[Git][security-tracker-team/security-tracker][master] automatic update
Salvatore Bonaccorso (@carnil)
carnil at debian.org
Wed Jul 17 21:12:03 BST 2024
Salvatore Bonaccorso pushed to branch master at Debian Security Tracker / security-tracker
Commits:
95fdbcd6 by security tracker role at 2024-07-17T20:11:46+00:00
automatic update
- - - - -
1 changed file:
- data/CVE/list
Changes:
=====================================
data/CVE/list
=====================================
@@ -1,3 +1,121 @@
+CVE-2024-6834 (A vulnerability in APIML Spring Cloud Gateway which leverages user pri ...)
+ TODO: check
+CVE-2024-6833 (A vulnerability in Zowe CLI allows local, privileged actors to store p ...)
+ TODO: check
+CVE-2024-6830 (A vulnerability, which was classified as critical, was found in Source ...)
+ TODO: check
+CVE-2024-6765
+ REJECTED
+CVE-2024-5471 (Zohocorp ManageEngine DDI Central versions 4001 and prior were vulnera ...)
+ TODO: check
+CVE-2024-40641 (Nuclei is a fast and customizable vulnerability scanner based on simpl ...)
+ TODO: check
+CVE-2024-40640 (vodozemac is an open source implementation of Olm and Megolm in pure R ...)
+ TODO: check
+CVE-2024-40639
+ REJECTED
+CVE-2024-40636 (Steeltoe is an open source project that provides a collection of libra ...)
+ TODO: check
+CVE-2024-40633 (Sylius is an Open Source eCommerce Framework on Symfony. A security vu ...)
+ TODO: check
+CVE-2024-40617 (Path traversal vulnerability exists in FUJITSU Network Edgiot GW1500 ( ...)
+ TODO: check
+CVE-2024-40420 (A Server-Side Template Injection (SSTI) vulnerability in the edit them ...)
+ TODO: check
+CVE-2024-40402 (A SQL injection vulnerability was found in 'ajax.php' of Sourcecodeste ...)
+ TODO: check
+CVE-2024-40119 (Nepstech Wifi Router xpon (terminal) model NTPL-Xpon1GFEVN v.1.0 Firmw ...)
+ TODO: check
+CVE-2024-39126 (Roundup before 2.4.0 allows XSS via JavaScript in PDF, XML, and SVG do ...)
+ TODO: check
+CVE-2024-39125 (Roundup before 2.4.0 allows XSS via a SCRIPT element in an HTTP Refere ...)
+ TODO: check
+CVE-2024-39124 (In Roundup before 2.4.0, classhelpers (_generic.help.html) allow XSS.)
+ TODO: check
+CVE-2024-38870 (Zohocorp ManageEngine OpManager, OpManager Plus, OpManager MSP and OpM ...)
+ TODO: check
+CVE-2024-38447 (NATO NCI ANET 3.4.1 allows Insecure Direct Object Reference via a modi ...)
+ TODO: check
+CVE-2024-38446 (NATO NCI ANET 3.4.1 mishandles report ownership. A user can create a r ...)
+ TODO: check
+CVE-2024-36491 (FutureNet NXR series, VXR series and WXR series provided by Century Sy ...)
+ TODO: check
+CVE-2024-36475 (FutureNet NXR series, VXR series and WXR series provided by Century Sy ...)
+ TODO: check
+CVE-2024-32981 (Silverstripe framework is the PHP framework forming the base for the S ...)
+ TODO: check
+CVE-2024-31979 (Server-Side Request Forgery (SSRF) vulnerability in Apache StreamPipes ...)
+ TODO: check
+CVE-2024-31411 (Unrestricted Upload of File with dangerous type vulnerability in Apach ...)
+ TODO: check
+CVE-2024-31070 (Initialization of a resource with an insecure default vulnerability in ...)
+ TODO: check
+CVE-2024-30471 (Time-of-check Time-of-use (TOCTOU) Race Condition vulnerability in Apa ...)
