Salvatore Bonaccorso pushed to branch master at Debian Security Tracker /
security-tracker
Commits:
772b8540 by Salvatore Bonaccorso at 2024-06-27T23:01:57+02:00
Process some NFUs
- - - - -
5149d46e by Salvatore Bonaccorso at 2024-06-27T23:01:57+02:00
Add CVE-2024-39133/zziplib
- - - - -
bdb63fe8 by Salvatore Bonaccorso at 2024-06-27T23:01:58+02:00
Add CVE-2024-21520/djangorestframework
- - - - -
a9b61a3c by Salvatore Bonaccorso at 2024-06-27T23:01:58+02:00
Add two new wordpress issues
- - - - -
1 changed file:
- data/CVE/list
Changes:
=====================================
data/CVE/list
=====================================
@@ -55,67 +55,68 @@ CVE-2024-5820 (Missing Authorization in stitionai/devika)
CVE-2024-5755 (In lunary-ai/lunary versions <=v1.2.11, an attacker can bypass
email v ...)
NOT-FOR-US: lunary-ai/lunary
CVE-2024-5751 (BerriAI/litellm version v1.35.8 contains a vulnerability where
an atta ...)
- TODO: check
+ NOT-FOR-US: BerriAI/litellm
CVE-2024-5714 (In lunary-ai/lunary version 1.2.4, an improper access control
vulnerab ...)
- TODO: check
+ NOT-FOR-US: lunary-ai/lunary
CVE-2024-5710 (berriai/litellm version 1.34.34 is vulnerable to improper
access contr ...)
- TODO: check
+ NOT-FOR-US: BerriAI/litellm
CVE-2024-5548 (Path Traversal in GitHub repository stitionai/devika prior to
-.)
- TODO: check
+ NOT-FOR-US: stitionai/devika
CVE-2024-5547 (Relative Path Traversal in GitHub repository stitionai/devika
prior to ...)
- TODO: check
+ NOT-FOR-US: stitionai/devika
CVE-2024-5334 (External Control of File Name or Path in GitHub repository
stitionai/d ...)
- TODO: check
+ NOT-FOR-US: stitionai/devika
CVE-2024-4983 (The The Plus Addons for Elementor \u2013 Elementor Addons, Page
Templa ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin
CVE-2024-4578 (This Advisory describes an issue that impacts Arista Wireless
Access P ...)
- TODO: check
+ NOT-FOR-US: Arista
CVE-2024-3331 (Vulnerability in Spotfire Spotfire Enterprise Runtime for R -
Server E ...)
- TODO: check
+ NOT-FOR-US: Spotfire
CVE-2024-3330 (Vulnerability in Spotfire Spotfire Analyst, Spotfire Spotfire
Server, ...)
- TODO: check
+ NOT-FOR-US: Spotfire
CVE-2024-3043 (An unauthenticated IEEE 802.15.4 'co-ordinator realignment'
packet can ...)
TODO: check
CVE-2024-3017 (In a Silicon Labsmulti-protocol gateway, a corrupt pointer to
buffer ...)
TODO: check
CVE-2024-39669 (In the Console in Soffid IAM before 3.5.39, necessary checks
were not ...)
- TODO: check
+ NOT-FOR-US: Soffid IAM
CVE-2024-39376 (TELSAT marKoni FM Transmitters are vulnerable to users gaining
unautho ...)
- TODO: check
+ NOT-FOR-US: TELSAT marKoni FM Transmitters
CVE-2024-39375 (TELSAT marKoni FM Transmitters are vulnerable to an attacker
bypassing ...)
- TODO: check
+ NOT-FOR-US: TELSAT marKoni FM Transmitters
CVE-2024-39374 (TELSAT marKoni FM Transmitters are vulnerable to an attacker
exploitin ...)
- TODO: check
+ NOT-FOR-US: TELSAT marKoni FM Transmitters
CVE-2024-39373 (TELSAT marKoni FM Transmitters are vulnerable to a command
injection v ...)
- TODO: check
+ NOT-FOR-US: TELSAT marKoni FM Transmitters
CVE-2024-39208 (luci-app-lucky v2.8.3 was discovered to contain hardcoded
credentials.)
- TODO: check
+ NOT-FOR-US: luci-app-lucky
CVE-2024-39207 (lua-shmem v1.0-1 was discovered to contain a buffer overflow
via the s ...)
TODO: check
CVE-2024-39158 (idccms v1.35 was discovered to contain a Cross-Site Request
Forgery (C ...)
- TODO: check
+ NOT-FOR-US: idccms
CVE-2024-39157 (idccms v1.35 was discovered to contain a Cross-Site Request
Forgery (C ...)
