Salvatore Bonaccorso pushed to branch master at Debian Security Tracker /
security-tracker
Commits:
5e55cfd5 by security tracker role at 2024-06-26T20:12:30+00:00
automatic update
- - - - -
1 changed file:
- data/CVE/list
Changes:
=====================================
data/CVE/list
=====================================
@@ -1,3 +1,55 @@
+CVE-2024-6354 (Improper access control in PAM dashboard in Devolutions Remote
Desktop ...)
+ TODO: check
+CVE-2024-6349
+ REJECTED
+CVE-2024-6344 (A vulnerability, which was classified as problematic, was found
in ZKT ...)
+ TODO: check
+CVE-2024-4604 (URL Redirection to Untrusted Site ('Open Redirect')
vulnerability in M ...)
+ TODO: check
+CVE-2024-4228 (Improper Neutralization of Special Elements used in an SQL
Command ('S ...)
+ TODO: check
+CVE-2024-39460 (Jenkins Bitbucket Branch Source Plugin 886.v44cf5e4ecec5 and
earlier p ...)
+ TODO: check
+CVE-2024-39459 (In rare cases Jenkins Plain Credentials Plugin
182.v468b_97b_9dcb_8 an ...)
+ TODO: check
+CVE-2024-39458 (When Jenkins Structs Plugin 337.v1b_04ea_4df7c8 and earlier
fails to c ...)
+ TODO: check
+CVE-2024-39243 (An issue discovered in skycaiji 2.8 allows attackers to run
arbitrary ...)
+ TODO: check
+CVE-2024-39242 (A cross-site scripting (XSS) vulnerability in skycaiji v2.8
allows att ...)
+ TODO: check
+CVE-2024-39241 (Cross Site Scripting (XSS) vulnerability in skycaiji 2.8
allows attack ...)
+ TODO: check
+CVE-2024-38950 (Heap Buffer Overflow vulnerability in Libde265 v1.0.15 allows
attacker ...)
+ TODO: check
+CVE-2024-38949 (Heap Buffer Overflow vulnerability in Libde265 v1.0.15 allows
attacker ...)
+ TODO: check
+CVE-2024-38527 (ZenUML is JavaScript-based diagramming tool that requires no
server, u ...)
+ TODO: check
+CVE-2024-38520 (SoftEtherVPN is a an open-source cross-platform multi-protocol
VPN Pro ...)
+ TODO: check
+CVE-2024-38375 (@fastly/js-compute is a JavaScript SDK and runtime for
building Fastly ...)
+ TODO: check
+CVE-2024-38272 (There exists a vulnerability in Quickshare/Nearby where an
attacker ca ...)
+ TODO: check
+CVE-2024-38271 (There exists a vulnerability in Quickshare/Nearby where an
attacker ca ...)
+ TODO: check
+CVE-2024-37252 (Improper Neutralization of Special Elements used in an SQL
Command ('S ...)
+ TODO: check
+CVE-2024-37098 (Server-Side Request Forgery (SSRF) vulnerability in Blossom
Themes Blo ...)
+ TODO: check
+CVE-2024-35545 (MAP-OS v4.45.0 and earlier was discovered to contain a
cross-site scri ...)
+ TODO: check
+CVE-2024-33329 (A hardcoded privileged ID within Lumisxp v15.0.x to v16.1.x
allows att ...)
+ TODO: check
+CVE-2024-33328 (A cross-site scripting (XSS) vulnerability in the component
main.jsp o ...)
+ TODO: check
+CVE-2024-33327 (A cross-site scripting (XSS) vulnerability in the component
UrlAccessi ...)
+ TODO: check
+CVE-2024-33326 (A cross-site scripting (XSS) vulnerability in the component
XsltResult ...)
+ TODO: check
+CVE-2024-25637 (October is a self-hosted CMS platform based on the Laravel PHP
Framewo ...)
+ TODO: check
CVE-2024-6060 (An information disclosure vulnerability in Phloc Webscopes
7.0.0 allow ...)
NOT-FOR-US: Phloc Webscopes
CVE-2024-5573 (The Easy Table of Contents WordPress plugin before 2.0.66 does
not san ...)
