[Git][security-tracker-team/security-tracker][master] automatic update
Salvatore Bonaccorso (@carnil)
carnil at debian.org
Mon Jul 1 21:13:01 BST 2024
Salvatore Bonaccorso pushed to branch master at Debian Security Tracker / security-tracker
Commits:
ee21cac6 by security tracker role at 2024-07-01T20:12:29+00:00
automatic update
- - - - -
1 changed file:
- data/CVE/list
Changes:
=====================================
data/CVE/list
=====================================
@@ -1,29 +1,196 @@
-CVE-2024-39573
+CVE-2024-6425 (Incorrect Provision of Specified Functionality vulnerability in MESboo ...)
+ TODO: check
+CVE-2024-6424 (External server-side request vulnerability in MESbook 20221021.03 vers ...)
+ TODO: check
+CVE-2024-6376 (MongoDB Compass may be susceptible to code injection due to insufficie ...)
+ TODO: check
+CVE-2024-6375 (A command for refining a collection shard key is missing an authorizat ...)
+ TODO: check
+CVE-2024-6050 (Improper Neutralization of Input During Web Page Generation vulnerabil ...)
+ TODO: check
+CVE-2024-4007 (Default credential in install package in ABB ASPECT; NEXUS Series; MAT ...)
+ TODO: check
+CVE-2024-39879 (In JetBrains TeamCity before 2024.03.3 application token could be expo ...)
+ TODO: check
+CVE-2024-39878 (In JetBrains TeamCity before 2024.03.3 private key could be exposed vi ...)
+ TODO: check
+CVE-2024-39853 (adolph_dudu ratio-swiper 0.0.2 was discovered to contain a prototype p ...)
+ TODO: check
+CVE-2024-39430 (In faceid servive, there is a possible out of bounds write due to a mi ...)
+ TODO: check
+CVE-2024-39429 (In faceid servive, there is a possible out of bounds write due to a mi ...)
+ TODO: check
+CVE-2024-39428 (In trusty service, there is a possible out of bounds write due to a mi ...)
+ TODO: check
+CVE-2024-39427 (In trusty service, there is a possible out of bounds write due to a mi ...)
+ TODO: check
+CVE-2024-39303 (Weblate is a web based localization tool. Prior to version 5.6.2, Webl ...)
+ TODO: check
+CVE-2024-39251 (An issue in the component ControlCenter.sys/ControlCenter64.sys of Thu ...)
+ TODO: check
+CVE-2024-39249 (Async <= 2.6.4 and <= 3.2.5 are vulnerable to ReDoS (Regular Expressio ...)
+ TODO: check
+CVE-2024-39236 (Gradio v4.36.1 was discovered to contain a code injection vulnerabilit ...)
+ TODO: check
+CVE-2024-39018 (harvey-woo cat5th/key-serializer v0.2.5 was discovered to contain a pr ...)
+ TODO: check
+CVE-2024-39017 (agreejs shared v0.0.1 was discovered to contain a prototype pollution ...)
+ TODO: check
+CVE-2024-39016 (che3vinci c3/utils-1 1.0.131 was discovered to contain a prototype pol ...)
+ TODO: check
+CVE-2024-39015 (cafebazaar hod v0.4.14 was discovered to contain a prototype pollution ...)
+ TODO: check
+CVE-2024-39014 (ahilfoley cahil/utils v2.3.2 was discovered to contain a prototype pol ...)
+ TODO: check
+CVE-2024-39013 (2o3t-utility v0.1.2 was discovered to contain a prototype pollution vi ...)
+ TODO: check
+CVE-2024-39008 (robinweser fast-loops v1.1.3 was discovered to contain a prototype pol ...)
+ TODO: check
+CVE-2024-39003 (amoyjs amoy common v1.0.10 was discovered to contain a prototype pollu ...)
+ TODO: check
+CVE-2024-39002 (rjrodger jsonic-next v2.12.1 was discovered to contain a prototype pol ...)
+ TODO: check
+CVE-2024-39001 (ag-grid-enterprise v31.3.2 was discovered to contain a prototype pollu ...)
+ TODO: check
+CVE-2024-39000 (adolph_dudu ratio-swiper v0.0.2 was discovered to contain a prototype ...)
+ TODO: check
+CVE-2024-38999 (jrburke requirejs v2.3.6 was discovered to contain a prototype polluti ...)
+ TODO: check
+CVE-2024-38998 (jrburke requirejs v2.3.6 was discovered to contain a prototype polluti ...)
+ TODO: check
+CVE-2024-38997 (adolph_dudu ratio-swiper v0.0.2 was discovered to contain a prototype ...)
+ TODO: check
+CVE-2024-38996 (ag-grid-community v31.3.2 and ag-grid-enterprise v31.3.2 were discover ...)
+ TODO: check
+CVE-2024-38994 (amoyjs amoy common v1.0.10 was discovered to contain a prototype pollu ...)
