Salvatore Bonaccorso pushed to branch master at Debian Security Tracker /
security-tracker
Commits:
d4ef0e4a by security tracker role at 2024-06-10T20:12:35+00:00
automatic update
- - - - -
1 changed file:
- data/CVE/list
Changes:
=====================================
data/CVE/list
=====================================
@@ -1,9 +1,141 @@
-CVE-2024-36972 [af_unix: Update unix_sk(sk)->oob_skb under sk_receive_queue
lock.]
+CVE-2024-5786 (Cross-Site Request Forgery vulnerability in Comtrend router
WLD71-T1_v ...)
+ TODO: check
+CVE-2024-5785 (Command injection vulnerability in Comtrend router
WLD71-T1_v2.0.20182 ...)
+ TODO: check
+CVE-2024-5597 (Fuji Electric Monitouch V-SFTis vulnerable to a type confusion,
which ...)
+ TODO: check
+CVE-2024-5102 (A sym-linked file accessed via the repair function in Avast
Antivirus ...)
+ TODO: check
+CVE-2024-4745 (Missing Authorization vulnerability in RafflePress Giveaways
and Conte ...)
+ TODO: check
+CVE-2024-4744 (Missing Authorization vulnerability in Avirtum iPages
Flipbook.This is ...)
+ TODO: check
+CVE-2024-4403 (A Cross-Site Request Forgery (CSRF) vulnerability exists in the
restar ...)
+ TODO: check
+CVE-2024-3850 (Uniview NVR301-04S2-P4 is vulnerable to reflected cross-site
scripting ...)
+ TODO: check
+CVE-2024-3700 (Use of hard-coded password to the patients' database allows an
attacke ...)
+ TODO: check
+CVE-2024-3699 (Use of hard-coded password to the patients' database allows an
attacke ...)
+ TODO: check
+CVE-2024-37393 (Multiple LDAP injections vulnerabilities exist in SecurEnvoy
MFA befor ...)
+ TODO: check
+CVE-2024-37051 (GitHub access token could be exposed to third-party sites in
JetBrains ...)
+ TODO: check
+CVE-2024-37014 (Langflow through 0.6.19 allows remote code execution if
untrusted user ...)
+ TODO: check
+CVE-2024-36531 (nukeviet v.4.5 and before and nukeviet-egov v.1.2.02 and
before are vu ...)
+ TODO: check
+CVE-2024-36528 (nukeviet v.4.5 and before and nukeviet-egov v.1.2.02 and
before have a ...)
+ TODO: check
+CVE-2024-36417 (SuiteCRM is an open-source Customer Relationship Management
(CRM) soft ...)
+ TODO: check
+CVE-2024-36415 (SuiteCRM is an open-source Customer Relationship Management
(CRM) soft ...)
+ TODO: check
+CVE-2024-36414 (SuiteCRM is an open-source Customer Relationship Management
(CRM) soft ...)
+ TODO: check
+CVE-2024-36413 (SuiteCRM is an open-source Customer Relationship Management
(CRM) soft ...)
+ TODO: check
+CVE-2024-36412 (SuiteCRM is an open-source Customer Relationship Management
(CRM) soft ...)
+ TODO: check
+CVE-2024-36411 (SuiteCRM is an open-source Customer Relationship Management
(CRM) soft ...)
+ TODO: check
+CVE-2024-36410 (SuiteCRM is an open-source Customer Relationship Management
(CRM) soft ...)
+ TODO: check
+CVE-2024-36409 (SuiteCRM is an open-source Customer Relationship Management
(CRM) soft ...)
+ TODO: check
+CVE-2024-36408 (SuiteCRM is an open-source Customer Relationship Management
(CRM) soft ...)
+ TODO: check
+CVE-2024-36407 (SuiteCRM is an open-source Customer Relationship Management
(CRM) soft ...)
+ TODO: check
+CVE-2024-36406 (SuiteCRM is an open-source Customer Relationship Management
(CRM) soft ...)
+ TODO: check
+CVE-2024-36405 (liboqs is a C-language cryptographic library that provides
implementat ...)
+ TODO: check
+CVE-2024-35754 (Improper Limitation of a Pathname to a Restricted Directory
('Path Tra ...)
+ TODO: check
+CVE-2024-35749 (Authentication Bypass by Spoofing vulnerability in Acurax
Under Constr ...)
+ TODO: check
+CVE-2024-35747 (Improper Restriction of Excessive Authentication Attempts
vulnerabilit ...)
