[Git][security-tracker-team/security-tracker][master] automatic update

Salvatore Bonaccorso (@carnil) carnil at debian.org
Tue Aug 20 21:12:52 BST 2024 


Salvatore Bonaccorso pushed to branch master at Debian Security Tracker / security-tracker


Commits:
2acedd21 by security tracker role at 2024-08-20T20:12:32+00:00
automatic update

- - - - -


1 changed file:

- data/CVE/list


Changes:

=====================================
data/CVE/list
=====================================
@@ -1,3 +1,203 @@
+CVE-2024-8005 (A vulnerability was found in demozx gf_cms 1.0/1.0.1. It has been clas ...)
+	TODO: check
+CVE-2024-8003 (A vulnerability was found in Go-Tribe gotribe-admin 1.0 and classified ...)
+	TODO: check
+CVE-2024-7711 (An Incorrect Authorization vulnerability was identified in GitHub Ente ...)
+	TODO: check
+CVE-2024-7054 (The Popup Maker \u2013 Boost Sales, Conversions, Optins, Subscribers w ...)
+	TODO: check
+CVE-2024-6918 (CWE-120: Buffer Copy without Checking Size of Input ('Classic Buffer O ...)
+	TODO: check
+CVE-2024-6800 (An XML signature wrapping vulnerability was present in GitHub Enterpri ...)
+	TODO: check
+CVE-2024-6379 (An URL redirection to untrusted site (open redirect) vulnerability aff ...)
+	TODO: check
+CVE-2024-6378 (A reflected Cross-site Scripting (XSS) vulnerability affecting ENOVIA  ...)
+	TODO: check
+CVE-2024-6377 (A reflected Cross-site Scripting (XSS) vulnerability affecting 3DSwyme ...)
+	TODO: check
+CVE-2024-6337 (An Incorrect Authorization vulnerability was identified in GitHub Ente ...)
+	TODO: check
+CVE-2024-6322 (Access control for plugin data sources protected by the ReqActions jso ...)
+	TODO: check
+CVE-2024-43409 (Ghost is a Node.js content management system. Improper authentication  ...)
+	TODO: check
+CVE-2024-43408 (Discourse Placeholder Forms will let you build dynamic documentation.  ...)
+	TODO: check
+CVE-2024-43406 (LF Edge eKuiper is a lightweight IoT data analytics and stream process ...)
+	TODO: check
+CVE-2024-43404 (MEGABOT is a fully customized Discord bot for learning and fun. The `/ ...)
+	TODO: check
+CVE-2024-43397 (Apollo is a configuration management system. A vulnerability exists in ...)
+	TODO: check
+CVE-2024-43377 (Umbraco CMS is an ASP.NET CMS. An authenticated user can access a few  ...)
+	TODO: check
+CVE-2024-43376 (Umbraco is an ASP.NET CMS. Some endpoints in the Management API can re ...)
+	TODO: check
+CVE-2024-42919 (eScan Management Console 14.0.1400.2281 is vulnerable to Incorrect Acc ...)
+	TODO: check
+CVE-2024-42662 (An issue in apollocongif apollo v.2.2.0 allows a remote attacker to ob ...)
+	TODO: check
+CVE-2024-42621 (Pligg CMS v2.0.2 was discovered to contain a Cross-Site Request Forger ...)
+	TODO: check
+CVE-2024-42619 (Pligg CMS v2.0.2 was discovered to contain a Cross-Site Request Forger ...)
+	TODO: check
+CVE-2024-42618 (Pligg CMS v2.0.2 was discovered to contain a Cross-Site Request Forger ...)
+	TODO: check
+CVE-2024-42617 (Pligg CMS v2.0.2 was discovered to contain a Cross-Site Request Forger ...)
+	TODO: check
+CVE-2024-42616 (Pligg CMS v2.0.2 was discovered to contain a Cross-Site Request Forger ...)
+	TODO: check
+CVE-2024-42613 (Pligg CMS v2.0.2 was discovered to contain a Cross-Site Request Forger ...)
+	TODO: check
+CVE-2024-42612 (Pligg CMS v2.0.2 was discovered to contain a Cross-Site Request Forger ...)
+	TODO: check
