Salvatore Bonaccorso pushed to branch master at Debian Security Tracker /
security-tracker
Commits:
741b2202 by security tracker role at 2024-08-23T20:12:15+00:00
automatic update
- - - - -
1 changed file:
- data/CVE/list
Changes:
=====================================
data/CVE/list
=====================================
@@ -1,4 +1,138 @@
-CVE-2024-43883 [usb: vhci-hcd: Do not drop references before new references
are gained]
+CVE-2024-8113 (Stored XSS in organizer and event settings of pretix up to
2024.7.0 al ...)
+ TODO: check
+CVE-2024-8112 (A vulnerability was found in thinkgem JeeSite 5.3. It has been
rated a ...)
+ TODO: check
+CVE-2024-7986 (A vulnerability exists in the Rockwell
AutomationThinManager\xae ThinS ...)
+ TODO: check
+CVE-2024-7954 (The porte_plume plugin used by SPIP before 4.30-alpha2, 4.2.13,
and 4. ...)
+ TODO: check
+CVE-2024-7428 (URL Redirection to Untrusted Site ('Open Redirect')
vulnerability in O ...)
+ TODO: check
+CVE-2024-7427 (Improper Neutralization of Input During Web Page Generation
(XSS or 'C ...)
+ TODO: check
+CVE-2024-5586 (ZohocorpManageEngineADAudit Plus versions below8121 are
vulnerable to ...)
+ TODO: check
+CVE-2024-5556 (ZohocorpManageEngineADAudit Plus versions below8000 are
vulnerable to ...)
+ TODO: check
+CVE-2024-5502 (The Piotnet Addons For Elementor plugin for WordPress is
vulnerable to ...)
+ TODO: check
+CVE-2024-5490 (ZohocorpManageEngineADAudit Plus versions below8000 are
vulnerable to ...)
+ TODO: check
+CVE-2024-5467 (ZohocorpManageEngineADAudit Plus versions below8121 are
vulnerable to ...)
+ TODO: check
+CVE-2024-5466 (Zohocorp ManageEngine OpManager andRemote Monitoring and
Management ve ...)
+ TODO: check
+CVE-2024-45190 (Mage AI allows remote users with the "Viewer" role to leak
arbitrary f ...)
+ TODO: check
+CVE-2024-45189 (Mage AI allows remote users with the "Viewer" role to leak
arbitrary f ...)
+ TODO: check
+CVE-2024-45188 (Mage AI allows remote users with the "Viewer" role to leak
arbitrary f ...)
+ TODO: check
+CVE-2024-45187 (Guest users in the Mage AI framework that remain logged in
after their ...)
+ TODO: check
+CVE-2024-44390 (Tenda FH1206 V1.2.0.8(8155)_EN contains a Buffer Overflow
vulnerabilit ...)
+ TODO: check
+CVE-2024-44387 (Tenda FH1206 V1.2.0.8(8155)_EN contains a Buffer Overflow
vulnerabilit ...)
+ TODO: check
+CVE-2024-44386 (Tenda FH1206 V1.2.0.8(8155)_EN contains a Buffer Overflow
vulnerabilit ...)
+ TODO: check
+CVE-2024-44382 (D-Link DI_8004W 16.07.26A1 contains a command execution
vulnerability ...)
+ TODO: check
+CVE-2024-44381 (D-Link DI_8004W 16.07.26A1 contains a command execution
vulnerability ...)
+ TODO: check
+CVE-2024-43794 (OpenSearch Dashboards Security Plugin adds a configuration
management ...)
+ TODO: check
+CVE-2024-43791 (RequestStore provides per-request global storage for Rack. The
files p ...)
+ TODO: check
+CVE-2024-43782 (This openedx-translations repository contains translation
files from O ...)
+ TODO: check
+CVE-2024-43032 (autMan v2.9.6 allows attackers to bypass authentication via a
crafted ...)