+ TODO: check
+CVE-2024-35746 (Unrestricted Upload of File with Dangerous Type vulnerability
in Asgha ...)
+ TODO: check
+CVE-2024-35745 (Improper Limitation of a Pathname to a Restricted Directory
('Path Tra ...)
+ TODO: check
+CVE-2024-35744 (Improper Limitation of a Pathname to a Restricted Directory
('Path Tra ...)
+ TODO: check
+CVE-2024-35743 (Improper Limitation of a Pathname to a Restricted Directory
('Path Tra ...)
+ TODO: check
+CVE-2024-35728 (Improper Neutralization of Special Elements in Output Used by
a Downst ...)
+ TODO: check
+CVE-2024-35712 (Improper Limitation of a Pathname to a Restricted Directory
('Path Tra ...)
+ TODO: check
+CVE-2024-35680 (Improper Neutralization of Special Elements in Output Used by
a Downst ...)
+ TODO: check
+CVE-2024-35677 (Improper Limitation of a Pathname to a Restricted Directory
('Path Tra ...)
+ TODO: check
+CVE-2024-35658 (Improper Limitation of a Pathname to a Restricted Directory
('Path Tra ...)
+ TODO: check
+CVE-2024-35650 (Improper Control of Filename for Include/Require Statement in
PHP Prog ...)
+ TODO: check
+CVE-2024-35474 (A Directory Traversal vulnerability in iceice666 ResourcePack
Server b ...)
+ TODO: check
+CVE-2024-35307 (Argument Injection Leading to Remote Code Execution in
Realtime Graph ...)
+ TODO: check
+CVE-2024-35306 (OS Command injection in Ajax PHP files via HTTP Request,
allows to exe ...)
+ TODO: check
+CVE-2024-35305 (Unauth Time-Based SQL Injection in API allows to exploit HTTP
request ...)
+ TODO: check
+CVE-2024-35304 (System command injection through Netflow functiondue to
improper input ...)
+ TODO: check
+CVE-2024-34800 (Missing Authentication for Critical Function vulnerability in
Aruphash ...)
+ TODO: check
+CVE-2024-34762 (Vulnerability discovered by executing a planned security
audit. Impro ...)
+ TODO: check
+CVE-2024-34761 (Vulnerability discovered by executing a planned security
audit. Impro ...)
+ TODO: check
+CVE-2024-34332 (An issue in SiSoftware SANDRA v31.66 (SANDRA.sys 15.18.1.1)
and before ...)
+ TODO: check
+CVE-2024-32167 (Sourcecodester Online Medicine Ordering System 1.0 is
vulnerable to Ar ...)
+ TODO: check
+CVE-2024-31613 (BOSSCMS v3.10 is vulnerable to Cross Site Request Forgery
(CSRF) in na ...)
+ TODO: check
+CVE-2024-31612 (Emlog pro2.3 is vulnerable to Cross Site Request Forgery
(CSRF) via tw ...)
+ TODO: check
+CVE-2024-31611 (SeaCMS 12.9 has a file deletion vulnerability via
admin_template.php.)
+ TODO: check
+CVE-2024-28833 (Improper restriction of excessive authentication attempts with
two fac ...)
+ TODO: check
+CVE-2024-27792 (This issue was addressed by adding an additional prompt for
user conse ...)
+ TODO: check
+CVE-2024-26507 (An issue in FinalWire AIRDA Extreme, AIDA64 Engineer, AIDA64
Business, ...)
+ TODO: check
+CVE-2024-23524 (Missing Authorization vulnerability in ONTRAPORT Inc.
PilotPress.This ...)
+ TODO: check
+CVE-2024-23299 (The issue was addressed with improved checks. This issue is
fixed in m ...)
+ TODO: check
+CVE-2024-22298 (Missing Authorization vulnerability in TMS Amelia
ameliabooking.This i ...)
+ TODO: check
+CVE-2024-22296 (Missing Authorization vulnerability in Code for Recovery 12
Step Meeti ...)
+ TODO: check
+CVE-2024-22279 (Improper handling of requests in Routing Release > v0.273.0
and <= v0. ...)
+ TODO: check
+CVE-2024-21751 (Missing Authorization vulnerability in RabbitLoader.This issue
affects ...)
+ TODO: check
+CVE-2024-1228 (Use of hard-coded password to the patients' database allows an
attacke ...)
+ TODO: check
+CVE-2023-40389 (The issue was addressed with improved restriction of data
container ac ...)
