[Git][security-tracker-team/security-tracker][master] automatic update

Salvatore Bonaccorso (@carnil) carnil at debian.org
Thu Jul 11 22:00:53 BST 2024 


Salvatore Bonaccorso pushed to branch master at Debian Security Tracker / security-tracker


Commits:
be06487e by security tracker role at 2024-07-11T20:12:26+00:00
automatic update

- - - - -


1 changed file:

- data/CVE/list


Changes:

=====================================
data/CVE/list
=====================================
@@ -1,3 +1,107 @@
+CVE-2024-6681 (A vulnerability, which was classified as critical, has been found in w ...)
+	TODO: check
+CVE-2024-6680 (A vulnerability classified as critical was found in witmy my-springsec ...)
+	TODO: check
+CVE-2024-6679 (A vulnerability classified as critical has been found in witmy my-spri ...)
+	TODO: check
+CVE-2024-6643
+	REJECTED
+CVE-2024-6531 (A vulnerability has been identified in Bootstrap that exposes users to ...)
+	TODO: check
+CVE-2024-6528 (CWE-79: Improper Neutralization of Input During Web Page Generation (' ...)
+	TODO: check
+CVE-2024-6485 (A security vulnerability has been discovered in bootstrap that could e ...)
+	TODO: check
+CVE-2024-6484 (A vulnerability has been identified in Bootstrap that exposes users to ...)
+	TODO: check
+CVE-2024-6407 (CWE-200: Information Exposure vulnerability exists that could cause di ...)
+	TODO: check
+CVE-2024-6035 (A Stored Cross-Site Scripting (XSS) vulnerability exists in gaizhenbia ...)
+	TODO: check
+CVE-2024-5681 (CWE-20: Improper Input Validation vulnerability exists that could caus ...)
+	TODO: check
+CVE-2024-5680 (CWE-129: Improper Validation of Array Index vulnerability exists that  ...)
+	TODO: check
+CVE-2024-5679 (CWE-787: Out-of-Bounds Write vulnerability exists that could cause loc ...)
+	TODO: check
+CVE-2024-39905 (Red is a fully modular Discord bot. Due to a bug in Red's Core API, 3r ...)
+	TODO: check
+CVE-2024-39904 (VNote is a note-taking platform. Prior to 3.18.1, a code execution vul ...)
+	TODO: check
+CVE-2024-39553 (An Exposure of Resource to Wrong Sphere vulnerability in the sampling  ...)
+	TODO: check
+CVE-2024-39552 (An Improper Handling of Exceptional Conditions vulnerability in the ro ...)
+	TODO: check
+CVE-2024-39551 (An Uncontrolled Resource Consumption vulnerability in the H.323 ALG (A ...)
+	TODO: check
+CVE-2024-39550 (A Missing Release of Memory after Effective Lifetime vulnerability in  ...)
+	TODO: check
+CVE-2024-39549 (A Missing Release of Memory after Effective Lifetime vulnerability in  ...)
+	TODO: check
+CVE-2024-39548 (An Uncontrolled Resource Consumption vulnerability in the aftmand proc ...)
+	TODO: check
+CVE-2024-39546 (A Missing Authorization vulnerability in the Socket Intercept (SI) com ...)
+	TODO: check
+CVE-2024-39545 (An Improper Check for Unusual or Exceptional Conditions vulnerability  ...)
+	TODO: check
+CVE-2024-39543 (A Buffer Copy without Checking Size of Inputvulnerability in the routi ...)
+	TODO: check
+CVE-2024-39542 (An Improper Validation of Syntactic Correctness of Input vulnerability ...)
+	TODO: check
+CVE-2024-39541 (An Improper Handling of Exceptional Conditions vulnerability in the Ro ...)
+	TODO: check
+CVE-2024-39540 (An Improper Check for Unusual or Exceptional Conditions vulnerability  ...)
+	TODO: check
+CVE-2024-39539 (A Missing Release of Memory after Effective Lifetime vulnerability in  ...)
+	TODO: check
+CVE-2024-39538 (A Buffer Copy without Checking Size of Input vulnerability in the PFE  ...)
+	TODO: check
+CVE-2024-39537 (An Improper Restriction of Communication Channel to Intended Endpoints ...)
+	TODO: check
