[Git][security-tracker-team/security-tracker][master] automatic update

Salvatore Bonaccorso (@carnil) Thu, 19 Sep 2024 01:12:37 -0700


Salvatore Bonaccorso pushed to branch master at Debian Security Tracker / 
security-tracker



Commits:
878d1793 by security tracker role at 2024-09-19T08:11:57+00:00
automatic update

- - - - -


1 changed file:

- data/CVE/list


Changes:

=====================================
data/CVE/list
=====================================
@@ -1,3 +1,43 @@
+CVE-2024-8850 (The MC4WP: Mailchimp for WordPress plugin for WordPress is 
vulnerable  ...)
+       TODO: check
+CVE-2024-8364 (The WP Custom Fields Search plugin for WordPress is vulnerable 
to Stor ...)
+       TODO: check
+CVE-2024-7254 (Any project that parses untrusted Protocol Buffers 
datacontaining an a ...)
+       TODO: check
+CVE-2024-47089 (This vulnerability exists in the Apex Softcell LD Geo due to 
improper  ...)
+       TODO: check
+CVE-2024-47088 (This vulnerability exists in Apex Softcell LD Geo due to 
missing restr ...)
+       TODO: check
+CVE-2024-47087 (This vulnerability exists in Apex Softcell LD Geo due to 
improper vali ...)
+       TODO: check
+CVE-2024-47086 (This vulnerability exists in Apex Softcell LD DP Back Office 
due to im ...)
+       TODO: check
+CVE-2024-47085 (This vulnerability exists in Apex Softcell LD DP Back Office 
due to im ...)
+       TODO: check
+CVE-2024-47059 (When logging in with the correct username and incorrect weak 
password, ...)
+       TODO: check
+CVE-2024-47058 (With access to edit a Mautic form, the attacker can add 
Cross-Site Scr ...)
+       TODO: check
+CVE-2024-47050 (Prior to this patch being applied, Mautic's tracking was 
vulnerable to ...)
+       TODO: check
+CVE-2024-46946 (langchain_experimental (aka LangChain Experimental) 0.1.17 
through 0.3 ...)
+       TODO: check
+CVE-2024-46377 (Best House Rental Management System 1.0 contains an arbitrary 
file upl ...)
+       TODO: check
+CVE-2024-46376 (Best House Rental Management System 1.0 contains an arbitrary 
file upl ...)
+       TODO: check
+CVE-2024-46375 (Best House Rental Management System 1.0 contains an arbitrary 
file upl ...)
+       TODO: check
+CVE-2024-46374 (Best House Rental Management System 1.0 contains a SQL 
injection vulne ...)
+       TODO: check
+CVE-2024-46373 (Dedecms V5.7.115 contains an arbitrary code execution via file 
upload  ...)
+       TODO: check
+CVE-2024-46372 (DedeCMS 5.7.115 is vulnerable to Cross Site Scripting (XSS) 
via the ad ...)
+       TODO: check
+CVE-2024-40568 (Buffer Overflow vulnerability in btstack mesh commit before 
v.864e2f2b ...)
+       TODO: check
+CVE-2024-37406 (In Brave Android prior to v1.67.116, domains in the Brave 
Shields popu ...)
+       TODO: check
 CVE-2024-8969 (OMFLOW from The SYSCOM Group has a vulnerability involving the 
exposur ...)
        NOT-FOR-US: OMFLOW
 CVE-2024-8957 (PTZOptics PT30X-SDI/NDI-xx before firmware 6.3.40 is vulnerable 
to an  ...)
@@ -4352,19 +4392,19 @@ CVE-2024-5024 (The Memberpress plugin for WordPress is 
vulnerable to Reflected C
 CVE-2024-4401 (The Elementor Addon Elements plugin for WordPress is vulnerable 
to Sto ...)
        NOT-FOR-US: WordPress plugin
