Salvatore Bonaccorso pushed to branch master at Debian Security Tracker /
security-tracker
Commits:
e1d22b1c by security tracker role at 2024-06-28T20:12:57+00:00
automatic update
- - - - -
1 changed file:
- data/CVE/list
Changes:
=====================================
data/CVE/list
=====================================
@@ -1,3 +1,81 @@
+CVE-2024-6403 (A vulnerability, which was classified as critical, has been
found in T ...)
+ TODO: check
+CVE-2024-6402 (A vulnerability classified as critical was found in Tenda A301
15.13.0 ...)
+ TODO: check
+CVE-2024-5972
+ REJECTED
+CVE-2024-5925 (The Theron Lite theme for WordPress is vulnerable to Stored
Cross-Site ...)
+ TODO: check
+CVE-2024-5922 (The Scylla lite theme for WordPress is vulnerable to Stored
Cross-Site ...)
+ TODO: check
+CVE-2024-5827 (Vanna v0.3.4 is vulnerable to SQL injection in its DuckDB
integration ...)
+ TODO: check
+CVE-2024-5737 (Script afGdStream.php inAdmirorFrames Joomla! extension
doesn\u2019t s ...)
+ TODO: check
+CVE-2024-5736 (Server Side Request Forgery (SSRF) vulnerability in
AdmirorFrames Joom ...)
+ TODO: check
+CVE-2024-5735 (Full Path Disclosure vulnerability in AdmirorFrames Joomla!
extension ...)
+ TODO: check
+CVE-2024-5712 (Cross-Site Request Forgery (CSRF) in stitionai/devika)
+ TODO: check
+CVE-2024-5662 (The Ultimate Post Kit Addons For Elementor \u2013 (Post Grid,
Post Car ...)
+ TODO: check
+CVE-2024-5424 (The Gallery Blocks with Lightbox. Image Gallery, (HTML5 video ,
YouTub ...)
+ TODO: check
+CVE-2024-3995 (In Helix ALM versions prior to 2024.2.0, a local command
injection was ...)
+ TODO: check
+CVE-2024-3816 (Sites managed in S@M CMS (Concept Intermedia) might be
vulnerable to a ...)
+ TODO: check
+CVE-2024-3801 (Sites managed in S@M CMS (Concept Intermedia) might be
vulnerable to R ...)
+ TODO: check
+CVE-2024-3800 (Sites managed in S@M CMS (Concept Intermedia) might be
vulnerable to R ...)
+ TODO: check
+CVE-2024-39704 (Soft Circle French-Bread Melty Blood: Actress Again: Current
Code thro ...)
+ TODO: check
+CVE-2024-38531 (Nix is a package manager for Linux and other Unix systems that
makes p ...)
+ TODO: check
+CVE-2024-38528 (nptd-rs is a tool for synchronizing your computer's clock,
implementin ...)
+ TODO: check
+CVE-2024-38522 (Hush Line is a free and open-source,
anonymous-tip-line-as-a-service f ...)
+ TODO: check
+CVE-2024-38521 (Hush Line is a free and open-source,
anonymous-tip-line-as-a-service f ...)
+ TODO: check
+CVE-2024-38514 (NextChat is a cross-platform ChatGPT/Gemini UI. There is a
Server-Side ...)
+ TODO: check
+CVE-2024-38374 (The CycloneDX core module provides a model representation of
the SBOM ...)
+ TODO: check
+CVE-2024-38371 (authentik is an open-source Identity Provider. Access
restrictions ass ...)
+ TODO: check
+CVE-2024-38322 (IBM Storage Defender - Resiliency Service 2.0.0 through 2.0.4
agent us ...)
+ TODO: check
+CVE-2024-37905 (authentik is an open-source Identity Provider that emphasizes
flexibil ...)
+ TODO: check
+CVE-2024-37741 (OpenPLC 3 through 9cd8f1b allows XSS via an SVG document as a
profile ...)
+ TODO: check
+CVE-2024-35156 (IBM MQ 9.3 LTS and 9.3 CD could allow a remote attacker to
obtain sens ...)
+ TODO: check
+CVE-2024-35155 (IBM MQ Console 9.3 LTS and 9.3 CD could disclose could allow a
remote ...)
+ TODO: check
+CVE-2024-35139 (IBM Security Access Manager Docker 10.0.0.0 through 10.0.7.1
could all ...)
+ TODO: check
+CVE-2024-35137 (IBM Security Access Manager Docker 10.0.0.0 through 10.0.7.1
could all ...)
+ TODO: check
+CVE-2024-35116 (IBM MQ 9.0 LTS, 9.1 LTS, 9.2 LTS, 9.3 LTS, and 9.3 CD is
vulnerable to ...)
