[Git][security-tracker-team/security-tracker][master] automatic update
Salvatore Bonaccorso (@carnil)
carnil at debian.org
Fri Aug 23 21:12:34 BST 2024
Salvatore Bonaccorso pushed to branch master at Debian Security Tracker / security-tracker
Commits:
741b2202 by security tracker role at 2024-08-23T20:12:15+00:00
automatic update
- - - - -
1 changed file:
- data/CVE/list
Changes:
=====================================
data/CVE/list
=====================================
@@ -1,4 +1,138 @@
-CVE-2024-43883 [usb: vhci-hcd: Do not drop references before new references are gained]
+CVE-2024-8113 (Stored XSS in organizer and event settings of pretix up to 2024.7.0 al ...)
+ TODO: check
+CVE-2024-8112 (A vulnerability was found in thinkgem JeeSite 5.3. It has been rated a ...)
+ TODO: check
+CVE-2024-7986 (A vulnerability exists in the Rockwell AutomationThinManager\xae ThinS ...)
+ TODO: check
+CVE-2024-7954 (The porte_plume plugin used by SPIP before 4.30-alpha2, 4.2.13, and 4. ...)
+ TODO: check
+CVE-2024-7428 (URL Redirection to Untrusted Site ('Open Redirect') vulnerability in O ...)
+ TODO: check
+CVE-2024-7427 (Improper Neutralization of Input During Web Page Generation (XSS or 'C ...)
+ TODO: check
+CVE-2024-5586 (ZohocorpManageEngineADAudit Plus versions below8121 are vulnerable to ...)
+ TODO: check
+CVE-2024-5556 (ZohocorpManageEngineADAudit Plus versions below8000 are vulnerable to ...)
+ TODO: check
+CVE-2024-5502 (The Piotnet Addons For Elementor plugin for WordPress is vulnerable to ...)
+ TODO: check
+CVE-2024-5490 (ZohocorpManageEngineADAudit Plus versions below8000 are vulnerable to ...)
+ TODO: check
+CVE-2024-5467 (ZohocorpManageEngineADAudit Plus versions below8121 are vulnerable to ...)
+ TODO: check
+CVE-2024-5466 (Zohocorp ManageEngine OpManager andRemote Monitoring and Management ve ...)
+ TODO: check
+CVE-2024-45190 (Mage AI allows remote users with the "Viewer" role to leak arbitrary f ...)
+ TODO: check
+CVE-2024-45189 (Mage AI allows remote users with the "Viewer" role to leak arbitrary f ...)
+ TODO: check
+CVE-2024-45188 (Mage AI allows remote users with the "Viewer" role to leak arbitrary f ...)
+ TODO: check
+CVE-2024-45187 (Guest users in the Mage AI framework that remain logged in after their ...)
+ TODO: check
+CVE-2024-44390 (Tenda FH1206 V1.2.0.8(8155)_EN contains a Buffer Overflow vulnerabilit ...)
+ TODO: check
+CVE-2024-44387 (Tenda FH1206 V1.2.0.8(8155)_EN contains a Buffer Overflow vulnerabilit ...)
+ TODO: check
+CVE-2024-44386 (Tenda FH1206 V1.2.0.8(8155)_EN contains a Buffer Overflow vulnerabilit ...)
+ TODO: check
+CVE-2024-44382 (D-Link DI_8004W 16.07.26A1 contains a command execution vulnerability ...)
+ TODO: check
+CVE-2024-44381 (D-Link DI_8004W 16.07.26A1 contains a command execution vulnerability ...)
+ TODO: check
+CVE-2024-43794 (OpenSearch Dashboards Security Plugin adds a configuration management ...)
+ TODO: check
+CVE-2024-43791 (RequestStore provides per-request global storage for Rack. The files p ...)
+ TODO: check
+CVE-2024-43782 (This openedx-translations repository contains translation files from O ...)