@@ -60,7 +112,7 @@ CVE-2024-37855 (An issue in Nepstech Wifi Router xpon
(terminal) NTPL-Xpon1GFEVN
NOT-FOR-US: Nepstech Wifi Router
CVE-2024-37843 (Craft CMS up to v3.7.31 was discovered to contain a SQL
injection vuln ...)
NOT-FOR-US: Craft CMS
-CVE-2024-37742 (An issue in Safe Exam Browser for Windows before 3.6 allows an
attacke ...)
+CVE-2024-37742 (Insecure Access Control in Safe Exam Browser (SEB) = 3.5.0 on
Windows. ...)
NOT-FOR-US: Safe Exam Browser
CVE-2024-37141 (Dell PowerProtect DD, versions prior to 8.0, LTS 7.13.1.0, LTS
7.10.1. ...)
NOT-FOR-US: Dell
@@ -6622,7 +6674,7 @@ CVE-2024-5171 (Integer overflow in libaom internal
functionimg_alloc_helper can
NOTE:
https://aomedia.googlesource.com/aom/+/19d9966572a410804349e1a8ee2017fed49a6dab
NOTE:
https://aomedia.googlesource.com/aom/+/8156fb76d88845d716867d20333fd27001be47a8
CVE-2024-5197 (There exists interger overflows in libvpx in versions prior to
1.14.1. ...)
- {DLA-3830-1}
+ {DSA-5722-1 DLA-3830-1}
- libvpx 1.14.1-1
NOTE: https://issues.chromium.org/issues/332382766
NOTE:
https://github.com/webmproject/libvpx/commit/c5640e3300690705c336966e2a8bb346a388c829
@@ -14824,6 +14876,7 @@ CVE-2024-32636 (A vulnerability has been identified in
Parasolid V35.1 (All vers
CVE-2024-32635 (A vulnerability has been identified in Parasolid V35.1 (All
versions < ...)
NOT-FOR-US: Siemens
CVE-2024-32465 (Git is a revision control system. The Git project recommends
to avoid ...)
+ {DLA-3844-1}
- git 1:2.45.1-1 (bug #1071160)
NOTE: https://github.com/git/git/security/advisories/GHSA-vm9j-46j9-qvq4
NOTE:
https://github.com/git/git/commit/7b70e9efb18c2cc3f219af399bd384c5801ba1d7
@@ -14864,6 +14917,7 @@ CVE-2024-32057 (A vulnerability has been identified in
PS/IGES Parasolid Transla
CVE-2024-32055 (A vulnerability has been identified in PS/IGES Parasolid
Translator Co ...)
NOT-FOR-US: Siemens
CVE-2024-32021 (Git is a revision control system. Prior to versions 2.45.1,
2.44.1, 2. ...)
+ {DLA-3844-1}
- git 1:2.45.1-1 (bug #1071160)
NOTE: https://github.com/git/git/security/advisories/GHSA-mvxm-9j2h-qjx7
CVE-2024-32020 (Git is a revision control system. Prior to versions 2.45.1,
2.44.1, 2. ...)
@@ -14873,12 +14927,14 @@ CVE-2024-32020 (Git is a revision control system.
Prior to versions 2.45.1, 2.44
NOTE:
https://github.com/git/git/commit/9e65df5eab274bf74c7b570107aacd1303a1e703
NOTE: Regression:
https://lore.kernel.org/git/[email protected]/T/#u
CVE-2024-32004 (Git is a revision control system. Prior to versions 2.45.1,
2.44.1, 2. ...)
+ {DLA-3844-1}
- git 1:2.45.1-1 (bug #1071160)
NOTE: https://github.com/git/git/security/advisories/GHSA-xfc6-vwr8-r389
NOTE:
https://github.com/git/git/commit/f4aa8c8bb11dae6e769cd930565173808cbb69c8
NOTE:
https://github.com/git/git/commit/7b70e9efb18c2cc3f219af399bd384c5801ba1d7
NOTE: Regression:
https://lore.kernel.org/git/[email protected]/T/#u
CVE-2024-32002 (Git is a revision control system. Prior to versions 2.45.1,
2.44.1, 2. ...)