+CVE-2024-39536 (A Missing Release of Memory after Effective Lifetime vulnerability in  ...)
+	TODO: check
+CVE-2024-39535 (An Improper Check for Unusual or Exceptional Conditions vulnerability  ...)
+	TODO: check
+CVE-2024-39533 (An Unimplemented or Unsupported Feature in the UI vulnerability in Jun ...)
+	TODO: check
+CVE-2024-39532 (AnInsertion of Sensitive Information into Log File vulnerability in Ju ...)
+	TODO: check
+CVE-2024-39531 (An Improper Handling of Values vulnerability in the Packet Forwarding  ...)
+	TODO: check
+CVE-2024-39530 (An Improper Check for Unusual or Exceptional Conditions vulnerability  ...)
+	TODO: check
+CVE-2024-39529 (A Use of Externally-Controlled Format String vulnerability in the Pack ...)
+	TODO: check
+CVE-2024-39528 (A Use After Free vulnerability in the Routing Protocol Daemon (rpd) of ...)
+	TODO: check
+CVE-2024-39524 (An Improper Neutralization of Special Elements vulnerability in Junipe ...)
+	TODO: check
+CVE-2024-39523 (An Improper Neutralization of Special Elements vulnerability in Junipe ...)
+	TODO: check
+CVE-2024-39522 (An Improper Neutralization of Special Elements vulnerability in Junipe ...)
+	TODO: check
+CVE-2024-39521 (An Improper Neutralization of Special Elements vulnerability in Junipe ...)
+	TODO: check
+CVE-2024-39520 (AnImproper Neutralization of Special Elements vulnerability in Juniper ...)
+	TODO: check
+CVE-2024-39519 (An Improper Check for Unusual or Exceptional Conditions vulnerability  ...)
+	TODO: check
+CVE-2024-39317 (Wagtail is an open source content management system built on Django. A ...)
+	TODO: check
+CVE-2024-38536 (Suricata is a network Intrusion Detection System, Intrusion Prevention ...)
+	TODO: check
+CVE-2024-38535 (Suricata is a network Intrusion Detection System, Intrusion Prevention ...)
+	TODO: check
+CVE-2024-38534 (Suricata is a network Intrusion Detection System, Intrusion Prevention ...)
+	TODO: check
+CVE-2024-37151 (Suricata is a network Intrusion Detection System, Intrusion Prevention ...)
+	TODO: check
+CVE-2024-32753 (Under certain circumstances the camera may be susceptible to known vul ...)
+	TODO: check
+CVE-2024-2602 (CWE-22: Improper Limitation of a Pathname to a Restricted Directory (' ...)
+	TODO: check
+CVE-2024-28872 (The TLS certificate validation code is flawed. An attacker can obtain  ...)
+	TODO: check
 CVE-2024-6676 (A vulnerability has been found in witmy my-springsecurity-plus up to 2 ...)
 	TODO: check
 CVE-2024-6666 (The WP ERP plugin for WordPress is vulnerable to SQL Injection via the ...)
@@ -2485,10 +2589,12 @@ CVE-2024-39884 (A regression in the core of Apache HTTP Server 2.4.60 ignores so
 	NOTE: Introduced by https://github.com/apache/httpd/commit/925b6f0ceb8983a11662b5f3a6f2fa75860c2cde
 	NOTE: Likely a regression during fix of CVE-2024-38476
 CVE-2024-39573 (Potential SSRF in mod_rewrite in Apache HTTP Server 2.4.59 and earlier ...)
+	{DSA-5729-1}
 	- apache2 2.4.60-1
 	NOTE: https://httpd.apache.org/security/vulnerabilities_24.html#CVE-2024-39573
 	NOTE: likely fix according to comment in code https://github.com/apache/httpd/commit/9494aa8d52e3c263bc0413b77ac8a73b0d524388
 CVE-2024-38477 (null pointer dereference in mod_proxy in Apache HTTP Server 2.4.59 and ...)
+	{DSA-5729-1}
 	- apache2 2.4.60-1
 	NOTE: https://httpd.apache.org/security/vulnerabilities_24.html#CVE-2024-38477
 	NOTE: Fixed by https://github.com/apache/httpd/commit/1d98d4db186e708f059336fb9342d0adb6925e85
@@ -2496,12 +2602,14 @@ CVE-2024-38477 (null pointer dereference in mod_proxy in Apache HTTP Server 2.4.
