[Git][security-tracker-team/security-tracker][master] automatic update
Salvatore Bonaccorso (@carnil)
carnil at debian.org
Fri Aug 2 21:12:42 BST 2024
Salvatore Bonaccorso pushed to branch master at Debian Security Tracker / security-tracker
Commits:
85a02adf by security tracker role at 2024-08-02T20:12:21+00:00
automatic update
- - - - -
1 changed file:
- data/CVE/list
Changes:
=====================================
data/CVE/list
=====================================
@@ -1,8 +1,86 @@
-CVE-2024-36268
+CVE-2024-7323 (Digiwin EasyFlow .NET lacks proper access control for specific functio ...)
+ TODO: check
+CVE-2024-7314 (anji-plus AJ-Report is affected by an authentication bypass vulnerabil ...)
+ TODO: check
+CVE-2024-7204 (Ai3 QbiBot does not properly filter user input, allowing unauthenticat ...)
+ TODO: check
+CVE-2024-7029 (Commands can be injected over the network and executed without authent ...)
+ TODO: check
+CVE-2024-6704 (The Comments \u2013 wpDiscuz plugin for WordPress is vulnerable to HTM ...)
+ TODO: check
+CVE-2024-4643 (The Element Pack Elementor Addons (Header Footer, Template Library, Dy ...)
+ TODO: check
+CVE-2024-42349 (FOG is a cloning/imaging/rescue suite/inventory management system. FOG ...)
+ TODO: check
+CVE-2024-42348 (FOG is a cloning/imaging/rescue suite/inventory management system. FOG ...)
+ TODO: check
+CVE-2024-41519 (Feripro <= v2.2.3 is vulnerable to Cross Site Scripting (XSS) via "/ad ...)
+ TODO: check
+CVE-2024-41518 (An Incorrect Access Control vulnerability in "/admin/programm/<program ...)
+ TODO: check
+CVE-2024-41517 (An Incorrect Access Control vulnerability in "/admin/benutzer/institut ...)
+ TODO: check
+CVE-2024-41310 (AndServer 2.1.12 is vulnerable to Directory Traversal.)
+ TODO: check
+CVE-2024-41127 (Monkeytype is a minimalistic and customizable typing test. Monkeytype ...)
+ TODO: check
+CVE-2024-40723 (The specific API in HWATAIServiSign Windows Version from CHANGING Info ...)
+ TODO: check
+CVE-2024-40722 (The specific API in TCBServiSign Windows Version from CHANGING Informa ...)
+ TODO: check
+CVE-2024-40721 (The specific API in TCBServiSign Windows Version from CHANGING Informa ...)
+ TODO: check
+CVE-2024-40720 (The specific API in TCBServiSign Windows Version from CHANGING Informa ...)
+ TODO: check
+CVE-2024-40719 (The encryption strength of the authorization keys in CHANGING Informat ...)
+ TODO: check
+CVE-2024-38890 (An issue in Horizon Business Services Inc. Caterease Software 16.0.1.1 ...)
+ TODO: check
+CVE-2024-38889 (An issue in Horizon Business Services Inc. Caterease 16.0.1.1663 throu ...)
+ TODO: check
+CVE-2024-38888 (An issue in Horizon Business Services Inc. Caterease 16.0.1.1663 throu ...)
+ TODO: check
+CVE-2024-38886 (An issue in Horizon Business Services Inc. Caterease 16.0.1.1663 throu ...)
+ TODO: check
+CVE-2024-38885 (An issue in Horizon Business Services Inc. Caterease 16.0.1.1663 throu ...)
+ TODO: check
+CVE-2024-38884 (An issue in Horizon Business Services Inc. Caterease 16.0.1.1663 throu ...)
+ TODO: check
+CVE-2024-38883 (An issue in Horizon Business Services Inc. Caterease 16.0.1.1663 throu ...)
+ TODO: check
+CVE-2024-38882 (An issue in Horizon Business Services Inc. Caterease 16.0.1.1663 throu ...)
+ TODO: check
+CVE-2024-38881 (An issue in Horizon Business Services Inc. Caterease 16.0.1.1663 throu ...)
+ TODO: check
+CVE-2024-38879 (A vulnerability has been identified in OmniviseT3000 Application Serve ...)
+ TODO: check
+CVE-2024-38878 (A vulnerability has been identified in OmniviseT3000 Application Serve ...)
+ TODO: check
+CVE-2024-38877 (A vulnerability has been identified in OmniviseT3000 Application Serve ...)
+ TODO: check
+CVE-2024-38876 (A vulnerability has been identified in OmniviseT3000 Application Serve ...)
+ TODO: check
+CVE-2024-33896 (Cosy+ devices running a firmware 21.x below 21.2s10 or a firmware 22.x ...)
+ TODO: check
+CVE-2024-33895 (Cosy+ devices running a firmware 21.x below 21.2s10 or a firmware 22.x ...)
