[Git][security-tracker-team/security-tracker][master] automatic update
Salvatore Bonaccorso (@carnil)
carnil at debian.org
Wed Aug 21 21:13:08 BST 2024
Salvatore Bonaccorso pushed to branch master at Debian Security Tracker / security-tracker
Commits:
29c749c5 by security tracker role at 2024-08-21T20:12:25+00:00
automatic update
- - - - -
1 changed file:
- data/CVE/list
Changes:
=====================================
data/CVE/list
=====================================
@@ -1,3 +1,119 @@
+CVE-2024-7795 (Autel MaxiCharger AC Elite Business C50 AppAuthenExchangeRandomNum Sta ...)
+ TODO: check
+CVE-2024-7757
+ REJECTED
+CVE-2024-7725 (Foxit PDF Reader AcroForm Use-After-Free Remote Code Execution Vulnera ...)
+ TODO: check
+CVE-2024-7724 (Foxit PDF Reader AcroForm Use-After-Free Remote Code Execution Vulnera ...)
+ TODO: check
+CVE-2024-7723 (Foxit PDF Reader AcroForm Use-After-Free Remote Code Execution Vulnera ...)
+ TODO: check
+CVE-2024-7722 (Foxit PDF Reader Doc Object Use-After-Free Information Disclosure Vuln ...)
+ TODO: check
+CVE-2024-7604 (Logsign Unified SecOps Platform Incorrect Authorization Authentication ...)
+ TODO: check
+CVE-2024-7603 (Logsign Unified SecOps Platform Directory Traversal Arbitrary Director ...)
+ TODO: check
+CVE-2024-7602 (Logsign Unified SecOps Platform Directory Traversal Information Disclo ...)
+ TODO: check
+CVE-2024-7601 (Logsign Unified SecOps Platform Directory data_export_delete_all Trave ...)
+ TODO: check
+CVE-2024-7600 (Logsign Unified SecOps Platform Directory Traversal Arbitrary File Del ...)
+ TODO: check
+CVE-2024-7448 (Magnet Forensics AXIOM Command Injection Remote Code Execution Vulnera ...)
+ TODO: check
+CVE-2024-6814 (NETGEAR ProSAFE Network Management System getFilterString SQL Injectio ...)
+ TODO: check
+CVE-2024-6813 (NETGEAR ProSAFE Network Management System getSortString SQL Injection ...)
+ TODO: check
+CVE-2024-6812 (IrfanView WSQ File Parsing Out-Of-Bounds Write Remote Code Execution V ...)
+ TODO: check
+CVE-2024-6811 (IrfanView WSQ File Parsing Out-Of-Bounds Write Remote Code Execution V ...)
+ TODO: check
+CVE-2024-6141 (Windscribe Directory Traversal Local Privilege Escalation Vulnerabilit ...)
+ TODO: check
+CVE-2024-5930 (VIPRE Advanced Security Incorrect Permission Assignment Local Privileg ...)
+ TODO: check
+CVE-2024-5929 (VIPRE Advanced Security PMAgent Uncontrolled Search Path Element Local ...)
+ TODO: check
+CVE-2024-5928 (VIPRE Advanced Security PMAgent Link Following Local Privilege Escalat ...)
+ TODO: check
+CVE-2024-5762 (Zen Cart findPluginAdminPage Local File Inclusion Remote Code Executio ...)
+ TODO: check
+CVE-2024-5725 (Centreon initCurveList SQL Injection Remote Code Execution Vulnerabili ...)
+ TODO: check
+CVE-2024-5723 (Centreon updateServiceHost SQL Injection Remote Code Execution Vulnera ...)
+ TODO: check
+CVE-2024-5335 (The Ultimate Store Kit Elementor Addons, Woocommerce Builder, EDD Buil ...)
+ TODO: check
+CVE-2024-43411 (CKEditor4 is an open source what-you-see-is-what-you-get HTML editor. ...)
+ TODO: check
+CVE-2024-43410 (Russh is a Rust SSH client & server library. Allocating an untrusted a ...)
+ TODO: check
+CVE-2024-43407 (CKEditor4 is an open source what-you-see-is-what-you-get HTML editor. ...)
+ TODO: check
+CVE-2024-43371 (CKAN is an open-source data management system for powering data hubs a ...)
+ TODO: check
+CVE-2024-43027 (DrayTek Vigor 3900 before v1.5.1.5_Beta, DrayTek Vigor 2960 before v1. ...)
+ TODO: check
+CVE-2024-43022 (An issue in the downloader.php component of TOSEI online store managem ...)
+ TODO: check
+CVE-2024-42786 (A SQL injection vulnerability in "/music/view_user.php" in Kashipara M ...)
+ TODO: check
+CVE-2024-42785 (A SQL injection vulnerability in /music/index.php?page=view_playlist i ...)
+ TODO: check
+CVE-2024-42784 (A SQL injection vulnerability in "/music/controller.php?page=view_musi ...)
+ TODO: check
+CVE-2024-42783 (Kashipara Music Management System v1.0 is vulnerable to SQL Injection ...)
