Salvatore Bonaccorso pushed to branch master at Debian Security Tracker /
security-tracker
Commits:
5439ffb8 by security tracker role at 2024-03-28T20:12:26+00:00
automatic update
- - - - -
1 changed file:
- data/CVE/list
Changes:
=====================================
data/CVE/list
=====================================
@@ -1,3 +1,169 @@
+CVE-2024-3042 (A vulnerability was found in SourceCodester Simple Subscription
Websit ...)
+ TODO: check
+CVE-2024-3041 (A vulnerability has been found in Netentsec NS-ASG Application
Securit ...)
+ TODO: check
+CVE-2024-3040 (A vulnerability, which was classified as critical, was found in
Netent ...)
+ TODO: check
+CVE-2024-3039 (A vulnerability classified as critical has been found in
Shanghai Brad ...)
+ TODO: check
+CVE-2024-3019 (A flaw was found in PCP. The default pmproxy configuration
exposes the ...)
+ TODO: check
+CVE-2024-31140 (In JetBrains TeamCity before 2024.03 server administrators
could remov ...)
+ TODO: check
+CVE-2024-31139 (In JetBrains TeamCity before 2024.03 xXE was possible in the
Maven bui ...)
+ TODO: check
+CVE-2024-31138 (In JetBrains TeamCity before 2024.03 xSS was possible via
Agent Distri ...)
+ TODO: check
+CVE-2024-31137 (In JetBrains TeamCity before 2024.03 reflected XSS was
possible via Sp ...)
+ TODO: check
+CVE-2024-31136 (In JetBrains TeamCity before 2024.03 2FA could be bypassed by
providin ...)
+ TODO: check
+CVE-2024-31135 (In JetBrains TeamCity before 2024.03 open redirect was
possible on the ...)
+ TODO: check
+CVE-2024-31134 (In JetBrains TeamCity before 2024.03 authenticated users
without admin ...)
+ TODO: check
+CVE-2024-31065 (Cross Site Scripting vulnerability in Insurance Mangement
System v.1.0 ...)
+ TODO: check
+CVE-2024-31064 (Cross Site Scripting vulnerability in Insurance Mangement
System v.1.0 ...)
+ TODO: check
+CVE-2024-31063 (Cross Site Scripting vulnerability in Insurance Mangement
System v.1.0 ...)
+ TODO: check
+CVE-2024-31062 (Cross Site Scripting vulnerability in Insurance Mangement
System v.1.0 ...)
+ TODO: check
+CVE-2024-31061 (Cross Site Scripting vulnerability in Insurance Mangement
System v.1.0 ...)
+ TODO: check
+CVE-2024-30612 (Tenda AC10U v15.03.06.48 has a stack overflow vulnerability in
the dev ...)
+ TODO: check
+CVE-2024-30607 (Tenda FH1203 v2.0.1.6 has a stack overflow vulnerability in
the device ...)
+ TODO: check
+CVE-2024-30606 (Tenda FH1203 v2.0.1.6 has a stack overflow vulnerability in
the page p ...)
+ TODO: check
+CVE-2024-30604 (Tenda FH1203 v2.0.1.6 has a stack overflow vulnerability in
the list1 ...)
+ TODO: check
+CVE-2024-30603 (Tenda FH1203 v2.0.1.6 has a stack overflow vulnerability in
the urls p ...)
+ TODO: check
+CVE-2024-30602 (Tenda FH1203 v2.0.1.6 has a stack overflow vulnerability in
the schedS ...)
+ TODO: check
+CVE-2024-30601 (Tenda FH1203 v2.0.1.6 has a stack overflow vulnerability in
the time p ...)
+ TODO: check
+CVE-2024-30600 (Tenda FH1203 v2.0.1.6 has a stack overflow vulnerability in
the schedE ...)
+ TODO: check
+CVE-2024-30599 (Tenda FH1203 v2.0.1.6 has a stack overflow vulnerability in
the device ...)
+ TODO: check
+CVE-2024-30598 (Tenda FH1203 v2.0.1.6 firmware has a stack overflow
vulnerability in t ...)
+ TODO: check
+CVE-2024-30597 (Tenda FH1203 v2.0.1.6 firmware has a stack overflow
vulnerability in t ...)