+ TODO: check
+CVE-2024-29885 (silverstripe/reports is an API for creating backend reports in the Sil ...)
+ TODO: check
+CVE-2024-29737 (In streampark, the project module integrates Maven's compilation capab ...)
+ TODO: check
+CVE-2024-29120 (In Streampark (version < 2.1.4), when a user logged in successfully, t ...)
+ TODO: check
+CVE-2024-28993 (The SolarWinds Access Rights Manager was susceptible to a Directory Tr ...)
+ TODO: check
+CVE-2024-28992 (The SolarWinds Access Rights Manager was susceptible to a Directory Tr ...)
+ TODO: check
+CVE-2024-28796 (IBM ClearQuest (CQ) 9.1 through 9.1.0.6 is vulnerable to stored cross- ...)
+ TODO: check
+CVE-2024-28074 (It was discovered that a previous vulnerability was not completely fix ...)
+ TODO: check
+CVE-2024-27311 (Zohocorp ManageEngine DDI Central versions 4001 and prior were vulnera ...)
+ TODO: check
+CVE-2024-23475 (The SolarWinds Access Rights Manager was susceptible to a Directory Tr ...)
+ TODO: check
+CVE-2024-23474 (The SolarWinds Access Rights Manager was found to be susceptible to an ...)
+ TODO: check
+CVE-2024-23472 (SolarWinds Access Rights Manager (ARM) is susceptible to Directory Tra ...)
+ TODO: check
+CVE-2024-23471 (The SolarWinds Access Rights Manager was found to be susceptible to a ...)
+ TODO: check
+CVE-2024-23470 (The SolarWinds Access Rights Manager was found to be susceptible to a ...)
+ TODO: check
+CVE-2024-23469 (SolarWinds Access Rights Manager (ARM) is susceptible to a Remote Code ...)
+ TODO: check
+CVE-2024-23468 (The SolarWinds Access Rights Manager was susceptible to a Directory Tr ...)
+ TODO: check
+CVE-2024-23467 (The SolarWinds Access Rights Manager was susceptible to a Directory Tr ...)
+ TODO: check
+CVE-2024-23466 (SolarWinds Access Rights Manager (ARM) is susceptible to a Directory T ...)
+ TODO: check
+CVE-2024-23465 (The SolarWinds Access Rights Manager was found to be susceptible to an ...)
+ TODO: check
+CVE-2024-20435 (A vulnerability in the CLI of Cisco AsyncOS for Secure Web Appliance c ...)
+ TODO: check
+CVE-2024-20429 (A vulnerability in the web-based management interface of Cisco AsyncOS ...)
+ TODO: check
+CVE-2024-20419 (A vulnerability in the authentication system of Cisco Smart Software M ...)
+ TODO: check
+CVE-2024-20416 (A vulnerability in the upload module of Cisco RV340 and RV345 Dual WAN ...)
+ TODO: check
+CVE-2024-20401 (A vulnerability in the content scanning and message filtering features ...)
+ TODO: check
+CVE-2024-20400 (A vulnerability in the web-based management interface of Cisco Express ...)
+ TODO: check
+CVE-2024-20396 (A vulnerability in the protocol handlers of Cisco Webex App could allo ...)
+ TODO: check
+CVE-2024-20395 (A vulnerability in the media retrieval functionality of Cisco Webex Ap ...)
+ TODO: check
+CVE-2024-20323 (A vulnerability in Cisco Intelligent Node (iNode) Software could allow ...)
+ TODO: check
+CVE-2024-20296 (A vulnerability in the web-based management interface of Cisco Identit ...)
+ TODO: check
+CVE-2023-7272 (In Eclipse Parsson before 1.0.4 and 1.1.3, a document with a large dep ...)
+ TODO: check
+CVE-2023-52291 (In streampark, the project module integrates Maven's compilation capab ...)
+ TODO: check
+CVE-2023-4976 (A flaw exists in Purity//FB whereby a local account is permitted to au ...)
