Salvatore Bonaccorso pushed to branch master at Debian Security Tracker /
security-tracker
Commits:
95fdbcd6 by security tracker role at 2024-07-17T20:11:46+00:00
automatic update
- - - - -
1 changed file:
- data/CVE/list
Changes:
=====================================
data/CVE/list
=====================================
@@ -1,3 +1,121 @@
+CVE-2024-6834 (A vulnerability in APIML Spring Cloud Gateway which leverages
user pri ...)
+ TODO: check
+CVE-2024-6833 (A vulnerability in Zowe CLI allows local, privileged actors to
store p ...)
+ TODO: check
+CVE-2024-6830 (A vulnerability, which was classified as critical, was found in
Source ...)
+ TODO: check
+CVE-2024-6765
+ REJECTED
+CVE-2024-5471 (Zohocorp ManageEngine DDI Central versions 4001 and prior were
vulnera ...)
+ TODO: check
+CVE-2024-40641 (Nuclei is a fast and customizable vulnerability scanner based
on simpl ...)
+ TODO: check
+CVE-2024-40640 (vodozemac is an open source implementation of Olm and Megolm
in pure R ...)
+ TODO: check
+CVE-2024-40639
+ REJECTED
+CVE-2024-40636 (Steeltoe is an open source project that provides a collection
of libra ...)
+ TODO: check
+CVE-2024-40633 (Sylius is an Open Source eCommerce Framework on Symfony. A
security vu ...)
+ TODO: check
+CVE-2024-40617 (Path traversal vulnerability exists in FUJITSU Network Edgiot
GW1500 ( ...)
+ TODO: check
+CVE-2024-40420 (A Server-Side Template Injection (SSTI) vulnerability in the
edit them ...)
+ TODO: check
+CVE-2024-40402 (A SQL injection vulnerability was found in 'ajax.php' of
Sourcecodeste ...)
+ TODO: check
+CVE-2024-40119 (Nepstech Wifi Router xpon (terminal) model NTPL-Xpon1GFEVN
v.1.0 Firmw ...)
+ TODO: check
+CVE-2024-39126 (Roundup before 2.4.0 allows XSS via JavaScript in PDF, XML,
and SVG do ...)
+ TODO: check
+CVE-2024-39125 (Roundup before 2.4.0 allows XSS via a SCRIPT element in an
HTTP Refere ...)
+ TODO: check
+CVE-2024-39124 (In Roundup before 2.4.0, classhelpers (_generic.help.html)
allow XSS.)
+ TODO: check
+CVE-2024-38870 (Zohocorp ManageEngine OpManager, OpManager Plus, OpManager MSP
and OpM ...)
+ TODO: check
+CVE-2024-38447 (NATO NCI ANET 3.4.1 allows Insecure Direct Object Reference
via a modi ...)
+ TODO: check
+CVE-2024-38446 (NATO NCI ANET 3.4.1 mishandles report ownership. A user can
create a r ...)
+ TODO: check
+CVE-2024-36491 (FutureNet NXR series, VXR series and WXR series provided by
Century Sy ...)
+ TODO: check
+CVE-2024-36475 (FutureNet NXR series, VXR series and WXR series provided by
Century Sy ...)
+ TODO: check
+CVE-2024-32981 (Silverstripe framework is the PHP framework forming the base
for the S ...)
+ TODO: check
+CVE-2024-31979 (Server-Side Request Forgery (SSRF) vulnerability in Apache
StreamPipes ...)
+ TODO: check
+CVE-2024-31411 (Unrestricted Upload of File with dangerous type vulnerability
in Apach ...)
+ TODO: check
+CVE-2024-31070 (Initialization of a resource with an insecure default
vulnerability in ...)
+ TODO: check
+CVE-2024-30471 (Time-of-check Time-of-use (TOCTOU) Race Condition
vulnerability in Apa ...)
+ TODO: check
+CVE-2024-29885 (silverstripe/reports is an API for creating backend reports in
the Sil ...)
