Salvatore Bonaccorso pushed to branch master at Debian Security Tracker /
security-tracker
Commits:
86bd4ad9 by security tracker role at 2024-07-31T20:12:35+00:00
automatic update
- - - - -
1 changed file:
- data/CVE/list
Changes:
=====================================
data/CVE/list
=====================================
@@ -1,3 +1,101 @@
+CVE-2024-7340 (The Weave server API allows remote users to fetch files from a
specifi ...)
+ TODO: check
+CVE-2024-7325 (A vulnerability was found in IObit Driver Booster 11.0.0.0. It
has bee ...)
+ TODO: check
+CVE-2024-7324 (A vulnerability was found in IObit iTop Data Recovery Pro
4.4.0.687. I ...)
+ TODO: check
+CVE-2024-7321 (A vulnerability classified as problematic was found in
itsourcecode On ...)
+ TODO: check
+CVE-2024-7320 (A vulnerability classified as critical has been found in
itsourcecode ...)
+ TODO: check
+CVE-2024-7311 (A vulnerability was found in code-projects Online Bus
Reservation Site ...)
+ TODO: check
+CVE-2024-7310 (A vulnerability was found in SourceCodester Record Management
System 1 ...)
+ TODO: check
+CVE-2024-7309 (A vulnerability was found in SourceCodester Record Management
System 1 ...)
+ TODO: check
+CVE-2024-7308 (A vulnerability was found in SourceCodester Establishment
Billing Mana ...)
+ TODO: check
+CVE-2024-7307 (A vulnerability has been found in SourceCodester Establishment
Billing ...)
+ TODO: check
+CVE-2024-7135 (The Tainacan plugin for WordPress is vulnerable to unauthorized
access ...)
+ TODO: check
+CVE-2024-6978 (Cato Networks Windows SDP Client Local root certificates can be
instal ...)
+ TODO: check
+CVE-2024-6977 (A vulnerability in Cato Networks SDP Client on Windows allows
the inse ...)
+ TODO: check
+CVE-2024-6975 (Cato Networks Windows SDP Client Local Privilege Escalation via
openss ...)
+ TODO: check
+CVE-2024-6974 (Cato Networks Windows SDP Client Local Privilege Escalation via
self-u ...)
+ TODO: check
+CVE-2024-6973 (Remote Code Execution in Cato Windows SDP client via crafted
URLs. Thi ...)
+ TODO: check
+CVE-2024-6725 (The Formidable Forms \u2013 Contact Form Plugin, Survey, Quiz,
Payment ...)
+ TODO: check
+CVE-2024-6208 (The Download Manager plugin for WordPress is vulnerable to
Stored Cros ...)
+ TODO: check
+CVE-2024-41955 (Mobile Security Framework (MobSF) is a security research
platform for ...)
+ TODO: check
+CVE-2024-41954 (FOG is a cloning/imaging/rescue suite/inventory management
system. The ...)
+ TODO: check
+CVE-2024-41953 (Zitadel is an open source identity management system. ZITADEL
uses HTM ...)
+ TODO: check
+CVE-2024-41952 (Zitadel is an open source identity management system. ZITADEL
administ ...)
+ TODO: check
+CVE-2024-41951 (Pheonix App is a Python application designed to streamline
various tas ...)
+ TODO: check
+CVE-2024-41950 (Haystack is an end-to-end LLM framework that allows you to
build appli ...)
+ TODO: check
+CVE-2024-41947 (XWiki Platform is a generic wiki platform offering runtime
services fo ...)
+ TODO: check
+CVE-2024-41660 (slpd-lite is a unicast SLP UDP server. Any OpenBMC system that
include ...)
+ TODO: check
+CVE-2024-41630 (Stack-based buffer overflow vulnerability in Tenda AC18
V15.03.3.10_EN ...)
+ TODO: check
+CVE-2024-41108 (FOG is a free open-source cloning/imaging/rescue
suite/inventory manag ...)
+ TODO: check
+CVE-2024-40645 (FOG is a cloning/imaging/rescue suite/inventory management
system. An ...)
+ TODO: check
+CVE-2024-3083 (A \u201cCWE-352: Cross-Site Request Forgery (CSRF)\u201d can be
exploi ...)
+ TODO: check
+CVE-2024-3082 (A \u201cCWE-256: Plaintext Storage of a Password\u201d
affecting the a ...)
