[Git][security-tracker-team/security-tracker][master] automatic update

Salvatore Bonaccorso (@carnil) Mon, 08 Jul 2024 13:13:06 -0700


Salvatore Bonaccorso pushed to branch master at Debian Security Tracker / 
security-tracker



Commits:
abb6491b by security tracker role at 2024-07-08T20:12:42+00:00
automatic update

- - - - -


1 changed file:

- data/CVE/list


Changes:

=====================================
data/CVE/list
=====================================
@@ -1,3 +1,101 @@
+CVE-2024-6580 (The /n software IPWorks SSH library SFTPServer component can be 
induce ...)
+       TODO: check
+CVE-2024-6564 (Buffer overflow in "rcar_dev_init"  due to using due to using 
untruste ...)
+       TODO: check
+CVE-2024-6563 (Buffer Copy without Checking Size of Input ('Classic Buffer 
Overflow') ...)
+       TODO: check
+CVE-2024-6227 (A vulnerability in aimhubio/aim version 3.19.3 allows an 
attacker to c ...)
+       TODO: check
+CVE-2024-6163 (Certain http endpoints of Checkmk in Checkmk < 2.3.0p10 < 
2.2.0p31, <  ...)
+       TODO: check
+CVE-2024-4882 (The user may be redirected to an arbitrary site in Sitefinity 
15.1.832 ...)
+       TODO: check
+CVE-2024-4341 (Improper Privilege Management vulnerability in Ekstrem Bir 
Bilgisayar  ...)
+       TODO: check
+CVE-2024-39896 (Directus is a real-time API and App dashboard for managing SQL 
databas ...)
+       TODO: check
+CVE-2024-39895 (Directus is a real-time API and App dashboard for managing SQL 
databas ...)
+       TODO: check
+CVE-2024-39743 (IBM MQ Operator 3.2.2 and IBM MQ Operator 2.0.24 could allow a 
user to ...)
+       TODO: check
+CVE-2024-39742 (IBM MQ Operator 3.2.2 and IBM MQ Operator 2.0.24 could allow a 
user to ...)
+       TODO: check
+CVE-2024-39701 (Directus is a real-time API and App dashboard for managing SQL 
databas ...)
+       TODO: check
+CVE-2024-39699 (Directus is a real-time API and App dashboard for managing SQL 
databas ...)
+       TODO: check
+CVE-2024-39695 (Exiv2 is a command-line utility and C++ library for reading, 
writing,  ...)
+       TODO: check
+CVE-2024-39677 (NHibernate is an object-relational mapper for the .NET 
framework. A SQ ...)
+       TODO: check
+CVE-2024-39312 (Botan is a C++ cryptography library. X.509 certificates can 
identify e ...)
+       TODO: check
+CVE-2024-39308 (RailsAdmin is a Rails engine that provides an interface for 
managing d ...)
+       TODO: check
+CVE-2024-39203 (A cross-site scripting (XSS) vulnerability in the Backend 
Theme Manage ...)
+       TODO: check
+CVE-2024-39202 (D-Link DIR-823X firmware - 240126 was discovered to contain a 
remote c ...)
+       TODO: check
+CVE-2024-37999 (A vulnerability has been identified in Medicalis Workflow 
Orchestrator ...)
+       TODO: check
+CVE-2024-34702 (Botan is a C++ cryptography library. X.509 certificates can 
identify e ...)
+       TODO: check
+CVE-2024-31504 (Buffer Overflow vulnerability in SILA Embedded Solutions GmbH 
freemodb ...)
+       TODO: check
+CVE-2024-27903 (OpenVPN plug-ins on Windows with OpenVPN 2.6.9 and earlier 
could be lo ...)
+       TODO: check
+CVE-2024-27459 (The interactive service in OpenVPN 2.6.9 and earlier allows an 
attacke ...)
+       TODO: check
+CVE-2024-25639 (Khoj is an application that creates personal AI agents. The 
Khoj Obsid ...)
+       TODO: check
+CVE-2024-24974 (The interactive service in OpenVPN 2.6.9 and earlier allows 
the OpenVP ...)
+       TODO: check
+CVE-2024-23562 (A security vulnerability in HCL Domino could allow disclosure 
of sensi ...)
+       TODO: check
+CVE-2024-21778 (A heap-based buffer overflow vulnerability exists in the 
configuration ...)
+       TODO: check
+CVE-2024-1305 (tap-windows6 driver version 9.26 and earlier does not properly  
check  ...)
+       TODO: check
+CVE-2023-50383 (Three os command injection vulnerabilities exist in the boa 