+CVE-2024-42611 (Pligg CMS v2.0.2 was discovered to contain a Cross-Site Request Forger ...)
+	TODO: check
+CVE-2024-42610 (Pligg CMS v2.0.2 was discovered to contain a Cross-Site Request Forger ...)
+	TODO: check
+CVE-2024-42609 (Pligg CMS v2.0.2 was discovered to contain a Cross-Site Request Forger ...)
+	TODO: check
+CVE-2024-42608 (Pligg CMS v2.0.2 was discovered to contain a Cross-Site Request Forger ...)
+	TODO: check
+CVE-2024-42607 (Pligg CMS v2.0.2 was discovered to contain a Cross-Site Request Forger ...)
+	TODO: check
+CVE-2024-42606 (Pligg CMS v2.0.2 was discovered to contain a Cross-Site Request Forger ...)
+	TODO: check
+CVE-2024-42605 (Pligg CMS v2.0.2 was discovered to contain a Cross-Site Request Forger ...)
+	TODO: check
+CVE-2024-42604 (Pligg CMS v2.0.2 was discovered to contain a Cross-Site Request Forger ...)
+	TODO: check
+CVE-2024-42603 (Pligg CMS v2.0.2 was discovered to contain a Cross-Site Request Forger ...)
+	TODO: check
+CVE-2024-42598 (SeaCMS 13.0 has a remote code execution vulnerability. The reason for  ...)
+	TODO: check
+CVE-2024-42586 (A Cross-Site Request Forgery (CSRF) in the component categorie.php of  ...)
+	TODO: check
+CVE-2024-42585 (A Cross-Site Request Forgery (CSRF) in the component delete_media.php  ...)
+	TODO: check
+CVE-2024-42584 (A Cross-Site Request Forgery (CSRF) in the component delete_product.ph ...)
+	TODO: check
+CVE-2024-42583 (A Cross-Site Request Forgery (CSRF) in the component delete_user.php o ...)
+	TODO: check
+CVE-2024-42582 (A Cross-Site Request Forgery (CSRF) in the component delete_categorie. ...)
+	TODO: check
+CVE-2024-42581 (A Cross-Site Request Forgery (CSRF) in the component delete_group.php  ...)
+	TODO: check
+CVE-2024-42580 (A Cross-Site Request Forgery (CSRF) in the component edit_group.php of ...)
+	TODO: check
+CVE-2024-42579 (A Cross-Site Request Forgery (CSRF) in the component add_group.php of  ...)
+	TODO: check
+CVE-2024-42578 (A Cross-Site Request Forgery (CSRF) in the component edit_product.php  ...)
+	TODO: check
+CVE-2024-42577 (A Cross-Site Request Forgery (CSRF) in the component add_product.php o ...)
+	TODO: check
+CVE-2024-42576 (A Cross-Site Request Forgery (CSRF) in the component edit_categorie.ph ...)
+	TODO: check
+CVE-2024-42575 (School Management System commit bae5aa was discovered to contain a SQL ...)
+	TODO: check
+CVE-2024-42574 (School Management System commit bae5aa was discovered to contain a SQL ...)
+	TODO: check
+CVE-2024-42573 (School Management System commit bae5aa was discovered to contain a SQL ...)
+	TODO: check
+CVE-2024-42572 (School Management System commit bae5aa was discovered to contain a SQL ...)
+	TODO: check
+CVE-2024-42571 (School Management System commit bae5aa was discovered to contain a SQL ...)
+	TODO: check
+CVE-2024-42570 (School Management System commit bae5aa was discovered to contain a SQL ...)
+	TODO: check
+CVE-2024-42569 (School Management System commit bae5aa was discovered to contain a SQL ...)
+	TODO: check
+CVE-2024-42568 (School Management System commit bae5aa was discovered to contain a SQL ...)
+	TODO: check
+CVE-2024-42567 (School Management System commit bae5aa was discovered to contain a SQL ...)
+	TODO: check
+CVE-2024-42566 (School Management System commit bae5aa was discovered to contain a SQL ...)
+	TODO: check
+CVE-2024-42565 (ERP commit 44bd04 was discovered to contain a SQL injection vulnerabil ...)