+ TODO: check
+CVE-2024-33894 (Insecure Permission vulnerability in Cosy+ devices running a firmware ...)
+ TODO: check
+CVE-2024-33893 (Cosy+ devices running a firmware 21.x below 21.2s10 or a firmware 22.x ...)
+ TODO: check
+CVE-2024-33892 (Insecure Permissions vulnerability in Cosy+ devices running a firmware ...)
+ TODO: check
+CVE-2024-28298 (SQL injection vulnerability in BM SOFT BMPlanning 1.0.0.1 allows authe ...)
+ TODO: check
+CVE-2024-28297 (SQL injection vulnerability in AzureSoft MyHorus 4.3.5 allows authenti ...)
+ TODO: check
+CVE-2024-22169 (WD Discovery versions prior to 5.0.589 contain a misconfiguration in t ...)
+ TODO: check
+CVE-2024-36268 (Improper Control of Generation of Code ('Code Injection') vulnerabilit ...)
NOT-FOR-US: Apache Linkis
-CVE-2024-27182
+CVE-2024-27182 (In Apache Linkis <= 1.5.0, Arbitrary file deletion in Basic managemen ...)
NOT-FOR-US: Apache Linkis
-CVE-2024-27181
+CVE-2024-27181 (In Apache Linkis <= 1.5.0, Privilege Escalation in Basic management s ...)
NOT-FOR-US: Apache Linkis
CVE-2024-7389 (The Forminator plugin for WordPress is vulnerable to Sensitive Informa ...)
NOT-FOR-US: WordPress plugin
@@ -186,7 +264,7 @@ CVE-2024-7358 (A vulnerability was found in Point B Ltd Getscreen Agent 2.19.6 o
NOT-FOR-US: Point B Ltd Getscreen Agent
CVE-2024-7357 (** UNSUPPORTED WHEN ASSIGNED ** A vulnerability was found in D-Link DI ...)
NOT-FOR-US: D-Link
-CVE-2024-7211 (The Identity Server used by 1E Platform could enable URL redirection t ...)
+CVE-2024-7211 (The 1E Platform's component utilized the third-party Duende Identity S ...)
NOT-FOR-US: 1E Platform
CVE-2024-6923 (There is a MEDIUM severity vulnerability affecting CPython. The emai ...)
- python3.13 <unfixed>
@@ -343,7 +421,8 @@ CVE-2024-25947 (Dell iDRAC Service Module version 5.3.0.0 and prior, contain an
NOT-FOR-US: Dell
CVE-2024-1747 (The WooCommerce Customers Manager WordPress plugin before 30.2 does no ...)
NOT-FOR-US: WordPress plugin
-CVE-2024-1715 (The AdFoxly \u2013 Ad Manager, AdSense Ads & Ads.txt plugin for WordPr ...)
+CVE-2024-1715
+ REJECTED
NOT-FOR-US: AdFoxly
CVE-2024-7340 (The Weave server API allows remote users to fetch files from a specifi ...)
NOT-FOR-US: Weave server
@@ -540,7 +619,7 @@ CVE-2024-7225 (A vulnerability was found in SourceCodester Insurance Management
NOT-FOR-US: SourceCodester Insurance Management System
CVE-2024-7209 (A vulnerability exists in the use of shared SPF records in multi-tenan ...)
NOT-FOR-US: Some hosted mail provider setups using SPF
-CVE-2024-7208 (Hosted services do not verify the sender of an email against authentic ...)
+CVE-2024-7208 (A vulnerability in multi-tenant hosting allows an authenticated sender ...)
NOT-FOR-US: Some hosted mail provider setups using SPF
CVE-2024-7127 (Improper Neutralization of Input During Web Page Generation vulnerabil ...)
NOT-FOR-US: Stackposts Social Marketing Tool
@@ -32100,7 +32179,7 @@ CVE-2024-30257 (1Panel is an open source Linux server operation and maintenance
NOT-FOR-US: 1Panel
CVE-2024-2833 (The Jobs for WordPress plugin for WordPress is vulnerable to Reflected ...)
NOT-FOR-US: WordPress plugin
-CVE-2024-2796 (A server-side request forgery (SSRF) was discovered in the Akana Commu ...)
+CVE-2024-2796 (A server-side request forgery (SSRF) was discovered in the Akana API P ...)
NOT-FOR-US: Akana Community Manager Developer Portal
CVE-2024-29987 (Microsoft Edge (Chromium-based) Information Disclosure Vulnerability)
NOT-FOR-US: Microsoft
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/85a02adf112926c1231edd166f7f3ca70855424c
--
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/85a02adf112926c1231edd166f7f3ca70855424c
You're receiving this email because of your account on salsa.debian.org.
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://alioth-lists.debian.net/pipermail/debian-security-tracker-commits/attachments/20240802/f9ddd365/attachment.htm>
More information about the debian-security-tracker-commits
mailing list