Salvatore Bonaccorso pushed to branch master at Debian Security Tracker /
security-tracker
Commits:
29c749c5 by security tracker role at 2024-08-21T20:12:25+00:00
automatic update
- - - - -
1 changed file:
- data/CVE/list
Changes:
=====================================
data/CVE/list
=====================================
@@ -1,3 +1,119 @@
+CVE-2024-7795 (Autel MaxiCharger AC Elite Business C50
AppAuthenExchangeRandomNum Sta ...)
+ TODO: check
+CVE-2024-7757
+ REJECTED
+CVE-2024-7725 (Foxit PDF Reader AcroForm Use-After-Free Remote Code Execution
Vulnera ...)
+ TODO: check
+CVE-2024-7724 (Foxit PDF Reader AcroForm Use-After-Free Remote Code Execution
Vulnera ...)
+ TODO: check
+CVE-2024-7723 (Foxit PDF Reader AcroForm Use-After-Free Remote Code Execution
Vulnera ...)
+ TODO: check
+CVE-2024-7722 (Foxit PDF Reader Doc Object Use-After-Free Information
Disclosure Vuln ...)
+ TODO: check
+CVE-2024-7604 (Logsign Unified SecOps Platform Incorrect Authorization
Authentication ...)
+ TODO: check
+CVE-2024-7603 (Logsign Unified SecOps Platform Directory Traversal Arbitrary
Director ...)
+ TODO: check
+CVE-2024-7602 (Logsign Unified SecOps Platform Directory Traversal Information
Disclo ...)
+ TODO: check
+CVE-2024-7601 (Logsign Unified SecOps Platform Directory
data_export_delete_all Trave ...)
+ TODO: check
+CVE-2024-7600 (Logsign Unified SecOps Platform Directory Traversal Arbitrary
File Del ...)
+ TODO: check
+CVE-2024-7448 (Magnet Forensics AXIOM Command Injection Remote Code Execution
Vulnera ...)
+ TODO: check
+CVE-2024-6814 (NETGEAR ProSAFE Network Management System getFilterString SQL
Injectio ...)
+ TODO: check
+CVE-2024-6813 (NETGEAR ProSAFE Network Management System getSortString SQL
Injection ...)
+ TODO: check
+CVE-2024-6812 (IrfanView WSQ File Parsing Out-Of-Bounds Write Remote Code
Execution V ...)
+ TODO: check
+CVE-2024-6811 (IrfanView WSQ File Parsing Out-Of-Bounds Write Remote Code
Execution V ...)
+ TODO: check
+CVE-2024-6141 (Windscribe Directory Traversal Local Privilege Escalation
Vulnerabilit ...)
+ TODO: check
+CVE-2024-5930 (VIPRE Advanced Security Incorrect Permission Assignment Local
Privileg ...)
+ TODO: check
+CVE-2024-5929 (VIPRE Advanced Security PMAgent Uncontrolled Search Path
Element Local ...)
+ TODO: check
+CVE-2024-5928 (VIPRE Advanced Security PMAgent Link Following Local Privilege
Escalat ...)
+ TODO: check
+CVE-2024-5762 (Zen Cart findPluginAdminPage Local File Inclusion Remote Code
Executio ...)
+ TODO: check
+CVE-2024-5725 (Centreon initCurveList SQL Injection Remote Code Execution
Vulnerabili ...)
+ TODO: check
+CVE-2024-5723 (Centreon updateServiceHost SQL Injection Remote Code Execution
Vulnera ...)
+ TODO: check
+CVE-2024-5335 (The Ultimate Store Kit Elementor Addons, Woocommerce Builder,
EDD Buil ...)
+ TODO: check
+CVE-2024-43411 (CKEditor4 is an open source what-you-see-is-what-you-get HTML
editor. ...)
+ TODO: check
+CVE-2024-43410 (Russh is a Rust SSH client & server library. Allocating an
untrusted a ...)
+ TODO: check
+CVE-2024-43407 (CKEditor4 is an open source what-you-see-is-what-you-get HTML
editor. ...)
+ TODO: check
+CVE-2024-43371 (CKAN is an open-source data management system for powering
data hubs a ...)
+ TODO: check
+CVE-2024-43027 (DrayTek Vigor 3900 before v1.5.1.5_Beta, DrayTek Vigor 2960
before v1. ...)
+ TODO: check
+CVE-2024-43022 (An issue in the downloader.php component of TOSEI online store
managem ...)
+ TODO: check
+CVE-2024-42786 (A SQL injection vulnerability in "/music/view_user.php" in
Kashipara M ...)
+ TODO: check
+CVE-2024-42785 (A SQL injection vulnerability in
/music/index.php?page=view_playlist i ...)
+ TODO: check
+CVE-2024-42784 (A SQL injection vulnerability in
"/music/controller.php?page=view_musi ...)
+ TODO: check
+CVE-2024-42783 (Kashipara Music Management System v1.0 is vulnerable to SQL
Injection ...)
+ TODO: check
+CVE-2024-42782 (A SQL injection vulnerability in
"/music/ajax.php?action=find_music" i ...)
