Salvatore Bonaccorso pushed to branch master at Debian Security Tracker /
security-tracker
Commits:
be06487e by security tracker role at 2024-07-11T20:12:26+00:00
automatic update
- - - - -
1 changed file:
- data/CVE/list
Changes:
=====================================
data/CVE/list
=====================================
@@ -1,3 +1,107 @@
+CVE-2024-6681 (A vulnerability, which was classified as critical, has been
found in w ...)
+ TODO: check
+CVE-2024-6680 (A vulnerability classified as critical was found in witmy
my-springsec ...)
+ TODO: check
+CVE-2024-6679 (A vulnerability classified as critical has been found in witmy
my-spri ...)
+ TODO: check
+CVE-2024-6643
+ REJECTED
+CVE-2024-6531 (A vulnerability has been identified in Bootstrap that exposes
users to ...)
+ TODO: check
+CVE-2024-6528 (CWE-79: Improper Neutralization of Input During Web Page
Generation (' ...)
+ TODO: check
+CVE-2024-6485 (A security vulnerability has been discovered in bootstrap that
could e ...)
+ TODO: check
+CVE-2024-6484 (A vulnerability has been identified in Bootstrap that exposes
users to ...)
+ TODO: check
+CVE-2024-6407 (CWE-200: Information Exposure vulnerability exists that could
cause di ...)
+ TODO: check
+CVE-2024-6035 (A Stored Cross-Site Scripting (XSS) vulnerability exists in
gaizhenbia ...)
+ TODO: check
+CVE-2024-5681 (CWE-20: Improper Input Validation vulnerability exists that
could caus ...)
+ TODO: check
+CVE-2024-5680 (CWE-129: Improper Validation of Array Index vulnerability
exists that ...)
+ TODO: check
+CVE-2024-5679 (CWE-787: Out-of-Bounds Write vulnerability exists that could
cause loc ...)
+ TODO: check
+CVE-2024-39905 (Red is a fully modular Discord bot. Due to a bug in Red's Core
API, 3r ...)
+ TODO: check
+CVE-2024-39904 (VNote is a note-taking platform. Prior to 3.18.1, a code
execution vul ...)
+ TODO: check
+CVE-2024-39553 (An Exposure of Resource to Wrong Sphere vulnerability in the
sampling ...)
+ TODO: check
+CVE-2024-39552 (An Improper Handling of Exceptional Conditions vulnerability
in the ro ...)
+ TODO: check
+CVE-2024-39551 (An Uncontrolled Resource Consumption vulnerability in the
H.323 ALG (A ...)
+ TODO: check
+CVE-2024-39550 (A Missing Release of Memory after Effective Lifetime
vulnerability in ...)
+ TODO: check
+CVE-2024-39549 (A Missing Release of Memory after Effective Lifetime
vulnerability in ...)
+ TODO: check
+CVE-2024-39548 (An Uncontrolled Resource Consumption vulnerability in the
aftmand proc ...)
+ TODO: check
+CVE-2024-39546 (A Missing Authorization vulnerability in the Socket Intercept
(SI) com ...)
+ TODO: check
+CVE-2024-39545 (An Improper Check for Unusual or Exceptional Conditions
vulnerability ...)
+ TODO: check
+CVE-2024-39543 (A Buffer Copy without Checking Size of Inputvulnerability in
the routi ...)
+ TODO: check
+CVE-2024-39542 (An Improper Validation of Syntactic Correctness of Input
vulnerability ...)
+ TODO: check
+CVE-2024-39541 (An Improper Handling of Exceptional Conditions vulnerability
in the Ro ...)
+ TODO: check
+CVE-2024-39540 (An Improper Check for Unusual or Exceptional Conditions
vulnerability ...)
+ TODO: check
+CVE-2024-39539 (A Missing Release of Memory after Effective Lifetime
vulnerability in ...)
+ TODO: check
+CVE-2024-39538 (A Buffer Copy without Checking Size of Input vulnerability in
the PFE ...)
+ TODO: check
+CVE-2024-39537 (An Improper Restriction of Communication Channel to Intended
Endpoints ...)
+ TODO: check
+CVE-2024-39536 (A Missing Release of Memory after Effective Lifetime
vulnerability in ...)
+ TODO: check
+CVE-2024-39535 (An Improper Check for Unusual or Exceptional Conditions
vulnerability ...)