+ TODO: check
+CVE-2024-42782 (A SQL injection vulnerability in "/music/ajax.php?action=find_music" i ...)
+ TODO: check
+CVE-2024-42781 (A SQL injection vulnerability in "/music/ajax.php?action=login" of Kas ...)
+ TODO: check
+CVE-2024-42780 (An Unrestricted file upload vulnerability was found in "/music/ajax.ph ...)
+ TODO: check
+CVE-2024-42779 (An Unrestricted file upload vulnerability was found in "/music/ajax.ph ...)
+ TODO: check
+CVE-2024-42778 (An Unrestricted file upload vulnerability was found in "/music/ajax.ph ...)
+ TODO: check
+CVE-2024-42777 (An Unrestricted file upload vulnerability was found in "/music/ajax.ph ...)
+ TODO: check
+CVE-2024-42550 (A cross-site scripting (XSS) vulnerability in the component /email/wel ...)
+ TODO: check
+CVE-2024-41937 (Apache Airflow, versions before 2.10.0, have a vulnerability that allo ...)
+ TODO: check
+CVE-2024-41675 (CKAN is an open-source data management system for powering data hubs a ...)
+ TODO: check
+CVE-2024-41674 (CKAN is an open-source data management system for powering data hubs a ...)
+ TODO: check
+CVE-2024-41572 (Learning with Texts (LWT) 2.0.3 is vulnerable to Cross Site Scripting ...)
+ TODO: check
+CVE-2024-40453 (squirrellyjs squirrelly v9.0.0 and fixed in v.9.0.1 was discovered to ...)
+ TODO: check
+CVE-2024-39344 (An issue was discovered in the Docusign API package 8.142.14 for Sales ...)
+ TODO: check
+CVE-2024-37008 (A maliciously crafted DWG file, when parsed in Revit, can force a stac ...)
+ TODO: check
+CVE-2024-33657 (This SMM vulnerability affects certain modules, allowing privileged at ...)
+ TODO: check
+CVE-2024-33656 (The DXE module SmmComputrace contains a vulnerability that allows loca ...)
+ TODO: check
+CVE-2024-28000 (Incorrect Privilege Assignment vulnerability in LiteSpeed Technologies ...)
+ TODO: check
+CVE-2024-21690 (This High severity Reflected XSS and CSRF (Cross-Site Request Forgery) ...)
+ TODO: check
+CVE-2024-20488 (A vulnerability in the web-based management interface of Cisco Unified ...)
+ TODO: check
+CVE-2024-20486 (A vulnerability in the web-based management interface of Cisco Identit ...)
+ TODO: check
+CVE-2024-20466 (A vulnerability in the web-based management interface of Cisco Identit ...)
+ TODO: check
+CVE-2024-20417 (Multiple vulnerabilities in the REST API of Cisco Identity Services En ...)
+ TODO: check
+CVE-2024-20375 (A vulnerability in the SIP call processing function of Cisco Unified C ...)
+ TODO: check
+CVE-2023-49198 (Mysql security vulnerability in Apache SeaTunnel. Attackers can read ...)
+ TODO: check
CVE-2024-8023 (A vulnerability classified as critical has been found in chillzhuang S ...)
NOT-FOR-US: chillzhuang SpringBlade
CVE-2024-8022 (A vulnerability was found in Genexis Tilgin Home Gateway 322_AS0500-03 ...)
@@ -268,7 +384,7 @@ CVE-2022-48867 (In the Linux kernel, the following vulnerability has been resolv
- linux 6.1.8-1
[bullseye] - linux <not-affected> (Vulnerable code not present)
NOTE: https://git.kernel.org/linus/1beeec45f9ac31eba52478379f70a5fa9c2ad005 (6.2-rc5)
-CVE-2024-8007
+CVE-2024-8007 (A flaw was found in the Red Hat OpenStack Platform (RHOSP) director. T ...)
NOT-FOR-US: RHOSP Director / Red Hat OpenStack Platform
CVE-2024-22034
- osc 1.9.0-1
@@ -1380,7 +1496,7 @@ CVE-2023-4025 (The Radio Player plugin for WordPress is vulnerable to unauthoriz
NOT-FOR-US: WordPress plugin
CVE-2023-4024 (The Radio Player plugin for WordPress is vulnerable to unauthorized mo ...)
NOT-FOR-US: WordPress plugin
-CVE-2024-7885
+CVE-2024-7885 (A vulnerability was found in Undertow where the ProxyProtocolReadListe ...)
- undertow <unfixed>
NOTE: https://bugzilla.redhat.com/show_bug.cgi?id=2305290
CVE-2024-7646 (A security issue was discovered in ingress-nginx where an actor with p ...)
@@ -12277,6 +12393,7 @@ CVE-2023-39324
CVE-2024-40767 (In OpenStack Nova before 27.4.1, 28 before 28.2.1, and 29 before 29.1. ...)
