[Git][security-tracker-team/security-tracker][master] automatic update

Salvatore Bonaccorso (@carnil) carnil at debian.org
Fri Jul 26 09:12:29 BST 2024 


Salvatore Bonaccorso pushed to branch master at Debian Security Tracker / security-tracker


Commits:
2ca57aaa by security tracker role at 2024-07-26T08:11:42+00:00
automatic update

- - - - -


1 changed file:

- data/CVE/list


Changes:

=====================================
data/CVE/list
=====================================
@@ -1,3 +1,45 @@
+CVE-2024-7120 (A vulnerability, which was classified as critical, was found in Raisec ...)
+	TODO: check
+CVE-2024-7119 (A vulnerability, which was classified as critical, has been found in M ...)
+	TODO: check
+CVE-2024-7118 (A vulnerability classified as critical was found in MD-MAFUJUL-HASAN O ...)
+	TODO: check
+CVE-2024-7117 (A vulnerability classified as critical has been found in MD-MAFUJUL-HA ...)
+	TODO: check
+CVE-2024-7116 (A vulnerability was found in MD-MAFUJUL-HASAN Online-Payroll-Managemen ...)
+	TODO: check
+CVE-2024-7115 (A vulnerability was found in MD-MAFUJUL-HASAN Online-Payroll-Managemen ...)
+	TODO: check
+CVE-2024-7114 (A vulnerability was found in Tianchoy Blog up to 1.8.8. It has been cl ...)
+	TODO: check
+CVE-2024-7106 (A vulnerability classified as problematic was found in Spina CMS 2.18. ...)
+	TODO: check
+CVE-2024-7105 (A vulnerability classified as critical has been found in ForIP Tecnolo ...)
+	TODO: check
+CVE-2024-6490 (During testing of the Master Slider  WordPress plugin through 3.9.10,  ...)
+	TODO: check
+CVE-2024-4447 (In the System \u2192 Maintenance tool, the Logged Users tab surfaces s ...)
+	TODO: check
+CVE-2024-41809 (OpenObserve is an open-source observability platform. Starting in vers ...)
+	TODO: check
+CVE-2024-41808 (The OpenObserve open-source observability platform provides the abilit ...)
+	TODO: check
+CVE-2024-41473 (Tenda FH1201 v1.2.0.14 was discovered to contain a command injection v ...)
+	TODO: check
+CVE-2024-41468 (Tenda FH1201 v1.2.0.14 was discovered to contain a command injection v ...)
+	TODO: check
+CVE-2024-40897 (Stack-based buffer overflow vulnerability exists in orcparse.c of ORC  ...)
+	TODO: check
+CVE-2024-3938 (The "reset password" login page accepted an HTML injection via URL par ...)
+	TODO: check
+CVE-2024-38103 (Microsoft Edge (Chromium-based) Information Disclosure Vulnerability)
+	TODO: check
+CVE-2024-24623 (Softaculous Webuzo contains a command injection vulnerability in the F ...)
+	TODO: check
+CVE-2024-24622 (Softaculous Webuzo contains a command injection in the password reset  ...)
+	TODO: check
+CVE-2024-24621 (Softaculous Webuzo contains an authentication bypass vulnerability thr ...)
+	TODO: check
 CVE-2024-35296 [Invalid Accept-Encoding can force forwarding requests]
 	- trafficserver <unfixed> (bug #1077141)
 	NOTE: https://www.openwall.com/lists/oss-security/2024/07/25/1
@@ -316,6 +358,7 @@ CVE-2024-4080 (A memory corruption issue due to an improper length check in LabV
 CVE-2024-4079 (An out of bounds read due to a missing bounds check in LabVIEW may dis ...)
 	NOT-FOR-US: NI LabVIEW
 CVE-2024-4076 (Client queries that trigger serving stale data and that also require l ...)
+	{DSA-5734-1}
 	- bind9 1:9.20.0-1
 	NOTE: https://kb.isc.org/docs/cve-2024-4076
 CVE-2024-41839 (Adobe Experience Manager versions 6.5.20 and earlier are affected by a ...)
@@ -347,9 +390,11 @@ CVE-2024-34128 (Adobe Experience Manager versions 6.5.20 and earlier are affecte
 CVE-2024-29070 (On versions before 2.1.4,session is not invalidated after logout. When ...)
 	NOT-FOR-US: Apache StreamPark
 CVE-2024-1975 (If a server hosts a zone containing a "KEY" Resource Record, or a reso ...)
+	{DSA-5734-1}
 	- bind9 1:9.20.0-1
 	NOTE: https://kb.isc.org/docs/cve-2024-1975
 CVE-2024-1737 (Resolver caches and authoritative zone databases that hold significant ...)
+	{DSA-5734-1}
 	- bind9 1:9.20.0-1
 	NOTE: https://kb.isc.org/docs/cve-2024-1737
 	NOTE: RRset limits in zones: https://kb.isc.org/docs/rrset-limits-in-zones
@@ -3531,7 +3576,7 @@ CVE-2024-39071 (Fujian Kelixun <=7.6.6.4391 is vulnerable to SQL Injection in se
 	NOT-FOR-US: Fujian Kelixun
 CVE-2024-39069 (An issue in ifood Order Manager v3.35.5 'Gestor de Peddios.exe' allows ...)
 	NOT-FOR-US: ifood Order Manager
-CVE-2024-39031 (In Silverpeas Core <= 6.3.5, inside of mes agendas a user can create a ...)
+CVE-2024-39031 (In Silverpeas Core <= 6.3.5, in Mes Agendas, a user can create new eve ...)
 	NOT-FOR-US: Silverpeas Core
 CVE-2024-38963 (Nopcommerce 4.70.1 is vulnerable to Cross Site Scripting (XSS) via the ...)
 	NOT-FOR-US: Nopcommerce
@@ -62077,7 +62122,7 @@ CVE-2023-6710 (A flaw was found in the mod_proxy_cluster in the Apache server. T
 CVE-2023-5379 (A flaw was found in Undertow. When an AJP request is sent that exceeds ...)
 	- undertow <unfixed> (bug #1059055)
 	NOTE: https://bugzilla.redhat.com/show_bug.cgi?id=2242099
-CVE-2023-49921
+CVE-2023-49921 (An issue was discovered by Elastic whereby Watcher search input logged ...)
 	- elasticsearch <removed>
 CVE-2023-6687 (An issue was discovered by Elastic whereby Elastic Agent would log a r ...)
 	NOT-FOR-US: Elastic whereby Elastic Agent



View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/2ca57aaa8a452947b8a51e2c762fdd3dbe8692b7

-- 
This project does not include diff previews in email notifications.
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/2ca57aaa8a452947b8a51e2c762fdd3dbe8692b7
You're receiving this email because of your account on salsa.debian.org.


-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://alioth-lists.debian.net/pipermail/debian-security-tracker-commits/attachments/20240726/fe060d50/attachment.htm>

More information about the debian-security-tracker-commits mailing list