[Git][security-tracker-team/security-tracker][master] automatic update
Salvatore Bonaccorso (@carnil)
carnil at debian.org
Wed May 8 21:12:32 BST 2024
Salvatore Bonaccorso pushed to branch master at Debian Security Tracker / security-tracker
Commits:
0de2b438 by security tracker role at 2024-05-08T20:12:09+00:00
automatic update
- - - - -
1 changed file:
- data/CVE/list
Changes:
=====================================
data/CVE/list
=====================================
@@ -1,3 +1,177 @@
+CVE-2024-4654 (A vulnerability was found in BlueNet Technology Clinical Browsing Syst ...)
+ TODO: check
+CVE-2024-4653 (A vulnerability was found in BlueNet Technology Clinical Browsing Syst ...)
+ TODO: check
+CVE-2024-4652 (A vulnerability, which was classified as problematic, was found in Cam ...)
+ TODO: check
+CVE-2024-4651 (A vulnerability, which was classified as problematic, has been found i ...)
+ TODO: check
+CVE-2024-4650 (A vulnerability classified as problematic was found in Campcodes Compl ...)
+ TODO: check
+CVE-2024-4649 (A vulnerability classified as problematic has been found in Campcodes ...)
+ TODO: check
+CVE-2024-4648 (A vulnerability was found in Campcodes Complete Web-Based School Manag ...)
+ TODO: check
+CVE-2024-4647 (A vulnerability was found in Campcodes Complete Web-Based School Manag ...)
+ TODO: check
+CVE-2024-4646 (A vulnerability was found in Campcodes Complete Web-Based School Manag ...)
+ TODO: check
+CVE-2024-4645 (A vulnerability was found in SourceCodester Prison Management System 1 ...)
+ TODO: check
+CVE-2024-4644 (A vulnerability has been found in SourceCodester Prison Management Sys ...)
+ TODO: check
+CVE-2024-4281 (The Link Library plugin for WordPress is vulnerable to Stored Cross-Si ...)
+ TODO: check
+CVE-2024-4233 (Missing Authorization vulnerability in Tyche Softwares Print Invoice & ...)
+ TODO: check
+CVE-2024-4135 (The WP Latest Posts plugin for WordPress is vulnerable to arbitrary sh ...)
+ TODO: check
+CVE-2024-3951 (PTC Codebeamer is vulnerable to a cross site scripting vulnerability t ...)
+ TODO: check
+CVE-2024-3507 (Improper privilege management vulnerability in Lunar software that aff ...)
+ TODO: check
+CVE-2024-34574 (Improper Neutralization of Input During Web Page Generation ('Cross-si ...)
+ TODO: check
+CVE-2024-34573 (Improper Neutralization of Input During Web Page Generation ('Cross-si ...)
+ TODO: check
+CVE-2024-34572 (Improper Neutralization of Input During Web Page Generation ('Cross-si ...)
+ TODO: check
+CVE-2024-34571 (Improper Neutralization of Input During Web Page Generation ('Cross-si ...)
+ TODO: check
+CVE-2024-34570 (Improper Neutralization of Input During Web Page Generation ('Cross-si ...)
+ TODO: check
+CVE-2024-34569 (Improper Neutralization of Input During Web Page Generation ('Cross-si ...)
+ TODO: check
+CVE-2024-34568 (Improper Neutralization of Input During Web Page Generation ('Cross-si ...)
+ TODO: check
+CVE-2024-34566 (Improper Neutralization of Input During Web Page Generation ('Cross-si ...)
+ TODO: check
+CVE-2024-34565 (Improper Neutralization of Input During Web Page Generation ('Cross-si ...)
+ TODO: check
+CVE-2024-34564 (Improper Neutralization of Input During Web Page Generation ('Cross-si ...)
+ TODO: check
+CVE-2024-34563 (Improper Neutralization of Input During Web Page Generation ('Cross-si ...)
+ TODO: check
+CVE-2024-34562 (Improper Neutralization of Input During Web Page Generation ('Cross-si ...)
+ TODO: check
+CVE-2024-34561 (Improper Neutralization of Input During Web Page Generation ('Cross-si ...)
+ TODO: check
+CVE-2024-34560 (Improper Neutralization of Input During Web Page Generation ('Cross-si ...)
+ TODO: check
+CVE-2024-34558 (Improper Neutralization of Input During Web Page Generation ('Cross-si ...)
+ TODO: check
+CVE-2024-34553 (Improper Neutralization of Input During Web Page Generation ('Cross-si ...)
