[Git][security-tracker-team/security-tracker][master] automatic update

Salvatore Bonaccorso (@carnil) carnil at debian.org
Fri Jul 5 21:12:38 BST 2024 


Salvatore Bonaccorso pushed to branch master at Debian Security Tracker / security-tracker


Commits:
f16e0e9e by security tracker role at 2024-07-05T20:12:17+00:00
automatic update

- - - - -


1 changed file:

- data/CVE/list


Changes:

=====================================
data/CVE/list
=====================================
@@ -1,3 +1,91 @@
+CVE-2024-6526 (A vulnerability classified as problematic has been found in CodeIgnite ...)
+	TODO: check
+CVE-2024-6525 (** UNSUPPORTED WHEN ASSIGNED ** A vulnerability was found in D-Link DA ...)
+	TODO: check
+CVE-2024-6524 (A vulnerability was found in ShopXO up to 6.1.0. It has been declared  ...)
+	TODO: check
+CVE-2024-6523 (A vulnerability was found in ZKTeco BioTime up to 9.5.2. It has been c ...)
+	TODO: check
+CVE-2024-6505 (A flaw was found in the virtio-net device in QEMU. When enabling the R ...)
+	TODO: check
+CVE-2024-6298 (Improper Input Validation vulnerability in ABB ASPECT-Enterprise on Li ...)
+	TODO: check
+CVE-2024-6209 (Unauthorized file access in WEB Server in ABB ASPECT - Enterprise v <= ...)
+	TODO: check
+CVE-2024-5753 (vanna-ai/vanna version v0.3.4 is vulnerable to SQL injection in some f ...)
+	TODO: check
+CVE-2024-39864 (The CloudStack integration API service allows running its unauthentica ...)
+	TODO: check
+CVE-2024-39696 (Evmos is a decentralized Ethereum Virtual Machine chain on the Cosmos  ...)
+	TODO: check
+CVE-2024-39691 (matrix-appservice-irc is a Node.js IRC bridge for the Matrix messaging ...)
+	TODO: check
+CVE-2024-39689 (Certifi is a curated collection of Root Certificates for validating th ...)
+	TODO: check
+CVE-2024-39687 (Fedify is a TypeScript library for building federated server apps powe ...)
+	TODO: check
+CVE-2024-39321 (Traefik is an HTTP reverse proxy and load balancer. Versions prior to  ...)
+	TODO: check
+CVE-2024-39210 (Best House Rental Management System v1.0 was discovered to contain an  ...)
+	TODO: check
+CVE-2024-39178 (MyPower vc8100 V100R001C00B030 was discovered to contain an arbitrary  ...)
+	TODO: check
+CVE-2024-39174 (A cross-site scripting (XSS) vulnerability in the Publish Article func ...)
+	TODO: check
+CVE-2024-39150 (vditor v.3.9.8 and before is vulnerable to Arbitrary file read via a c ...)
+	TODO: check
+CVE-2024-39028 (An issue was discovered in SeaCMS <=12.9 which allows remote attackers ...)
+	TODO: check
+CVE-2024-39027 (SeaCMS v12.9 has an unauthorized SQL injection vulnerability. The vuln ...)
+	TODO: check
+CVE-2024-39023 (idccms v1.35 was discovered to contain a Cross-Site Request Forgery (C ...)
+	TODO: check
+CVE-2024-39022 (idccms v1.35 was discovered to contain a Cross-Site Request Forgery (C ...)
+	TODO: check
+CVE-2024-39021 (idccms v1.35 was discovered to contain a Cross-Site Request Forgery (C ...)
+	TODO: check
+CVE-2024-39020 (idccms v1.35 was discovered to contain a Cross-Site Request Forgery (C ...)
+	TODO: check
+CVE-2024-39019 (idccms v1.35 was discovered to contain a Cross-Site Request Forgery (C ...)
+	TODO: check
+CVE-2024-38346 (The CloudStack cluster service runs on unauthenticated port (default 9 ...)
+	TODO: check
+CVE-2024-37903 (Mastodon is a self-hosted, federated microblogging platform. Starting  ...)
+	TODO: check
+CVE-2024-37769 (Insecure permissions in 14Finger v1.1 allow attackers to escalate priv ...)
+	TODO: check
+CVE-2024-37768 (14Finger v1.1 was discovered to contain an arbitrary user deletion vul ...)
+	TODO: check
+CVE-2024-37767 (Insecure permissions in the component /api/admin/user of 14Finger v1.1 ...)
+	TODO: check
+CVE-2024-34361 (Pi-hole is a DNS sinkhole that protects devices from unwanted content  ...)
+	TODO: check
+CVE-2024-29319 (Volmarg Personal Management System 1.4.64 is vulnerable to SSRF (Serve ...)
+	TODO: check
+CVE-2024-29318 (Volmarg Personal Management System 1.4.64 is vulnerable to stored cros ...)
+	TODO: check
+CVE-2024-27717 (Cross Site Request Forgery vulnerability in Eskooly Free Online School ...)
+	TODO: check
+CVE-2024-27716 (Cross Site Scripting vulnerability in Eskooly Web Product v.3.0 and be ...)
+	TODO: check
+CVE-2024-27715 (An issue in Eskooly Free Online School management Software v.3.0 and b ...)
+	TODO: check
+CVE-2024-27713 (An issue in Eskooly Free Online School management Software v.3.0 and b ...)
+	TODO: check
+CVE-2024-27712 (An issue in Eskooly Free Online School management Software v.3.0 and b ...)
+	TODO: check
+CVE-2024-27711 (An issue in Eskooly Free Online School management Software v.3.0 and b ...)
+	TODO: check
+CVE-2024-27710 (An issue in Eskooly Free Online School management Software v.3.0 and b ...)
+	TODO: check
+CVE-2024-27709 (SQL Injection vulnerability in Eskooly Web Product v.3.0 allows a remo ...)
+	TODO: check
+CVE-2024-23998 (goanother Another Redis Desktop Manager =<1.6.1 is vulnerable to Cross ...)
+	TODO: check
+CVE-2024-23997 (Lukas Bach yana =<1.0.16 is vulnerable to Cross Site Scripting (XSS) v ...)
+	TODO: check
+CVE-2024-23588 (HCL Nomad server on Domino fails to properly handle users configured w ...)
+	TODO: check
 CVE-2024-39943 (rejetto HFS (aka HTTP File Server) 3 before 0.52.10 on Linux, UNIX, an ...)
 	TODO: check
 CVE-2024-39937 (supOS 5.0 allows api/image/download?fileName=../ directory traversal f ...)



View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/f16e0e9e6fe8a767ff32036bcf5f66e2e749ee13

-- 
This project does not include diff previews in email notifications.
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/f16e0e9e6fe8a767ff32036bcf5f66e2e749ee13
You're receiving this email because of your account on salsa.debian.org.


-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://alioth-lists.debian.net/pipermail/debian-security-tracker-commits/attachments/20240705/2fb8a4c9/attachment.htm>

More information about the debian-security-tracker-commits mailing list