[Git][security-tracker-team/security-tracker][master] automatic update
Salvatore Bonaccorso (@carnil)
carnil at debian.org
Tue Aug 13 09:12:12 BST 2024
Salvatore Bonaccorso pushed to branch master at Debian Security Tracker / security-tracker
Commits:
d76e0220 by security tracker role at 2024-08-13T08:11:49+00:00
automatic update
- - - - -
1 changed file:
- data/CVE/list
Changes:
=====================================
data/CVE/list
=====================================
@@ -1,3 +1,177 @@
+CVE-2024-7715 (** UNSUPPORTED WHEN ASSIGNED ** A vulnerability was found in D-Link DN ...)
+ TODO: check
+CVE-2024-7709 (A vulnerability, which was classified as problematic, has been found i ...)
+ TODO: check
+CVE-2024-7707 (A vulnerability was found in Tenda FH1206 02.03.01.35 and classified a ...)
+ TODO: check
+CVE-2024-7706 (A vulnerability was found in Fujian mwcms 1.0.0. It has been rated as ...)
+ TODO: check
+CVE-2024-7705 (A vulnerability was found in Fujian mwcms 1.0.0. It has been declared ...)
+ TODO: check
+CVE-2024-7704 (A vulnerability was found in Weaver e-cology 8. It has been classified ...)
+ TODO: check
+CVE-2024-7590 (Improper Neutralization of Input During Web Page Generation (XSS or 'C ...)
+ TODO: check
+CVE-2024-7388 (The WP Bannerize Pro plugin for WordPress is vulnerable to Stored Cros ...)
+ TODO: check
+CVE-2024-7247 (The Element Pack Elementor Addons (Header Footer, Template Library, Dy ...)
+ TODO: check
+CVE-2024-7094 (The JS Help Desk \u2013 The Ultimate Help Desk & Support Plugin plugin ...)
+ TODO: check
+CVE-2024-7092 (The Essential Addons for Elementor \u2013 Best Elementor Templates, Wi ...)
+ TODO: check
+CVE-2024-6823 (The Media Library Assistant plugin for WordPress is vulnerable to arbi ...)
+ TODO: check
+CVE-2024-6724 (The Generate Images WordPress plugin before 5.2.8 does not sanitise a ...)
+ TODO: check
+CVE-2024-43360 (ZoneMinder is a free, open source closed-circuit television software a ...)
+ TODO: check
+CVE-2024-43359 (ZoneMinder is a free, open source closed-circuit television software a ...)
+ TODO: check
+CVE-2024-43358 (ZoneMinder is a free, open source closed-circuit television software a ...)
+ TODO: check
+CVE-2024-43233 (Improper Neutralization of Input During Web Page Generation (XSS or 'C ...)
+ TODO: check
+CVE-2024-43231 (Improper Neutralization of Input During Web Page Generation (XSS or 'C ...)
+ TODO: check
+CVE-2024-43227 (Improper Neutralization of Input During Web Page Generation (XSS or 'C ...)
+ TODO: check
+CVE-2024-43226 (Improper Neutralization of Input During Web Page Generation (XSS or 'C ...)
+ TODO: check
+CVE-2024-43225 (Improper Neutralization of Input During Web Page Generation (XSS or 'C ...)
+ TODO: check
+CVE-2024-43224 (Improper Neutralization of Input During Web Page Generation (XSS or 'C ...)
+ TODO: check
+CVE-2024-43220 (Improper Neutralization of Input During Web Page Generation (XSS or 'C ...)
+ TODO: check
+CVE-2024-43218 (Improper Neutralization of Input During Web Page Generation (XSS or 'C ...)
+ TODO: check
+CVE-2024-43217 (Improper Neutralization of Input During Web Page Generation (XSS or 'C ...)
+ TODO: check
+CVE-2024-43216 (Improper Neutralization of Input During Web Page Generation (XSS or 'C ...)
+ TODO: check
+CVE-2024-43213 (Improper Neutralization of Input During Web Page Generation (XSS or 'C ...)
+ TODO: check
+CVE-2024-43210 (Improper Neutralization of Input During Web Page Generation (XSS or 'C ...)
+ TODO: check
+CVE-2024-43164 (Improper Neutralization of Input During Web Page Generation (XSS or 'C ...)
+ TODO: check
+CVE-2024-43163 (Improper Neutralization of Input During Web Page Generation (XSS or 'C ...)
+ TODO: check
+CVE-2024-43161 (Improper Neutralization of Input During Web Page Generation (XSS or 'C ...)
+ TODO: check
+CVE-2024-43156 (Improper Neutralization of Input During Web Page Generation (XSS or 'C ...)
