[Git][security-tracker-team/security-tracker][master] automatic update

Salvatore Bonaccorso (@carnil) carnil at debian.org
Mon Jul 8 21:12:57 BST 2024 


Salvatore Bonaccorso pushed to branch master at Debian Security Tracker / security-tracker


Commits:
abb6491b by security tracker role at 2024-07-08T20:12:42+00:00
automatic update

- - - - -


1 changed file:

- data/CVE/list


Changes:

=====================================
data/CVE/list
=====================================
@@ -1,3 +1,101 @@
+CVE-2024-6580 (The /n software IPWorks SSH library SFTPServer component can be induce ...)
+	TODO: check
+CVE-2024-6564 (Buffer overflow in "rcar_dev_init"  due to using due to using untruste ...)
+	TODO: check
+CVE-2024-6563 (Buffer Copy without Checking Size of Input ('Classic Buffer Overflow') ...)
+	TODO: check
+CVE-2024-6227 (A vulnerability in aimhubio/aim version 3.19.3 allows an attacker to c ...)
+	TODO: check
+CVE-2024-6163 (Certain http endpoints of Checkmk in Checkmk < 2.3.0p10 < 2.2.0p31, <  ...)
+	TODO: check
+CVE-2024-4882 (The user may be redirected to an arbitrary site in Sitefinity 15.1.832 ...)
+	TODO: check
+CVE-2024-4341 (Improper Privilege Management vulnerability in Ekstrem Bir Bilgisayar  ...)
+	TODO: check
+CVE-2024-39896 (Directus is a real-time API and App dashboard for managing SQL databas ...)
+	TODO: check
+CVE-2024-39895 (Directus is a real-time API and App dashboard for managing SQL databas ...)
+	TODO: check
+CVE-2024-39743 (IBM MQ Operator 3.2.2 and IBM MQ Operator 2.0.24 could allow a user to ...)
+	TODO: check
+CVE-2024-39742 (IBM MQ Operator 3.2.2 and IBM MQ Operator 2.0.24 could allow a user to ...)
+	TODO: check
+CVE-2024-39701 (Directus is a real-time API and App dashboard for managing SQL databas ...)
+	TODO: check
+CVE-2024-39699 (Directus is a real-time API and App dashboard for managing SQL databas ...)
+	TODO: check
+CVE-2024-39695 (Exiv2 is a command-line utility and C++ library for reading, writing,  ...)
+	TODO: check
+CVE-2024-39677 (NHibernate is an object-relational mapper for the .NET framework. A SQ ...)
+	TODO: check
+CVE-2024-39312 (Botan is a C++ cryptography library. X.509 certificates can identify e ...)
+	TODO: check
+CVE-2024-39308 (RailsAdmin is a Rails engine that provides an interface for managing d ...)
+	TODO: check
+CVE-2024-39203 (A cross-site scripting (XSS) vulnerability in the Backend Theme Manage ...)
+	TODO: check
+CVE-2024-39202 (D-Link DIR-823X firmware - 240126 was discovered to contain a remote c ...)
+	TODO: check
+CVE-2024-37999 (A vulnerability has been identified in Medicalis Workflow Orchestrator ...)
+	TODO: check
+CVE-2024-34702 (Botan is a C++ cryptography library. X.509 certificates can identify e ...)
+	TODO: check
+CVE-2024-31504 (Buffer Overflow vulnerability in SILA Embedded Solutions GmbH freemodb ...)
+	TODO: check
+CVE-2024-27903 (OpenVPN plug-ins on Windows with OpenVPN 2.6.9 and earlier could be lo ...)
+	TODO: check
+CVE-2024-27459 (The interactive service in OpenVPN 2.6.9 and earlier allows an attacke ...)
+	TODO: check
+CVE-2024-25639 (Khoj is an application that creates personal AI agents. The Khoj Obsid ...)
+	TODO: check
+CVE-2024-24974 (The interactive service in OpenVPN 2.6.9 and earlier allows the OpenVP ...)
+	TODO: check
+CVE-2024-23562 (A security vulnerability in HCL Domino could allow disclosure of sensi ...)
+	TODO: check
+CVE-2024-21778 (A heap-based buffer overflow vulnerability exists in the configuration ...)
+	TODO: check
+CVE-2024-1305 (tap-windows6 driver version 9.26 and earlier does not properly  check  ...)
+	TODO: check