+ TODO: check
+CVE-2024-39533 (An Unimplemented or Unsupported Feature in the UI
vulnerability in Jun ...)
+ TODO: check
+CVE-2024-39532 (AnInsertion of Sensitive Information into Log File
vulnerability in Ju ...)
+ TODO: check
+CVE-2024-39531 (An Improper Handling of Values vulnerability in the Packet
Forwarding ...)
+ TODO: check
+CVE-2024-39530 (An Improper Check for Unusual or Exceptional Conditions
vulnerability ...)
+ TODO: check
+CVE-2024-39529 (A Use of Externally-Controlled Format String vulnerability in
the Pack ...)
+ TODO: check
+CVE-2024-39528 (A Use After Free vulnerability in the Routing Protocol Daemon
(rpd) of ...)
+ TODO: check
+CVE-2024-39524 (An Improper Neutralization of Special Elements vulnerability
in Junipe ...)
+ TODO: check
+CVE-2024-39523 (An Improper Neutralization of Special Elements vulnerability
in Junipe ...)
+ TODO: check
+CVE-2024-39522 (An Improper Neutralization of Special Elements vulnerability
in Junipe ...)
+ TODO: check
+CVE-2024-39521 (An Improper Neutralization of Special Elements vulnerability
in Junipe ...)
+ TODO: check
+CVE-2024-39520 (AnImproper Neutralization of Special Elements vulnerability in
Juniper ...)
+ TODO: check
+CVE-2024-39519 (An Improper Check for Unusual or Exceptional Conditions
vulnerability ...)
+ TODO: check
+CVE-2024-39317 (Wagtail is an open source content management system built on
Django. A ...)
+ TODO: check
+CVE-2024-38536 (Suricata is a network Intrusion Detection System, Intrusion
Prevention ...)
+ TODO: check
+CVE-2024-38535 (Suricata is a network Intrusion Detection System, Intrusion
Prevention ...)
+ TODO: check
+CVE-2024-38534 (Suricata is a network Intrusion Detection System, Intrusion
Prevention ...)
+ TODO: check
+CVE-2024-37151 (Suricata is a network Intrusion Detection System, Intrusion
Prevention ...)
+ TODO: check
+CVE-2024-32753 (Under certain circumstances the camera may be susceptible to
known vul ...)
+ TODO: check
+CVE-2024-2602 (CWE-22: Improper Limitation of a Pathname to a Restricted
Directory (' ...)
+ TODO: check
+CVE-2024-28872 (The TLS certificate validation code is flawed. An attacker can
obtain ...)
+ TODO: check
CVE-2024-6676 (A vulnerability has been found in witmy my-springsecurity-plus
up to 2 ...)
TODO: check
CVE-2024-6666 (The WP ERP plugin for WordPress is vulnerable to SQL Injection
via the ...)
@@ -2485,10 +2589,12 @@ CVE-2024-39884 (A regression in the core of Apache HTTP
Server 2.4.60 ignores so
NOTE: Introduced by
https://github.com/apache/httpd/commit/925b6f0ceb8983a11662b5f3a6f2fa75860c2cde
NOTE: Likely a regression during fix of CVE-2024-38476
CVE-2024-39573 (Potential SSRF in mod_rewrite in Apache HTTP Server 2.4.59 and
earlier ...)
+ {DSA-5729-1}
- apache2 2.4.60-1
NOTE:
https://httpd.apache.org/security/vulnerabilities_24.html#CVE-2024-39573
NOTE: likely fix according to comment in code
https://github.com/apache/httpd/commit/9494aa8d52e3c263bc0413b77ac8a73b0d524388
CVE-2024-38477 (null pointer dereference in mod_proxy in Apache HTTP Server
2.4.59 and ...)
+ {DSA-5729-1}
- apache2 2.4.60-1
NOTE:
https://httpd.apache.org/security/vulnerabilities_24.html#CVE-2024-38477
NOTE: Fixed by
https://github.com/apache/httpd/commit/1d98d4db186e708f059336fb9342d0adb6925e85
@@ -2496,12 +2602,14 @@ CVE-2024-38477 (null pointer dereference in mod_proxy
in Apache HTTP Server 2.4.
NOTE: Regression identified by Ubuntu
https://bugs.launchpad.net/ubuntu/+source/apache2/+bug/2072648
NOTE: Rgression fixed by
https://github.com/apache/httpd/commit/4d3a308014be26e5407113b4c827a1ea2882bf38
CVE-2024-38476 (Vulnerability in core of Apache HTTP Server 2.4.59 and earlier
are vul ...)