+ {DLA-3844-1}
- git 1:2.45.1-1 (bug #1071160)
NOTE: https://github.com/git/git/security/advisories/GHSA-8h77-4q3w-gfgv
NOTE:
https://github.com/git/git/commit/97065761333fd62db1912d81b489db938d8c991d
@@ -21711,7 +21767,7 @@ CVE-2024-1789 (The WP SMTP plugin for WordPress is
vulnerable to SQL Injection v
CVE-2024-0740 (Eclipse Target Management: Terminal and Remote System Explorer
(RSE) v ...)
NOT-FOR-US: Eclipse Target Management: Terminal and Remote System
Explorer
CVE-2023-51794 (Buffer Overflow vulnerability in Ffmpeg v.N113007-g8d24a28d06
allows a ...)
- {DSA-5712-1}
+ {DSA-5721-1 DSA-5712-1}
[experimental] - ffmpeg 7:7.0-1
- ffmpeg <unfixed>
[buster] - ffmpeg <postponed> (Pick up when fixed in 4.1.x)
@@ -22996,7 +23052,7 @@ CVE-2024-1065 (Use After Free vulnerability in Arm Ltd
Bifrost GPU Kernel Driver
CVE-2024-0671 (Use After Free vulnerability in Arm Ltd Midgard GPU Kernel
Driver, Arm ...)
NOT-FOR-US: Arm
CVE-2023-51798 (Buffer Overflow vulnerability in Ffmpeg v.N113007-g8d24a28d06
allows a ...)
- {DSA-5712-1}
+ {DSA-5721-1 DSA-5712-1}
[experimental] - ffmpeg 7:7.0-1
- ffmpeg <unfixed>
[buster] - ffmpeg <postponed> (Pick up when fixed in most related
branch)
@@ -23028,7 +23084,7 @@ CVE-2023-51795 (Buffer Overflow vulnerability in Ffmpeg
v.N113007-g8d24a28d06 al
NOTE: Fixed in
https://github.com/FFmpeg/FFmpeg/commit/ab0fdaedd1e7224f7e84ea22fcbfaa4ca75a6c06
(n7.0)
NOTE: Introduced in
https://github.com/FFmpeg/FFmpeg/commit/81df787b53eb5c6433731f6eaaf7f2a94d8a8c80
(n5.1)
CVE-2023-51793 (Buffer Overflow vulnerability in Ffmpeg v.N113007-g8d24a28d06
allows a ...)
- {DSA-5712-1}
+ {DSA-5721-1 DSA-5712-1}
[experimental] - ffmpeg 7:7.0-1
- ffmpeg <unfixed>
[buster] - ffmpeg <postponed> (Pick up when fixed in most related
branch)
@@ -23052,7 +23108,7 @@ CVE-2023-51791 (Buffer Overflow vulenrability in Ffmpeg
v.N113007-g8d24a28d06 al
CVE-2023-50260 (Wazuh is a free and open source platform used for threat
prevention, d ...)
NOT-FOR-US: Wazuh
CVE-2023-50010 (Buffer Overflow vulnerability in Ffmpeg v.n6.1-3-g466799d4f5
allows a ...)
- {DSA-5712-1}
+ {DSA-5721-1 DSA-5712-1}
[experimental] - ffmpeg 7:7.0-1
- ffmpeg <unfixed>
[buster] - ffmpeg <postponed> (Pick up when fixed in most related
branch)
@@ -93903,6 +93959,7 @@ CVE-2023-29009 (baserCMS is a website development
framework with WebAPI that run
CVE-2023-29008 (The SvelteKit framework offers developers an option to create
simple R ...)
NOT-FOR-US: SvelteKit
CVE-2023-29007 (Git is a revision control system. Prior to versions 2.30.9,
2.31.8, 2. ...)
+ {DLA-3844-1}
- git 1:2.40.1-1 (bug #1034835)
[bookworm] - git <no-dsa> (Minor issue)
[bullseye] - git <no-dsa> (Minor issue)
@@ -94063,6 +94120,7 @@ CVE-2023-1692 (The window management module lacks
permission verification.Succes
CVE-2023-1691 (Vulnerability of failures to capture exceptions in the
communication f ...)
NOT-FOR-US: Huawei
CVE-2022-48434 (libavcodec/pthread_frame.c in FFmpeg before 5.1.2, as used in
VLC and ...)
