[Git][security-tracker-team/security-tracker][master] automatic update
Salvatore Bonaccorso (@carnil)
carnil at debian.org
Thu Mar 28 20:50:41 GMT 2024
Salvatore Bonaccorso pushed to branch master at Debian Security Tracker / security-tracker
Commits:
5439ffb8 by security tracker role at 2024-03-28T20:12:26+00:00
automatic update
- - - - -
1 changed file:
- data/CVE/list
Changes:
=====================================
data/CVE/list
=====================================
@@ -1,3 +1,169 @@
+CVE-2024-3042 (A vulnerability was found in SourceCodester Simple Subscription Websit ...)
+ TODO: check
+CVE-2024-3041 (A vulnerability has been found in Netentsec NS-ASG Application Securit ...)
+ TODO: check
+CVE-2024-3040 (A vulnerability, which was classified as critical, was found in Netent ...)
+ TODO: check
+CVE-2024-3039 (A vulnerability classified as critical has been found in Shanghai Brad ...)
+ TODO: check
+CVE-2024-3019 (A flaw was found in PCP. The default pmproxy configuration exposes the ...)
+ TODO: check
+CVE-2024-31140 (In JetBrains TeamCity before 2024.03 server administrators could remov ...)
+ TODO: check
+CVE-2024-31139 (In JetBrains TeamCity before 2024.03 xXE was possible in the Maven bui ...)
+ TODO: check
+CVE-2024-31138 (In JetBrains TeamCity before 2024.03 xSS was possible via Agent Distri ...)
+ TODO: check
+CVE-2024-31137 (In JetBrains TeamCity before 2024.03 reflected XSS was possible via Sp ...)
+ TODO: check
+CVE-2024-31136 (In JetBrains TeamCity before 2024.03 2FA could be bypassed by providin ...)
+ TODO: check
+CVE-2024-31135 (In JetBrains TeamCity before 2024.03 open redirect was possible on the ...)
+ TODO: check
+CVE-2024-31134 (In JetBrains TeamCity before 2024.03 authenticated users without admin ...)
+ TODO: check
+CVE-2024-31065 (Cross Site Scripting vulnerability in Insurance Mangement System v.1.0 ...)
+ TODO: check
+CVE-2024-31064 (Cross Site Scripting vulnerability in Insurance Mangement System v.1.0 ...)
+ TODO: check
+CVE-2024-31063 (Cross Site Scripting vulnerability in Insurance Mangement System v.1.0 ...)
+ TODO: check
+CVE-2024-31062 (Cross Site Scripting vulnerability in Insurance Mangement System v.1.0 ...)
+ TODO: check
+CVE-2024-31061 (Cross Site Scripting vulnerability in Insurance Mangement System v.1.0 ...)
+ TODO: check
+CVE-2024-30612 (Tenda AC10U v15.03.06.48 has a stack overflow vulnerability in the dev ...)
+ TODO: check
+CVE-2024-30607 (Tenda FH1203 v2.0.1.6 has a stack overflow vulnerability in the device ...)
+ TODO: check
+CVE-2024-30606 (Tenda FH1203 v2.0.1.6 has a stack overflow vulnerability in the page p ...)
+ TODO: check
+CVE-2024-30604 (Tenda FH1203 v2.0.1.6 has a stack overflow vulnerability in the list1 ...)
+ TODO: check
+CVE-2024-30603 (Tenda FH1203 v2.0.1.6 has a stack overflow vulnerability in the urls p ...)
+ TODO: check
+CVE-2024-30602 (Tenda FH1203 v2.0.1.6 has a stack overflow vulnerability in the schedS ...)
+ TODO: check
+CVE-2024-30601 (Tenda FH1203 v2.0.1.6 has a stack overflow vulnerability in the time p ...)
+ TODO: check
+CVE-2024-30600 (Tenda FH1203 v2.0.1.6 has a stack overflow vulnerability in the schedE ...)
+ TODO: check
+CVE-2024-30599 (Tenda FH1203 v2.0.1.6 has a stack overflow vulnerability in the device ...)
+ TODO: check
+CVE-2024-30598 (Tenda FH1203 v2.0.1.6 firmware has a stack overflow vulnerability in t ...)