+ TODO: check
+CVE-2024-29737 (In streampark, the project module integrates Maven's
compilation capab ...)
+ TODO: check
+CVE-2024-29120 (In Streampark (version < 2.1.4), when a user logged in
successfully, t ...)
+ TODO: check
+CVE-2024-28993 (The SolarWinds Access Rights Manager was susceptible to a
Directory Tr ...)
+ TODO: check
+CVE-2024-28992 (The SolarWinds Access Rights Manager was susceptible to a
Directory Tr ...)
+ TODO: check
+CVE-2024-28796 (IBM ClearQuest (CQ) 9.1 through 9.1.0.6 is vulnerable to
stored cross- ...)
+ TODO: check
+CVE-2024-28074 (It was discovered that a previous vulnerability was not
completely fix ...)
+ TODO: check
+CVE-2024-27311 (Zohocorp ManageEngine DDI Central versions 4001 and prior were
vulnera ...)
+ TODO: check
+CVE-2024-23475 (The SolarWinds Access Rights Manager was susceptible to a
Directory Tr ...)
+ TODO: check
+CVE-2024-23474 (The SolarWinds Access Rights Manager was found to be
susceptible to an ...)
+ TODO: check
+CVE-2024-23472 (SolarWinds Access Rights Manager (ARM) is susceptible to
Directory Tra ...)
+ TODO: check
+CVE-2024-23471 (The SolarWinds Access Rights Manager was found to be
susceptible to a ...)
+ TODO: check
+CVE-2024-23470 (The SolarWinds Access Rights Manager was found to be
susceptible to a ...)
+ TODO: check
+CVE-2024-23469 (SolarWinds Access Rights Manager (ARM) is susceptible to a
Remote Code ...)
+ TODO: check
+CVE-2024-23468 (The SolarWinds Access Rights Manager was susceptible to a
Directory Tr ...)
+ TODO: check
+CVE-2024-23467 (The SolarWinds Access Rights Manager was susceptible to a
Directory Tr ...)
+ TODO: check
+CVE-2024-23466 (SolarWinds Access Rights Manager (ARM) is susceptible to a
Directory T ...)
+ TODO: check
+CVE-2024-23465 (The SolarWinds Access Rights Manager was found to be
susceptible to an ...)
+ TODO: check
+CVE-2024-20435 (A vulnerability in the CLI of Cisco AsyncOS for Secure Web
Appliance c ...)
+ TODO: check
+CVE-2024-20429 (A vulnerability in the web-based management interface of Cisco
AsyncOS ...)
+ TODO: check
+CVE-2024-20419 (A vulnerability in the authentication system of Cisco Smart
Software M ...)
+ TODO: check
+CVE-2024-20416 (A vulnerability in the upload module of Cisco RV340 and RV345
Dual WAN ...)
+ TODO: check
+CVE-2024-20401 (A vulnerability in the content scanning and message filtering
features ...)
+ TODO: check
+CVE-2024-20400 (A vulnerability in the web-based management interface of Cisco
Express ...)
+ TODO: check
+CVE-2024-20396 (A vulnerability in the protocol handlers of Cisco Webex App
could allo ...)
+ TODO: check
+CVE-2024-20395 (A vulnerability in the media retrieval functionality of Cisco
Webex Ap ...)
+ TODO: check
+CVE-2024-20323 (A vulnerability in Cisco Intelligent Node (iNode) Software
could allow ...)
+ TODO: check
+CVE-2024-20296 (A vulnerability in the web-based management interface of Cisco
Identit ...)
+ TODO: check
+CVE-2023-7272 (In Eclipse Parsson before 1.0.4 and 1.1.3, a document with a
large dep ...)
+ TODO: check
+CVE-2023-52291 (In streampark, the project module integrates Maven's
compilation capab ...)
+ TODO: check
+CVE-2023-4976 (A flaw exists in Purity//FB whereby a local account is
permitted to au ...)
+ TODO: check
+CVE-2023-42010 (IBM Sterling B2B Integrator Standard Edition 6.0.0.0 through
6.1.2.5 a ...)
