[Git][security-tracker-team/security-tracker][master] automatic update

Salvatore Bonaccorso (@carnil) Thu, 18 Jul 2024 13:12:22 -0700


Salvatore Bonaccorso pushed to branch master at Debian Security Tracker / 
security-tracker



Commits:
3d86f0e4 by security tracker role at 2024-07-18T20:11:55+00:00
automatic update

- - - - -


1 changed file:

- data/CVE/list


Changes:

=====================================
data/CVE/list
=====================================
@@ -1,3 +1,67 @@
+CVE-2024-6504 (Rapid7 InsightVM Console versions below 6.6.260 suffer from a 
protecti ...)
+       TODO: check
+CVE-2024-5625 (Improper Restriction of XML External Entity Reference 
vulnerability in ...)
+       TODO: check
+CVE-2024-5620 (Authentication Bypass Using an Alternate Path or Channel 
vulnerability ...)
+       TODO: check
+CVE-2024-5619 (Authorization Bypass Through User-Controlled Key vulnerability 
in Pruv ...)
+       TODO: check
+CVE-2024-5618 (Incorrect Permission Assignment for Critical Resource 
vulnerability in ...)
+       TODO: check
+CVE-2024-5555 (The Element Pack Elementor Addons (Header Footer, Template 
Library, Dy ...)
+       TODO: check
+CVE-2024-5554 (The Element Pack Elementor Addons (Header Footer, Template 
Library, Dy ...)
+       TODO: check
+CVE-2024-5321 (A security issue was discovered in Kubernetes clusters with 
Windows no ...)
+       TODO: check
+CVE-2024-40648 (matrix-rust-sdk is an implementation of a Matrix client-server 
library ...)
+       TODO: check
+CVE-2024-40647 (sentry-sdk is the official Python SDK for Sentry.io. A bug in 
Sentry's ...)
+       TODO: check
+CVE-2024-40644 (gitoxide An idiomatic, lean, fast & safe pure Rust 
implementation of G ...)
+       TODO: check
+CVE-2024-40629 (JumpServer is an open-source Privileged Access Management 
(PAM) tool t ...)
+       TODO: check
+CVE-2024-40628 (JumpServer is an open-source Privileged Access Management 
(PAM) tool t ...)
+       TODO: check
+CVE-2024-3242 (The Brizy \u2013 Page Builder plugin for WordPress is 
vulnerable to ar ...)
+       TODO: check
+CVE-2024-39911 (1Panel is a web-based linux server management control panel. 
1Panel co ...)
+       TODO: check
+CVE-2024-39907 (1Panel is a web-based linux server management control panel. 
There are ...)
+       TODO: check
+CVE-2024-39173 (calculator-boilerplate v1.0 was discovered to contain a remote 
code ex ...)
+       TODO: check
+CVE-2024-39152
+       REJECTED
+CVE-2024-39090 (The PHPGurukul Online Shopping Portal Project version 2.0 
contains a v ...)
+       TODO: check
+CVE-2024-38806 (Failure to properly synchronize user's permissions in UAA in 
Cloud Fou ...)
+       TODO: check
+CVE-2024-38302 (Dell Data Lakehouse, version(s) 1.0.0.0, contain(s) a Missing 
Encrypti ...)
+       TODO: check
+CVE-2024-34013 (Local privilege escalation due to OS command injection 
vulnerability.  ...)
+       TODO: check
+CVE-2024-30473 (Dell ECS, versions prior to 3.8.1, contain a privilege 
elevation vulne ...)
+       TODO: check
+CVE-2024-30126 (HCL BigFix Compliance is affected by a missing X-Frame-Options 
HTTP he ...)
+       TODO: check
+CVE-2024-30125 (HCL BigFix Compliance server can respond with an HTTP status 
of 500, i ...)
+       TODO: check
+CVE-2024-29178 (On versions before 2.1.4, a user could log in and perform a 
template i ...)
+       TODO: check
+CVE-2024-0857 (Improper Neutralization of Special Elements used in an SQL 
Command ('S ...)
+       TODO: check
+CVE-2023-50304 (IBM Engineering Requirements Management DOORS Web Access 
9.7.2.8 is vu ...)
+       TODO: check
+CVE-2023-40704 (Philips Vue PACS uses default credentials for potentially 
critical fun ...)
+       TODO: check
+CVE-2023-40539 (Philips Vue PACS does not require that users have strong 
passwords, wh ...)
+       TODO: check
+CVE-2023-40223 (Philips Vue PACS does not properly assign, modify, track, or 
check act ...)
+       TODO: check
+CVE-2023-40159 (A validated user not explicitly authorized to have access to 
certain s ...)
+       TODO: check
 CVE-2024-6705 (The RegLevel plugin for WordPress is vulnerable to Stored 
Cross-Site S ...)
        NOT-FOR-US: WordPress plugin
 CVE-2024-6599 (The Meks Video Importer plugin for WordPress is vulnerable to 
unauthor ...)
@@ -31,7 +95,7 @@ CVE-2024-39679 (Cooked is a recipe plugin for WordPress. The 
Cooked plugin for W
        NOT-FOR-US: WordPress plugin
 CVE-2024-39678 (Cooked is a recipe plugin for WordPress. The Cooked plugin is 
vulnerab ...)
        NOT-FOR-US: WordPress plugin
-CVE-2024-29014 (Vulnerability in SonicWall NetExtender Windows (32 and 64-bit) 
client  ...)
+CVE-2024-29014 (Vulnerability in SonicWall SMA100 NetExtender Windows (32 and 
64-bit)  ...)
        NOT-FOR-US: SonicWall
 CVE-2023-6708 (The SVG Support plugin for WordPress is vulnerable to Stored 
Cross-Sit ...)
