[Git][security-tracker-team/security-tracker][master] automatic update

Salvatore Bonaccorso (@carnil) Tue, 25 Jun 2024 01:13:03 -0700


Salvatore Bonaccorso pushed to branch master at Debian Security Tracker / 
security-tracker



Commits:
ba15c604 by security tracker role at 2024-06-25T08:12:39+00:00
automatic update

- - - - -


1 changed file:

- data/CVE/list


Changes:

=====================================
data/CVE/list
=====================================
@@ -1,16 +1,138 @@
-CVE-2024-6293
+CVE-2024-6297 (Several plugins for WordPress hosted on WordPress.org have been 
compro ...)
+       TODO: check
+CVE-2024-6295 (udn News Android APP stores the unencrypted user session in the 
local  ...)
+       TODO: check
+CVE-2024-6294 (udn News Android APP stores the user session in logcat file 
when user  ...)
+       TODO: check
+CVE-2024-5431 (The WPCafe \u2013 Online Food Ordering, Restaurant Menu, 
Delivery, and ...)
+       TODO: check
+CVE-2024-4759 (The Mime Types Extended WordPress plugin through 0.11 does not 
sanitis ...)
+       TODO: check
+CVE-2024-4757 (The Logo Manager For Enamad WordPress plugin through 0.7.0 does 
not ha ...)
+       TODO: check
+CVE-2024-4197 (An unrestrictedfile upload vulnerability in Avaya IP Officewas 
discove ...)
+       TODO: check
+CVE-2024-4196 (An improper input validation vulnerability  was discovered in 
Avaya IP ...)
+       TODO: check
+CVE-2024-3249 (The Zita Elementor Site Library plugin for WordPress is 
vulnerable to  ...)
+       TODO: check
+CVE-2024-38903 (H3C Magic R230 V100R002's udpserver opens port 9034, allowing 
attacker ...)
+       TODO: check
+CVE-2024-38902 (H3C Magic R230 V100R002 was discovered to contain a hardcoded 
password ...)
+       TODO: check
+CVE-2024-38897 (WAVLINK WN551K1'live_check.shtml enables attackers to obtain 
sensitive ...)
+       TODO: check
+CVE-2024-38896 (WAVLINK WN551K1 found a command injection vulnerability 
through the st ...)
+       TODO: check
+CVE-2024-38895 (WAVLINK WN551K1'live_mfg.shtml enables attackers to obtain 
sensitive r ...)
+       TODO: check
+CVE-2024-38894 (WAVLINK WN551K1 found a command injection vulnerability 
through the IP ...)
+       TODO: check
+CVE-2024-38892 (An issue in Wavlink WN551K1 allows a remote attacker to obtain 
sensiti ...)
+       TODO: check
+CVE-2024-37759 (DataGear v5.0.0 and earlier was discovered to contain a SpEL 
(Spring E ...)
+       TODO: check
+CVE-2024-37007 (A maliciously crafted X_B and X_T file, when parsed in 
pskernel.DLL th ...)
+       TODO: check
+CVE-2024-37006 (A maliciously crafted CATPRODUCT file, when parsed in 
CC5Dll.dll throu ...)
+       TODO: check
+CVE-2024-37005 (A maliciously crafted X_B and X_T file, when parsed in 
pskernel.DLL th ...)
+       TODO: check
+CVE-2024-37004 (A maliciously crafted SLDPRT file, when parsed in 
ASMKERN229A.dll thro ...)
+       TODO: check
+CVE-2024-37003 (A maliciously crafted DWG and SLDPRT file, when parsed in 
opennurbs.dl ...)
+       TODO: check
+CVE-2024-37002 (A maliciously crafted MODEL file, when parsed in 
ASMkern229A.dllthroug ...)
+       TODO: check
+CVE-2024-37001 ([A maliciously crafted 3DM file, when parsed in opennurbs.dll 
