[Git][security-tracker-team/security-tracker][master] automatic update
Salvatore Bonaccorso (@carnil)
carnil at debian.org
Thu Jun 27 21:12:58 BST 2024
Salvatore Bonaccorso pushed to branch master at Debian Security Tracker / security-tracker
Commits:
088fde68 by security tracker role at 2024-06-27T20:12:32+00:00
automatic update
- - - - -
1 changed file:
- data/CVE/list
Changes:
=====================================
data/CVE/list
=====================================
@@ -1,10 +1,162 @@
+CVE-2024-6388 (Marco Trevisan discovered that the Ubuntu Advantage Desktop Daemon, be ...)
+ TODO: check
+CVE-2024-6374 (A vulnerability was found in lahirudanushka School Management System 1 ...)
+ TODO: check
+CVE-2024-6373 (A vulnerability has been found in itsourcecode Online Food Ordering Sy ...)
+ TODO: check
+CVE-2024-6372 (A vulnerability, which was classified as critical, was found in itsour ...)
+ TODO: check
+CVE-2024-6371 (A vulnerability, which was classified as critical, has been found in i ...)
+ TODO: check
+CVE-2024-6370 (A vulnerability classified as problematic was found in LabVantage LIMS ...)
+ TODO: check
+CVE-2024-6369 (A vulnerability classified as problematic has been found in LabVantage ...)
+ TODO: check
+CVE-2024-6368 (A vulnerability was found in LabVantage LIMS 2017. It has been rated a ...)
+ TODO: check
+CVE-2024-6367 (A vulnerability was found in LabVantage LIMS 2017. It has been declare ...)
+ TODO: check
+CVE-2024-6262 (The Portfolio Gallery \u2013 Image Gallery Plugin plugin for WordPress ...)
+ TODO: check
+CVE-2024-6250 (An absolute path traversal vulnerability exists in parisneo/lollms-web ...)
+ TODO: check
+CVE-2024-6139 (A path traversal vulnerability exists in the XTTS server of the parisn ...)
+ TODO: check
+CVE-2024-6127 (BC Security Empire before 5.9.3 is vulnerable to a path traversal issu ...)
+ TODO: check
+CVE-2024-6090 (A path traversal vulnerability exists in gaizhenbiao/chuanhuchatgpt ve ...)
+ TODO: check
+CVE-2024-6086 (In version 1.2.7 of lunary-ai/lunary, any authenticated user, regardle ...)
+ TODO: check
+CVE-2024-6085 (A path traversal vulnerability exists in the XTTS server included in t ...)
+ TODO: check
+CVE-2024-6038 (A Regular Expression Denial of Service (ReDoS) vulnerability exists in ...)
+ TODO: check
+CVE-2024-5980 (A vulnerability in the /v1/runs API endpoint of lightning-ai/pytorch-l ...)
+ TODO: check
+CVE-2024-5979 (In h2oai/h2o-3 version 3.46.0, the `run_tool` command in the `rapids` ...)
+ TODO: check
+CVE-2024-5936 (An open redirect vulnerability exists in imartinez/privategpt version ...)
+ TODO: check
+CVE-2024-5935 (A Cross-Site Request Forgery (CSRF) vulnerability in version 0.5.0 of ...)
+ TODO: check
+CVE-2024-5933 (A Cross-site Scripting (XSS) vulnerability exists in the chat function ...)
+ TODO: check
+CVE-2024-5885 (stangirard/quivr version 0.0.236 contains a Server-Side Request Forger ...)
+ TODO: check
+CVE-2024-5826 (In the latest version of vanna-ai/vanna, the `vanna.ask` function is v ...)
+ TODO: check
+CVE-2024-5824 (A path traversal vulnerability in the `/set_personality_config` endpoi ...)
+ TODO: check
+CVE-2024-5822 (A Server-Side Request Forgery (SSRF) vulnerability exists in the uploa ...)
+ TODO: check
+CVE-2024-5820 (Missing Authorization in stitionai/devika)
+ TODO: check
+CVE-2024-5755 (In lunary-ai/lunary versions <=v1.2.11, an attacker can bypass email v ...)
+ TODO: check
+CVE-2024-5751 (BerriAI/litellm version v1.35.8 contains a vulnerability where an atta ...)
+ TODO: check
+CVE-2024-5714 (In lunary-ai/lunary version 1.2.4, an improper access control vulnerab ...)
