Salvatore Bonaccorso pushed to branch master at Debian Security Tracker / security-tracker
Commits: df97ab30 by security tracker role at 2024-06-12T20:12:26+00:00 automatic update - - - - - 1 changed file: - data/CVE/list Changes: ===================================== data/CVE/list ===================================== @@ -1,3 +1,169 @@ +CVE-2024-5909 (A problem with a protection mechanism in the Palo Alto Networks Cortex ...) + TODO: check +CVE-2024-5908 (A problem with the Palo Alto Networks GlobalProtect app can result in ...) + TODO: check +CVE-2024-5907 (A privilege escalation (PE) vulnerability in the Palo Alto Networks Co ...) + TODO: check +CVE-2024-5906 (A cross-site scripting (XSS) vulnerability in Palo Alto Networks Prism ...) + TODO: check +CVE-2024-5905 (A problem with a protection mechanism in the Palo Alto Networks Cortex ...) + TODO: check +CVE-2024-5898 (A vulnerability was found in itsourcecode Payroll Management System 1. ...) + TODO: check +CVE-2024-5897 (A vulnerability has been found in SourceCodester Employee and Visitor ...) + TODO: check +CVE-2024-5896 (A vulnerability, which was classified as critical, was found in Source ...) + TODO: check +CVE-2024-5895 (A vulnerability, which was classified as critical, has been found in S ...) + TODO: check +CVE-2024-5894 (A vulnerability classified as critical was found in SourceCodester Onl ...) + TODO: check +CVE-2024-5893 (A vulnerability classified as critical has been found in SourceCodeste ...) + TODO: check +CVE-2024-5891 (A vulnerability was found in Quay. If an attacker can obtain the clien ...) + TODO: check +CVE-2024-5798 (Vault and Vault Enterprise did not properly validate the JSON Web Toke ...) + TODO: check +CVE-2024-5759 (An improper privilege management vulnerability exists in Tenable Secur ...) + TODO: check +CVE-2024-5674 (The Newsletter - API v1 and v2 addon plugin for WordPress is vulnerabl ...) + TODO: check +CVE-2024-5560 (CWE-125: Out-of-bounds Read vulnerability exists that could cause deni ...) + TODO: check +CVE-2024-5559 (CWE-327: Use of a Broken or Risky Cryptographic Algorithm vulnerabilit ...) + TODO: check +CVE-2024-5558 (CWE-367: Time-of-check Time-of-use (TOCTOU) Race Condition vulnerabili ...) + TODO: check +CVE-2024-5557 (CWE-532: Insertion of Sensitive Information into Log File vulnerabilit ...) + TODO: check +CVE-2024-5468 (The WordPress Header Builder Plugin \u2013 Pearl plugin for WordPress ...) + TODO: check +CVE-2024-5313 (CWE-668: Exposure of the Resource Wrong Sphere vulnerability exists th ...) + TODO: check +CVE-2024-5266 (The Download Manager Pro plugin for WordPress is vulnerable to Stored ...) + TODO: check +CVE-2024-5211 (A path traversal vulnerability in mintplex-labs/anything-llm allowed a ...) + TODO: check +CVE-2024-5056 (CWE-552: Files or Directories Accessible to External Parties vulnerabi ...) + TODO: check +CVE-2024-4898 (The InstaWP Connect \u2013 1-click WP Staging & Migration plugin for W ...) + TODO: check +CVE-2024-4845 (The Icegram Express plugin for WordPress is vulnerable to SQL Injectio ...) + TODO: check +CVE-2024-3492 (The Events Manager \u2013 Calendar, Bookings, Tickets, and more! plugi ...) + TODO: check +CVE-2024-37878 (Cross Site Scripting vulnerability in TWCMS v.2.0.3 allows a remote at ...) + TODO: check +CVE-2024-37629 (SummerNote 0.8.18 is vulnerable to Cross Site Scripting (XSS) via the ...) + TODO: check +CVE-2024-37304 (NuGet Gallery is a package