Salvatore Bonaccorso pushed to branch master at Debian Security Tracker /
security-tracker
Commits:
ee21cac6 by security tracker role at 2024-07-01T20:12:29+00:00
automatic update
- - - - -
1 changed file:
- data/CVE/list
Changes:
=====================================
data/CVE/list
=====================================
@@ -1,29 +1,196 @@
-CVE-2024-39573
+CVE-2024-6425 (Incorrect Provision of Specified Functionality vulnerability in
MESboo ...)
+ TODO: check
+CVE-2024-6424 (External server-side request vulnerability in MESbook
20221021.03 vers ...)
+ TODO: check
+CVE-2024-6376 (MongoDB Compass may be susceptible to code injection due to
insufficie ...)
+ TODO: check
+CVE-2024-6375 (A command for refining a collection shard key is missing an
authorizat ...)
+ TODO: check
+CVE-2024-6050 (Improper Neutralization of Input During Web Page Generation
vulnerabil ...)
+ TODO: check
+CVE-2024-4007 (Default credential in install package in ABB ASPECT; NEXUS
Series; MAT ...)
+ TODO: check
+CVE-2024-39879 (In JetBrains TeamCity before 2024.03.3 application token could
be expo ...)
+ TODO: check
+CVE-2024-39878 (In JetBrains TeamCity before 2024.03.3 private key could be
exposed vi ...)
+ TODO: check
+CVE-2024-39853 (adolph_dudu ratio-swiper 0.0.2 was discovered to contain a
prototype p ...)
+ TODO: check
+CVE-2024-39430 (In faceid servive, there is a possible out of bounds write due
to a mi ...)
+ TODO: check
+CVE-2024-39429 (In faceid servive, there is a possible out of bounds write due
to a mi ...)
+ TODO: check
+CVE-2024-39428 (In trusty service, there is a possible out of bounds write due
to a mi ...)
+ TODO: check
+CVE-2024-39427 (In trusty service, there is a possible out of bounds write due
to a mi ...)
+ TODO: check
+CVE-2024-39303 (Weblate is a web based localization tool. Prior to version
5.6.2, Webl ...)
+ TODO: check
+CVE-2024-39251 (An issue in the component
ControlCenter.sys/ControlCenter64.sys of Thu ...)
+ TODO: check
+CVE-2024-39249 (Async <= 2.6.4 and <= 3.2.5 are vulnerable to ReDoS (Regular
Expressio ...)
+ TODO: check
+CVE-2024-39236 (Gradio v4.36.1 was discovered to contain a code injection
vulnerabilit ...)
+ TODO: check
+CVE-2024-39018 (harvey-woo cat5th/key-serializer v0.2.5 was discovered to
contain a pr ...)
+ TODO: check
+CVE-2024-39017 (agreejs shared v0.0.1 was discovered to contain a prototype
pollution ...)
+ TODO: check
+CVE-2024-39016 (che3vinci c3/utils-1 1.0.131 was discovered to contain a
prototype pol ...)
+ TODO: check
+CVE-2024-39015 (cafebazaar hod v0.4.14 was discovered to contain a prototype
pollution ...)
+ TODO: check
+CVE-2024-39014 (ahilfoley cahil/utils v2.3.2 was discovered to contain a
prototype pol ...)
+ TODO: check
+CVE-2024-39013 (2o3t-utility v0.1.2 was discovered to contain a prototype
pollution vi ...)
+ TODO: check
+CVE-2024-39008 (robinweser fast-loops v1.1.3 was discovered to contain a
prototype pol ...)
+ TODO: check
+CVE-2024-39003 (amoyjs amoy common v1.0.10 was discovered to contain a
prototype pollu ...)
+ TODO: check
+CVE-2024-39002 (rjrodger jsonic-next v2.12.1 was discovered to contain a
prototype pol ...)
+ TODO: check
+CVE-2024-39001 (ag-grid-enterprise v31.3.2 was discovered to contain a
prototype pollu ...)
+ TODO: check
+CVE-2024-39000 (adolph_dudu ratio-swiper v0.0.2 was discovered to contain a
prototype ...)
+ TODO: check
+CVE-2024-38999 (jrburke requirejs v2.3.6 was discovered to contain a prototype
polluti ...)
+ TODO: check
+CVE-2024-38998 (jrburke requirejs v2.3.6 was discovered to contain a prototype
polluti ...)
+ TODO: check
+CVE-2024-38997 (adolph_dudu ratio-swiper v0.0.2 was discovered to contain a
prototype ...)
+ TODO: check
+CVE-2024-38996 (ag-grid-community v31.3.2 and ag-grid-enterprise v31.3.2 were
discover ...)
+ TODO: check
+CVE-2024-38994 (amoyjs amoy common v1.0.10 was discovered to contain a
prototype pollu ...)
+ TODO: check
+CVE-2024-38993 (rjrodger jsonic-next v2.12.1 was discovered to contain a
prototype pol ...)