+CVE-2023-50383 (Three os command injection vulnerabilities exist in the boa formWsc fu ...)
+	TODO: check
+CVE-2023-50382 (Three os command injection vulnerabilities exist in the boa formWsc fu ...)
+	TODO: check
+CVE-2023-50381 (Three os command injection vulnerabilities exist in the boa formWsc fu ...)
+	TODO: check
+CVE-2023-50330 (A stack-based buffer overflow vulnerability exists in the boa getInfo  ...)
+	TODO: check
+CVE-2023-50244 (Two stack-based buffer overflow vulnerabilities exist in the boa formI ...)
+	TODO: check
+CVE-2023-50243 (Two stack-based buffer overflow vulnerabilities exist in the boa formI ...)
+	TODO: check
+CVE-2023-50240 (Two stack-based buffer overflow vulnerabilities exist in the boa set_R ...)
+	TODO: check
+CVE-2023-50239 (Two stack-based buffer overflow vulnerabilities exist in the boa set_R ...)
+	TODO: check
+CVE-2023-49867 (A stack-based buffer overflow vulnerability exists in the boa formWsc  ...)
+	TODO: check
+CVE-2023-49595 (A stack-based buffer overflow vulnerability exists in the boa rollback ...)
+	TODO: check
+CVE-2023-49593 (Leftover debug code exists in the boa formSysCmd functionality of Leve ...)
+	TODO: check
+CVE-2023-49073 (A stack-based buffer overflow vulnerability exists in the boa formFilt ...)
+	TODO: check
+CVE-2023-48270 (A stack-based buffer overflow vulnerability exists in the boa formDnsv ...)
+	TODO: check
+CVE-2023-47856 (A stack-based buffer overflow vulnerability exists in the boa set_Radv ...)
+	TODO: check
+CVE-2023-47677 (A cross-site request forgery (csrf) vulnerability exists in the boa CS ...)
+	TODO: check
+CVE-2023-46685 (A hard-coded password vulnerability exists in the telnetd functionalit ...)
+	TODO: check
+CVE-2023-45742 (An integer overflow vulnerability exists in the boa updateConfigIntoFl ...)
+	TODO: check
+CVE-2023-45215 (A stack-based buffer overflow vulnerability exists in the boa setRepea ...)
+	TODO: check
+CVE-2023-41251 (A stack-based buffer overflow vulnerability exists in the boa formRout ...)
+	TODO: check
+CVE-2023-34435 (A firmware update vulnerability exists in the boa formUpload functiona ...)
+	TODO: check
 CVE-2024-6539 (A vulnerability classified as problematic has been found in heyewei Sp ...)
 	NOT-FOR-US: heyewei SpringBootCMS
 CVE-2024-5711 (Cross-site Scripting (XSS) - Stored in GitHub repository stitionai/dev ...)
@@ -1033,7 +1131,7 @@ CVE-2024-36387 (Serving WebSocket protocol upgrades over a HTTP/2 connection cou
 	- apache2 2.4.60-1
 	NOTE: https://httpd.apache.org/security/vulnerabilities_24.html#CVE-2024-36387
 	NOTE: https://github.com/apache/httpd/commit/c69a51bff8157e403121f8436d85dde21ad28bd2
-CVE-2024-6409 [Possible remote code execution in privsep child due to a race condition in signal handling]
+CVE-2024-6409 (A signal handler race condition vulnerability was found in OpenSSH's s ...)
 	- openssh <not-affected> (Exploitable issue in RHEL9 packaged versions)
 	NOTE: https://www.openwall.com/lists/oss-security/2024/07/08/2
 CVE-2024-6387 (A security regression (CVE-2006-5051) was discovered in OpenSSH's serv ...)



View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/abb6491b5de702153b563b76517b4e4dd77b691a

-- 
This project does not include diff previews in email notifications.
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/abb6491b5de702153b563b76517b4e4dd77b691a
You're receiving this email because of your account on salsa.debian.org.


-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://alioth-lists.debian.net/pipermail/debian-security-tracker-commits/attachments/20240708/1ef57711/attachment-0001.htm>

More information about the debian-security-tracker-commits mailing list