repository that powers nuget.org. The NuGet ...) + TODO: check +CVE-2024-37300 (OAuthenticator is software that allows OAuth2 identity providers to be ...) + TODO: check +CVE-2024-37297 (WooCommerce is an open-source e-commerce platform built on WordPress. ...) + TODO: check +CVE-2024-37040 (CWE-120: Buffer Copy without Checking Size of Input (\u2018Classic Buf ...) + TODO: check +CVE-2024-37039 (CWE-252: Unchecked Return Value vulnerability exists that could cause ...) + TODO: check +CVE-2024-37038 (CWE-276: Incorrect Default Permissions vulnerability exists that could ...) + TODO: check +CVE-2024-37037 (CWE-22: Improper Limitation of a Pathname to a Restricted Directory (\ ...) + TODO: check +CVE-2024-37036 (CWE-787: Out-of-bounds Write vulnerability exists that could result in ...) + TODO: check +CVE-2024-36840 (SQL Injection vulnerability in Boelter Blue System Management v.1.3 al ...) + TODO: check +CVE-2024-36761 (naga v0.14.0 was discovered to contain a stack overflow via the compon ...) + TODO: check +CVE-2024-36699 (GNU Debugger v8.2 to v14.2 was discovered to contain a buffer overflow ...) + TODO: check +CVE-2024-36691 (Insecure permissions in the AdminController.AjaxSave() method of PPGo_ ...) + TODO: check +CVE-2024-36265 (** UNSUPPORTED WHEN ASSIGNED ** Incorrect Authorization vulnerability ...) + TODO: check +CVE-2024-36264 (** UNSUPPORTED WHEN ASSIGNED ** Improper Authentication vulnerability ...) + TODO: check +CVE-2024-36263 (** UNSUPPORTED WHEN ASSIGNED ** Improper Neutralization of Special Ele ...) + TODO: check +CVE-2024-34065 (Strapi is an open-source content management system. By combining two v ...) + TODO: check +CVE-2024-31881 (IBM Db2 for Linux, UNIX and Windows (includes Db2 Connect Server) 10.5 ...) + TODO: check +CVE-2024-31217 (Strapi is an open-source content management system. Prior to version 4 ...) + TODO: check +CVE-2024-2747 (CWE-428: Unquoted search path or element vulnerability exists in Easer ...) + TODO: check +CVE-2024-2300 (HP Advance Mobile Applications for iOS and Android are potentially vul ...) + TODO: check +CVE-2024-2230 + REJECTED +CVE-2024-2092 (The Elementor Addon Elements plugin for WordPress is vulnerable to Sto ...) + TODO: check +CVE-2024-29181 (Strapi is an open-source content management system. Prior to version 4 ...) + TODO: check +CVE-2024-28964 (Dell Common Event Enabler, version 8.9.10.0 and prior, contain an inse ...) + TODO: check +CVE-2024-28762 (IBM Db2 for Linux, UNIX and Windows (includes DB2 Connect Server) 10.5 ...) + TODO: check +CVE-2024-25949 (Dell OS10 Networking Switches, versions10.5.6.x, 10.5.5.x, 10.5.4.x an ...) + TODO: check +CVE-2024-24051 (Improper input validation of printing files in Monoprice Select Mini V ...) + TODO: check +CVE-2024-22855 (A cross-site scripting (XSS) vulnerability in the User Maintenance sec ...) + TODO: check +CVE-2024-1891 (A stored cross site scripting vulnerability exists in Tenable Security ...) + TODO: check +CVE-2024-1766 (The Download Manager plugin for WordPress is vulnerable to Stored Cros ...) + TODO: check +CVE-2024-1659 (Arbitrary File Upload vulnerability in MegaBIP software allows attacke ...) + TODO: check +CVE-2024-1577 (Remote Code Execution vulnerability in MegaBIP software allows to exec ...) + TODO: check +CVE-2024-1576 (SQL Injection vulnerability in MegaBIP software allows attacker to obt ...) + TODO: check +CVE-2024-0865 (CWE-798: Use of hard-coded credentials vulnerability