 	NOTE: Regression identified by Ubuntu https://bugs.launchpad.net/ubuntu/+source/apache2/+bug/2072648
 	NOTE: Rgression fixed by https://github.com/apache/httpd/commit/4d3a308014be26e5407113b4c827a1ea2882bf38
 CVE-2024-38476 (Vulnerability in core of Apache HTTP Server 2.4.59 and earlier are vul ...)
+	{DSA-5729-1}
 	- apache2 2.4.60-1
 	NOTE: https://httpd.apache.org/security/vulnerabilities_24.html#CVE-2024-38476
 	NOTE: Fixed by https://github.com/apache/httpd/commit/925b6f0ceb8983a11662b5f3a6f2fa75860c2cde
 	NOTE: (or https://svn.apache.org/viewvc?view=revision&revision=1918560)
 	NOTE: see also regression CVE-2024-39884
 CVE-2024-38475 (Improper escaping of output in mod_rewrite in Apache HTTP Server 2.4.5 ...)
+	{DSA-5729-1}
 	- apache2 2.4.60-1
 	NOTE: https://httpd.apache.org/security/vulnerabilities_24.html#CVE-2024-38475
 	NOTE: same fix as CVE-2024-28474
@@ -2509,6 +2617,7 @@ CVE-2024-38475 (Improper escaping of output in mod_rewrite in Apache HTTP Server
 	NOTE: Need also log fix https://github.com/apache/httpd/commit/4797330ad813d9f8a2bb1b3b8d03ceb523dc4884
 	NOTE: (or https://svn.apache.org/viewvc?view=revision&revision=1918561)
 CVE-2024-38474 (Substitution encoding issue in mod_rewrite in Apache HTTP Server 2.4.5 ...)
+	{DSA-5729-1}
 	- apache2 2.4.60-1
 	NOTE: https://httpd.apache.org/security/vulnerabilities_24.html#CVE-2024-38474
 	NOTE: same fix as CVE-2024-28475
@@ -2516,6 +2625,7 @@ CVE-2024-38474 (Substitution encoding issue in mod_rewrite in Apache HTTP Server
 	NOTE: need also log fix https://github.com/apache/httpd/commit/4797330ad813d9f8a2bb1b3b8d03ceb523dc4884
 	NOTE: (or https://svn.apache.org/viewvc?view=revision&revision=1918561)
 CVE-2024-38473 (Encoding problem in mod_proxy in Apache HTTP Server 2.4.59 and earlier ...)
+	{DSA-5729-1}
 	- apache2 2.4.60-1
 	NOTE: https://httpd.apache.org/security/vulnerabilities_24.html#CVE-2024-38473
 	NOTE: https://github.com/apache/httpd/pull/457
@@ -2531,6 +2641,7 @@ CVE-2024-38472 (SSRF in Apache HTTP Server on Windows allows to potentially leak
 	NOTE: https://github.com/apache/httpd/commit/12542a80324b69ad6a1a489e1b697398551a5fe0
 	NOTE: Only affects Apache HTTP Server on Windows
 CVE-2024-36387 (Serving WebSocket protocol upgrades over a HTTP/2 connection could res ...)
+	{DSA-5729-1}
 	- apache2 2.4.60-1
 	NOTE: https://httpd.apache.org/security/vulnerabilities_24.html#CVE-2024-36387
 	NOTE: https://github.com/apache/httpd/commit/c69a51bff8157e403121f8436d85dde21ad28bd2
@@ -7764,7 +7875,7 @@ CVE-2024-23518 (Missing Authorization vulnerability in Navneil Naicker ACF Photo
 	NOT-FOR-US: WordPress plugin
 CVE-2024-23503 (Missing Authorization vulnerability in WPManageNinja LLC Ninja Tables. ...)
 	NOT-FOR-US: WordPress plugin
-CVE-2024-23111 (A use of password hash with insufficient computational effort vulnerab ...)
+CVE-2024-23111 (An improper neutralization of input during web page Generation ('Cross ...)
 	NOT-FOR-US: FortiGuard
 CVE-2024-23110 (A stack-based buffer overflow in Fortinet FortiOS version 7.4.0 throug ...)
 	NOT-FOR-US: FortiGuard



View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/be06487e71c5d9d65a362add2c90c9d6e0c27b67

-- 
This project does not include diff previews in email notifications.
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/be06487e71c5d9d65a362add2c90c9d6e0c27b67
You're receiving this email because of your account on salsa.debian.org.


-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://alioth-lists.debian.net/pipermail/debian-security-tracker-commits/attachments/20240711/c286835c/attachment.htm>

More information about the debian-security-tracker-commits mailing list