+ {DSA-5721-1}
- ffmpeg 7:5.1.2-1
[buster] - ffmpeg <postponed> (Wait until the backport to 4.x)
NOTE:
https://git.ffmpeg.org/gitweb/ffmpeg.git/commit/cc867f2c09d2b69cee8a0eccd62aff002cbbfe11
(n6.1-dev)
@@ -100844,8 +100902,8 @@ CVE-2023-26879
RESERVED
CVE-2023-26878
RESERVED
-CVE-2023-26877
- RESERVED
+CVE-2023-26877 (File upload vulnerability found in Softexpert Excellence Suite
v.2.1 a ...)
+ TODO: check
CVE-2023-26876 (SQL injection vulnerability found in Piwigo v.13.5.0 and
before allows ...)
- piwigo <removed>
CVE-2023-26875
@@ -103786,6 +103844,7 @@ CVE-2023-25817 (Nextcloud server is an open source,
personal cloud implementatio
CVE-2023-25816 (Nextcloud is an Open Source private cloud software. Versions
25.0.0 an ...)
- nextcloud-server <itp> (bug #941708)
CVE-2023-25815 (In Git for Windows, the Windows port of Git, no localized
messages are ...)
+ {DLA-3844-1}
- git 1:2.40.1-1 (bug #1034835)
[bookworm] - git <no-dsa> (Minor issue)
[bullseye] - git <no-dsa> (Minor issue)
@@ -104598,6 +104657,7 @@ CVE-2023-25653 (node-jose is a JavaScript
implementation of the JSON Object Sign
NOT-FOR-US: Cisco node-jose (different from src:node-jose)
NOTE:
https://github.com/cisco/node-jose/security/advisories/GHSA-5h4j-qrvg-9xhw
CVE-2023-25652 (Git is a revision control system. Prior to versions 2.30.9,
2.31.8, 2. ...)
+ {DLA-3844-1}
- git 1:2.40.1-1 (bug #1034835)
[bookworm] - git <no-dsa> (Minor issue)
[bullseye] - git <no-dsa> (Minor issue)
@@ -172901,7 +172961,7 @@ CVE-2022-29422 (Multiple Authenticated (admin+)
Persistent Cross-Site Scripting
NOT-FOR-US: WordPress plugin
CVE-2022-29421 (Reflected Cross-Site Scripting (XSS) vulnerability in Adam
Skaat's Cou ...)
NOT-FOR-US: WordPress plugin
-CVE-2022-29420 (Authenticated (admin+) Stored Cross-Site Scripting (XSS)
vulnerability ...)
+CVE-2022-29420 (Improper Neutralization of Input During Web Page Generation
(XSS or 'C ...)
NOT-FOR-US: WordPress plugin
CVE-2022-29419 (SQL Injection (SQLi) vulnerability in Don Crowther's
3xSocializer plug ...)
NOT-FOR-US: WordPress plugin
@@ -405136,7 +405196,7 @@ CVE-2019-1389 (A remote code execution vulnerability
exists when Windows Hyper-V
CVE-2019-1388 (An elevation of privilege vulnerability exists in the Windows
Certific ...)
NOT-FOR-US: Microsoft
CVE-2019-1387 (An issue was found in Git before v2.24.1, v2.23.1, v2.22.2,
v2.21.1, v ...)
- {DSA-4581-1 DLA-2059-1}
+ {DSA-4581-1 DLA-3844-1 DLA-2059-1}
- git 1:2.24.0-2
NOTE:
https://git.kernel.org/pub/scm/git/git.git/commit/?id=a8dee3ca610f5a1d403634492136c887f83b59d2
NOTE: https://www.openwall.com/lists/oss-security/2019/12/13/1
View it on GitLab:
https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/5e55cfd51c66ad2699da8211ba3f3fc267145596
--
This project does not include diff previews in email notifications.
View it on GitLab:
https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/5e55cfd51c66ad2699da8211ba3f3fc267145596
You're receiving this email because of your account on salsa.debian.org.
_______________________________________________
debian-security-tracker-commits mailing list
[email protected]
https://alioth-lists.debian.net/cgi-bin/mailman/listinfo/debian-security-tracker-commits