+ TODO: check
+CVE-2024-43155 (Improper Neutralization of Input During Web Page Generation (XSS or 'C ...)
+ TODO: check
+CVE-2024-43152 (Improper Neutralization of Input During Web Page Generation (XSS or 'C ...)
+ TODO: check
+CVE-2024-43151 (Improper Neutralization of Input During Web Page Generation (XSS or 'C ...)
+ TODO: check
+CVE-2024-43150 (Improper Neutralization of Input During Web Page Generation (XSS or 'C ...)
+ TODO: check
+CVE-2024-43149 (Improper Neutralization of Input During Web Page Generation (XSS or 'C ...)
+ TODO: check
+CVE-2024-43148 (Improper Neutralization of Input During Web Page Generation (XSS or 'C ...)
+ TODO: check
+CVE-2024-43147 (Improper Neutralization of Input During Web Page Generation (XSS or 'C ...)
+ TODO: check
+CVE-2024-43139 (Improper Neutralization of Input During Web Page Generation (XSS or 'C ...)
+ TODO: check
+CVE-2024-43137 (Improper Neutralization of Input During Web Page Generation (XSS or 'C ...)
+ TODO: check
+CVE-2024-43133 (Improper Neutralization of Input During Web Page Generation (XSS or 'C ...)
+ TODO: check
+CVE-2024-43130 (Improper Neutralization of Input During Web Page Generation (XSS or 'C ...)
+ TODO: check
+CVE-2024-43127 (Improper Neutralization of Input During Web Page Generation (XSS or 'C ...)
+ TODO: check
+CVE-2024-43126 (Improper Neutralization of Input During Web Page Generation (XSS or 'C ...)
+ TODO: check
+CVE-2024-43125 (Improper Neutralization of Input During Web Page Generation (XSS or 'C ...)
+ TODO: check
+CVE-2024-43124 (Improper Neutralization of Input During Web Page Generation (XSS or 'C ...)
+ TODO: check
+CVE-2024-43123 (Improper Neutralization of Input During Web Page Generation (XSS or 'C ...)
+ TODO: check
+CVE-2024-42377 (SAP shared service framework allows an authenticated non-administrativ ...)
+ TODO: check
+CVE-2024-42376 (SAP Shared Service Framework does not perform necessary authorization ...)
+ TODO: check
+CVE-2024-42375 (SAP BusinessObjects Business Intelligence Platform allows an authent ...)
+ TODO: check
+CVE-2024-42374 (BEx Web Java Runtime Export Web Service does not sufficiently validate ...)
+ TODO: check
+CVE-2024-42373 (SAP Student Life Cycle Management (SLcM) fails to conduct proper autho ...)
+ TODO: check
+CVE-2024-41978 (A vulnerability has been identified in RUGGEDCOM RM1224 LTE(4G) EU (6G ...)
+ TODO: check
+CVE-2024-41977 (A vulnerability has been identified in RUGGEDCOM RM1224 LTE(4G) EU (6G ...)
+ TODO: check
+CVE-2024-41976 (A vulnerability has been identified in RUGGEDCOM RM1224 LTE(4G) EU (6G ...)
+ TODO: check
+CVE-2024-41941 (A vulnerability has been identified in SINEC NMS (All versions < V3.0) ...)
+ TODO: check
+CVE-2024-41940 (A vulnerability has been identified in SINEC NMS (All versions < V3.0) ...)
+ TODO: check
+CVE-2024-41939 (A vulnerability has been identified in SINEC NMS (All versions < V3.0) ...)
+ TODO: check
+CVE-2024-41938 (A vulnerability has been identified in SINEC NMS (All versions < V3.0) ...)
+ TODO: check
+CVE-2024-41908 (A vulnerability has been identified in NX (All versions < V2406.3000). ...)
+ TODO: check
+CVE-2024-41907 (A vulnerability has been identified in SINEC Traffic Analyzer (6GK8822 ...)
+ TODO: check
+CVE-2024-41906 (A vulnerability has been identified in SINEC Traffic Analyzer (6GK8822 ...)
+ TODO: check
+CVE-2024-41905 (A vulnerability has been identified in SINEC Traffic Analyzer (6GK8822 ...)
+ TODO: check
+CVE-2024-41904 (A vulnerability has been identified in SINEC Traffic Analyzer (6GK8822 ...)
+ TODO: check
+CVE-2024-41903 (A vulnerability has been identified in SINEC Traffic Analyzer (6GK8822 ...)
+ TODO: check
+CVE-2024-41737 (SAP CRM ABAP (Insights Management) allows an authenticated attacker to ...)
+ TODO: check
+CVE-2024-41736 (Under certain conditions SAP Permit to Work allows an authenticated at ...)