- nova <not-affected> (Incomplete fix/regression never introduced in Debian as fix for CVE-2024-32498 complete)
CVE-2024-32498 (An issue was discovered in OpenStack Cinder through 24.0.0, Glance bef ...)
+ {DSA-5756-1 DSA-5755-1 DSA-5754-1}
- cinder 2:24.0.0-5 (bug #1074763)
- glance 2:28.0.1-3+deb12u1 (bug #1074761)
- nova 2:29.0.2-4 (bug #1074762)
@@ -20058,6 +20175,7 @@ CVE-2024-5387
CVE-2024-5214
REJECTED
CVE-2024-5171 (Integer overflow in libaom internal functionimg_alloc_helper can lead ...)
+ {DSA-5753-1}
- aom 3.8.2-3
NOTE: https://issues.chromium.org/issues/332382766
NOTE: https://aomedia.googlesource.com/aom/+/19d9966572a410804349e1a8ee2017fed49a6dab
@@ -104625,8 +104743,8 @@ CVE-2023-29931 (laravel-s 3.7.35 is vulnerable to Local File Inclusion via /src/
NOT-FOR-US: laravel-s
CVE-2023-29930 (An issue was found in Genesys CIC Polycom phone provisioning TFTP Serv ...)
NOT-FOR-US: Genesys
-CVE-2023-29929
- RESERVED
+CVE-2023-29929 (Buffer Overflow vulnerability found in Kemptechnologies Loadmaster bef ...)
+ TODO: check
CVE-2023-29928
RESERVED
CVE-2023-29927 (Versions of Sage 300 through 2022 implement role-based access controls ...)
@@ -127976,8 +128094,8 @@ CVE-2015-10011 (A vulnerability classified as problematic has been found in Open
NOT-FOR-US: OpenResolve
CVE-2015-10010 (A vulnerability was found in OpenDNS OpenResolve. It has been rated as ...)
NOT-FOR-US: OpenResolve
-CVE-2023-22576
- RESERVED
+CVE-2023-22576 (Dell Repository Manager version 3.4.2 and earlier, contain a Local Pri ...)
+ TODO: check
CVE-2023-22575 (Dell PowerScale OneFS 9.0.0.x - 9.4.0.x contain an insertion of sensit ...)
NOT-FOR-US: Dell
CVE-2023-22574 (Dell PowerScale OneFS 9.0.0.x - 9.4.0.x contain an insertion of sensit ...)
@@ -195715,10 +195833,10 @@ CVE-2022-26330 (Potential vulnerabilities have been identified in Micro Focus Ar
NOT-FOR-US: Micro Focus
CVE-2022-26329 (File existence disclosure vulnerability in NetIQ Identity Manager plug ...)
NOT-FOR-US: Micro Focus
-CVE-2022-26328
- RESERVED
-CVE-2022-26327
- RESERVED
+CVE-2022-26328 (Improper Neutralization of Input During Web Page Generation (XSS or 'C ...)
+ TODO: check
+CVE-2022-26327 (Exposure of Sensitive Information to an Unauthorized Actor vulnerabili ...)
+ TODO: check
CVE-2022-26326 (Potential open redirection vulnerability when URL is crafted in specif ...)
NOT-FOR-US: NetIQ Access Manager
CVE-2022-26325 (Reflected Cross Site Scripting (XSS) vulnerability in NetIQ Access Man ...)
@@ -333214,16 +333332,16 @@ CVE-2020-11852 (DKIM key management page vulnerability on Micro Focus Secure Mes
NOT-FOR-US: Micro Focus
CVE-2020-11851 (Arbitrary code execution vulnerability on Micro Focus ArcSight Logger ...)
NOT-FOR-US: Micro Focus
-CVE-2020-11850
- RESERVED
+CVE-2020-11850 (Improper Input Validation vulnerability in OpenText Self Service Passw ...)
+ TODO: check
CVE-2020-11849 (Elevation of privilege and/or unauthorized access vulnerability in Mic ...)
NOT-FOR-US: Micro Focus
CVE-2020-11848 (Denial of service vulnerability on Micro Focus ArcSight Management Cen ...)
NOT-FOR-US: Micro Focus
-CVE-2020-11847
- RESERVED
-CVE-2020-11846
- RESERVED
+CVE-2020-11847 (SSH authenticated user when access the PAM server can execute an OS co ...)
+ TODO: check
+CVE-2020-11846 (A vulnerability found in OpenText Privileged Access Manager that issue ...)
+ TODO: check
CVE-2020-11845 (Cross Site Scripting vulnerability in Micro Focus Service Manager prod ...)
NOT-FOR-US: Micro Focus
CVE-2020-11844 (Incorrect Authorization vulnerability in Micro Focus Container Deploym ...)
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/29c749c5372621d974f1c8ab83aa51f4a6a08fef
--
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/29c749c5372621d974f1c8ab83aa51f4a6a08fef
You're receiving this email because of your account on salsa.debian.org.
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://alioth-lists.debian.net/pipermail/debian-security-tracker-commits/attachments/20240821/03083a52/attachment-0001.htm>
More information about the debian-security-tracker-commits
mailing list