Salvatore Bonaccorso pushed to branch master at Debian Security Tracker /
security-tracker
Commits:
2acedd21 by security tracker role at 2024-08-20T20:12:32+00:00
automatic update
- - - - -
1 changed file:
- data/CVE/list
Changes:
=====================================
data/CVE/list
=====================================
@@ -1,3 +1,203 @@
+CVE-2024-8005 (A vulnerability was found in demozx gf_cms 1.0/1.0.1. It has
been clas ...)
+ TODO: check
+CVE-2024-8003 (A vulnerability was found in Go-Tribe gotribe-admin 1.0 and
classified ...)
+ TODO: check
+CVE-2024-7711 (An Incorrect Authorization vulnerability was identified in
GitHub Ente ...)
+ TODO: check
+CVE-2024-7054 (The Popup Maker \u2013 Boost Sales, Conversions, Optins,
Subscribers w ...)
+ TODO: check
+CVE-2024-6918 (CWE-120: Buffer Copy without Checking Size of Input ('Classic
Buffer O ...)
+ TODO: check
+CVE-2024-6800 (An XML signature wrapping vulnerability was present in GitHub
Enterpri ...)
+ TODO: check
+CVE-2024-6379 (An URL redirection to untrusted site (open redirect)
vulnerability aff ...)
+ TODO: check
+CVE-2024-6378 (A reflected Cross-site Scripting (XSS) vulnerability affecting
ENOVIA ...)
+ TODO: check
+CVE-2024-6377 (A reflected Cross-site Scripting (XSS) vulnerability affecting
3DSwyme ...)
+ TODO: check
+CVE-2024-6337 (An Incorrect Authorization vulnerability was identified in
GitHub Ente ...)
+ TODO: check
+CVE-2024-6322 (Access control for plugin data sources protected by the
ReqActions jso ...)
+ TODO: check
+CVE-2024-43409 (Ghost is a Node.js content management system. Improper
authentication ...)
+ TODO: check
+CVE-2024-43408 (Discourse Placeholder Forms will let you build dynamic
documentation. ...)
+ TODO: check
+CVE-2024-43406 (LF Edge eKuiper is a lightweight IoT data analytics and stream
process ...)
+ TODO: check
+CVE-2024-43404 (MEGABOT is a fully customized Discord bot for learning and
fun. The `/ ...)
+ TODO: check
+CVE-2024-43397 (Apollo is a configuration management system. A vulnerability
exists in ...)
+ TODO: check
+CVE-2024-43377 (Umbraco CMS is an ASP.NET CMS. An authenticated user can
access a few ...)
+ TODO: check
+CVE-2024-43376 (Umbraco is an ASP.NET CMS. Some endpoints in the Management
API can re ...)
+ TODO: check
+CVE-2024-42919 (eScan Management Console 14.0.1400.2281 is vulnerable to
Incorrect Acc ...)
+ TODO: check
+CVE-2024-42662 (An issue in apollocongif apollo v.2.2.0 allows a remote
attacker to ob ...)
+ TODO: check
+CVE-2024-42621 (Pligg CMS v2.0.2 was discovered to contain a Cross-Site
Request Forger ...)
+ TODO: check
+CVE-2024-42619 (Pligg CMS v2.0.2 was discovered to contain a Cross-Site
Request Forger ...)
+ TODO: check
+CVE-2024-42618 (Pligg CMS v2.0.2 was discovered to contain a Cross-Site
Request Forger ...)
+ TODO: check
+CVE-2024-42617 (Pligg CMS v2.0.2 was discovered to contain a Cross-Site
Request Forger ...)
+ TODO: check
+CVE-2024-42616 (Pligg CMS v2.0.2 was discovered to contain a Cross-Site
Request Forger ...)
+ TODO: check
+CVE-2024-42613 (Pligg CMS v2.0.2 was discovered to contain a Cross-Site
Request Forger ...)
+ TODO: check
+CVE-2024-42612 (Pligg CMS v2.0.2 was discovered to contain a Cross-Site
Request Forger ...)
+ TODO: check
+CVE-2024-42611 (Pligg CMS v2.0.2 was discovered to contain a Cross-Site
Request Forger ...)
