Salvatore Bonaccorso pushed to branch master at Debian Security Tracker /
security-tracker
Commits:
088fde68 by security tracker role at 2024-06-27T20:12:32+00:00
automatic update
- - - - -
1 changed file:
- data/CVE/list
Changes:
=====================================
data/CVE/list
=====================================
@@ -1,10 +1,162 @@
+CVE-2024-6388 (Marco Trevisan discovered that the Ubuntu Advantage Desktop
Daemon, be ...)
+ TODO: check
+CVE-2024-6374 (A vulnerability was found in lahirudanushka School Management
System 1 ...)
+ TODO: check
+CVE-2024-6373 (A vulnerability has been found in itsourcecode Online Food
Ordering Sy ...)
+ TODO: check
+CVE-2024-6372 (A vulnerability, which was classified as critical, was found in
itsour ...)
+ TODO: check
+CVE-2024-6371 (A vulnerability, which was classified as critical, has been
found in i ...)
+ TODO: check
+CVE-2024-6370 (A vulnerability classified as problematic was found in
LabVantage LIMS ...)
+ TODO: check
+CVE-2024-6369 (A vulnerability classified as problematic has been found in
LabVantage ...)
+ TODO: check
+CVE-2024-6368 (A vulnerability was found in LabVantage LIMS 2017. It has been
rated a ...)
+ TODO: check
+CVE-2024-6367 (A vulnerability was found in LabVantage LIMS 2017. It has been
declare ...)
+ TODO: check
+CVE-2024-6262 (The Portfolio Gallery \u2013 Image Gallery Plugin plugin for
WordPress ...)
+ TODO: check
+CVE-2024-6250 (An absolute path traversal vulnerability exists in
parisneo/lollms-web ...)
+ TODO: check
+CVE-2024-6139 (A path traversal vulnerability exists in the XTTS server of the
parisn ...)
+ TODO: check
+CVE-2024-6127 (BC Security Empire before 5.9.3 is vulnerable to a path
traversal issu ...)
+ TODO: check
+CVE-2024-6090 (A path traversal vulnerability exists in
gaizhenbiao/chuanhuchatgpt ve ...)
+ TODO: check
+CVE-2024-6086 (In version 1.2.7 of lunary-ai/lunary, any authenticated user,
regardle ...)
+ TODO: check
+CVE-2024-6085 (A path traversal vulnerability exists in the XTTS server
included in t ...)
+ TODO: check
+CVE-2024-6038 (A Regular Expression Denial of Service (ReDoS) vulnerability
exists in ...)
+ TODO: check
+CVE-2024-5980 (A vulnerability in the /v1/runs API endpoint of
lightning-ai/pytorch-l ...)
+ TODO: check
+CVE-2024-5979 (In h2oai/h2o-3 version 3.46.0, the `run_tool` command in the
`rapids` ...)
+ TODO: check
+CVE-2024-5936 (An open redirect vulnerability exists in imartinez/privategpt
version ...)
+ TODO: check
+CVE-2024-5935 (A Cross-Site Request Forgery (CSRF) vulnerability in version
0.5.0 of ...)
+ TODO: check
+CVE-2024-5933 (A Cross-site Scripting (XSS) vulnerability exists in the chat
function ...)
+ TODO: check
+CVE-2024-5885 (stangirard/quivr version 0.0.236 contains a Server-Side Request
Forger ...)
+ TODO: check
+CVE-2024-5826 (In the latest version of vanna-ai/vanna, the `vanna.ask`
function is v ...)
+ TODO: check
+CVE-2024-5824 (A path traversal vulnerability in the `/set_personality_config`
endpoi ...)
+ TODO: check
+CVE-2024-5822 (A Server-Side Request Forgery (SSRF) vulnerability exists in
the uploa ...)
+ TODO: check
+CVE-2024-5820 (Missing Authorization in stitionai/devika)
+ TODO: check
+CVE-2024-5755 (In lunary-ai/lunary versions <=v1.2.11, an attacker can bypass
email v ...)
+ TODO: check
+CVE-2024-5751 (BerriAI/litellm version v1.35.8 contains a vulnerability where
an atta ...)
+ TODO: check
+CVE-2024-5714 (In lunary-ai/lunary version 1.2.4, an improper access control
vulnerab ...)
+ TODO: check
+CVE-2024-5710 (berriai/litellm version 1.34.34 is vulnerable to improper
access contr ...)