+ TODO: check
+CVE-2024-38993 (rjrodger jsonic-next v2.12.1 was discovered to contain a prototype pol ...)
+ TODO: check
+CVE-2024-38992 (airvertco frappejs v0.0.11 was discovered to contain a prototype pollu ...)
+ TODO: check
+CVE-2024-38991 (akbr patch-into v1.0.1 was discovered to contain a prototype pollution ...)
+ TODO: check
+CVE-2024-38990 (Tada5hi sp-common v0.5.4 was discovered to contain a prototype polluti ...)
+ TODO: check
+CVE-2024-38987 (aofl cli-lib v3.14.0 was discovered to contain a prototype pollution v ...)
+ TODO: check
+CVE-2024-38953 (phpok 6.4.003 contains a Cross Site Scripting (XSS) vulnerability in t ...)
+ TODO: check
+CVE-2024-38513 (Fiber is an Express-inspired web framework written in Go A vulnerabili ...)
+ TODO: check
+CVE-2024-37298 (gorilla/schema converts structs to and from form values. Prior to vers ...)
+ TODO: check
+CVE-2024-37146 (Flowise is a drag & drop user interface to build a customized large la ...)
+ TODO: check
+CVE-2024-37145 (Flowise is a drag & drop user interface to build a customized large la ...)
+ TODO: check
+CVE-2024-36997 (In Splunk Enterprise versions below 9.2.2, 9.1.5, and 9.0.10 and Splun ...)
+ TODO: check
+CVE-2024-36996 (In Splunk Enterprise versions below 9.2.2, 9.1.5, and 9.0.10 and Splun ...)
+ TODO: check
+CVE-2024-36995 (In Splunk Enterprise versions below 9.2.2, 9.1.5, and 9.0.10 and Splun ...)
+ TODO: check
+CVE-2024-36994 (In Splunk Enterprise versions below 9.2.2, 9.1.5, and 9.0.10 and Splun ...)
+ TODO: check
+CVE-2024-36993 (In Splunk Enterprise versions below 9.2.2, 9.1.5, and 9.0.10 and Splun ...)
+ TODO: check
+CVE-2024-36992 (In Splunk Enterprise versions below 9.2.2, 9.1.5, and 9.0.10 and Splun ...)
+ TODO: check
+CVE-2024-36991 (In Splunk Enterprise on Windows versions below 9.2.2, 9.1.5, and 9.0.1 ...)
+ TODO: check
+CVE-2024-36990 (In Splunk Enterprise versions below 9.2.2, 9.1.5, and 9.0.10 and Splun ...)
+ TODO: check
+CVE-2024-36989 (In Splunk Enterprise versions below 9.2.2, 9.1.5, and 9.0.10 and Splun ...)
+ TODO: check
+CVE-2024-36987 (In Splunk Enterprise versions below 9.2.2, 9.1.5, and 9.0.10 and Splun ...)
+ TODO: check
+CVE-2024-36986 (In Splunk Enterprise versions below 9.2.2, 9.1.5, and 9.0.10 and Splun ...)
+ TODO: check
+CVE-2024-36985 (In Splunk Enterprise versions below 9.2.2, 9.1.5, and 9.0.10, a low-pr ...)
+ TODO: check
+CVE-2024-36984 (In Splunk Enterprise versions below 9.2.2, 9.1.5, and 9.0.10 on Window ...)
+ TODO: check
+CVE-2024-36983 (In Splunk Enterprise versions below 9.2.2, 9.1.5, and 9.0.10 and Splun ...)
+ TODO: check
+CVE-2024-36982 (In Splunk Enterprise versions below 9.2.2, 9.1.5, and 9.0.10 and Splun ...)
+ TODO: check
+CVE-2024-36423 (Flowise is a drag & drop user interface to build a customized large la ...)
+ TODO: check
+CVE-2024-36422 (Flowise is a drag & drop user interface to build a customized large la ...)
+ TODO: check
+CVE-2024-36421 (Flowise is a drag & drop user interface to build a customized large la ...)
+ TODO: check
+CVE-2024-36420 (Flowise is a drag & drop user interface to build a customized large la ...)
+ TODO: check
+CVE-2024-36401 (GeoServer is an open source server that allows users to share and edit ...)
+ TODO: check
+CVE-2024-34696 (GeoServer is an open source server that allows users to share and edit ...)
+ TODO: check
+CVE-2024-24749 (GeoServer is an open source server that allows users to share and edit ...)
+ TODO: check
+CVE-2024-23380 (Memory corruption while handling user packets during VBO bind operatio ...)
+ TODO: check
+CVE-2024-23373 (Memory corruption when IOMMU unmap operation fails, the DMA and anon b ...)
+ TODO: check
+CVE-2024-23372 (Memory corruption while invoking IOCTL call for GPU memory allocation ...)
+ TODO: check
+CVE-2024-23368 (Memory corruption when allocating and accessing an entry in an SMEM pa ...)