+ TODO: check
+CVE-2024-30597 (Tenda FH1203 v2.0.1.6 firmware has a stack overflow vulnerability in t ...)
+ TODO: check
+CVE-2024-30596 (Tenda FH1202 v1.2.0.14(408) has a stack overflow vulnerability in the ...)
+ TODO: check
+CVE-2024-30595 (Tenda FH1202 v1.2.0.14(408) has a stack overflow vulnerability in the ...)
+ TODO: check
+CVE-2024-30594 (Tenda FH1202 v1.2.0.14(408) has a stack overflow vulnerability in the ...)
+ TODO: check
+CVE-2024-30593 (Tenda FH1202 v1.2.0.14(408) has a stack overflow vulnerability located ...)
+ TODO: check
+CVE-2024-30592 (Tenda FH1202 v1.2.0.14(408) has a stack overflow vulnerability in the ...)
+ TODO: check
+CVE-2024-30591 (Tenda FH1202 v1.2.0.14(408) has a stack overflow vulnerability in the ...)
+ TODO: check
+CVE-2024-30590 (Tenda FH1202 v1.2.0.14(408) has a stack overflow vulnerability in the ...)
+ TODO: check
+CVE-2024-30589 (Tenda FH1202 v1.2.0.14(408) firmware has a stack overflow vulnerabilit ...)
+ TODO: check
+CVE-2024-30588 (Tenda FH1202 v1.2.0.14(408) has a stack overflow vulnerability in the ...)
+ TODO: check
+CVE-2024-30587 (Tenda FH1202 v1.2.0.14(408) has a stack overflow vulnerability in the ...)
+ TODO: check
+CVE-2024-30586 (Tenda FH1202 v1.2.0.14(408) has a stack overflow vulnerability in the ...)
+ TODO: check
+CVE-2024-30585 (Tenda FH1202 v1.2.0.14(408) has a stack overflow vulnerability in the ...)
+ TODO: check
+CVE-2024-30584 (Tenda FH1202 v1.2.0.14(408) has a stack overflow vulnerability in the ...)
+ TODO: check
+CVE-2024-30583 (Tenda FH1202 v1.2.0.14(408) has a stack overflow vulnerability in the ...)
+ TODO: check
+CVE-2024-30422 (Improper Neutralization of Input During Web Page Generation ('Cross-si ...)
+ TODO: check
+CVE-2024-30421 (Cross-Site Request Forgery (CSRF) vulnerability in Pixelite Events Man ...)
+ TODO: check
+CVE-2024-2947 (A flaw was found in Cockpit. Deleting a sosreport with a crafted name ...)
+ TODO: check
+CVE-2024-29898 (CreateWiki is Miraheze's MediaWiki extension for requesting & creating ...)
+ TODO: check
+CVE-2024-29897 (CreateWiki is Miraheze's MediaWiki extension for requesting & creating ...)
+ TODO: check
+CVE-2024-29896 (Astro-Shield is a library to compute the subresource integrity hashes ...)
+ TODO: check
+CVE-2024-29882 (SRS is a simple, high-efficiency, real-time video server. SRS's `/api/ ...)
+ TODO: check
+CVE-2024-29200 (Kimai is a web-based multi-user time-tracking application. The permiss ...)
+ TODO: check
+CVE-2024-28713 (An issue in Mblog Blog system v.3.5.0 allows an attacker to execute ar ...)
+ TODO: check
+CVE-2024-28109 (veraPDF-library is a PDF/A validation library. Executing policy checks ...)
+ TODO: check
+CVE-2024-28091 (Technicolor TC8715D TC8715D-01.EF.04.38.00-180405-S-FF9-D RSE-TC8717T ...)
+ TODO: check
+CVE-2024-28090 (Technicolor TC8715D TC8715D-01.EF.04.38.00-180405-S-FF9-D RSE-TC8717T ...)
+ TODO: check
+CVE-2024-27775 (SysAid before version 23.2.14 b18 -CWE-918: Server-Side Request Forger ...)
+ TODO: check
+CVE-2024-27719 (A cross site scripting (XSS) vulnerability in rems FAQ Management Syst ...)
+ TODO: check
+CVE-2024-25971 (Dell PowerProtect Data Manager, version 19.15, contains an XML Externa ...)