+ TODO: check
+CVE-2024-42610 (Pligg CMS v2.0.2 was discovered to contain a Cross-Site
Request Forger ...)
+ TODO: check
+CVE-2024-42609 (Pligg CMS v2.0.2 was discovered to contain a Cross-Site
Request Forger ...)
+ TODO: check
+CVE-2024-42608 (Pligg CMS v2.0.2 was discovered to contain a Cross-Site
Request Forger ...)
+ TODO: check
+CVE-2024-42607 (Pligg CMS v2.0.2 was discovered to contain a Cross-Site
Request Forger ...)
+ TODO: check
+CVE-2024-42606 (Pligg CMS v2.0.2 was discovered to contain a Cross-Site
Request Forger ...)
+ TODO: check
+CVE-2024-42605 (Pligg CMS v2.0.2 was discovered to contain a Cross-Site
Request Forger ...)
+ TODO: check
+CVE-2024-42604 (Pligg CMS v2.0.2 was discovered to contain a Cross-Site
Request Forger ...)
+ TODO: check
+CVE-2024-42603 (Pligg CMS v2.0.2 was discovered to contain a Cross-Site
Request Forger ...)
+ TODO: check
+CVE-2024-42598 (SeaCMS 13.0 has a remote code execution vulnerability. The
reason for ...)
+ TODO: check
+CVE-2024-42586 (A Cross-Site Request Forgery (CSRF) in the component
categorie.php of ...)
+ TODO: check
+CVE-2024-42585 (A Cross-Site Request Forgery (CSRF) in the component
delete_media.php ...)
+ TODO: check
+CVE-2024-42584 (A Cross-Site Request Forgery (CSRF) in the component
delete_product.ph ...)
+ TODO: check
+CVE-2024-42583 (A Cross-Site Request Forgery (CSRF) in the component
delete_user.php o ...)
+ TODO: check
+CVE-2024-42582 (A Cross-Site Request Forgery (CSRF) in the component
delete_categorie. ...)
+ TODO: check
+CVE-2024-42581 (A Cross-Site Request Forgery (CSRF) in the component
delete_group.php ...)
+ TODO: check
+CVE-2024-42580 (A Cross-Site Request Forgery (CSRF) in the component
edit_group.php of ...)
+ TODO: check
+CVE-2024-42579 (A Cross-Site Request Forgery (CSRF) in the component
add_group.php of ...)
+ TODO: check
+CVE-2024-42578 (A Cross-Site Request Forgery (CSRF) in the component
edit_product.php ...)
+ TODO: check
+CVE-2024-42577 (A Cross-Site Request Forgery (CSRF) in the component
add_product.php o ...)
+ TODO: check
+CVE-2024-42576 (A Cross-Site Request Forgery (CSRF) in the component
edit_categorie.ph ...)
+ TODO: check
+CVE-2024-42575 (School Management System commit bae5aa was discovered to
contain a SQL ...)
+ TODO: check
+CVE-2024-42574 (School Management System commit bae5aa was discovered to
contain a SQL ...)
+ TODO: check
+CVE-2024-42573 (School Management System commit bae5aa was discovered to
contain a SQL ...)
+ TODO: check
+CVE-2024-42572 (School Management System commit bae5aa was discovered to
contain a SQL ...)
+ TODO: check
+CVE-2024-42571 (School Management System commit bae5aa was discovered to
contain a SQL ...)
+ TODO: check
+CVE-2024-42570 (School Management System commit bae5aa was discovered to
contain a SQL ...)
+ TODO: check
+CVE-2024-42569 (School Management System commit bae5aa was discovered to
contain a SQL ...)
+ TODO: check
+CVE-2024-42568 (School Management System commit bae5aa was discovered to
contain a SQL ...)
+ TODO: check
+CVE-2024-42567 (School Management System commit bae5aa was discovered to
contain a SQL ...)
+ TODO: check
+CVE-2024-42566 (School Management System commit bae5aa was discovered to
contain a SQL ...)
+ TODO: check
+CVE-2024-42565 (ERP commit 44bd04 was discovered to contain a SQL injection
vulnerabil ...)