+ TODO: check
+CVE-2024-5710 (berriai/litellm version 1.34.34 is vulnerable to improper access contr ...)
+ TODO: check
+CVE-2024-5548 (Path Traversal in GitHub repository stitionai/devika prior to -.)
+ TODO: check
+CVE-2024-5547 (Relative Path Traversal in GitHub repository stitionai/devika prior to ...)
+ TODO: check
+CVE-2024-5334 (External Control of File Name or Path in GitHub repository stitionai/d ...)
+ TODO: check
+CVE-2024-4983 (The The Plus Addons for Elementor \u2013 Elementor Addons, Page Templa ...)
+ TODO: check
+CVE-2024-4578 (This Advisory describes an issue that impacts Arista Wireless Access P ...)
+ TODO: check
+CVE-2024-3331 (Vulnerability in Spotfire Spotfire Enterprise Runtime for R - Server E ...)
+ TODO: check
+CVE-2024-3330 (Vulnerability in Spotfire Spotfire Analyst, Spotfire Spotfire Server, ...)
+ TODO: check
+CVE-2024-3043 (An unauthenticated IEEE 802.15.4 'co-ordinator realignment' packet can ...)
+ TODO: check
+CVE-2024-3017 (In a Silicon Labsmulti-protocol gateway, a corrupt pointer to buffer ...)
+ TODO: check
+CVE-2024-39669 (In the Console in Soffid IAM before 3.5.39, necessary checks were not ...)
+ TODO: check
+CVE-2024-39376 (TELSAT marKoni FM Transmitters are vulnerable to users gaining unautho ...)
+ TODO: check
+CVE-2024-39375 (TELSAT marKoni FM Transmitters are vulnerable to an attacker bypassing ...)
+ TODO: check
+CVE-2024-39374 (TELSAT marKoni FM Transmitters are vulnerable to an attacker exploitin ...)
+ TODO: check
+CVE-2024-39373 (TELSAT marKoni FM Transmitters are vulnerable to a command injection v ...)
+ TODO: check
+CVE-2024-39208 (luci-app-lucky v2.8.3 was discovered to contain hardcoded credentials.)
+ TODO: check
+CVE-2024-39207 (lua-shmem v1.0-1 was discovered to contain a buffer overflow via the s ...)
+ TODO: check
+CVE-2024-39158 (idccms v1.35 was discovered to contain a Cross-Site Request Forgery (C ...)
+ TODO: check
+CVE-2024-39157 (idccms v1.35 was discovered to contain a Cross-Site Request Forgery (C ...)
+ TODO: check
+CVE-2024-39156 (idccms v1.35 was discovered to contain a Cross-Site Request Forgery (C ...)
+ TODO: check
+CVE-2024-39155 (idccms v1.35 was discovered to contain a Cross-Site Request Forgery (C ...)
+ TODO: check
+CVE-2024-39154 (idccms v1.35 was discovered to contain a Cross-Site Request Forgery (C ...)
+ TODO: check
+CVE-2024-39153 (idccms v1.35 was discovered to contain a Cross-Site Request Forgery (C ...)
+ TODO: check
+CVE-2024-39133 (Heap Buffer Overflow vulnerability in zziplib v0.13.77 allows attacker ...)
+ TODO: check
+CVE-2024-39130 (A NULL Pointer Dereference discovered in DumpTS v0.1.0-nightly allows ...)
+ TODO: check
+CVE-2024-39129 (Heap Buffer Overflow vulnerability in DumpTS v0.1.0-nightly allows att ...)
+ TODO: check
+CVE-2024-38523 (Hush Line is a free and open-source, anonymous-tip-line-as-a-service f ...)
+ TODO: check
+CVE-2024-38515
+ REJECTED
+CVE-2024-35260 (Microsoft Dataverse Remote Code Execution Vulnerability)
+ TODO: check
+CVE-2024-35153 (IBM WebSphere Application Server 8.5 and 9.0 is vulnerable to cross-si ...)
+ TODO: check
+CVE-2024-31916 (IBM OpenBMC FW1050.00 through FW1050.10 BMCWeb HTTPS server component ...)
+ TODO: check
+CVE-2024-31883 (IBM Security Verify Access 10.0.0.0 through 10.0.7.1, under certain co ...)
+ TODO: check
+CVE-2024-31802 (DESIGNA ABACUS v.18 and before allows an attacker to bypass the paymen ...)
