Salvatore Bonaccorso pushed to branch master at Debian Security Tracker /
security-tracker
Commits:
cbf589b9 by security tracker role at 2024-04-03T08:11:40+00:00
automatic update
- - - - -
1 changed file:
- data/CVE/list
Changes:
=====================================
data/CVE/list
=====================================
@@ -1,3 +1,159 @@
+CVE-2024-3248 (In Xpdf 4.05 (and earlier), a PDF object loop in the
attachments leads ...)
+ TODO: check
+CVE-2024-3247 (In Xpdf 4.05 (and earlier), a PDF object loop in an object
stream lead ...)
+ TODO: check
+CVE-2024-3227 (A vulnerability was found in Panwei eoffice OA up to 9.5. It
has been ...)
+ TODO: check
+CVE-2024-3226 (A vulnerability was found in Campcodes Online Patient Record
Managemen ...)
+ TODO: check
+CVE-2024-3225 (A vulnerability was found in SourceCodester PHP Task Management
System ...)
+ TODO: check
+CVE-2024-3224 (A vulnerability has been found in SourceCodester PHP Task
Management S ...)
+ TODO: check
+CVE-2024-3223 (A vulnerability, which was classified as critical, was found in
Source ...)
+ TODO: check
+CVE-2024-3222 (A vulnerability, which was classified as critical, has been
found in S ...)
+ TODO: check
+CVE-2024-3221 (A vulnerability classified as critical was found in
SourceCodester PHP ...)
+ TODO: check
+CVE-2024-3218 (A vulnerability classified as critical has been found in
Shibang Commu ...)
+ TODO: check
+CVE-2024-3209 (A vulnerability was found in UPX up to 4.2.2. It has been rated
as cri ...)
+ TODO: check
+CVE-2024-3207 (A vulnerability was found in ermig1979 Simd up to 6.0.134. It
has been ...)
+ TODO: check
+CVE-2024-3205 (A vulnerability was found in yaml libyaml up to 0.2.5 and
classified a ...)
+ TODO: check
+CVE-2024-3204 (A vulnerability has been found in c-blosc2 up to 2.13.2 and
classified ...)
+ TODO: check
+CVE-2024-3203 (A vulnerability, which was classified as critical, was found in
c-blos ...)
+ TODO: check
+CVE-2024-3202 (A vulnerability, which was classified as problematic, has been
found i ...)
+ TODO: check
+CVE-2024-3162 (The Jeg Elementor Kit plugin for WordPress is vulnerable to
Stored Cro ...)
+ TODO: check
+CVE-2024-31013 (Cross Site Scripting (XSS) vulnerability in emlog version Pro
2.3, all ...)
+ TODO: check
+CVE-2024-31012 (An issue was discovered in SEMCMS v.4.8, allows remote
attackers to ex ...)
+ TODO: check
+CVE-2024-31011 (Arbitrary file write vulnerability in beescms v.4.0, allows a
remote a ...)
+ TODO: check
+CVE-2024-31010 (SQL injection vulnerability in SEMCMS v.4.8, allows a remote
attacker ...)
+ TODO: check
+CVE-2024-31009 (SQL injection vulnerability in SEMCMS v.4.8, allows a remote
attacker ...)
+ TODO: check
+CVE-2024-31008 (An issue was discovered in WUZHICMS version 4.1.0, allows an
attacker ...)
+ TODO: check
+CVE-2024-30998 (SQL Injection vulnerability in PHPGurukul Men Salon Management
System ...)
+ TODO: check
+CVE-2024-30371 (Foxit PDF Reader AcroForm Use-After-Free Remote Code Execution
Vulnera ...)
+ TODO: check
+CVE-2024-30370 (RARLAB WinRAR Mark-Of-The-Web Bypass Vulnerability. This
vulnerability ...)
+ TODO: check
+CVE-2024-30367 (Foxit PDF Reader AcroForm Use-After-Free Remote Code Execution
Vulnera ...)
+ TODO: check
+CVE-2024-30365 (Foxit PDF Reader AcroForm Use-After-Free Remote Code Execution
Vulnera ...)
+ TODO: check
+CVE-2024-30364 (Foxit PDF Reader U3D File Parsing Out-Of-Bounds Read
Information Discl ...)
+ TODO: check
+CVE-2024-30363 (Foxit PDF Reader U3D File Parsing Out-Of-Bounds Read
Information Discl ...)
+ TODO: check
+CVE-2024-30362 (Foxit PDF Reader PDF File Parsing Use-After-Free Remote Code
Execution ...)
+ TODO: check
+CVE-2024-30361 (Foxit PDF Reader AcroForm Use-After-Free Remote Code Execution
Vulnera ...)
