Salvatore Bonaccorso pushed to branch master at Debian Security Tracker /
security-tracker
Commits:
3cfed740 by security tracker role at 2024-05-28T20:12:41+00:00
automatic update
- - - - -
1 changed file:
- data/CVE/list
Changes:
=====================================
data/CVE/list
=====================================
@@ -1,3 +1,205 @@
+CVE-2024-5434 (The Campbell Scientific CSI Web Server stores web
authentication crede ...)
+ TODO: check
+CVE-2024-5433 (The Campbell Scientific CSI Web Server supports a command that
will re ...)
+ TODO: check
+CVE-2024-5428 (A vulnerability classified as problematic was found in
SourceCodester ...)
+ TODO: check
+CVE-2024-5415 (A vulnerability have been discovered in PhpMyBackupPro
affecting versi ...)
+ TODO: check
+CVE-2024-5414 (A vulnerability have been discovered in PhpMyBackupPro
affecting versi ...)
+ TODO: check
+CVE-2024-5413 (A vulnerability have been discovered in PhpMyBackupPro
affecting versi ...)
+ TODO: check
+CVE-2024-5411 (Missing input validation and OS command integration of the
input in th ...)
+ TODO: check
+CVE-2024-5410 (Missing input validation in the ORing IAP-420 web-interface
allows sto ...)
+ TODO: check
+CVE-2024-4429 (Cross-Site Request Forgery vulnerabilityhas been discovered in
OpenTex ...)
+ TODO: check
+CVE-2024-3969 (XML External Entity injection vulnerability foundin
OpenText\u2122 iMa ...)
+ TODO: check
+CVE-2024-3657 (A flaw was found in 389-ds-base. A specially-crafted LDAP query
can po ...)
+ TODO: check
+CVE-2024-36472 (In GNOME Shell through 45.7, a portal helper can be launched
automatic ...)
+ TODO: check
+CVE-2024-36110 (ansibleguy-webui is an open source WebUI for using Ansible.
Multiple f ...)
+ TODO: check
+CVE-2024-36109 (CoCalc is web-based software that enables collaboration in
research, t ...)
+ TODO: check
+CVE-2024-36107 (MinIO is a High Performance Object Storage released under GNU
Affero G ...)
+ TODO: check
+CVE-2024-35621 (A cross-site scripting (XSS) vulnerability in the Edit
function of For ...)
+ TODO: check
+CVE-2024-35583 (A cross-site scripting (XSS) vulnerability in Sourcecodester
Laborator ...)
+ TODO: check
+CVE-2024-35582 (A cross-site scripting (XSS) vulnerability in Sourcecodester
Laborator ...)
+ TODO: check
+CVE-2024-35581 (A cross-site scripting (XSS) vulnerability in Sourcecodester
Laborator ...)
+ TODO: check
+CVE-2024-35563 (CDG-Server-V5.6.2.126.139 and earlier was discovered to
contain a SQL ...)
+ TODO: check
+CVE-2024-35510 (An arbitrary file upload vulnerability in
/dede/file_manage_control.ph ...)
+ TODO: check
+CVE-2024-35403 (TOTOLINK CP900L v4.1.5cu.798_B20221228 was discovered to
contain a sta ...)
+ TODO: check
+CVE-2024-35401 (TOTOLINK CP900L v4.1.5cu.798_B20221228 was discovered to
contain a com ...)
+ TODO: check
+CVE-2024-35400 (TOTOLINK CP900L v4.1.5cu.798_B20221228 was discovered to
contain a sta ...)
+ TODO: check
+CVE-2024-35399 (TOTOLINK CP900L v4.1.5cu.798_B20221228 was discovered to
contain a sta ...)
+ TODO: check
+CVE-2024-35398 (TOTOLINK CP900L v4.1.5cu.798_B20221228 was discovered to
contain a sta ...)