through  ...)
+       TODO: check
+CVE-2024-37000 (A maliciously crafted X_B file, when parsed in pskernel.DLL 
through Au ...)
+       TODO: check
+CVE-2024-36999 (A maliciously crafted 3DM file, when parsed in opennurbs.dll 
through A ...)
+       TODO: check
+CVE-2024-36683 (SQL injection vulnerability in the module "Products Alert" 
(productsal ...)
+       TODO: check
+CVE-2024-36682 (In the module "Theme settings" (pk_themesettings) <= 1.8.8 
from Promok ...)
+       TODO: check
+CVE-2024-36681 (SQL Injection vulnerability in the module "Isotope" 
(pk_isotope) <=1.7 ...)
+       TODO: check
+CVE-2024-34992 (SQL Injection vulnerability in the module "Help Desk - 
Customer Suppor ...)
+       TODO: check
+CVE-2024-34991 (In the module "Axepta" (axepta) before 1.3.4 from Quadra 
Informatique  ...)
+       TODO: check
+CVE-2024-34988 (SQL injection vulnerability in the module "Complete for Create 
a Quote ...)
+       TODO: check
+CVE-2024-33898 (Axiros AXESS Auto Configuration Server (ACS) 4.x and 5.0.0 has 
Incorre ...)
+       TODO: check
+CVE-2024-32855 (Dell Client Platform BIOS contains an Out-of-bounds Write 
vulnerabilit ...)
+       TODO: check
+CVE-2024-23159 (A maliciously crafted STP file, when parsed in 
stp_aim_x64_vc15d.dll t ...)
+       TODO: check
+CVE-2024-23158 (A maliciously crafted IGES file, when parsed in 
ASMImport229A.dll thro ...)
+       TODO: check
+CVE-2024-23157 (A maliciously crafted SLDASM or SLDPRT file, when parsed in 
ODXSW_DLL. ...)
+       TODO: check
+CVE-2024-23156 (A maliciously crafted 3DM file, when parsed in opennurbs.dll 
and ASMke ...)
+       TODO: check
+CVE-2024-23155 (A maliciously crafted MODEL file, when parsed in 
atf_asm_interface.dll ...)
+       TODO: check
+CVE-2024-23154 (A maliciously crafted SLDPRT file, when parsed in 
ODXSW_DLL.dll throug ...)
+       TODO: check
+CVE-2024-23153 (A maliciously crafted MODEL file, when parsed in libodx.dll 
through Au ...)
+       TODO: check
+CVE-2024-23152 (A maliciously crafted 3DM file, when parsed in opennurbs.dll 
through A ...)
+       TODO: check
+CVE-2024-23151 (A maliciously crafted 3DM file, when parsed in ASMkern229A.dll 
through ...)
+       TODO: check
+CVE-2024-23150 (A maliciously crafted PRT file, when parsed in odxug_dll.dll 
through A ...)
+       TODO: check
+CVE-2024-23149 (A maliciously crafted SLDDRW file, when parsed in 
ODXSW_DLL.dll throug ...)
+       TODO: check
+CVE-2024-23148 (A maliciously crafted CATPRODUCT file, when parsed in 
CC5Dll.dll throu ...)
+       TODO: check
+CVE-2024-23147 (A maliciously crafted CATPART, X_B and STEP, when parsed in 
ASMKERN228 ...)
+       TODO: check
+CVE-2024-23146 (A maliciously crafted X_B and X_T file, when parsed in 
pskernel.DLL th ...)
+       TODO: check
+CVE-2024-23145 (A maliciously crafted PRT file, when parsed in opennurbs.dll 
through A ...)
+       TODO: check
+CVE-2024-23144 (A maliciously crafted CATPART file, when parsed in CC5Dll.dll 
and ASMB ...)
+       TODO: check
+CVE-2024-23143 (A maliciously crafted 3DM, MODEL and X_B file, when parsed in 
ASMkern2 ...)
+       TODO: check
+CVE-2024-23142 (A maliciously crafted CATPART, STP, and MODEL file, when 