+ TODO: check
+CVE-2024-25963 (Dell PowerScale OneFS, versions 8.2.2.x through 9.5.0.x contains a use ...)
+ TODO: check
+CVE-2024-25961 (Dell PowerScale OneFS versions 8.2.2.x through 9.7.0.x contains an imp ...)
+ TODO: check
+CVE-2024-25960 (Dell PowerScale OneFS versions 8.2.2.x through 9.7.0.x contains a clea ...)
+ TODO: check
+CVE-2024-25959 (Dell PowerScale OneFS versions 9.4.0.x through 9.7.0.x contains an ins ...)
+ TODO: check
+CVE-2024-25955 (Dell vApp Manager, versions prior to 9.2.4.9 contain a Command Injecti ...)
+ TODO: check
+CVE-2024-25954 (Dell PowerScale OneFS, versions 9.5.0.x through 9.7.0.x, contain an in ...)
+ TODO: check
+CVE-2024-25953 (Dell PowerScale OneFS versions 9.4.0.x through 9.7.0.x contains an UNI ...)
+ TODO: check
+CVE-2024-25952 (Dell PowerScale OneFS versions 8.2.2.x through 9.7.0.x contains an UNI ...)
+ TODO: check
+CVE-2024-25946 (Dell vApp Manager, versions prior to 9.2.4.9 contain a Command Injecti ...)
+ TODO: check
+CVE-2024-25506 (Cross Site Scripting vulnerability in Process Maker, Inc ProcessMaker ...)
+ TODO: check
+CVE-2024-0259 (Fortra's Robot Schedule Enterprise Agent for Windows prior to version ...)
+ TODO: check
+CVE-2023-6437 (Improper Neutralization of Special Elements used in an OS Command ('OS ...)
+ TODO: check
+CVE-2023-45715 (The console may experience a service interruption when processing file ...)
+ TODO: check
+CVE-2023-45706 (An administrative user of WebReports may perform a Cross Site Scriptin ...)
+ TODO: check
+CVE-2023-45705 (An administrative user of WebReports may perform a Server Side Request ...)
+ TODO: check
+CVE-2023-42974 (A race condition was addressed with improved state handling. This issu ...)
+ TODO: check
+CVE-2023-42962 (This issue was addressed with improved checks This issue is fixed in i ...)
+ TODO: check
+CVE-2023-42947 (A path handling issue was addressed with improved validation. This iss ...)
+ TODO: check
+CVE-2023-42936 (This issue was addressed with improved redaction of sensitive informat ...)
+ TODO: check
+CVE-2023-42931 (The issue was addressed with improved checks. This issue is fixed in m ...)
+ TODO: check
+CVE-2023-42930 (This issue was addressed with improved checks. This issue is fixed in ...)
+ TODO: check
+CVE-2023-42913 (This issue was addressed through improved state management. This issue ...)
+ TODO: check
+CVE-2023-42896 (An issue was addressed with improved handling of temporary files. This ...)
+ TODO: check
+CVE-2023-42893 (A permissions issue was addressed by removing vulnerable code and addi ...)
+ TODO: check
+CVE-2023-42892 (A use-after-free issue was addressed with improved memory management. ...)
+ TODO: check
+CVE-2023-40390 (A privacy issue was addressed by moving sensitive data to a protected ...)
+ TODO: check
CVE-2024-3024 (A vulnerability was found in appneta tcpreplay up to 4.4.4. It has bee ...)
TODO: check
CVE-2024-3015 (A vulnerability classified as critical was found in SourceCodester Sim ...)
@@ -1766,7 +1932,7 @@ CVE-2024-23494 (SQL injection vulnerability exists in GetDIAE_unListParameters.)
NOT-FOR-US: Delta Electronics
CVE-2024-0957 (The WooCommerce PDF Invoices, Packing Slips, Delivery Notes and Shippi ...)
NOT-FOR-US: WordPress plugin
-CVE-2023-42956 [Processing web content may lead to a denial-of-service]
+CVE-2023-42956 (The issue was addressed with improved memory handling. This issue is f ...)
- webkit2gtk 2.44.0-1
[buster] - webkit2gtk <end-of-life> (EOL in buster LTS)
- wpewebkit <unfixed>
@@ -1775,7 +1941,7 @@ CVE-2023-42956 [Processing web content may lead to a denial-of-service]
NOTE: https://webkitgtk.org/security/WSA-2024-0002.html
CVE-2023-42954 (A privilege escalation issue existed in FileMaker Server, potentially ...)