- TODO: check
+ NOT-FOR-US: idccms
CVE-2024-39156 (idccms v1.35 was discovered to contain a Cross-Site Request
Forgery (C ...)
- TODO: check
+ NOT-FOR-US: idccms
CVE-2024-39155 (idccms v1.35 was discovered to contain a Cross-Site Request
Forgery (C ...)
- TODO: check
+ NOT-FOR-US: idccms
CVE-2024-39154 (idccms v1.35 was discovered to contain a Cross-Site Request
Forgery (C ...)
- TODO: check
+ NOT-FOR-US: idccms
CVE-2024-39153 (idccms v1.35 was discovered to contain a Cross-Site Request
Forgery (C ...)
- TODO: check
+ NOT-FOR-US: idccms
CVE-2024-39133 (Heap Buffer Overflow vulnerability in zziplib v0.13.77 allows
attacker ...)
- TODO: check
+ - zziplib <unfixed>
+ NOTE: https://github.com/gdraheim/zziplib/issues/164
CVE-2024-39130 (A NULL Pointer Dereference discovered in DumpTS v0.1.0-nightly
allows ...)
- TODO: check
+ NOT-FOR-US: DumpTS
CVE-2024-39129 (Heap Buffer Overflow vulnerability in DumpTS v0.1.0-nightly
allows att ...)
- TODO: check
+ NOT-FOR-US: DumpTS
CVE-2024-38523 (Hush Line is a free and open-source,
anonymous-tip-line-as-a-service f ...)
- TODO: check
+ NOT-FOR-US: Hush Line
CVE-2024-38515
REJECTED
CVE-2024-35260 (Microsoft Dataverse Remote Code Execution Vulnerability)
- TODO: check
+ NOT-FOR-US: Microsoft
CVE-2024-35153 (IBM WebSphere Application Server 8.5 and 9.0 is vulnerable to
cross-si ...)
NOT-FOR-US: IBM
CVE-2024-31916 (IBM OpenBMC FW1050.00 through FW1050.10 BMCWeb HTTPS server
component ...)
@@ -123,23 +124,23 @@ CVE-2024-31916 (IBM OpenBMC FW1050.00 through FW1050.10
BMCWeb HTTPS server comp
CVE-2024-31883 (IBM Security Verify Access 10.0.0.0 through 10.0.7.1, under
certain co ...)
NOT-FOR-US: IBM
CVE-2024-31802 (DESIGNA ABACUS v.18 and before allows an attacker to bypass
the paymen ...)
- TODO: check
+ NOT-FOR-US: DESIGNA ABACUS
CVE-2024-2882 (SDG Technologies PnPSCADA allows a remote attacker to attach
various e ...)
- TODO: check
+ NOT-FOR-US: SDG Technologies PnPSCADA
CVE-2024-28820 (Buffer overflow in the extract_openvpn_cr function in
openvpn-cr.c in ...)
TODO: check
CVE-2024-24792 (Parsing a corrupt or malicious image with invalid color
indices can ca ...)
TODO: check
CVE-2024-1153 (Improper Access Control vulnerability in Talya Informatics
Travel APPS ...)
- TODO: check
+ NOT-FOR-US: Talya Informatics Travel APPS
CVE-2024-1107 (Authorization Bypass Through User-Controlled Key vulnerability
in Taly ...)
- TODO: check
+ NOT-FOR-US: Talya Informatics Travel APPS
CVE-2024-0949 (Improper Access Control, Missing Authorization, Incorrect
Authorizatio ...)
- TODO: check
+ NOT-FOR-US: Elektraweb
CVE-2024-0947 (Reliance on Cookies without Validation and Integrity Checking
vulnerab ...)
- TODO: check
+ NOT-FOR-US: Talya Informatics Elektraweb
CVE-2023-7270 (An issue was discovered in SoftMaker Office 2024 / NX before
revision ...)
- TODO: check
+ NOT-FOR-US: SoftMaker
CVE-2023-42014 (IBM Sterling B2B Integrator Standard Edition 6.0.0.0 through
6.2.0.2 i ...)
NOT-FOR-US: IBM
CVE-2023-42011 (IBM Sterling B2B Integrator Standard Edition 6.1 and 6.2 does
not rest ...)
@@ -429,7 +430,9 @@ CVE-2024-21740 (Artery AT32F415CBT7 and AT32F421C8T7
devices have Incorrect Acce
CVE-2024-21739 (Geehy APM32F103CCT6, APM32F103RCT6, APM32F103RCT7, and
APM32F103VCT6 d ...)
