[Git][security-tracker-team/security-tracker][master] automatic update
Salvatore Bonaccorso (@carnil)
carnil at debian.org
Mon Jun 3 21:12:31 BST 2024
Salvatore Bonaccorso pushed to branch master at Debian Security Tracker / security-tracker
Commits:
df08a2d1 by security tracker role at 2024-06-03T20:12:16+00:00
automatic update
- - - - -
1 changed file:
- data/CVE/list
Changes:
=====================================
data/CVE/list
=====================================
@@ -1,3 +1,143 @@
+CVE-2024-5404 (An unauthenticated remote attackercan change the admin password in amo ...)
+ TODO: check
+CVE-2024-5388
+ REJECTED
+CVE-2024-5387
+ REJECTED
+CVE-2024-5214
+ REJECTED
+CVE-2024-5197 (There exists interger overflows in libvpx in versions prior to 1.14.1. ...)
+ TODO: check
+CVE-2024-4540 (A flaw was found in Keycloak in OAuth 2.0 Pushed Authorization Request ...)
+ TODO: check
+CVE-2024-4332 (An authentication bypass vulnerability has been identified in the REST ...)
+ TODO: check
+CVE-2024-3829 (qdrant/qdrant version 1.9.0-dev is vulnerable to arbitrary file read a ...)
+ TODO: check
+CVE-2024-37019 (Northern.tech Mender Enterprise before 3.6.4 and 3.7.x before 3.7.4 ha ...)
+ TODO: check
+CVE-2024-36783 (TOTOLINK LR350 V9.3.5u.6369_B20220309 was discovered to contain a comm ...)
+ TODO: check
+CVE-2024-36729 (TRENDnet TEW-827DRU devices through 2.06B04 contain a stack-based buff ...)
+ TODO: check
+CVE-2024-36728 (TRENDnet TEW-827DRU devices through 2.06B04 contain a stack-based buff ...)
+ TODO: check
+CVE-2024-36674 (LyLme_spage v1.9.5 is vulnerable to Cross Site Scripting (XSS) via adm ...)
+ TODO: check
+CVE-2024-36569 (Sourcecodester Gas Agency Management System v1.0 is vulnerable to arbi ...)
+ TODO: check
+CVE-2024-36568 (Sourcecodester Gas Agency Management System v1.0 is vulnerable to SQL ...)
+ TODO: check
+CVE-2024-36128 (Directus is a real-time API and App dashboard for managing SQL databas ...)
+ TODO: check
+CVE-2024-36127 (apko is an apk-based OCI image builder. apko exposures HTTP basic auth ...)
+ TODO: check
+CVE-2024-36124 (iq80 Snappy is a compression/decompression library. When uncompressing ...)
+ TODO: check
+CVE-2024-36123 (Citizen is a MediaWiki skin that makes extensions part of the cohesive ...)
+ TODO: check
+CVE-2024-35639 (Improper Neutralization of Input During Web Page Generation (XSS or 'C ...)
+ TODO: check
+CVE-2024-35638 (Cross-Site Request Forgery (CSRF) vulnerability in JumpDEMAND Inc. Act ...)
+ TODO: check
+CVE-2024-35637 (Server-Side Request Forgery (SSRF) vulnerability in Church Admin.This ...)
+ TODO: check
+CVE-2024-35635 (Server-Side Request Forgery (SSRF) vulnerability in WPManageNinja LLC ...)
+ TODO: check
+CVE-2024-35633 (Server-Side Request Forgery (SSRF) vulnerability in CreativeThemes Blo ...)
+ TODO: check
+CVE-2024-35632 (Cross-Site Request Forgery (CSRF) vulnerability in CRM Perks. Integrat ...)
+ TODO: check
+CVE-2024-35631 (Improper Neutralization of Input During Web Page Generation (XSS or 'C ...)
+ TODO: check
+CVE-2024-35630 (Improper Neutralization of Special Elements used in an SQL Command ('S ...)
+ TODO: check
+CVE-2024-34987 (A SQL Injection vulnerability exists in the `ofrs/admin/index.php` scr ...)