+ TODO: check
+CVE-2024-42781 (A SQL injection vulnerability in
"/music/ajax.php?action=login" of Kas ...)
+ TODO: check
+CVE-2024-42780 (An Unrestricted file upload vulnerability was found in
"/music/ajax.ph ...)
+ TODO: check
+CVE-2024-42779 (An Unrestricted file upload vulnerability was found in
"/music/ajax.ph ...)
+ TODO: check
+CVE-2024-42778 (An Unrestricted file upload vulnerability was found in
"/music/ajax.ph ...)
+ TODO: check
+CVE-2024-42777 (An Unrestricted file upload vulnerability was found in
"/music/ajax.ph ...)
+ TODO: check
+CVE-2024-42550 (A cross-site scripting (XSS) vulnerability in the component
/email/wel ...)
+ TODO: check
+CVE-2024-41937 (Apache Airflow, versions before 2.10.0, have a vulnerability
that allo ...)
+ TODO: check
+CVE-2024-41675 (CKAN is an open-source data management system for powering
data hubs a ...)
+ TODO: check
+CVE-2024-41674 (CKAN is an open-source data management system for powering
data hubs a ...)
+ TODO: check
+CVE-2024-41572 (Learning with Texts (LWT) 2.0.3 is vulnerable to Cross Site
Scripting ...)
+ TODO: check
+CVE-2024-40453 (squirrellyjs squirrelly v9.0.0 and fixed in v.9.0.1 was
discovered to ...)
+ TODO: check
+CVE-2024-39344 (An issue was discovered in the Docusign API package 8.142.14
for Sales ...)
+ TODO: check
+CVE-2024-37008 (A maliciously crafted DWG file, when parsed in Revit, can
force a stac ...)
+ TODO: check
+CVE-2024-33657 (This SMM vulnerability affects certain modules, allowing
privileged at ...)
+ TODO: check
+CVE-2024-33656 (The DXE module SmmComputrace contains a vulnerability that
allows loca ...)
+ TODO: check
+CVE-2024-28000 (Incorrect Privilege Assignment vulnerability in LiteSpeed
Technologies ...)
+ TODO: check
+CVE-2024-21690 (This High severity Reflected XSS and CSRF (Cross-Site Request
Forgery) ...)
+ TODO: check
+CVE-2024-20488 (A vulnerability in the web-based management interface of Cisco
Unified ...)
+ TODO: check
+CVE-2024-20486 (A vulnerability in the web-based management interface of Cisco
Identit ...)
+ TODO: check
+CVE-2024-20466 (A vulnerability in the web-based management interface of Cisco
Identit ...)
+ TODO: check
+CVE-2024-20417 (Multiple vulnerabilities in the REST API of Cisco Identity
Services En ...)
+ TODO: check
+CVE-2024-20375 (A vulnerability in the SIP call processing function of Cisco
Unified C ...)
+ TODO: check
+CVE-2023-49198 (Mysql security vulnerability in Apache SeaTunnel. Attackers
can read ...)
+ TODO: check
CVE-2024-8023 (A vulnerability classified as critical has been found in
chillzhuang S ...)
NOT-FOR-US: chillzhuang SpringBlade
CVE-2024-8022 (A vulnerability was found in Genexis Tilgin Home Gateway
322_AS0500-03 ...)
@@ -268,7 +384,7 @@ CVE-2022-48867 (In the Linux kernel, the following
vulnerability has been resolv
- linux 6.1.8-1
[bullseye] - linux <not-affected> (Vulnerable code not present)
NOTE:
https://git.kernel.org/linus/1beeec45f9ac31eba52478379f70a5fa9c2ad005 (6.2-rc5)
-CVE-2024-8007
+CVE-2024-8007 (A flaw was found in the Red Hat OpenStack Platform (RHOSP)
director. T ...)
NOT-FOR-US: RHOSP Director / Red Hat OpenStack Platform
CVE-2024-22034
- osc 1.9.0-1
@@ -1380,7 +1496,7 @@ CVE-2023-4025 (The Radio Player plugin for WordPress is
vulnerable to unauthoriz
NOT-FOR-US: WordPress plugin
CVE-2023-4024 (The Radio Player plugin for WordPress is vulnerable to
unauthorized mo ...)
NOT-FOR-US: WordPress plugin
-CVE-2024-7885
+CVE-2024-7885 (A vulnerability was found in Undertow where the
ProxyProtocolReadListe ...)
- undertow <unfixed>
NOTE: https://bugzilla.redhat.com/show_bug.cgi?id=2305290
CVE-2024-7646 (A security issue was discovered in ingress-nginx where an actor
with p ...)
@@ -12277,6 +12393,7 @@ CVE-2023-39324
CVE-2024-40767 (In OpenStack Nova before 27.4.1, 28 before 28.2.1, and 29
before 29.1. ...)
- nova <not-affected> (Incomplete fix/regression never introduced in
Debian as fix for CVE-2024-32498 complete)
CVE-2024-32498 (An issue was discovered in OpenStack Cinder through 24.0.0,
Glance bef ...)
