Salvatore Bonaccorso pushed to branch master at Debian Security Tracker / security-tracker
Commits: 389956b0 by security tracker role at 2024-05-31T20:12:01+00:00 automatic update - - - - - 1 changed file: - data/CVE/list Changes: ===================================== data/CVE/list ===================================== @@ -1,3 +1,105 @@ +CVE-2024-5565 (The Vanna library uses a prompt function to present the user with visu ...) + TODO: check +CVE-2024-5564 (A vulnerability was found in libndp. This flaw allows a local maliciou ...) + TODO: check +CVE-2024-5538 + REJECTED +CVE-2024-5484 + REJECTED +CVE-2024-5436 (Type confusion in Snapchat LensCore could lead to denial of service or ...) + TODO: check +CVE-2024-5347 (The Happy Addons for Elementor plugin for WordPress is vulnerable to S ...) + TODO: check +CVE-2024-5176 (Insufficiently Protected Credentials vulnerability in Baxter Welch All ...) + TODO: check +CVE-2024-5144 + REJECTED +CVE-2024-5041 (The Happy Addons for Elementor plugin for WordPress is vulnerable to S ...) + TODO: check +CVE-2024-4160 (The Download Manager plugin for WordPress is vulnerable to Stored Cros ...) + TODO: check +CVE-2024-36845 (An invalid pointer in the modbus_receive() function of libmodbus v3.1. ...) + TODO: check +CVE-2024-36844 (libmodbus v3.1.6 was discovered to contain a use-after-free via the ct ...) + TODO: check +CVE-2024-36843 (libmodbus v3.1.6 was discovered to contain a heap overflow via the mod ...) + TODO: check +CVE-2024-36120 (javascript-deobfuscator removes common JavaScript obfuscation techniqu ...) + TODO: check +CVE-2024-36108 (casgate is an Open Source Identity and Access Management system. In af ...) + TODO: check +CVE-2024-35196 (Sentry is a developer-first error tracking and performance monitoring ...) + TODO: check +CVE-2024-35142 (IBM Security Verify Access Docker 10.0.0 through 10.0.6 could allow a ...) + TODO: check +CVE-2024-35140 (IBM Security Verify Access Docker 10.0.0 through 10.0.6 could allow a ...) + TODO: check +CVE-2024-34000 (ID numbers displayed in the lesson overview report required additional ...) + TODO: check +CVE-2024-33999 (The referrer URL used by MFA required additional sanitizing, rather th ...) + TODO: check +CVE-2024-33998 (Insufficient escaping of participants' names in the participants page ...) + TODO: check +CVE-2024-33997 (Additional sanitizing was required when opening the equation editor to ...) + TODO: check +CVE-2024-33996 (Incorrect validation of allowed event types in a calendar web service ...) + TODO: check +CVE-2024-31908 (IBM Planning Analytics Local 2.0 and 2.1 is vulnerable to stored cross ...) + TODO: check +CVE-2024-31907 (IBM Planning Analytics Local 2.0 and 2.1 is vulnerable to cross-site s ...) + TODO: check +CVE-2024-31889 (IBM Planning Analytics Local 2.0 and 2.1 is vulnerable to cross-site s ...) + TODO: check +CVE-2024-31030 (An issue in coap_msg.c in Keith Cullen's FreeCoAP v.0.7 allows remote ...) + TODO: check +CVE-2024-29848 (An unrestricted file upload vulnerability in web component of Ivanti A ...) + TODO: check +CVE-2024-29846 (An unspecified SQL Injection vulnerability