[Git][security-tracker-team/security-tracker][master] automatic update
Salvatore Bonaccorso (@carnil)
carnil at debian.org
Tue May 28 21:13:12 BST 2024
Salvatore Bonaccorso pushed to branch master at Debian Security Tracker / security-tracker
Commits:
3cfed740 by security tracker role at 2024-05-28T20:12:41+00:00
automatic update
- - - - -
1 changed file:
- data/CVE/list
Changes:
=====================================
data/CVE/list
=====================================
@@ -1,3 +1,205 @@
+CVE-2024-5434 (The Campbell Scientific CSI Web Server stores web authentication crede ...)
+ TODO: check
+CVE-2024-5433 (The Campbell Scientific CSI Web Server supports a command that will re ...)
+ TODO: check
+CVE-2024-5428 (A vulnerability classified as problematic was found in SourceCodester ...)
+ TODO: check
+CVE-2024-5415 (A vulnerability have been discovered in PhpMyBackupPro affecting versi ...)
+ TODO: check
+CVE-2024-5414 (A vulnerability have been discovered in PhpMyBackupPro affecting versi ...)
+ TODO: check
+CVE-2024-5413 (A vulnerability have been discovered in PhpMyBackupPro affecting versi ...)
+ TODO: check
+CVE-2024-5411 (Missing input validation and OS command integration of the input in th ...)
+ TODO: check
+CVE-2024-5410 (Missing input validation in the ORing IAP-420 web-interface allows sto ...)
+ TODO: check
+CVE-2024-4429 (Cross-Site Request Forgery vulnerabilityhas been discovered in OpenTex ...)
+ TODO: check
+CVE-2024-3969 (XML External Entity injection vulnerability foundin OpenText\u2122 iMa ...)
+ TODO: check
+CVE-2024-3657 (A flaw was found in 389-ds-base. A specially-crafted LDAP query can po ...)
+ TODO: check
+CVE-2024-36472 (In GNOME Shell through 45.7, a portal helper can be launched automatic ...)
+ TODO: check
+CVE-2024-36110 (ansibleguy-webui is an open source WebUI for using Ansible. Multiple f ...)
+ TODO: check
+CVE-2024-36109 (CoCalc is web-based software that enables collaboration in research, t ...)
+ TODO: check
+CVE-2024-36107 (MinIO is a High Performance Object Storage released under GNU Affero G ...)
+ TODO: check
+CVE-2024-35621 (A cross-site scripting (XSS) vulnerability in the Edit function of For ...)
+ TODO: check
+CVE-2024-35583 (A cross-site scripting (XSS) vulnerability in Sourcecodester Laborator ...)
+ TODO: check
+CVE-2024-35582 (A cross-site scripting (XSS) vulnerability in Sourcecodester Laborator ...)
+ TODO: check
+CVE-2024-35581 (A cross-site scripting (XSS) vulnerability in Sourcecodester Laborator ...)
+ TODO: check
+CVE-2024-35563 (CDG-Server-V5.6.2.126.139 and earlier was discovered to contain a SQL ...)
+ TODO: check
+CVE-2024-35510 (An arbitrary file upload vulnerability in /dede/file_manage_control.ph ...)
+ TODO: check
+CVE-2024-35403 (TOTOLINK CP900L v4.1.5cu.798_B20221228 was discovered to contain a sta ...)
+ TODO: check
+CVE-2024-35401 (TOTOLINK CP900L v4.1.5cu.798_B20221228 was discovered to contain a com ...)
+ TODO: check
+CVE-2024-35400 (TOTOLINK CP900L v4.1.5cu.798_B20221228 was discovered to contain a sta ...)
+ TODO: check
+CVE-2024-35399 (TOTOLINK CP900L v4.1.5cu.798_B20221228 was discovered to contain a sta ...)
+ TODO: check
+CVE-2024-35398 (TOTOLINK CP900L v4.1.5cu.798_B20221228 was discovered to contain a sta ...)
+ TODO: check
+CVE-2024-35397 (TOTOLINK CP900L v4.1.5cu.798_B20221228 weas discovered to contain a co ...)
+ TODO: check
+CVE-2024-35344 (Certain Anpviz products contain a hardcoded cryptographic key stored i ...)
+ TODO: check
+CVE-2024-35343 (Certain Anpviz products allow unauthenticated users to download arbitr ...)
+ TODO: check
+CVE-2024-35342 (Certain Anpviz products allow unauthenticated users to modify or disab ...)
+ TODO: check
+CVE-2024-35341 (Certain Anpviz products allow unauthenticated users to download the ru ...)
+ TODO: check
+CVE-2024-35324 (Douchat 4.0.5 suffers from an arbitrary file upload vulnerability via ...)
+ TODO: check
+CVE-2024-34854 (F-logic DataCube3 v1.0 is vulnerable to File Upload via `/admin/transc ...)