exists that could ...) + TODO: check +CVE-2023-52177 (Missing Authorization vulnerability in SoftLab Integrate Google Drive. ...) + TODO: check +CVE-2023-52117 (Missing Authorization vulnerability in Metagauss ProfileGrid.This issu ...) + TODO: check +CVE-2023-51680 (Missing Authorization vulnerability in TechnoVama Quotes for WooCommer ...) + TODO: check +CVE-2023-51679 (Missing Authorization vulnerability in BulkGate BulkGate SMS Plugin fo ...) + TODO: check +CVE-2023-51671 (Missing Authorization vulnerability in FunnelKit FunnelKit Checkout.Th ...) + TODO: check +CVE-2023-51670 (Missing Authorization vulnerability in FunnelKit FunnelKit Checkout.Th ...) + TODO: check +CVE-2023-51537 (Missing Authorization vulnerability in Awesome Support Team Awesome Su ...) + TODO: check +CVE-2023-51526 (Missing Authorization vulnerability in Brett Shumaker Simple Staff Lis ...) + TODO: check +CVE-2023-51524 (Missing Authorization vulnerability in weForms.This issue affects weFo ...) + TODO: check +CVE-2023-51413 (Missing Authorization vulnerability in Piotnet Forms.This issue affect ...) + TODO: check +CVE-2023-49559 (An issue in vektah gqlparser open-source-library v.2.5.10 allows a rem ...) + TODO: check +CVE-2023-48280 (Missing Authorization vulnerability in Consensu.IO Consensu.Io.This is ...) + TODO: check +CVE-2023-47845 (Cross-Site Request Forgery (CSRF) vulnerability in Lim Kai Yang Grab & ...) + TODO: check +CVE-2023-47828 (Missing Authorization vulnerability in Mandrill wpMandrill.This issue ...) + TODO: check +CVE-2023-44234 (Missing Authorization vulnerability in Bastianon Massimo WP GPX Map.Th ...) + TODO: check +CVE-2023-41240 (Missing Authorization vulnerability in Vark Pricing Deals for WooComme ...) + TODO: check +CVE-2023-40672 (Missing Authorization vulnerability in Hardik Chavada Sticky Social Me ...) + TODO: check +CVE-2023-40603 (Missing Authorization vulnerability in Gangesh Matta Simple Org Chart. ...) + TODO: check +CVE-2023-40209 (Missing Authorization vulnerability in Himalaya Saxena Highcompress Im ...) + TODO: check +CVE-2023-38395 (Missing Authorization vulnerability in Afzal Multani WP Clone Menu.Thi ...) + TODO: check CVE-2024-5892 (The Divi Torque Lite \u2013 Divi Theme and Extra Theme plugin for Word ...) NOT-FOR-US: WordPress plugin CVE-2024-5873 @@ -18,7 +184,7 @@ CVE-2024-5777 REJECTED CVE-2024-5776 REJECTED -CVE-2024-5739 (The in-app browser of LINE iOS versions below 14.9.0 contains a Univer ...) +CVE-2024-5739 (The in-app browser of LINE client for iOS versions below 14.9.0 contai ...) NOT-FOR-US: LINE iOS CVE-2024-5646 (The Futurio Extra plugin for WordPress is vulnerable to Stored Cross-S ...) NOT-FOR-US: WordPress plugin @@ -438,12 +604,14 @@ CVE-2023-38533 (A vulnerability has been identified in TIA Administrator (All ve CVE-2023-33922 (Missing Authorization vulnerability in Elementor Elementor Website Bui ...) NOT-FOR-US: WordPress plugin CVE-2024-5702 (Memory corruption in the networking stack could have led to a potentia ...) + {DSA-5709-1} - firefox-esr 115.12.0esr-1 NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2024-26/#CVE-2024-5702 CVE-2024-5701 (Memory safety bugs present in Firefox 126. Some of these bugs showed e ...) - firefox 127.0-1 NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2024-25/#CVE-2024-5701 CVE-2024-5700 (Memory safety bugs present in Firefox 126, Firefox ESR 115.11, and Thu ...) + {DSA-5709-1} - firefox 127.0-1 - firefox-esr 