in Core server of Ivanti EP ...) + TODO: check +CVE-2024-29830 (An unspecified SQL Injection vulnerability in Core server of Ivanti EP ...) + TODO: check +CVE-2024-29829 (An unspecified SQL Injection vulnerability in Core server of Ivanti EP ...) + TODO: check +CVE-2024-29828 (An unspecified SQL Injection vulnerability in Core server of Ivanti EP ...) + TODO: check +CVE-2024-29827 (An unspecified SQL Injection vulnerability in Core server of Ivanti EP ...) + TODO: check +CVE-2024-29826 (An unspecified SQL Injection vulnerability in Core server of Ivanti EP ...) + TODO: check +CVE-2024-29825 (An unspecified SQL Injection vulnerability in Core server of Ivanti EP ...) + TODO: check +CVE-2024-29824 (An unspecified SQL Injection vulnerability in Core server of Ivanti EP ...) + TODO: check +CVE-2024-29823 (An unspecified SQL Injection vulnerability in Core server of Ivanti EP ...) + TODO: check +CVE-2024-29822 (An unspecified SQL Injection vulnerability in Core server of Ivanti EP ...) + TODO: check +CVE-2024-28736 (An issue in Debezium Community debezium-ui v.2.5 allows a local attack ...) + TODO: check +CVE-2024-23692 (Rejetto HTTP File Server, up to and including version 2.3m, is vulnera ...) + TODO: check +CVE-2024-23316 (HTTP request desynchronization in Ping Identity PingAccess, all versio ...) + TODO: check +CVE-2024-22338 (IBM Security Verify Access OIDC Provider 22.09 through 23.03 could dis ...) + TODO: check +CVE-2024-22060 (An unrestricted file upload vulnerability in web component of Ivanti N ...) + TODO: check +CVE-2024-22059 (A SQL injection vulnerability in web component of Ivanti Neurons for I ...) + TODO: check +CVE-2024-22058 (A buffer overflow allows a low privilege user on the local machine tha ...) + TODO: check +CVE-2024-1980 + REJECTED +CVE-2024-1275 (Use of Default Cryptographic Key vulnerability in Baxter Welch Ally Co ...) + TODO: check +CVE-2023-7073 (The Auto Featured Image (Auto Post Thumbnail) plugin for WordPress is ...) + TODO: check +CVE-2023-46810 (A local privilege escalation vulnerability in Ivanti Secure Access Cli ...) + TODO: check +CVE-2023-38551 (A CRLF Injection vulnerability in Ivanti Connect Secure (9.x, 22.x) al ...) + TODO: check +CVE-2023-38042 (A local privilege escalation vulnerability in Ivanti Secure Access Cli ...) + TODO: check CVE-2024-5525 (Improper privilege management vulnerability in Astrotalks affecting ve ...) NOT-FOR-US: Astrotalks CVE-2024-5524 (Information exposure vulnerability in Astrotalks affecting version 10/ ...) @@ -37,30 +139,37 @@ CVE-2024-23847 (Incorrect default permissions issue exists in Unifier and Unifie CVE-2024-1298 (EDK2 contains a vulnerability when S3 sleep is activated where an Atta ...) TODO: check CVE-2024-5499 (Out of bounds write in Streams API in Google Chrome prior to 125.0.642 ...) + {DSA-5701-1} - chromium 125.0.6422.141-1 [bullseye] - chromium <end-of-life> (see #1061268) [buster] - chromium <end-of-life> (see DSA 5046) CVE-2024-5498 (Use after free in Presentation API in Google Chrome prior to 125.0.642 ...) + {DSA-5701-1} - chromium 125.0.6422.141-1 [bullseye] - chromium <end-of-life> (see #1061268) [buster] - chromium <end-of-life> (see DSA 5046) CVE-2024-5497 (Out of bounds memory access in Keyboard Inputs in Google Chrome prior ...) + {DSA-5701-1} - chromium 125.0.6422.141-1 [bullseye] - chromium <end-of-life> (see #1061268) [buster] - chromium <end-of-life> (see DSA 5046) CVE-2024-5496 (Use after free in Media Session in Google Chrome prior to 125.0.6422.1 ...) + {DSA-5701-1} - chromium 125.0.6422.141-1 [bullseye] - chromium <end-of-life> (see #1061268) [buster] - chromium <end-of-life> (see DSA 5046) CVE-2024-5495 (Use after free in Dawn in Google Chrome prior to 125.0.6422.141 allowe ...) + {DSA-5701-1} - chromium 125.0.6422.141-1 [bullseye] - chromium <end-of-life> (see #1061268) [buster] - chromium <end-of-life> (see DSA 5046) CVE-2024-5494 (Use after free in Dawn in Google Chrome prior to 125.0.6422.141 allowe ...) + {DSA-5701-1} - chromium 125.0.6422.141-1 [bullseye] - chromium <end-of-life> (see #1061268) [buster] - chromium <end-of-life> (see DSA 5046) CVE-2024-5493 (Heap buffer overflow in WebRTC in Google Chrome prior to 125.0.6422.14 ...) + {DSA-5701-1} - chromium 125.0.6422.141-1 [bullseye] - chromium <end-of-life> (see #1061268) [buster] - chromium <end-of-life> (see DSA 5046) @@ -616,7 +725,7 @@ CVE-2024-4358 (In Progress Telerik Report Server, version 2024 Q1 (10.0.24.305) NOT-FOR-US: Progress Telerik Report Server CVE-2024-3412 (The WP STAGING WordPress Backup Plugin \u2013 Migration Backup Restore ...) NOT-FOR-US: WordPress plugin -CVE-2024-36470 (In JetBrains TeamCity before 2022.04.6, 2022.10.5, 2023.05.5, 2023.11. ...) +CVE-2024-36470 (In JetBrains TeamCity before 2022.04.7, 2022.10.6, 2023.05.6, 2023.11. ...) NOT-FOR-US: JetBrains TeamCity CVE-2024-36427 (The file-serving function in TARGIT Decision Suite 23.2.15007 allows a ...) NOT-FOR-US: TARGIT Decision Suite @@ -632,27 +741,27 @@ CVE-2024-36374 (In JetBrains TeamCity before 2024.03.2 stored XSS via build step NOT-FOR-US: JetBrains TeamCity CVE-2024-36373 (In JetBrains TeamCity before 2024.03.2 several stored XSS in untrusted ...) NOT-FOR-US: JetBrains TeamCity -CVE-2024-36372 (In JetBrains TeamCity before 2023.05.5 reflected XSS on the subscripti ...) +CVE-2024-36372 (In JetBrains TeamCity before 2023.05.6 reflected XSS on the subscripti ...) NOT-FOR-US: JetBrains TeamCity -CVE-2024-36371 (In JetBrains TeamCity before 2023.05.5, 2023.11.5 stored XSS in Commit ...) +CVE-2024-36371 (In JetBrains TeamCity before 2023.05.6, 2023.11.5 stored XSS in Commit ...) NOT-FOR-US: JetBrains TeamCity -CVE-2024-36370 (In JetBrains TeamCity before 2022.04.6, 2022.10.5, 2023.05.5, 2023.11. ...) +CVE-2024-36370 (In JetBrains TeamCity before 2022.04.7, 2022.10.6, 2023.05.6, 2023.11. ...) NOT-FOR-US: JetBrains TeamCity -CVE-2024-36369 (In JetBrains TeamCity before 2022.04.6, 2022.10.5, 2023.05.5, 2023.11. ...) +CVE-2024-36369 (In JetBrains TeamCity before 2022.04.7, 2022.10.6, 2023.05.6, 2023.11. ...) NOT-FOR-US: JetBrains TeamCity -CVE-2024-36368 (In JetBrains TeamCity before 2022.04.6, 2022.10.5, 2023.05.5, 2023.11. ...) +CVE-2024-36368 (In JetBrains TeamCity before 2022.04.7, 2022.10.6, 