Salvatore Bonaccorso pushed to branch master at Debian Security Tracker /
security-tracker
Commits:
df08a2d1 by security tracker role at 2024-06-03T20:12:16+00:00
automatic update
- - - - -
1 changed file:
- data/CVE/list
Changes:
=====================================
data/CVE/list
=====================================
@@ -1,3 +1,143 @@
+CVE-2024-5404 (An unauthenticated remote attackercan change the admin password
in amo ...)
+ TODO: check
+CVE-2024-5388
+ REJECTED
+CVE-2024-5387
+ REJECTED
+CVE-2024-5214
+ REJECTED
+CVE-2024-5197 (There exists interger overflows in libvpx in versions prior to
1.14.1. ...)
+ TODO: check
+CVE-2024-4540 (A flaw was found in Keycloak in OAuth 2.0 Pushed Authorization
Request ...)
+ TODO: check
+CVE-2024-4332 (An authentication bypass vulnerability has been identified in
the REST ...)
+ TODO: check
+CVE-2024-3829 (qdrant/qdrant version 1.9.0-dev is vulnerable to arbitrary file
read a ...)
+ TODO: check
+CVE-2024-37019 (Northern.tech Mender Enterprise before 3.6.4 and 3.7.x before
3.7.4 ha ...)
+ TODO: check
+CVE-2024-36783 (TOTOLINK LR350 V9.3.5u.6369_B20220309 was discovered to
contain a comm ...)
+ TODO: check
+CVE-2024-36729 (TRENDnet TEW-827DRU devices through 2.06B04 contain a
stack-based buff ...)
+ TODO: check
+CVE-2024-36728 (TRENDnet TEW-827DRU devices through 2.06B04 contain a
stack-based buff ...)
+ TODO: check
+CVE-2024-36674 (LyLme_spage v1.9.5 is vulnerable to Cross Site Scripting (XSS)
via adm ...)
+ TODO: check
+CVE-2024-36569 (Sourcecodester Gas Agency Management System v1.0 is vulnerable
to arbi ...)
+ TODO: check
+CVE-2024-36568 (Sourcecodester Gas Agency Management System v1.0 is vulnerable
to SQL ...)
+ TODO: check
+CVE-2024-36128 (Directus is a real-time API and App dashboard for managing SQL
databas ...)
+ TODO: check
+CVE-2024-36127 (apko is an apk-based OCI image builder. apko exposures HTTP
basic auth ...)
+ TODO: check
+CVE-2024-36124 (iq80 Snappy is a compression/decompression library. When
uncompressing ...)
+ TODO: check
+CVE-2024-36123 (Citizen is a MediaWiki skin that makes extensions part of the
cohesive ...)
+ TODO: check
+CVE-2024-35639 (Improper Neutralization of Input During Web Page Generation
(XSS or 'C ...)
+ TODO: check
+CVE-2024-35638 (Cross-Site Request Forgery (CSRF) vulnerability in JumpDEMAND
Inc. Act ...)
+ TODO: check
+CVE-2024-35637 (Server-Side Request Forgery (SSRF) vulnerability in Church
Admin.This ...)
+ TODO: check
+CVE-2024-35635 (Server-Side Request Forgery (SSRF) vulnerability in
WPManageNinja LLC ...)
+ TODO: check
+CVE-2024-35633 (Server-Side Request Forgery (SSRF) vulnerability in
CreativeThemes Blo ...)
+ TODO: check
+CVE-2024-35632 (Cross-Site Request Forgery (CSRF) vulnerability in CRM Perks.
Integrat ...)
+ TODO: check
+CVE-2024-35631 (Improper Neutralization of Input During Web Page Generation
(XSS or 'C ...)
+ TODO: check
+CVE-2024-35630 (Improper Neutralization of Special Elements used in an SQL
Command ('S ...)
+ TODO: check
+CVE-2024-34987 (A SQL Injection vulnerability exists in the
`ofrs/admin/index.php` scr ...)
+ TODO: check
+CVE-2024-34803 (Missing Authorization vulnerability in Fastly.This issue
affects Fastl ...)
