Salvatore Bonaccorso pushed to branch master at Debian Security Tracker /
security-tracker
Commits:
cfed6309 by security tracker role at 2024-06-18T20:12:42+00:00
automatic update
- - - - -
1 changed file:
- data/CVE/list
Changes:
=====================================
data/CVE/list
=====================================
@@ -1,3 +1,73 @@
+CVE-2024-6116 (A vulnerability, which was classified as critical, has been
found in i ...)
+ TODO: check
+CVE-2024-6115 (A vulnerability classified as critical was found in
itsourcecode Simpl ...)
+ TODO: check
+CVE-2024-6114 (A vulnerability classified as critical has been found in
itsourcecode ...)
+ TODO: check
+CVE-2024-6112 (A vulnerability classified as critical was found in
itsourcecode Pool ...)
+ TODO: check
+CVE-2024-6111 (A vulnerability classified as critical has been found in
itsourcecode ...)
+ TODO: check
+CVE-2024-6110 (A vulnerability was found in itsourcecode Magbanua Beach Resort
Online ...)
+ TODO: check
+CVE-2024-6109 (A vulnerability was found in itsourcecode Tailoring Management
System ...)
+ TODO: check
+CVE-2024-6108 (A vulnerability was found in Genexis Tilgin Home Gateway
322_AS0500-03 ...)
+ TODO: check
+CVE-2024-5967 (A vulnerability was found in Keycloak. The LDAP testing
endpoint allow ...)
+ TODO: check
+CVE-2024-5953 (A denial of service vulnerability was found in the 389-ds-base
LDAP se ...)
+ TODO: check
+CVE-2024-5899 (When Bazel Plugin in intellij imports a project (either using
"import ...)
+ TODO: check
+CVE-2024-5750
+ REJECTED
+CVE-2024-5275 (A hard-coded password in the FileCatalyst TransferAgent can be
found w ...)
+ TODO: check
+CVE-2024-38507 (In JetBrains Hub before 2024.2.34646 stored XSS via project
descriptio ...)
+ TODO: check
+CVE-2024-38506 (In JetBrains YouTrack before 2024.2.34646 user without
appropriate per ...)
+ TODO: check
+CVE-2024-38505 (In JetBrains YouTrack before 2024.2.34646 user access token
was sent t ...)
+ TODO: check
+CVE-2024-38504 (In JetBrains YouTrack before 2024.2.34646 the Guest User
Account was e ...)
+ TODO: check
+CVE-2024-38351 (Pocketbase is an open source web backend written in go. In
affected ve ...)
+ TODO: check
+CVE-2024-38348 (CodeProjects Health Care hospital Management System v1.0 was
discovere ...)
+ TODO: check
+CVE-2024-38347 (CodeProjects Health Care hospital Management System v1.0 was
discovere ...)
+ TODO: check
+CVE-2024-38277 (A unique key should be generated for a user's QR login key and
their a ...)
+ TODO: check
+CVE-2024-38276 (Incorrect CSRF token checks resulted in multiple CSRF risks.)
+ TODO: check
+CVE-2024-38275 (The cURL wrapper in Moodle retained the original request
headers when ...)
+ TODO: check
+CVE-2024-38274 (Insufficient escaping of calendar event titles resulted in a
stored XS ...)
+ TODO: check
+CVE-2024-38273 (Insufficient capability checks meant it was possible for users
to gain ...)
+ TODO: check
+CVE-2024-37904 (Minder is an open source Software Supply Chain Security
Platform. Mind ...)
+ TODO: check
+CVE-2024-37821 (An arbitrary file upload vulnerability in the Upload Template
function ...)
+ TODO: check
+CVE-2024-37803 (Multiple stored cross-site scripting (XSS) vulnerabilities in
CodeProj ...)
+ TODO: check
+CVE-2024-37802 (CodeProjects Health Care hospital Management System v1.0 was
discovere ...)