+	TODO: check
+CVE-2024-42564 (ERP commit 44bd04 was discovered to contain a SQL injection vulnerabil ...)
+	TODO: check
+CVE-2024-42563 (An arbitrary file upload vulnerability in ERP commit 44bd04 allows att ...)
+	TODO: check
+CVE-2024-42562 (Pharmacy Management System commit a2efc8 was discovered to contain a S ...)
+	TODO: check
+CVE-2024-42561 (Pharmacy Management System commit a2efc8 was discovered to contain a S ...)
+	TODO: check
+CVE-2024-42560 (A cross-site scripting (XSS) vulnerability in the component update_pag ...)
+	TODO: check
+CVE-2024-42559 (An issue in the login component (process_login.php) of Hotel Managemen ...)
+	TODO: check
+CVE-2024-42558 (Hotel Management System commit 91caab8 was discovered to contain a SQL ...)
+	TODO: check
+CVE-2024-42557 (A Cross-Site Request Forgery (CSRF) in the component admin_modify_room ...)
+	TODO: check
+CVE-2024-42556 (Hotel Management System commit 91caab8 was discovered to contain a SQL ...)
+	TODO: check
+CVE-2024-42555 (A Cross-Site Request Forgery (CSRF) in the component admin_room_remove ...)
+	TODO: check
+CVE-2024-42554 (Hotel Management System commit 91caab8 was discovered to contain a SQL ...)
+	TODO: check
+CVE-2024-42553 (A Cross-Site Request Forgery (CSRF) in the component admin_room_added. ...)
+	TODO: check
+CVE-2024-42552 (Hotel Management System commit 91caab8 was discovered to contain a SQL ...)
+	TODO: check
+CVE-2024-42369 (matrix-js-sdk is a Matrix messaging protocol Client-Server SDK for Jav ...)
+	TODO: check
+CVE-2024-42336 (Servision - CWE-287: Improper Authentication)
+	TODO: check
+CVE-2024-42335 (7Twenty - CWE-79: Improper Neutralization of Input During Web Page Gen ...)
+	TODO: check
+CVE-2024-42334 (Hargal - CWE-284: Improper Access Control)
+	TODO: check
+CVE-2024-42006 (Keyfactor AWS Orchestrator through 2.0 allows Information Disclosure.)
+	TODO: check
+CVE-2024-41773 (IBM Global Configuration Management 7.0.2 and 7.0.3 could allow an aut ...)
+	TODO: check
+CVE-2024-41700 (Barix \u2013 CWE-200 Exposure of Sensitive Information to an Unauthori ...)
+	TODO: check
+CVE-2024-41699 (Priority \u2013 CWE-552: Files or Directories Accessible to External P ...)
+	TODO: check
+CVE-2024-41698 (Priority \u2013 CWE-200: Exposure of Sensitive Information to an Unaut ...)
+	TODO: check
+CVE-2024-41697 (Priority -CWE-80: Improper Neutralization of Script-Related HTML Tags  ...)
+	TODO: check
+CVE-2024-41659 (memos is a privacy-first, lightweight note-taking service. A CORS misc ...)
+	TODO: check
+CVE-2024-40743 (The stripImages and stripIframes methods didn't properly process input ...)
+	TODO: check
+CVE-2024-39690 (Capsule is a multi-tenancy and policy-based framework for Kubernetes.  ...)
+	TODO: check
+CVE-2024-39094 (Friendica 2024.03 is vulnerable to Cross Site Scripting (XSS) in setti ...)
+	TODO: check
+CVE-2024-38175 (An improper access control vulnerability in the Azure Managed Instance ...)
+	TODO: check
+CVE-2024-35540 (A stored cross-site scripting (XSS) vulnerability in Typecho v1.3.0 al ...)
+	TODO: check
+CVE-2024-35214 (A tampering vulnerability in the CylanceOPTICS Windows Installer Packa ...)
+	TODO: check
+CVE-2024-34458 (Keyfactor Command 10.5.x before 10.5.1 and 11.5.x before 11.5.1 allows ...)
+	TODO: check
+CVE-2024-33872 (Keyfactor Command 10.5.x before 10.5.1 and 11.5.x before 11.5.1 allows ...)
+	TODO: check