NOT-FOR-US: Geehy
CVE-2024-21520 (Versions of the package djangorestframework before 3.15.2 are
vulnerab ...)
- TODO: check
+ - djangorestframework <unfixed>
+ NOTE: https://github.com/encode/django-rest-framework/pull/9435
+ NOTE:
https://github.com/encode/django-rest-framework/commit/3b41f0124194430da957b119712978fa2266b642
(3.15.2)
CVE-2024-6308 (A vulnerability was found in itsourcecode Simple Online Hotel
Reservat ...)
NOT-FOR-US: itsourcecode Simple Online Hotel Reservation System
CVE-2024-6307 (WordPress Core is vulnerable to Stored Cross-Site Scripting via
the HT ...)
@@ -537,9 +540,11 @@ CVE-2024-34142 (Adobe Experience Manager versions 6.5.20
and earlier are affecte
CVE-2024-34141 (Adobe Experience Manager versions 6.5.20 and earlier are
affected by a ...)
NOT-FOR-US: Adobe
CVE-2024-32111 (Improper Limitation of a Pathname to a Restricted Directory
('Path Tra ...)
- TODO: check
+ - wordpress <unfixed>
+ NOTE: https://wordpress.org/news/2024/06/wordpress-6-5-5/
CVE-2024-31111 (Improper Neutralization of Input During Web Page Generation
(XSS or 'C ...)
- TODO: check
+ - wordpress <unfixed>
+ NOTE: https://wordpress.org/news/2024/06/wordpress-6-5-5/
CVE-2024-28832 (Stored XSS in the Crash Report page in Checkmk before versions
2.3.0p7 ...)
- check-mk <removed>
CVE-2024-28831 (Stored XSS in some confirmation pop-ups in Checkmk before
versions 2.3 ...)
@@ -785,7 +790,7 @@ CVE-2024-22385 (Incorrect Default Permissions vulnerability
in Hitachi Storage P
CVE-2024-22168 (A Cross-Site Scripting (XSS) vulnerability on the My Cloud, My
Cloud H ...)
TODO: check
CVE-2023-6198 (Use of Hard-coded Credentials vulnerability in Baicells Snap
Router Ba ...)
- TODO: check
+ NOT-FOR-US: Baicells Snap Router BaiCE_BMI on EP3011
CVE-2023-5038 (badmonkey, a Security Researcher has found a flaw that allows
for a un ...)
TODO: check
CVE-2023-50029 (PHP Injection vulnerability in the module "M4 PDF Extensions"
(m4pdf) ...)
@@ -835,7 +840,7 @@ CVE-2024-4754 (Improper Neutralization of Input During Web
Page Generation ('Cro
CVE-2024-4748 (The CRUDDIY project is vulnerable to shell command injection
via sendi ...)
NOT-FOR-US: CRUDDIY project
CVE-2024-3264 (Use of a Broken or Risky Cryptographic Algorithm vulnerability
in Mia ...)
- TODO: check
+ NOT-FOR-US: Mia Technology Inc. Mia-Med Health Aplication
CVE-2024-38373 (FreeRTOS-Plus-TCP is a lightweight TCP/IP stack for FreeRTOS.
FreeRTOS ...)
NOT-FOR-US: FreeRTOS-Plus-TCP
CVE-2024-38369 (XWiki Platform is a generic wiki platform offering runtime
services fo ...)
@@ -101182,7 +101187,7 @@ CVE-2023-26879
CVE-2023-26878
RESERVED
CVE-2023-26877 (File upload vulnerability found in Softexpert Excellence Suite
v.2.1 a ...)
- TODO: check
+ NOT-FOR-US: Softexpert Excellence Suite
CVE-2023-26876 (SQL injection vulnerability found in Piwigo v.13.5.0 and
before allows ...)
- piwigo <removed>
CVE-2023-26875
View it on GitLab:
https://salsa.debian.org/security-tracker-team/security-tracker/-/compare/7c515ba984bccdaa90196d5b5100214454f77d25...a9b61a3c037202aa9bcb5b7b5302929f1aba29ff
--
This project does not include diff previews in email notifications.
View it on GitLab:
https://salsa.debian.org/security-tracker-team/security-tracker/-/compare/7c515ba984bccdaa90196d5b5100214454f77d25...a9b61a3c037202aa9bcb5b7b5302929f1aba29ff
You're receiving this email because of your account on salsa.debian.org.
_______________________________________________
debian-security-tracker-commits mailing list
[email protected]
https://alioth-lists.debian.net/cgi-bin/mailman/listinfo/debian-security-tracker-commits