+ TODO: check
+CVE-2024-34803 (Missing Authorization vulnerability in Fastly.This issue affects Fastl ...)
+ TODO: check
+CVE-2024-34801 (Improper Neutralization of Input During Web Page Generation (XSS or 'C ...)
+ TODO: check
+CVE-2024-34798 (Insertion of Sensitive Information into Log File vulnerability in Lukm ...)
+ TODO: check
+CVE-2024-34797 (Improper Neutralization of Input During Web Page Generation (XSS or 'C ...)
+ TODO: check
+CVE-2024-34796 (Improper Neutralization of Input During Web Page Generation (XSS or 'C ...)
+ TODO: check
+CVE-2024-34795 (Improper Neutralization of Input During Web Page Generation (XSS or 'C ...)
+ TODO: check
+CVE-2024-34794 (Improper Neutralization of Input During Web Page Generation (XSS or 'C ...)
+ TODO: check
+CVE-2024-34793 (Improper Neutralization of Input During Web Page Generation (XSS or 'C ...)
+ TODO: check
+CVE-2024-34791 (Improper Neutralization of Input During Web Page Generation (XSS or 'C ...)
+ TODO: check
+CVE-2024-34790 (Improper Neutralization of Input During Web Page Generation (XSS or 'C ...)
+ TODO: check
+CVE-2024-34789 (Improper Neutralization of Input During Web Page Generation (XSS or 'C ...)
+ TODO: check
+CVE-2024-34770 (Improper Neutralization of Input During Web Page Generation (XSS or 'C ...)
+ TODO: check
+CVE-2024-34769 (Improper Neutralization of Input During Web Page Generation (XSS or 'C ...)
+ TODO: check
+CVE-2024-34767 (Improper Neutralization of Input During Web Page Generation (XSS or 'C ...)
+ TODO: check
+CVE-2024-34766 (Improper Neutralization of Input During Web Page Generation (XSS or 'C ...)
+ TODO: check
+CVE-2024-34764 (Improper Neutralization of Input During Web Page Generation (XSS or 'C ...)
+ TODO: check
+CVE-2024-34754 (Exposure of Sensitive Information to an Unauthorized Actor vulnerabili ...)
+ TODO: check
+CVE-2024-34385 (Improper Neutralization of Input During Web Page Generation (XSS or 'C ...)
+ TODO: check
+CVE-2024-34051 (A Reflected Cross-site scripting (XSS) vulnerability located in htdocs ...)
+ TODO: check
+CVE-2024-32983 (Misskey is an open source, decentralized microblogging platform. Missk ...)
+ TODO: check
+CVE-2024-31684 (Incorrect access control in the fingerprint authentication mechanism o ...)
+ TODO: check
+CVE-2024-31682 (Incorrect access control in the fingerprint authentication mechanism o ...)
+ TODO: check
+CVE-2024-23670 (An improper authorization in Fortinet FortiWebManager version 7.2.0 an ...)
+ TODO: check
+CVE-2024-23668 (An improper authorization in Fortinet FortiWebManager version 7.2.0 an ...)
+ TODO: check
+CVE-2024-23667 (An improper authorization in Fortinet FortiWebManager version 7.2.0 an ...)
+ TODO: check
+CVE-2024-23665 (Multiple improper authorization vulnerabilities [CWE-285] in FortiWeb ...)
+ TODO: check
+CVE-2024-23664 (A URL redirection to untrusted site ('open redirect') in Fortinet Fort ...)
+ TODO: check
+CVE-2024-23363 (Transient DOS while processing an improperly formatted Fine Time Measu ...)
+ TODO: check
+CVE-2024-23360 (Memory corruption while creating a LPAC client as LPAC engine was allo ...)
+ TODO: check
+CVE-2024-21478 (transient DOS when setting up a fence callback to free a KGSL memory e ...)
+ TODO: check
+CVE-2024-0336 (Improper Access Control vulnerability in EMTA Grup PDKS allows Exploit ...)
+ TODO: check
+CVE-2023-52162 (Mercusys MW325R EU V3 (Firmware MW325R(EU)_V3_1.11.0 Build 221019) is ...)