+ TODO: check
+CVE-2024-43031 (autMan v2.9.6 was discovered to contain an access control
issue.)
+ TODO: check
+CVE-2024-42992 (Python Pip Pandas v2.2.2 was discovered to contain an
arbitrary file r ...)
+ TODO: check
+CVE-2024-42918 (itsourcecode Online Accreditation Management System contains a
Cross S ...)
+ TODO: check
+CVE-2024-42915 (A host header injection vulnerability in Staff Appraisal
System v1.0 a ...)
+ TODO: check
+CVE-2024-42914 (A host header injection vulnerability exists in the forgot
password fu ...)
+ TODO: check
+CVE-2024-42852 (Cross Site Scripting vulnerability in AcuToWeb server
v.10.5.0.7577C8b ...)
+ TODO: check
+CVE-2024-42845 (An eval Injection vulnerability in the component
invesalius/reader/dic ...)
+ TODO: check
+CVE-2024-42766 (Kashipara Bus Ticket Reservation System v1.0 0 is vulnerable
to Incorr ...)
+ TODO: check
+CVE-2024-42765 (A SQL injection vulnerability in "/login.php" of the Kashipara
Bus Tic ...)
+ TODO: check
+CVE-2024-42764 (Kashipara Bus Ticket Reservation System v1.0 is vulnerable to
Cross Si ...)
+ TODO: check
+CVE-2024-42756 (An issue in Netgear DGN1000WW v.1.1.00.45 allows a remote
attacker to ...)
+ TODO: check
+CVE-2024-42636 (DedeCMS V5.7.115 has a command execution vulnerability via
file_manage ...)
+ TODO: check
+CVE-2024-42531 (Ezviz Internet PT Camera CS-CV246 D15655150 allows an
unauthenticated ...)
+ TODO: check
+CVE-2024-42523 (publiccms V4.0.202302.e and before is vulnerable to Any File
Upload vi ...)
+ TODO: check
+CVE-2024-42364 (Homepage is a highly customizable homepage with Docker and
service API ...)
+ TODO: check
+CVE-2024-42040 (Buffer Overflow vulnerability in the net/bootp.c in DENEX
U-Boot from ...)
+ TODO: check
+CVE-2024-41878 (Adobe Experience Manager versions 6.5.19 and earlier are
affected by a ...)
+ TODO: check
+CVE-2024-41877 (Adobe Experience Manager versions 6.5.19 and earlier are
affected by a ...)
+ TODO: check
+CVE-2024-41876 (Adobe Experience Manager versions 6.5.20 and earlier are
affected by a ...)
+ TODO: check
+CVE-2024-41875 (Adobe Experience Manager versions 6.5.20 and earlier are
affected by a ...)
+ TODO: check
+CVE-2024-41849 (Adobe Experience Manager versions 6.5.20 and earlier are
affected by a ...)
+ TODO: check
+CVE-2024-41848 (Adobe Experience Manager versions 6.5.20 and earlier are
affected by a ...)
+ TODO: check
+CVE-2024-41847 (Adobe Experience Manager versions 6.5.20 and earlier are
affected by a ...)
+ TODO: check
+CVE-2024-41846 (Adobe Experience Manager versions 6.5.20 and earlier are
affected by a ...)
+ TODO: check
+CVE-2024-41845 (Adobe Experience Manager versions 6.5.20 and earlier are
affected by a ...)
+ TODO: check
+CVE-2024-41844 (Adobe Experience Manager versions 6.5.20 and earlier are
affected by a ...)
+ TODO: check
+CVE-2024-41843 (Adobe Experience Manager versions 6.5.20 and earlier are
affected by a ...)
+ TODO: check
+CVE-2024-41842 (Adobe Experience Manager versions 6.5.20 and earlier are
affected by a ...)
+ TODO: check
+CVE-2024-41841 (Adobe Experience Manager versions 6.5.20 and earlier are
affected by a ...)
