[Git][security-tracker-team/security-tracker][master] automatic update
Salvatore Bonaccorso (@carnil)
carnil at debian.org
Tue Jun 18 21:13:00 BST 2024
Salvatore Bonaccorso pushed to branch master at Debian Security Tracker / security-tracker
Commits:
cfed6309 by security tracker role at 2024-06-18T20:12:42+00:00
automatic update
- - - - -
1 changed file:
- data/CVE/list
Changes:
=====================================
data/CVE/list
=====================================
@@ -1,3 +1,73 @@
+CVE-2024-6116 (A vulnerability, which was classified as critical, has been found in i ...)
+ TODO: check
+CVE-2024-6115 (A vulnerability classified as critical was found in itsourcecode Simpl ...)
+ TODO: check
+CVE-2024-6114 (A vulnerability classified as critical has been found in itsourcecode ...)
+ TODO: check
+CVE-2024-6112 (A vulnerability classified as critical was found in itsourcecode Pool ...)
+ TODO: check
+CVE-2024-6111 (A vulnerability classified as critical has been found in itsourcecode ...)
+ TODO: check
+CVE-2024-6110 (A vulnerability was found in itsourcecode Magbanua Beach Resort Online ...)
+ TODO: check
+CVE-2024-6109 (A vulnerability was found in itsourcecode Tailoring Management System ...)
+ TODO: check
+CVE-2024-6108 (A vulnerability was found in Genexis Tilgin Home Gateway 322_AS0500-03 ...)
+ TODO: check
+CVE-2024-5967 (A vulnerability was found in Keycloak. The LDAP testing endpoint allow ...)
+ TODO: check
+CVE-2024-5953 (A denial of service vulnerability was found in the 389-ds-base LDAP se ...)
+ TODO: check
+CVE-2024-5899 (When Bazel Plugin in intellij imports a project (either using "import ...)
+ TODO: check
+CVE-2024-5750
+ REJECTED
+CVE-2024-5275 (A hard-coded password in the FileCatalyst TransferAgent can be found w ...)
+ TODO: check
+CVE-2024-38507 (In JetBrains Hub before 2024.2.34646 stored XSS via project descriptio ...)
+ TODO: check
+CVE-2024-38506 (In JetBrains YouTrack before 2024.2.34646 user without appropriate per ...)
+ TODO: check
+CVE-2024-38505 (In JetBrains YouTrack before 2024.2.34646 user access token was sent t ...)
+ TODO: check
+CVE-2024-38504 (In JetBrains YouTrack before 2024.2.34646 the Guest User Account was e ...)
+ TODO: check
+CVE-2024-38351 (Pocketbase is an open source web backend written in go. In affected ve ...)
+ TODO: check
+CVE-2024-38348 (CodeProjects Health Care hospital Management System v1.0 was discovere ...)
+ TODO: check
+CVE-2024-38347 (CodeProjects Health Care hospital Management System v1.0 was discovere ...)
+ TODO: check
+CVE-2024-38277 (A unique key should be generated for a user's QR login key and their a ...)
+ TODO: check
+CVE-2024-38276 (Incorrect CSRF token checks resulted in multiple CSRF risks.)
+ TODO: check
+CVE-2024-38275 (The cURL wrapper in Moodle retained the original request headers when ...)
+ TODO: check
+CVE-2024-38274 (Insufficient escaping of calendar event titles resulted in a stored XS ...)
+ TODO: check
+CVE-2024-38273 (Insufficient capability checks meant it was possible for users to gain ...)
+ TODO: check
+CVE-2024-37904 (Minder is an open source Software Supply Chain Security Platform. Mind ...)
+ TODO: check
+CVE-2024-37821 (An arbitrary file upload vulnerability in the Upload Template function ...)
+ TODO: check
+CVE-2024-37803 (Multiple stored cross-site scripting (XSS) vulnerabilities in CodeProj ...)