 CVE-2024-45492 (An issue was discovered in libexpat before 2.6.3. 
nextScaffoldPart in  ...)
-       {DSA-5770-1}
+       {DSA-5770-1 DLA-3893-1}
        - expat 2.6.2-2 (bug #1080152)
        NOTE: https://github.com/libexpat/libexpat/pull/892
        NOTE: https://github.com/libexpat/libexpat/issues/889
        NOTE: 
https://github.com/libexpat/libexpat/commit/29ef43a0bab633b41e71dd6d900fff5f6b3ad5e4
 (R_2_6_3)
 CVE-2024-45491 (An issue was discovered in libexpat before 2.6.3. dtdCopy in 
xmlparse. ...)
-       {DSA-5770-1}
+       {DSA-5770-1 DLA-3893-1}
        - expat 2.6.2-2 (bug #1080150)
        NOTE: https://github.com/libexpat/libexpat/pull/891
        NOTE: https://github.com/libexpat/libexpat/issues/888
        NOTE: 
https://github.com/libexpat/libexpat/commit/b8a7dca4670973347892cfc452b24d9001dcd6f5
 (R_2_6_3)
 CVE-2024-45490 (An issue was discovered in libexpat before 2.6.3. xmlparse.c 
does not  ...)
-       {DSA-5770-1}
+       {DSA-5770-1 DLA-3893-1}
        - expat 2.6.2-2 (bug #1080149)
        NOTE: https://github.com/libexpat/libexpat/pull/890
        NOTE: https://github.com/libexpat/libexpat/issues/887
@@ -39926,7 +39966,7 @@ CVE-2024-0334 (The Jeg Elementor Kit plugin for 
WordPress is vulnerable to Store
 CVE-2023-7241 (Privilege Escalationin WRSA.EXE in Webroot Antivirus 8.0.1X- 
9.0.35.12 ...)
        NOT-FOR-US: Webroot Antivirus
 CVE-2023-49606 (A use-after-free vulnerability exists in the HTTP Connection 
Headers p ...)
-       {DSA-5705-1}
+       {DSA-5705-1 DLA-3892-1}
        - tinyproxy 1.11.1-4 (bug #1070395)
        [buster] - tinyproxy <postponed> (Not exploitable easily for RCE; but 
fix with next update)
        NOTE: 
https://talosintelligence.com/vulnerability_reports/TALOS-2023-1889
@@ -65060,7 +65100,7 @@ CVE-2023-52426 (libexpat through 2.5.0 allows recursive 
XML Entity Expansion if
        NOTE: CVE is for fixing billion laughs attacks for users compiling 
*without* XML_DTD defined,
        NOTE: which is not the case for Debian.
 CVE-2023-52425 (libexpat through 2.5.0 allows a denial of service (resource 
consumptio ...)
-       {DLA-3783-1}
+       {DLA-3893-1 DLA-3783-1}
        - expat 2.6.0-1 (bug #1063238)
        [bookworm] - expat <no-dsa> (Minor issue; can be fixed via point 
release)
        NOTE: https://github.com/libexpat/libexpat/pull/789
@@ -96950,7 +96990,7 @@ CVE-2023-31431 (A buffer overflow vulnerability in 
\u201cdiagstatus\u201d comman
        NOT-FOR-US: Brocade
 CVE-2023-31430 (A buffer overflow vulnerability in \u201csecpolicydelete\u201d 
command ...)
        NOT-FOR-US: Brocade
-CVE-2023-31429 (Brocade Fabric OS before Brocade Fabric OS v9.1.1c, v9.2.0 
contains a  ...)
+CVE-2023-31429 (Brocade Fabric OS before Brocade Fabric OS 9.1.1c, 9.2.0 
contains a vu ...)
        NOT-FOR-US: Brocade
 CVE-2023-31428 (Brocade Fabric OS before Brocade Fabric OS v9.1.1c, v9.2.0 
contains a  ...)
        NOT-FOR-US: Brocade
@@ -109981,8 +110021,8 @@ CVE-2023-1966 (Instruments with Illumina Universal 
Copy Service v1.x and v2.x co
        NOT-FOR-US: Illumina
 CVE-2023-1965 (An issue has been discovered in GitLab EE affecting all 
versions start ...)
        - gitlab <not-affected> (Specific to EE)
-CVE-2023-30464
-       RESERVED