+ TODO: check
+CVE-2024-5548 (Path Traversal in GitHub repository stitionai/devika prior to
-.)
+ TODO: check
+CVE-2024-5547 (Relative Path Traversal in GitHub repository stitionai/devika
prior to ...)
+ TODO: check
+CVE-2024-5334 (External Control of File Name or Path in GitHub repository
stitionai/d ...)
+ TODO: check
+CVE-2024-4983 (The The Plus Addons for Elementor \u2013 Elementor Addons, Page
Templa ...)
+ TODO: check
+CVE-2024-4578 (This Advisory describes an issue that impacts Arista Wireless
Access P ...)
+ TODO: check
+CVE-2024-3331 (Vulnerability in Spotfire Spotfire Enterprise Runtime for R -
Server E ...)
+ TODO: check
+CVE-2024-3330 (Vulnerability in Spotfire Spotfire Analyst, Spotfire Spotfire
Server, ...)
+ TODO: check
+CVE-2024-3043 (An unauthenticated IEEE 802.15.4 'co-ordinator realignment'
packet can ...)
+ TODO: check
+CVE-2024-3017 (In a Silicon Labsmulti-protocol gateway, a corrupt pointer to
buffer ...)
+ TODO: check
+CVE-2024-39669 (In the Console in Soffid IAM before 3.5.39, necessary checks
were not ...)
+ TODO: check
+CVE-2024-39376 (TELSAT marKoni FM Transmitters are vulnerable to users gaining
unautho ...)
+ TODO: check
+CVE-2024-39375 (TELSAT marKoni FM Transmitters are vulnerable to an attacker
bypassing ...)
+ TODO: check
+CVE-2024-39374 (TELSAT marKoni FM Transmitters are vulnerable to an attacker
exploitin ...)
+ TODO: check
+CVE-2024-39373 (TELSAT marKoni FM Transmitters are vulnerable to a command
injection v ...)
+ TODO: check
+CVE-2024-39208 (luci-app-lucky v2.8.3 was discovered to contain hardcoded
credentials.)
+ TODO: check
+CVE-2024-39207 (lua-shmem v1.0-1 was discovered to contain a buffer overflow
via the s ...)
+ TODO: check
+CVE-2024-39158 (idccms v1.35 was discovered to contain a Cross-Site Request
Forgery (C ...)
+ TODO: check
+CVE-2024-39157 (idccms v1.35 was discovered to contain a Cross-Site Request
Forgery (C ...)
+ TODO: check
+CVE-2024-39156 (idccms v1.35 was discovered to contain a Cross-Site Request
Forgery (C ...)
+ TODO: check
+CVE-2024-39155 (idccms v1.35 was discovered to contain a Cross-Site Request
Forgery (C ...)
+ TODO: check
+CVE-2024-39154 (idccms v1.35 was discovered to contain a Cross-Site Request
Forgery (C ...)
+ TODO: check
+CVE-2024-39153 (idccms v1.35 was discovered to contain a Cross-Site Request
Forgery (C ...)
+ TODO: check
+CVE-2024-39133 (Heap Buffer Overflow vulnerability in zziplib v0.13.77 allows
attacker ...)
+ TODO: check
+CVE-2024-39130 (A NULL Pointer Dereference discovered in DumpTS v0.1.0-nightly
allows ...)
+ TODO: check
+CVE-2024-39129 (Heap Buffer Overflow vulnerability in DumpTS v0.1.0-nightly
allows att ...)
+ TODO: check
+CVE-2024-38523 (Hush Line is a free and open-source,
anonymous-tip-line-as-a-service f ...)
+ TODO: check
+CVE-2024-38515
+ REJECTED
+CVE-2024-35260 (Microsoft Dataverse Remote Code Execution Vulnerability)
+ TODO: check
+CVE-2024-35153 (IBM WebSphere Application Server 8.5 and 9.0 is vulnerable to
cross-si ...)
+ TODO: check
+CVE-2024-31916 (IBM OpenBMC FW1050.00 through FW1050.10 BMCWeb HTTPS server
component ...)
+ TODO: check
+CVE-2024-31883 (IBM Security Verify Access 10.0.0.0 through 10.0.7.1, under
certain co ...)
+ TODO: check
+CVE-2024-31802 (DESIGNA ABACUS v.18 and before allows an attacker to bypass
the paymen ...)
