[Git][security-tracker-team/security-tracker][master] automatic update

Salvatore Bonaccorso (@carnil) carnil at debian.org
Mon Sep 9 21:12:49 BST 2024 


Salvatore Bonaccorso pushed to branch master at Debian Security Tracker / security-tracker


Commits:
db200084 by security tracker role at 2024-09-09T20:12:40+00:00
automatic update

- - - - -


1 changed file:

- data/CVE/list


Changes:

=====================================
data/CVE/list
=====================================
@@ -1,3 +1,83 @@
+CVE-2024-8605 (A vulnerability classified as problematic was found in code-projects I ...)
+	TODO: check
+CVE-2024-8604 (A vulnerability classified as problematic has been found in SourceCode ...)
+	TODO: check
+CVE-2024-8601 (This vulnerability exists in TechExcel Back Office Software versions p ...)
+	TODO: check
+CVE-2024-8373 (Improper sanitization of the value of the [srcset] attribute in <sourc ...)
+	TODO: check
+CVE-2024-8372 (Improper sanitization of the value of the '[srcset]' attribute in Angu ...)
+	TODO: check
+CVE-2024-8042 (Rapid7 Insight Platform versions between November 2019 and August 14,  ...)
+	TODO: check
+CVE-2024-7341 (A session fixation issue was discovered in the SAML adapters provided  ...)
+	TODO: check
+CVE-2024-7318 (A vulnerability was found in Keycloak. Expired OTP codes are still usa ...)
+	TODO: check
+CVE-2024-7260 (An open redirect vulnerability was found in Keycloak. A specially craf ...)
+	TODO: check
+CVE-2024-7015 (Improper Authentication, Missing Authentication for Critical Function, ...)
+	TODO: check
+CVE-2024-6796 (In Baxter Connex health portal released before 8/30/2024, an improper  ...)
+	TODO: check
+CVE-2024-6795 (In Connex health portal released before8/30/2024, SQL injection vulner ...)
+	TODO: check
+CVE-2024-6572 (Improper host key checking in active check 'Check SFTP Service' and sp ...)
+	TODO: check
+CVE-2024-45411 (Twig is a template language for PHP. Under some circumstances, the san ...)
+	TODO: check
+CVE-2024-45406 (Craft is a content management system (CMS). Craft CMS 5 stored XSS can ...)
+	TODO: check
+CVE-2024-45296 (path-to-regexp turns path strings into a regular expressions. In certa ...)
+	TODO: check
+CVE-2024-45041 (External Secrets Operator is a Kubernetes operator that integrates ext ...)
+	TODO: check
+CVE-2024-44902 (A deserialization vulnerability in Thinkphp v6.1.3 to v8.0.4 allows at ...)
+	TODO: check
+CVE-2024-44849 (Qualitor up to 8.24 is vulnerable to Remote Code Execution (RCE) via A ...)
+	TODO: check
+CVE-2024-44725 (AutoCMS v5.4 was discovered to contain a SQL injection vulnerability v ...)
+	TODO: check
+CVE-2024-44724 (AutoCMS v5.4 was discovered to contain a PHP code injection vulnerabil ...)
+	TODO: check
+CVE-2024-44721 (SeaCMS v13.1 was discovered to a Server-Side Request Forgery (SSRF) vi ...)
+	TODO: check
+CVE-2024-44720 (SeaCMS v13.1 was discovered to an arbitrary file read vulnerability vi ...)
+	TODO: check
+CVE-2024-44375 (D-Link DI-8100 v16.07.26A1 has a stack overflow vulnerability in the d ...)
+	TODO: check
+CVE-2024-44335 (D-Link DI-7003G v19.12.24A1, DI-7003GV2 v24.04.18D1, DI-7100G+V2 v24.0 ...)
+	TODO: check
+CVE-2024-44334 (D-Link DI-7003GV2 v24.04.18D1, DI-7100G+V2 v24.04.18D1, DI-7100GV2 v24 ...)