+ TODO: check
+CVE-2024-21586 (An Improper Check for Unusual or Exceptional Conditions vulnerability ...)
+ TODO: check
+CVE-2024-21482 (Memory corruption during the secure boot process, when the `bootm` com ...)
+ TODO: check
+CVE-2024-21469 (Memory corruption when an invoke call and a TEE call are bound for the ...)
+ TODO: check
+CVE-2024-21466 (Information disclosure while parsing sub-IE length during new IE gener ...)
+ TODO: check
+CVE-2024-21465 (Memory corruption while processing key blob passed by the user.)
+ TODO: check
+CVE-2024-21462 (Transient DOS while loading the TA ELF file.)
+ TODO: check
+CVE-2024-21461 (Memory corruption while performing finish HMAC operation when context ...)
+ TODO: check
+CVE-2024-21460 (Information disclosure when ASLR relocates the IMEM and Secure DDR por ...)
+ TODO: check
+CVE-2024-21458 (Information disclosure while handling SA query action frame.)
+ TODO: check
+CVE-2024-21457 (INformation disclosure while handling Multi-link IE in beacon frame.)
+ TODO: check
+CVE-2024-21456 (Information Disclosure while parsing beacon frame in STA.)
+ TODO: check
+CVE-2024-20399 (A vulnerability in the CLI of Cisco NX-OS Software could allow an auth ...)
+ TODO: check
+CVE-2024-0153 (Improper Restriction of Operations within the Bounds of a Memory Buffe ...)
+ TODO: check
+CVE-2023-43554 (Memory corruption while processing IOCTL handler in FastRPC.)
+ TODO: check
+CVE-2024-39573 (Potential SSRF in mod_rewrite in Apache HTTP Server 2.4.59 and earlier ...)
- apache2 2.4.60-1
NOTE: https://httpd.apache.org/security/vulnerabilities_24.html#CVE-2024-39573
-CVE-2024-38477
+CVE-2024-38477 (null pointer dereference in mod_proxy in Apache HTTP Server 2.4.59 and ...)
- apache2 2.4.60-1
NOTE: https://httpd.apache.org/security/vulnerabilities_24.html#CVE-2024-38477
-CVE-2024-38476
+CVE-2024-38476 (Vulnerability in core of Apache HTTP Server 2.4.59 and earlier are vul ...)
- apache2 2.4.60-1
NOTE: https://httpd.apache.org/security/vulnerabilities_24.html#CVE-2024-38476
-CVE-2024-38475
+CVE-2024-38475 (Improper escaping of output in mod_rewrite in Apache HTTP Server 2.4.5 ...)
- apache2 2.4.60-1
NOTE: https://httpd.apache.org/security/vulnerabilities_24.html#CVE-2024-38475
-CVE-2024-38474
+CVE-2024-38474 (Substitution encoding issue in mod_rewrite in Apache HTTP Server 2.4.5 ...)
- apache2 2.4.60-1
NOTE: https://httpd.apache.org/security/vulnerabilities_24.html#CVE-2024-38474
-CVE-2024-38473
+CVE-2024-38473 (Encoding problem in mod_proxy in Apache HTTP Server 2.4.59 and earlier ...)
- apache2 2.4.60-1
NOTE: https://httpd.apache.org/security/vulnerabilities_24.html#CVE-2024-38473
-CVE-2024-38472
+CVE-2024-38472 (SSRF in Apache HTTP Server on Windows allows to potentially leak NTML ...)
- apache2 2.4.60-1
NOTE: https://httpd.apache.org/security/vulnerabilities_24.html#CVE-2024-38472
-CVE-2024-36387
+CVE-2024-36387 (Serving WebSocket protocol upgrades over a HTTP/2 connection could res ...)
- apache2 2.4.60-1
NOTE: https://httpd.apache.org/security/vulnerabilities_24.html#CVE-2024-36387
NOTE: https://github.com/apache/httpd/commit/c69a51bff8157e403121f8436d85dde21ad28bd2
-CVE-2024-6387
+CVE-2024-6387 (A signal handler race condition was found in OpenSSH's server (sshd), ...)
+ {DSA-5724-1}
- openssh 1:9.7p1-7
[bullseye] - openssh <not-affected> (Vulnerable code introduced later)
NOTE: Introduced with: https://github.com/openssh/openssh-portable/commit/752250caabda3dd24635503c4cd689b32a650794 (V_8_5_P1)
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/ee21cac651f14c2294089fdfa112be7e5a62a3cb
--
This project does not include diff previews in email notifications.
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/ee21cac651f14c2294089fdfa112be7e5a62a3cb
You're receiving this email because of your account on salsa.debian.org.
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://alioth-lists.debian.net/pipermail/debian-security-tracker-commits/attachments/20240701/af9e10f8/attachment.htm>
More information about the debian-security-tracker-commits
mailing list