+ TODO: check
+CVE-2024-37802 (CodeProjects Health Care hospital Management System v1.0 was discovere ...)
+ TODO: check
+CVE-2024-37800 (CodeProjects Restaurant Reservation System v1.0 was discovered to cont ...)
+ TODO: check
+CVE-2024-37799 (CodeProjects Restaurant Reservation System v1.0 was discovered to cont ...)
+ TODO: check
+CVE-2024-37791 (DuxCMS3 v3.1.3 was discovered to contain a SQL injection vulnerability ...)
+ TODO: check
+CVE-2024-22002 (CORSAIR iCUE 5.9.105 with iCUE Murals on Windows allows unprivileged u ...)
+ TODO: check
+CVE-2024-21685 (This High severity Information Disclosure vulnerability was introduced ...)
+ TODO: check
+CVE-2023-47726 (IBM QRadar Suite Software 1.10.12.0 through 1.10.21.0 and IBM Cloud Pa ...)
+ TODO: check
CVE-2024-6103
- chromium <unfixed>
[bullseye] - chromium <end-of-life> (see #1061268)
@@ -14,20 +84,20 @@ CVE-2024-6100
- chromium <unfixed>
[bullseye] - chromium <end-of-life> (see #1061268)
[buster] - chromium <end-of-life> (see DSA 5046)
-CVE-2024-36977 [usb: dwc3: Wait unconditionally after issuing EndXfer command]
+CVE-2024-36977 (In the Linux kernel, the following vulnerability has been resolved: u ...)
- linux 6.8.11-1
[bullseye] - linux <not-affected> (Vulnerable code not present)
[buster] - linux <not-affected> (Vulnerable code not present)
NOTE: https://git.kernel.org/linus/1d26ba0944d398f88aaf997bda3544646cf21945 (6.10-rc1)
-CVE-2024-36976 [Revert "media: v4l2-ctrls: show all owned controls in log_status"]
+CVE-2024-36976 (In the Linux kernel, the following vulnerability has been resolved: R ...)
- linux <not-affected> (Vulnerable code not present)
NOTE: https://git.kernel.org/linus/eba63df7eb1f95df6bfb67722a35372b6994928d (6.10-rc1)
-CVE-2024-36975 [KEYS: trusted: Do not use WARN when encode fails]
+CVE-2024-36975 (In the Linux kernel, the following vulnerability has been resolved: K ...)
- linux 6.8.11-1
[bullseye] - linux <not-affected> (Vulnerable code not present)
[buster] - linux <not-affected> (Vulnerable code not present)
NOTE: https://git.kernel.org/linus/050bf3c793a07f96bd1e2fd62e1447f731ed733b (6.10-rc1)
-CVE-2024-36974 [net/sched: taprio: always validate TCA_TAPRIO_ATTR_PRIOMAP]
+CVE-2024-36974 (In the Linux kernel, the following vulnerability has been resolved: n ...)
- linux <unfixed>
[buster] - linux <not-affected> (Vulnerable code not present)
NOTE: https://git.kernel.org/linus/f921a58ae20852d188f70842431ce6519c4fdc36 (6.10-rc3)
@@ -239,7 +309,7 @@ CVE-2024-0397 (A defect was discovered in the Python \u201cssl\u201d module wher
NOTE: https://github.com/python/cpython/commit/542f3272f56f31ed04e74c40635a913fbc12d286 (v3.12.3)
NOTE: https://github.com/python/cpython/commit/01c37f1d0714f5822d34063ca7180b595abf589d (v3.11.9)
NOTE: https://github.com/python/cpython/commit/b228655c227b2ca298a8ffac44d14ce3d22f6faa (3.9-branch)
-CVE-2018-25103 (There exists a use-after-free-vulnerability in lighttpd <= 1.4.50 that ...)
+CVE-2018-25103 (There exists use-after-free vulnerabilities in lighttpd <= 1.4.50 requ ...)