+ TODO: check
+CVE-2024-34801 (Improper Neutralization of Input During Web Page Generation
(XSS or 'C ...)
+ TODO: check
+CVE-2024-34798 (Insertion of Sensitive Information into Log File vulnerability
in Lukm ...)
+ TODO: check
+CVE-2024-34797 (Improper Neutralization of Input During Web Page Generation
(XSS or 'C ...)
+ TODO: check
+CVE-2024-34796 (Improper Neutralization of Input During Web Page Generation
(XSS or 'C ...)
+ TODO: check
+CVE-2024-34795 (Improper Neutralization of Input During Web Page Generation
(XSS or 'C ...)
+ TODO: check
+CVE-2024-34794 (Improper Neutralization of Input During Web Page Generation
(XSS or 'C ...)
+ TODO: check
+CVE-2024-34793 (Improper Neutralization of Input During Web Page Generation
(XSS or 'C ...)
+ TODO: check
+CVE-2024-34791 (Improper Neutralization of Input During Web Page Generation
(XSS or 'C ...)
+ TODO: check
+CVE-2024-34790 (Improper Neutralization of Input During Web Page Generation
(XSS or 'C ...)
+ TODO: check
+CVE-2024-34789 (Improper Neutralization of Input During Web Page Generation
(XSS or 'C ...)
+ TODO: check
+CVE-2024-34770 (Improper Neutralization of Input During Web Page Generation
(XSS or 'C ...)
+ TODO: check
+CVE-2024-34769 (Improper Neutralization of Input During Web Page Generation
(XSS or 'C ...)
+ TODO: check
+CVE-2024-34767 (Improper Neutralization of Input During Web Page Generation
(XSS or 'C ...)
+ TODO: check
+CVE-2024-34766 (Improper Neutralization of Input During Web Page Generation
(XSS or 'C ...)
+ TODO: check
+CVE-2024-34764 (Improper Neutralization of Input During Web Page Generation
(XSS or 'C ...)
+ TODO: check
+CVE-2024-34754 (Exposure of Sensitive Information to an Unauthorized Actor
vulnerabili ...)
+ TODO: check
+CVE-2024-34385 (Improper Neutralization of Input During Web Page Generation
(XSS or 'C ...)
+ TODO: check
+CVE-2024-34051 (A Reflected Cross-site scripting (XSS) vulnerability located
in htdocs ...)
+ TODO: check
+CVE-2024-32983 (Misskey is an open source, decentralized microblogging
platform. Missk ...)
+ TODO: check
+CVE-2024-31684 (Incorrect access control in the fingerprint authentication
mechanism o ...)
+ TODO: check
+CVE-2024-31682 (Incorrect access control in the fingerprint authentication
mechanism o ...)
+ TODO: check
+CVE-2024-23670 (An improper authorization in Fortinet FortiWebManager version
7.2.0 an ...)
+ TODO: check
+CVE-2024-23668 (An improper authorization in Fortinet FortiWebManager version
7.2.0 an ...)
+ TODO: check
+CVE-2024-23667 (An improper authorization in Fortinet FortiWebManager version
7.2.0 an ...)
+ TODO: check
+CVE-2024-23665 (Multiple improper authorization vulnerabilities [CWE-285] in
FortiWeb ...)
+ TODO: check
+CVE-2024-23664 (A URL redirection to untrusted site ('open redirect') in
Fortinet Fort ...)
+ TODO: check
+CVE-2024-23363 (Transient DOS while processing an improperly formatted Fine
Time Measu ...)
+ TODO: check
+CVE-2024-23360 (Memory corruption while creating a LPAC client as LPAC engine
was allo ...)
+ TODO: check
+CVE-2024-21478 (transient DOS when setting up a fence callback to free a KGSL
memory e ...)
+ TODO: check
+CVE-2024-0336 (Improper Access Control vulnerability in EMTA Grup PDKS allows
Exploit ...)
+ TODO: check
+CVE-2023-52162 (Mercusys MW325R EU V3 (Firmware MW325R(EU)_V3_1.11.0 Build
221019) is ...)
+ TODO: check
+CVE-2023-51219 (A deep link validation issue in KakaoTalk 10.4.3 allowed a
remote adve ...)
