[Git][security-tracker-team/security-tracker][master] automatic update

Fri Sep 20 21:12:31 BST 2024


Salvatore Bonaccorso pushed to branch master at Debian Security Tracker / security-tracker


Commits:
0f4ff068 by security tracker role at 2024-09-20T20:12:25+00:00
automatic update

- - - - -


1 changed file:

- data/CVE/list


Changes:

=====================================
data/CVE/list
=====================================
@@ -1,14 +1,64 @@
-CVE-2024-8612 [Information leak in virtio devices]
+CVE-2024-9043 (Secure Email Gateway from Cellopoint has Buffer Overflow Vulnerability ...)
+	TODO: check
+CVE-2024-9041 (A vulnerability has been found in SourceCodester Best House Rental Man ...)
+	TODO: check
+CVE-2024-9040 (A vulnerability, which was classified as problematic, was found in cod ...)
+	TODO: check
+CVE-2024-9039 (A vulnerability, which was classified as critical, has been found in S ...)
+	TODO: check
+CVE-2024-9038 (A vulnerability classified as problematic was found in Codezips Online ...)
+	TODO: check
+CVE-2024-9037 (A vulnerability classified as critical has been found in Codezips Inte ...)
+	TODO: check
+CVE-2024-9036 (A vulnerability was found in itsourcecode Online Bookstore 1.0. It has ...)
+	TODO: check
+CVE-2024-9035 (A vulnerability was found in code-projects Blood Bank Management Syste ...)
+	TODO: check
+CVE-2024-9034 (A vulnerability was found in code-projects Patient Record Management S ...)
+	TODO: check
+CVE-2024-9033 (A vulnerability has been found in SourceCodester Best House Rental Man ...)
+	TODO: check
+CVE-2024-9032 (A vulnerability, which was classified as critical, was found in Source ...)
+	TODO: check
+CVE-2024-9031 (A vulnerability, which was classified as problematic, has been found i ...)
+	TODO: check
+CVE-2024-9030 (A vulnerability classified as problematic was found in CodeCanyon CRMG ...)
+	TODO: check
+CVE-2024-47062 (Navidrome is an open source web-based music collection server and stre ...)
+	TODO: check
+CVE-2024-47061 (Plate is a javascript toolkit that makes it easier for you to develop  ...)
+	TODO: check
+CVE-2024-46654 (A stored cross-site scripting (XSS) vulnerability in the Add Scheduled ...)
+	TODO: check
+CVE-2024-46652 (Tenda AC8v4 V16.03.34.06 has a stack overflow vulnerability in the fro ...)
+	TODO: check
+CVE-2024-45793 (Confidant is a open source secret management service that provides use ...)
+	TODO: check
+CVE-2024-45489 (Arc before 2024-08-26 allows remote code execution in JavaScript boost ...)
+	TODO: check
+CVE-2024-45229 (The Versa Director offers REST APIs for orchestration and management.  ...)
+	TODO: check
+CVE-2024-42697 (Cross Site Scripting vulnerability in Leotheme Leo Product Search Modu ...)
+	TODO: check
+CVE-2024-42351 (Galaxy is a free, open-source system for analyzing data, authoring wor ...)
+	TODO: check
+CVE-2024-42346 (Galaxy is a free, open-source system for analyzing data, authoring wor ...)
+	TODO: check
+CVE-2024-37879 (Improper input validation in /admin/config/save in User-friendly SVN ( ...)
+	TODO: check
+CVE-2023-47480 (An issue in Pure Data 0.54-0 and fixed in 0.54-1 allows a local attack ...)