formWsc fu ...)
+       TODO: check
+CVE-2023-50382 (Three os command injection vulnerabilities exist in the boa 
formWsc fu ...)
+       TODO: check
+CVE-2023-50381 (Three os command injection vulnerabilities exist in the boa 
formWsc fu ...)
+       TODO: check
+CVE-2023-50330 (A stack-based buffer overflow vulnerability exists in the boa 
getInfo  ...)
+       TODO: check
+CVE-2023-50244 (Two stack-based buffer overflow vulnerabilities exist in the 
boa formI ...)
+       TODO: check
+CVE-2023-50243 (Two stack-based buffer overflow vulnerabilities exist in the 
boa formI ...)
+       TODO: check
+CVE-2023-50240 (Two stack-based buffer overflow vulnerabilities exist in the 
boa set_R ...)
+       TODO: check
+CVE-2023-50239 (Two stack-based buffer overflow vulnerabilities exist in the 
boa set_R ...)
+       TODO: check
+CVE-2023-49867 (A stack-based buffer overflow vulnerability exists in the boa 
formWsc  ...)
+       TODO: check
+CVE-2023-49595 (A stack-based buffer overflow vulnerability exists in the boa 
rollback ...)
+       TODO: check
+CVE-2023-49593 (Leftover debug code exists in the boa formSysCmd functionality 
of Leve ...)
+       TODO: check
+CVE-2023-49073 (A stack-based buffer overflow vulnerability exists in the boa 
formFilt ...)
+       TODO: check
+CVE-2023-48270 (A stack-based buffer overflow vulnerability exists in the boa 
formDnsv ...)
+       TODO: check
+CVE-2023-47856 (A stack-based buffer overflow vulnerability exists in the boa 
set_Radv ...)
+       TODO: check
+CVE-2023-47677 (A cross-site request forgery (csrf) vulnerability exists in 
the boa CS ...)
+       TODO: check
+CVE-2023-46685 (A hard-coded password vulnerability exists in the telnetd 
functionalit ...)
+       TODO: check
+CVE-2023-45742 (An integer overflow vulnerability exists in the boa 
updateConfigIntoFl ...)
+       TODO: check
+CVE-2023-45215 (A stack-based buffer overflow vulnerability exists in the boa 
setRepea ...)
+       TODO: check
+CVE-2023-41251 (A stack-based buffer overflow vulnerability exists in the boa 
formRout ...)
+       TODO: check
+CVE-2023-34435 (A firmware update vulnerability exists in the boa formUpload 
functiona ...)
+       TODO: check
 CVE-2024-6539 (A vulnerability classified as problematic has been found in 
heyewei Sp ...)
        NOT-FOR-US: heyewei SpringBootCMS
 CVE-2024-5711 (Cross-site Scripting (XSS) - Stored in GitHub repository 
stitionai/dev ...)
@@ -1033,7 +1131,7 @@ CVE-2024-36387 (Serving WebSocket protocol upgrades over 
a HTTP/2 connection cou
        - apache2 2.4.60-1
        NOTE: 
https://httpd.apache.org/security/vulnerabilities_24.html#CVE-2024-36387
        NOTE: 
https://github.com/apache/httpd/commit/c69a51bff8157e403121f8436d85dde21ad28bd2
-CVE-2024-6409 [Possible remote code execution in privsep child due to a race 
condition in signal handling]
+CVE-2024-6409 (A signal handler race condition vulnerability was found in 
OpenSSH's s ...)
        - openssh <not-affected> (Exploitable issue in RHEL9 packaged versions)
        NOTE: https://www.openwall.com/lists/oss-security/2024/07/08/2
 CVE-2024-6387 (A security regression (CVE-2006-5051) was discovered in 
OpenSSH's serv ...)



View it on GitLab: 
https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/abb6491b5de702153b563b76517b4e4dd77b691a

-- 
This project does not include diff previews in email notifications.
View it on GitLab: 
https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/abb6491b5de702153b563b76517b4e4dd77b691a
You're receiving this email because of your account on salsa.debian.org.

_______________________________________________
debian-security-tracker-commits mailing list
[email protected]
https://alioth-lists.debian.net/cgi-bin/mailman/listinfo/debian-security-tracker-commits

[Git][security-tracker-team/security-tracker][master] automatic update

Reply via email to