+CVE-2024-31842 (An issue was discovered in Italtel Embrace 1.6.4. The web application  ...)
+	TODO: check
+CVE-2024-30949 (An issue in newlib v.4.3.0 allows an attacker to execute arbitrary cod ...)
+	TODO: check
+CVE-2024-28829 (Least privilege violation and reliance on untrusted inputs in the mk_i ...)
+	TODO: check
+CVE-2024-27187 (Improper Access Controls allows backend users to overwrite their usern ...)
+	TODO: check
+CVE-2024-27186 (The mail template feature lacks an escaping mechanism, causing XSS vec ...)
+	TODO: check
+CVE-2024-27185 (The pagination class includes arbitrary parameters in links, leading t ...)
+	TODO: check
+CVE-2024-27184 (Inadequate validation of URLs could result into an invalid check wheth ...)
+	TODO: check
+CVE-2024-25009 (Ericsson Packet Core Controller (PCC) contains a vulnerability in Acce ...)
+	TODO: check
+CVE-2024-21689 (This High severity RCE (Remote Code Execution) vulnerability CVE-2024- ...)
+	TODO: check
 CVE-2024-7949 (A vulnerability, which was classified as critical, was found in Source ...)
 	NOT-FOR-US: SourceCodester Online Graduate Tracer System
 CVE-2024-7948 (A vulnerability classified as problematic was found in SourceCodester  ...)
@@ -33237,7 +33437,7 @@ CVE-2024-31225 (RIOT is a real-time multi-threading operating system that suppor
 	NOT-FOR-US: RIOT
 CVE-2024-29466 (Directory Traversal vulnerability in lsgwr spring boot online exam v.0 ...)
 	NOT-FOR-US: lsgwr spring boot online exam
-CVE-2024-28979 (Dell OpenManage Enterprise, versions prior to 4.1.0, contains an XSS i ...)
+CVE-2024-28979 (Dell OpenManage Enterprise, versions 4.1.0 and older, contains an Impr ...)
 	NOT-FOR-US: Dell
 CVE-2024-28978 (Dell OpenManage Enterprise, versions 3.10 and 4.0, contains an Imprope ...)
 	NOT-FOR-US: Dell
@@ -107187,7 +107387,7 @@ CVE-2023-1675 (A vulnerability was found in SourceCodester School Registration a
 CVE-2023-1674 (A vulnerability was found in SourceCodester School Registration and Fe ...)
 	NOT-FOR-US: SourceCodester School Registration and Fee System
 CVE-2023-1673
-	RESERVED
+	REJECTED
 CVE-2023-28936 (Attacker can access arbitrary recording/room  Vendor: The Apache Softw ...)
 	NOT-FOR-US: Apache OpenMeetings
 CVE-2023-28935 (** UNSUPPORTED WHEN ASSIGNED ** Improper Neutralization of Special Ele ...)
@@ -110368,7 +110568,7 @@ CVE-2023-28076 (CloudLink 7.1.2 and all prior versions contain a broken or risky
 	NOT-FOR-US: Dell
 CVE-2023-28075 (Dell BIOS contain a Time-of-check Time-of-use vulnerability in BIOS. A ...)
 	NOT-FOR-US: Dell
-CVE-2023-28074 (Dell BSAFE Crypto-C Micro Edition 4.1.5 and Dell BSAFE Micro Edition S ...)
+CVE-2023-28074 (Dell BSAFE Crypto-C Micro Edition, version 4.1.5, and Dell BSAFE Micro ...)
 	NOT-FOR-US: Dell
 CVE-2023-28073 (Dell BIOS contains an improper authentication vulnerability. A locally ...)
 	NOT-FOR-US: Dell



View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/2acedd21cf6446a608c1043e2b12aa73b3d7d377

-- 
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/2acedd21cf6446a608c1043e2b12aa73b3d7d377
You're receiving this email because of your account on salsa.debian.org.


-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://alioth-lists.debian.net/pipermail/debian-security-tracker-commits/attachments/20240820/eb1df60a/attachment-0001.htm>

More information about the debian-security-tracker-commits mailing list