[Git][security-tracker-team/security-tracker][master] automatic update

Salvatore Bonaccorso (@carnil) carnil at debian.org
Wed Jul 10 21:12:37 BST 2024 


Salvatore Bonaccorso pushed to branch master at Debian Security Tracker / security-tracker


Commits:
35c4e614 by security tracker role at 2024-07-10T20:12:16+00:00
automatic update

- - - - -


1 changed file:

- data/CVE/list


Changes:

=====================================
data/CVE/list
=====================================
@@ -1,3 +1,113 @@
+CVE-2024-6649 (A vulnerability has been found in SourceCodester Employee and Visitor  ...)
+	TODO: check
+CVE-2024-6647 (** UNSUPPORTED WHEN ASSIGNED ** A vulnerability classified as critical ...)
+	TODO: check
+CVE-2024-6646 (A vulnerability was found in Netgear WN604 up to 20240710. It has been ...)
+	TODO: check
+CVE-2024-6645 (A vulnerability was found in WuKongOpenSource Wukong_nocode up to 2023 ...)
+	TODO: check
+CVE-2024-6644 (A vulnerability was found in zmops ArgusDBM up to 0.1.0. It has been c ...)
+	TODO: check
+CVE-2024-6642
+	REJECTED
+CVE-2024-6630
+	REJECTED
+CVE-2024-6556 (The SmartCrawl WordPress SEO checker, SEO analyzer, SEO optimizer plug ...)
+	TODO: check
+CVE-2024-6235 (Sensitive information disclosureinNetScaler Console)
+	TODO: check
+CVE-2024-5913 (An improper input validation vulnerability in Palo Alto Networks PAN-O ...)
+	TODO: check
+CVE-2024-5912 (An improper file signature check in Palo Alto Networks Cortex XDR agen ...)
+	TODO: check
+CVE-2024-5911 (An arbitrary file upload vulnerability in Palo Alto Networks Panorama  ...)
+	TODO: check
+CVE-2024-5910 (Missing authentication for a critical function in Palo Alto Networks E ...)
+	TODO: check
+CVE-2024-5492 (Open redirect vulnerability allows a remote unauthenticated attacker t ...)
+	TODO: check
+CVE-2024-5491 (Denial of Service in NetScaler ADC and NetScaler Gateway in NetScaler)
+	TODO: check
+CVE-2024-5217 (ServiceNow has addressed an input validation vulnerability that was id ...)
+	TODO: check
+CVE-2024-5178 (ServiceNow has addressed a sensitive file read vulnerability that was  ...)
+	TODO: check
+CVE-2024-4879 (ServiceNow has addressed an input validation vulnerability that was id ...)
+	TODO: check
+CVE-2024-40417 (A vulnerability was found in Tenda AX1806 1.0.0.1. Affected by this is ...)
+	TODO: check
+CVE-2024-40412 (Tenda AX12 v1.0 v22.03.01.46 contains a stack overflow in the deviceLi ...)
+	TODO: check
+CVE-2024-40336 (idccms v1.35 is vulnerable to Cross Site Scripting (XSS) within the 'I ...)
+	TODO: check
+CVE-2024-40334 (idccms v1.35 was discovered to contain a Cross-Site Request Forgery (C ...)
+	TODO: check
+CVE-2024-40333 (idccms v1.35 was discovered to contain a Cross-Site Request Forgery (C ...)
+	TODO: check
+CVE-2024-40332 (idccms v1.35 was discovered to contain a Cross-Site Request Forgery (C ...)
+	TODO: check
+CVE-2024-40331 (idccms v1.35 was discovered to contain a Cross-Site Request Forgery (C ...)
+	TODO: check
+CVE-2024-40329 (idccms v1.35 was discovered to contain a Cross-Site Request Forgery (C ...)
+	TODO: check
+CVE-2024-40328 (idccms v1.35 was discovered to contain a Cross-Site Request Forgery (C ...)
+	TODO: check
+CVE-2024-3799 (Insecure handling of POST header parameter bodyincluded in requests be ...)
+	TODO: check
+CVE-2024-3798 (Insecure handling of GET header parameter fileincluded in requests bei ...)
+	TODO: check
+CVE-2024-3325 (Vulnerability in Jaspersoft JasperReport Servers.This issue affects Ja ...)