+ TODO: check
+CVE-2024-43032 (autMan v2.9.6 allows attackers to bypass authentication via a crafted ...)
+ TODO: check
+CVE-2024-43031 (autMan v2.9.6 was discovered to contain an access control issue.)
+ TODO: check
+CVE-2024-42992 (Python Pip Pandas v2.2.2 was discovered to contain an arbitrary file r ...)
+ TODO: check
+CVE-2024-42918 (itsourcecode Online Accreditation Management System contains a Cross S ...)
+ TODO: check
+CVE-2024-42915 (A host header injection vulnerability in Staff Appraisal System v1.0 a ...)
+ TODO: check
+CVE-2024-42914 (A host header injection vulnerability exists in the forgot password fu ...)
+ TODO: check
+CVE-2024-42852 (Cross Site Scripting vulnerability in AcuToWeb server v.10.5.0.7577C8b ...)
+ TODO: check
+CVE-2024-42845 (An eval Injection vulnerability in the component invesalius/reader/dic ...)
+ TODO: check
+CVE-2024-42766 (Kashipara Bus Ticket Reservation System v1.0 0 is vulnerable to Incorr ...)
+ TODO: check
+CVE-2024-42765 (A SQL injection vulnerability in "/login.php" of the Kashipara Bus Tic ...)
+ TODO: check
+CVE-2024-42764 (Kashipara Bus Ticket Reservation System v1.0 is vulnerable to Cross Si ...)
+ TODO: check
+CVE-2024-42756 (An issue in Netgear DGN1000WW v.1.1.00.45 allows a remote attacker to ...)
+ TODO: check
+CVE-2024-42636 (DedeCMS V5.7.115 has a command execution vulnerability via file_manage ...)
+ TODO: check
+CVE-2024-42531 (Ezviz Internet PT Camera CS-CV246 D15655150 allows an unauthenticated ...)
+ TODO: check
+CVE-2024-42523 (publiccms V4.0.202302.e and before is vulnerable to Any File Upload vi ...)
+ TODO: check
+CVE-2024-42364 (Homepage is a highly customizable homepage with Docker and service API ...)
+ TODO: check
+CVE-2024-42040 (Buffer Overflow vulnerability in the net/bootp.c in DENEX U-Boot from ...)
+ TODO: check
+CVE-2024-41878 (Adobe Experience Manager versions 6.5.19 and earlier are affected by a ...)
+ TODO: check
+CVE-2024-41877 (Adobe Experience Manager versions 6.5.19 and earlier are affected by a ...)
+ TODO: check
+CVE-2024-41876 (Adobe Experience Manager versions 6.5.20 and earlier are affected by a ...)
+ TODO: check
+CVE-2024-41875 (Adobe Experience Manager versions 6.5.20 and earlier are affected by a ...)
+ TODO: check
+CVE-2024-41849 (Adobe Experience Manager versions 6.5.20 and earlier are affected by a ...)
+ TODO: check
+CVE-2024-41848 (Adobe Experience Manager versions 6.5.20 and earlier are affected by a ...)
+ TODO: check
+CVE-2024-41847 (Adobe Experience Manager versions 6.5.20 and earlier are affected by a ...)
+ TODO: check
+CVE-2024-41846 (Adobe Experience Manager versions 6.5.20 and earlier are affected by a ...)
+ TODO: check
+CVE-2024-41845 (Adobe Experience Manager versions 6.5.20 and earlier are affected by a ...)
+ TODO: check
+CVE-2024-41844 (Adobe Experience Manager versions 6.5.20 and earlier are affected by a ...)
+ TODO: check
+CVE-2024-41843 (Adobe Experience Manager versions 6.5.20 and earlier are affected by a ...)
+ TODO: check
+CVE-2024-41842 (Adobe Experience Manager versions 6.5.20 and earlier are affected by a ...)
+ TODO: check
+CVE-2024-41841 (Adobe Experience Manager versions 6.5.20 and earlier are affected by a ...)