+ TODO: check
+CVE-2023-51219 (A deep link validation issue in KakaoTalk 10.4.3 allowed a remote adve ...)
+ TODO: check
+CVE-2023-43556 (Memory corruption in Hypervisor when platform information mentioned is ...)
+ TODO: check
+CVE-2023-43555 (Information disclosure in Video while parsing mp2 clip with invalid se ...)
+ TODO: check
+CVE-2023-43551 (Cryptographic issue while performing attach with a LTE network, a rogu ...)
+ TODO: check
+CVE-2023-43545 (Memory corruption when more scan frequency list or channels are sent f ...)
+ TODO: check
+CVE-2023-43544 (Memory corruption when IPC callback handle is used after it has been r ...)
+ TODO: check
+CVE-2023-43543 (Memory corruption in Audio during a playback or a recording due to rac ...)
+ TODO: check
+CVE-2023-43542 (Memory corruption while copying a keyblob`s material when the key mate ...)
+ TODO: check
+CVE-2023-43538 (Memory corruption in TZ Secure OS while Tunnel Invoke Manager initiali ...)
+ TODO: check
+CVE-2023-43537 (Information disclosure while handling T2LM Action Frame in WLAN Host.)
+ TODO: check
CVE-2024-36104
NOT-FOR-US: Apache OFBiz
CVE-2024-5590 (A vulnerability was found in Netentsec NS-ASG Application Security Gat ...)
@@ -167904,8 +168044,8 @@ CVE-2022-1244 (heap-buffer-overflow in GitHub repository radareorg/radare2 prior
NOTE: https://github.com/radareorg/radare2/commit/2b77b277d67ce061ee6ef839e7139ebc2103c1e3
CVE-2022-1243 (CRHTLF can lead to invalid protocol extraction potentially leading to ...)
NOT-FOR-US: URI.js
-CVE-2022-1242
- RESERVED
+CVE-2022-1242 (Apport can be tricked into connecting to arbitrary sockets as the root ...)
+ TODO: check
CVE-2022-1241 (The Ask me WordPress theme before 6.8.2 does not properly sanitise and ...)
NOT-FOR-US: WordPress theme
CVE-2022-28796 (jbd2_journal_wait_updates in fs/jbd2/transaction.c in the Linux kernel ...)
@@ -179761,8 +179901,8 @@ CVE-2022-24700 (An issue was discovered in WinAPRS 2.9.0. A buffer overflow in D
NOT-FOR-US: WinAPRS
CVE-2022-0556 (A local privilege escalation vulnerability caused by incorrect permiss ...)
NOT-FOR-US: Zyxel
-CVE-2022-0555
- RESERVED
+CVE-2022-0555 (Subiquity Shows Guided Storage Passphrase in Plaintext with Read-all P ...)
+ TODO: check
CVE-2022-0554 (Use of Out-of-range Pointer Offset in GitHub repository vim/vim prior ...)
{DLA-3182-1 DLA-2947-1}
- vim 2:8.2.4659-1 (unimportant)
@@ -201599,8 +201739,8 @@ CVE-2021-42849 (A weak default password for the serial port was reported in some
NOT-FOR-US: Lenovo
CVE-2021-42848 (An information disclosure vulnerability was reported in some Lenovo Pe ...)
NOT-FOR-US: Lenovo
-CVE-2021-3899
- RESERVED
+CVE-2021-3899 (There is a race condition in the 'replaced executable' detection that, ...)
+ TODO: check
CVE-2021-3898 (Versions of Motorola Ready For and Motorola Device Help Android applic ...)
NOT-FOR-US: Lenovo
CVE-2021-3897 (An authentication bypass vulnerability was discovered in an internal s ...)
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/df08a2d1466031c14f2688d3ce8e45610b627f14
--
This project does not include diff previews in email notifications.
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/df08a2d1466031c14f2688d3ce8e45610b627f14
You're receiving this email because of your account on salsa.debian.org.
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://alioth-lists.debian.net/pipermail/debian-security-tracker-commits/attachments/20240603/dd93cabe/attachment-0001.htm>
More information about the debian-security-tracker-commits
mailing list