+ TODO: check
+CVE-2024-30596 (Tenda FH1202 v1.2.0.14(408) has a stack overflow vulnerability
in the ...)
+ TODO: check
+CVE-2024-30595 (Tenda FH1202 v1.2.0.14(408) has a stack overflow vulnerability
in the ...)
+ TODO: check
+CVE-2024-30594 (Tenda FH1202 v1.2.0.14(408) has a stack overflow vulnerability
in the ...)
+ TODO: check
+CVE-2024-30593 (Tenda FH1202 v1.2.0.14(408) has a stack overflow vulnerability
located ...)
+ TODO: check
+CVE-2024-30592 (Tenda FH1202 v1.2.0.14(408) has a stack overflow vulnerability
in the ...)
+ TODO: check
+CVE-2024-30591 (Tenda FH1202 v1.2.0.14(408) has a stack overflow vulnerability
in the ...)
+ TODO: check
+CVE-2024-30590 (Tenda FH1202 v1.2.0.14(408) has a stack overflow vulnerability
in the ...)
+ TODO: check
+CVE-2024-30589 (Tenda FH1202 v1.2.0.14(408) firmware has a stack overflow
vulnerabilit ...)
+ TODO: check
+CVE-2024-30588 (Tenda FH1202 v1.2.0.14(408) has a stack overflow vulnerability
in the ...)
+ TODO: check
+CVE-2024-30587 (Tenda FH1202 v1.2.0.14(408) has a stack overflow vulnerability
in the ...)
+ TODO: check
+CVE-2024-30586 (Tenda FH1202 v1.2.0.14(408) has a stack overflow vulnerability
in the ...)
+ TODO: check
+CVE-2024-30585 (Tenda FH1202 v1.2.0.14(408) has a stack overflow vulnerability
in the ...)
+ TODO: check
+CVE-2024-30584 (Tenda FH1202 v1.2.0.14(408) has a stack overflow vulnerability
in the ...)
+ TODO: check
+CVE-2024-30583 (Tenda FH1202 v1.2.0.14(408) has a stack overflow vulnerability
in the ...)
+ TODO: check
+CVE-2024-30422 (Improper Neutralization of Input During Web Page Generation
('Cross-si ...)
+ TODO: check
+CVE-2024-30421 (Cross-Site Request Forgery (CSRF) vulnerability in Pixelite
Events Man ...)
+ TODO: check
+CVE-2024-2947 (A flaw was found in Cockpit. Deleting a sosreport with a
crafted name ...)
+ TODO: check
+CVE-2024-29898 (CreateWiki is Miraheze's MediaWiki extension for requesting &
creating ...)
+ TODO: check
+CVE-2024-29897 (CreateWiki is Miraheze's MediaWiki extension for requesting &
creating ...)
+ TODO: check
+CVE-2024-29896 (Astro-Shield is a library to compute the subresource integrity
hashes ...)
+ TODO: check
+CVE-2024-29882 (SRS is a simple, high-efficiency, real-time video server.
SRS's `/api/ ...)
+ TODO: check
+CVE-2024-29200 (Kimai is a web-based multi-user time-tracking application. The
permiss ...)
+ TODO: check
+CVE-2024-28713 (An issue in Mblog Blog system v.3.5.0 allows an attacker to
execute ar ...)
+ TODO: check
+CVE-2024-28109 (veraPDF-library is a PDF/A validation library. Executing
policy checks ...)
+ TODO: check
+CVE-2024-28091 (Technicolor TC8715D TC8715D-01.EF.04.38.00-180405-S-FF9-D
RSE-TC8717T ...)
+ TODO: check
+CVE-2024-28090 (Technicolor TC8715D TC8715D-01.EF.04.38.00-180405-S-FF9-D
RSE-TC8717T ...)
+ TODO: check
+CVE-2024-27775 (SysAid before version 23.2.14 b18 -CWE-918: Server-Side
Request Forger ...)
+ TODO: check
+CVE-2024-27719 (A cross site scripting (XSS) vulnerability in rems FAQ
Management Syst ...)
+ TODO: check
+CVE-2024-25971 (Dell PowerProtect Data Manager, version 19.15, contains an XML
Externa ...)
+ TODO: check
+CVE-2024-25963 (Dell PowerScale OneFS, versions 8.2.2.x through 9.5.0.x
contains a use ...)
