[Git][security-tracker-team/security-tracker][master] automatic update

Salvatore Bonaccorso (@carnil) carnil at debian.org
Thu Jul 18 21:12:13 BST 2024 


Salvatore Bonaccorso pushed to branch master at Debian Security Tracker / security-tracker


Commits:
3d86f0e4 by security tracker role at 2024-07-18T20:11:55+00:00
automatic update

- - - - -


1 changed file:

- data/CVE/list


Changes:

=====================================
data/CVE/list
=====================================
@@ -1,3 +1,67 @@
+CVE-2024-6504 (Rapid7 InsightVM Console versions below 6.6.260 suffer from a protecti ...)
+	TODO: check
+CVE-2024-5625 (Improper Restriction of XML External Entity Reference vulnerability in ...)
+	TODO: check
+CVE-2024-5620 (Authentication Bypass Using an Alternate Path or Channel vulnerability ...)
+	TODO: check
+CVE-2024-5619 (Authorization Bypass Through User-Controlled Key vulnerability in Pruv ...)
+	TODO: check
+CVE-2024-5618 (Incorrect Permission Assignment for Critical Resource vulnerability in ...)
+	TODO: check
+CVE-2024-5555 (The Element Pack Elementor Addons (Header Footer, Template Library, Dy ...)
+	TODO: check
+CVE-2024-5554 (The Element Pack Elementor Addons (Header Footer, Template Library, Dy ...)
+	TODO: check
+CVE-2024-5321 (A security issue was discovered in Kubernetes clusters with Windows no ...)
+	TODO: check
+CVE-2024-40648 (matrix-rust-sdk is an implementation of a Matrix client-server library ...)
+	TODO: check
+CVE-2024-40647 (sentry-sdk is the official Python SDK for Sentry.io. A bug in Sentry's ...)
+	TODO: check
+CVE-2024-40644 (gitoxide An idiomatic, lean, fast & safe pure Rust implementation of G ...)
+	TODO: check
+CVE-2024-40629 (JumpServer is an open-source Privileged Access Management (PAM) tool t ...)
+	TODO: check
+CVE-2024-40628 (JumpServer is an open-source Privileged Access Management (PAM) tool t ...)
+	TODO: check
+CVE-2024-3242 (The Brizy \u2013 Page Builder plugin for WordPress is vulnerable to ar ...)
+	TODO: check
+CVE-2024-39911 (1Panel is a web-based linux server management control panel. 1Panel co ...)
+	TODO: check
+CVE-2024-39907 (1Panel is a web-based linux server management control panel. There are ...)
+	TODO: check
+CVE-2024-39173 (calculator-boilerplate v1.0 was discovered to contain a remote code ex ...)
+	TODO: check
+CVE-2024-39152
+	REJECTED
+CVE-2024-39090 (The PHPGurukul Online Shopping Portal Project version 2.0 contains a v ...)
+	TODO: check
+CVE-2024-38806 (Failure to properly synchronize user's permissions in UAA in Cloud Fou ...)
+	TODO: check
+CVE-2024-38302 (Dell Data Lakehouse, version(s) 1.0.0.0, contain(s) a Missing Encrypti ...)
+	TODO: check
+CVE-2024-34013 (Local privilege escalation due to OS command injection vulnerability.  ...)
+	TODO: check
+CVE-2024-30473 (Dell ECS, versions prior to 3.8.1, contain a privilege elevation vulne ...)
+	TODO: check
+CVE-2024-30126 (HCL BigFix Compliance is affected by a missing X-Frame-Options HTTP he ...)
+	TODO: check
+CVE-2024-30125 (HCL BigFix Compliance server can respond with an HTTP status of 500, i ...)
+	TODO: check
+CVE-2024-29178 (On versions before 2.1.4, a user could log in and perform a template i ...)
+	TODO: check
+CVE-2024-0857 (Improper Neutralization of Special Elements used in an SQL Command ('S ...)
+	TODO: check
+CVE-2023-50304 (IBM Engineering Requirements Management DOORS Web Access 9.7.2.8 is vu ...)
+	TODO: check
+CVE-2023-40704 (Philips Vue PACS uses default credentials for potentially critical fun ...)
+	TODO: check
+CVE-2023-40539 (Philips Vue PACS does not require that users have strong passwords, wh ...)
+	TODO: check
+CVE-2023-40223 (Philips Vue PACS does not properly assign, modify, track, or check act ...)
+	TODO: check
+CVE-2023-40159 (A validated user not explicitly authorized to have access to certain s ...)
+	TODO: check
 CVE-2024-6705 (The RegLevel plugin for WordPress is vulnerable to Stored Cross-Site S ...)
 	NOT-FOR-US: WordPress plugin
 CVE-2024-6599 (The Meks Video Importer plugin for WordPress is vulnerable to unauthor ...)
@@ -31,7 +95,7 @@ CVE-2024-39679 (Cooked is a recipe plugin for WordPress. The Cooked plugin for W
 	NOT-FOR-US: WordPress plugin
 CVE-2024-39678 (Cooked is a recipe plugin for WordPress. The Cooked plugin is vulnerab ...)
 	NOT-FOR-US: WordPress plugin
-CVE-2024-29014 (Vulnerability in SonicWall NetExtender Windows (32 and 64-bit) client  ...)
+CVE-2024-29014 (Vulnerability in SonicWall SMA100 NetExtender Windows (32 and 64-bit)  ...)
 	NOT-FOR-US: SonicWall
