip in Google Chrome prior to
126.0.6478 ...)
+ {DSA-5710-1}
- chromium 126.0.6478.56-1
[bullseye] - chromium <end-of-life> (see #1061268)
[buster] - chromium <end-of-life> (see DSA 5046)
CVE-2024-5843 (Inappropriate implementation in Downloads in Google Chrome
prior to 12 ...)
+ {DSA-5710-1}
- chromium 126.0.6478.56-1
[bullseye] - chromium <end-of-life> (see #1061268)
[buster] - chromium <end-of-life> (see DSA 5046)
CVE-2024-5842 (Use after free in Browser UI in Google Chrome prior to
126.0.6478.54 a ...)
+ {DSA-5710-1}
- chromium 126.0.6478.56-1
[bullseye] - chromium <end-of-life> (see #1061268)
[buster] - chromium <end-of-life> (see DSA 5046)
CVE-2024-5841 (Use after free in V8 in Google Chrome prior to 126.0.6478.54
allowed a ...)
+ {DSA-5710-1}
- chromium 126.0.6478.56-1
[bullseye] - chromium <end-of-life> (see #1061268)
[buster] - chromium <end-of-life> (see DSA 5046)
CVE-2024-5840 (Policy bypass in CORS in Google Chrome prior to 126.0.6478.54
allowed ...)
+ {DSA-5710-1}
- chromium 126.0.6478.56-1
[bullseye] - chromium <end-of-life> (see #1061268)
[buster] - chromium <end-of-life> (see DSA 5046)
CVE-2024-5839 (Inappropriate Implementation in Memory Allocator in Google
Chrome prio ...)
+ {DSA-5710-1}
- chromium 126.0.6478.56-1
[bullseye] - chromium <end-of-life> (see #1061268)
[buster] - chromium <end-of-life> (see DSA 5046)
CVE-2024-5838 (Type Confusion in V8 in Google Chrome prior to 126.0.6478.54
allowed a ...)
+ {DSA-5710-1}
- chromium 126.0.6478.56-1
[bullseye] - chromium <end-of-life> (see #1061268)
[buster] - chromium <end-of-life> (see DSA 5046)
CVE-2024-5837 (Type Confusion in V8 in Google Chrome prior to 126.0.6478.54
allowed a ...)
+ {DSA-5710-1}
- chromium 126.0.6478.56-1
[bullseye] - chromium <end-of-life> (see #1061268)
[buster] - chromium <end-of-life> (see DSA 5046)
CVE-2024-5836 (Inappropriate Implementation in DevTools in Google Chrome prior
to 126 ...)
+ {DSA-5710-1}
- chromium 126.0.6478.56-1
[bullseye] - chromium <end-of-life> (see #1061268)
[buster] - chromium <end-of-life> (see DSA 5046)
CVE-2024-5835 (Heap buffer overflow in Tab Groups in Google Chrome prior to
126.0.647 ...)
+ {DSA-5710-1}
- chromium 126.0.6478.56-1
[bullseye] - chromium <end-of-life> (see #1061268)
[buster] - chromium <end-of-life> (see DSA 5046)
CVE-2024-5834 (Inappropriate implementation in Dawn in Google Chrome prior to
126.0.6 ...)
+ {DSA-5710-1}
- chromium 126.0.6478.56-1
[bullseye] - chromium <end-of-life> (see #1061268)
[buster] - chromium <end-of-life> (see DSA 5046)
CVE-2024-5833 (Type Confusion in V8 in Google Chrome prior to 126.0.6478.54
allowed a ...)
+ {DSA-5710-1}
- chromium 126.0.6478.56-1
[bullseye] - chromium <end-of-life> (see #1061268)
[buster] - chromium <end-of-life> (see DSA 5046)
CVE-2024-5832 (Use after free in Dawn in Google Chrome prior to 126.0.6478.54
allowed ...)
+ {DSA-5710-1}
- chromium 126.0.6478.56-1
[bullseye] - chromium <end-of-life> (see #1061268)
[buster] - chromium <end-of-life> (see DSA 5046)
CVE-2024-5831 (Use after free in Dawn in Google Chrome prior to 126.0.6478.54
allowed ...)
+ {DSA-5710-1}
- chromium 126.0.6478.56-1
[bullseye] - chromium <end-of-life> (see #1061268)
[buster] - chromium <end-of-life> (see DSA 5046)
CVE-2024-5830 (Type Confusion in V8 in Google Chrome prior to 126.0.6478.54
allowed a ...)
+ {DSA-5710-1}
- chromium 126.0.6478.56-1
[bullseye] - chromium <end-of-life> (see #1061268)
[buster] - chromium <end-of-life> (see DSA 5046)
@@ -37577,7 +37706,7 @@ CVE-2024-1053 (The Event Tickets and Registration
plugin for WordPress is vulner
NOT-FOR-US: WordPress plugin
CVE-2024-0903 (The User Feedback \u2013 Create Interactive Feedback Form, User
Survey ...)
NOT-FOR-US: WordPress plugin
-CVE-2024-0446 (A maliciously crafted STP, CATPART or MODEL file in
ASMKERN228A.dll wh ...)
+CVE-2024-0446 (A maliciously crafted STP, CATPART or MODEL file when parsed in
ASMKER ...)
NOT-FOR-US: Autodesk
CVE-2023-52155 (A SQL Injection vulnerability in /admin/sauvegarde/run.php in
PMB 7.4. ...)
NOT-FOR-US: PMB
View it on GitLab:
https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/1f5f71b5633f0eac933ae6de7de8063de5d4fcbb
--
This project does not include diff previews in email notifications.
View it on GitLab:
https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/1f5f71b5633f0eac933ae6de7de8063de5d4fcbb
You're receiving this email because of your account on salsa.debian.org.
_______________________________________________
debian-security-tracker-commits mailing list
[email protected]
https://alioth-lists.debian.net/cgi-bin/mailman/listinfo/debian-security-tracker-commits