+ TODO: check
+CVE-2024-35397 (TOTOLINK CP900L v4.1.5cu.798_B20221228 weas discovered to
contain a co ...)
+ TODO: check
+CVE-2024-35344 (Certain Anpviz products contain a hardcoded cryptographic key
stored i ...)
+ TODO: check
+CVE-2024-35343 (Certain Anpviz products allow unauthenticated users to
download arbitr ...)
+ TODO: check
+CVE-2024-35342 (Certain Anpviz products allow unauthenticated users to modify
or disab ...)
+ TODO: check
+CVE-2024-35341 (Certain Anpviz products allow unauthenticated users to
download the ru ...)
+ TODO: check
+CVE-2024-35324 (Douchat 4.0.5 suffers from an arbitrary file upload
vulnerability via ...)
+ TODO: check
+CVE-2024-34854 (F-logic DataCube3 v1.0 is vulnerable to File Upload via
`/admin/transc ...)
+ TODO: check
+CVE-2024-34852 (F-logic DataCube3 v1.0 is affected by command injection due to
imprope ...)
+ TODO: check
+CVE-2024-33849 (ci solution CI-Out-of-Office Manager through 6.0.0.77 uses a
Hard-code ...)
+ TODO: check
+CVE-2024-33808 (A SQL injection vulnerability in /model/get_timetable.php in
campcodes ...)
+ TODO: check
+CVE-2024-33807 (A SQL injection vulnerability in
/model/get_teacher_timetable.php in c ...)
+ TODO: check
+CVE-2024-33806 (A SQL injection vulnerability in /model/get_grade.php in
campcodes Com ...)
+ TODO: check
+CVE-2024-33805 (A SQL injection vulnerability in /model/get_student.php in
campcodes C ...)
+ TODO: check
+CVE-2024-33804 (A SQL injection vulnerability in /model/get_subject.php in
campcodes C ...)
+ TODO: check
+CVE-2024-33803 (A SQL injection vulnerability in /model/get_exam.php in
campcodes Comp ...)
+ TODO: check
+CVE-2024-33802 (A SQL injection vulnerability in
/model/get_student_subject.php in cam ...)
+ TODO: check
+CVE-2024-33801 (A SQL injection vulnerability in
/model/get_subject_routing.php in cam ...)
+ TODO: check
+CVE-2024-33800 (A SQL injection vulnerability in /model/get_student1.php in
campcodes ...)
+ TODO: check
+CVE-2024-33799 (A SQL injection vulnerability in /model/get_teacher.php in
campcodes C ...)
+ TODO: check
+CVE-2024-33450 (SQL Injection in Finereport v.8.0 allows a remote attacker to
obtain s ...)
+ TODO: check
+CVE-2024-33402 (A SQL injection vulnerability in /model/approve_petty_cash.php
in camp ...)
+ TODO: check
+CVE-2024-30212 (If a SCSI READ(10) command is initiated via USB using the
largest LBA ...)
+ TODO: check
+CVE-2024-30165 (Amazon AWS Client VPN before 3.9.1 on macOS has a buffer
overflow that ...)
+ TODO: check
+CVE-2024-30164 (Amazon AWS Client VPN has a buffer overflow that could
potentially all ...)
+ TODO: check
+CVE-2024-2451 (Improper fingerprint validation in the TeamViewer Client (Full
& Host) ...)
+ TODO: check
+CVE-2024-2199 (A denial of service vulnerability was found in 389-ds-base ldap
server ...)
+ TODO: check
+CVE-2024-29072 (A privilege escalation vulnerability exists in the Foxit
Reader 2024.2 ...)
+ TODO: check
+CVE-2024-28061 (An issue was discovered in Apiris Kafeo 6.4.4. It permits a
bypass, of ...)
+ TODO: check
+CVE-2024-28060 (An issue was discovered in Apiris Kafeo 6.4.4. It permits DLL
hijackin ...)
+ TODO: check
+CVE-2024-26024 (SUBNET Solutions Inc. has identified vulnerabilities in
third-party co ...)