+ TODO: check
+CVE-2024-2882 (SDG Technologies PnPSCADA allows a remote attacker to attach various e ...)
+ TODO: check
+CVE-2024-28820 (Buffer overflow in the extract_openvpn_cr function in openvpn-cr.c in ...)
+ TODO: check
+CVE-2024-24792 (Parsing a corrupt or malicious image with invalid color indices can ca ...)
+ TODO: check
+CVE-2024-1153 (Improper Access Control vulnerability in Talya Informatics Travel APPS ...)
+ TODO: check
+CVE-2024-1107 (Authorization Bypass Through User-Controlled Key vulnerability in Taly ...)
+ TODO: check
+CVE-2024-0949 (Improper Access Control, Missing Authorization, Incorrect Authorizatio ...)
+ TODO: check
+CVE-2024-0947 (Reliance on Cookies without Validation and Integrity Checking vulnerab ...)
+ TODO: check
+CVE-2023-7270 (An issue was discovered in SoftMaker Office 2024 / NX before revision ...)
+ TODO: check
+CVE-2023-42014 (IBM Sterling B2B Integrator Standard Edition 6.0.0.0 through 6.2.0.2 i ...)
+ TODO: check
+CVE-2023-42011 (IBM Sterling B2B Integrator Standard Edition 6.1 and 6.2 does not rest ...)
+ TODO: check
+CVE-2023-38371 (IBM Security Access Manager Docker 10.0.0.0 through 10.0.7.1 uses weak ...)
+ TODO: check
+CVE-2023-38370 (IBM Security Access Manager Docker 10.0.0.0 through 10.0.7.1, under ce ...)
+ TODO: check
+CVE-2023-38368 (IBM Security Access Manager Docker 10.0.0.0 through 10.0.7.1 could dis ...)
+ TODO: check
CVE-2024-37371
- krb5 1.21.3-1
NOTE: https://github.com/krb5/krb5/commit/55fbf435edbe2e92dd8101669b1ce7144bc96fef (krb5-1.21.3-final)
CVE-2024-37370
- krb5 1.21.3-1
NOTE: https://github.com/krb5/krb5/commit/55fbf435edbe2e92dd8101669b1ce7144bc96fef (krb5-1.21.3-final)
-CVE-2024-5535
+CVE-2024-5535 (Issue summary: Calling the OpenSSL API function SSL_select_next_proto ...)
- openssl <unfixed>
[bookworm] - openssl <postponed> (Minor issue, fix along with next update round)
[bullseye] - openssl <postponed> (Minor issue, fix along with next update round)
@@ -915,7 +1067,8 @@ CVE-2024-4313 (The Table Addons for Elementor plugin for WordPress is vulnerable
NOT-FOR-US: WordPress plugin
CVE-2024-3593 (The UberMenu plugin for WordPress is vulnerable to Cross-Site Request ...)
NOT-FOR-US: WordPress plugin
-CVE-2024-37694 (ArcGIS Enterprise Server 10.8.0 allows a remote attacker to obtain sen ...)
+CVE-2024-37694
+ REJECTED
NOT-FOR-US: ArcGIS Enterprise Server
CVE-2024-37654 (An issue in BAS-IP AV-01D, AV-01MD, AV-01MFD, AV-01ED, AV-01KD, AV-01B ...)
NOT-FOR-US: BAS-IP
@@ -7049,7 +7202,7 @@ CVE-2024-3200 (The wpForo Forum plugin for WordPress is vulnerable to SQL Inject
CVE-2024-35636 (Cross-Site Request Forgery (CSRF) vulnerability in Uploadcare Uploadca ...)
NOT-FOR-US: WordPress plugin
CVE-2024-36041 [ksmserver: Unauthorized users can access session manager]
- {DLA-3827-1}
+ {DSA-5723-1 DLA-3827-1}
- plasma-workspace 4:5.27.11.1-1
NOTE: https://kde.org/info/security/advisory-20240531-1.txt
NOTE: Fixed by: https://invent.kde.org/plasma/plasma-workspace/-/commit/da843d3fdb143ed44094c8e6246cfb8305f6f09f
@@ -65196,6 +65349,7 @@ CVE-2023-38552 (When the Node.js policy feature checks the integrity of a resour
NOTE: https://nodejs.org/en/blog/vulnerability/october-2023-security-releases#integrity-checks-according-to-policies-can-be-circumvented-medium---cve-2023-38552
NOTE: https://github.com/nodejs/node/commit/1c538938ccadfd35fbc699d8e85102736cd5945c
CVE-2023-36321 (Connected Vehicle Systems Alliance (COVESA) up to v2.18.8 was discover ...)