+ TODO: check
CVE-2024-6808 (A vulnerability was found in itsourcecode Simple Task List 1.0.
It has ...)
NOT-FOR-US: itsourcecode Simple Task List
CVE-2024-6807 (A vulnerability was found in SourceCodester Student Study
Center Desk ...)
@@ -57,8 +175,10 @@ CVE-2024-40536 (Shenzhen Libituo Technology Co., Ltd
LBT-T300-T400 v3.2 were dis
CVE-2024-40535 (Shenzhen Libituo Technology Co., Ltd LBT-T300-T400 v3.2 was
discovered ...)
NOT-FOR-US: Shenzhen Libituo Technology Co., Ltd LBT-T300-T400
CVE-2024-3176 (Out of bounds write in SwiftShader in Google Chrome prior to
117.0.593 ...)
+ {DSA-5499-1}
- chromium 117.0.5938.62-1
CVE-2024-3175 (Insufficient data validation in Extensions in Google Chrome
prior to 1 ...)
+ {DSA-5573-1}
- chromium 120.0.6099.71-1
CVE-2024-3174 (Inappropriate implementation in V8 in Google Chrome prior to
119.0.604 ...)
TODO: check
@@ -940,7 +1060,7 @@ CVE-2023-52885 (In the Linux kernel, the following
vulnerability has been resolv
NOTE:
https://git.kernel.org/linus/fc80fc2d4e39137869da3150ee169b40bf879287 (6.5-rc1)
CVE-2024-6465 (The WP Links Page plugin for WordPress is vulnerable to
unauthorized m ...)
NOT-FOR-US: WordPress plugin
-CVE-2024-6716 (A flaw was found in libtiff. This flaw allows an attacker to
create a ...)
+CVE-2024-6716 (A flaw was found in the libtiff library. An out-of-memory issue
in the ...)
- tiff <unfixed>
NOTE: https://bugzilla.redhat.com/show_bug.cgi?id=2297636
CVE-2024-6574 (The Laposta plugin for WordPress is vulnerable to Full Path
Disclosure ...)
@@ -3716,7 +3836,8 @@ CVE-2024-6126 (A flaw was found in the cockpit package.
This flaw allows an auth
NOTE: https://bugzilla.redhat.com/show_bug.cgi?id=2290859
CVE-2024-6052 (Stored XSS in Checkmk before versions 2.3.0p10, 2.2.0p29,
2.1.0p45, an ...)
- check-mk <removed>
-CVE-2024-5887 (A Cross-Site Request Forgery (CSRF) vulnerability exists in
stitionai/ ...)
+CVE-2024-5887
+ REJECTED
NOT-FOR-US: stitionai/devika
CVE-2024-5821 (The vulnerability allows an attacker to access sensitive files
on the ...)
NOT-FOR-US: stitionai/devika
@@ -5811,7 +5932,8 @@ CVE-2024-4899 (The SEOPress WordPress plugin before 7.8
does not sanitise and e
NOT-FOR-US: WordPress plugin
CVE-2024-4499 (A Cross-Site Request Forgery (CSRF) vulnerability exists in the
XTTS s ...)
NOT-FOR-US: parisneo/lollms
-CVE-2024-4460 (A denial of service (DoS) vulnerability exists in
zenml-io/zenml versi ...)
+CVE-2024-4460
+ REJECTED
NOT-FOR-US: zenml
CVE-2024-3121 (A remote code execution vulnerability exists in the
create_conda_env f ...)
NOT-FOR-US: lollms
View it on GitLab:
https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/95fdbcd6d2c7bb34090d8e295aaf986478bb57f6
--
This project does not include diff previews in email notifications.
View it on GitLab:
https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/95fdbcd6d2c7bb34090d8e295aaf986478bb57f6
You're receiving this email because of your account on salsa.debian.org.
_______________________________________________
debian-security-tracker-commits mailing list
[email protected]
https://alioth-lists.debian.net/cgi-bin/mailman/listinfo/debian-security-tracker-commits