parsed in atf ...)
+       TODO: check
+CVE-2024-23141 (A maliciously crafted MODEL file, when parsed in libodxdll 
through Aut ...)
+       TODO: check
+CVE-2024-23140 (A maliciously crafted 3DM and MODEL file, when parsed in 
opennurbs.dll ...)
+       TODO: check
+CVE-2024-22385 (Incorrect Default Permissions vulnerability in Hitachi Storage 
Provide ...)
+       TODO: check
+CVE-2024-22168 (A Cross-Site Scripting (XSS) vulnerability on the My Cloud, My 
Cloud H ...)
+       TODO: check
+CVE-2023-6198 (Use of Hard-coded Credentials vulnerability in Baicells Snap 
Router Ba ...)
+       TODO: check
+CVE-2023-5038 (badmonkey, a Security Researcher has found a flaw that allows 
for a un ...)
+       TODO: check
+CVE-2023-50029 (PHP Injection vulnerability in the module "M4 PDF Extensions" 
(m4pdf)  ...)
+       TODO: check
+CVE-2023-45196 (Adminer and AdminerEvo allow an unauthenticated remote 
attacker to cau ...)
+       TODO: check
+CVE-2023-45195 (Adminer and AdminerEvo are vulnerable to SSRF via database 
connection  ...)
+       TODO: check
+CVE-2024-6293 (Use after free in Dawn in Google Chrome prior to 126.0.6478.126 
allowe ...)
        - chromium <unfixed>
        [bullseye] - chromium <end-of-life> (see #1061268)
        [buster] - chromium <end-of-life> (see DSA 5046)
-CVE-2024-6292
+CVE-2024-6292 (Use after free in Dawn in Google Chrome prior to 126.0.6478.126 
allowe ...)
        - chromium <unfixed>
        [bullseye] - chromium <end-of-life> (see #1061268)
        [buster] - chromium <end-of-life> (see DSA 5046)
-CVE-2024-6291
+CVE-2024-6291 (Use after free in Swiftshader in Google Chrome prior to 
126.0.6478.126 ...)
        - chromium <unfixed>
        [bullseye] - chromium <end-of-life> (see #1061268)
        [buster] - chromium <end-of-life> (see DSA 5046)
-CVE-2024-6290
+CVE-2024-6290 (Use after free in Dawn in Google Chrome prior to 126.0.6478.126 
allowe ...)
        - chromium <unfixed>
        [bullseye] - chromium <end-of-life> (see #1061268)
        [buster] - chromium <end-of-life> (see DSA 5046)
@@ -40261,7 +40383,7 @@ CVE-2024-25124 (Fiber is a web framework written in go. 
Prior to version 2.52.1,
        NOT-FOR-US: Fiber
 CVE-2024-23654 (discourse-ai is the AI plugin for the open-source discussion 
platform  ...)
        NOT-FOR-US: Discourse plugin
-CVE-2024-23137 (A maliciously crafted STP or SLDPRT file in ODXSW_DLL.dll when 
parsed  ...)
+CVE-2024-23137 (A maliciously crafted STP or SLDPRT file, when parsed in 
ODXSW_DLL.dll ...)
        NOT-FOR-US: Autodesk
 CVE-2024-23136 (A maliciously crafted STP file in ASMKERN228A.dll when parsed 
through  ...)
        NOT-FOR-US: Autodesk
@@ -40273,15 +40395,15 @@ CVE-2024-23133 (A maliciously crafted STP file in 
ASMDATAX228A.dll when parsed t
        NOT-FOR-US: Autodesk
 CVE-2024-23132 (A maliciously crafted STP file in atf_dwg_consumer.dll when 
parsed thr ...)
        NOT-FOR-US: Autodesk
-CVE-2024-23131 (A maliciously crafted STP file in ASMKERN228A.dll or 
ASMDATAX228A.dll  ...)
+CVE-2024-23131 (A maliciously crafted STP file, when parsed in 
ASMIMPORT229A.dll, ASMK ...)
        NOT-FOR-US: Autodesk