+ TODO: check
+CVE-2024-38992 (airvertco frappejs v0.0.11 was discovered to contain a
prototype pollu ...)
+ TODO: check
+CVE-2024-38991 (akbr patch-into v1.0.1 was discovered to contain a prototype
pollution ...)
+ TODO: check
+CVE-2024-38990 (Tada5hi sp-common v0.5.4 was discovered to contain a prototype
polluti ...)
+ TODO: check
+CVE-2024-38987 (aofl cli-lib v3.14.0 was discovered to contain a prototype
pollution v ...)
+ TODO: check
+CVE-2024-38953 (phpok 6.4.003 contains a Cross Site Scripting (XSS)
vulnerability in t ...)
+ TODO: check
+CVE-2024-38513 (Fiber is an Express-inspired web framework written in Go A
vulnerabili ...)
+ TODO: check
+CVE-2024-37298 (gorilla/schema converts structs to and from form values. Prior
to vers ...)
+ TODO: check
+CVE-2024-37146 (Flowise is a drag & drop user interface to build a customized
large la ...)
+ TODO: check
+CVE-2024-37145 (Flowise is a drag & drop user interface to build a customized
large la ...)
+ TODO: check
+CVE-2024-36997 (In Splunk Enterprise versions below 9.2.2, 9.1.5, and 9.0.10
and Splun ...)
+ TODO: check
+CVE-2024-36996 (In Splunk Enterprise versions below 9.2.2, 9.1.5, and 9.0.10
and Splun ...)
+ TODO: check
+CVE-2024-36995 (In Splunk Enterprise versions below 9.2.2, 9.1.5, and 9.0.10
and Splun ...)
+ TODO: check
+CVE-2024-36994 (In Splunk Enterprise versions below 9.2.2, 9.1.5, and 9.0.10
and Splun ...)
+ TODO: check
+CVE-2024-36993 (In Splunk Enterprise versions below 9.2.2, 9.1.5, and 9.0.10
and Splun ...)
+ TODO: check
+CVE-2024-36992 (In Splunk Enterprise versions below 9.2.2, 9.1.5, and 9.0.10
and Splun ...)
+ TODO: check
+CVE-2024-36991 (In Splunk Enterprise on Windows versions below 9.2.2, 9.1.5,
and 9.0.1 ...)
+ TODO: check
+CVE-2024-36990 (In Splunk Enterprise versions below 9.2.2, 9.1.5, and 9.0.10
and Splun ...)
+ TODO: check
+CVE-2024-36989 (In Splunk Enterprise versions below 9.2.2, 9.1.5, and 9.0.10
and Splun ...)
+ TODO: check
+CVE-2024-36987 (In Splunk Enterprise versions below 9.2.2, 9.1.5, and 9.0.10
and Splun ...)
+ TODO: check
+CVE-2024-36986 (In Splunk Enterprise versions below 9.2.2, 9.1.5, and 9.0.10
and Splun ...)
+ TODO: check
+CVE-2024-36985 (In Splunk Enterprise versions below 9.2.2, 9.1.5, and 9.0.10,
a low-pr ...)
+ TODO: check
+CVE-2024-36984 (In Splunk Enterprise versions below 9.2.2, 9.1.5, and 9.0.10
on Window ...)
+ TODO: check
+CVE-2024-36983 (In Splunk Enterprise versions below 9.2.2, 9.1.5, and 9.0.10
and Splun ...)
+ TODO: check
+CVE-2024-36982 (In Splunk Enterprise versions below 9.2.2, 9.1.5, and 9.0.10
and Splun ...)
+ TODO: check
+CVE-2024-36423 (Flowise is a drag & drop user interface to build a customized
large la ...)
+ TODO: check
+CVE-2024-36422 (Flowise is a drag & drop user interface to build a customized
large la ...)
+ TODO: check
+CVE-2024-36421 (Flowise is a drag & drop user interface to build a customized
large la ...)
+ TODO: check
+CVE-2024-36420 (Flowise is a drag & drop user interface to build a customized
large la ...)
+ TODO: check
+CVE-2024-36401 (GeoServer is an open source server that allows users to share
and edit ...)
+ TODO: check
+CVE-2024-34696 (GeoServer is an open source server that allows users to share
and edit ...)
+ TODO: check
+CVE-2024-24749 (GeoServer is an open source server that allows users to share
and edit ...)
+ TODO: check
+CVE-2024-23380 (Memory corruption while handling user packets during VBO bind
operatio ...)
+ TODO: check
+CVE-2024-23373 (Memory corruption when IOMMU unmap operation fails, the DMA
and anon b ...)
+ TODO: check
+CVE-2024-23372 (Memory corruption while invoking IOCTL call for GPU memory
allocation ...)
+ TODO: check
+CVE-2024-23368 (Memory corruption when allocating and accessing an entry in an
SMEM pa ...)