+ TODO: check
+CVE-2024-39694 (Duende IdentityServer is an OpenID Connect and OAuth 2.x
framework for ...)
+ TODO: check
+CVE-2024-39379 (Acrobat for Edge versions 126.0.2592.81 and earlier are
affected by an ...)
+ TODO: check
+CVE-2024-39318 (The Ibexa Admin UI Bundle contains all the necessary parts to
run the ...)
+ TODO: check
+CVE-2024-37901 (XWiki Platform is a generic wiki platform offering runtime
services fo ...)
+ TODO: check
+CVE-2024-37900 (XWiki Platform is a generic wiki platform offering runtime
services fo ...)
+ TODO: check
+CVE-2024-37898 (XWiki Platform is a generic wiki platform offering runtime
services fo ...)
+ TODO: check
+CVE-2024-37142 (Dell Peripheral Manager, versions prior to 1.7.6, contain an
uncontrol ...)
+ TODO: check
+CVE-2024-37135 (DM5500 5.16.0.0, contains an information disclosure
vulnerability. A l ...)
+ TODO: check
+CVE-2024-37129 (Dell Inventory Collector, versions prior to 12.3.0.6 contains
a Path T ...)
+ TODO: check
+CVE-2024-37127 (Dell Peripheral Manager, versions prior to 1.7.6, contain an
uncontrol ...)
+ TODO: check
+CVE-2024-32857 (Dell Peripheral Manager, versions prior to 1.7.6, contain an
uncontrol ...)
+ TODO: check
+CVE-2024-31203 (A \u201cCWE-121: Stack-based Buffer Overflow\u201d in the
wd210std.dll ...)
+ TODO: check
+CVE-2024-31202 (A \u201cCWE-732: Incorrect Permission Assignment for Critical
Resource ...)
+ TODO: check
+CVE-2024-31201 (A \u201cCWE-428: Unquoted Search Path or Element\u201d affects
the The ...)
+ TODO: check
+CVE-2024-31200 (A \u201cCWE-201: Insertion of Sensitive Information Into Sent
Data\u20 ...)
+ TODO: check
+CVE-2024-31199 (A \u201cCWE-79: Improper Neutralization of Input During Web
Page Gener ...)
+ TODO: check
+CVE-2024-2508 (The WP Mobile Menu plugin for WordPress is vulnerable to
unauthorized ...)
+ TODO: check
+CVE-2024-23444 (It was discovered by Elastic engineering that when
elasticsearch-certu ...)
+ TODO: check
CVE-2024-7306 (A vulnerability, which was classified as critical, was found in
Source ...)
NOT-FOR-US: SourceCodester Establishment Billing Management System
CVE-2024-7303 (A vulnerability was found in itsourcecode Online Blood Bank
Management ...)
@@ -82,7 +180,7 @@ CVE-2024-38983 (Prototype Pollution in alykoshin
mini-deep-assign v0.0.8 allows
TODO: check
CVE-2024-37281 (An issue was discovered in Kibana where a user with Viewer
role could ...)
- kibana <itp> (bug #700337)
-CVE-2024-7264
+CVE-2024-7264 (libcurl's ASN1 parser code has the `GTime2str()` function, used
for pa ...)