+	TODO: check
+CVE-2024-44333 (D-Link DI-7003GV2 v24.04.18D1, DI-7100G+V2 v24.04.18D1, DI-7100GV2 v24 ...)
+	TODO: check
+CVE-2024-44085 (ONLYOFFICE Docs before 8.1.0 allows XSS via a GeneratorFunction Object ...)
+	TODO: check
+CVE-2024-42759 (An issue in Ellevo v.6.2.0.38160 allows a remote attacker to escalate  ...)
+	TODO: check
+CVE-2024-42500 (HPE has identified a denial of service vulnerability in HPE HP-UX Syst ...)
+	TODO: check
+CVE-2024-40643 (Joplin is a free, open source note taking and to-do application. Jopli ...)
+	TODO: check
+CVE-2024-37288 (A deserialization issue in Kibana can lead to arbitrary code execution ...)
+	TODO: check
+CVE-2024-27387 (An issue was discovered in Samsung Mobile Processor Exynos 980, Exynos ...)
+	TODO: check
+CVE-2024-27383 (An issue was discovered in Samsung Mobile Processor Exynos 980, Exynos ...)
+	TODO: check
+CVE-2024-27368 (An issue was discovered in Samsung Mobile Processor Exynos Mobile Proc ...)
+	TODO: check
+CVE-2024-27367 (An issue was discovered in Samsung Mobile Processor Exynos Wearable Pr ...)
+	TODO: check
+CVE-2024-27366 (An issue was discovered in Samsung Mobile Processor, Wearable Processo ...)
+	TODO: check
+CVE-2024-27364 (An issue was discovered in Mobile Processor, Wearable Processor Exynos ...)
+	TODO: check
+CVE-2024-24510 (Cross Site Scripting vulnerability in Alinto SOGo before 5.10.0 allows ...)
+	TODO: check
+CVE-2023-50883 (ONLYOFFICE Docs before 8.0.1 allows XSS because a macro is an immediat ...)
+	TODO: check
 CVE-2024-8586 (WebITR from Uniong has an Open Redirect vulnerability, which allows un ...)
 	NOT-FOR-US: WebITR
 CVE-2024-8585 (Orca HCM from LEARNING DIGITA does not properly restrict a specific pa ...)
@@ -32594,6 +32674,7 @@ CVE-2024-34411 (Unrestricted Upload of File with Dangerous Type vulnerability in
 CVE-2024-34353 (The matrix-sdk-crypto crate, part of the Matrix Rust SDK project, is a ...)
 	NOT-FOR-US: matrix-sdk-crypto Rust crate
 CVE-2024-34340 (Cacti provides an operational monitoring and fault management framewor ...)
+	{DLA-3884-1}
 	- cacti 1.2.27+ds1-1
 	[bookworm] - cacti 1.2.24+ds1-1+deb12u3
 	NOTE: https://github.com/Cacti/cacti/security/advisories/GHSA-37x7-mfjv-mm7m
@@ -32633,31 +32714,37 @@ CVE-2024-31810 (TOTOLINK EX200 V4.0.3c.7646_B20201211 was discovered to contain
 CVE-2024-31771 (Insecure Permission vulnerability in TotalAV v.6.0.740 allows a local  ...)
 	NOT-FOR-US: TotalAV
 CVE-2024-31460 (Cacti provides an operational monitoring and fault management framewor ...)
+	{DLA-3884-1}
 	- cacti 1.2.27+ds1-1
 	[bookworm] - cacti 1.2.24+ds1-1+deb12u3
 	NOTE: https://github.com/Cacti/cacti/security/advisories/GHSA-gj3f-p326-gh8r
 	NOTE: https://github.com/Cacti/cacti/commit/8b516cb9a73322ad532231e74000c2ee097b495e
 CVE-2024-31459 (Cacti provides an operational monitoring and fault management framewor ...)
+	{DLA-3884-1}
 	- cacti 1.2.27+ds1-1
 	[bookworm] - cacti 1.2.24+ds1-1+deb12u3
 	NOTE: https://github.com/Cacti/cacti/security/advisories/GHSA-cx8g-hvq8-p2rv
 	NOTE: https://github.com/Cacti/cacti/commit/96d9a4c60693d87ba0e347f1c7d33047b4effc61
 CVE-2024-31458 (Cacti provides an operational monitoring and fault management framewor ...)
