Salvatore Bonaccorso pushed to branch master at Debian Security Tracker / security-tracker
Commits: ba15c604 by security tracker role at 2024-06-25T08:12:39+00:00 automatic update - - - - - 1 changed file: - data/CVE/list Changes: ===================================== data/CVE/list ===================================== @@ -1,16 +1,138 @@ -CVE-2024-6293 +CVE-2024-6297 (Several plugins for WordPress hosted on WordPress.org have been compro ...) + TODO: check +CVE-2024-6295 (udn News Android APP stores the unencrypted user session in the local ...) + TODO: check +CVE-2024-6294 (udn News Android APP stores the user session in logcat file when user ...) + TODO: check +CVE-2024-5431 (The WPCafe \u2013 Online Food Ordering, Restaurant Menu, Delivery, and ...) + TODO: check +CVE-2024-4759 (The Mime Types Extended WordPress plugin through 0.11 does not sanitis ...) + TODO: check +CVE-2024-4757 (The Logo Manager For Enamad WordPress plugin through 0.7.0 does not ha ...) + TODO: check +CVE-2024-4197 (An unrestrictedfile upload vulnerability in Avaya IP Officewas discove ...) + TODO: check +CVE-2024-4196 (An improper input validation vulnerability was discovered in Avaya IP ...) + TODO: check +CVE-2024-3249 (The Zita Elementor Site Library plugin for WordPress is vulnerable to ...) + TODO: check +CVE-2024-38903 (H3C Magic R230 V100R002's udpserver opens port 9034, allowing attacker ...) + TODO: check +CVE-2024-38902 (H3C Magic R230 V100R002 was discovered to contain a hardcoded password ...) + TODO: check +CVE-2024-38897 (WAVLINK WN551K1'live_check.shtml enables attackers to obtain sensitive ...) + TODO: check +CVE-2024-38896 (WAVLINK WN551K1 found a command injection vulnerability through the st ...) + TODO: check +CVE-2024-38895 (WAVLINK WN551K1'live_mfg.shtml enables attackers to obtain sensitive r ...) + TODO: check +CVE-2024-38894 (WAVLINK WN551K1 found a command injection vulnerability through the IP ...) + TODO: check +CVE-2024-38892 (An issue in Wavlink WN551K1 allows a remote attacker to obtain sensiti ...) + TODO: check +CVE-2024-37759 (DataGear v5.0.0 and earlier was discovered to contain a SpEL (Spring E ...) + TODO: check +CVE-2024-37007 (A maliciously crafted X_B and X_T file, when parsed in pskernel.DLL th ...) + TODO: check +CVE-2024-37006 (A maliciously crafted CATPRODUCT file, when parsed in CC5Dll.dll throu ...) + TODO: check +CVE-2024-37005 (A maliciously crafted X_B and X_T file, when parsed in pskernel.DLL th ...) + TODO: check +CVE-2024-37004 (A maliciously crafted SLDPRT file, when parsed in ASMKERN229A.dll thro ...) + TODO: check +CVE-2024-37003 (A maliciously crafted DWG and SLDPRT file, when parsed in opennurbs.dl ...) + TODO: check +CVE-2024-37002 (A maliciously crafted MODEL file, when parsed in ASMkern229A.dllthroug ...) + TODO: check +CVE-2024-37001 ([A maliciously crafted 3DM file, when parsed in opennurbs.dll through ...) + TODO: check +CVE-2024-37000 (A maliciously crafted X_B file, when parsed in pskernel.DLL through Au ...) + TODO: check +CVE-2024-36999 (A maliciously crafted 3DM file, when parsed in opennurbs.dll through A ...) + TODO: check +CVE-2024-36683 (SQL injection vulnerability in the module "Products Alert" (productsal ...) + TODO: check +CVE-2024-36682 (In the module "Theme settings" (pk_themesettings) <= 1.8.8 from Promok ...) + TODO: check +CVE-2024-36681 (SQL Injection vulnerability in the module "Isotope" (pk_isotope) <=1.7 ...) + TODO: check +CVE-2024-34992 (SQL Injection vulnerability in the module "Help Desk - Customer Suppor ...) + TODO: check +CVE-2024-34991 (In the module "Axepta" (axepta) before 1.3.4 from Quadra Informatique ...) + TODO: check +CVE-2024-34988 (SQL injection vulnerability in the module "Complete for Create a Quote ...) + TODO: check +CVE-2024-33898 (Axiros AXESS Auto Configuration Server (ACS) 4.x and 5.0.0 has Incorre ...) + TODO: check +CVE-2024-32855 (Dell Client Platform BIOS contains an Out-of-bounds Write vulnerabilit ...) + TODO: check +CVE-2024-23159 (A maliciously crafted STP file, when parsed in stp_aim_x64_vc15d.dll t ...) + TODO: check +CVE-2024-23158 (A maliciously crafted IGES file, when parsed in ASMImport229A.dll thro ...) + TODO: check +CVE-2024-23157 (A maliciously crafted SLDASM or SLDPRT file, when parsed in ODXSW_DLL. ...) + TODO: check +CVE-2024-23156 (A maliciously crafted 3DM file, when parsed in opennurbs.dll and ASMke ...) + TODO: check +CVE-2024-23155 (A maliciously crafted MODEL file, when parsed in atf_asm_interface.dll ...) + TODO: check +CVE-2024-23154 (A maliciously crafted SLDPRT file, when parsed in ODXSW_DLL.dll throug ...) + TODO: check +CVE-2024-23153 (A maliciously crafted MODEL file, when parsed in libodx.dll through Au ...) + TODO: check +CVE-2024-23152 (A maliciously crafted 3DM file, when parsed in opennurbs.dll through A ...) + TODO: check +CVE-2024-23151 (A maliciously crafted 3DM file, when parsed in ASMkern229A.dll through ...) + TODO: check +CVE-2024-23150 (A maliciously crafted PRT file, when parsed in odxug_dll.dll through A ...) + TODO: check +CVE-2024-23149 (A maliciously crafted SLDDRW file, when parsed in ODXSW_DLL.dll throug ...) + TODO: check +CVE-2024-23148 (A maliciously crafted CATPRODUCT file, when parsed in CC5Dll.dll throu ...) + TODO: check +CVE-2024-23147 (A maliciously crafted CATPART, X_B and STEP, when parsed in ASMKERN228 ...) + TODO: check +CVE-2024-23146 (A maliciously crafted X_B and X_T file, when parsed in pskernel.DLL th ...) + TODO: check +CVE-2024-23145 (A maliciously crafted PRT file, when parsed in opennurbs.dll through A ...) + TODO: check +CVE-2024-23144 (A maliciously crafted CATPART file, when parsed in CC5Dll.dll and ASMB ...) + TODO: check +CVE-2024-23143 (A maliciously crafted 3DM, MODEL and X_B file, when parsed in ASMkern2 ...) + TODO: check +CVE-2024-23142 (A maliciously crafted CATPART, STP, and MODEL file, when parsed in atf ...) + TODO: check +CVE-2024-23141 (A maliciously crafted MODEL file, when parsed in libodxdll through Aut ...) + TODO: check +CVE-2024-23140 (A maliciously crafted 3DM and MODEL file, when parsed in opennurbs.dll ...) + TODO: check +CVE-2024-22385 (Incorrect Default Permissions vulnerability in Hitachi Storage Provide ...) + TODO: check +CVE-2024-22168 (A Cross-Site Scripting (XSS) vulnerability on the My Cloud, My Cloud H ...) + TODO: check +CVE-2023-6198 (Use of Hard-coded Credentials vulnerability in Baicells Snap Router Ba ...) + TODO: check +CVE-2023-5038 (badmonkey, a Security Researcher has found a flaw that allows for a un ...) + TODO: check +CVE-2023-50029 (PHP Injection vulnerability in the module "M4 PDF Extensions" (m4pdf) ...) + TODO: check +CVE-2023-45196 (Adminer and AdminerEvo allow an unauthenticated remote attacker to cau ...) + TODO: check +CVE-2023-45195 (Adminer and AdminerEvo are vulnerable to SSRF via database connection ...) + TODO: check +CVE-2024-6293 (Use after free in Dawn in Google Chrome prior to 126.0.6478.126 allowe ...) - chromium <unfixed> [bullseye] - chromium <end-of-life> (see #1061268) [buster] - chromium <end-of-life> (see DSA 5046) -CVE-2024-6292 +CVE-2024-6292 (Use after free in Dawn in Google Chrome prior to 126.0.6478.126 allowe ...) - chromium <unfixed> [bullseye] - chromium <end-of-life> (see #1061268) [buster] - chromium <end-of-life> (see DSA 5046) -CVE-2024-6291 +CVE-2024-6291 (Use after free in Swiftshader in Google Chrome prior to 126.0.6478.126 ...) - chromium <unfixed> [bullseye] - chromium <end-of-life> (see #1061268) [buster] - chromium <end-of-life> (see DSA 5046) -CVE-2024-6290 +CVE-2024-6290 (Use after free in Dawn in Google Chrome prior to 126.0.6478.126 allowe ...) - chromium <unfixed> [bullseye] - chromium <end-of-life> (see #1061268) [buster] - chromium <end-of-life> (see DSA 5046) @@ -40261,7 +40383,7 @@ CVE-2024-25124 (Fiber is a web framework written in go. Prior to version 2.52.1, NOT-FOR-US: Fiber CVE-2024-23654 (discourse-ai is the AI plugin for the open-source discussion platform ...) NOT-FOR-US: Discourse plugin -CVE-2024-23137 (A maliciously crafted STP or SLDPRT file in ODXSW_DLL.dll when parsed ...) +CVE-2024-23137 (A maliciously crafted STP or SLDPRT file, when parsed in ODXSW_DLL.dll ...) NOT-FOR-US: Autodesk CVE-2024-23136 (A maliciously crafted STP file in ASMKERN228A.dll when parsed through ...) NOT-FOR-US: Autodesk @@ -40273,15 +40395,15 @@ CVE-2024-23133 (A maliciously crafted STP file in ASMDATAX228A.dll when parsed t NOT-FOR-US: Autodesk CVE-2024-23132 (A maliciously crafted STP file in atf_dwg_consumer.dll when parsed thr ...) NOT-FOR-US: Autodesk -CVE-2024-23131 (A maliciously crafted STP file in ASMKERN228A.dll or ASMDATAX228A.dll ...) +CVE-2024-23131 (A maliciously crafted STP file, when parsed in ASMIMPORT229A.dll, ASMK ...) NOT-FOR-US: Autodesk -CVE-2024-23130 (A maliciously crafted SLDASM, or SLDPRT files in ODXSW_DLL.dll when pa ...) +CVE-2024-23130 (A maliciously crafted SLDASM or SLDPRT file, when parsed in ODXSW_DLL. ...) NOT-FOR-US: Autodesk -CVE-2024-23129 (A maliciously crafted MODEL 3DM, STP or SLDASM files in opennurbs.dll ...) +CVE-2024-23129 (A maliciously crafted MODEL 3DM, STP, or SLDASM file, when in opennurb ...) NOT-FOR-US: Autodesk -CVE-2024-23128 (A maliciously crafted MODEL file in libodxdll.dll when parsed through ...) +CVE-2024-23128 (A maliciously crafted MODEL file, when parsed in libodxdll.dll and ASM ...) NOT-FOR-US: Autodesk -CVE-2024-23127 (A maliciously crafted MODEL, SLDPRT or SLDASM file in VCRUNTIME140.dll ...) +CVE-2024-23127 (A maliciously crafted MODEL, SLDPRT, or SLDASM file, when parsed in OD ...) NOT-FOR-US: Autodesk CVE-2024-23126 (A maliciously crafted CATPART file in CC5Dll.dll when parsed through A ...) NOT-FOR-US: Autodesk @@ -40289,9 +40411,9 @@ CVE-2024-23125 (A maliciously crafted SLDPRT file when parsed ODXSW_DLL.dll thro NOT-FOR-US: Autodesk CVE-2024-23124 (A maliciously crafted STP file in ASMIMPORT228A.dll when parsed throug ...) NOT-FOR-US: Autodesk -CVE-2024-23123 (A maliciously crafted CATPART file in CC5Dll.dll or ASMBASE228A.dll wh ...) +CVE-2024-23123 (A maliciously crafted CATPART file, when parsed in CC5Dll.dll and ASMB ...) NOT-FOR-US: Autodesk -CVE-2024-23122 (A maliciously crafted 3DM file in opennurbs.dll when parsed through Au ...) +CVE-2024-23122 (A maliciously crafted 3DM file, when parsed in opennurbs.dll through A ...) NOT-FOR-US: Autodesk CVE-2024-23121 (A maliciously crafted MODEL file when parsed in libodxdll.dll through ...) NOT-FOR-US: Autodesk @@ -60044,8 +60166,8 @@ CVE-2023-5747 (Bashis, a Security Researcher at IPVM has found a flaw that allow NOT-FOR-US: Hanwha Vision PNV-A6081R CVE-2023-5741 (The POWR plugin for WordPress is vulnerable to Stored Cross-Site Scrip ...) NOT-FOR-US: WordPress plugin -CVE-2023-5037 - REJECTED +CVE-2023-5037 (badmonkey, a Security Researcher has found a flaw that allows for a au ...) + TODO: check CVE-2023-4775 (The Advanced iFrame plugin for WordPress is vulnerable to Stored Cross ...) NOT-FOR-US: WordPress plugin CVE-2023-47669 (Cross-Site Request Forgery (CSRF) vulnerability in Cozmoslabs User Pro ...) View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/ba15c604c41e7ad9ad9bb688f74ff4a3487e49f2 -- This project does not include diff previews in email notifications. View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/ba15c604c41e7ad9ad9bb688f74ff4a3487e49f2 You're receiving this email because of your account on salsa.debian.org.
_______________________________________________ debian-security-tracker-commits mailing list debian-security-tracker-commits@alioth-lists.debian.net https://alioth-lists.debian.net/cgi-bin/mailman/listinfo/debian-security-tracker-commits