+CVE-2023-30464 (CoreDNS through 1.10.1 enables attackers to achieve DNS cache 
poisonin ...)
+       TODO: check
 CVE-2023-30463 (Altran picoTCP through 1.7.0 allows memory corruption (and 
subsequent  ...)
        NOT-FOR-US: picoTCP
 CVE-2023-30462
@@ -138730,8 +138770,8 @@ CVE-2022-4535
        RESERVED
 CVE-2022-4534
        RESERVED
-CVE-2022-4533
-       RESERVED
+CVE-2022-4533 (The Limit Login Attempts Plus plugin for WordPress is 
vulnerable to IP ...)
+       TODO: check
 CVE-2022-4532 (The LOGIN AND REGISTRATION ATTEMPTS LIMIT plugin for WordPress 
is vuln ...)
        NOT-FOR-US: WordPress plugin
 CVE-2022-4531
@@ -161989,6 +162029,7 @@ CVE-2022-40470 (Phpgurukul Blood Donor Management 
System 1.0 allows Cross Site S
 CVE-2022-40469 (iKuai OS v3.6.7 was discovered to contain an authenticated 
remote code ...)
        NOT-FOR-US: iKuai8
 CVE-2022-40468 (Potential leak of left-over heap data if custom error page 
templates c ...)
+       {DLA-3892-1}
        - tinyproxy 1.11.1-2 (bug #1021015)
        [buster] - tinyproxy <postponed> (Minor issue)
        NOTE: https://github.com/tinyproxy/tinyproxy/issues/457
@@ -203840,12 +203881,12 @@ CVE-2022-25772 (A cross-site scripting (XSS) 
vulnerability in the web tracking c
        NOT-FOR-US: Mautic
 CVE-2022-25771
        RESERVED
-CVE-2022-25770
-       RESERVED
+CVE-2022-25770 (Mautic allows you to update the application via an upgrade 
script.  Th ...)
+       TODO: check
 CVE-2022-25769 (ImpactThe default .htaccess file has some restrictions in the 
access t ...)
        TODO: check
-CVE-2022-25768
-       RESERVED
+CVE-2022-25768 (The logic in place to facilitate the update process via the 
user inter ...)
+       TODO: check
 CVE-2022-25763 (Improper Input Validation vulnerability in HTTP/2 request 
validation o ...)
        {DSA-5206-1 DLA-3279-1}
        - trafficserver 9.1.3+ds-1
@@ -268896,8 +268937,8 @@ CVE-2021-3420 (A flaw was found in newlib in versions 
prior to 4.0.0. Improper o
        [buster] - libnewlib-nano <no-dsa> (Minor issue)
        NOTE: Fix in picolibc: 
https://keithp.com/cgit/picolibc.git/commit/newlib/libc/stdlib/mallocr.c?id=aa106b29a6a8a1b0df9e334704292cbc32f2d44e
        NOTE: 
https://sourceware.org/git/?p=newlib-cygwin.git;a=commit;h=aa106b29a6a8a1b0df9e334704292cbc32f2d44e
-CVE-2021-27917
-       RESERVED
+CVE-2021-27917 (Prior to this patch, a stored XSS vulnerability existed in the 
contact ...)
+       TODO: check
 CVE-2021-27916 (Prior to the patched version, logged in users of Mautic are 
vulnerable ...)
        TODO: check
 CVE-2021-27915 (Prior to the patched version, there is an XSS vulnerability in 
the des ...)



View it on GitLab: 
https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/878d1793421173d7016511eb89dd85529daa3918

-- 
View it on GitLab: 
https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/878d1793421173d7016511eb89dd85529daa3918
You're receiving this email because of your account on salsa.debian.org.

_______________________________________________
debian-security-tracker-commits mailing list
[email protected]
https://alioth-lists.debian.net/cgi-bin/mailman/listinfo/debian-security-tracker-commits

[Git][security-tracker-team/security-tracker][master] automatic update

Reply via email to