+ TODO: check
+CVE-2024-37800 (CodeProjects Restaurant Reservation System v1.0 was discovered
to cont ...)
+ TODO: check
+CVE-2024-37799 (CodeProjects Restaurant Reservation System v1.0 was discovered
to cont ...)
+ TODO: check
+CVE-2024-37791 (DuxCMS3 v3.1.3 was discovered to contain a SQL injection
vulnerability ...)
+ TODO: check
+CVE-2024-22002 (CORSAIR iCUE 5.9.105 with iCUE Murals on Windows allows
unprivileged u ...)
+ TODO: check
+CVE-2024-21685 (This High severity Information Disclosure vulnerability was
introduced ...)
+ TODO: check
+CVE-2023-47726 (IBM QRadar Suite Software 1.10.12.0 through 1.10.21.0 and IBM
Cloud Pa ...)
+ TODO: check
CVE-2024-6103
- chromium <unfixed>
[bullseye] - chromium <end-of-life> (see #1061268)
@@ -14,20 +84,20 @@ CVE-2024-6100
- chromium <unfixed>
[bullseye] - chromium <end-of-life> (see #1061268)
[buster] - chromium <end-of-life> (see DSA 5046)
-CVE-2024-36977 [usb: dwc3: Wait unconditionally after issuing EndXfer command]
+CVE-2024-36977 (In the Linux kernel, the following vulnerability has been
resolved: u ...)
- linux 6.8.11-1
[bullseye] - linux <not-affected> (Vulnerable code not present)
[buster] - linux <not-affected> (Vulnerable code not present)
NOTE:
https://git.kernel.org/linus/1d26ba0944d398f88aaf997bda3544646cf21945 (6.10-rc1)
-CVE-2024-36976 [Revert "media: v4l2-ctrls: show all owned controls in
log_status"]
+CVE-2024-36976 (In the Linux kernel, the following vulnerability has been
resolved: R ...)
- linux <not-affected> (Vulnerable code not present)
NOTE:
https://git.kernel.org/linus/eba63df7eb1f95df6bfb67722a35372b6994928d (6.10-rc1)
-CVE-2024-36975 [KEYS: trusted: Do not use WARN when encode fails]
+CVE-2024-36975 (In the Linux kernel, the following vulnerability has been
resolved: K ...)
- linux 6.8.11-1
[bullseye] - linux <not-affected> (Vulnerable code not present)
[buster] - linux <not-affected> (Vulnerable code not present)
NOTE:
https://git.kernel.org/linus/050bf3c793a07f96bd1e2fd62e1447f731ed733b (6.10-rc1)
-CVE-2024-36974 [net/sched: taprio: always validate TCA_TAPRIO_ATTR_PRIOMAP]
+CVE-2024-36974 (In the Linux kernel, the following vulnerability has been
resolved: n ...)
- linux <unfixed>
[buster] - linux <not-affected> (Vulnerable code not present)
NOTE:
https://git.kernel.org/linus/f921a58ae20852d188f70842431ce6519c4fdc36 (6.10-rc3)
@@ -239,7 +309,7 @@ CVE-2024-0397 (A defect was discovered in the Python
\u201cssl\u201d module wher
NOTE:
https://github.com/python/cpython/commit/542f3272f56f31ed04e74c40635a913fbc12d286
(v3.12.3)
NOTE:
https://github.com/python/cpython/commit/01c37f1d0714f5822d34063ca7180b595abf589d
(v3.11.9)
NOTE:
https://github.com/python/cpython/commit/b228655c227b2ca298a8ffac44d14ce3d22f6faa
(3.9-branch)
-CVE-2018-25103 (There exists a use-after-free-vulnerability in lighttpd <=
1.4.50 that ...)
+CVE-2018-25103 (There exists use-after-free vulnerabilities in lighttpd <=
1.4.50 requ ...)
TODO: check
CVE-2024-36973 (In the Linux kernel, the following vulnerability has been
resolved: m ...)