TODO: check
CVE-2024-36973 (In the Linux kernel, the following vulnerability has been resolved: m ...)
- linux <unfixed>
@@ -250,7 +320,8 @@ CVE-2024-6048 (Openfind's MailGates and MailAudit fail to properly filter user i
NOT-FOR-US: Openfind's MailGates and MailAudit
CVE-2024-6047 (Certain EOL GeoVision devices fail to properly filter user input for t ...)
NOT-FOR-US: GeoVision devices
-CVE-2024-6046 (SECOM WRTR-304GN-304TW-UPSC V02(unsupported-when-assigned) does not pr ...)
+CVE-2024-6046
+ REJECTED
NOT-FOR-US: SECOM WRTR-304GN-304TW-UPSC
CVE-2024-6045 (Certain models of D-Link wireless routers contain an undisclosed facto ...)
NOT-FOR-US: D-Link
@@ -3076,11 +3147,11 @@ CVE-2024-37385 (Roundcube Webmail before 1.5.7 and 1.6.x before 1.6.7 on Windows
- roundcube <not-affected> (Windows-specific)
NOTE: https://github.com/roundcube/roundcubemail/commit/5ea9f37ce39374b6124586c0590fec7015d35d7f
CVE-2024-37384 (Roundcube Webmail before 1.5.7 and 1.6.x before 1.6.7 allows XSS via l ...)
- {DLA-3835-1}
+ {DSA-5714-1 DLA-3835-1}
- roundcube 1.6.7+dfsg-1 (bug #1071474)
NOTE: https://github.com/roundcube/roundcubemail/commit/9ca8aa6680c579132e0d1fa59447df8d524ec91c
CVE-2024-37383 (Roundcube Webmail before 1.5.7 and 1.6.x before 1.6.7 allows XSS via S ...)
- {DLA-3835-1}
+ {DSA-5714-1 DLA-3835-1}
- roundcube 1.6.7+dfsg-1 (bug #1071474)
NOTE: https://github.com/roundcube/roundcubemail/commit/ba252dc5e2946506cb8d0b50b2b7bf95ab51876f
CVE-2024-36823 (The encrypt() function of Ninja Core v7.0.0 was discovered to use a we ...)
@@ -23897,7 +23968,7 @@ CVE-2024-0159 (Dell Alienware Command Center, versions 5.5.52.0 and prior, conta
NOT-FOR-US: Dell
CVE-2023-6385 (The WordPress Ping Optimizer WordPress plugin through 2.35.1.3.0 does ...)
NOT-FOR-US: WordPress plugin
-CVE-2023-6236 (A flaw was found in JBoss EAP. When an OIDC app that serves multiple t ...)
+CVE-2023-6236 (A flaw was found in Red Hat Enterprise Application Platform 8. When an ...)
NOT-FOR-US: JBoss EAP
CVE-2023-50347 (HCL DRYiCE MyXalytics is impacted by an insecure SQL interface vulnera ...)
NOT-FOR-US: HCL
@@ -187498,8 +187569,8 @@ CVE-2022-23831 (Insufficient validation of the IOCTL input buffer in AMD \u03bcP
NOT-FOR-US: AMD
CVE-2022-23830 (SMM configuration may not be immutable, as intended, when SNP is enabl ...)
NOT-FOR-US: AMD
-CVE-2022-23829
- RESERVED
+CVE-2022-23829 (A potential weakness in AMD SPI protection features may allow a malici ...)
+ TODO: check
CVE-2022-23828
RESERVED
CVE-2022-23827
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/cfed630977e9a357b4a56c806937c7bc329694a1
--
This project does not include diff previews in email notifications.
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/cfed630977e9a357b4a56c806937c7bc329694a1
You're receiving this email because of your account on salsa.debian.org.
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://alioth-lists.debian.net/pipermail/debian-security-tracker-commits/attachments/20240618/9e77cc7a/attachment.htm>
More information about the debian-security-tracker-commits
mailing list