+ TODO: check
+CVE-2024-41150 (An Stored Cross-site Scripting vulnerability in request module
affects ...)
+ TODO: check
+CVE-2024-39841 (A SQL Injection vulnerability exists in the service
configuration func ...)
+ TODO: check
+CVE-2024-38869 (An Stored Cross-site Scripting vulnerability affects
ZohocorpManageEng ...)
+ TODO: check
+CVE-2024-38807 (Applications that use spring-boot-loaderor
spring-boot-loader-classica ...)
+ TODO: check
+CVE-2024-37311 (Collabora Online is a collaborative online office suite based
on Libre ...)
+ TODO: check
+CVE-2024-36517 (ZohocorpManageEngineADAudit Plus versions below8000 are
vulnerable to ...)
+ TODO: check
+CVE-2024-36516 (ZohocorpManageEngineADAudit Plus versions below8000 are
vulnerable to ...)
+ TODO: check
+CVE-2024-36515 (ZohocorpManageEngineADAudit Plus versions below8000 are
vulnerable to ...)
+ TODO: check
+CVE-2024-36514 (ZohocorpManageEngineADAudit Plus versions below8000 are
vulnerable to ...)
+ TODO: check
+CVE-2024-33854 (A SQL Injection vulnerability exists in the Graph Template
component i ...)
+ TODO: check
+CVE-2024-33853 (A SQL Injection vulnerability exists in the Timeperiod
component in Ce ...)
+ TODO: check
+CVE-2024-33852 (A SQL Injection vulnerability exists in the Downtime component
in Cent ...)
+ TODO: check
+CVE-2024-32501 (A SQL Injection vulnerability exists in the updateServiceHost
function ...)
+ TODO: check
+CVE-2024-43883 (In the Linux kernel, the following vulnerability has been
resolved: u ...)
- linux 6.10.6-1
[bookworm] - linux 6.1.106-1
NOTE:
https://git.kernel.org/linus/afdcfd3d6fcdeca2735ca8d994c5f2d24a368f0a (6.11-rc3)
@@ -391,63 +525,83 @@ CVE-2021-4441 (In the Linux kernel, the following
vulnerability has been resolve
[bullseye] - linux 5.10.103-1
NOTE:
https://git.kernel.org/linus/ab3824427b848da10e9fe2727f035bbeecae6ff4 (5.17-rc6)
CVE-2024-8035 (Inappropriate implementation in Extensions in Google Chrome on
Windows ...)
+ {DSA-5757-1}
- chromium 128.0.6613.84-1
[bullseye] - chromium <end-of-life> (see #1061268)
CVE-2024-8034 (Inappropriate implementation in Custom Tabs in Google Chrome on
Androi ...)
+ {DSA-5757-1}
- chromium 128.0.6613.84-1
[bullseye] - chromium <end-of-life> (see #1061268)
CVE-2024-8033 (Inappropriate implementation in WebApp Installs in Google
Chrome on Wi ...)
+ {DSA-5757-1}
- chromium 128.0.6613.84-1
[bullseye] - chromium <end-of-life> (see #1061268)
CVE-2024-7981 (Inappropriate implementation in Views in Google Chrome prior to
128.0. ...)
+ {DSA-5757-1}
- chromium 128.0.6613.84-1
[bullseye] - chromium <end-of-life> (see #1061268)
CVE-2024-7980 (Insufficient data validation in Installer in Google Chrome on
Windows ...)
+ {DSA-5757-1}
- chromium 128.0.6613.84-1
[bullseye] - chromium <end-of-life> (see #1061268)
CVE-2024-7979 (Insufficient data validation in Installer in Google Chrome on
Windows ...)
+ {DSA-5757-1}
- chromium 128.0.6613.84-1
[bullseye] - chromium <end-of-life> (see #1061268)
CVE-2024-7978 (Insufficient policy enforcement in Data Transfer in Google
Chrome prio ...)