- curl 8.9.1-1 (bug #1077656)
NOTE: https://curl.se/docs/CVE-2024-7264.html
NOTE: Introduced by:
https://github.com/curl/curl/commit/3a24cb7bc456366cbc3a03f7ab6d2576105a1f2d
(curl-7_32_0)
@@ -1790,60 +1888,79 @@ CVE-2024-41090 (In the Linux kernel, the following
vulnerability has been resolv
- linux 6.9.12-1
NOTE:
https://git.kernel.org/linus/ed7f2afdd0e043a397677e597ced0830b83ba0b3
CVE-2024-6993
+ {DSA-5735-1}
- chromium 127.0.6533.88-1
[bullseye] - chromium <end-of-life> (see #1061268)
CVE-2024-6992
+ {DSA-5735-1}
- chromium 127.0.6533.88-1
[bullseye] - chromium <end-of-life> (see #1061268)
CVE-2024-6990
+ {DSA-5735-1}
- chromium 127.0.6533.88-1
[bullseye] - chromium <end-of-life> (see #1061268)
CVE-2024-7255
+ {DSA-5735-1}
- chromium 127.0.6533.88-1
[bullseye] - chromium <end-of-life> (see #1061268)
CVE-2024-7256
+ {DSA-5735-1}
- chromium 127.0.6533.88-1
[bullseye] - chromium <end-of-life> (see #1061268)
CVE-2024-7005
+ {DSA-5735-1}
- chromium 127.0.6533.88-1
[bullseye] - chromium <end-of-life> (see #1061268)
CVE-2024-7004
+ {DSA-5735-1}
- chromium 127.0.6533.88-1
[bullseye] - chromium <end-of-life> (see #1061268)
CVE-2024-7003
+ {DSA-5735-1}
- chromium 127.0.6533.88-1
[bullseye] - chromium <end-of-life> (see #1061268)
CVE-2024-7001
+ {DSA-5735-1}
- chromium 127.0.6533.88-1
[bullseye] - chromium <end-of-life> (see #1061268)
CVE-2024-7000
+ {DSA-5735-1}
- chromium 127.0.6533.88-1
[bullseye] - chromium <end-of-life> (see #1061268)
CVE-2024-6999
+ {DSA-5735-1}
- chromium 127.0.6533.88-1
[bullseye] - chromium <end-of-life> (see #1061268)
CVE-2024-6998
+ {DSA-5735-1}
- chromium 127.0.6533.88-1
[bullseye] - chromium <end-of-life> (see #1061268)
CVE-2024-6997
+ {DSA-5735-1}
- chromium 127.0.6533.88-1
[bullseye] - chromium <end-of-life> (see #1061268)
CVE-2024-6996
+ {DSA-5735-1}
- chromium 127.0.6533.88-1
[bullseye] - chromium <end-of-life> (see #1061268)
CVE-2024-6995
+ {DSA-5735-1}
- chromium 127.0.6533.88-1
[bullseye] - chromium <end-of-life> (see #1061268)
CVE-2024-6994
+ {DSA-5735-1}
- chromium 127.0.6533.88-1
[bullseye] - chromium <end-of-life> (see #1061268)
CVE-2024-6991
+ {DSA-5735-1}
- chromium 127.0.6533.88-1
[bullseye] - chromium <end-of-life> (see #1061268)
CVE-2024-6989
+ {DSA-5735-1}
- chromium 127.0.6533.88-1
[bullseye] - chromium <end-of-life> (see #1061268)
CVE-2024-6988
+ {DSA-5735-1}
- chromium 127.0.6533.88-1
[bullseye] - chromium <end-of-life> (see #1061268)
CVE-2024-7080 (A vulnerability was found in SourceCodester Insurance
Management Syste ...)
@@ -2371,7 +2488,7 @@ CVE-2024-41704 (LibreChat through 0.7.4-rc1 does not
validate the normalized pat
NOT-FOR-US: LibreChat
CVE-2024-41703 (LibreChat through 0.7.4-rc1 has incorrect access control for
message u ...)
NOT-FOR-US: LibreChat
-CVE-2024-40430 (In SFTPGO 2.6.2, the JWT implementation lacks cerrtain
security measur ...)
+CVE-2024-40430 (In SFTPGO 2.6.2, the JWT implementation lacks certain security
measure ...)
- sftpgo <itp> (bug #1050829)
CVE-2024-38786 (Improper Neutralization of Input During Web Page Generation
(XSS or 'C ...)
NOT-FOR-US: WordPress plugin
@@ -105503,8 +105620,8 @@ CVE-2023-28151 (An issue was discovered in
Independentsoft JSpreadsheet before 1
NOT-FOR-US: Independentsoft JSpreadsheet
CVE-2023-28150 (An issue was discovered in Independentsoft JODF before
1.1.110. The AP ...)
NOT-FOR-US: Independentsoft
-CVE-2023-28149
- RESERVED
+CVE-2023-28149 (An issue was discovered in the IhisiServiceSmm module in
Insyde Insyde ...)
+ TODO: check
CVE-2023-28148
RESERVED
CVE-2023-28147 (An issue was discovered in the Arm Mali GPU Kernel Driver. A
non-privi ...)
View it on GitLab:
https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/86bd4ad9a9771c81e0583bd012282adf55733254
--
View it on GitLab:
https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/86bd4ad9a9771c81e0583bd012282adf55733254
You're receiving this email because of your account on salsa.debian.org.
_______________________________________________
debian-security-tracker-commits mailing list
[email protected]
https://alioth-lists.debian.net/cgi-bin/mailman/listinfo/debian-security-tracker-commits
