[Git][security-tracker-team/security-tracker][master] automatic update
Salvatore Bonaccorso (@carnil)
carnil at debian.org
Wed Jul 31 21:13:07 BST 2024
Salvatore Bonaccorso pushed to branch master at Debian Security Tracker / security-tracker
Commits:
86bd4ad9 by security tracker role at 2024-07-31T20:12:35+00:00
automatic update
- - - - -
1 changed file:
- data/CVE/list
Changes:
=====================================
data/CVE/list
=====================================
@@ -1,3 +1,101 @@
+CVE-2024-7340 (The Weave server API allows remote users to fetch files from a specifi ...)
+ TODO: check
+CVE-2024-7325 (A vulnerability was found in IObit Driver Booster 11.0.0.0. It has bee ...)
+ TODO: check
+CVE-2024-7324 (A vulnerability was found in IObit iTop Data Recovery Pro 4.4.0.687. I ...)
+ TODO: check
+CVE-2024-7321 (A vulnerability classified as problematic was found in itsourcecode On ...)
+ TODO: check
+CVE-2024-7320 (A vulnerability classified as critical has been found in itsourcecode ...)
+ TODO: check
+CVE-2024-7311 (A vulnerability was found in code-projects Online Bus Reservation Site ...)
+ TODO: check
+CVE-2024-7310 (A vulnerability was found in SourceCodester Record Management System 1 ...)
+ TODO: check
+CVE-2024-7309 (A vulnerability was found in SourceCodester Record Management System 1 ...)
+ TODO: check
+CVE-2024-7308 (A vulnerability was found in SourceCodester Establishment Billing Mana ...)
+ TODO: check
+CVE-2024-7307 (A vulnerability has been found in SourceCodester Establishment Billing ...)
+ TODO: check
+CVE-2024-7135 (The Tainacan plugin for WordPress is vulnerable to unauthorized access ...)
+ TODO: check
+CVE-2024-6978 (Cato Networks Windows SDP Client Local root certificates can be instal ...)
+ TODO: check
+CVE-2024-6977 (A vulnerability in Cato Networks SDP Client on Windows allows the inse ...)
+ TODO: check
+CVE-2024-6975 (Cato Networks Windows SDP Client Local Privilege Escalation via openss ...)
+ TODO: check
+CVE-2024-6974 (Cato Networks Windows SDP Client Local Privilege Escalation via self-u ...)
+ TODO: check
+CVE-2024-6973 (Remote Code Execution in Cato Windows SDP client via crafted URLs. Thi ...)
+ TODO: check
+CVE-2024-6725 (The Formidable Forms \u2013 Contact Form Plugin, Survey, Quiz, Payment ...)
+ TODO: check
+CVE-2024-6208 (The Download Manager plugin for WordPress is vulnerable to Stored Cros ...)
+ TODO: check
+CVE-2024-41955 (Mobile Security Framework (MobSF) is a security research platform for ...)
+ TODO: check
+CVE-2024-41954 (FOG is a cloning/imaging/rescue suite/inventory management system. The ...)
+ TODO: check
+CVE-2024-41953 (Zitadel is an open source identity management system. ZITADEL uses HTM ...)
+ TODO: check
+CVE-2024-41952 (Zitadel is an open source identity management system. ZITADEL administ ...)
+ TODO: check
+CVE-2024-41951 (Pheonix App is a Python application designed to streamline various tas ...)
+ TODO: check
+CVE-2024-41950 (Haystack is an end-to-end LLM framework that allows you to build appli ...)
+ TODO: check
+CVE-2024-41947 (XWiki Platform is a generic wiki platform offering runtime services fo ...)
+ TODO: check
+CVE-2024-41660 (slpd-lite is a unicast SLP UDP server. Any OpenBMC system that include ...)
+ TODO: check
+CVE-2024-41630 (Stack-based buffer overflow vulnerability in Tenda AC18 V15.03.3.10_EN ...)
+ TODO: check
+CVE-2024-41108 (FOG is a free open-source cloning/imaging/rescue suite/inventory manag ...)
+ TODO: check
+CVE-2024-40645 (FOG is a cloning/imaging/rescue suite/inventory management system. An ...)
+ TODO: check
+CVE-2024-3083 (A \u201cCWE-352: Cross-Site Request Forgery (CSRF)\u201d can be exploi ...)
