[Git][security-tracker-team/security-tracker][master] automatic update

Salvatore Bonaccorso (@carnil) carnil at debian.org
Mon Sep 23 21:12:40 BST 2024 


Salvatore Bonaccorso pushed to branch master at Debian Security Tracker / security-tracker


Commits:
14ecb8bb by security tracker role at 2024-09-23T20:12:34+00:00
automatic update

- - - - -


1 changed file:

- data/CVE/list


Changes:

=====================================
data/CVE/list
=====================================
@@ -1,4 +1,74 @@
-CVE-2022-48945 [media: vivid: fix compose size exceed boundary]
+CVE-2024-9014 (pgAdmin versions 8.11 and earlier are vulnerable to a security flaw in ...)
+	TODO: check
+CVE-2024-8903 (Local active protection service settings manipulation due to unnecessa ...)
+	TODO: check
+CVE-2024-7835 (Improper Neutralization of Input During Web Page Generation (XSS or 'C ...)
+	TODO: check
+CVE-2024-7735 (Improper Neutralization of Special Elements used in an SQL Command ('S ...)
+	TODO: check
+CVE-2024-47222 (New Cloud MyOffice SDK Collaborative Editing Server 2.2.2 through 2.8  ...)
+	TODO: check
+CVE-2024-47069 (Oveleon Cookie Bar is a cookie bar is for the Contao Open Source CMS a ...)
+	TODO: check
+CVE-2024-47068 (Rollup is a module bundler for JavaScript. Versions prior to 3.29.5 an ...)
+	TODO: check
+CVE-2024-47066 (Lobe Chat is an open-source artificial intelligence chat framework. Pr ...)
+	TODO: check
+CVE-2024-46997 (DataEase is an open source data visualization analysis tool. Prior to  ...)
+	TODO: check
+CVE-2024-46985 (DataEase is an open source data visualization analysis tool. Prior to  ...)
+	TODO: check
+CVE-2024-46639 (A cross-site scripting (XSS) vulnerability in HelpDeskZ v2.0.2 allows  ...)
+	TODO: check
+CVE-2024-46544 (Incorrect Default Permissions vulnerability in Apache Tomcat Connector ...)
+	TODO: check
+CVE-2024-46241 (PHPGurukul Dairy Farm Shop Management System v1.1 is vulnerable to Cro ...)
+	TODO: check
+CVE-2024-45348 (Xiaomi Router AX9000 has a post-authorization command injection vulner ...)
+	TODO: check
+CVE-2024-44540 (Ubiquiti AirMax firmware version firmware version 8 allows attackers w ...)
+	TODO: check
+CVE-2024-43201 (The Planet Fitness Workouts iOS and Android mobile apps prior to versi ...)
+	TODO: check
+CVE-2024-41228 (A symlink following vulnerability in the pouch cp function of AliyunCo ...)
+	TODO: check
+CVE-2024-40442 (An issue in Doccano Open source annotation tools for machine learning  ...)
+	TODO: check
+CVE-2024-40441 (An issue in Doccano Open source annotation tools for machine learning  ...)
+	TODO: check
+CVE-2024-39843 (A SQL injection vulnerability in Centreon 24.04.2 allows a remote high ...)
+	TODO: check
+CVE-2024-39842 (A SQL injection vulnerability in Centreon 24.04.2 allows a remote high ...)
+	TODO: check
+CVE-2024-39342 (Entrust Instant Financial Issuance (formerly known as Cardwizard) 6.10 ...)
+	TODO: check
+CVE-2024-39341 (Entrust Instant Financial Issuance (On Premise) Software (formerly kno ...)
+	TODO: check
+CVE-2024-37779 (WoodWing Elvis DAM v6.98.1 was discovered to contain an authenticated  ...)
+	TODO: check
+CVE-2024-34331 (A lack of code signature verification in Parallels Desktop for Mac v19 ...)
+	TODO: check
+CVE-2024-23972 (Sony XAV-AX5500 USB Configuration Descriptor Buffer Overflow Remote Co ...)
+	TODO: check
+CVE-2024-23934 (Sony XAV-AX5500 WMV/ASF Parsing Stack-based Buffer Overflow Remote Cod ...)
+	TODO: check