+ TODO: check
+CVE-2024-41150 (An Stored Cross-site Scripting vulnerability in request module affects ...)
+ TODO: check
+CVE-2024-39841 (A SQL Injection vulnerability exists in the service configuration func ...)
+ TODO: check
+CVE-2024-38869 (An Stored Cross-site Scripting vulnerability affects ZohocorpManageEng ...)
+ TODO: check
+CVE-2024-38807 (Applications that use spring-boot-loaderor spring-boot-loader-classica ...)
+ TODO: check
+CVE-2024-37311 (Collabora Online is a collaborative online office suite based on Libre ...)
+ TODO: check
+CVE-2024-36517 (ZohocorpManageEngineADAudit Plus versions below8000 are vulnerable to ...)
+ TODO: check
+CVE-2024-36516 (ZohocorpManageEngineADAudit Plus versions below8000 are vulnerable to ...)
+ TODO: check
+CVE-2024-36515 (ZohocorpManageEngineADAudit Plus versions below8000 are vulnerable to ...)
+ TODO: check
+CVE-2024-36514 (ZohocorpManageEngineADAudit Plus versions below8000 are vulnerable to ...)
+ TODO: check
+CVE-2024-33854 (A SQL Injection vulnerability exists in the Graph Template component i ...)
+ TODO: check
+CVE-2024-33853 (A SQL Injection vulnerability exists in the Timeperiod component in Ce ...)
+ TODO: check
+CVE-2024-33852 (A SQL Injection vulnerability exists in the Downtime component in Cent ...)
+ TODO: check
+CVE-2024-32501 (A SQL Injection vulnerability exists in the updateServiceHost function ...)
+ TODO: check
+CVE-2024-43883 (In the Linux kernel, the following vulnerability has been resolved: u ...)
- linux 6.10.6-1
[bookworm] - linux 6.1.106-1
NOTE: https://git.kernel.org/linus/afdcfd3d6fcdeca2735ca8d994c5f2d24a368f0a (6.11-rc3)
@@ -391,63 +525,83 @@ CVE-2021-4441 (In the Linux kernel, the following vulnerability has been resolve
[bullseye] - linux 5.10.103-1
NOTE: https://git.kernel.org/linus/ab3824427b848da10e9fe2727f035bbeecae6ff4 (5.17-rc6)
CVE-2024-8035 (Inappropriate implementation in Extensions in Google Chrome on Windows ...)
+ {DSA-5757-1}
- chromium 128.0.6613.84-1
[bullseye] - chromium <end-of-life> (see #1061268)
CVE-2024-8034 (Inappropriate implementation in Custom Tabs in Google Chrome on Androi ...)
+ {DSA-5757-1}
- chromium 128.0.6613.84-1
[bullseye] - chromium <end-of-life> (see #1061268)
CVE-2024-8033 (Inappropriate implementation in WebApp Installs in Google Chrome on Wi ...)
+ {DSA-5757-1}
- chromium 128.0.6613.84-1
[bullseye] - chromium <end-of-life> (see #1061268)
CVE-2024-7981 (Inappropriate implementation in Views in Google Chrome prior to 128.0. ...)
+ {DSA-5757-1}
- chromium 128.0.6613.84-1
[bullseye] - chromium <end-of-life> (see #1061268)
CVE-2024-7980 (Insufficient data validation in Installer in Google Chrome on Windows ...)
+ {DSA-5757-1}
- chromium 128.0.6613.84-1
[bullseye] - chromium <end-of-life> (see #1061268)
CVE-2024-7979 (Insufficient data validation in Installer in Google Chrome on Windows ...)
+ {DSA-5757-1}
- chromium 128.0.6613.84-1
[bullseye] - chromium <end-of-life> (see #1061268)
CVE-2024-7978 (Insufficient policy enforcement in Data Transfer in Google Chrome prio ...)