+ TODO: check
+CVE-2024-34852 (F-logic DataCube3 v1.0 is affected by command injection due to imprope ...)
+ TODO: check
+CVE-2024-33849 (ci solution CI-Out-of-Office Manager through 6.0.0.77 uses a Hard-code ...)
+ TODO: check
+CVE-2024-33808 (A SQL injection vulnerability in /model/get_timetable.php in campcodes ...)
+ TODO: check
+CVE-2024-33807 (A SQL injection vulnerability in /model/get_teacher_timetable.php in c ...)
+ TODO: check
+CVE-2024-33806 (A SQL injection vulnerability in /model/get_grade.php in campcodes Com ...)
+ TODO: check
+CVE-2024-33805 (A SQL injection vulnerability in /model/get_student.php in campcodes C ...)
+ TODO: check
+CVE-2024-33804 (A SQL injection vulnerability in /model/get_subject.php in campcodes C ...)
+ TODO: check
+CVE-2024-33803 (A SQL injection vulnerability in /model/get_exam.php in campcodes Comp ...)
+ TODO: check
+CVE-2024-33802 (A SQL injection vulnerability in /model/get_student_subject.php in cam ...)
+ TODO: check
+CVE-2024-33801 (A SQL injection vulnerability in /model/get_subject_routing.php in cam ...)
+ TODO: check
+CVE-2024-33800 (A SQL injection vulnerability in /model/get_student1.php in campcodes ...)
+ TODO: check
+CVE-2024-33799 (A SQL injection vulnerability in /model/get_teacher.php in campcodes C ...)
+ TODO: check
+CVE-2024-33450 (SQL Injection in Finereport v.8.0 allows a remote attacker to obtain s ...)
+ TODO: check
+CVE-2024-33402 (A SQL injection vulnerability in /model/approve_petty_cash.php in camp ...)
+ TODO: check
+CVE-2024-30212 (If a SCSI READ(10) command is initiated via USB using the largest LBA ...)
+ TODO: check
+CVE-2024-30165 (Amazon AWS Client VPN before 3.9.1 on macOS has a buffer overflow that ...)
+ TODO: check
+CVE-2024-30164 (Amazon AWS Client VPN has a buffer overflow that could potentially all ...)
+ TODO: check
+CVE-2024-2451 (Improper fingerprint validation in the TeamViewer Client (Full & Host) ...)
+ TODO: check
+CVE-2024-2199 (A denial of service vulnerability was found in 389-ds-base ldap server ...)
+ TODO: check
+CVE-2024-29072 (A privilege escalation vulnerability exists in the Foxit Reader 2024.2 ...)
+ TODO: check
+CVE-2024-28061 (An issue was discovered in Apiris Kafeo 6.4.4. It permits a bypass, of ...)
+ TODO: check
+CVE-2024-28060 (An issue was discovered in Apiris Kafeo 6.4.4. It permits DLL hijackin ...)
+ TODO: check
+CVE-2024-26024 (SUBNET Solutions Inc. has identified vulnerabilities in third-party co ...)
+ TODO: check
+CVE-2024-24963 (A stack-based buffer overflow vulnerability exists in the Programming ...)
+ TODO: check
+CVE-2024-24962 (A stack-based buffer overflow vulnerability exists in the Programming ...)
+ TODO: check
+CVE-2024-24959 (Several out-of-bounds write vulnerabilities exist in the Programming S ...)
+ TODO: check
+CVE-2024-24958 (Several out-of-bounds write vulnerabilities exist in the Programming S ...)
+ TODO: check
+CVE-2024-24957 (Several out-of-bounds write vulnerabilities exist in the Programming S ...)
+ TODO: check
+CVE-2024-24956 (Several out-of-bounds write vulnerabilities exist in the Programming S ...)
+ TODO: check
+CVE-2024-24955 (Several out-of-bounds write vulnerabilities exist in the Programming S ...)
+ TODO: check
+CVE-2024-24954 (Several out-of-bounds write vulnerabilities exist in the Programming S ...)
+ TODO: check
+CVE-2024-24947 (A heap-based buffer overflow vulnerability exists in the Programming S ...)
+ TODO: check
+CVE-2024-24946 (A heap-based buffer overflow vulnerability exists in the Programming S ...)
+ TODO: check
+CVE-2024-24919 (Potentially allowing an attacker to read certain information on Check ...)
+ TODO: check
+CVE-2024-24851 (A heap-based buffer overflow vulnerability exists in the Programming S ...)
+ TODO: check
+CVE-2024-24686 (Multiple stack-based buffer overflow vulnerabilities exist in the read ...)
+ TODO: check
+CVE-2024-24685 (Multiple stack-based buffer overflow vulnerabilities exist in the read ...)