+ {DSA-5729-1}
- apache2 2.4.60-1
NOTE:
https://httpd.apache.org/security/vulnerabilities_24.html#CVE-2024-38476
NOTE: Fixed by
https://github.com/apache/httpd/commit/925b6f0ceb8983a11662b5f3a6f2fa75860c2cde
NOTE: (or https://svn.apache.org/viewvc?view=revision&revision=1918560)
NOTE: see also regression CVE-2024-39884
CVE-2024-38475 (Improper escaping of output in mod_rewrite in Apache HTTP
Server 2.4.5 ...)
+ {DSA-5729-1}
- apache2 2.4.60-1
NOTE:
https://httpd.apache.org/security/vulnerabilities_24.html#CVE-2024-38475
NOTE: same fix as CVE-2024-28474
@@ -2509,6 +2617,7 @@ CVE-2024-38475 (Improper escaping of output in
mod_rewrite in Apache HTTP Server
NOTE: Need also log fix
https://github.com/apache/httpd/commit/4797330ad813d9f8a2bb1b3b8d03ceb523dc4884
NOTE: (or https://svn.apache.org/viewvc?view=revision&revision=1918561)
CVE-2024-38474 (Substitution encoding issue in mod_rewrite in Apache HTTP
Server 2.4.5 ...)
+ {DSA-5729-1}
- apache2 2.4.60-1
NOTE:
https://httpd.apache.org/security/vulnerabilities_24.html#CVE-2024-38474
NOTE: same fix as CVE-2024-28475
@@ -2516,6 +2625,7 @@ CVE-2024-38474 (Substitution encoding issue in
mod_rewrite in Apache HTTP Server
NOTE: need also log fix
https://github.com/apache/httpd/commit/4797330ad813d9f8a2bb1b3b8d03ceb523dc4884
NOTE: (or https://svn.apache.org/viewvc?view=revision&revision=1918561)
CVE-2024-38473 (Encoding problem in mod_proxy in Apache HTTP Server 2.4.59 and
earlier ...)
+ {DSA-5729-1}
- apache2 2.4.60-1
NOTE:
https://httpd.apache.org/security/vulnerabilities_24.html#CVE-2024-38473
NOTE: https://github.com/apache/httpd/pull/457
@@ -2531,6 +2641,7 @@ CVE-2024-38472 (SSRF in Apache HTTP Server on Windows
allows to potentially leak
NOTE:
https://github.com/apache/httpd/commit/12542a80324b69ad6a1a489e1b697398551a5fe0
NOTE: Only affects Apache HTTP Server on Windows
CVE-2024-36387 (Serving WebSocket protocol upgrades over a HTTP/2 connection
could res ...)
+ {DSA-5729-1}
- apache2 2.4.60-1
NOTE:
https://httpd.apache.org/security/vulnerabilities_24.html#CVE-2024-36387
NOTE:
https://github.com/apache/httpd/commit/c69a51bff8157e403121f8436d85dde21ad28bd2
@@ -7764,7 +7875,7 @@ CVE-2024-23518 (Missing Authorization vulnerability in
Navneil Naicker ACF Photo
NOT-FOR-US: WordPress plugin
CVE-2024-23503 (Missing Authorization vulnerability in WPManageNinja LLC Ninja
Tables. ...)
NOT-FOR-US: WordPress plugin
-CVE-2024-23111 (A use of password hash with insufficient computational effort
vulnerab ...)
+CVE-2024-23111 (An improper neutralization of input during web page Generation
('Cross ...)
NOT-FOR-US: FortiGuard
CVE-2024-23110 (A stack-based buffer overflow in Fortinet FortiOS version
7.4.0 throug ...)
NOT-FOR-US: FortiGuard
View it on GitLab:
https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/be06487e71c5d9d65a362add2c90c9d6e0c27b67
--
This project does not include diff previews in email notifications.
View it on GitLab:
https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/be06487e71c5d9d65a362add2c90c9d6e0c27b67
You're receiving this email because of your account on salsa.debian.org.
_______________________________________________
debian-security-tracker-commits mailing list
[email protected]
https://alioth-lists.debian.net/cgi-bin/mailman/listinfo/debian-security-tracker-commits
