Salvatore Bonaccorso pushed to branch master at Debian Security Tracker /
security-tracker
Commits:
35c4e614 by security tracker role at 2024-07-10T20:12:16+00:00
automatic update
- - - - -
1 changed file:
- data/CVE/list
Changes:
=====================================
data/CVE/list
=====================================
@@ -1,3 +1,113 @@
+CVE-2024-6649 (A vulnerability has been found in SourceCodester Employee and
Visitor ...)
+ TODO: check
+CVE-2024-6647 (** UNSUPPORTED WHEN ASSIGNED ** A vulnerability classified as
critical ...)
+ TODO: check
+CVE-2024-6646 (A vulnerability was found in Netgear WN604 up to 20240710. It
has been ...)
+ TODO: check
+CVE-2024-6645 (A vulnerability was found in WuKongOpenSource Wukong_nocode up
to 2023 ...)
+ TODO: check
+CVE-2024-6644 (A vulnerability was found in zmops ArgusDBM up to 0.1.0. It has
been c ...)
+ TODO: check
+CVE-2024-6642
+ REJECTED
+CVE-2024-6630
+ REJECTED
+CVE-2024-6556 (The SmartCrawl WordPress SEO checker, SEO analyzer, SEO
optimizer plug ...)
+ TODO: check
+CVE-2024-6235 (Sensitive information disclosureinNetScaler Console)
+ TODO: check
+CVE-2024-5913 (An improper input validation vulnerability in Palo Alto
Networks PAN-O ...)
+ TODO: check
+CVE-2024-5912 (An improper file signature check in Palo Alto Networks Cortex
XDR agen ...)
+ TODO: check
+CVE-2024-5911 (An arbitrary file upload vulnerability in Palo Alto Networks
Panorama ...)
+ TODO: check
+CVE-2024-5910 (Missing authentication for a critical function in Palo Alto
Networks E ...)
+ TODO: check
+CVE-2024-5492 (Open redirect vulnerability allows a remote unauthenticated
attacker t ...)
+ TODO: check
+CVE-2024-5491 (Denial of Service in NetScaler ADC and NetScaler Gateway in
NetScaler)
+ TODO: check
+CVE-2024-5217 (ServiceNow has addressed an input validation vulnerability that
was id ...)
+ TODO: check
+CVE-2024-5178 (ServiceNow has addressed a sensitive file read vulnerability
that was ...)
+ TODO: check
+CVE-2024-4879 (ServiceNow has addressed an input validation vulnerability that
was id ...)
+ TODO: check
+CVE-2024-40417 (A vulnerability was found in Tenda AX1806 1.0.0.1. Affected by
this is ...)
+ TODO: check
+CVE-2024-40412 (Tenda AX12 v1.0 v22.03.01.46 contains a stack overflow in the
deviceLi ...)
+ TODO: check
+CVE-2024-40336 (idccms v1.35 is vulnerable to Cross Site Scripting (XSS)
within the 'I ...)
+ TODO: check
+CVE-2024-40334 (idccms v1.35 was discovered to contain a Cross-Site Request
Forgery (C ...)
+ TODO: check
+CVE-2024-40333 (idccms v1.35 was discovered to contain a Cross-Site Request
Forgery (C ...)
+ TODO: check
+CVE-2024-40332 (idccms v1.35 was discovered to contain a Cross-Site Request
Forgery (C ...)
+ TODO: check
+CVE-2024-40331 (idccms v1.35 was discovered to contain a Cross-Site Request
Forgery (C ...)
+ TODO: check
+CVE-2024-40329 (idccms v1.35 was discovered to contain a Cross-Site Request
Forgery (C ...)
+ TODO: check
+CVE-2024-40328 (idccms v1.35 was discovered to contain a Cross-Site Request
Forgery (C ...)
+ TODO: check
+CVE-2024-3799 (Insecure handling of POST header parameter bodyincluded in
requests be ...)
+ TODO: check
+CVE-2024-3798 (Insecure handling of GET header parameter fileincluded in
requests bei ...)
+ TODO: check
+CVE-2024-3325 (Vulnerability in Jaspersoft JasperReport Servers.This issue
affects Ja ...)