- linux <unfixed>
@@ -250,7 +320,8 @@ CVE-2024-6048 (Openfind's MailGates and MailAudit fail to
properly filter user i
NOT-FOR-US: Openfind's MailGates and MailAudit
CVE-2024-6047 (Certain EOL GeoVision devices fail to properly filter user
input for t ...)
NOT-FOR-US: GeoVision devices
-CVE-2024-6046 (SECOM WRTR-304GN-304TW-UPSC V02(unsupported-when-assigned) does
not pr ...)
+CVE-2024-6046
+ REJECTED
NOT-FOR-US: SECOM WRTR-304GN-304TW-UPSC
CVE-2024-6045 (Certain models of D-Link wireless routers contain an
undisclosed facto ...)
NOT-FOR-US: D-Link
@@ -3076,11 +3147,11 @@ CVE-2024-37385 (Roundcube Webmail before 1.5.7 and
1.6.x before 1.6.7 on Windows
- roundcube <not-affected> (Windows-specific)
NOTE:
https://github.com/roundcube/roundcubemail/commit/5ea9f37ce39374b6124586c0590fec7015d35d7f
CVE-2024-37384 (Roundcube Webmail before 1.5.7 and 1.6.x before 1.6.7 allows
XSS via l ...)
- {DLA-3835-1}
+ {DSA-5714-1 DLA-3835-1}
- roundcube 1.6.7+dfsg-1 (bug #1071474)
NOTE:
https://github.com/roundcube/roundcubemail/commit/9ca8aa6680c579132e0d1fa59447df8d524ec91c
CVE-2024-37383 (Roundcube Webmail before 1.5.7 and 1.6.x before 1.6.7 allows
XSS via S ...)
- {DLA-3835-1}
+ {DSA-5714-1 DLA-3835-1}
- roundcube 1.6.7+dfsg-1 (bug #1071474)
NOTE:
https://github.com/roundcube/roundcubemail/commit/ba252dc5e2946506cb8d0b50b2b7bf95ab51876f
CVE-2024-36823 (The encrypt() function of Ninja Core v7.0.0 was discovered to
use a we ...)
@@ -23897,7 +23968,7 @@ CVE-2024-0159 (Dell Alienware Command Center, versions
5.5.52.0 and prior, conta
NOT-FOR-US: Dell
CVE-2023-6385 (The WordPress Ping Optimizer WordPress plugin through
2.35.1.3.0 does ...)
NOT-FOR-US: WordPress plugin
-CVE-2023-6236 (A flaw was found in JBoss EAP. When an OIDC app that serves
multiple t ...)
+CVE-2023-6236 (A flaw was found in Red Hat Enterprise Application Platform 8.
When an ...)
NOT-FOR-US: JBoss EAP
CVE-2023-50347 (HCL DRYiCE MyXalytics is impacted by an insecure SQL interface
vulnera ...)
NOT-FOR-US: HCL
@@ -187498,8 +187569,8 @@ CVE-2022-23831 (Insufficient validation of the IOCTL
input buffer in AMD \u03bcP
NOT-FOR-US: AMD
CVE-2022-23830 (SMM configuration may not be immutable, as intended, when SNP
is enabl ...)
NOT-FOR-US: AMD
-CVE-2022-23829
- RESERVED
+CVE-2022-23829 (A potential weakness in AMD SPI protection features may allow
a malici ...)
+ TODO: check
CVE-2022-23828
RESERVED
CVE-2022-23827
View it on GitLab:
https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/cfed630977e9a357b4a56c806937c7bc329694a1
--
This project does not include diff previews in email notifications.
View it on GitLab:
https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/cfed630977e9a357b4a56c806937c7bc329694a1
You're receiving this email because of your account on salsa.debian.org.
_______________________________________________
debian-security-tracker-commits mailing list
[email protected]
https://alioth-lists.debian.net/cgi-bin/mailman/listinfo/debian-security-tracker-commits