+ TODO: check
+CVE-2024-24963 (A stack-based buffer overflow vulnerability exists in the
Programming ...)
+ TODO: check
+CVE-2024-24962 (A stack-based buffer overflow vulnerability exists in the
Programming ...)
+ TODO: check
+CVE-2024-24959 (Several out-of-bounds write vulnerabilities exist in the
Programming S ...)
+ TODO: check
+CVE-2024-24958 (Several out-of-bounds write vulnerabilities exist in the
Programming S ...)
+ TODO: check
+CVE-2024-24957 (Several out-of-bounds write vulnerabilities exist in the
Programming S ...)
+ TODO: check
+CVE-2024-24956 (Several out-of-bounds write vulnerabilities exist in the
Programming S ...)
+ TODO: check
+CVE-2024-24955 (Several out-of-bounds write vulnerabilities exist in the
Programming S ...)
+ TODO: check
+CVE-2024-24954 (Several out-of-bounds write vulnerabilities exist in the
Programming S ...)
+ TODO: check
+CVE-2024-24947 (A heap-based buffer overflow vulnerability exists in the
Programming S ...)
+ TODO: check
+CVE-2024-24946 (A heap-based buffer overflow vulnerability exists in the
Programming S ...)
+ TODO: check
+CVE-2024-24919 (Potentially allowing an attacker to read certain information
on Check ...)
+ TODO: check
+CVE-2024-24851 (A heap-based buffer overflow vulnerability exists in the
Programming S ...)
+ TODO: check
+CVE-2024-24686 (Multiple stack-based buffer overflow vulnerabilities exist in
the read ...)
+ TODO: check
+CVE-2024-24685 (Multiple stack-based buffer overflow vulnerabilities exist in
the read ...)
+ TODO: check
+CVE-2024-24684 (Multiple stack-based buffer overflow vulnerabilities exist in
the read ...)
+ TODO: check
+CVE-2024-24584 (Multiple out-of-bounds read vulnerabilities exist in the
readMSH funct ...)
+ TODO: check
+CVE-2024-24583 (Multiple out-of-bounds read vulnerabilities exist in the
readMSH funct ...)
+ TODO: check
+CVE-2024-23951 (Multiple improper array index validation vulnerabilities exist
in the ...)
+ TODO: check
+CVE-2024-23950 (Multiple improper array index validation vulnerabilities exist
in the ...)
+ TODO: check
+CVE-2024-23949 (Multiple improper array index validation vulnerabilities exist
in the ...)
+ TODO: check
+CVE-2024-23948 (Multiple improper array index validation vulnerabilities exist
in the ...)
+ TODO: check
+CVE-2024-23947 (Multiple improper array index validation vulnerabilities exist
in the ...)
+ TODO: check
+CVE-2024-23601 (A code injection vulnerability exists in the scan_lib.bin
functionalit ...)
+ TODO: check
+CVE-2024-23315 (A read-what-where vulnerability exists in the Programming
Software Con ...)
+ TODO: check
+CVE-2024-22590 (The TLS engine in Kwik commit 745fd4e2 does not track the
current stat ...)
+ TODO: check
+CVE-2024-22187 (A write-what-where vulnerability exists in the Programming
Software Co ...)
+ TODO: check
+CVE-2024-22181 (An out-of-bounds write vulnerability exists in the readNODE
functional ...)
+ TODO: check
+CVE-2024-21785 (A leftover debug code vulnerability exists in the Telnet
Diagnostic In ...)
+ TODO: check
+CVE-2023-49600 (An out-of-bounds write vulnerability exists in the PlyFile
ply_cast_as ...)
+ TODO: check
+CVE-2023-46694 (Vtenext 21.02 allows an authenticated attacker to upload
arbitrary fil ...)
+ TODO: check
+CVE-2023-43850 (Improper input validation in the user management function of
web inter ...)