+ TODO: check
+CVE-2024-25961 (Dell PowerScale OneFS versions 8.2.2.x through 9.7.0.x
contains an imp ...)
+ TODO: check
+CVE-2024-25960 (Dell PowerScale OneFS versions 8.2.2.x through 9.7.0.x
contains a clea ...)
+ TODO: check
+CVE-2024-25959 (Dell PowerScale OneFS versions 9.4.0.x through 9.7.0.x
contains an ins ...)
+ TODO: check
+CVE-2024-25955 (Dell vApp Manager, versions prior to 9.2.4.9 contain a Command
Injecti ...)
+ TODO: check
+CVE-2024-25954 (Dell PowerScale OneFS, versions 9.5.0.x through 9.7.0.x,
contain an in ...)
+ TODO: check
+CVE-2024-25953 (Dell PowerScale OneFS versions 9.4.0.x through 9.7.0.x
contains an UNI ...)
+ TODO: check
+CVE-2024-25952 (Dell PowerScale OneFS versions 8.2.2.x through 9.7.0.x
contains an UNI ...)
+ TODO: check
+CVE-2024-25946 (Dell vApp Manager, versions prior to 9.2.4.9 contain a Command
Injecti ...)
+ TODO: check
+CVE-2024-25506 (Cross Site Scripting vulnerability in Process Maker, Inc
ProcessMaker ...)
+ TODO: check
+CVE-2024-0259 (Fortra's Robot Schedule Enterprise Agent for Windows prior to
version ...)
+ TODO: check
+CVE-2023-6437 (Improper Neutralization of Special Elements used in an OS
Command ('OS ...)
+ TODO: check
+CVE-2023-45715 (The console may experience a service interruption when
processing file ...)
+ TODO: check
+CVE-2023-45706 (An administrative user of WebReports may perform a Cross Site
Scriptin ...)
+ TODO: check
+CVE-2023-45705 (An administrative user of WebReports may perform a Server Side
Request ...)
+ TODO: check
+CVE-2023-42974 (A race condition was addressed with improved state handling.
This issu ...)
+ TODO: check
+CVE-2023-42962 (This issue was addressed with improved checks This issue is
fixed in i ...)
+ TODO: check
+CVE-2023-42947 (A path handling issue was addressed with improved validation.
This iss ...)
+ TODO: check
+CVE-2023-42936 (This issue was addressed with improved redaction of sensitive
informat ...)
+ TODO: check
+CVE-2023-42931 (The issue was addressed with improved checks. This issue is
fixed in m ...)
+ TODO: check
+CVE-2023-42930 (This issue was addressed with improved checks. This issue is
fixed in ...)
+ TODO: check
+CVE-2023-42913 (This issue was addressed through improved state management.
This issue ...)
+ TODO: check
+CVE-2023-42896 (An issue was addressed with improved handling of temporary
files. This ...)
+ TODO: check
+CVE-2023-42893 (A permissions issue was addressed by removing vulnerable code
and addi ...)
+ TODO: check
+CVE-2023-42892 (A use-after-free issue was addressed with improved memory
management. ...)
+ TODO: check
+CVE-2023-40390 (A privacy issue was addressed by moving sensitive data to a
protected ...)
+ TODO: check
CVE-2024-3024 (A vulnerability was found in appneta tcpreplay up to 4.4.4. It
has bee ...)
TODO: check
CVE-2024-3015 (A vulnerability classified as critical was found in
SourceCodester Sim ...)
@@ -1766,7 +1932,7 @@ CVE-2024-23494 (SQL injection vulnerability exists in
GetDIAE_unListParameters.)
NOT-FOR-US: Delta Electronics
CVE-2024-0957 (The WooCommerce PDF Invoices, Packing Slips, Delivery Notes and
Shippi ...)
NOT-FOR-US: WordPress plugin
-CVE-2023-42956 [Processing web content may lead to a denial-of-service]
+CVE-2023-42956 (The issue was addressed with improved memory handling. This
issue is f ...)
- webkit2gtk 2.44.0-1
[buster] - webkit2gtk <end-of-life> (EOL in buster LTS)
- wpewebkit <unfixed>
@@ -1775,7 +1941,7 @@ CVE-2023-42956 [Processing web content may lead to a
denial-of-service]
NOTE: https://webkitgtk.org/security/WSA-2024-0002.html
CVE-2023-42954 (A privilege escalation issue existed in FileMaker Server,
potentially ...)