+ TODO: check
+CVE-2024-42564 (ERP commit 44bd04 was discovered to contain a SQL injection
vulnerabil ...)
+ TODO: check
+CVE-2024-42563 (An arbitrary file upload vulnerability in ERP commit 44bd04
allows att ...)
+ TODO: check
+CVE-2024-42562 (Pharmacy Management System commit a2efc8 was discovered to
contain a S ...)
+ TODO: check
+CVE-2024-42561 (Pharmacy Management System commit a2efc8 was discovered to
contain a S ...)
+ TODO: check
+CVE-2024-42560 (A cross-site scripting (XSS) vulnerability in the component
update_pag ...)
+ TODO: check
+CVE-2024-42559 (An issue in the login component (process_login.php) of Hotel
Managemen ...)
+ TODO: check
+CVE-2024-42558 (Hotel Management System commit 91caab8 was discovered to
contain a SQL ...)
+ TODO: check
+CVE-2024-42557 (A Cross-Site Request Forgery (CSRF) in the component
admin_modify_room ...)
+ TODO: check
+CVE-2024-42556 (Hotel Management System commit 91caab8 was discovered to
contain a SQL ...)
+ TODO: check
+CVE-2024-42555 (A Cross-Site Request Forgery (CSRF) in the component
admin_room_remove ...)
+ TODO: check
+CVE-2024-42554 (Hotel Management System commit 91caab8 was discovered to
contain a SQL ...)
+ TODO: check
+CVE-2024-42553 (A Cross-Site Request Forgery (CSRF) in the component
admin_room_added. ...)
+ TODO: check
+CVE-2024-42552 (Hotel Management System commit 91caab8 was discovered to
contain a SQL ...)
+ TODO: check
+CVE-2024-42369 (matrix-js-sdk is a Matrix messaging protocol Client-Server SDK
for Jav ...)
+ TODO: check
+CVE-2024-42336 (Servision - CWE-287: Improper Authentication)
+ TODO: check
+CVE-2024-42335 (7Twenty - CWE-79: Improper Neutralization of Input During Web
Page Gen ...)
+ TODO: check
+CVE-2024-42334 (Hargal - CWE-284: Improper Access Control)
+ TODO: check
+CVE-2024-42006 (Keyfactor AWS Orchestrator through 2.0 allows Information
Disclosure.)
+ TODO: check
+CVE-2024-41773 (IBM Global Configuration Management 7.0.2 and 7.0.3 could
allow an aut ...)
+ TODO: check
+CVE-2024-41700 (Barix \u2013 CWE-200 Exposure of Sensitive Information to an
Unauthori ...)
+ TODO: check
+CVE-2024-41699 (Priority \u2013 CWE-552: Files or Directories Accessible to
External P ...)
+ TODO: check
+CVE-2024-41698 (Priority \u2013 CWE-200: Exposure of Sensitive Information to
an Unaut ...)
+ TODO: check
+CVE-2024-41697 (Priority -CWE-80: Improper Neutralization of Script-Related
HTML Tags ...)
+ TODO: check
+CVE-2024-41659 (memos is a privacy-first, lightweight note-taking service. A
CORS misc ...)
+ TODO: check
+CVE-2024-40743 (The stripImages and stripIframes methods didn't properly
process input ...)
+ TODO: check
+CVE-2024-39690 (Capsule is a multi-tenancy and policy-based framework for
Kubernetes. ...)
+ TODO: check
+CVE-2024-39094 (Friendica 2024.03 is vulnerable to Cross Site Scripting (XSS)
in setti ...)
+ TODO: check
+CVE-2024-38175 (An improper access control vulnerability in the Azure Managed
Instance ...)
+ TODO: check
+CVE-2024-35540 (A stored cross-site scripting (XSS) vulnerability in Typecho
v1.3.0 al ...)
+ TODO: check
+CVE-2024-35214 (A tampering vulnerability in the CylanceOPTICS Windows
Installer Packa ...)
+ TODO: check
+CVE-2024-34458 (Keyfactor Command 10.5.x before 10.5.1 and 11.5.x before
11.5.1 allows ...)
+ TODO: check
+CVE-2024-33872 (Keyfactor Command 10.5.x before 10.5.1 and 11.5.x before
11.5.1 allows ...)