-CVE-2024-23130 (A maliciously crafted SLDASM, or SLDPRT files in ODXSW_DLL.dll 
when pa ...)
+CVE-2024-23130 (A maliciously crafted SLDASM or SLDPRT file, when parsed in 
ODXSW_DLL. ...)
        NOT-FOR-US: Autodesk
-CVE-2024-23129 (A maliciously crafted MODEL 3DM, STP or SLDASM files in 
opennurbs.dll  ...)
+CVE-2024-23129 (A maliciously crafted MODEL 3DM, STP, or SLDASM file, when in 
opennurb ...)
        NOT-FOR-US: Autodesk
-CVE-2024-23128 (A maliciously crafted MODEL file in libodxdll.dll when parsed 
through  ...)
+CVE-2024-23128 (A maliciously crafted MODEL file, when parsed in libodxdll.dll 
and ASM ...)
        NOT-FOR-US: Autodesk
-CVE-2024-23127 (A maliciously crafted MODEL, SLDPRT or SLDASM file in 
VCRUNTIME140.dll ...)
+CVE-2024-23127 (A maliciously crafted MODEL, SLDPRT, or SLDASM file, when 
parsed in OD ...)
        NOT-FOR-US: Autodesk
 CVE-2024-23126 (A maliciously crafted CATPART file in CC5Dll.dll when parsed 
through A ...)
        NOT-FOR-US: Autodesk
@@ -40289,9 +40411,9 @@ CVE-2024-23125 (A maliciously crafted SLDPRT file when 
parsed ODXSW_DLL.dll thro
        NOT-FOR-US: Autodesk
 CVE-2024-23124 (A maliciously crafted STP file in ASMIMPORT228A.dll when 
parsed throug ...)
        NOT-FOR-US: Autodesk
-CVE-2024-23123 (A maliciously crafted CATPART file in CC5Dll.dll or 
ASMBASE228A.dll wh ...)
+CVE-2024-23123 (A maliciously crafted CATPART file, when parsed in CC5Dll.dll 
and ASMB ...)
        NOT-FOR-US: Autodesk
-CVE-2024-23122 (A maliciously crafted 3DM file in opennurbs.dll when parsed 
through Au ...)
+CVE-2024-23122 (A maliciously crafted 3DM file, when parsed in opennurbs.dll 
through A ...)
        NOT-FOR-US: Autodesk
 CVE-2024-23121 (A maliciously crafted MODEL file when parsed in libodxdll.dll 
through  ...)
        NOT-FOR-US: Autodesk
@@ -60044,8 +60166,8 @@ CVE-2023-5747 (Bashis, a Security Researcher at IPVM 
has found a flaw that allow
        NOT-FOR-US: Hanwha Vision PNV-A6081R
 CVE-2023-5741 (The POWR plugin for WordPress is vulnerable to Stored 
Cross-Site Scrip ...)
        NOT-FOR-US: WordPress plugin
-CVE-2023-5037
-       REJECTED
+CVE-2023-5037 (badmonkey, a Security Researcher has found a flaw that allows 
for a au ...)
+       TODO: check
 CVE-2023-4775 (The Advanced iFrame plugin for WordPress is vulnerable to 
Stored Cross ...)
        NOT-FOR-US: WordPress plugin
 CVE-2023-47669 (Cross-Site Request Forgery (CSRF) vulnerability in Cozmoslabs 
User Pro ...)



View it on GitLab: 
https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/ba15c604c41e7ad9ad9bb688f74ff4a3487e49f2

-- 
This project does not include diff previews in email notifications.
View it on GitLab: 
https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/ba15c604c41e7ad9ad9bb688f74ff4a3487e49f2
You're receiving this email because of your account on salsa.debian.org.

_______________________________________________
debian-security-tracker-commits mailing list
debian-security-tracker-commits@alioth-lists.debian.net
https://alioth-lists.debian.net/cgi-bin/mailman/listinfo/debian-security-tracker-commits

[Git][security-tracker-team/security-tracker][master] automatic update

Reply via email to