+CVE-2024-23933 (Sony XAV-AX5500 CarPlay TLV Stack-based Buffer Overflow Remote Code Ex ...)
+	TODO: check
+CVE-2024-23922 (Sony XAV-AX5500 Insufficient Firmware Update Validation Remote Code Ex ...)
+	TODO: check
+CVE-2024-0005 (A condition exists in FlashArray and FlashBlade Purity whereby a malic ...)
+	TODO: check
+CVE-2024-0004 (A condition exists in FlashArray Purity whereby an user with array adm ...)
+	TODO: check
+CVE-2024-0003 (A condition exists in FlashArray Purity whereby a malicious user could ...)
+	TODO: check
+CVE-2024-0002 (A condition exists in FlashArray Purity whereby an attacker can employ ...)
+	TODO: check
+CVE-2024-0001 (A condition exists in FlashArray Purity whereby a local account intend ...)
+	TODO: check
+CVE-2023-46948 (A reflected Cross-Site Scripting (XSS) vulnerability was found on Teme ...)
+	TODO: check
+CVE-2022-48945 (In the Linux kernel, the following vulnerability has been resolved:  m ...)
 	- linux 6.1.4-1
 	[bullseye] - linux 5.10.178-1
 	NOTE: https://git.kernel.org/linus/94a7ad9283464b75b12516c5512541d467cefcf8 (6.2-rc1)
@@ -2863,9 +2933,9 @@ CVE-2024-26191 (Microsoft SQL Server Native Scoring Remote Code Execution Vulner
 	NOT-FOR-US: Microsoft
 CVE-2024-26186 (Microsoft SQL Server Native Scoring Remote Code Execution Vulnerabilit ...)
 	NOT-FOR-US: Microsoft
-CVE-2024-25074 (An issue was discovered in Samsung Semiconductor Mobile Processor, Aut ...)
+CVE-2024-25074 (An issue was discovered in Samsung Semiconductor Mobile Processor and  ...)
 	NOT-FOR-US: Samsung
-CVE-2024-25073 (An issue was discovered in Samsung Semiconductor Mobile Processor, Aut ...)
+CVE-2024-25073 (An issue was discovered in Samsung Semiconductor Mobile Processor and  ...)
 	NOT-FOR-US: Samsung
 CVE-2024-21753 (A improper limitation of a pathname to a restricted directory ('path t ...)
 	NOT-FOR-US: Fortinet
@@ -6865,7 +6935,7 @@ CVE-2022-48867 (In the Linux kernel, the following vulnerability has been resolv
 	- linux 6.1.8-1
 	[bullseye] - linux <not-affected> (Vulnerable code not present)
 	NOTE: https://git.kernel.org/linus/1beeec45f9ac31eba52478379f70a5fa9c2ad005 (6.2-rc5)
-CVE-2024-8007 (A flaw was found in the Red Hat OpenStack Platform (RHOSP) director. T ...)
+CVE-2024-8007 (A flaw was found in the openstack-tripleo-common component of the Red  ...)
 	NOT-FOR-US: RHOSP Director / Red Hat OpenStack Platform
 CVE-2024-22034
 	- osc 1.9.0-1
@@ -16077,7 +16147,7 @@ CVE-2024-39909 (KubeClarity is a tool for detection and management of Software B
 	NOT-FOR-US: KubeClarity
 CVE-2024-39903 (Solara is a pure Python, React-style framework for scaling Jupyter and ...)
 	NOT-FOR-US: Solara
-CVE-2024-39340 (A security vulnerability has been discovered in the handling of OTP ke ...)
+CVE-2024-39340 (The authentication system of Securepoint UTM mishandles OTP keys. This ...)
 	NOT-FOR-US: Securepoint
 CVE-2024-38736 (Unrestricted Upload of File with Dangerous Type vulnerability in Realt ...)
 	NOT-FOR-US: WordPress plugin



View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/14ecb8bb555691e65773a08bcca7bc7284507b23

-- 
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/14ecb8bb555691e65773a08bcca7bc7284507b23
You're receiving this email because of your account on salsa.debian.org.


-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://alioth-lists.debian.net/pipermail/debian-security-tracker-commits/attachments/20240923/162c5a45/attachment.htm>

More information about the debian-security-tracker-commits mailing list