+ TODO: check
+CVE-2024-31842 (An issue was discovered in Italtel Embrace 1.6.4. The web
application ...)
+ TODO: check
+CVE-2024-30949 (An issue in newlib v.4.3.0 allows an attacker to execute
arbitrary cod ...)
+ TODO: check
+CVE-2024-28829 (Least privilege violation and reliance on untrusted inputs in
the mk_i ...)
+ TODO: check
+CVE-2024-27187 (Improper Access Controls allows backend users to overwrite
their usern ...)
+ TODO: check
+CVE-2024-27186 (The mail template feature lacks an escaping mechanism, causing
XSS vec ...)
+ TODO: check
+CVE-2024-27185 (The pagination class includes arbitrary parameters in links,
leading t ...)
+ TODO: check
+CVE-2024-27184 (Inadequate validation of URLs could result into an invalid
check wheth ...)
+ TODO: check
+CVE-2024-25009 (Ericsson Packet Core Controller (PCC) contains a vulnerability
in Acce ...)
+ TODO: check
+CVE-2024-21689 (This High severity RCE (Remote Code Execution) vulnerability
CVE-2024- ...)
+ TODO: check
CVE-2024-7949 (A vulnerability, which was classified as critical, was found in
Source ...)
NOT-FOR-US: SourceCodester Online Graduate Tracer System
CVE-2024-7948 (A vulnerability classified as problematic was found in
SourceCodester ...)
@@ -33237,7 +33437,7 @@ CVE-2024-31225 (RIOT is a real-time multi-threading
operating system that suppor
NOT-FOR-US: RIOT
CVE-2024-29466 (Directory Traversal vulnerability in lsgwr spring boot online
exam v.0 ...)
NOT-FOR-US: lsgwr spring boot online exam
-CVE-2024-28979 (Dell OpenManage Enterprise, versions prior to 4.1.0, contains
an XSS i ...)
+CVE-2024-28979 (Dell OpenManage Enterprise, versions 4.1.0 and older, contains
an Impr ...)
NOT-FOR-US: Dell
CVE-2024-28978 (Dell OpenManage Enterprise, versions 3.10 and 4.0, contains an
Imprope ...)
NOT-FOR-US: Dell
@@ -107187,7 +107387,7 @@ CVE-2023-1675 (A vulnerability was found in
SourceCodester School Registration a
CVE-2023-1674 (A vulnerability was found in SourceCodester School Registration
and Fe ...)
NOT-FOR-US: SourceCodester School Registration and Fee System
CVE-2023-1673
- RESERVED
+ REJECTED
CVE-2023-28936 (Attacker can access arbitrary recording/room Vendor: The
Apache Softw ...)
NOT-FOR-US: Apache OpenMeetings
CVE-2023-28935 (** UNSUPPORTED WHEN ASSIGNED ** Improper Neutralization of
Special Ele ...)
@@ -110368,7 +110568,7 @@ CVE-2023-28076 (CloudLink 7.1.2 and all prior
versions contain a broken or risky
NOT-FOR-US: Dell
CVE-2023-28075 (Dell BIOS contain a Time-of-check Time-of-use vulnerability in
BIOS. A ...)
NOT-FOR-US: Dell
-CVE-2023-28074 (Dell BSAFE Crypto-C Micro Edition 4.1.5 and Dell BSAFE Micro
Edition S ...)
+CVE-2023-28074 (Dell BSAFE Crypto-C Micro Edition, version 4.1.5, and Dell
BSAFE Micro ...)
NOT-FOR-US: Dell
CVE-2023-28073 (Dell BIOS contains an improper authentication vulnerability. A
locally ...)
NOT-FOR-US: Dell
View it on GitLab:
https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/2acedd21cf6446a608c1043e2b12aa73b3d7d377
--
View it on GitLab:
https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/2acedd21cf6446a608c1043e2b12aa73b3d7d377
You're receiving this email because of your account on salsa.debian.org.
_______________________________________________
debian-security-tracker-commits mailing list
[email protected]
https://alioth-lists.debian.net/cgi-bin/mailman/listinfo/debian-security-tracker-commits