+ TODO: check
+CVE-2024-24684 (Multiple stack-based buffer overflow vulnerabilities exist in the read ...)
+ TODO: check
+CVE-2024-24584 (Multiple out-of-bounds read vulnerabilities exist in the readMSH funct ...)
+ TODO: check
+CVE-2024-24583 (Multiple out-of-bounds read vulnerabilities exist in the readMSH funct ...)
+ TODO: check
+CVE-2024-23951 (Multiple improper array index validation vulnerabilities exist in the ...)
+ TODO: check
+CVE-2024-23950 (Multiple improper array index validation vulnerabilities exist in the ...)
+ TODO: check
+CVE-2024-23949 (Multiple improper array index validation vulnerabilities exist in the ...)
+ TODO: check
+CVE-2024-23948 (Multiple improper array index validation vulnerabilities exist in the ...)
+ TODO: check
+CVE-2024-23947 (Multiple improper array index validation vulnerabilities exist in the ...)
+ TODO: check
+CVE-2024-23601 (A code injection vulnerability exists in the scan_lib.bin functionalit ...)
+ TODO: check
+CVE-2024-23315 (A read-what-where vulnerability exists in the Programming Software Con ...)
+ TODO: check
+CVE-2024-22590 (The TLS engine in Kwik commit 745fd4e2 does not track the current stat ...)
+ TODO: check
+CVE-2024-22187 (A write-what-where vulnerability exists in the Programming Software Co ...)
+ TODO: check
+CVE-2024-22181 (An out-of-bounds write vulnerability exists in the readNODE functional ...)
+ TODO: check
+CVE-2024-21785 (A leftover debug code vulnerability exists in the Telnet Diagnostic In ...)
+ TODO: check
+CVE-2023-49600 (An out-of-bounds write vulnerability exists in the PlyFile ply_cast_as ...)
+ TODO: check
+CVE-2023-46694 (Vtenext 21.02 allows an authenticated attacker to upload arbitrary fil ...)
+ TODO: check
+CVE-2023-43850 (Improper input validation in the user management function of web inter ...)
+ TODO: check
+CVE-2023-43849 (Incorrect access control in firmware upgrade function of web interface ...)
+ TODO: check
+CVE-2023-43848 (Incorrect access control in the firewall management function of web in ...)
+ TODO: check
+CVE-2023-43847 (Incorrect access control in the outlet control function of web interfa ...)
+ TODO: check
+CVE-2023-43846 (Incorrect access control in logs management function of web interface ...)
+ TODO: check
+CVE-2023-43845 (Aten PE6208 2.3.228 and 2.4.232 have default credentials for the privi ...)
+ TODO: check
+CVE-2023-43844 (Aten PE6208 2.3.228 and 2.4.232 have default credentials for the privi ...)
+ TODO: check
+CVE-2023-43843 (Incorrect access control in the account management function of web int ...)
+ TODO: check
+CVE-2023-43842 (Incorrect access control in the account management function of web int ...)
+ TODO: check
+CVE-2023-37411 (IBM Aspera Faspex 5.0.0 through 5.0.6 is vulnerable to cross-site scri ...)
+ TODO: check
+CVE-2023-35953 (Multiple stack-based buffer overflow vulnerabilities exist in the read ...)
+ TODO: check
+CVE-2023-35952 (Multiple stack-based buffer overflow vulnerabilities exist in the read ...)
+ TODO: check
+CVE-2023-35951 (Multiple stack-based buffer overflow vulnerabilities exist in the read ...)
+ TODO: check
+CVE-2023-35950 (Multiple stack-based buffer overflow vulnerabilities exist in the read ...)
+ TODO: check
+CVE-2023-35949 (Multiple stack-based buffer overflow vulnerabilities exist in the read ...)
+ TODO: check
CVE-2024-4741 [Use After Free with SSL_free_buffers]
- openssl <unfixed>
[bookworm] - openssl <postponed> (Minor issue, fix along with next update round)
@@ -93,7 +295,8 @@ CVE-2023-6349 (A heap overflow vulnerability exists in libvpx -Encoding a frame
NOTE: https://bugs.chromium.org/p/webm/issues/detail?id=1642
NOTE: Fixed by: https://github.com/webmproject/libvpx/commit/df9fd9d5b7325060b2b921558a1eb20ca7880937 (v1.13.1)
NOTE: Same upstream commit as CVE-2023-44488
-CVE-2023-50977 (In GNOME Shell through 45.2, unauthenticated remote code execution can ...)
+CVE-2023-50977
+ REJECTED
NOTE: Disputed GNOME Shell issue
CVE-2022-4969 (A vulnerability, which was classified as critical, has been found in b ...)
