[Git][security-tracker-team/security-tracker][master] automatic update

Salvatore Bonaccorso (@carnil) Tue, 16 Apr 2024 01:12:18 -0700


Salvatore Bonaccorso pushed to branch master at Debian Security Tracker / 
security-tracker



Commits:
e70c3222 by security tracker role at 2024-04-16T08:11:57+00:00
automatic update

- - - - -


1 changed file:

- data/CVE/list


Changes:

=====================================
data/CVE/list
=====================================
@@ -1,6 +1,106 @@
+CVE-2024-3575 (Cross-site Scripting (XSS) - Stored in mindsdb/mindsdb)
+       TODO: check
+CVE-2024-3574 (In scrapy version 2.10.1, an issue was identified where the 
Authorizat ...)
+       TODO: check
+CVE-2024-3573 (mlflow/mlflow is vulnerable to Local File Inclusion (LFI) due 
to impro ...)
+       TODO: check
+CVE-2024-3572 (The scrapy/scrapy project is vulnerable to XML External Entity 
(XXE) a ...)
+       TODO: check
+CVE-2024-3571 (langchain-ai/langchain is vulnerable to path traversal due to 
improper ...)
+       TODO: check
+CVE-2024-3493 (A specific malformed fragmented packet type (fragmented packets 
may be ...)
+       TODO: check
+CVE-2024-3271 (A command injection vulnerability exists in the 
run-llama/llama_index  ...)
+       TODO: check
+CVE-2024-3029 (In mintplex-labs/anything-llm, an attacker can exploit improper 
input  ...)
+       TODO: check
+CVE-2024-3028 (mintplex-labs/anything-llm is vulnerable to improper input 
validation, ...)
+       TODO: check
+CVE-2024-32557 (Improper Neutralization of Input During Web Page Generation 
('Cross-si ...)
+       TODO: check
+CVE-2024-32036 (ImageSharp is a 2D graphics API. A heap-use-after-free flaw 
was found  ...)
+       TODO: check
+CVE-2024-31784 (An issue in Typora v.1.8.10 and before, allows a local 
attacker to obt ...)
+       TODO: check
+CVE-2024-31783 (Cross Site Scripting (XSS) vulnerability in Typora v.1.6.7 and 
before, ...)
+       TODO: check
+CVE-2024-31652 (A cross-site scripting (XSS) in Cosmetics and Beauty Product 
Online St ...)
+       TODO: check
+CVE-2024-31651 (A cross-site scripting (XSS) in Cosmetics and Beauty Product 
Online St ...)
+       TODO: check
+CVE-2024-31650 (A cross-site scripting (XSS) in Cosmetics and Beauty Product 
Online St ...)
+       TODO: check
+CVE-2024-31649 (A cross-site scripting (XSS) in Cosmetics and Beauty Product 
Online St ...)
+       TODO: check
+CVE-2024-31648 (Cross Site Scripting (XSS) in Insurance Management System 
v1.0, allows ...)
+       TODO: check
+CVE-2024-31634 (Cross Site Scripting (XSS) vulnerability in Xunruicms versions 
4.6.3 a ...)
+       TODO: check
+CVE-2024-30656 (An issue in Fireboltt Dream Wristphone 
BSW202_FB_AAC_v2.0_20240110-202 ...)
+       TODO: check
+CVE-2024-30567 (An issue in JNT Telecom JNT Liftcom UMS V1.J Core Version 
JM-V15 allow ...)
+       TODO: check
+CVE-2024-2912 (An insecure deserialization vulnerability exists in the BentoML 
framew ...)
+       TODO: check
+CVE-2024-2424 (An input validation vulnerability exists in the Rockwell 
Automation501 ...)
+       TODO: check
+CVE-2024-2260 (A session fixation vulnerability exists in the zenml-io/zenml 
applicat ...)
+       TODO: check
+CVE-2024-2083 (A directory traversal vulnerability exists in the 
zenml-io/zenml repos ...)
+       TODO: check
+CVE-2024-27794 (Claris FileMaker Server before version 20.3.2 was susceptible 
to a ref ...)
+       TODO: check
+CVE-2024-23561 (HCL DevOps Deploy / HCL Launch is vulnerable to sensitive 
information  ...)
+       TODO: check
+CVE-2024-23558 (HCL DevOps Deploy / HCL Launch does not invalidate session 
after logou ...)
+       TODO: check
+CVE-2024-22262 (Applications that use UriComponentsBuilderto parse an 
externally provi ...)
+       TODO: check
+CVE-2024-1961 (vertaai/modeldb is vulnerable to a path traversal attack due to 