NOT-FOR-US: Claris FileMaker Server
-CVE-2023-42950 [Processing maliciously crafted web content may lead to
arbitrary code execution]
+CVE-2023-42950 (A use after free issue was addressed with improved memory
management. ...)
- webkit2gtk 2.44.0-1
[buster] - webkit2gtk <end-of-life> (EOL in buster LTS)
- wpewebkit <unfixed>
@@ -11316,7 +11482,7 @@ CVE-2023-36490 (Improper initialization in some
Intel(R) MAS software before ver
NOT-FOR-US: Intel
CVE-2023-35769 (Uncontrolled search path in some Intel(R) CIP software before
version ...)
NOT-FOR-US: Intel
-CVE-2023-35121 (Improper access control in some Intel(R) oneAPI DPC++/C++
Compiler sof ...)
+CVE-2023-35121 (Improper access control in the Intel(R) oneAPI DPC++/C++
Compiler befo ...)
NOT-FOR-US: Intel
CVE-2023-35062 (Improper access control in some Intel(R) DSA software before
version 2 ...)
NOT-FOR-US: Intel
@@ -16014,9 +16180,9 @@ CVE-2023-45193 (IBM Db2 for Linux, UNIX and Windows
(includes Db2 Connect Server
NOT-FOR-US: IBM
CVE-2023-44395 (Autolab is a course management service that enables
instructors to off ...)
NOT-FOR-US: Autolab
-CVE-2020-36772 (CloudLinux CageFS 7.0.8-2 or below insufficiently restricts
file path ...)
+CVE-2020-36772 (CloudLinux CageFS 7.0.8-2 or below insufficiently restricts
file paths ...)
NOT-FOR-US: CloudLinux CageFS
-CVE-2020-36771 (CloudLinux CageFS 7.1.1-1 or below passes the authentication
token as ...)
+CVE-2020-36771 (CloudLinux CageFS 7.1.1-1 or below passes the authentication
token as ...)
NOT-FOR-US: CloudLinux CageFS
CVE-2023-46841 (Recent x86 CPUs offer functionality named Control-flow
Enforcement Tec ...)
- xen 4.17.3+36-g54dacb5c02-1
@@ -32242,7 +32408,7 @@ CVE-2023-45756 (Unauth. Reflected Cross-Site Scripting
(XSS) vulnerability in Sp
NOT-FOR-US: WordPress plugin
CVE-2023-45755 (Auth. (admin+) Stored Cross-Site Scripting (XSS) vulnerability
in Budd ...)
NOT-FOR-US: WordPress plugin
-CVE-2023-45754 (Auth. (admin+) Stored Cross-Site Scripting (XSS) vulnerability
in I Th ...)
+CVE-2023-45754 (Improper Neutralization of Input During Web Page Generation
('Cross-si ...)
NOT-FOR-US: WordPress plugin
CVE-2023-45750 (Unauth. Reflected Cross-Site Scripting (XSS) vulnerability in
POSIMYTH ...)
NOT-FOR-US: WordPress plugin
@@ -57624,7 +57790,7 @@ CVE-2023-29504 (Uncontrolled search path element in
some Intel(R) RealSense(TM)
NOT-FOR-US: Intel
CVE-2023-29500 (Exposure of sensitive information to an unauthorized actor in
BIOS fir ...)
NOT-FOR-US: Intel
-CVE-2023-29162 (Improper buffer restrictions in some Intel(R) C++ Compiler
Classic bef ...)
+CVE-2023-29162 (Improper buffer restrictions the Intel(R) C++ Compiler Classic
before ...)
NOT-FOR-US: Intel
CVE-2023-28740 (Uncontrolled search path element in some Intel(R) QAT drivers
for Wind ...)
NOT-FOR-US: Intel
View it on GitLab:
https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/5439ffb8626adece6f8d499c19d005cca91927ec
--
View it on GitLab:
https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/5439ffb8626adece6f8d499c19d005cca91927ec
You're receiving this email because of your account on salsa.debian.org.
_______________________________________________
debian-security-tracker-commits mailing list
[email protected]
https://alioth-lists.debian.net/cgi-bin/mailman/listinfo/debian-security-tracker-commits
