Salvatore Bonaccorso pushed to branch master at Debian Security Tracker /
security-tracker
Commits:
85a02adf by security tracker role at 2024-08-02T20:12:21+00:00
automatic update
- - - - -
1 changed file:
- data/CVE/list
Changes:
=====================================
data/CVE/list
=====================================
@@ -1,8 +1,86 @@
-CVE-2024-36268
+CVE-2024-7323 (Digiwin EasyFlow .NET lacks proper access control for specific
functio ...)
+ TODO: check
+CVE-2024-7314 (anji-plus AJ-Report is affected by an authentication bypass
vulnerabil ...)
+ TODO: check
+CVE-2024-7204 (Ai3 QbiBot does not properly filter user input, allowing
unauthenticat ...)
+ TODO: check
+CVE-2024-7029 (Commands can be injected over the network and executed without
authent ...)
+ TODO: check
+CVE-2024-6704 (The Comments \u2013 wpDiscuz plugin for WordPress is vulnerable
to HTM ...)
+ TODO: check
+CVE-2024-4643 (The Element Pack Elementor Addons (Header Footer, Template
Library, Dy ...)
+ TODO: check
+CVE-2024-42349 (FOG is a cloning/imaging/rescue suite/inventory management
system. FOG ...)
+ TODO: check
+CVE-2024-42348 (FOG is a cloning/imaging/rescue suite/inventory management
system. FOG ...)
+ TODO: check
+CVE-2024-41519 (Feripro <= v2.2.3 is vulnerable to Cross Site Scripting (XSS)
via "/ad ...)
+ TODO: check
+CVE-2024-41518 (An Incorrect Access Control vulnerability in
"/admin/programm/<program ...)
+ TODO: check
+CVE-2024-41517 (An Incorrect Access Control vulnerability in
"/admin/benutzer/institut ...)
+ TODO: check
+CVE-2024-41310 (AndServer 2.1.12 is vulnerable to Directory Traversal.)
+ TODO: check
+CVE-2024-41127 (Monkeytype is a minimalistic and customizable typing test.
Monkeytype ...)
+ TODO: check
+CVE-2024-40723 (The specific API in HWATAIServiSign Windows Version from
CHANGING Info ...)
+ TODO: check
+CVE-2024-40722 (The specific API in TCBServiSign Windows Version from CHANGING
Informa ...)
+ TODO: check
+CVE-2024-40721 (The specific API in TCBServiSign Windows Version from CHANGING
Informa ...)
+ TODO: check
+CVE-2024-40720 (The specific API in TCBServiSign Windows Version from CHANGING
Informa ...)
+ TODO: check
+CVE-2024-40719 (The encryption strength of the authorization keys in CHANGING
Informat ...)
+ TODO: check
+CVE-2024-38890 (An issue in Horizon Business Services Inc. Caterease Software
16.0.1.1 ...)
+ TODO: check
+CVE-2024-38889 (An issue in Horizon Business Services Inc. Caterease
16.0.1.1663 throu ...)
+ TODO: check
+CVE-2024-38888 (An issue in Horizon Business Services Inc. Caterease
16.0.1.1663 throu ...)
+ TODO: check
+CVE-2024-38886 (An issue in Horizon Business Services Inc. Caterease
16.0.1.1663 throu ...)
+ TODO: check
+CVE-2024-38885 (An issue in Horizon Business Services Inc. Caterease
16.0.1.1663 throu ...)
+ TODO: check
+CVE-2024-38884 (An issue in Horizon Business Services Inc. Caterease
16.0.1.1663 throu ...)
+ TODO: check
+CVE-2024-38883 (An issue in Horizon Business Services Inc. Caterease
16.0.1.1663 throu ...)
+ TODO: check
+CVE-2024-38882 (An issue in Horizon Business Services Inc. Caterease
16.0.1.1663 throu ...)
+ TODO: check
+CVE-2024-38881 (An issue in Horizon Business Services Inc. Caterease
16.0.1.1663 throu ...)
+ TODO: check
+CVE-2024-38879 (A vulnerability has been identified in OmniviseT3000
Application Serve ...)
+ TODO: check
+CVE-2024-38878 (A vulnerability has been identified in OmniviseT3000
Application Serve ...)
+ TODO: check
+CVE-2024-38877 (A vulnerability has been identified in OmniviseT3000
Application Serve ...)
+ TODO: check
+CVE-2024-38876 (A vulnerability has been identified in OmniviseT3000
Application Serve ...)
+ TODO: check
+CVE-2024-33896 (Cosy+ devices running a firmware 21.x below 21.2s10 or a
firmware 22.x ...)
+ TODO: check
+CVE-2024-33895 (Cosy+ devices running a firmware 21.x below 21.2s10 or a
firmware 22.x ...)
+ TODO: check
+CVE-2024-33894 (Insecure Permission vulnerability in Cosy+ devices running a
firmware ...)