 CVE-2023-6708 (The SVG Support plugin for WordPress is vulnerable to Stored Cross-Sit ...)
 	NOT-FOR-US: WordPress plugin
@@ -200,6 +264,7 @@ CVE-2024-5582 (The Schema & Structured Data for WP & AMP plugin for WordPress is
 CVE-2024-5566 (An improper privilege management vulnerability allowed users to migrat ...)
 	NOT-FOR-US: GitHub Enterprise Server
 CVE-2024-5500 (Inappropriate implementation in Sign-In in Google Chrome prior to 1.3. ...)
+	{DSA-5629-1}
 	- chromium 122.0.6261.57-1
 	[bullseye] - chromium <end-of-life> (see #1061268)
 CVE-2024-5255 (The Ultimate Addons for WPBakery plugin for WordPress is vulnerable to ...)
@@ -225,22 +290,29 @@ CVE-2024-3175 (Insufficient data validation in Extensions in Google Chrome prior
 	{DSA-5573-1}
 	- chromium 120.0.6099.71-1
 CVE-2024-3174 (Inappropriate implementation in V8 in Google Chrome prior to 119.0.604 ...)
+	{DSA-5546-1}
 	- chromium 119.0.6045.105-1
 CVE-2024-3173 (Insufficient data validation in Updater in Google Chrome prior to 120. ...)
+	{DSA-5573-1}
 	- chromium 120.0.6099.71-1
 CVE-2024-3172 (Insufficient data validation in DevTools in Google Chrome prior to 121 ...)
+	{DSA-5607-1}
 	- chromium 121.0.6167.85-1
 	[bullseye] - chromium <end-of-life> (see #1061268)
 CVE-2024-3171 (Use after free in Accessibility in Google Chrome prior to 122.0.6261.5 ...)
+	{DSA-5629-1}
 	- chromium 122.0.6261.57-1
 	[bullseye] - chromium <end-of-life> (see #1061268)
 CVE-2024-3170 (Use after free in WebRTC in Google Chrome prior to 121.0.6167.85 allow ...)
+	{DSA-5607-1}
 	- chromium 121.0.6167.85-1
 	[bullseye] - chromium <end-of-life> (see #1061268)
 CVE-2024-3169 (Use after free in V8 in Google Chrome prior to 121.0.6167.139 allowed  ...)
+	{DSA-5612-1}
 	- chromium 121.0.6167.139-1
 	[bullseye] - chromium <end-of-life> (see #1061268)
 CVE-2024-3168 (Use after free in DevTools in Google Chrome prior to 122.0.6261.57 all ...)
+	{DSA-5629-1}
 	- chromium 122.0.6261.57-1
 	[bullseye] - chromium <end-of-life> (see #1061268)
 CVE-2024-39877 (Apache Airflow 2.4.0, and versions before 2.9.3, has a vulnerability t ...)
@@ -248,6 +320,7 @@ CVE-2024-39877 (Apache Airflow 2.4.0, and versions before 2.9.3, has a vulnerabi
 CVE-2024-39863 (Apache Airflow versions before 2.9.3 have a vulnerability that allows  ...)
 	- airflow <itp> (bug #819700)
 CVE-2024-2884 (Out of bounds read in V8 in Google Chrome prior to 121.0.6167.139 allo ...)
+	{DSA-5612-1}
 	- chromium 121.0.6167.139-1
 	[bullseye] - chromium <end-of-life> (see #1061268)
 CVE-2024-21687 (This High severity File Inclusion vulnerability was introduced in vers ...)
@@ -4545,11 +4618,11 @@ CVE-2024-0153 (Improper Restriction of Operations within the Bounds of a Memory
 	TODO: check
 CVE-2023-43554 (Memory corruption while processing IOCTL handler in FastRPC.)
 	NOT-FOR-US: Qualcomm
-CVE-2024-40898
+CVE-2024-40898 (SSRF in Apache HTTP Server on Windows with mod_rewrite in server/vhost ...)
 	- apache2 <not-affected> (Windows specific)
 	NOTE: https://httpd.apache.org/security/vulnerabilities_24.html#CVE-2024-40898
 	NOTE: Fixed by https://github.com/apache/httpd/commit/9967bf49599f9be6eaaf9c5de5c84f15bb07df9f
-CVE-2024-40725
+CVE-2024-40725 (A partial fix for CVE-2024-39884 in the core of Apache HTTP Server 2.4 ...)
 	- apache2 2.4.62-1
 	[bookworm] - apache2 <no-dsa> (Minor issue; can be fixed in point release)
 	[bullseye] - apache2 <no-dsa> (Minor issue; can be fixed in point release)
@@ -32845,7 +32918,7 @@ CVE-2024-2201 [Native Branch History Injection]
 CVE-2024-31144 [Xapi: Metadata injection attack against backup/restore functionality]
 	- xen-api <removed>
 	NOTE: https://xenbits.xen.org/xsa/advisory-459.html
-CVE-2024-31143 [double unlock in x86 guest IRQ handling]
+CVE-2024-31143 (An optional feature of PCI MSI called "Multiple Message" allows a devi ...)
 	- xen <unfixed>
 	[bookworm] - xen <postponed> (Minor issue, fix along in next DSA)
 	[bullseye] - xen <end-of-life> (EOLed in Bullseye)



View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/3d86f0e477bf1402d1562e30989e6972b6f7925a

-- 
This project does not include diff previews in email notifications.
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/3d86f0e477bf1402d1562e30989e6972b6f7925a
You're receiving this email because of your account on salsa.debian.org.


-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://alioth-lists.debian.net/pipermail/debian-security-tracker-commits/attachments/20240718/ea12851f/attachment.htm>

More information about the debian-security-tracker-commits mailing list