+ TODO: check
+CVE-2024-34548 (Improper Neutralization of Input During Web Page Generation ('Cross-si ...)
+ TODO: check
+CVE-2024-34547 (Improper Neutralization of Input During Web Page Generation ('Cross-si ...)
+ TODO: check
+CVE-2024-34546 (Improper Neutralization of Input During Web Page Generation ('Cross-si ...)
+ TODO: check
+CVE-2024-34414 (Improper Neutralization of Input During Web Page Generation ('Cross-si ...)
+ TODO: check
+CVE-2024-34347 (@hoppscotch/cli is a CLI to run Hoppscotch Test Scripts in CI environm ...)
+ TODO: check
+CVE-2024-34257 (TOTOLINK EX1800T V9.1.0cu.2112_B20220316 has a vulnerability in the ap ...)
+ TODO: check
+CVE-2024-34255 (jizhicms v2.5.1 contains a Cross-Site Scripting(XSS) vulnerability in ...)
+ TODO: check
+CVE-2024-34244 (libmodbus v3.1.10 is vulnerable to Buffer Overflow via the modbus_writ ...)
+ TODO: check
+CVE-2024-33612 (An improper certificate validation vulnerability exists in BIG-IP Next ...)
+ TODO: check
+CVE-2024-33608 (When IPsec is configured on a virtual server, undisclosed traffic can ...)
+ TODO: check
+CVE-2024-33604 (A reflected cross-site scripting (XSS) vulnerability exist in undisclo ...)
+ TODO: check
+CVE-2024-33574 (Missing Authorization vulnerability in appsbd Vitepos.This issue affec ...)
+ TODO: check
+CVE-2024-33573 (Missing Authorization vulnerability in EPROLO EPROLO Dropshipping.This ...)
+ TODO: check
+CVE-2024-33382 (An issue in Open5GS v.2.7.0 allows an attacker to cause a denial of se ...)
+ TODO: check
+CVE-2024-32980 (Spin is the developer tool for building and running serverless applica ...)
+ TODO: check
+CVE-2024-32886 (Vitess is a database clustering system for horizontal scaling of MySQL ...)
+ TODO: check
+CVE-2024-32761 (Under certain conditions, a potential data leak may occur in the Traff ...)
+ TODO: check
+CVE-2024-32113 (Improper Limitation of a Pathname to a Restricted Directory ('Path Tra ...)
+ TODO: check
+CVE-2024-32049 (BIG-IP Next Central Manager (CM) may allow an unauthenticated, remote ...)
+ TODO: check
+CVE-2024-31961 (A SQL injection vulnerability in unit.php in Sonic Shopfloor.guide bef ...)
+ TODO: check
+CVE-2024-31270 (Missing Authorization vulnerability in Repute InfoSystems ARForms Form ...)
+ TODO: check
+CVE-2024-31156 (A stored cross-site scripting (XSS) vulnerability exists in an undiscl ...)
+ TODO: check
+CVE-2024-30459 (Missing Authorization vulnerability in AIpost AI WP Writer.This issue ...)
+ TODO: check
+CVE-2024-28971 (Dell Update Manager Plugin, versions 1.4.0 through 1.5.0, contains a P ...)
+ TODO: check
+CVE-2024-28889 (When an SSL profile with alert timeout is configured with a non-defaul ...)
+ TODO: check
+CVE-2024-28883 (An origin validation vulnerability exists in BIG-IP APM browser netw ...)
+ TODO: check
+CVE-2024-28132 (Exposure of Sensitive Information vulnerability exists in the GSLB con ...)
+ TODO: check
+CVE-2024-27202 (A DOM-based cross-site scripting (XSS) vulnerability exists in an undi ...)
+ TODO: check
+CVE-2024-26579 (Deserialization of Untrusted Data vulnerability in Apache InLong.This ...)
+ TODO: check
+CVE-2024-26026 (An SQL injection vulnerability exists in the BIG-IP Next Central Manag ...)
+ TODO: check
+CVE-2024-25560 (When BIG-IP AFM is licensed and provisioned, undisclosed DNS traffic c ...)
+ TODO: check
+CVE-2024-25533 (Error messages in RuvarOA v6.01 and v12.01 were discovered to leak the ...)
+ TODO: check
+CVE-2024-25532 (RuvarOA v6.01 and v12.01 were discovered to contain a SQL injection vu ...)
+ TODO: check
+CVE-2024-25531 (RuvarOA v6.01 and v12.01 were discovered to contain a SQL injection vu ...)
