[Git][security-tracker-team/security-tracker][master] automatic update

Salvatore Bonaccorso (@carnil) carnil at debian.org
Wed Jul 3 21:12:33 BST 2024 


Salvatore Bonaccorso pushed to branch master at Debian Security Tracker / security-tracker


Commits:
f4f28bc4 by security tracker role at 2024-07-03T20:12:13+00:00
automatic update

- - - - -


1 changed file:

- data/CVE/list


Changes:

=====================================
data/CVE/list
=====================================
@@ -1,4 +1,80 @@
-CVE-2024-39844
+CVE-2024-6488
+	REJECTED
+CVE-2024-6471 (A vulnerability classified as critical has been found in SourceCodeste ...)
+	TODO: check
+CVE-2024-6470 (A vulnerability was found in playSMS 1.4.3. It has been rated as probl ...)
+	TODO: check
+CVE-2024-6469 (A vulnerability was found in playSMS 1.4.3. It has been declared as pr ...)
+	TODO: check
+CVE-2024-6428 (Mattermost versions 9.8.0, 9.7.x <= 9.7.4, 9.6.x <= 9.6.2, 9.5.x <= 9. ...)
+	TODO: check
+CVE-2024-6427 (Uncontrolled Resource Consumption vulnerability in MESbook20221021.03  ...)
+	TODO: check
+CVE-2024-6426 (Information exposure vulnerability in MESbook 20221021.03 version, the ...)
+	TODO: check
+CVE-2024-6126 (A flaw was found in the cockpit package. This flaw allows an authentic ...)
+	TODO: check
+CVE-2024-6052 (Stored XSS in Checkmk before versions 2.3.0p8, 2.2.0p29, 2.1.0p45, and ...)
+	TODO: check
+CVE-2024-5887 (Cross-Site Request Forgery (CSRF) in stitionai/devika)
+	TODO: check
+CVE-2024-5821 (Improper Access Control in stitionai/devika)
+	TODO: check
+CVE-2024-5672 (A high privileged remote attacker canexecute arbitrary system commands ...)
+	TODO: check
+CVE-2024-3332 (A malicious BLE device can send a specific order of packet sequence to ...)
+	TODO: check
+CVE-2024-39830 (Mattermost versions 9.8.x <= 9.8.0, 9.7.x <= 9.7.4, 9.6.x <= 9.6.2 and ...)
+	TODO: check
+CVE-2024-39807 (Mattermost versions 9.5.x <= 9.5.5 and 9.8.0fail to properly sanitize  ...)
+	TODO: check
+CVE-2024-39683 (ZITADEL is an open-source identity infrastructure tool. ZITADEL provid ...)
+	TODO: check
+CVE-2024-39361 (Mattermost versions 9.8.0, 9.7.x <= 9.7.4, 9.6.x <= 9.6.2 and 9.5.x <= ...)
+	TODO: check
+CVE-2024-39353 (Mattermost versions 9.5.x <= 9.5.5 and 9.8.0 fail to sanitize the Remo ...)
+	TODO: check
+CVE-2024-39248 (A cross-site scripting (XSS) vulnerability in SimpCMS v0.1 allows atta ...)
+	TODO: check
+CVE-2024-39223 (An authentication bypass in the SSH service of gost v2.11.5 allows att ...)
+	TODO: check
+CVE-2024-39220 (BAS-IP AV-01D, AV-01MD, AV-01MFD, AV-01ED, AV-01KD, AV-01BD, AV-01KBD, ...)
+	TODO: check
+CVE-2024-37726 (Insecure Permissions vulnerability in Micro-Star International Co., Lt ...)
+	TODO: check
+CVE-2024-37157 (Discourse is an open-source discussion platform. Prior to version 3.2. ...)
+	TODO: check
+CVE-2024-36257 (Mattermost versions 9.5.x <= 9.5.5 and 9.8.0,when using shared channel ...)
+	TODO: check
+CVE-2024-36122 (Discourse is an open-source discussion platform. Prior to version 3.2. ...)
+	TODO: check
+CVE-2024-36113 (Discourse is an open-source discussion platform. Prior to version 3.2. ...)
+	TODO: check
+CVE-2024-35234 (Discourse is an open-source discussion platform. Prior to version 3.2. ...)
+	TODO: check
+CVE-2024-35227 (Discourse is an open-source discussion platform. Prior to version 3.2. ...)
+	TODO: check
+CVE-2024-34750 (Improper Handling of Exceptional Conditions, Uncontrolled Resource Con ...)
+	TODO: check
+CVE-2024-32937 (An os command injection vulnerability exists in the CWMP SelfDefinedTi ...)
+	TODO: check
+CVE-2024-31223 (Fides is an open-source privacy engineering platform, and `SERVER_SIDE ...)
+	TODO: check
+CVE-2024-29511 (Artifex Ghostscript before 10.03.1, when Tesseract is used for OCR, ha ...)
+	TODO: check
+CVE-2024-29509 (Artifex Ghostscript before 10.03.0 has a heap-based overflow when PDFP ...)
+	TODO: check
+CVE-2024-29508 (Artifex Ghostscript before 10.03.0 has a heap-based pointer disclosure ...)
