[Git][security-tracker-team/security-tracker][master] automatic update

Salvatore Bonaccorso (@carnil) carnil at debian.org
Fri Aug 9 21:13:39 BST 2024 


Salvatore Bonaccorso pushed to branch master at Debian Security Tracker / security-tracker


Commits:
1187cce7 by security tracker role at 2024-08-09T20:13:23+00:00
automatic update

- - - - -


1 changed file:

- data/CVE/list


Changes:

=====================================
data/CVE/list
=====================================
@@ -1,10 +1,102 @@
-CVE-2024-41890
+CVE-2024-7645 (A vulnerability was found in SourceCodester Clinics Patient Management ...)
+	TODO: check
+CVE-2024-7644 (A vulnerability was found in SourceCodester Leads Manager Tool 1.0. It ...)
+	TODO: check
+CVE-2024-7643 (A vulnerability was found in SourceCodester Leads Manager Tool 1.0 and ...)
+	TODO: check
+CVE-2024-7642 (A vulnerability has been found in SourceCodester Kortex Lite Advocate  ...)
+	TODO: check
+CVE-2024-7641 (A vulnerability, which was classified as critical, was found in Source ...)
+	TODO: check
+CVE-2024-7640 (A vulnerability, which was classified as critical, has been found in S ...)
+	TODO: check
+CVE-2024-7639 (A vulnerability classified as critical was found in SourceCodester Kor ...)
+	TODO: check
+CVE-2024-7638 (A vulnerability classified as critical has been found in SourceCodeste ...)
+	TODO: check
+CVE-2024-7637 (A vulnerability was found in code-projects Online Polling 1.0. It has  ...)
+	TODO: check
+CVE-2024-7636 (A vulnerability was found in code-projects Simple Ticket Booking 1.0.  ...)
+	TODO: check
+CVE-2024-7635 (A vulnerability was found in code-projects Simple Ticket Booking 1.0.  ...)
+	TODO: check
+CVE-2024-7416 (The Reveal Template plugin for WordPress is vulnerable to Full Path Di ...)
+	TODO: check
+CVE-2024-7414 (The PDF Builder for WPForms plugin for WordPress is vulnerable to Full ...)
+	TODO: check
+CVE-2024-7413 (The Obfuscate Email plugin for WordPress is vulnerable to Full Path Di ...)
+	TODO: check
+CVE-2024-7412 (The No Update Nag plugin for WordPress is vulnerable to Full Path Disc ...)
+	TODO: check
+CVE-2024-7410 (The My Custom CSS PHP & ADS plugin for WordPress is vulnerable to Full ...)
+	TODO: check
+CVE-2024-7408 (This vulnerability exists in Airveda Air Quality Monitor PM2.5 PM10 du ...)
+	TODO: check
+CVE-2024-7382 (The Linkify Text plugin for WordPress is vulnerable to Full Path Discl ...)
+	TODO: check
+CVE-2024-6562 (The affiliate-toolkit \u2013 WordPress Affiliate Plugin plugin for Wor ...)
+	TODO: check
+CVE-2024-42470 (openHAB, a provider of open-source home automation software, has add-o ...)
+	TODO: check
+CVE-2024-42469 (openHAB, a provider of open-source home automation software, has add-o ...)
+	TODO: check
+CVE-2024-42468 (openHAB, a provider of open-source home automation software, has add-o ...)
+	TODO: check
+CVE-2024-42467 (openHAB, a provider of open-source home automation software, has add-o ...)
+	TODO: check
+CVE-2024-42370 (Litestar is an Asynchronous Server Gateway Interface (ASGI) framework. ...)
+	TODO: check
+CVE-2024-42367 (aiohttp is an asynchronous HTTP client/server framework for asyncio an ...)
+	TODO: check
+CVE-2024-41570 (An Unauthenticated Server-Side Request Forgery (SSRF) in demon callbac ...)
+	TODO: check
+CVE-2024-41476 (AMTT Hotel Broadband Operation System (HiBOS) V3.0.3.151204 and before ...)
+	TODO: check
+CVE-2024-41332 (Incorrect access control in the delete_category function of Sourcecode ...)