+ TODO: check
+CVE-2023-43849 (Incorrect access control in firmware upgrade function of web
interface ...)
+ TODO: check
+CVE-2023-43848 (Incorrect access control in the firewall management function
of web in ...)
+ TODO: check
+CVE-2023-43847 (Incorrect access control in the outlet control function of web
interfa ...)
+ TODO: check
+CVE-2023-43846 (Incorrect access control in logs management function of web
interface ...)
+ TODO: check
+CVE-2023-43845 (Aten PE6208 2.3.228 and 2.4.232 have default credentials for
the privi ...)
+ TODO: check
+CVE-2023-43844 (Aten PE6208 2.3.228 and 2.4.232 have default credentials for
the privi ...)
+ TODO: check
+CVE-2023-43843 (Incorrect access control in the account management function of
web int ...)
+ TODO: check
+CVE-2023-43842 (Incorrect access control in the account management function of
web int ...)
+ TODO: check
+CVE-2023-37411 (IBM Aspera Faspex 5.0.0 through 5.0.6 is vulnerable to
cross-site scri ...)
+ TODO: check
+CVE-2023-35953 (Multiple stack-based buffer overflow vulnerabilities exist in
the read ...)
+ TODO: check
+CVE-2023-35952 (Multiple stack-based buffer overflow vulnerabilities exist in
the read ...)
+ TODO: check
+CVE-2023-35951 (Multiple stack-based buffer overflow vulnerabilities exist in
the read ...)
+ TODO: check
+CVE-2023-35950 (Multiple stack-based buffer overflow vulnerabilities exist in
the read ...)
+ TODO: check
+CVE-2023-35949 (Multiple stack-based buffer overflow vulnerabilities exist in
the read ...)
+ TODO: check
CVE-2024-4741 [Use After Free with SSL_free_buffers]
- openssl <unfixed>
[bookworm] - openssl <postponed> (Minor issue, fix along with next
update round)
@@ -93,7 +295,8 @@ CVE-2023-6349 (A heap overflow vulnerability exists in
libvpx -Encoding a frame
NOTE: https://bugs.chromium.org/p/webm/issues/detail?id=1642
NOTE: Fixed by:
https://github.com/webmproject/libvpx/commit/df9fd9d5b7325060b2b921558a1eb20ca7880937
(v1.13.1)
NOTE: Same upstream commit as CVE-2023-44488
-CVE-2023-50977 (In GNOME Shell through 45.2, unauthenticated remote code
execution can ...)
+CVE-2023-50977
+ REJECTED
NOTE: Disputed GNOME Shell issue
CVE-2022-4969 (A vulnerability, which was classified as critical, has been
found in b ...)
NOT-FOR-US: rockhopper Python library (different from src:rockhopper)
@@ -706,7 +909,7 @@ CVE-2021-47499 (In the Linux kernel, the following
vulnerability has been resolv
[bullseye] - linux 5.10.92-1
[buster] - linux 4.19.232-1
NOTE:
https://git.kernel.org/linus/70c9774e180d151abaab358108e3510a8e615215 (5.16-rc5)
-CVE-2024-28793
+CVE-2024-28793 (IBM Engineering Workflow Management 7.0.2 and 7.0.3 is
vulnerable to s ...)
NOT-FOR-US: Jenkins plugin
CVE-2024-4189
NOT-FOR-US: Jenkins plugin
@@ -794,7 +997,7 @@ CVE-2024-0867 (The Email Log plugin for WordPress is
vulnerable to Unauthenticat
NOT-FOR-US: WordPress plugin
CVE-2023-7259 (** DISPUTED ** A vulnerability was found in zzdevelop lenosp up
to 202 ...)
NOT-FOR-US: zzdevelop lenosp
-CVE-2024-5274
+CVE-2024-5274 (Type Confusion in V8 in Google Chrome prior to 125.0.6422.112
allowed ...)
