[Git][security-tracker-team/security-tracker][master] automatic update
Salvatore Bonaccorso (@carnil)
carnil at debian.org
Fri Jul 5 09:12:03 BST 2024
Salvatore Bonaccorso pushed to branch master at Debian Security Tracker / security-tracker
Commits:
62396743 by security tracker role at 2024-07-05T08:11:37+00:00
automatic update
- - - - -
1 changed file:
- data/CVE/list
Changes:
=====================================
data/CVE/list
=====================================
@@ -1,3 +1,41 @@
+CVE-2024-39943 (rejetto HFS (aka HTTP File Server) 3 before 0.52.10 on Linux, UNIX, an ...)
+ TODO: check
+CVE-2024-39937 (supOS 5.0 allows api/image/download?fileName=../ directory traversal f ...)
+ TODO: check
+CVE-2024-39936 (An issue was discovered in HTTP2 in Qt before 5.15.18, 6.x before 6.2. ...)
+ TODO: check
+CVE-2024-39935 (jc21 NGINX Proxy Manager before 2.11.3 allows backend/internal/certifi ...)
+ TODO: check
+CVE-2024-39485 (In the Linux kernel, the following vulnerability has been resolved: m ...)
+ TODO: check
+CVE-2024-39484 (In the Linux kernel, the following vulnerability has been resolved: m ...)
+ TODO: check
+CVE-2024-39483 (In the Linux kernel, the following vulnerability has been resolved: K ...)
+ TODO: check
+CVE-2024-39482 (In the Linux kernel, the following vulnerability has been resolved: b ...)
+ TODO: check
+CVE-2024-39481 (In the Linux kernel, the following vulnerability has been resolved: m ...)
+ TODO: check
+CVE-2024-39480 (In the Linux kernel, the following vulnerability has been resolved: k ...)
+ TODO: check
+CVE-2024-39479 (In the Linux kernel, the following vulnerability has been resolved: d ...)
+ TODO: check
+CVE-2024-39478 (In the Linux kernel, the following vulnerability has been resolved: c ...)
+ TODO: check
+CVE-2024-39477 (In the Linux kernel, the following vulnerability has been resolved: m ...)
+ TODO: check
+CVE-2024-39476 (In the Linux kernel, the following vulnerability has been resolved: m ...)
+ TODO: check
+CVE-2024-39475 (In the Linux kernel, the following vulnerability has been resolved: f ...)
+ TODO: check
+CVE-2024-39474 (In the Linux kernel, the following vulnerability has been resolved: m ...)
+ TODO: check
+CVE-2024-39473 (In the Linux kernel, the following vulnerability has been resolved: A ...)
+ TODO: check
+CVE-2024-39472 (In the Linux kernel, the following vulnerability has been resolved: x ...)
+ TODO: check
+CVE-2024-34481 (drupal-wiki.com Drupal Wiki before 8.31.1 allows XSS via comments, cap ...)
+ TODO: check
CVE-2024-6513
REJECTED
CVE-2024-6511 (A vulnerability classified as problematic was found in y_project RuoYi ...)
@@ -458,7 +496,7 @@ CVE-2023-51776 (Improper privilege management in Jungo WinDriver before 12.1.0 a
NOT-FOR-US: Jungo WinDriver
CVE-2023-39324
REJECTED
-CVE-2024-32498 [OSSA-2024-001: Arbitrary file access through custom QCOW2 external data]
+CVE-2024-32498 (An issue was discovered in OpenStack Cinder through 24.0.0, Glance bef ...)
- cinder <unfixed> (bug #1074763)
- glance 2:28.0.1-3+deb12u1 (bug #1074761)
- nova <unfixed> (bug #1074762)
@@ -2906,12 +2944,14 @@ CVE-2022-48738 (In the Linux kernel, the following vulnerability has been resolv
[bullseye] - linux 5.10.103-1
[buster] - linux 4.19.232-1
NOTE: https://git.kernel.org/linus/817f7c9335ec01e0f5e8caffc4f1dcd5e458a4c0 (5.17-rc3)
-CVE-2022-48737 (In the Linux kernel, the following vulnerability has been resolved: A ...)
+CVE-2022-48737
+ REJECTED
- linux 5.16.10-1
[bullseye] - linux 5.10.103-1
[buster] - linux 4.19.232-1
NOTE: https://git.kernel.org/linus/4f1e50d6a9cf9c1b8c859d449b5031cacfa8404e (5.17-rc3)
-CVE-2022-48736 (In the Linux kernel, the following vulnerability has been resolved: A ...)
+CVE-2022-48736
+ REJECTED
- linux 5.16.10-1
[bullseye] - linux 5.10.103-1
[buster] - linux 4.19.232-1
@@ -8343,7 +8383,7 @@ CVE-2024-3200 (The wpForo Forum plugin for WordPress is vulnerable to SQL Inject
NOT-FOR-US: WordPress plugin
CVE-2024-35636 (Cross-Site Request Forgery (CSRF) vulnerability in Uploadcare Uploadca ...)
NOT-FOR-US: WordPress plugin
-CVE-2024-36041 [ksmserver: Unauthorized users can access session manager]
+CVE-2024-36041 (KSmserver in KDE Plasma Workspace (aka plasma-workspace) before 5.27.1 ...)
{DSA-5723-1 DLA-3827-1}
- plasma-workspace 4:5.27.11.1-1
NOTE: https://kde.org/info/security/advisory-20240531-1.txt
@@ -47631,7 +47671,7 @@ CVE-2024-0987 (A vulnerability classified as critical has been found in Sichuan
NOT-FOR-US: Sichuan Yougou Technology KuERP
CVE-2024-0986 (A vulnerability was found in Issabel PBX 4.0.0. It has been rated as c ...)
NOT-FOR-US: Issabel PBX
-CVE-2023-52340 [ipv6: remove max_size check inline with ipv4]
+CVE-2023-52340 (The IPv6 implementation in the Linux kernel before 6.3 has a net/ipv6/ ...)
{DLA-3841-1 DLA-3840-1}
- linux 6.3.7-1
[bookworm] - linux 6.1.76-1
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/6239674306b3665042a6221af2fa24e5017a779a
--
This project does not include diff previews in email notifications.
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/6239674306b3665042a6221af2fa24e5017a779a
You're receiving this email because of your account on salsa.debian.org.
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://alioth-lists.debian.net/pipermail/debian-security-tracker-commits/attachments/20240705/cb3c3647/attachment.htm>
More information about the debian-security-tracker-commits
mailing list