NOT-FOR-US: rockhopper Python library (different from src:rockhopper)
@@ -706,7 +909,7 @@ CVE-2021-47499 (In the Linux kernel, the following vulnerability has been resolv
[bullseye] - linux 5.10.92-1
[buster] - linux 4.19.232-1
NOTE: https://git.kernel.org/linus/70c9774e180d151abaab358108e3510a8e615215 (5.16-rc5)
-CVE-2024-28793
+CVE-2024-28793 (IBM Engineering Workflow Management 7.0.2 and 7.0.3 is vulnerable to s ...)
NOT-FOR-US: Jenkins plugin
CVE-2024-4189
NOT-FOR-US: Jenkins plugin
@@ -794,7 +997,7 @@ CVE-2024-0867 (The Email Log plugin for WordPress is vulnerable to Unauthenticat
NOT-FOR-US: WordPress plugin
CVE-2023-7259 (** DISPUTED ** A vulnerability was found in zzdevelop lenosp up to 202 ...)
NOT-FOR-US: zzdevelop lenosp
-CVE-2024-5274
+CVE-2024-5274 (Type Confusion in V8 in Google Chrome prior to 125.0.6422.112 allowed ...)
{DSA-5697-1}
- chromium 125.0.6422.112-1
[bullseye] - chromium <end-of-life> (see #1061268)
@@ -4442,7 +4645,8 @@ CVE-2024-4432 (The Piotnet Addons For Elementor plugin for WordPress is vulnerab
NOT-FOR-US: WordPress plugin
CVE-2024-3745 (MSI Afterburner v4.6.6.16381 Beta 3 is vulnerable to an ACL Bypass vul ...)
NOT-FOR-US: MSI Afterburner
-CVE-2024-3658 (The Build App Online plugin for WordPress is vulnerable to authenticat ...)
+CVE-2024-3658
+ REJECTED
NOT-FOR-US: WordPress plugin
CVE-2024-36043 (question_image.ts in SurveyJS Form Library before 1.10.4 allows conten ...)
NOT-FOR-US: SurveyJS Form Library
@@ -81721,24 +81925,24 @@ CVE-2023-30315
RESERVED
CVE-2023-30314
RESERVED
-CVE-2023-30313
- RESERVED
+CVE-2023-30313 (An issue discovered in Wavlink QUANTUM D2G routers allows attackers to ...)
+ TODO: check
CVE-2023-30312
RESERVED
-CVE-2023-30311
- RESERVED
-CVE-2023-30310
- RESERVED
-CVE-2023-30309
- RESERVED
-CVE-2023-30308
- RESERVED
-CVE-2023-30307
- RESERVED
-CVE-2023-30306
- RESERVED
-CVE-2023-30305
- RESERVED
+CVE-2023-30311 (An issue discovered in H3C Magic R365 and H3C Magic R100 routers allow ...)
+ TODO: check
+CVE-2023-30310 (An issue discovered in Comfast Comfast CF-616AC routers allows attacke ...)
+ TODO: check
+CVE-2023-30309 (An issue discovered in D-Link DI-7003GV2 routers allows attackers to h ...)
+ TODO: check
+CVE-2023-30308 (An issue discovered in Ruijie EG210G-P, Ruijie EG105G-V2, Ruijie NBR, ...)
+ TODO: check
+CVE-2023-30307 (An issue discovered in TP-LINK TL-R473GP-AC, TP-LINK XDR6020, TP-LINK ...)
+ TODO: check
+CVE-2023-30306 (An issue discovered in Mercury x30g, Mercury YR1800XG routers allows a ...)
+ TODO: check
+CVE-2023-30305 (An issue discovered in Linksys E5600 routers allows attackers to hijac ...)
+ TODO: check
CVE-2023-30304
RESERVED
CVE-2023-30303
@@ -117535,8 +117739,8 @@ CVE-2022-45173 (An issue was discovered in LIVEBOX Collaboration vDesk through v
NOT-FOR-US: LIVEBOX
CVE-2022-45172 (An issue was discovered in LIVEBOX Collaboration vDesk before v018. Br ...)
NOT-FOR-US: LIVEBOX Collaboration vDesk
-CVE-2022-45171
- RESERVED
+CVE-2022-45171 (An issue was discovered in LIVEBOX Collaboration vDesk through v018. A ...)
+ TODO: check
CVE-2022-45170 (An issue was discovered in LIVEBOX Collaboration vDesk through v018. A ...)
NOT-FOR-US: LIVEBOX
CVE-2022-45169 (An issue was discovered in LIVEBOX Collaboration vDesk through v031. A ...)
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/3cfed740fabca1c7014a000da0515fd3045f9930
--
This project does not include diff previews in email notifications.
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/3cfed740fabca1c7014a000da0515fd3045f9930
You're receiving this email because of your account on salsa.debian.org.
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://alioth-lists.debian.net/pipermail/debian-security-tracker-commits/attachments/20240528/7331d07e/attachment-0001.htm>
More information about the debian-security-tracker-commits
mailing list