+	{DLA-3884-1}
 	- cacti 1.2.27+ds1-1
 	[bookworm] - cacti 1.2.24+ds1-1+deb12u3
 	NOTE: https://github.com/Cacti/cacti/security/advisories/GHSA-jrxg-8wh8-943x
 	NOTE: https://github.com/Cacti/cacti/commit/9e87882007b6091171d1a4786f0de4ae20efef7b
 CVE-2024-31445 (Cacti provides an operational monitoring and fault management framewor ...)
+	{DLA-3884-1}
 	- cacti 1.2.27+ds1-1
 	[bookworm] - cacti 1.2.24+ds1-1+deb12u3
 	NOTE: https://github.com/Cacti/cacti/security/advisories/GHSA-vjph-r677-6pcc
 	NOTE: https://github.com/Cacti/cacti/commit/fd93c6e47651958b77c3bbe6a01fff695f81e886
 CVE-2024-31444 (Cacti provides an operational monitoring and fault management framewor ...)
+	{DLA-3884-1}
 	- cacti 1.2.27+ds1-1
 	[bookworm] - cacti 1.2.24+ds1-1+deb12u3
 	NOTE: https://github.com/Cacti/cacti/security/advisories/GHSA-p4ch-7hjw-6m87
 	NOTE: https://github.com/Cacti/cacti/commit/86d614c38c54e0ce58774d86617ecfbb853fb57b
 CVE-2024-31443 (Cacti provides an operational monitoring and fault management framewor ...)
+	{DLA-3884-1}
 	- cacti 1.2.27+ds1-1
 	[bookworm] - cacti 1.2.24+ds1-1+deb12u3
 	NOTE: https://github.com/Cacti/cacti/security/advisories/GHSA-rqc8-78cm-85j3
@@ -32723,6 +32810,7 @@ CVE-2024-27082 (Cacti provides an operational monitoring and fault management fr
 CVE-2024-25662 (Oxygen XML Web Author v26.0.0 and older and Oxygen Content Fusion v6.1 ...)
 	NOT-FOR-US: Oxygen XML Web Author and Oxygen Content Fusion
 CVE-2024-25641 (Cacti provides an operational monitoring and fault management framewor ...)
+	{DLA-3884-1}
 	- cacti 1.2.27+ds1-1
 	[bookworm] - cacti 1.2.24+ds1-1+deb12u3
 	NOTE: https://github.com/Cacti/cacti/security/advisories/GHSA-7cmj-g5qc-pj88
@@ -53905,6 +53993,7 @@ CVE-2024-28111 (Canarytokens helps track activity and actions on a network. Cana
 CVE-2024-28110 (Go SDK for CloudEvents is the official CloudEvents SDK to integrate ap ...)
 	NOT-FOR-US: cloudevents/sdk-go
 CVE-2024-28102 (JWCrypto implements JWK, JWS, and JWE specifications using python-cryp ...)
+	{DLA-3883-1}
 	- python-jwcrypto 1.5.6-1 (bug #1065688)
 	[bookworm] - python-jwcrypto 1.1.0-1+deb12u1
 	NOTE: https://github.com/latchset/jwcrypto/security/advisories/GHSA-j857-7rvv-vj97
@@ -156668,6 +156757,7 @@ CVE-2022-41446 (An access control issue in /Admin/dashboard.php of Record Manage
 CVE-2022-41445 (A cross-site scripting (XSS) vulnerability in Record Management System ...)
 	NOT-FOR-US: Record Management System
 CVE-2022-41444 (Cross Site Scripting (XSS) vulnerability in Cacti 1.2.21 via crafted P ...)
+	{DLA-3884-1}
 	- cacti 1.2.22+ds1-1
 	[buster] - cacti <not-affected> (Vulnerable code introduced later)
 	NOTE: https://gist.github.com/enferas/9079535112e4f4ff2c1d2ce1c099d4c2



View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/db200084cec671e808d4b8d92d8121f3c3cce4d7

-- 
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/db200084cec671e808d4b8d92d8121f3c3cce4d7
You're receiving this email because of your account on salsa.debian.org.


-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://alioth-lists.debian.net/pipermail/debian-security-tracker-commits/attachments/20240909/d6c58672/attachment.htm>

More information about the debian-security-tracker-commits mailing list