115.12.0esr-1 NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2024-25/#CVE-2024-5700 @@ -458,6 +626,7 @@ CVE-2024-5697 (A website was able to detect when a user took a screenshot of a p - firefox 127.0-1 NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2024-25/#CVE-2024-5697 CVE-2024-5696 (By manipulating the text in an `<input>` tag, an attacker could ...) + {DSA-5709-1} - firefox 127.0-1 - firefox-esr 115.12.0esr-1 NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2024-25/#CVE-2024-5696 @@ -469,6 +638,7 @@ CVE-2024-5694 (An attacker could have caused a use-after-free in the JavaScript - firefox 127.0-1 NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2024-25/#CVE-2024-5694 CVE-2024-5693 (Offscreen Canvas did not properly track cross-origin tainting, which c ...) + {DSA-5709-1} - firefox 127.0-1 - firefox-esr 115.12.0esr-1 NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2024-25/#CVE-2024-5693 @@ -479,11 +649,13 @@ CVE-2024-5692 (On Windows, when using the 'Save As' functionality, an attacker c NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2024-25/#CVE-2024-5692 NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2024-26/#CVE-2024-5692 CVE-2024-5691 (By tricking the browser with a `X-Frame-Options` header, a sandboxed i ...) + {DSA-5709-1} - firefox 127.0-1 - firefox-esr 115.12.0esr-1 NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2024-25/#CVE-2024-5691 NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2024-26/#CVE-2024-5691 CVE-2024-5690 (By monitoring the time certain operations take, an attacker could have ...) + {DSA-5709-1} - firefox 127.0-1 - firefox-esr 115.12.0esr-1 NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2024-25/#CVE-2024-5690 @@ -492,6 +664,7 @@ CVE-2024-5689 (In addition to detecting when a user was taking a screenshot (XXX - firefox 127.0-1 NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2024-25/#CVE-2024-5689 CVE-2024-5688 (If a garbage collection was triggered at the right time, a use-after-f ...) + {DSA-5709-1} - firefox 127.0-1 - firefox-esr 115.12.0esr-1 NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2024-25/#CVE-2024-5688 @@ -693,9 +866,9 @@ CVE-2023-6748 (The Custom Field Template plugin for WordPress is vulnerable to S NOT-FOR-US: WordPress plugin CVE-2023-6745 (The Custom Field Template plugin for WordPress is vulnerable to Stored ...) NOT-FOR-US: WordPress plugin -CVE-2024-5203 +CVE-2024-5203 (A Cross-site request forgery (CSRF) flaw was found in Keycloak and occ ...) NOT-FOR-US: Keycloak -CVE-2024-3183 +CVE-2024-3183 (A vulnerability was found in FreeIPA in a way when a Kerberos TGS-REQ ...) - freeipa <unfixed> NOTE: https://bugzilla.redhat.com/show_bug.cgi?id=2270685 CVE-2024-2698 (A vulnerability was found in FreeIPA in how the initial implementation ...) @@ -1252,7 +1425,7 @@ CVE-2024-36965 (In the Linux kernel, the following vulnerability has been resolv [bullseye] - linux <not-affected> (Vulnerable code not present) [buster] - linux <not-affected> (Vulnerable code not present) NOTE: https://git.kernel.org/linus/331f91d86f71d0bb89a44217cc0b2a22810bbd42 (6.10-rc1) -CVE-2024-5742 +CVE-2024-5742 (A vulnerability was found in GNU Nano that allows a possible privilege ...) - nano 8.0-1 [bookworm] - nano <no-dsa> (Minor issue) [bullseye] - nano <no-dsa> (Minor issue) @@ -1425,11 +1598,11 @@ CVE-2023-49221 (Precor touchscreen console P62, P80, and P82 could allow a remot NOT-FOR-US: Precor touchscreen