+ TODO: check
+CVE-2024-3082 (A \u201cCWE-256: Plaintext Storage of a Password\u201d affecting the a ...)
+ TODO: check
+CVE-2024-39694 (Duende IdentityServer is an OpenID Connect and OAuth 2.x framework for ...)
+ TODO: check
+CVE-2024-39379 (Acrobat for Edge versions 126.0.2592.81 and earlier are affected by an ...)
+ TODO: check
+CVE-2024-39318 (The Ibexa Admin UI Bundle contains all the necessary parts to run the ...)
+ TODO: check
+CVE-2024-37901 (XWiki Platform is a generic wiki platform offering runtime services fo ...)
+ TODO: check
+CVE-2024-37900 (XWiki Platform is a generic wiki platform offering runtime services fo ...)
+ TODO: check
+CVE-2024-37898 (XWiki Platform is a generic wiki platform offering runtime services fo ...)
+ TODO: check
+CVE-2024-37142 (Dell Peripheral Manager, versions prior to 1.7.6, contain an uncontrol ...)
+ TODO: check
+CVE-2024-37135 (DM5500 5.16.0.0, contains an information disclosure vulnerability. A l ...)
+ TODO: check
+CVE-2024-37129 (Dell Inventory Collector, versions prior to 12.3.0.6 contains a Path T ...)
+ TODO: check
+CVE-2024-37127 (Dell Peripheral Manager, versions prior to 1.7.6, contain an uncontrol ...)
+ TODO: check
+CVE-2024-32857 (Dell Peripheral Manager, versions prior to 1.7.6, contain an uncontrol ...)
+ TODO: check
+CVE-2024-31203 (A \u201cCWE-121: Stack-based Buffer Overflow\u201d in the wd210std.dll ...)
+ TODO: check
+CVE-2024-31202 (A \u201cCWE-732: Incorrect Permission Assignment for Critical Resource ...)
+ TODO: check
+CVE-2024-31201 (A \u201cCWE-428: Unquoted Search Path or Element\u201d affects the The ...)
+ TODO: check
+CVE-2024-31200 (A \u201cCWE-201: Insertion of Sensitive Information Into Sent Data\u20 ...)
+ TODO: check
+CVE-2024-31199 (A \u201cCWE-79: Improper Neutralization of Input During Web Page Gener ...)
+ TODO: check
+CVE-2024-2508 (The WP Mobile Menu plugin for WordPress is vulnerable to unauthorized ...)
+ TODO: check
+CVE-2024-23444 (It was discovered by Elastic engineering that when elasticsearch-certu ...)
+ TODO: check
CVE-2024-7306 (A vulnerability, which was classified as critical, was found in Source ...)
NOT-FOR-US: SourceCodester Establishment Billing Management System
CVE-2024-7303 (A vulnerability was found in itsourcecode Online Blood Bank Management ...)
@@ -82,7 +180,7 @@ CVE-2024-38983 (Prototype Pollution in alykoshin mini-deep-assign v0.0.8 allows
TODO: check
CVE-2024-37281 (An issue was discovered in Kibana where a user with Viewer role could ...)
- kibana <itp> (bug #700337)
-CVE-2024-7264
+CVE-2024-7264 (libcurl's ASN1 parser code has the `GTime2str()` function, used for pa ...)