+ {DSA-5756-1 DSA-5755-1 DSA-5754-1}
- cinder 2:24.0.0-5 (bug #1074763)
- glance 2:28.0.1-3+deb12u1 (bug #1074761)
- nova 2:29.0.2-4 (bug #1074762)
@@ -20058,6 +20175,7 @@ CVE-2024-5387
CVE-2024-5214
REJECTED
CVE-2024-5171 (Integer overflow in libaom internal functionimg_alloc_helper
can lead ...)
+ {DSA-5753-1}
- aom 3.8.2-3
NOTE: https://issues.chromium.org/issues/332382766
NOTE:
https://aomedia.googlesource.com/aom/+/19d9966572a410804349e1a8ee2017fed49a6dab
@@ -104625,8 +104743,8 @@ CVE-2023-29931 (laravel-s 3.7.35 is vulnerable to
Local File Inclusion via /src/
NOT-FOR-US: laravel-s
CVE-2023-29930 (An issue was found in Genesys CIC Polycom phone provisioning
TFTP Serv ...)
NOT-FOR-US: Genesys
-CVE-2023-29929
- RESERVED
+CVE-2023-29929 (Buffer Overflow vulnerability found in Kemptechnologies
Loadmaster bef ...)
+ TODO: check
CVE-2023-29928
RESERVED
CVE-2023-29927 (Versions of Sage 300 through 2022 implement role-based access
controls ...)
@@ -127976,8 +128094,8 @@ CVE-2015-10011 (A vulnerability classified as
problematic has been found in Open
NOT-FOR-US: OpenResolve
CVE-2015-10010 (A vulnerability was found in OpenDNS OpenResolve. It has been
rated as ...)
NOT-FOR-US: OpenResolve
-CVE-2023-22576
- RESERVED
+CVE-2023-22576 (Dell Repository Manager version 3.4.2 and earlier, contain a
Local Pri ...)
+ TODO: check
CVE-2023-22575 (Dell PowerScale OneFS 9.0.0.x - 9.4.0.x contain an insertion
of sensit ...)
NOT-FOR-US: Dell
CVE-2023-22574 (Dell PowerScale OneFS 9.0.0.x - 9.4.0.x contain an insertion
of sensit ...)
@@ -195715,10 +195833,10 @@ CVE-2022-26330 (Potential vulnerabilities have been
identified in Micro Focus Ar
NOT-FOR-US: Micro Focus
CVE-2022-26329 (File existence disclosure vulnerability in NetIQ Identity
Manager plug ...)
NOT-FOR-US: Micro Focus
-CVE-2022-26328
- RESERVED
-CVE-2022-26327
- RESERVED
+CVE-2022-26328 (Improper Neutralization of Input During Web Page Generation
(XSS or 'C ...)
+ TODO: check
+CVE-2022-26327 (Exposure of Sensitive Information to an Unauthorized Actor
vulnerabili ...)
+ TODO: check
CVE-2022-26326 (Potential open redirection vulnerability when URL is crafted
in specif ...)
NOT-FOR-US: NetIQ Access Manager
CVE-2022-26325 (Reflected Cross Site Scripting (XSS) vulnerability in NetIQ
Access Man ...)
@@ -333214,16 +333332,16 @@ CVE-2020-11852 (DKIM key management page
vulnerability on Micro Focus Secure Mes
NOT-FOR-US: Micro Focus
CVE-2020-11851 (Arbitrary code execution vulnerability on Micro Focus ArcSight
Logger ...)
NOT-FOR-US: Micro Focus
-CVE-2020-11850
- RESERVED
+CVE-2020-11850 (Improper Input Validation vulnerability in OpenText Self
Service Passw ...)
+ TODO: check
CVE-2020-11849 (Elevation of privilege and/or unauthorized access
vulnerability in Mic ...)
NOT-FOR-US: Micro Focus
CVE-2020-11848 (Denial of service vulnerability on Micro Focus ArcSight
Management Cen ...)
NOT-FOR-US: Micro Focus
-CVE-2020-11847
- RESERVED
-CVE-2020-11846
- RESERVED
+CVE-2020-11847 (SSH authenticated user when access the PAM server can execute
an OS co ...)
+ TODO: check
+CVE-2020-11846 (A vulnerability found in OpenText Privileged Access Manager
that issue ...)
+ TODO: check
CVE-2020-11845 (Cross Site Scripting vulnerability in Micro Focus Service
Manager prod ...)
NOT-FOR-US: Micro Focus
CVE-2020-11844 (Incorrect Authorization vulnerability in Micro Focus Container
Deploym ...)
View it on GitLab:
https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/29c749c5372621d974f1c8ab83aa51f4a6a08fef
--
View it on GitLab:
https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/29c749c5372621d974f1c8ab83aa51f4a6a08fef
You're receiving this email because of your account on salsa.debian.org.
_______________________________________________
debian-security-tracker-commits mailing list
[email protected]
https://alioth-lists.debian.net/cgi-bin/mailman/listinfo/debian-security-tracker-commits