+ TODO: check
+CVE-2023-43556 (Memory corruption in Hypervisor when platform information
mentioned is ...)
+ TODO: check
+CVE-2023-43555 (Information disclosure in Video while parsing mp2 clip with
invalid se ...)
+ TODO: check
+CVE-2023-43551 (Cryptographic issue while performing attach with a LTE
network, a rogu ...)
+ TODO: check
+CVE-2023-43545 (Memory corruption when more scan frequency list or channels
are sent f ...)
+ TODO: check
+CVE-2023-43544 (Memory corruption when IPC callback handle is used after it
has been r ...)
+ TODO: check
+CVE-2023-43543 (Memory corruption in Audio during a playback or a recording
due to rac ...)
+ TODO: check
+CVE-2023-43542 (Memory corruption while copying a keyblob`s material when the
key mate ...)
+ TODO: check
+CVE-2023-43538 (Memory corruption in TZ Secure OS while Tunnel Invoke Manager
initiali ...)
+ TODO: check
+CVE-2023-43537 (Information disclosure while handling T2LM Action Frame in
WLAN Host.)
+ TODO: check
CVE-2024-36104
NOT-FOR-US: Apache OFBiz
CVE-2024-5590 (A vulnerability was found in Netentsec NS-ASG Application
Security Gat ...)
@@ -167904,8 +168044,8 @@ CVE-2022-1244 (heap-buffer-overflow in GitHub
repository radareorg/radare2 prior
NOTE:
https://github.com/radareorg/radare2/commit/2b77b277d67ce061ee6ef839e7139ebc2103c1e3
CVE-2022-1243 (CRHTLF can lead to invalid protocol extraction potentially
leading to ...)
NOT-FOR-US: URI.js
-CVE-2022-1242
- RESERVED
+CVE-2022-1242 (Apport can be tricked into connecting to arbitrary sockets as
the root ...)
+ TODO: check
CVE-2022-1241 (The Ask me WordPress theme before 6.8.2 does not properly
sanitise and ...)
NOT-FOR-US: WordPress theme
CVE-2022-28796 (jbd2_journal_wait_updates in fs/jbd2/transaction.c in the
Linux kernel ...)
@@ -179761,8 +179901,8 @@ CVE-2022-24700 (An issue was discovered in WinAPRS
2.9.0. A buffer overflow in D
NOT-FOR-US: WinAPRS
CVE-2022-0556 (A local privilege escalation vulnerability caused by incorrect
permiss ...)
NOT-FOR-US: Zyxel
-CVE-2022-0555
- RESERVED
+CVE-2022-0555 (Subiquity Shows Guided Storage Passphrase in Plaintext with
Read-all P ...)
+ TODO: check
CVE-2022-0554 (Use of Out-of-range Pointer Offset in GitHub repository vim/vim
prior ...)
{DLA-3182-1 DLA-2947-1}
- vim 2:8.2.4659-1 (unimportant)
@@ -201599,8 +201739,8 @@ CVE-2021-42849 (A weak default password for the
serial port was reported in some
NOT-FOR-US: Lenovo
CVE-2021-42848 (An information disclosure vulnerability was reported in some
Lenovo Pe ...)
NOT-FOR-US: Lenovo
-CVE-2021-3899
- RESERVED
+CVE-2021-3899 (There is a race condition in the 'replaced executable'
detection that, ...)
+ TODO: check
CVE-2021-3898 (Versions of Motorola Ready For and Motorola Device Help Android
applic ...)
NOT-FOR-US: Lenovo
CVE-2021-3897 (An authentication bypass vulnerability was discovered in an
internal s ...)
View it on GitLab:
https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/df08a2d1466031c14f2688d3ce8e45610b627f14
--
This project does not include diff previews in email notifications.
View it on GitLab:
https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/df08a2d1466031c14f2688d3ce8e45610b627f14
You're receiving this email because of your account on salsa.debian.org.
_______________________________________________
debian-security-tracker-commits mailing list
[email protected]
https://alioth-lists.debian.net/cgi-bin/mailman/listinfo/debian-security-tracker-commits