+ TODO: check
+CVE-2024-41735 (SAP Commerce Backoffice does not sufficiently encode user-controlled i ...)
+ TODO: check
+CVE-2024-41734 (Due to missing authorization check in SAP NetWeaver Application Server ...)
+ TODO: check
+CVE-2024-41733 (In SAP Commerce, valid user accounts can be identified during the cust ...)
+ TODO: check
+CVE-2024-41732 (SAP NetWeaver Application Server ABAP allows an unauthenticated atta ...)
+ TODO: check
+CVE-2024-41731 (SAP BusinessObjects Business Intelligence Platform allows an authentic ...)
+ TODO: check
+CVE-2024-41730 (In SAP BusinessObjects Business Intelligence Platform, if Single Signe ...)
+ TODO: check
+CVE-2024-41683 (A vulnerability has been identified in Location Intelligence family (A ...)
+ TODO: check
+CVE-2024-41682 (A vulnerability has been identified in Location Intelligence family (A ...)
+ TODO: check
+CVE-2024-41681 (A vulnerability has been identified in Location Intelligence family (A ...)
+ TODO: check
+CVE-2024-39922 (A vulnerability has been identified in LOGO! 12/24RCE (6ED1052-1MD08-0 ...)
+ TODO: check
+CVE-2024-39591 (SAP Document Builder does not perform necessary authorization checks f ...)
+ TODO: check
+CVE-2024-37930 (Exposure of Sensitive Information to an Unauthorized Actor, Missing Au ...)
+ TODO: check
+CVE-2024-37924 (Exposure of Sensitive Information to an Unauthorized Actor vulnerabili ...)
+ TODO: check
+CVE-2024-36398 (A vulnerability has been identified in SINEC NMS (All versions < V3.0) ...)
+ TODO: check
+CVE-2024-35775 (Improper Neutralization of Input During Web Page Generation (XSS or 'C ...)
+ TODO: check
+CVE-2024-33005 (Due to the missing authorization checks in the local systems, the admi ...)
+ TODO: check
+CVE-2024-33003 (Some OCC API endpoints in SAP Commerce Cloud allows Personally Identif ...)
+ TODO: check
+CVE-2024-28166 (SAP BusinessObjects Business Intelligence Platform allows an authent ...)
+ TODO: check
+CVE-2023-7066 (The affected applications contain an out of bounds read past the end o ...)
+ TODO: check
CVE-2024-7700 (A command injection flaw was found in the "Host Init Config" template ...)
- foreman <itp> (bug #663101)
CVE-2024-7697 (Logical vulnerability in the mobile application (com.transsion.carlcar ...)
@@ -1727,13 +1901,13 @@ CVE-2024-38882 (An issue in Horizon Business Services Inc. Caterease 16.0.1.1663
NOT-FOR-US: Caterease
CVE-2024-38881 (An issue in Horizon Business Services Inc. Caterease 16.0.1.1663 throu ...)
NOT-FOR-US: Caterease
-CVE-2024-38879 (A vulnerability has been identified in OmniviseT3000 Application Serve ...)
+CVE-2024-38879 (A vulnerability has been identified in Omnivise T3000 Application Serv ...)
NOT-FOR-US: OmniviseT3000
-CVE-2024-38878 (A vulnerability has been identified in OmniviseT3000 Application Serve ...)
+CVE-2024-38878 (A vulnerability has been identified in Omnivise T3000 Application Serv ...)
NOT-FOR-US: OmniviseT3000
-CVE-2024-38877 (A vulnerability has been identified in OmniviseT3000 Application Serve ...)
+CVE-2024-38877 (A vulnerability has been identified in Omnivise T3000 Application Serv ...)
NOT-FOR-US: OmniviseT3000
-CVE-2024-38876 (A vulnerability has been identified in OmniviseT3000 Application Serve ...)
+CVE-2024-38876 (A vulnerability has been identified in Omnivise T3000 Application Serv ...)
NOT-FOR-US: OmniviseT3000
CVE-2024-33896 (Cosy+ devices running a firmware 21.x below 21.2s10 or a firmware 22.x ...)
NOT-FOR-US: Cosy+
@@ -25477,11 +25651,11 @@ CVE-2024-32740 (A vulnerability has been identified in SIMATIC CN 4100 (All vers
NOT-FOR-US: Siemens
CVE-2024-32639 (A vulnerability has been identified in Tecnomatix Plant Simulation V23 ...)
NOT-FOR-US: Siemens
-CVE-2024-32637 (A vulnerability has been identified in Parasolid V35.1 (All versions < ...)
+CVE-2024-32637 (A vulnerability has been identified in JT2Go (All versions < V2312.000 ...)