+ {DSA-5757-1}
- chromium 128.0.6613.84-1
[bullseye] - chromium <end-of-life> (see #1061268)
CVE-2024-7977 (Insufficient data validation in Installer in Google Chrome on
Windows ...)
+ {DSA-5757-1}
- chromium 128.0.6613.84-1
[bullseye] - chromium <end-of-life> (see #1061268)
CVE-2024-7976 (Inappropriate implementation in FedCM in Google Chrome prior to
128.0. ...)
+ {DSA-5757-1}
- chromium 128.0.6613.84-1
[bullseye] - chromium <end-of-life> (see #1061268)
CVE-2024-7975 (Inappropriate implementation in Permissions in Google Chrome
prior to ...)
+ {DSA-5757-1}
- chromium 128.0.6613.84-1
[bullseye] - chromium <end-of-life> (see #1061268)
CVE-2024-7974 (Insufficient data validation in V8 API in Google Chrome prior
to 128.0 ...)
+ {DSA-5757-1}
- chromium 128.0.6613.84-1
[bullseye] - chromium <end-of-life> (see #1061268)
CVE-2024-7973 (Heap buffer overflow in PDFium in Google Chrome prior to
128.0.6613.84 ...)
+ {DSA-5757-1}
- chromium 128.0.6613.84-1
[bullseye] - chromium <end-of-life> (see #1061268)
CVE-2024-7972 (Inappropriate implementation in V8 in Google Chrome prior to
128.0.661 ...)
+ {DSA-5757-1}
- chromium 128.0.6613.84-1
[bullseye] - chromium <end-of-life> (see #1061268)
CVE-2024-7971 (Type confusion in V8 in Google Chrome prior to 128.0.6613.84
allowed a ...)
+ {DSA-5757-1}
- chromium 128.0.6613.84-1
[bullseye] - chromium <end-of-life> (see #1061268)
CVE-2024-7969 (Type Confusion in V8 in Google Chrome prior to 128.0.6613.84
allowed a ...)
+ {DSA-5757-1}
- chromium 128.0.6613.84-1
[bullseye] - chromium <end-of-life> (see #1061268)
CVE-2024-7968 (Use after free in Autofill in Google Chrome prior to
128.0.6613.84 all ...)
+ {DSA-5757-1}
- chromium 128.0.6613.84-1
[bullseye] - chromium <end-of-life> (see #1061268)
CVE-2024-7967 (Heap buffer overflow in Fonts in Google Chrome prior to
128.0.6613.84 ...)
+ {DSA-5757-1}
- chromium 128.0.6613.84-1
[bullseye] - chromium <end-of-life> (see #1061268)
CVE-2024-7966 (Out of bounds memory access in Skia in Google Chrome prior to
128.0.66 ...)
+ {DSA-5757-1}
- chromium 128.0.6613.84-1
[bullseye] - chromium <end-of-life> (see #1061268)
CVE-2024-7965 (Inappropriate implementation in V8 in Google Chrome prior to
128.0.661 ...)
+ {DSA-5757-1}
- chromium 128.0.6613.84-1
[bullseye] - chromium <end-of-life> (see #1061268)
CVE-2024-7964 (Use after free in Passwords in Google Chrome on Android prior
to 128.0 ...)
+ {DSA-5757-1}
- chromium 128.0.6613.84-1
[bullseye] - chromium <end-of-life> (see #1061268)
CVE-2024-7795 (Autel MaxiCharger AC Elite Business C50
AppAuthenExchangeRandomNum Sta ...)
View it on GitLab:
https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/741b2202126f1c9fde7e9faee6b8c94df5d163f9
--
View it on GitLab:
https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/741b2202126f1c9fde7e9faee6b8c94df5d163f9
You're receiving this email because of your account on salsa.debian.org.
_______________________________________________
debian-security-tracker-commits mailing list
[email protected]
https://alioth-lists.debian.net/cgi-bin/mailman/listinfo/debian-security-tracker-commits