console CVE-2024-37280 - elasticsearch <removed> -CVE-2024-23445 +CVE-2024-23445 (It was identified that if a cross-cluster API key https://www.elastic ...) - elasticsearch <removed> CVE-2024-37279 - kibana <itp> (bug #700337) -CVE-2024-5154 +CVE-2024-5154 (A flaw was found in cri-o. A malicious container can create a symbolic ...) - cri-o <itp> (bug #979702) CVE-2024-5640 (The Prime Slider \u2013 Addons For Elementor (Revolution of a slider, ...) NOT-FOR-US: WordPress plugin @@ -13114,7 +13287,7 @@ CVE-2024-34469 (Rukovoditel before 3.5.3 allows XSS via user_photo to index.php? NOT-FOR-US: Rukovoditel CVE-2024-34468 (Rukovoditel before 3.5.3 allows XSS via user_photo to My Page.) NOT-FOR-US: Rukovoditel -CVE-2024-34467 (ThinkPHP 8.0.3 allows remote attackers to discover the PHPSESSION cook ...) +CVE-2024-34467 (ThinkPHP 8.0.3 allows remote attackers to exploit XSS due to inadequat ...) NOT-FOR-US: ThinkPHP CVE-2024-34462 (Alinto SOGo through 5.10.0 allows XSS during attachment preview.) - sogo <unfixed> (bug #1071163) @@ -16080,6 +16253,7 @@ CVE-2024-26980 (In the Linux kernel, the following vulnerability has been resolv NOTE: https://git.kernel.org/linus/c119f4ede3fa90a9463f50831761c28f989bfb20 (6.9-rc6) CVE-2024-26979 REJECTED + {DSA-5681-1} CVE-2024-26978 (In the Linux kernel, the following vulnerability has been resolved: s ...) {DSA-5681-1} - linux 6.7.12-1 @@ -87939,7 +88113,7 @@ CVE-2023-29414 (A CWE-120: Buffer Copy without Checking Size of Input (Classic B NOT-FOR-US: Schneider CVE-2023-29413 (A CWE-306: Missing Authentication for Critical Function vulnerability ...) NOT-FOR-US: Schneider -CVE-2023-29412 (A CWE-78: Improper Handling of Case Sensitivity vulnerability exists t ...) +CVE-2023-29412 (CWE-78: Improper Neutralization of Special Elements used in an OS Comm ...) NOT-FOR-US: Schneider CVE-2023-29411 (A CWE-306: Missing Authentication for Critical Function vulnerability ...) NOT-FOR-US: Schneider @@ -88544,8 +88718,8 @@ CVE-2023-29269 RESERVED CVE-2023-29268 (The Splus Server component of TIBCO Software Inc.'s TIBCO Spotfire Sta ...) NOT-FOR-US: TIBCO -CVE-2023-29267 - RESERVED +CVE-2023-29267 (IBM Db2 for Linux, UNIX and Windows (includes Db2 Connect Server) 10.5 ...) + TODO: check CVE-2023-29266 RESERVED CVE-2023-29265 @@ -101864,8 +102038,8 @@ CVE-2023-25032 (Auth. (admin+) Stored Cross-Site Scripting (XSS) vulnerability i NOT-FOR-US: WordPress plugin CVE-2023-25031 (Auth. (admin+) Stored Cross-Site Scripting (XSS) vulnerability in Kibo ...) NOT-FOR-US: WordPress plugin -CVE-2023-25030 - RESERVED +CVE-2023-25030 (Missing Authorization vulnerability in Buy Me a Coffee.This issue affe ...) + TODO: check CVE-2023-25029 (Cross-Site Request Forgery (CSRF) vulnerability in utahta WP Social Bo ...) NOT-FOR-US: WordPress plugin CVE-2023-25028 (Auth. (admin+) Stored Cross-Site Scripting (XSS) vulnerability in chuy ...) View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/df97ab30b9e5d79cea3e92a2841c78cb74975e8c -- This project does not include diff previews in email notifications. View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/df97ab30b9e5d79cea3e92a2841c78cb74975e8c You're receiving this email because of your account on salsa.debian.org.
_______________________________________________ debian-security-tracker-commits mailing list debian-security-tracker-commits@alioth-lists.debian.net https://alioth-lists.debian.net/cgi-bin/mailman/listinfo/debian-security-tracker-commits