{DSA-5697-1}
- chromium 125.0.6422.112-1
[bullseye] - chromium <end-of-life> (see #1061268)
@@ -4442,7 +4645,8 @@ CVE-2024-4432 (The Piotnet Addons For Elementor plugin
for WordPress is vulnerab
NOT-FOR-US: WordPress plugin
CVE-2024-3745 (MSI Afterburner v4.6.6.16381 Beta 3 is vulnerable to an ACL
Bypass vul ...)
NOT-FOR-US: MSI Afterburner
-CVE-2024-3658 (The Build App Online plugin for WordPress is vulnerable to
authenticat ...)
+CVE-2024-3658
+ REJECTED
NOT-FOR-US: WordPress plugin
CVE-2024-36043 (question_image.ts in SurveyJS Form Library before 1.10.4
allows conten ...)
NOT-FOR-US: SurveyJS Form Library
@@ -81721,24 +81925,24 @@ CVE-2023-30315
RESERVED
CVE-2023-30314
RESERVED
-CVE-2023-30313
- RESERVED
+CVE-2023-30313 (An issue discovered in Wavlink QUANTUM D2G routers allows
attackers to ...)
+ TODO: check
CVE-2023-30312
RESERVED
-CVE-2023-30311
- RESERVED
-CVE-2023-30310
- RESERVED
-CVE-2023-30309
- RESERVED
-CVE-2023-30308
- RESERVED
-CVE-2023-30307
- RESERVED
-CVE-2023-30306
- RESERVED
-CVE-2023-30305
- RESERVED
+CVE-2023-30311 (An issue discovered in H3C Magic R365 and H3C Magic R100
routers allow ...)
+ TODO: check
+CVE-2023-30310 (An issue discovered in Comfast Comfast CF-616AC routers allows
attacke ...)
+ TODO: check
+CVE-2023-30309 (An issue discovered in D-Link DI-7003GV2 routers allows
attackers to h ...)
+ TODO: check
+CVE-2023-30308 (An issue discovered in Ruijie EG210G-P, Ruijie EG105G-V2,
Ruijie NBR, ...)
+ TODO: check
+CVE-2023-30307 (An issue discovered in TP-LINK TL-R473GP-AC, TP-LINK XDR6020,
TP-LINK ...)
+ TODO: check
+CVE-2023-30306 (An issue discovered in Mercury x30g, Mercury YR1800XG routers
allows a ...)
+ TODO: check
+CVE-2023-30305 (An issue discovered in Linksys E5600 routers allows attackers
to hijac ...)
+ TODO: check
CVE-2023-30304
RESERVED
CVE-2023-30303
@@ -117535,8 +117739,8 @@ CVE-2022-45173 (An issue was discovered in LIVEBOX
Collaboration vDesk through v
NOT-FOR-US: LIVEBOX
CVE-2022-45172 (An issue was discovered in LIVEBOX Collaboration vDesk before
v018. Br ...)
NOT-FOR-US: LIVEBOX Collaboration vDesk
-CVE-2022-45171
- RESERVED
+CVE-2022-45171 (An issue was discovered in LIVEBOX Collaboration vDesk through
v018. A ...)
+ TODO: check
CVE-2022-45170 (An issue was discovered in LIVEBOX Collaboration vDesk through
v018. A ...)
NOT-FOR-US: LIVEBOX
CVE-2022-45169 (An issue was discovered in LIVEBOX Collaboration vDesk through
v031. A ...)
View it on GitLab:
https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/3cfed740fabca1c7014a000da0515fd3045f9930
--
This project does not include diff previews in email notifications.
View it on GitLab:
https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/3cfed740fabca1c7014a000da0515fd3045f9930
You're receiving this email because of your account on salsa.debian.org.
_______________________________________________
debian-security-tracker-commits mailing list
[email protected]
https://alioth-lists.debian.net/cgi-bin/mailman/listinfo/debian-security-tracker-commits