NOT-FOR-US: Siemens
-CVE-2024-32636 (A vulnerability has been identified in Parasolid V35.1 (All versions < ...)
+CVE-2024-32636 (A vulnerability has been identified in JT2Go (All versions < V2312.000 ...)
NOT-FOR-US: Siemens
-CVE-2024-32635 (A vulnerability has been identified in Parasolid V35.1 (All versions < ...)
+CVE-2024-32635 (A vulnerability has been identified in JT2Go (All versions < V2312.000 ...)
NOT-FOR-US: Siemens
CVE-2024-32465 (Git is a revision control system. The Git project recommends to avoid ...)
{DLA-3844-1}
@@ -25763,7 +25937,7 @@ CVE-2023-50180 (An exposure of sensitive system information to an unauthorized c
NOT-FOR-US: ForiGuard
CVE-2023-46714 (A stack-based buffer overflow [CWE-121] vulnerability in Fortinet Fort ...)
NOT-FOR-US: FortiGuard
-CVE-2023-46280 (A vulnerability has been identified in S7-PCT (All versions), Security ...)
+CVE-2023-46280 (A vulnerability has been identified in SINEC NMS (All versions < V3.0) ...)
NOT-FOR-US: Siemens
CVE-2023-45586 (An insufficient verification of data authenticity vulnerability [CWE-3 ...)
NOT-FOR-US: FortiGuard
@@ -71000,21 +71174,21 @@ CVE-2023-45585 (An insertion of sensitive information into log file vulnerabilit
NOT-FOR-US: FortiGuard
CVE-2023-45582 (An improper restriction of excessive authentication attempts vulnerabi ...)
NOT-FOR-US: FortiGuard
-CVE-2023-44374 (Affected devices allow to change the password, but insufficiently chec ...)
+CVE-2023-44374 (A vulnerability has been identified in RUGGEDCOM RM1224 LTE(4G) EU (6G ...)
NOT-FOR-US: Siemens
-CVE-2023-44373 (Affected devices do not properly sanitize an input field. This could ...)
+CVE-2023-44373 (A vulnerability has been identified in RUGGEDCOM RM1224 LTE(4G) EU (6G ...)
NOT-FOR-US: Siemens
-CVE-2023-44322 (Affected devices can be configured to send emails when certain events ...)
+CVE-2023-44322 (A vulnerability has been identified in RUGGEDCOM RM1224 LTE(4G) EU (6G ...)
NOT-FOR-US: Siemens
CVE-2023-44321 (Affected devices do not properly validate the length of inputs when pe ...)
NOT-FOR-US: Siemens
-CVE-2023-44320 (Affected devices do not properly validate the authentication when perf ...)
+CVE-2023-44320 (A vulnerability has been identified in RUGGEDCOM RM1224 LTE(4G) EU (6G ...)
NOT-FOR-US: Siemens
-CVE-2023-44319 (Affected devices use a weak checksum algorithm to protect the configur ...)
+CVE-2023-44319 (A vulnerability has been identified in RUGGEDCOM RM1224 LTE(4G) EU (6G ...)
NOT-FOR-US: Siemens
CVE-2023-44318 (Affected devices use a hardcoded key to obfuscate the configuration ba ...)
NOT-FOR-US: Siemens
-CVE-2023-44317 (Affected products do not properly validate the content of uploaded X50 ...)
+CVE-2023-44317 (A vulnerability has been identified in RUGGEDCOM RM1224 LTE(4G) EU (6G ...)
NOT-FOR-US: Siemens
CVE-2023-44248 (An improper access control vulnerability [CWE-284] inFortiEDRCollector ...)
NOT-FOR-US: FortiGuard
@@ -158348,8 +158522,8 @@ CVE-2022-38384
RESERVED
CVE-2022-38383 (IBM Cloud Pak for Security (CP4S) 1.10.0.0 through 1.10.11.0 and IBM Q ...)
NOT-FOR-US: IBM
-CVE-2022-38382
- RESERVED
+CVE-2022-38382 (IBM Cloud Pak for Security (CP4S) 1.10.0.0 through 1.10.11.0 and IBM Q ...)
+ TODO: check
CVE-2022-38105 (An information disclosure vulnerability exists in the cm_processREQ_NC ...)
NOT-FOR-US: Asus
CVE-2022-2870 (A vulnerability was found in laravel 5.1 and classified as problematic ...)
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/d76e0220a016870fe9a30465310521c60ca876fb
--
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/d76e0220a016870fe9a30465310521c60ca876fb
You're receiving this email because of your account on salsa.debian.org.
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://alioth-lists.debian.net/pipermail/debian-security-tracker-commits/attachments/20240813/79ffb631/attachment-0001.htm>
More information about the debian-security-tracker-commits
mailing list