+	TODO: check
+CVE-2024-39693 (Next.js is a React framework. A Denial of Service (DoS) condition was  ...)
+	TODO: check
+CVE-2024-38354 (CodiMD allows realtime collaborative markdown notes on all platforms.  ...)
+	TODO: check
+CVE-2024-38353 (CodiMD allows realtime collaborative markdown notes on all platforms.  ...)
+	TODO: check
+CVE-2024-37770 (14Finger v1.1 was discovered to contain a remote command execution (RC ...)
+	TODO: check
+CVE-2024-37504 (Exposure of Sensitive Information to an Unauthorized Actor vulnerabili ...)
+	TODO: check
+CVE-2024-37498 (Exposure of Sensitive Information to an Unauthorized Actor vulnerabili ...)
+	TODO: check
+CVE-2024-37310 (EVerest is an EV charging software stack. An integer overflow in the " ...)
+	TODO: check
+CVE-2024-37270 (Insertion of Sensitive Information into Log File vulnerability in Trus ...)
+	TODO: check
+CVE-2024-37205 (Insertion of Sensitive Information into Log File vulnerability in SERV ...)
+	TODO: check
+CVE-2024-37149 (GLPI is an open-source asset and IT management software package that p ...)
+	TODO: check
+CVE-2024-37148 (GLPI is an open-source asset and IT management software package that p ...)
+	TODO: check
+CVE-2024-37147 (GLPI is an open-source asset and IT management software package that p ...)
+	TODO: check
+CVE-2024-37115 (Exposure of Sensitive Information to an Unauthorized Actor vulnerabili ...)
+	TODO: check
+CVE-2024-37113 (Exposure of Sensitive Information to an Unauthorized Actor vulnerabili ...)
+	TODO: check
+CVE-2024-37110 (Exposure of Sensitive Information to an Unauthorized Actor vulnerabili ...)
+	TODO: check
+CVE-2024-32759 (Under certain circumstances the Software House C\u25cfCURE 9000 instal ...)
+	TODO: check
+CVE-2024-32469 (Decidim is a participatory democracy framework. The pagination feature ...)
+	TODO: check
+CVE-2024-28828 (Cross-Site request forgery in Checkmk < 2.3.0p8, < 2.2.0p29, < 2.1.0p4 ...)
+	TODO: check
+CVE-2024-28827 (Incorrect permissions on the Checkmk Windows Agent's data directory in ...)
+	TODO: check
+CVE-2024-27095 (Decidim is a participatory democracy framework. The admin panel is sub ...)
+	TODO: check
+CVE-2024-27090 (Decidim is a participatory democracy framework, written in Ruby on Rai ...)
+	TODO: check
+CVE-2024-20456 (A vulnerability in the boot process of Cisco IOS XR Software could all ...)
+	TODO: check
+CVE-2023-35006 (IBM Security QRadar EDR 3.12 is vulnerable to HTML injection. A remote ...)
+	TODO: check
+CVE-2023-33860 (IBM Security QRadar EDR 3.12 does not set the secure attribute on auth ...)
+	TODO: check
+CVE-2023-33859 (IBM Security QRadar EDR 3.12 could disclose sensitive information due  ...)
+	TODO: check
 CVE-2024-6550 (The Gravity Forms: Multiple Form Instances plugin for WordPress is vul ...)
 	NOT-FOR-US: WordPress plugin
 CVE-2024-6433 (Relative Path Traversal in GitHub repository stitionai/devika prior to ...)
@@ -777,7 +887,7 @@ CVE-2024-27360 (A vulnerability was discovered in Samsung Mobile Processors Exyn
 	NOT-FOR-US: Samsung
 CVE-2024-27183 (XSS vulnerability in  DJ-HelpfulArticles component for Joomla.)
 	NOT-FOR-US: Joomla extension
-CVE-2024-26279 (Inadequate content filtering leads to XSS vulnerabilities in various c ...)
+CVE-2024-26279 (The wrapper extensions do not correctly validate inputs, leading to XS ...)
 	NOT-FOR-US: Joomla extension
 CVE-2024-26278 (The Custom Fields component not correctly filter inputs, leading to a  ...)