improp ...)
+       TODO: check
+CVE-2024-1739 (lunary-ai/lunary is vulnerable to an authentication issue due 
to impro ...)
+       TODO: check
+CVE-2024-1738 (An incorrect authorization vulnerability exists in the 
lunary-ai/lunar ...)
+       TODO: check
+CVE-2024-1666 (In lunary-ai/lunary version 1.0.0, an authorization flaw exists 
that a ...)
+       TODO: check
+CVE-2024-1665 (lunary-ai/lunary version 1.0.0 is vulnerable to unauthorized 
evaluatio ...)
+       TODO: check
+CVE-2024-1646 (parisneo/lollms-webui is vulnerable to authentication bypass 
due to in ...)
+       TODO: check
+CVE-2024-1626 (An Insecure Direct Object Reference (IDOR) vulnerability exists 
in the ...)
+       TODO: check
+CVE-2024-1601 (An SQL injection vulnerability exists in the 
`delete_discussion()` fun ...)
+       TODO: check
+CVE-2024-1594 (A path traversal vulnerability exists in the mlflow/mlflow 
repository, ...)
+       TODO: check
+CVE-2024-1593 (A path traversal vulnerability exists in the mlflow/mlflow 
repository  ...)
+       TODO: check
+CVE-2024-1569 (parisneo/lollms-webui is vulnerable to a denial of service 
(DoS) attac ...)
+       TODO: check
+CVE-2024-1561 (An issue was discovered in gradio-app/gradio, where the 
`/component_se ...)
+       TODO: check
+CVE-2024-1560 (A path traversal vulnerability exists in the mlflow/mlflow 
repository, ...)
+       TODO: check
+CVE-2024-1558 (A path traversal vulnerability exists in the 
`_create_model_version()` ...)
+       TODO: check
+CVE-2024-1483 (A path traversal vulnerability exists in mlflow/mlflow version 
2.9.2,  ...)
+       TODO: check
+CVE-2024-1456 (An S3 bucket takeover vulnerability was identified in the 
h2oai/h2o-3  ...)
+       TODO: check
+CVE-2024-1183 (An SSRF (Server-Side Request Forgery) vulnerability exists in 
the grad ...)
+       TODO: check
+CVE-2024-1135 (Gunicorn fails to properly validate Transfer-Encoding headers, 
leading ...)
+       TODO: check
+CVE-2024-0549 (mintplex-labs/anything-llm is vulnerable to a relative path 
traversal  ...)
+       TODO: check
+CVE-2024-0404 (A mass assignment vulnerability exists in the 
`/api/invite/:code` endp ...)
+       TODO: check
+CVE-2023-33806 (Insecure default configurations in Hikvision Interactive 
Tablet DS-D5B ...)
+       TODO: check
 CVE-2023-3597
        NOT-FOR-US: Keycloak
-CVE-2024-31497 [ecret Key Recovery of NIST P-521 Private Keys Through Biased 
ECDSA Nonces in PuTTY Client]
+CVE-2024-31497 (In PuTTY 0.68 through 0.80 before 0.81, biased ECDSA nonce 
generation  ...)
        - putty 0.81-1
        NOTE: https://www.openwall.com/lists/oss-security/2024/04/15/6
        NOTE: 
https://www.chiark.greenend.org.uk/~sgtatham/putty/wishlist/vuln-p521-bias.html
@@ -267646,10 +267746,10 @@ CVE-2020-22542
        RESERVED
 CVE-2020-22541
        RESERVED
-CVE-2020-22540
-       RESERVED
-CVE-2020-22539
-       RESERVED
+CVE-2020-22540 (Stored Cross-Site Scripting (XSS) vulnerability in Codoforum 
v4.9, all ...)
+       TODO: check
+CVE-2020-22539 (An arbitrary file upload vulnerability in the Add Category 
function of ...)
+       TODO: check
 CVE-2020-22538
        RESERVED
 CVE-2020-22537



View it on GitLab: 
https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/e70c3222f6f644026588ff8579184d7b2ef31fef

-- 
View it on GitLab: 
https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/e70c3222f6f644026588ff8579184d7b2ef31fef
You're receiving this email because of your account on salsa.debian.org.

_______________________________________________
debian-security-tracker-commits mailing list
[email protected]
https://alioth-lists.debian.net/cgi-bin/mailman/listinfo/debian-security-tracker-commits

[Git][security-tracker-team/security-tracker][master] automatic update

Reply via email to