+	TODO: check
+CVE-2024-40480 (A Broken Access Control vulnerability was found in /admin/update.php a ...)
+	TODO: check
+CVE-2024-40479 (A SQL injection vulnerability in "/admin/quizquestion.php" in Kashipar ...)
+	TODO: check
+CVE-2024-40478 (A Stored Cross Site Scripting (XSS) vulnerability was found in "/admin ...)
+	TODO: check
+CVE-2024-40472 (Sourcecodester Daily Calories Monitoring Tool v1.0 is vulnerable to SQ ...)
+	TODO: check
+CVE-2024-39338 (axios 1.7.2 allows SSRF via unexpected behavior where requests for pat ...)
+	TODO: check
+CVE-2024-38989 (izatop bunt v0.29.19 was discovered to contain a prototype pollution v ...)
+	TODO: check
+CVE-2024-37826 (A NULL pointer dereference in vercot Serva v4.6.0 allows attackers to  ...)
+	TODO: check
+CVE-2024-36462 (Uncontrolled resource consumption refers to a software vulnerability w ...)
+	TODO: check
+CVE-2024-36461 (Within Zabbix, users have the ability to directly modify memory pointe ...)
+	TODO: check
+CVE-2024-36460 (The front-end audit log allows viewing of unprotected plaintext passwo ...)
+	TODO: check
+CVE-2024-32765 (A vulnerability has been reported to affect Network & Virtual Switch.  ...)
+	TODO: check
+CVE-2024-22123 (Setting SMS media allows to set GSM modem file. Later this file is use ...)
+	TODO: check
+CVE-2024-22122 (Zabbix allows to configure SMS notifications. AT command injection occ ...)
+	TODO: check
+CVE-2024-22121 (A non-admin user can change or remove important features within the Za ...)
+	TODO: check
+CVE-2024-22116 (An administrator with restricted permissions can exploit the script ex ...)
+	TODO: check
+CVE-2024-22114 (User with no permission to any of the Hosts can access and view host c ...)
+	TODO: check
+CVE-2023-38018 (IBM Aspera Shares 1.10.0 PL2 does not invalidate session after a passw ...)
+	TODO: check
+CVE-2023-31315 (Improper validation in a model specific register (MSR) could allow a m ...)
+	TODO: check
+CVE-2024-41890 (Missing Release of Resource after Effective Lifetime vulnerability in  ...)
 	NOT-FOR-US: Apache Answer
-CVE-2024-41888
+CVE-2024-41888 (Missing Release of Resource after Effective Lifetime vulnerability in  ...)
 	NOT-FOR-US: Apache Answer
-CVE-2024-29831
+CVE-2024-29831 (Improper Input Validation vulnerability in Apache DolphinScheduler. An ...)
 	NOT-FOR-US: Apache DolphinScheduler
-CVE-2024-30188
+CVE-2024-30188 (File read and write vulnerability in Apache DolphinScheduler , authent ...)
 	NOT-FOR-US: Apache DolphinScheduler
 CVE-2024-7633
 	REJECTED
@@ -216,6 +308,7 @@ CVE-2023-40261 (Diebold Nixdorf Vynamic Security Suite (VSS) before 3.3.0 SR17,
 CVE-2023-33206 (Diebold Nixdorf Vynamic Security Suite (VSS) before 3.3.0 SR16, 4.0.0  ...)
 	NOT-FOR-US: Diebold Nixdorf Vynamic Security Suite (VSS)
 CVE-2024-7348 (Time-of-check Time-of-use (TOCTOU) race condition in pg_dump in Postgr ...)
+	{DSA-5746-1 DSA-5745-1}
 	- postgresql-16 16.4-1
 	- postgresql-15 <removed>
 	- postgresql-13 <removed>



View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/1187cce7e3a837e4656b74b50f18086c00a83b91

-- 
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/1187cce7e3a837e4656b74b50f18086c00a83b91
You're receiving this email because of your account on salsa.debian.org.


-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://alioth-lists.debian.net/pipermail/debian-security-tracker-commits/attachments/20240809/6a0f1800/attachment-0001.htm>

More information about the debian-security-tracker-commits mailing list