+	TODO: check
+CVE-2024-8612 (A flaw was found in QEMU, in the virtio-scsi, virtio-blk, and virtio-c ...)
 	- qemu <unfixed> (bug #1082406)
 	NOTE: https://bugzilla.redhat.com/show_bug.cgi?id=2313760
 	NOTE: https://gitlab.com/qemu-project/qemu/-/commit/637b0aa139565cb82a7b9269e62214f87082635c
-CVE-2024-45769
+CVE-2024-45769 (A vulnerability was found in Performance Co-Pilot (PCP). This flaw all ...)
 	- pcp 6.3.1-1
 	NOTE: https://bugzilla.redhat.com/show_bug.cgi?id=2310452
 	NOTE: https://www.openwall.com/lists/oss-security/2024/09/20/1
 	NOTE: Fixed by: https://github.com/performancecopilot/pcp/commit/3fc59861174ac0bbb08f5fa98cadb0d206f5cc60 (6.3.1)
 	NOTE: Fixed by: https://github.com/performancecopilot/pcp/commit/eadb79aab46175d7a58d0fa88028408743e2a93f (6.3.1)
-CVE-2024-45770
+CVE-2024-45770 (A vulnerability was found in Performance Co-Pilot (PCP). This flaw can ...)
 	- pcp 6.3.1-1
 	NOTE: https://bugzilla.redhat.com/show_bug.cgi?id=2310451
 	NOTE: https://www.openwall.com/lists/oss-security/2024/09/20/1
@@ -2400,6 +2450,7 @@ CVE-2024-45590 (body-parser is Node.js body parsing middleware. body-parser <1.2
 CVE-2024-45412 (Yeti bridges the gap between CTI and DFIR practitioners by providing a ...)
 	NOT-FOR-US: Yeti
 CVE-2024-45409 (The Ruby SAML library is for implementing the client side of a SAML au ...)
+	{DSA-5774-1}
 	- ruby-saml <unfixed> (bug #1081560)
 	NOTE: https://github.com/SAML-Toolkits/ruby-saml/security/advisories/GHSA-jw9c-mfg7-9rx2
 	NOTE: https://github.com/SAML-Toolkits/ruby-saml/commit/1ec5392bc506fe43a02dbb66b68741051c5ffeae (v1.12.3)
@@ -41153,7 +41204,8 @@ CVE-2023-45385 (ProQuality pqprintshippinglabels before v.4.15.0 is vulnerable t
 	NOT-FOR-US: ProQuality pqprintshippinglabels
 CVE-2023-38002 (IBM Storage Scale 5.1.0.0 through 5.1.9.2 could allow an authenticated ...)
 	NOT-FOR-US: IBM
-CVE-2023-36268 (An issue in The Document Foundation Libreoffice v.7.4.7 allows a remot ...)
+CVE-2023-36268
+	REJECTED
 	- libreoffice <unfixed> (unimportant)
 	NOTE: Resource overload in desktop app, no security impact
 CVE-2024-29040 (This repository hosts source code implementing the Trusted Computing G ...)
@@ -77856,19 +77908,19 @@ CVE-2023-46956 (SQL injection vulnerability in Packers and Movers Management Sys
 	NOT-FOR-US: Packers and Movers Management System
 CVE-2023-46690 (In Delta Electronics InfraSuite Device Master v.1.0.7, a vulnerability ...)
 	NOT-FOR-US: Delta Electronics
-CVE-2023-46389 (LOYTEC electronics GmbH LINX-212 firmware 6.2.4 and LINX-151 Firmware  ...)
+CVE-2023-46389 (LOYTEC electronics GmbH LINX-212 and LINX-151 devices (all versions) a ...)
 	NOT-FOR-US: LOYTEC
-CVE-2023-46388 (LOYTEC electronics GmbH LINX-212 6.2.4 and LINX-151 7.2.4 are vulnerab ...)
+CVE-2023-46388 (LOYTEC electronics GmbH LINX-212 and LINX-151 devices (all versions) a ...)
 	NOT-FOR-US: LOYTEC
-CVE-2023-46387 (LOYTEC electronics GmbH LINX-212 firmware 6.2.4 and LINX-151 firmware  ...)
+CVE-2023-46387 (LOYTEC electronics GmbH LINX-212 and LINX-151 devices (all versions) a ...)
 	NOT-FOR-US: LOYTEC
-CVE-2023-46386 (LOYTEC electronics GmbH LINX-212 firmware 6.2.4 and LINX-151 firmware  ...)