NOT-FOR-US: Claris FileMaker Server
-CVE-2023-42950 [Processing maliciously crafted web content may lead to arbitrary code execution]
+CVE-2023-42950 (A use after free issue was addressed with improved memory management. ...)
- webkit2gtk 2.44.0-1
[buster] - webkit2gtk <end-of-life> (EOL in buster LTS)
- wpewebkit <unfixed>
@@ -11316,7 +11482,7 @@ CVE-2023-36490 (Improper initialization in some Intel(R) MAS software before ver
NOT-FOR-US: Intel
CVE-2023-35769 (Uncontrolled search path in some Intel(R) CIP software before version ...)
NOT-FOR-US: Intel
-CVE-2023-35121 (Improper access control in some Intel(R) oneAPI DPC++/C++ Compiler sof ...)
+CVE-2023-35121 (Improper access control in the Intel(R) oneAPI DPC++/C++ Compiler befo ...)
NOT-FOR-US: Intel
CVE-2023-35062 (Improper access control in some Intel(R) DSA software before version 2 ...)
NOT-FOR-US: Intel
@@ -16014,9 +16180,9 @@ CVE-2023-45193 (IBM Db2 for Linux, UNIX and Windows (includes Db2 Connect Server
NOT-FOR-US: IBM
CVE-2023-44395 (Autolab is a course management service that enables instructors to off ...)
NOT-FOR-US: Autolab
-CVE-2020-36772 (CloudLinux CageFS 7.0.8-2 or below insufficiently restricts file path ...)
+CVE-2020-36772 (CloudLinux CageFS 7.0.8-2 or below insufficiently restricts file paths ...)
NOT-FOR-US: CloudLinux CageFS
-CVE-2020-36771 (CloudLinux CageFS 7.1.1-1 or below passes the authentication token as ...)
+CVE-2020-36771 (CloudLinux CageFS 7.1.1-1 or below passes the authentication token as ...)
NOT-FOR-US: CloudLinux CageFS
CVE-2023-46841 (Recent x86 CPUs offer functionality named Control-flow Enforcement Tec ...)
- xen 4.17.3+36-g54dacb5c02-1
@@ -32242,7 +32408,7 @@ CVE-2023-45756 (Unauth. Reflected Cross-Site Scripting (XSS) vulnerability in Sp
NOT-FOR-US: WordPress plugin
CVE-2023-45755 (Auth. (admin+) Stored Cross-Site Scripting (XSS) vulnerability in Budd ...)
NOT-FOR-US: WordPress plugin
-CVE-2023-45754 (Auth. (admin+) Stored Cross-Site Scripting (XSS) vulnerability in I Th ...)
+CVE-2023-45754 (Improper Neutralization of Input During Web Page Generation ('Cross-si ...)
NOT-FOR-US: WordPress plugin
CVE-2023-45750 (Unauth. Reflected Cross-Site Scripting (XSS) vulnerability in POSIMYTH ...)
NOT-FOR-US: WordPress plugin
@@ -57624,7 +57790,7 @@ CVE-2023-29504 (Uncontrolled search path element in some Intel(R) RealSense(TM)
NOT-FOR-US: Intel
CVE-2023-29500 (Exposure of sensitive information to an unauthorized actor in BIOS fir ...)
NOT-FOR-US: Intel
-CVE-2023-29162 (Improper buffer restrictions in some Intel(R) C++ Compiler Classic bef ...)
+CVE-2023-29162 (Improper buffer restrictions the Intel(R) C++ Compiler Classic before ...)
NOT-FOR-US: Intel
CVE-2023-28740 (Uncontrolled search path element in some Intel(R) QAT drivers for Wind ...)
NOT-FOR-US: Intel
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/5439ffb8626adece6f8d499c19d005cca91927ec
--
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/5439ffb8626adece6f8d499c19d005cca91927ec
You're receiving this email because of your account on salsa.debian.org.
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://alioth-lists.debian.net/pipermail/debian-security-tracker-commits/attachments/20240328/8f5f1931/attachment.htm>
More information about the debian-security-tracker-commits
mailing list