+ {DLA-3845-1}
- dlt-daemon 2.18.9-1
[bookworm] - dlt-daemon <no-dsa> (Minor issue)
[bullseye] - dlt-daemon <no-dsa> (Minor issue)
@@ -88042,10 +88196,10 @@ CVE-2023-31000
RESERVED
CVE-2023-30999 (IBM Security Access Manager Container (IBM Security Verify Access Appl ...)
NOT-FOR-US: IBM
-CVE-2023-30998
- RESERVED
-CVE-2023-30997
- RESERVED
+CVE-2023-30998 (IBM Security Access Manager Docker 10.0.0.0 through 10.0.7.1 could all ...)
+ TODO: check
+CVE-2023-30997 (IBM Security Access Manager Docker 10.0.0.0 through 10.0.7.1 could all ...)
+ TODO: check
CVE-2023-30996 (IBM Cognos Analytics 11.1.7, 11.2.4, and 12.0.0 could be vulnerable to ...)
NOT-FOR-US: IBM
CVE-2023-30995 (IBM Aspera Faspex 4.0 through 4.4.2 and 5.0 through 5.0.5 could allow ...)
@@ -90123,8 +90277,8 @@ CVE-2023-30432
RESERVED
CVE-2023-30431 (IBM Db2 for Linux, UNIX and Windows (includes Db2 Connect Server) 10.5 ...)
NOT-FOR-US: IBM
-CVE-2023-30430
- RESERVED
+CVE-2023-30430 (IBM Security Verify Access 10.0.0 through 10.0.7.1 could allow a local ...)
+ TODO: check
CVE-2015-10100 (A vulnerability, which was classified as critical, has been found in D ...)
NOT-FOR-US: WordPress plugin
CVE-2014-125098 (A vulnerability was found in Dart http_server up to 0.9.5 and classifi ...)
@@ -102668,6 +102822,7 @@ CVE-2023-26259
CVE-2023-26258 (Arcserve UDP through 9.0.6034 allows authentication bypass. The method ...)
NOT-FOR-US: Arcserve
CVE-2023-26257 (An issue was discovered in the Connected Vehicle Systems Alliance (COV ...)
+ {DLA-3845-1}
- dlt-daemon 2.18.9-1
[bookworm] - dlt-daemon <no-dsa> (Minor issue)
[bullseye] - dlt-daemon <no-dsa> (Minor issue)
@@ -143563,11 +143718,13 @@ CVE-2022-39839 (Cotonti Siena 0.9.20 allows admins to conduct stored XSS attacks
CVE-2022-39838 (Systematic FIX Adapter (ALFAFX) 2.4.0.25 13/09/2017 allows remote file ...)
NOT-FOR-US: Systematic FIX Adapter (ALFAFX)
CVE-2022-39837 (An issue was discovered in Connected Vehicle Systems Alliance (COVESA) ...)
+ {DLA-3845-1}
- dlt-daemon 2.18.9-1
[bookworm] - dlt-daemon <no-dsa> (Minor issue)
[bullseye] - dlt-daemon <no-dsa> (Minor issue)
NOTE: https://github.com/COVESA/dlt-daemon/commit/855e0017a980d2990c16f7dbf3b4983b48fac272 (v2.18.9-alpha)
CVE-2022-39836 (An issue was discovered in Connected Vehicle Systems Alliance (COVESA) ...)
+ {DLA-3845-1}
- dlt-daemon 2.18.9-1
[bookworm] - dlt-daemon <no-dsa> (Minor issue)
[bullseye] - dlt-daemon <no-dsa> (Minor issue)
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/088fde681fa77eb6638d2784c3d2e4b10bc6833f
--
This project does not include diff previews in email notifications.
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/088fde681fa77eb6638d2784c3d2e4b10bc6833f
You're receiving this email because of your account on salsa.debian.org.
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://alioth-lists.debian.net/pipermail/debian-security-tracker-commits/attachments/20240627/a6055af9/attachment-0001.htm>
More information about the debian-security-tracker-commits
mailing list