+CVE-2023-46386 (LOYTEC electronics GmbH LINX-212 and LINX-151 devices (all versions) a ...)
 	NOT-FOR-US: LOYTEC
-CVE-2023-46385 (LOYTEC electronics GmbH LINX Configurator 7.4.10 is vulnerable to Inse ...)
+CVE-2023-46385 (LOYTEC electronics GmbH LINX Configurator (all versions) is vulnerable ...)
 	NOT-FOR-US: LOYTEC
-CVE-2023-46384 (LOYTEC electronics GmbH LINX Configurator 7.4.10 is vulnerable to Inse ...)
+CVE-2023-46384 (LOYTEC electronics GmbH LINX Configurator (all versions) is vulnerable ...)
 	NOT-FOR-US: LOYTEC
-CVE-2023-46383 (LOYTEC electronics GmbH LINX Configurator 7.4.10 uses HTTP Basic Authe ...)
+CVE-2023-46383 (LOYTEC electronics GmbH LINX Configurator (all versions) uses HTTP Bas ...)
 	NOT-FOR-US: LOYTEC
 CVE-2023-46326 (ZStack Cloud version 3.10.38 and before allows unauthenticated API acc ...)
 	NOT-FOR-US: ZStack Cloud
@@ -90263,7 +90315,7 @@ CVE-2023-31808 (Technicolor TG670 10.5.N.9 devices contain multiple accounts wit
 	NOT-FOR-US: Technicolor
 CVE-2023-2995 (The Leyka WordPress plugin before 3.30.4 does not sanitise and escape  ...)
 	NOT-FOR-US: WordPress plugin
-CVE-2023-2567 (A SQL Injection vulnerability in Nozomi Networks Guardian and CMC, due ...)
+CVE-2023-2567 (A SQL Injection vulnerability has been found in Nozomi Networks Guardi ...)
 	NOT-FOR-US: Nozomi Networks Guardian and CMC
 CVE-2023-29245 (A SQL Injection vulnerability in Nozomi Networks Guardian and CMC, due ...)
 	NOT-FOR-US: Nozomi Networks Guardian and CMC
@@ -128536,7 +128588,7 @@ CVE-2023-23903 (An authenticated administrator can upload a SAML configuration f
 	NOT-FOR-US: Nozomi Networks
 CVE-2023-23574 (A blind SQL Injection vulnerability in Nozomi Networks Guardian and CM ...)
 	NOT-FOR-US: Nozomi Networks Guardian and CMC
-CVE-2023-22843 (An authenticated attacker with administrative access to the appliance  ...)
+CVE-2023-22843 (An authenticated attacker with administrative access to the web manage ...)
 	NOT-FOR-US: Nozomi Networks
 CVE-2023-22378 (A blind SQL Injection vulnerability in Nozomi Networks Guardian and CM ...)
 	NOT-FOR-US: Nozomi Networks
@@ -225152,7 +225204,7 @@ CVE-2022-21447 (Vulnerability in the PeopleSoft Enterprise CS Academic Advisemen
 	NOT-FOR-US: Oracle
 CVE-2022-21446 (Vulnerability in the Oracle Solaris product of Oracle Systems (compone ...)
 	NOT-FOR-US: Oracle
-CVE-2022-21445 (Vulnerability in the Oracle JDeveloper product of Oracle Fusion Middle ...)
+CVE-2022-21445 (Vulnerability in the Oracle Application Development Framework (ADF) pr ...)
 	NOT-FOR-US: Oracle
 CVE-2022-21444 (Vulnerability in the MySQL Server product of Oracle MySQL (component:  ...)
 	- mysql-8.0 8.0.29-1



View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/0f4ff0689c3c409db6f2063dbc0b755e4468fc94

-- 
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/0f4ff0689c3c409db6f2063dbc0b755e4468fc94
You're receiving this email because of your account on salsa.debian.org.


-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://alioth-lists.debian.net/pipermail/debian-security-tracker-commits/attachments/20240920/6a247ea9/attachment.htm>