+ TODO: check
+CVE-2024-30360 (Foxit PDF Reader AcroForm Use-After-Free Remote Code Execution
Vulnera ...)
+ TODO: check
+CVE-2024-30359 (Foxit PDF Reader AcroForm 3D Out-Of-Bounds Read Remote Code
Execution ...)
+ TODO: check
+CVE-2024-30358 (Foxit PDF Reader AcroForm User-After-Free Remote Code
Execution Vulner ...)
+ TODO: check
+CVE-2024-30357 (Foxit PDF Reader AcroForm Annotation Type Confusion Remote
Code Execut ...)
+ TODO: check
+CVE-2024-30356 (Foxit PDF Reader AcroForm Out-Of-Bounds Read Information
Disclosure Vu ...)
+ TODO: check
+CVE-2024-30355 (Foxit PDF Reader AcroForm Out-Of-Bounds Write Remote Code
Execution Vu ...)
+ TODO: check
+CVE-2024-30354 (Foxit PDF Reader AcroForm Use-After-Free Remote Code Execution
Vulnera ...)
+ TODO: check
+CVE-2024-30353 (Foxit PDF Reader AcroForm Out-Of-Bounds Read Remote Code
Execution Vul ...)
+ TODO: check
+CVE-2024-30352 (Foxit PDF Reader AcroForm Use-After-Free Remote Code Execution
Vulnera ...)
+ TODO: check
+CVE-2024-30351 (Foxit PDF Reader AcroForm Use-After-Free Remote Code Execution
Vulnera ...)
+ TODO: check
+CVE-2024-30350 (Foxit PDF Reader Annotation Out-Of-Bounds Read Information
Disclosure ...)
+ TODO: check
+CVE-2024-30349 (Foxit PDF Reader U3D File Parsing Out-Of-Bounds Write Remote
Code Exec ...)
+ TODO: check
+CVE-2024-30348 (Foxit PDF Reader U3D File Parsing Out-Of-Bounds Write Remote
Code Exec ...)
+ TODO: check
+CVE-2024-30347 (Foxit PDF Reader U3D File Parsing Out-Of-Bounds Read
Information Discl ...)
+ TODO: check
+CVE-2024-30346 (Foxit PDF Reader AcroForm Use-After-Free Remote Code Execution
Vulnera ...)
+ TODO: check
+CVE-2024-30345 (Foxit PDF Reader AcroForm Use-After-Free Remote Code Execution
Vulnera ...)
+ TODO: check
+CVE-2024-30344 (Foxit PDF Reader AcroForm Use-After-Free Remote Code Execution
Vulnera ...)
+ TODO: check
+CVE-2024-30343 (Foxit PDF Reader Annotation Use-After-Free Remote Code
Execution Vulne ...)
+ TODO: check
+CVE-2024-30342 (Foxit PDF Reader Annotation Use-After-Free Remote Code
Execution Vulne ...)
+ TODO: check
+CVE-2024-30341 (Foxit PDF Reader Doc Object Out-Of-Bounds Read Remote Code
Execution V ...)
+ TODO: check
+CVE-2024-30340 (Foxit PDF Reader Annotation Out-Of-Bounds Read Information
Disclosure ...)
+ TODO: check
+CVE-2024-30339 (Foxit PDF Reader AcroForm Use-After-Free Remote Code Execution
Vulnera ...)
+ TODO: check
+CVE-2024-30338 (Foxit PDF Reader Doc Object Use-After-Free Remote Code
Execution Vulne ...)
+ TODO: check
+CVE-2024-30337 (Foxit PDF Reader AcroForm Use-After-Free Remote Code Execution
Vulnera ...)
+ TODO: check
+CVE-2024-30336 (Foxit PDF Reader AcroForm Use-After-Free Remote Code Execution
Vulnera ...)
+ TODO: check
+CVE-2024-30166 (In Mbed TLS 3.3.0 through 3.5.2 before 3.6.0, a malicious
client can c ...)
+ TODO: check
+CVE-2024-2879 (The LayerSlider plugin for WordPress is vulnerable to SQL
Injection vi ...)
+ TODO: check
+CVE-2024-2322 (The WooCommerce Cart Abandonment Recovery WordPress plugin
before 1.2. ...)
+ TODO: check
+CVE-2024-29734 (Uncontrolled search path element issue exists in SonicDICOM
Media View ...)
+ TODO: check
+CVE-2024-29434 (An issue in the system image upload interface of Alldata
v0.4.6 allows ...)
+ TODO: check
+CVE-2024-29432 (Alldata v0.4.6 was discovered to contain a SQL injection
vulnerability ...)
+ TODO: check
+CVE-2024-28836 (An issue was discovered in Mbed TLS 3.5.x before 3.6.0. When
negotiati ...)