+ TODO: check
+CVE-2024-21586 (An Improper Check for Unusual or Exceptional Conditions
vulnerability ...)
+ TODO: check
+CVE-2024-21482 (Memory corruption during the secure boot process, when the
`bootm` com ...)
+ TODO: check
+CVE-2024-21469 (Memory corruption when an invoke call and a TEE call are bound
for the ...)
+ TODO: check
+CVE-2024-21466 (Information disclosure while parsing sub-IE length during new
IE gener ...)
+ TODO: check
+CVE-2024-21465 (Memory corruption while processing key blob passed by the
user.)
+ TODO: check
+CVE-2024-21462 (Transient DOS while loading the TA ELF file.)
+ TODO: check
+CVE-2024-21461 (Memory corruption while performing finish HMAC operation when
context ...)
+ TODO: check
+CVE-2024-21460 (Information disclosure when ASLR relocates the IMEM and Secure
DDR por ...)
+ TODO: check
+CVE-2024-21458 (Information disclosure while handling SA query action frame.)
+ TODO: check
+CVE-2024-21457 (INformation disclosure while handling Multi-link IE in beacon
frame.)
+ TODO: check
+CVE-2024-21456 (Information Disclosure while parsing beacon frame in STA.)
+ TODO: check
+CVE-2024-20399 (A vulnerability in the CLI of Cisco NX-OS Software could allow
an auth ...)
+ TODO: check
+CVE-2024-0153 (Improper Restriction of Operations within the Bounds of a
Memory Buffe ...)
+ TODO: check
+CVE-2023-43554 (Memory corruption while processing IOCTL handler in FastRPC.)
+ TODO: check
+CVE-2024-39573 (Potential SSRF in mod_rewrite in Apache HTTP Server 2.4.59 and
earlier ...)
- apache2 2.4.60-1
NOTE:
https://httpd.apache.org/security/vulnerabilities_24.html#CVE-2024-39573
-CVE-2024-38477
+CVE-2024-38477 (null pointer dereference in mod_proxy in Apache HTTP Server
2.4.59 and ...)
- apache2 2.4.60-1
NOTE:
https://httpd.apache.org/security/vulnerabilities_24.html#CVE-2024-38477
-CVE-2024-38476
+CVE-2024-38476 (Vulnerability in core of Apache HTTP Server 2.4.59 and earlier
are vul ...)
- apache2 2.4.60-1
NOTE:
https://httpd.apache.org/security/vulnerabilities_24.html#CVE-2024-38476
-CVE-2024-38475
+CVE-2024-38475 (Improper escaping of output in mod_rewrite in Apache HTTP
Server 2.4.5 ...)
- apache2 2.4.60-1
NOTE:
https://httpd.apache.org/security/vulnerabilities_24.html#CVE-2024-38475
-CVE-2024-38474
+CVE-2024-38474 (Substitution encoding issue in mod_rewrite in Apache HTTP
Server 2.4.5 ...)
- apache2 2.4.60-1
NOTE:
https://httpd.apache.org/security/vulnerabilities_24.html#CVE-2024-38474
-CVE-2024-38473
+CVE-2024-38473 (Encoding problem in mod_proxy in Apache HTTP Server 2.4.59 and
earlier ...)
- apache2 2.4.60-1
NOTE:
https://httpd.apache.org/security/vulnerabilities_24.html#CVE-2024-38473
-CVE-2024-38472
+CVE-2024-38472 (SSRF in Apache HTTP Server on Windows allows to potentially
leak NTML ...)
- apache2 2.4.60-1
NOTE:
https://httpd.apache.org/security/vulnerabilities_24.html#CVE-2024-38472
-CVE-2024-36387
+CVE-2024-36387 (Serving WebSocket protocol upgrades over a HTTP/2 connection
could res ...)
- apache2 2.4.60-1
NOTE:
https://httpd.apache.org/security/vulnerabilities_24.html#CVE-2024-36387
NOTE:
https://github.com/apache/httpd/commit/c69a51bff8157e403121f8436d85dde21ad28bd2
-CVE-2024-6387
+CVE-2024-6387 (A signal handler race condition was found in OpenSSH's server
(sshd), ...)
+ {DSA-5724-1}
- openssh 1:9.7p1-7
[bullseye] - openssh <not-affected> (Vulnerable code introduced later)
NOTE: Introduced with:
https://github.com/openssh/openssh-portable/commit/752250caabda3dd24635503c4cd689b32a650794
(V_8_5_P1)
View it on GitLab:
https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/ee21cac651f14c2294089fdfa112be7e5a62a3cb
--
This project does not include diff previews in email notifications.
View it on GitLab:
https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/ee21cac651f14c2294089fdfa112be7e5a62a3cb
You're receiving this email because of your account on salsa.debian.org.
_______________________________________________
debian-security-tracker-commits mailing list
[email protected]
https://alioth-lists.debian.net/cgi-bin/mailman/listinfo/debian-security-tracker-commits