        NOT-FOR-US: WordPress plugin
@@ -200,6 +264,7 @@ CVE-2024-5582 (The Schema & Structured Data for WP & AMP 
plugin for WordPress is
 CVE-2024-5566 (An improper privilege management vulnerability allowed users to 
migrat ...)
        NOT-FOR-US: GitHub Enterprise Server
 CVE-2024-5500 (Inappropriate implementation in Sign-In in Google Chrome prior 
to 1.3. ...)
+       {DSA-5629-1}
        - chromium 122.0.6261.57-1
        [bullseye] - chromium <end-of-life> (see #1061268)
 CVE-2024-5255 (The Ultimate Addons for WPBakery plugin for WordPress is 
vulnerable to ...)
@@ -225,22 +290,29 @@ CVE-2024-3175 (Insufficient data validation in Extensions 
in Google Chrome prior
        {DSA-5573-1}
        - chromium 120.0.6099.71-1
 CVE-2024-3174 (Inappropriate implementation in V8 in Google Chrome prior to 
119.0.604 ...)
+       {DSA-5546-1}
        - chromium 119.0.6045.105-1
 CVE-2024-3173 (Insufficient data validation in Updater in Google Chrome prior 
to 120. ...)
+       {DSA-5573-1}
        - chromium 120.0.6099.71-1
 CVE-2024-3172 (Insufficient data validation in DevTools in Google Chrome prior 
to 121 ...)
+       {DSA-5607-1}
        - chromium 121.0.6167.85-1
        [bullseye] - chromium <end-of-life> (see #1061268)
 CVE-2024-3171 (Use after free in Accessibility in Google Chrome prior to 
122.0.6261.5 ...)
+       {DSA-5629-1}
        - chromium 122.0.6261.57-1
        [bullseye] - chromium <end-of-life> (see #1061268)
 CVE-2024-3170 (Use after free in WebRTC in Google Chrome prior to 
121.0.6167.85 allow ...)
+       {DSA-5607-1}
        - chromium 121.0.6167.85-1
        [bullseye] - chromium <end-of-life> (see #1061268)
 CVE-2024-3169 (Use after free in V8 in Google Chrome prior to 121.0.6167.139 
allowed  ...)
+       {DSA-5612-1}
        - chromium 121.0.6167.139-1
        [bullseye] - chromium <end-of-life> (see #1061268)
 CVE-2024-3168 (Use after free in DevTools in Google Chrome prior to 
122.0.6261.57 all ...)
+       {DSA-5629-1}
        - chromium 122.0.6261.57-1
        [bullseye] - chromium <end-of-life> (see #1061268)
 CVE-2024-39877 (Apache Airflow 2.4.0, and versions before 2.9.3, has a 
vulnerability t ...)
@@ -248,6 +320,7 @@ CVE-2024-39877 (Apache Airflow 2.4.0, and versions before 
2.9.3, has a vulnerabi
 CVE-2024-39863 (Apache Airflow versions before 2.9.3 have a vulnerability that 
allows  ...)
        - airflow <itp> (bug #819700)
 CVE-2024-2884 (Out of bounds read in V8 in Google Chrome prior to 
121.0.6167.139 allo ...)
+       {DSA-5612-1}
        - chromium 121.0.6167.139-1
        [bullseye] - chromium <end-of-life> (see #1061268)
 CVE-2024-21687 (This High severity File Inclusion vulnerability was introduced 
in vers ...)
@@ -4545,11 +4618,11 @@ CVE-2024-0153 (Improper Restriction of Operations 
within the Bounds of a Memory
        TODO: check
 CVE-2023-43554 (Memory corruption while processing IOCTL handler in FastRPC.)
        NOT-FOR-US: Qualcomm
-CVE-2024-40898
+CVE-2024-40898 (SSRF in Apache HTTP Server on Windows with mod_rewrite in 
server/vhost ...)
        - apache2 <not-affected> (Windows specific)
        NOTE: 
https://httpd.apache.org/security/vulnerabilities_24.html#CVE-2024-40898
        NOTE: Fixed by 
https://github.com/apache/httpd/commit/9967bf49599f9be6eaaf9c5de5c84f15bb07df9f
-CVE-2024-40725
+CVE-2024-40725 (A partial fix for CVE-2024-39884 in the core of Apache HTTP 
Server 2.4 ...)
        - apache2 2.4.62-1
        [bookworm] - apache2 <no-dsa> (Minor issue; can be fixed in point 
release)
        [bullseye] - apache2 <no-dsa> (Minor issue; can be fixed in point 
release)
@@ -32845,7 +32918,7 @@ CVE-2024-2201 [Native Branch History Injection]
 CVE-2024-31144 [Xapi: Metadata injection attack against backup/restore 
functionality]
        - xen-api <removed>
        NOTE: https://xenbits.xen.org/xsa/advisory-459.html
-CVE-2024-31143 [double unlock in x86 guest IRQ handling]
+CVE-2024-31143 (An optional feature of PCI MSI called "Multiple Message" 
allows a devi ...)
        - xen <unfixed>
        [bookworm] - xen <postponed> (Minor issue, fix along in next DSA)
        [bullseye] - xen <end-of-life> (EOLed in Bullseye)



View it on GitLab: 
https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/3d86f0e477bf1402d1562e30989e6972b6f7925a

-- 
This project does not include diff previews in email notifications.
View it on GitLab: 
https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/3d86f0e477bf1402d1562e30989e6972b6f7925a
You're receiving this email because of your account on salsa.debian.org.

_______________________________________________
debian-security-tracker-commits mailing list
[email protected]
https://alioth-lists.debian.net/cgi-bin/mailman/listinfo/debian-security-tracker-commits

[Git][security-tracker-team/security-tracker][master] automatic update

Reply via email to