+ TODO: check
+CVE-2022-48683 (An access issue was addressed with additional sandbox
restrictions. Th ...)
+ TODO: check
+CVE-2022-48578 (An out-of-bounds read was addressed with improved bounds
checking. Thi ...)
+ TODO: check
+CVE-2024-36972 (In the Linux kernel, the following vulnerability has been
resolved: a ...)
- linux <unfixed>
[bullseye] - linux <not-affected> (Vulnerable code not present)
[buster] - linux <not-affected> (Vulnerable code not present)
NOTE:
https://git.kernel.org/linus/9841991a446c87f90f66f4b9fee6fe934c1336a2 (6.10-rc1)
-CVE-2024-36971 [net: fix __dst_negative_advice() race]
+CVE-2024-36971 (In the Linux kernel, the following vulnerability has been
resolved: n ...)
- linux <unfixed>
NOTE:
https://git.kernel.org/linus/92f1655aa2b2294d0b49925f3b875a634bd3b59e (6.10-rc2)
CVE-2024-5389 (In lunary-ai/lunary version 1.2.13, an insufficient granularity
of acc ...)
@@ -120651,8 +120783,8 @@ CVE-2022-45178 (An issue was discovered in LIVEBOX
Collaboration vDesk through v
NOT-FOR-US: LIVEBOX
CVE-2022-45177 (An issue was discovered in LIVEBOX Collaboration vDesk through
v031. A ...)
NOT-FOR-US: LIVEBOX Collaboration vDesk
-CVE-2022-45176
- RESERVED
+CVE-2022-45176 (An issue was discovered in LIVEBOX Collaboration vDesk through
v018. S ...)
+ TODO: check
CVE-2022-45175 (An issue was discovered in LIVEBOX Collaboration vDesk through
v018. A ...)
NOT-FOR-US: LIVEBOX
CVE-2022-45174 (An issue was discovered in LIVEBOX Collaboration vDesk through
v018. A ...)
@@ -120667,8 +120799,8 @@ CVE-2022-45170 (An issue was discovered in LIVEBOX
Collaboration vDesk through v
NOT-FOR-US: LIVEBOX
CVE-2022-45169 (An issue was discovered in LIVEBOX Collaboration vDesk through
v031. A ...)
NOT-FOR-US: LIVEBOX Collaboration vDesk
-CVE-2022-45168
- RESERVED
+CVE-2022-45168 (An issue was discovered in LIVEBOX Collaboration vDesk through
v018. A ...)
+ TODO: check
CVE-2022-3962 (A content spoofing vulnerability was found in Kiali. It was
discovered ...)
NOT-FOR-US: Kiali
CVE-2022-3961 (The Directorist WordPress plugin before 7.4.4 does not prevent
users w ...)
@@ -157100,7 +157232,7 @@ CVE-2022-32935 (A lock screen issue was addressed
with improved state management
NOT-FOR-US: Apple
CVE-2022-32934 (The issue was addressed with improved memory handling. This
issue is f ...)
NOT-FOR-US: Apple
-CVE-2022-32933 [A website may be able to track the websites a user visited in
Safari private browsing mode]
+CVE-2022-32933 (An information disclosure issue was addressed by removing the
vulnerab ...)
{DSA-5241-1 DSA-5240-1}
- webkit2gtk 2.38.0-1
- wpewebkit 2.38.0-1
@@ -157183,8 +157315,8 @@ CVE-2022-32899 (The issue was addressed with improved
memory handling. This issu
NOT-FOR-US: Apple
CVE-2022-32898 (The issue was addressed with improved memory handling. This
issue is f ...)
NOT-FOR-US: Apple
-CVE-2022-32897
- RESERVED
+CVE-2022-32897 (A memory corruption issue was addressed with improved
validation. This ...)
+ TODO: check
CVE-2022-32896 (This issue was addressed by enabling hardened runtime. This
issue is f ...)
NOT-FOR-US: Apple
CVE-2022-32895 (A race condition was addressed with improved state handling.
This issu ...)
View it on GitLab:
https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/d4ef0e4a5b35eb50e1f4b13d454963b4bab98df3
--
This project does not include diff previews in email notifications.
View it on GitLab:
https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/d4ef0e4a5b35eb50e1f4b13d454963b4bab98df3
You're receiving this email because of your account on salsa.debian.org.
_______________________________________________
debian-security-tracker-commits mailing list
[email protected]
https://alioth-lists.debian.net/cgi-bin/mailman/listinfo/debian-security-tracker-commits