+ TODO: check
+CVE-2024-31919 (IBM MQ 9.0 LTS, 9.1 LTS, 9.2 LTS, 9.3 LTS and 9.3 CD, in
certain confi ...)
+ TODO: check
+CVE-2024-31912 (IBM MQ 9.3 LTS and 9.3 CD could allow an authenticated user to
escalat ...)
+ TODO: check
+CVE-2024-27629 (An issue in dc2niix before v.1.0.20240202 allows a local
attacker to e ...)
+ TODO: check
+CVE-2024-27628 (Buffer Overflow vulnerability in DCMTK v.3.6.8 allows an
attacker to e ...)
+ TODO: check
+CVE-2024-25053 (IBM Cognos Analytics 11.2.0, 11.2.1, 11.2.2, 11.2.3, 11.2.4,
12.0.0, 1 ...)
+ TODO: check
+CVE-2024-25041 (IBM Cognos Analytics 11.2.0, 11.2.1, 11.2.2, 11.2.3, 11.2.4,
12.0.0, 1 ...)
+ TODO: check
+CVE-2024-25031 (IBM Storage Defender - Resiliency Service 2.0.0 through 2.0.4
uses an ...)
+ TODO: check
CVE-2024-6296 (The Stackable \u2013 Page Builder Gutenberg Blocks plugin for
WordPres ...)
NOT-FOR-US: WordPress plugin
CVE-2024-6288 (The Conversios \u2013 Google Analytics 4 (GA4), Meta Pixel &
more Via ...)
@@ -17985,10 +18063,12 @@ CVE-2024-34511
CVE-2024-34510 (Gradio before 4.20 allows credential leakage on Windows.)
NOT-FOR-US: Gradio
CVE-2024-34509 (dcmdata in DCMTK before 3.6.9 has a segmentation fault via an
invalid ...)
+ {DLA-3847-1}
- dcmtk 3.6.7-14
NOTE: https://support.dcmtk.org/redmine/issues/1114
NOTE:
https://github.com/DCMTK/dcmtk/commit/c78e434c0c5f9d932874f0b17a8b4ce305ca01f5
CVE-2024-34508 (dcmnet in DCMTK before 3.6.9 has a segmentation fault via an
invalid D ...)
+ {DLA-3847-1}
- dcmtk 3.6.7-14
NOTE: https://support.dcmtk.org/redmine/issues/1114
NOTE:
https://github.com/DCMTK/dcmtk/commit/c78e434c0c5f9d932874f0b17a8b4ce305ca01f5
@@ -21428,13 +21508,13 @@ CVE-2024-29040
[bullseye] - tpm2-tss <no-dsa> (Minor issue)
[buster] - tpm2-tss <postponed> (Minor issue; can be fixed in next
update)
NOTE:
https://github.com/tpm2-software/tpm2-tss/commit/710cd0b6adf3a063f34a8e92da46df7a107d9a99
(4.1.0)
-CVE-2024-29039
+CVE-2024-29039 (tpm2 is the source repository for the Trusted Platform Module
(TPM2.0) ...)
- tpm2-tools 5.7-1 (bug #1070139)
[bookworm] - tpm2-tools <no-dsa> (Minor issue)
[bullseye] - tpm2-tools <no-dsa> (Minor issue)
[buster] - tpm2-tools <postponed> (Minor issue; can be fixed in next
update)
NOTE:
https://github.com/tpm2-software/tpm2-tools/commit/98599df9392a346216c5a059b8d35271286100bb
(5.7)
-CVE-2024-29038
+CVE-2024-29038 (tpm2-tools is the source repository for the Trusted Platform
Module (T ...)
- tpm2-tools 5.7-1 (bug #1070139)
[bookworm] - tpm2-tools <no-dsa> (Minor issue)
[bullseye] - tpm2-tools <no-dsa> (Minor issue)
@@ -22961,6 +23041,7 @@ CVE-2024-2477 (The wpDiscuz plugin for WordPress is
vulnerable to Stored Cross-S
CVE-2024-28627 (An issue in Flipsnack v.18/03/2024 allows a local attacker to
obtain s ...)
NOT-FOR-US: Flipsnack
CVE-2024-28130 (An incorrect type conversion vulnerability exists in the
DVPSSoftcopyV ...)
+ {DLA-3847-1}
- dcmtk 3.6.7-14 (bug #1070207)
NOTE:
https://talosintelligence.com/vulnerability_reports/TALOS-2024-1957
NOTE: https://support.dcmtk.org/redmine/issues/1120
@@ -134637,6 +134718,7 @@ CVE-2022-43274
CVE-2022-43273
RESERVED
CVE-2022-43272 (DCMTK v3.6.7 was discovered to contain a memory leak via the
T_ASC_Ass ...)