 	NOT-FOR-US: Joomla extension
@@ -928,22 +1038,26 @@ CVE-2024-6605 (Firefox Android allowed immediate interaction with permission pro
 	- firefox <not-affected> (Only affects Firefox on Android)
 	NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2024-29/#CVE-2024-6605
 CVE-2024-6604 (Memory safety bugs present in Firefox 127, Firefox ESR 115.12, and Thu ...)
+	{DSA-5727-1}
 	- firefox <unfixed>
 	- firefox-esr 115.13.0esr-1
 	NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2024-29/#CVE-2024-6604
 	NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2024-30/#CVE-2024-6604
 CVE-2024-6603 (In an out-of-memory scenario an allocation could fail but free would h ...)
+	{DSA-5727-1}
 	- firefox <unfixed>
 	- firefox-esr 115.13.0esr-1
 	NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2024-29/#CVE-2024-6603
 	NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2024-30/#CVE-2024-6603
 CVE-2024-6602 (A mismatch between allocator and deallocator could have lead to memory ...)
+	{DSA-5727-1}
 	- firefox <unfixed>
 	- firefox-esr 115.13.0esr-1
 	NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2024-29/#CVE-2024-6602
 	NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2024-30/#CVE-2024-6602
 	TODO: check how its related to src:nss and if src:nss tracking is necessary
 CVE-2024-6601 (A race condition could lead to a cross-origin container obtaining perm ...)
+	{DSA-5727-1}
 	- firefox <unfixed>
 	- firefox-esr 115.13.0esr-1
 	NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2024-29/#CVE-2024-6601
@@ -1171,7 +1285,7 @@ CVE-2024-25639 (Khoj is an application that creates personal AI agents. The Khoj
 CVE-2024-24974 (The interactive service in OpenVPN 2.6.9 and earlier allows the OpenVP ...)
 	- openvpn <not-affected> (Only affects Windows)
 	NOTE: https://openvpn.net/security-advisory/ovpnx-vulnerability-cve-2024-27903-cve-2024-27459-cve-2024-24974/
-CVE-2024-23562 (This vulnerability is re-assessed. Vulnerability details will be updat ...)
+CVE-2024-23562 (This vulnerability is being re-assessed. Vulnerability details will be ...)
 	NOT-FOR-US: HCL Domino
 CVE-2024-21778 (A heap-based buffer overflow vulnerability exists in the configuration ...)
 	NOT-FOR-US: Realtek rtl819x Jungle SDK
@@ -1237,7 +1351,7 @@ CVE-2024-31897 (IBM Cloud Pak for Business Automation 18.0.0, 18.0.1, 18.0.2, 19
 	NOT-FOR-US: IBM
 CVE-2024-6229 (A stored cross-site scripting (XSS) vulnerability exists in the 'Uploa ...)
 	NOT-FOR-US: stangirard/quivr
-CVE-2024-40614 (EGroupware before 23.1.20240624 mishandles an ORDER BY clause.)
+CVE-2024-40614 (EGroupware before 23.1.20240624 mishandles an ORDER BY clause. This le ...)
 	NOT-FOR-US: EGroupware
 CVE-2024-40605 (An issue was discovered in the Foreground skin for MediaWiki through 1 ...)
 	NOT-FOR-US: Foreground skin for MediaWiki



View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/35c4e614e885981647c43bca0518441a68e4d54d

-- 
This project does not include diff previews in email notifications.
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/35c4e614e885981647c43bca0518441a68e4d54d
You're receiving this email because of your account on salsa.debian.org.


-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://alioth-lists.debian.net/pipermail/debian-security-tracker-commits/attachments/20240710/77c4c7ff/attachment.htm>

More information about the debian-security-tracker-commits mailing list