+ TODO: check
+CVE-2024-28755 (An issue was discovered in Mbed TLS 3.5.x before 3.6.0. When
an SSL co ...)
+ TODO: check
+CVE-2024-28589 (An issue was discovered in Axigen Mail Server for Windows
versions 10. ...)
+ TODO: check
+CVE-2024-28515 (Buffer Overflow vulnerability in CSAPP_Lab CSAPP Lab3 15-213
Fall 20xx ...)
+ TODO: check
+CVE-2024-27605 (Alldata V0.4.6 is vulnerable to Insecure Permissions. Using
users (tes ...)
+ TODO: check
+CVE-2024-27604 (Alldata V0.4.6 is vulnerable to Command execution
vulnerability. Syste ...)
+ TODO: check
+CVE-2024-27602 (Alldata V0.4.6 is vulnerable to Incorrect Access Control. A
total of m ...)
+ TODO: check
+CVE-2024-26495 (Cross Site Scripting (XSS) vulnerability in Friendica versions
after v ...)
+ TODO: check
+CVE-2024-25864 (Server Side Request Forgery (SSRF) vulnerability in Friendica
versions ...)
+ TODO: check
+CVE-2024-25075 (An issue was discovered in Softing uaToolkit Embedded before
1.41.1. W ...)
+ TODO: check
+CVE-2024-24724 (Gibbon through 26.0.00 allows
/modules/School%20Admin/messengerSetting ...)
+ TODO: check
+CVE-2024-24506 (Cross Site Scripting (XSS) vulnerability in Lime Survey
Community Edit ...)
+ TODO: check
+CVE-2024-1327 (The Jeg Elementor Kit plugin for WordPress is vulnerable to
Stored Cro ...)
+ TODO: check
+CVE-2023-35764 (Insufficient verification of data authenticity issue in Survey
Maker p ...)
+ TODO: check
+CVE-2023-34423 (Survey Maker prior to 3.6.4 contains a stored cross-site
scripting vul ...)
+ TODO: check
CVE-2024-3159
- chromium 123.0.6312.105-1
[bullseye] - chromium <end-of-life> (see #1061268)
@@ -398,7 +554,7 @@ CVE-2023-51571 (Voltronic Power ViewPower Pro SocketService
Missing Authenticati
NOT-FOR-US: Voltronic Power ViewPower Pro
CVE-2023-51570 (Voltronic Power ViewPower Pro Deserialization of Untrusted
Data Remote ...)
NOT-FOR-US: Voltronic Power ViewPower Pro
-CVE-2024-28219
+CVE-2024-28219 (In _imagingcms.c in Pillow before 10.3.0, a buffer overflow
exists bec ...)
- pillow 10.3.0-1
NOTE:
https://pillow.readthedocs.io/en/stable/releasenotes/10.3.0.html#security
NOTE:
https://github.com/python-pillow/Pillow/commit/2a93aba5cfcf6e241ab4f9392c13e3b74032c061
(10.3.0)
@@ -93577,7 +93733,7 @@ CVE-2022-45869 (A race condition in the x86 KVM
subsystem in the Linux kernel th
[bullseye] - linux <not-affected> (Vulnerable code not present)
[buster] - linux <not-affected> (Vulnerable code not present)
NOTE:
https://git.kernel.org/linus/47b0c2e4c220f2251fd8dcfbb44479819c715e15 (6.1-rc7)
-CVE-2022-45868 (The web-based admin console in H2 Database Engine through
2.1.214 can ...)
+CVE-2022-45868 (The web-based admin console in H2 Database Engine before
2.2.220 can b ...)
- h2database <unfixed> (unimportant)
NOTE: Not cosidered a vulnerability of H2 Console by vendor. Passwords
should never be
NOTE: passed on the command line.
@@ -219744,8 +219900,8 @@ CVE-2021-27314 (SQL injection in admin.php in doctor
appointment system 1.0 allo
NOT-FOR-US: doctor appointment system
CVE-2021-27313
RESERVED
-CVE-2021-27312
- RESERVED
+CVE-2021-27312 (Server Side Request Forgery (SSRF) vulnerability in Gleez Cms
1.2.0, a ...)
+ TODO: check
CVE-2021-27311
RESERVED
CVE-2021-27310 (Clansphere CMS 2011.4 allows unauthenticated reflected XSS via
"langua ...)
View it on GitLab:
https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/cbf589b9f2d69e919a1adbe174d21db640a3085c
--
View it on GitLab:
https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/cbf589b9f2d69e919a1adbe174d21db640a3085c
You're receiving this email because of your account on salsa.debian.org.
_______________________________________________
debian-security-tracker-commits mailing list
debian-security-tracker-commits@alioth-lists.debian.net
https://alioth-lists.debian.net/cgi-bin/mailman/listinfo/debian-security-tracker-commits