+ TODO: check
+CVE-2024-2882 (SDG Technologies PnPSCADA allows a remote attacker to attach
various e ...)
+ TODO: check
+CVE-2024-28820 (Buffer overflow in the extract_openvpn_cr function in
openvpn-cr.c in ...)
+ TODO: check
+CVE-2024-24792 (Parsing a corrupt or malicious image with invalid color
indices can ca ...)
+ TODO: check
+CVE-2024-1153 (Improper Access Control vulnerability in Talya Informatics
Travel APPS ...)
+ TODO: check
+CVE-2024-1107 (Authorization Bypass Through User-Controlled Key vulnerability
in Taly ...)
+ TODO: check
+CVE-2024-0949 (Improper Access Control, Missing Authorization, Incorrect
Authorizatio ...)
+ TODO: check
+CVE-2024-0947 (Reliance on Cookies without Validation and Integrity Checking
vulnerab ...)
+ TODO: check
+CVE-2023-7270 (An issue was discovered in SoftMaker Office 2024 / NX before
revision ...)
+ TODO: check
+CVE-2023-42014 (IBM Sterling B2B Integrator Standard Edition 6.0.0.0 through
6.2.0.2 i ...)
+ TODO: check
+CVE-2023-42011 (IBM Sterling B2B Integrator Standard Edition 6.1 and 6.2 does
not rest ...)
+ TODO: check
+CVE-2023-38371 (IBM Security Access Manager Docker 10.0.0.0 through 10.0.7.1
uses weak ...)
+ TODO: check
+CVE-2023-38370 (IBM Security Access Manager Docker 10.0.0.0 through 10.0.7.1,
under ce ...)
+ TODO: check
+CVE-2023-38368 (IBM Security Access Manager Docker 10.0.0.0 through 10.0.7.1
could dis ...)
+ TODO: check
CVE-2024-37371
- krb5 1.21.3-1
NOTE:
https://github.com/krb5/krb5/commit/55fbf435edbe2e92dd8101669b1ce7144bc96fef
(krb5-1.21.3-final)
CVE-2024-37370
- krb5 1.21.3-1
NOTE:
https://github.com/krb5/krb5/commit/55fbf435edbe2e92dd8101669b1ce7144bc96fef
(krb5-1.21.3-final)
-CVE-2024-5535
+CVE-2024-5535 (Issue summary: Calling the OpenSSL API function
SSL_select_next_proto ...)
- openssl <unfixed>
[bookworm] - openssl <postponed> (Minor issue, fix along with next
update round)
[bullseye] - openssl <postponed> (Minor issue, fix along with next
update round)
@@ -915,7 +1067,8 @@ CVE-2024-4313 (The Table Addons for Elementor plugin for
WordPress is vulnerable
NOT-FOR-US: WordPress plugin
CVE-2024-3593 (The UberMenu plugin for WordPress is vulnerable to Cross-Site
Request ...)
NOT-FOR-US: WordPress plugin
-CVE-2024-37694 (ArcGIS Enterprise Server 10.8.0 allows a remote attacker to
obtain sen ...)
+CVE-2024-37694
+ REJECTED
NOT-FOR-US: ArcGIS Enterprise Server
CVE-2024-37654 (An issue in BAS-IP AV-01D, AV-01MD, AV-01MFD, AV-01ED,
AV-01KD, AV-01B ...)
NOT-FOR-US: BAS-IP
@@ -7049,7 +7202,7 @@ CVE-2024-3200 (The wpForo Forum plugin for WordPress is
vulnerable to SQL Inject
CVE-2024-35636 (Cross-Site Request Forgery (CSRF) vulnerability in Uploadcare
Uploadca ...)
NOT-FOR-US: WordPress plugin
CVE-2024-36041 [ksmserver: Unauthorized users can access session manager]
- {DLA-3827-1}
+ {DSA-5723-1 DLA-3827-1}
- plasma-workspace 4:5.27.11.1-1
NOTE: https://kde.org/info/security/advisory-20240531-1.txt
NOTE: Fixed by:
https://invent.kde.org/plasma/plasma-workspace/-/commit/da843d3fdb143ed44094c8e6246cfb8305f6f09f
@@ -65196,6 +65349,7 @@ CVE-2023-38552 (When the Node.js policy feature checks
the integrity of a resour
NOTE:
https://nodejs.org/en/blog/vulnerability/october-2023-security-releases#integrity-checks-according-to-policies-can-be-circumvented-medium---cve-2023-38552
NOTE:
https://github.com/nodejs/node/commit/1c538938ccadfd35fbc699d8e85102736cd5945c
CVE-2023-36321 (Connected Vehicle Systems Alliance (COVESA) up to v2.18.8 was
discover ...)