+ {DLA-3847-1}
[experimental] - dcmtk 3.6.8~git20221013.51be018-1
- dcmtk 3.6.7-8 (bug #1027165)
[bullseye] - dcmtk <no-dsa> (Minor issue)
@@ -148071,8 +148153,8 @@ CVE-2022-38385 (IBM Cloud Pak for Security (CP4S)
1.10.0.0 through 1.10.2.0 coul
NOT-FOR-US: IBM
CVE-2022-38384
RESERVED
-CVE-2022-38383
- RESERVED
+CVE-2022-38383 (IBM Cloud Pak for Security (CP4S) 1.10.0.0 through 1.10.11.0
and IBM Q ...)
+ TODO: check
CVE-2022-38382
RESERVED
CVE-2022-38105 (An information disclosure vulnerability exists in the
cm_processREQ_NC ...)
@@ -160535,6 +160617,7 @@ CVE-2022-2122 (DOS / potential heap overwrite in
qtdemux using zlib decompressio
NOTE:
https://gitlab.freedesktop.org/gstreamer/gstreamer/-/commit/14d306da6da51a762c4dc701d161bb52ab66d774
NOTE:
https://gitlab.freedesktop.org/gstreamer/gstreamer/-/commit/92b5eb1da30fda054daf2f3d30bb4b806910b234
(1.20.3)
CVE-2022-2121 (OFFIS DCMTK's (All versions prior to 3.6.7) has a NULL pointer
derefer ...)
+ {DLA-3847-1}
- dcmtk 3.6.7-1 (bug #1014044)
[bullseye] - dcmtk <no-dsa> (Minor issue)
NOTE: https://support.dcmtk.org/redmine/issues/1021
@@ -178928,8 +179011,8 @@ CVE-2022-27542
RESERVED
CVE-2022-27541 (Potential Time-of-Check to Time-of Use (TOCTOU)
vulnerabilities have b ...)
NOT-FOR-US: HP
-CVE-2022-27540
- RESERVED
+CVE-2022-27540 (A potential Time-of-Check to Time-of Use (TOCTOU)
vulnerability has be ...)
+ TODO: check
CVE-2022-27539 (Potential Time-of-Check to Time-of Use (TOCTOU)
vulnerabilities have b ...)
NOT-FOR-US: HP
CVE-2022-27538 (A potential Time-of-Check to Time-of-Use (TOCTOU)
vulnerability has be ...)
@@ -213576,18 +213659,22 @@ CVE-2021-41692
CVE-2021-41691
RESERVED
CVE-2021-41690 (DCMTK through 3.6.6 does not handle memory free properly. The
malloced ...)
+ {DLA-3847-1}
- dcmtk 3.6.7-1
[bullseye] - dcmtk <no-dsa> (Minor issue)
NOTE:
https://github.com/DCMTK/dcmtk/commit/a9697dfeb672b0b9412c00c7d36d801e27ec85cb
(DCMTK-3.6.7)
CVE-2021-41689 (DCMTK through 3.6.6 does not handle string copy properly.
Sending spec ...)
+ {DLA-3847-1}
- dcmtk 3.6.7-1
[bullseye] - dcmtk <no-dsa> (Minor issue)
NOTE:
https://github.com/DCMTK/dcmtk/commit/5c14bf53fb42ceca12bbcc0016e8704b1580920d
(DCMTK-3.6.7)
CVE-2021-41688 (DCMTK through 3.6.6 does not handle memory free properly. The
object i ...)
+ {DLA-3847-1}
- dcmtk 3.6.7-1
[bullseye] - dcmtk <no-dsa> (Minor issue)
NOTE:
https://github.com/DCMTK/dcmtk/commit/a9697dfeb672b0b9412c00c7d36d801e27ec85cb
(DCMTK-3.6.7)
CVE-2021-41687 (DCMTK through 3.6.6 does not handle memory free properly. The
program ...)
+ {DLA-3847-1}
- dcmtk 3.6.7-1
[bullseye] - dcmtk <no-dsa> (Minor issue)
NOTE:
https://github.com/DCMTK/dcmtk/commit/a9697dfeb672b0b9412c00c7d36d801e27ec85cb
(DCMTK-3.6.7)
View it on GitLab:
https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/e1d22b1c0d3b62e544b4ec1d271cb6bfaad5c191
--
This project does not include diff previews in email notifications.
View it on GitLab:
https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/e1d22b1c0d3b62e544b4ec1d271cb6bfaad5c191
You're receiving this email because of your account on salsa.debian.org.
_______________________________________________
debian-security-tracker-commits mailing list
[email protected]
https://alioth-lists.debian.net/cgi-bin/mailman/listinfo/debian-security-tracker-commits