+	TODO: check
+CVE-2024-29507 (Artifex Ghostscript before 10.03.0 sometimes has a stack-based buffer  ...)
+	TODO: check
+CVE-2024-29506 (Artifex Ghostscript before 10.03.0 has a stack-based buffer overflow i ...)
+	TODO: check
+CVE-2023-52169 (The NtfsHandler.cpp NTFS handler in 7-Zip before 24.01 (for 7zz) conta ...)
+	TODO: check
+CVE-2023-52168 (The NtfsHandler.cpp NTFS handler in 7-Zip before 24.01 (for 7zz) conta ...)
+	TODO: check
+CVE-2024-39844 (In ZNC before 1.9.1, remote code execution can occur in modtcl via a K ...)
 	- znc <unfixed>
 	NOTE: Fixed by: https://github.com/znc/znc/commit/8cbf8d628174ddf23da680f3f117dc54da0eb06e (znc-1.9.1)
 CVE-2024-6453 (A vulnerability was found in itsourcecode Farm Management System 1.0.  ...)
@@ -17752,7 +17828,7 @@ CVE-2023-6682 (An issue has been discovered in GitLab CE/EE affecting all versio
 	- gitlab <unfixed>
 CVE-2023-5971 (The Save as PDF Plugin by Pdfcrowd WordPress plugin before 3.2.0 does  ...)
 	NOT-FOR-US: WordPress plugin
-CVE-2024-29510
+CVE-2024-29510 (Artifex Ghostscript before 10.03.1 allows memory corruption, and SAFER ...)
 	{DSA-5692-1}
 	- ghostscript 10.03.1~dfsg~git20240518-1
 	[buster] - ghostscript <ignored> (fix requires API functions introduced in 9.50)
@@ -17761,7 +17837,7 @@ CVE-2024-29510
 	NOTE: https://bugs.ghostscript.com/show_bug.cgi?id=707662
 	NOTE: API functions used by fixing commit were introduced in:
 	NOTE: https://cgit.ghostscript.com/cgi-bin/cgit.cgi/ghostpdl.git/commit/?id=9de16a6637b73e35f79d2d622de403b24e6502f2
-CVE-2024-33871
+CVE-2024-33871 (An issue was discovered in Artifex Ghostscript before 10.03.1. contrib ...)
 	{DSA-5692-1}
 	- ghostscript 10.03.1~dfsg~git20240518-1
 	[buster] - ghostscript <ignored> (fix requires API functions introduced in 9.50)
@@ -17770,14 +17846,14 @@ CVE-2024-33871
 	NOTE: https://bugs.ghostscript.com/show_bug.cgi?id=707754
 	NOTE: API functions used by fixing commit were introduced in:
 	NOTE: https://cgit.ghostscript.com/cgi-bin/cgit.cgi/ghostpdl.git/commit/?id=9de16a6637b73e35f79d2d622de403b24e6502f2
-CVE-2024-33870
+CVE-2024-33870 (An issue was discovered in Artifex Ghostscript before 10.03.1. There i ...)
 	{DSA-5692-1}
 	- ghostscript 10.03.1~dfsg~git20240518-1
 	[buster] - ghostscript <not-affected> (The vulnerable code was introduced later)
 	NOTE: https://ghostscript.readthedocs.io/en/gs10.03.1/News.html
 	NOTE: https://cgit.ghostscript.com/cgi-bin/cgit.cgi/ghostpdl.git/commit/?id=79aef19c685984dc3da2dc090450407d9fbcff80 (ghostpdl-10.03.1)
 	NOTE: https://bugs.ghostscript.com/show_bug.cgi?id=707686
-CVE-2024-33869
+CVE-2024-33869 (An issue was discovered in Artifex Ghostscript before 10.03.1. Path tr ...)
 	{DSA-5692-1}
 	- ghostscript 10.03.1~dfsg~git20240518-1
 	[buster] - ghostscript <not-affected> (The vulnerable code was introduced later)
@@ -22553,7 +22629,7 @@ CVE-2024-33851 (phpecc, as used in paragonie/phpecc before 2.0.1, has a branch-b
 	NOT-FOR-US: phpecc
 CVE-2024-25050 (IBM i 7.2, 7.3, 7.4, 7.5 and IBM Rational Development Studio for i 7.2 ...)
 	NOT-FOR-US: IBM
-CVE-2023-52722 (An issue was discovered in Artifex Ghostscript through 10.01.0. psi/zm ...)
+CVE-2023-52722 (An issue was discovered in Artifex Ghostscript before 10.03.1. psi/zmi ...)
 	{DSA-5692-1}
 	- ghostscript 10.02.0~dfsg-1
 	[buster] - ghostscript <ignored> (fix requires API functions introduced in 9.50)



View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/f4f28bc4561a886afacf54ece9721f14c40375a9

-- 
This project does not include diff previews in email notifications.
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/f4f28bc4561a886afacf54ece9721f14c40375a9
You're receiving this email because of your account on salsa.debian.org.


-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://alioth-lists.debian.net/pipermail/debian-security-tracker-commits/attachments/20240703/eb62cbba/attachment.htm>

More information about the debian-security-tracker-commits mailing list