+ TODO: check
+CVE-2023-42010 (IBM Sterling B2B Integrator Standard Edition 6.0.0.0 through 6.1.2.5 a ...)
+ TODO: check
CVE-2024-6808 (A vulnerability was found in itsourcecode Simple Task List 1.0. It has ...)
NOT-FOR-US: itsourcecode Simple Task List
CVE-2024-6807 (A vulnerability was found in SourceCodester Student Study Center Desk ...)
@@ -57,8 +175,10 @@ CVE-2024-40536 (Shenzhen Libituo Technology Co., Ltd LBT-T300-T400 v3.2 were dis
CVE-2024-40535 (Shenzhen Libituo Technology Co., Ltd LBT-T300-T400 v3.2 was discovered ...)
NOT-FOR-US: Shenzhen Libituo Technology Co., Ltd LBT-T300-T400
CVE-2024-3176 (Out of bounds write in SwiftShader in Google Chrome prior to 117.0.593 ...)
+ {DSA-5499-1}
- chromium 117.0.5938.62-1
CVE-2024-3175 (Insufficient data validation in Extensions in Google Chrome prior to 1 ...)
+ {DSA-5573-1}
- chromium 120.0.6099.71-1
CVE-2024-3174 (Inappropriate implementation in V8 in Google Chrome prior to 119.0.604 ...)
TODO: check
@@ -940,7 +1060,7 @@ CVE-2023-52885 (In the Linux kernel, the following vulnerability has been resolv
NOTE: https://git.kernel.org/linus/fc80fc2d4e39137869da3150ee169b40bf879287 (6.5-rc1)
CVE-2024-6465 (The WP Links Page plugin for WordPress is vulnerable to unauthorized m ...)
NOT-FOR-US: WordPress plugin
-CVE-2024-6716 (A flaw was found in libtiff. This flaw allows an attacker to create a ...)
+CVE-2024-6716 (A flaw was found in the libtiff library. An out-of-memory issue in the ...)
- tiff <unfixed>
NOTE: https://bugzilla.redhat.com/show_bug.cgi?id=2297636
CVE-2024-6574 (The Laposta plugin for WordPress is vulnerable to Full Path Disclosure ...)
@@ -3716,7 +3836,8 @@ CVE-2024-6126 (A flaw was found in the cockpit package. This flaw allows an auth
NOTE: https://bugzilla.redhat.com/show_bug.cgi?id=2290859
CVE-2024-6052 (Stored XSS in Checkmk before versions 2.3.0p10, 2.2.0p29, 2.1.0p45, an ...)
- check-mk <removed>
-CVE-2024-5887 (A Cross-Site Request Forgery (CSRF) vulnerability exists in stitionai/ ...)
+CVE-2024-5887
+ REJECTED
NOT-FOR-US: stitionai/devika
CVE-2024-5821 (The vulnerability allows an attacker to access sensitive files on the ...)
NOT-FOR-US: stitionai/devika
@@ -5811,7 +5932,8 @@ CVE-2024-4899 (The SEOPress WordPress plugin before 7.8 does not sanitise and e
NOT-FOR-US: WordPress plugin
CVE-2024-4499 (A Cross-Site Request Forgery (CSRF) vulnerability exists in the XTTS s ...)
NOT-FOR-US: parisneo/lollms
-CVE-2024-4460 (A denial of service (DoS) vulnerability exists in zenml-io/zenml versi ...)
+CVE-2024-4460
+ REJECTED
NOT-FOR-US: zenml
CVE-2024-3121 (A remote code execution vulnerability exists in the create_conda_env f ...)
NOT-FOR-US: lollms
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/95fdbcd6d2c7bb34090d8e295aaf986478bb57f6
--
This project does not include diff previews in email notifications.
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/95fdbcd6d2c7bb34090d8e295aaf986478bb57f6
You're receiving this email because of your account on salsa.debian.org.
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://alioth-lists.debian.net/pipermail/debian-security-tracker-commits/attachments/20240717/ccb4993e/attachment.htm>
More information about the debian-security-tracker-commits
mailing list