2023.05.6, 2023.11. ...) NOT-FOR-US: JetBrains TeamCity -CVE-2024-36367 (In JetBrains TeamCity before 2022.04.6, 2022.10.5, 2023.05.5, 2023.11. ...) +CVE-2024-36367 (In JetBrains TeamCity before 2022.04.7, 2022.10.6, 2023.05.6, 2023.11. ...) NOT-FOR-US: JetBrains TeamCity -CVE-2024-36366 (In JetBrains TeamCity before 2022.04.6, 2022.10.5, 2023.05.5, 2023.11. ...) +CVE-2024-36366 (In JetBrains TeamCity before 2022.04.7, 2022.10.6, 2023.05.6, 2023.11. ...) NOT-FOR-US: JetBrains TeamCity -CVE-2024-36365 (In JetBrains TeamCity before 2022.04.6, 2022.10.5, 2023.05.5, 2023.11. ...) +CVE-2024-36365 (In JetBrains TeamCity before 2022.04.7, 2022.10.6, 2023.05.6, 2023.11. ...) NOT-FOR-US: JetBrains TeamCity -CVE-2024-36364 (In JetBrains TeamCity before 2022.04.6, 2022.10.5, 2023.05.5, 2023.11. ...) +CVE-2024-36364 (In JetBrains TeamCity before 2022.04.7, 2022.10.6, 2023.05.6, 2023.11. ...) NOT-FOR-US: JetBrains TeamCity -CVE-2024-36363 (In JetBrains TeamCity before 2022.04.6, 2022.10.5, 2023.05.5, 2023.11. ...) +CVE-2024-36363 (In JetBrains TeamCity before 2022.04.7, 2022.10.6, 2023.05.6, 2023.11. ...) NOT-FOR-US: JetBrains TeamCity -CVE-2024-36362 (In JetBrains TeamCity before 2022.04.6, 2022.10.5, 2023.05.5, 2023.11. ...) +CVE-2024-36362 (In JetBrains TeamCity before 2022.04.7, 2022.10.6, 2023.05.6, 2023.11. ...) NOT-FOR-US: JetBrains TeamCity CVE-2024-36016 (In the Linux kernel, the following vulnerability has been resolved: t ...) - linux 6.8.12-1 @@ -178235,10 +178344,10 @@ CVE-2022-25040 RESERVED CVE-2022-25039 RESERVED -CVE-2022-25038 - RESERVED -CVE-2022-25037 - RESERVED +CVE-2022-25038 (wanEditor v4.7.11 was discovered to contain a cross-site scripting (XS ...) + TODO: check +CVE-2022-25037 (An issue in wanEditor v4.7.11 and fixed in v.4.7.12 and v.5 was discov ...) + TODO: check CVE-2022-25036 RESERVED CVE-2022-25035 @@ -194100,8 +194209,8 @@ CVE-2022-21824 (Due to the formatting logic of the "console.table()" function it [stretch] - nodejs <end-of-life> (Nodejs in stretch not covered by security support) NOTE: https://nodejs.org/en/blog/vulnerability/jan-2022-security-releases/#prototype-pollution-via-console-table-properties-low-cve-2022-21824 NOTE: https://github.com/nodejs/node/commit/be69403528da99bf3df9e1dc47186f18ba59cb5e (v12.x) -CVE-2021-44534 - RESERVED +CVE-2021-44534 (Insufficient user input filtering leads to arbitrary file read by non- ...) + TODO: check CVE-2021-44533 (Node.js < 12.22.9, < 14.18.3, < 16.13.2, and < 17.3.1 did not handle m ...) {DSA-5170-1} - nodejs 12.22.9~dfsg-1 (bug #1004177) View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/389956b0e403c2cc6e00a52218d73a3bfdbbf301 -- This project does not include diff previews in email notifications. View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/389956b0e403c2cc6e00a52218d73a3bfdbbf301 You're receiving this email because of your account on salsa.debian.org.
_______________________________________________ debian-security-tracker-commits mailing list debian-security-tracker-commits@alioth-lists.debian.net https://alioth-lists.debian.net/cgi-bin/mailman/listinfo/debian-security-tracker-commits