+ {DSA-5757-1}
- chromium 128.0.6613.84-1
[bullseye] - chromium <end-of-life> (see #1061268)
CVE-2024-7977 (Insufficient data validation in Installer in Google Chrome on Windows ...)
+ {DSA-5757-1}
- chromium 128.0.6613.84-1
[bullseye] - chromium <end-of-life> (see #1061268)
CVE-2024-7976 (Inappropriate implementation in FedCM in Google Chrome prior to 128.0. ...)
+ {DSA-5757-1}
- chromium 128.0.6613.84-1
[bullseye] - chromium <end-of-life> (see #1061268)
CVE-2024-7975 (Inappropriate implementation in Permissions in Google Chrome prior to ...)
+ {DSA-5757-1}
- chromium 128.0.6613.84-1
[bullseye] - chromium <end-of-life> (see #1061268)
CVE-2024-7974 (Insufficient data validation in V8 API in Google Chrome prior to 128.0 ...)
+ {DSA-5757-1}
- chromium 128.0.6613.84-1
[bullseye] - chromium <end-of-life> (see #1061268)
CVE-2024-7973 (Heap buffer overflow in PDFium in Google Chrome prior to 128.0.6613.84 ...)
+ {DSA-5757-1}
- chromium 128.0.6613.84-1
[bullseye] - chromium <end-of-life> (see #1061268)
CVE-2024-7972 (Inappropriate implementation in V8 in Google Chrome prior to 128.0.661 ...)
+ {DSA-5757-1}
- chromium 128.0.6613.84-1
[bullseye] - chromium <end-of-life> (see #1061268)
CVE-2024-7971 (Type confusion in V8 in Google Chrome prior to 128.0.6613.84 allowed a ...)
+ {DSA-5757-1}
- chromium 128.0.6613.84-1
[bullseye] - chromium <end-of-life> (see #1061268)
CVE-2024-7969 (Type Confusion in V8 in Google Chrome prior to 128.0.6613.84 allowed a ...)
+ {DSA-5757-1}
- chromium 128.0.6613.84-1
[bullseye] - chromium <end-of-life> (see #1061268)
CVE-2024-7968 (Use after free in Autofill in Google Chrome prior to 128.0.6613.84 all ...)
+ {DSA-5757-1}
- chromium 128.0.6613.84-1
[bullseye] - chromium <end-of-life> (see #1061268)
CVE-2024-7967 (Heap buffer overflow in Fonts in Google Chrome prior to 128.0.6613.84 ...)
+ {DSA-5757-1}
- chromium 128.0.6613.84-1
[bullseye] - chromium <end-of-life> (see #1061268)
CVE-2024-7966 (Out of bounds memory access in Skia in Google Chrome prior to 128.0.66 ...)
+ {DSA-5757-1}
- chromium 128.0.6613.84-1
[bullseye] - chromium <end-of-life> (see #1061268)
CVE-2024-7965 (Inappropriate implementation in V8 in Google Chrome prior to 128.0.661 ...)
+ {DSA-5757-1}
- chromium 128.0.6613.84-1
[bullseye] - chromium <end-of-life> (see #1061268)
CVE-2024-7964 (Use after free in Passwords in Google Chrome on Android prior to 128.0 ...)
+ {DSA-5757-1}
- chromium 128.0.6613.84-1
[bullseye] - chromium <end-of-life> (see #1061268)
CVE-2024-7795 (Autel MaxiCharger AC Elite Business C50 AppAuthenExchangeRandomNum Sta ...)
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/741b2202126f1c9fde7e9faee6b8c94df5d163f9
--
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/741b2202126f1c9fde7e9faee6b8c94df5d163f9
You're receiving this email because of your account on salsa.debian.org.
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://alioth-lists.debian.net/pipermail/debian-security-tracker-commits/attachments/20240823/a421167e/attachment.htm>
More information about the debian-security-tracker-commits
mailing list