+ TODO: check
+CVE-2024-25530 (RuvarOA v6.01 and v12.01 were discovered to contain a SQL injection vu ...)
+ TODO: check
+CVE-2024-25529 (RuvarOA v6.01 and v12.01 were discovered to contain a SQL injection vu ...)
+ TODO: check
+CVE-2024-25528 (RuvarOA v6.01 and v12.01 were discovered to contain a SQL injection vu ...)
+ TODO: check
+CVE-2024-25527 (RuvarOA v6.01 and v12.01 were discovered to contain a SQL injection vu ...)
+ TODO: check
+CVE-2024-25526 (RuvarOA v6.01 and v12.01 were discovered to contain a SQL injection vu ...)
+ TODO: check
+CVE-2024-25525 (RuvarOA v6.01 and v12.01 were discovered to contain a SQL injection vu ...)
+ TODO: check
+CVE-2024-25524 (RuvarOA v6.01 and v12.01 were discovered to contain a SQL injection vu ...)
+ TODO: check
+CVE-2024-25523 (RuvarOA v6.01 and v12.01 were discovered to contain a SQL injection vu ...)
+ TODO: check
+CVE-2024-25522 (RuvarOA v6.01 and v12.01 were discovered to contain a SQL injection vu ...)
+ TODO: check
+CVE-2024-25521 (RuvarOA v6.01 and v12.01 were discovered to contain a SQL injection vu ...)
+ TODO: check
+CVE-2024-25520 (RuvarOA v6.01 and v12.01 were discovered to contain a SQL injection vu ...)
+ TODO: check
+CVE-2024-25519 (RuvarOA v6.01 and v12.01 were discovered to contain a SQL injection vu ...)
+ TODO: check
+CVE-2024-25518 (RuvarOA v6.01 and v12.01 were discovered to contain a SQL injection vu ...)
+ TODO: check
+CVE-2024-25517 (RuvarOA v6.01 and v12.01 were discovered to contain a SQL injection vu ...)
+ TODO: check
+CVE-2024-25515 (RuvarOA v6.01 and v12.01 were discovered to contain a SQL injection vu ...)
+ TODO: check
+CVE-2024-24908 (Dell PowerProtect DM5500 version 5.15.0.0 and prior contain an Arbitra ...)
+ TODO: check
+CVE-2024-24833 (Missing Authorization vulnerability in Leevio Happy Addons for Element ...)
+ TODO: check
+CVE-2024-22460 (Dell PowerProtect DM5500 version 5.15.0.0 and prior contains an insecu ...)
+ TODO: check
+CVE-2024-21793 (An OData injection vulnerability exists in the BIG-IP Next Central Man ...)
+ TODO: check
+CVE-2024-1438 (Missing Authorization vulnerability in PressFore Rolo Slider.This issu ...)
+ TODO: check
+CVE-2023-41651 (Missing Authorization vulnerability in Multi-column Tag Map.This issue ...)
+ TODO: check
CVE-2024-27397 [netfilter: nf_tables: use timestamp to check for set element timeout]
- linux 6.7.7-1
NOTE: https://git.kernel.org/linus/7395dfacfff65e9938ac0889dafa1ab01e987d15 (6.8-rc4)
@@ -29,7 +203,7 @@ CVE-2023-52654 [io_uring/af_unix: disable sending io_uring over sockets]
[bullseye] - linux 5.10.205-1
[buster] - linux <not-affected> (Vulnerable code not present)
NOTE: https://git.kernel.org/linus/705318a99a138c29a512a72c3e0043b3cd7f55f4 (6.7-rc5)
-CVE-2024-24787
+CVE-2024-24787 (On Darwin, building a Go module which contains CGO can trigger arbitra ...)
- golang-1.22 <not-affected> (Specific to MacOS)
- golang-1.21 <not-affected> (Specific to MacOS)
- golang-1.19 <not-affected> (Specific to MacOS)
@@ -37,7 +211,7 @@ CVE-2024-24787
- golang-1.11 <not-affected> (Specific to MacOS)
NOTE: https://groups.google.com/g/golang-announce/c/wkkO4P9stm0
NOTE: https://github.com/golang/go/issues/67119
-CVE-2024-24788
+CVE-2024-24788 (A malformed DNS message in response to a query can cause the Lookup fu ...)
- golang-1.22 1.22.3-1
- golang-1.21 <not-affected> (Vulnerable code not present)
- golang-1.19 <not-affected> (Vulnerable code not present)
@@ -124,11 +298,11 @@ CVE-2023-35749 (D-Link DAP-2622 DDP Firmware Upgrade Filename Stack-based Buffer
NOT-FOR-US: D-Link
CVE-2023-35748 (D-Link DAP-2622 DDP Firmware Upgrade Server IPv6 Address Stack-based B ...)