+ {DLA-3845-1}
- dlt-daemon 2.18.9-1
[bookworm] - dlt-daemon <no-dsa> (Minor issue)
[bullseye] - dlt-daemon <no-dsa> (Minor issue)
@@ -88042,10 +88196,10 @@ CVE-2023-31000
RESERVED
CVE-2023-30999 (IBM Security Access Manager Container (IBM Security Verify
Access Appl ...)
NOT-FOR-US: IBM
-CVE-2023-30998
- RESERVED
-CVE-2023-30997
- RESERVED
+CVE-2023-30998 (IBM Security Access Manager Docker 10.0.0.0 through 10.0.7.1
could all ...)
+ TODO: check
+CVE-2023-30997 (IBM Security Access Manager Docker 10.0.0.0 through 10.0.7.1
could all ...)
+ TODO: check
CVE-2023-30996 (IBM Cognos Analytics 11.1.7, 11.2.4, and 12.0.0 could be
vulnerable to ...)
NOT-FOR-US: IBM
CVE-2023-30995 (IBM Aspera Faspex 4.0 through 4.4.2 and 5.0 through 5.0.5
could allow ...)
@@ -90123,8 +90277,8 @@ CVE-2023-30432
RESERVED
CVE-2023-30431 (IBM Db2 for Linux, UNIX and Windows (includes Db2 Connect
Server) 10.5 ...)
NOT-FOR-US: IBM
-CVE-2023-30430
- RESERVED
+CVE-2023-30430 (IBM Security Verify Access 10.0.0 through 10.0.7.1 could allow
a local ...)
+ TODO: check
CVE-2015-10100 (A vulnerability, which was classified as critical, has been
found in D ...)
NOT-FOR-US: WordPress plugin
CVE-2014-125098 (A vulnerability was found in Dart http_server up to 0.9.5 and
classifi ...)
@@ -102668,6 +102822,7 @@ CVE-2023-26259
CVE-2023-26258 (Arcserve UDP through 9.0.6034 allows authentication bypass.
The method ...)
NOT-FOR-US: Arcserve
CVE-2023-26257 (An issue was discovered in the Connected Vehicle Systems
Alliance (COV ...)
+ {DLA-3845-1}
- dlt-daemon 2.18.9-1
[bookworm] - dlt-daemon <no-dsa> (Minor issue)
[bullseye] - dlt-daemon <no-dsa> (Minor issue)
@@ -143563,11 +143718,13 @@ CVE-2022-39839 (Cotonti Siena 0.9.20 allows admins
to conduct stored XSS attacks
CVE-2022-39838 (Systematic FIX Adapter (ALFAFX) 2.4.0.25 13/09/2017 allows
remote file ...)
NOT-FOR-US: Systematic FIX Adapter (ALFAFX)
CVE-2022-39837 (An issue was discovered in Connected Vehicle Systems Alliance
(COVESA) ...)
+ {DLA-3845-1}
- dlt-daemon 2.18.9-1
[bookworm] - dlt-daemon <no-dsa> (Minor issue)
[bullseye] - dlt-daemon <no-dsa> (Minor issue)
NOTE:
https://github.com/COVESA/dlt-daemon/commit/855e0017a980d2990c16f7dbf3b4983b48fac272
(v2.18.9-alpha)
CVE-2022-39836 (An issue was discovered in Connected Vehicle Systems Alliance
(COVESA) ...)
+ {DLA-3845-1}
- dlt-daemon 2.18.9-1
[bookworm] - dlt-daemon <no-dsa> (Minor issue)
[bullseye] - dlt-daemon <no-dsa> (Minor issue)
View it on GitLab:
https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/088fde681fa77eb6638d2784c3d2e4b10bc6833f
--
This project does not include diff previews in email notifications.
View it on GitLab:
https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/088fde681fa77eb6638d2784c3d2e4b10bc6833f
You're receiving this email because of your account on salsa.debian.org.
_______________________________________________
debian-security-tracker-commits mailing list
[email protected]
https://alioth-lists.debian.net/cgi-bin/mailman/listinfo/debian-security-tracker-commits