+ TODO: check
+CVE-2024-33893 (Cosy+ devices running a firmware 21.x below 21.2s10 or a
firmware 22.x ...)
+ TODO: check
+CVE-2024-33892 (Insecure Permissions vulnerability in Cosy+ devices running a
firmware ...)
+ TODO: check
+CVE-2024-28298 (SQL injection vulnerability in BM SOFT BMPlanning 1.0.0.1
allows authe ...)
+ TODO: check
+CVE-2024-28297 (SQL injection vulnerability in AzureSoft MyHorus 4.3.5 allows
authenti ...)
+ TODO: check
+CVE-2024-22169 (WD Discovery versions prior to 5.0.589 contain a
misconfiguration in t ...)
+ TODO: check
+CVE-2024-36268 (Improper Control of Generation of Code ('Code Injection')
vulnerabilit ...)
NOT-FOR-US: Apache Linkis
-CVE-2024-27182
+CVE-2024-27182 (In Apache Linkis <= 1.5.0, Arbitrary file deletion in Basic
managemen ...)
NOT-FOR-US: Apache Linkis
-CVE-2024-27181
+CVE-2024-27181 (In Apache Linkis <= 1.5.0, Privilege Escalation in Basic
management s ...)
NOT-FOR-US: Apache Linkis
CVE-2024-7389 (The Forminator plugin for WordPress is vulnerable to Sensitive
Informa ...)
NOT-FOR-US: WordPress plugin
@@ -186,7 +264,7 @@ CVE-2024-7358 (A vulnerability was found in Point B Ltd
Getscreen Agent 2.19.6 o
NOT-FOR-US: Point B Ltd Getscreen Agent
CVE-2024-7357 (** UNSUPPORTED WHEN ASSIGNED ** A vulnerability was found in
D-Link DI ...)
NOT-FOR-US: D-Link
-CVE-2024-7211 (The Identity Server used by 1E Platform could enable URL
redirection t ...)
+CVE-2024-7211 (The 1E Platform's component utilized the third-party Duende
Identity S ...)
NOT-FOR-US: 1E Platform
CVE-2024-6923 (There is a MEDIUM severity vulnerability affecting CPython.
The emai ...)
- python3.13 <unfixed>
@@ -343,7 +421,8 @@ CVE-2024-25947 (Dell iDRAC Service Module version 5.3.0.0
and prior, contain an
NOT-FOR-US: Dell
CVE-2024-1747 (The WooCommerce Customers Manager WordPress plugin before 30.2
does no ...)
NOT-FOR-US: WordPress plugin
-CVE-2024-1715 (The AdFoxly \u2013 Ad Manager, AdSense Ads & Ads.txt plugin for
WordPr ...)
+CVE-2024-1715
+ REJECTED
NOT-FOR-US: AdFoxly
CVE-2024-7340 (The Weave server API allows remote users to fetch files from a
specifi ...)
NOT-FOR-US: Weave server
@@ -540,7 +619,7 @@ CVE-2024-7225 (A vulnerability was found in SourceCodester
Insurance Management
NOT-FOR-US: SourceCodester Insurance Management System
CVE-2024-7209 (A vulnerability exists in the use of shared SPF records in
multi-tenan ...)
NOT-FOR-US: Some hosted mail provider setups using SPF
-CVE-2024-7208 (Hosted services do not verify the sender of an email against
authentic ...)
+CVE-2024-7208 (A vulnerability in multi-tenant hosting allows an authenticated
sender ...)
NOT-FOR-US: Some hosted mail provider setups using SPF
CVE-2024-7127 (Improper Neutralization of Input During Web Page Generation
vulnerabil ...)
NOT-FOR-US: Stackposts Social Marketing Tool
@@ -32100,7 +32179,7 @@ CVE-2024-30257 (1Panel is an open source Linux server
operation and maintenance
NOT-FOR-US: 1Panel
CVE-2024-2833 (The Jobs for WordPress plugin for WordPress is vulnerable to
Reflected ...)
NOT-FOR-US: WordPress plugin
-CVE-2024-2796 (A server-side request forgery (SSRF) was discovered in the
Akana Commu ...)
+CVE-2024-2796 (A server-side request forgery (SSRF) was discovered in the
Akana API P ...)
NOT-FOR-US: Akana Community Manager Developer Portal
CVE-2024-29987 (Microsoft Edge (Chromium-based) Information Disclosure
Vulnerability)
NOT-FOR-US: Microsoft
View it on GitLab:
https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/85a02adf112926c1231edd166f7f3ca70855424c
--
View it on GitLab:
https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/85a02adf112926c1231edd166f7f3ca70855424c
You're receiving this email because of your account on salsa.debian.org.
_______________________________________________
debian-security-tracker-commits mailing list
[email protected]
https://alioth-lists.debian.net/cgi-bin/mailman/listinfo/debian-security-tracker-commits