+ TODO: check
+CVE-2024-39693 (Next.js is a React framework. A Denial of Service (DoS)
condition was ...)
+ TODO: check
+CVE-2024-38354 (CodiMD allows realtime collaborative markdown notes on all
platforms. ...)
+ TODO: check
+CVE-2024-38353 (CodiMD allows realtime collaborative markdown notes on all
platforms. ...)
+ TODO: check
+CVE-2024-37770 (14Finger v1.1 was discovered to contain a remote command
execution (RC ...)
+ TODO: check
+CVE-2024-37504 (Exposure of Sensitive Information to an Unauthorized Actor
vulnerabili ...)
+ TODO: check
+CVE-2024-37498 (Exposure of Sensitive Information to an Unauthorized Actor
vulnerabili ...)
+ TODO: check
+CVE-2024-37310 (EVerest is an EV charging software stack. An integer overflow
in the " ...)
+ TODO: check
+CVE-2024-37270 (Insertion of Sensitive Information into Log File vulnerability
in Trus ...)
+ TODO: check
+CVE-2024-37205 (Insertion of Sensitive Information into Log File vulnerability
in SERV ...)
+ TODO: check
+CVE-2024-37149 (GLPI is an open-source asset and IT management software
package that p ...)
+ TODO: check
+CVE-2024-37148 (GLPI is an open-source asset and IT management software
package that p ...)
+ TODO: check
+CVE-2024-37147 (GLPI is an open-source asset and IT management software
package that p ...)
+ TODO: check
+CVE-2024-37115 (Exposure of Sensitive Information to an Unauthorized Actor
vulnerabili ...)
+ TODO: check
+CVE-2024-37113 (Exposure of Sensitive Information to an Unauthorized Actor
vulnerabili ...)
+ TODO: check
+CVE-2024-37110 (Exposure of Sensitive Information to an Unauthorized Actor
vulnerabili ...)
+ TODO: check
+CVE-2024-32759 (Under certain circumstances the Software House C\u25cfCURE
9000 instal ...)
+ TODO: check
+CVE-2024-32469 (Decidim is a participatory democracy framework. The pagination
feature ...)
+ TODO: check
+CVE-2024-28828 (Cross-Site request forgery in Checkmk < 2.3.0p8, < 2.2.0p29, <
2.1.0p4 ...)
+ TODO: check
+CVE-2024-28827 (Incorrect permissions on the Checkmk Windows Agent's data
directory in ...)
+ TODO: check
+CVE-2024-27095 (Decidim is a participatory democracy framework. The admin
panel is sub ...)
+ TODO: check
+CVE-2024-27090 (Decidim is a participatory democracy framework, written in
Ruby on Rai ...)
+ TODO: check
+CVE-2024-20456 (A vulnerability in the boot process of Cisco IOS XR Software
could all ...)
+ TODO: check
+CVE-2023-35006 (IBM Security QRadar EDR 3.12 is vulnerable to HTML injection.
A remote ...)
+ TODO: check
+CVE-2023-33860 (IBM Security QRadar EDR 3.12 does not set the secure attribute
on auth ...)
+ TODO: check
+CVE-2023-33859 (IBM Security QRadar EDR 3.12 could disclose sensitive
information due ...)
+ TODO: check
CVE-2024-6550 (The Gravity Forms: Multiple Form Instances plugin for WordPress
is vul ...)
NOT-FOR-US: WordPress plugin
CVE-2024-6433 (Relative Path Traversal in GitHub repository stitionai/devika
prior to ...)
@@ -777,7 +887,7 @@ CVE-2024-27360 (A vulnerability was discovered in Samsung
Mobile Processors Exyn
NOT-FOR-US: Samsung
CVE-2024-27183 (XSS vulnerability in DJ-HelpfulArticles component for Joomla.)
NOT-FOR-US: Joomla extension
-CVE-2024-26279 (Inadequate content filtering leads to XSS vulnerabilities in
various c ...)
+CVE-2024-26279 (The wrapper extensions do not correctly validate inputs,
leading to XS ...)
NOT-FOR-US: Joomla extension
CVE-2024-26278 (The Custom Fields component not correctly filter inputs,
leading to a ...)