- curl 8.9.1-1 (bug #1077656)
NOTE: https://curl.se/docs/CVE-2024-7264.html
NOTE: Introduced by: https://github.com/curl/curl/commit/3a24cb7bc456366cbc3a03f7ab6d2576105a1f2d (curl-7_32_0)
@@ -1790,60 +1888,79 @@ CVE-2024-41090 (In the Linux kernel, the following vulnerability has been resolv
- linux 6.9.12-1
NOTE: https://git.kernel.org/linus/ed7f2afdd0e043a397677e597ced0830b83ba0b3
CVE-2024-6993
+ {DSA-5735-1}
- chromium 127.0.6533.88-1
[bullseye] - chromium <end-of-life> (see #1061268)
CVE-2024-6992
+ {DSA-5735-1}
- chromium 127.0.6533.88-1
[bullseye] - chromium <end-of-life> (see #1061268)
CVE-2024-6990
+ {DSA-5735-1}
- chromium 127.0.6533.88-1
[bullseye] - chromium <end-of-life> (see #1061268)
CVE-2024-7255
+ {DSA-5735-1}
- chromium 127.0.6533.88-1
[bullseye] - chromium <end-of-life> (see #1061268)
CVE-2024-7256
+ {DSA-5735-1}
- chromium 127.0.6533.88-1
[bullseye] - chromium <end-of-life> (see #1061268)
CVE-2024-7005
+ {DSA-5735-1}
- chromium 127.0.6533.88-1
[bullseye] - chromium <end-of-life> (see #1061268)
CVE-2024-7004
+ {DSA-5735-1}
- chromium 127.0.6533.88-1
[bullseye] - chromium <end-of-life> (see #1061268)
CVE-2024-7003
+ {DSA-5735-1}
- chromium 127.0.6533.88-1
[bullseye] - chromium <end-of-life> (see #1061268)
CVE-2024-7001
+ {DSA-5735-1}
- chromium 127.0.6533.88-1
[bullseye] - chromium <end-of-life> (see #1061268)
CVE-2024-7000
+ {DSA-5735-1}
- chromium 127.0.6533.88-1
[bullseye] - chromium <end-of-life> (see #1061268)
CVE-2024-6999
+ {DSA-5735-1}
- chromium 127.0.6533.88-1
[bullseye] - chromium <end-of-life> (see #1061268)
CVE-2024-6998
+ {DSA-5735-1}
- chromium 127.0.6533.88-1
[bullseye] - chromium <end-of-life> (see #1061268)
CVE-2024-6997
+ {DSA-5735-1}
- chromium 127.0.6533.88-1
[bullseye] - chromium <end-of-life> (see #1061268)
CVE-2024-6996
+ {DSA-5735-1}
- chromium 127.0.6533.88-1
[bullseye] - chromium <end-of-life> (see #1061268)
CVE-2024-6995
+ {DSA-5735-1}
- chromium 127.0.6533.88-1
[bullseye] - chromium <end-of-life> (see #1061268)
CVE-2024-6994
+ {DSA-5735-1}
- chromium 127.0.6533.88-1
[bullseye] - chromium <end-of-life> (see #1061268)
CVE-2024-6991
+ {DSA-5735-1}
- chromium 127.0.6533.88-1
[bullseye] - chromium <end-of-life> (see #1061268)
CVE-2024-6989
+ {DSA-5735-1}
- chromium 127.0.6533.88-1
[bullseye] - chromium <end-of-life> (see #1061268)
CVE-2024-6988
+ {DSA-5735-1}
- chromium 127.0.6533.88-1
[bullseye] - chromium <end-of-life> (see #1061268)
CVE-2024-7080 (A vulnerability was found in SourceCodester Insurance Management Syste ...)
@@ -2371,7 +2488,7 @@ CVE-2024-41704 (LibreChat through 0.7.4-rc1 does not validate the normalized pat
NOT-FOR-US: LibreChat
CVE-2024-41703 (LibreChat through 0.7.4-rc1 has incorrect access control for message u ...)
NOT-FOR-US: LibreChat
-CVE-2024-40430 (In SFTPGO 2.6.2, the JWT implementation lacks cerrtain security measur ...)
+CVE-2024-40430 (In SFTPGO 2.6.2, the JWT implementation lacks certain security measure ...)
- sftpgo <itp> (bug #1050829)
CVE-2024-38786 (Improper Neutralization of Input During Web Page Generation (XSS or 'C ...)
NOT-FOR-US: WordPress plugin
@@ -105503,8 +105620,8 @@ CVE-2023-28151 (An issue was discovered in Independentsoft JSpreadsheet before 1
NOT-FOR-US: Independentsoft JSpreadsheet
CVE-2023-28150 (An issue was discovered in Independentsoft JODF before 1.1.110. The AP ...)
NOT-FOR-US: Independentsoft
-CVE-2023-28149
- RESERVED
+CVE-2023-28149 (An issue was discovered in the IhisiServiceSmm module in Insyde Insyde ...)
+ TODO: check
CVE-2023-28148
RESERVED
CVE-2023-28147 (An issue was discovered in the Arm Mali GPU Kernel Driver. A non-privi ...)
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/86bd4ad9a9771c81e0583bd012282adf55733254
--
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/86bd4ad9a9771c81e0583bd012282adf55733254
You're receiving this email because of your account on salsa.debian.org.
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://alioth-lists.debian.net/pipermail/debian-security-tracker-commits/attachments/20240731/e9ceb099/attachment-0001.htm>
More information about the debian-security-tracker-commits
mailing list