Salvatore Bonaccorso pushed to branch master at Debian Security Tracker / security-tracker
Commits: 4f654e3c by security tracker role at 2024-05-31T08:12:02+00:00 automatic update - - - - - 1 changed file: - data/CVE/list Changes: ===================================== data/CVE/list ===================================== @@ -1,28 +1,66 @@ -CVE-2024-5499 +CVE-2024-5525 (Improper privilege management vulnerability in Astrotalks affecting ve ...) + TODO: check +CVE-2024-5524 (Information exposure vulnerability in Astrotalks affecting version 10/ ...) + TODO: check +CVE-2024-5523 (SQL injection vulnerability in Astrotalks affecting version 10/03/2023 ...) + TODO: check +CVE-2024-5427 (The WPCafe \u2013 Online Food Ordering, Restaurant Menu, Delivery, and ...) + TODO: check +CVE-2024-5418 (The DethemeKit For Elementor plugin for WordPress is vulnerable to Sto ...) + TODO: check +CVE-2024-5345 (The Responsive Owl Carousel for Elementor plugin for WordPress is vuln ...) + TODO: check +CVE-2024-4469 (The WP STAGING WordPress Backup Plugin WordPress plugin before 3.5.0 ...) + TODO: check +CVE-2024-4379 (The Premium Addons for Elementor plugin for WordPress is vulnerable to ...) + TODO: check +CVE-2024-4376 (The Premium Addons for Elementor plugin for WordPress is vulnerable to ...) + TODO: check +CVE-2024-4205 (The Premium Addons for Elementor plugin for WordPress is vulnerable to ...) + TODO: check +CVE-2024-37032 (Ollama before 0.1.34 does not validate the format of the digest (sha25 ...) + TODO: check +CVE-2024-37018 (The OpenDaylight 0.15.3 controller allows topology poisoning via API r ...) + TODO: check +CVE-2024-37017 (asdcplib (aka AS-DCP Lib) 2.13.1 has a heap-based buffer over-read in ...) + TODO: check +CVE-2024-36246 (Missing authorization vulnerability exists in Unifier and Unifier Cast ...) + TODO: check +CVE-2024-36119 (Statamic is a, Laravel + Git powered CMS designed for building website ...) + TODO: check +CVE-2024-32850 (Improper neutralization of special elements used in a command ('Comman ...) + TODO: check +CVE-2024-2793 (The Visual Website Collaboration, Feedback & Project Management \u2013 ...) + TODO: check +CVE-2024-23847 (Incorrect default permissions issue exists in Unifier and Unifier Cast ...) + TODO: check +CVE-2024-1298 (EDK2 contains a vulnerability when S3 sleep is activated where an Atta ...) + TODO: check +CVE-2024-5499 (Out of bounds write in Streams API in Google Chrome prior to 125.0.642 ...) - chromium <unfixed> [bullseye] - chromium <end-of-life> (see #1061268) [buster] - chromium <end-of-life> (see DSA 5046) -CVE-2024-5498 +CVE-2024-5498 (Use after free in Presentation API in Google Chrome prior to 125.0.642 ...) - chromium <unfixed> [bullseye] - chromium <end-of-life> (see #1061268) [buster] - chromium <end-of-life> (see DSA 5046) -CVE-2024-5497 +CVE-2024-5497 (Out of bounds memory access in Keyboard Inputs in Google Chrome prior ...) - chromium <unfixed> [bullseye] - chromium <end-of-life> (see #1061268) [buster] - chromium <end-of-life> (see DSA 5046) -CVE-2024-5496 +CVE-2024-5496 (Use after free in Media Session in Google Chrome prior to 125.0.6422.1 ...) - chromium <unfixed> [bullseye] - chromium <end-of-life> (see #1061268) [buster] - chromium <end-of-life> (see DSA 5046) -CVE-2024-5495 +CVE-2024-5495 (Use after free in Dawn in Google Chrome prior to 125.0.6422.141 allowe ...) - chromium <unfixed> [bullseye] - chromium <end-of-life> (see #1061268) [buster] - chromium <end-of-life> (see DSA 5046) -CVE-2024-5494 +CVE-2024-5494 (Use after free in Dawn in Google Chrome prior to 125.0.6422.141 allowe ...) - chromium <unfixed> [bullseye] - chromium <end-of-life> (see #1061268) [buster] - chromium <end-of-life> (see DSA 5046) -CVE-2024-5493 +CVE-2024-5493 (Heap buffer overflow in WebRTC in Google Chrome prior to 125.0.6422.14 ...) - chromium <unfixed> [bullseye] - chromium <end-of-life> (see #1061268) [buster] - chromium <end-of-life> (see DSA 5046) @@ -1985,6 +2023,7 @@ CVE-2024-4563 (The Progress MOVEit Automation configuration export function prio CVE-2024-4454 (WithSecure Elements Endpoint Protection Link Following Local Privilege ...) NOT-FOR-US: WithSecure Elements Endpoint Protection CVE-2024-4453 (GStreamer EXIF Metadata Parsing Integer Overflow Remote Code Execution ...) + {DLA-3824-1} - gst-plugins-base1.0 1.24.3-1 - gst-plugins-base0.10 <removed> NOTE: https://gstreamer.freedesktop.org/security/sa-2024-0002.html @@ -20572,8 +20611,8 @@ CVE-2024-27908 (A buffer overflow vulnerability was reported in the HTTPS servic NOT-FOR-US: Lenovo CVE-2024-23592 (An authentication bypass vulnerability was reported in Lenovo devices ...) NOT-FOR-US: Lenovo -CVE-2024-21506 - REJECTED +CVE-2024-21506 (Versions of the package pymongo before 4.6.3 are vulnerable to Out-of- ...) + TODO: check CVE-2024-1994 (The Image Watermark plugin for WordPress is vulnerable to unauthorized ...) NOT-FOR-US: WordPress plugin CVE-2024-1428 (The Element Pack Elementor Addons (Header Footer, Free Template Librar ...) View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/4f654e3c6bc85522ab03e3e00ababa1efec826de -- This project does not include diff previews in email notifications. View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/4f654e3c6bc85522ab03e3e00ababa1efec826de You're receiving this email because of your account on salsa.debian.org.
_______________________________________________ debian-security-tracker-commits mailing list debian-security-tracker-commits@alioth-lists.debian.net https://alioth-lists.debian.net/cgi-bin/mailman/listinfo/debian-security-tracker-commits