NOT-FOR-US: Joomla extension
@@ -928,22 +1038,26 @@ CVE-2024-6605 (Firefox Android allowed immediate
interaction with permission pro
- firefox <not-affected> (Only affects Firefox on Android)
NOTE:
https://www.mozilla.org/en-US/security/advisories/mfsa2024-29/#CVE-2024-6605
CVE-2024-6604 (Memory safety bugs present in Firefox 127, Firefox ESR 115.12,
and Thu ...)
+ {DSA-5727-1}
- firefox <unfixed>
- firefox-esr 115.13.0esr-1
NOTE:
https://www.mozilla.org/en-US/security/advisories/mfsa2024-29/#CVE-2024-6604
NOTE:
https://www.mozilla.org/en-US/security/advisories/mfsa2024-30/#CVE-2024-6604
CVE-2024-6603 (In an out-of-memory scenario an allocation could fail but free
would h ...)
+ {DSA-5727-1}
- firefox <unfixed>
- firefox-esr 115.13.0esr-1
NOTE:
https://www.mozilla.org/en-US/security/advisories/mfsa2024-29/#CVE-2024-6603
NOTE:
https://www.mozilla.org/en-US/security/advisories/mfsa2024-30/#CVE-2024-6603
CVE-2024-6602 (A mismatch between allocator and deallocator could have lead to
memory ...)
+ {DSA-5727-1}
- firefox <unfixed>
- firefox-esr 115.13.0esr-1
NOTE:
https://www.mozilla.org/en-US/security/advisories/mfsa2024-29/#CVE-2024-6602
NOTE:
https://www.mozilla.org/en-US/security/advisories/mfsa2024-30/#CVE-2024-6602
TODO: check how its related to src:nss and if src:nss tracking is
necessary
CVE-2024-6601 (A race condition could lead to a cross-origin container
obtaining perm ...)
+ {DSA-5727-1}
- firefox <unfixed>
- firefox-esr 115.13.0esr-1
NOTE:
https://www.mozilla.org/en-US/security/advisories/mfsa2024-29/#CVE-2024-6601
@@ -1171,7 +1285,7 @@ CVE-2024-25639 (Khoj is an application that creates
personal AI agents. The Khoj
CVE-2024-24974 (The interactive service in OpenVPN 2.6.9 and earlier allows
the OpenVP ...)
- openvpn <not-affected> (Only affects Windows)
NOTE:
https://openvpn.net/security-advisory/ovpnx-vulnerability-cve-2024-27903-cve-2024-27459-cve-2024-24974/
-CVE-2024-23562 (This vulnerability is re-assessed. Vulnerability details will
be updat ...)
+CVE-2024-23562 (This vulnerability is being re-assessed. Vulnerability details
will be ...)
NOT-FOR-US: HCL Domino
CVE-2024-21778 (A heap-based buffer overflow vulnerability exists in the
configuration ...)
NOT-FOR-US: Realtek rtl819x Jungle SDK
@@ -1237,7 +1351,7 @@ CVE-2024-31897 (IBM Cloud Pak for Business Automation
18.0.0, 18.0.1, 18.0.2, 19
NOT-FOR-US: IBM
CVE-2024-6229 (A stored cross-site scripting (XSS) vulnerability exists in the
'Uploa ...)
NOT-FOR-US: stangirard/quivr
-CVE-2024-40614 (EGroupware before 23.1.20240624 mishandles an ORDER BY clause.)
+CVE-2024-40614 (EGroupware before 23.1.20240624 mishandles an ORDER BY clause.
This le ...)
NOT-FOR-US: EGroupware
CVE-2024-40605 (An issue was discovered in the Foreground skin for MediaWiki
through 1 ...)
NOT-FOR-US: Foreground skin for MediaWiki
View it on GitLab:
https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/35c4e614e885981647c43bca0518441a68e4d54d
--
This project does not include diff previews in email notifications.
View it on GitLab:
https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/35c4e614e885981647c43bca0518441a68e4d54d
You're receiving this email because of your account on salsa.debian.org.
_______________________________________________
debian-security-tracker-commits mailing list
[email protected]
https://alioth-lists.debian.net/cgi-bin/mailman/listinfo/debian-security-tracker-commits