NOT-FOR-US: D-Link
-CVE-2024-4438
+CVE-2024-4438 (The etcd package distributed with the Red Hat OpenStack platform has a ...)
NOT-FOR-US: Incomplete backport in Red Hat OpenStack platform
-CVE-2024-4437
+CVE-2024-4437 (The etcd package distributed with the Red Hat OpenStack platform has a ...)
NOT-FOR-US: Incomplete backport in Red Hat OpenStack platform
-CVE-2024-4436
+CVE-2024-4436 (The etcd package distributed with the Red Hat OpenStack platform has a ...)
NOT-FOR-US: Incomplete backport in Red Hat OpenStack platform
CVE-2024-4601 (An incorrect authentication vulnerability has been found in Socomec Ne ...)
NOT-FOR-US: Socomec Net Vision
@@ -295,10 +469,12 @@ CVE-2023-46012 (Buffer Overflow vulnerability LINKSYS EA7500 3.0.1.207964 allows
CVE-2023-42757 (Process Explorer before 17.04 allows attackers to make it functionally ...)
TODO: check
CVE-2024-4559 (Heap buffer overflow in WebAudio in Google Chrome prior to 124.0.6367. ...)
+ {DSA-5683-1}
- chromium 124.0.6367.155-1
[bullseye] - chromium <end-of-life> (see #1061268)
[buster] - chromium <end-of-life> (see DSA 5046)
CVE-2024-4558 (Use after free in ANGLE in Google Chrome prior to 124.0.6367.155 allow ...)
+ {DSA-5683-1}
- chromium 124.0.6367.155-1
[bullseye] - chromium <end-of-life> (see #1061268)
[buster] - chromium <end-of-life> (see DSA 5046)
@@ -450,7 +626,7 @@ CVE-2024-3755 (The MF Gig Calendar WordPress plugin through 1.2.1 does not sanit
NOT-FOR-US: WordPress plugin
CVE-2024-3752 (The Crelly Slider WordPress plugin through 1.4.5 does not sanitise and ...)
NOT-FOR-US: WordPress plugin
-CVE-2024-3661 (By design, the DHCP protocol does not authenticate messages, including ...)
+CVE-2024-3661 (DHCP can add routes to a client\u2019s routing table via the classless ...)
TODO: check
CVE-2024-3576 (The NPort 5100A Series firmware version v1.6 and prior versions are af ...)
NOT-FOR-US: Moxa
@@ -8586,6 +8762,7 @@ CVE-2023-52144 (Improper Limitation of a Pathname to a Restricted Directory ('Pa
CVE-2024-3508 (A flaw was found in Bombastic, which allows authenticated users to upl ...)
NOT-FOR-US: Bombastic's use of bzip2
CVE-2024-3651 [potential DoS via resource consumption via specially crafted inputs to idna.encode()]
+ {DLA-3811-1}
- python-idna <unfixed> (bug #1069127)
[bookworm] - python-idna <no-dsa> (Minor issue)
[bullseye] - python-idna <no-dsa> (Minor issue)
@@ -121825,8 +122002,8 @@ CVE-2022-40694 (Auth. (admin+) Stored Cross-Site Scripting (XSS) vulnerability i
NOT-FOR-US: WordPress plugin
CVE-2022-40311 (Auth. (admin+) Stored Cross-Site Scripting (XSS) in Fatcat Apps Analyt ...)
NOT-FOR-US: WordPress plugin
-CVE-2022-40218
- RESERVED
+CVE-2022-40218 (Missing Authorization vulnerability in ThemeHunk Advance WordPress Sea ...)
+ TODO: check
CVE-2022-40216 (Auth. (subscriber+) Messaging Block Bypass vulnerability in Better Mes ...)
NOT-FOR-US: WordPress plugin
CVE-2022-40209 (Unauth. Reflected Cross-Site Scripting (XSS) vulnerability inXylus The ...)
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/0de2b43839370cc59a19aa63a0fd1bd94f770aed
--
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/0de2b43839370cc59a19aa63a0fd1bd94f770aed
You're receiving this email because of your account on salsa.debian.org.
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://alioth-lists.debian.net/pipermail/debian-security-tracker-commits/attachments/20240508/a2a7d00c/attachment-0001.htm>
More information about the debian-security-tracker-commits
mailing list