Salvatore Bonaccorso pushed to branch master at Debian Security Tracker /
security-tracker
Commits:
0f4ff068 by security tracker role at 2024-09-20T20:12:25+00:00
automatic update
- - - - -
1 changed file:
- data/CVE/list
Changes:
=====================================
data/CVE/list
=====================================
@@ -1,14 +1,64 @@
-CVE-2024-8612 [Information leak in virtio devices]
+CVE-2024-9043 (Secure Email Gateway from Cellopoint has Buffer Overflow
Vulnerability ...)
+ TODO: check
+CVE-2024-9041 (A vulnerability has been found in SourceCodester Best House
Rental Man ...)
+ TODO: check
+CVE-2024-9040 (A vulnerability, which was classified as problematic, was found
in cod ...)
+ TODO: check
+CVE-2024-9039 (A vulnerability, which was classified as critical, has been
found in S ...)
+ TODO: check
+CVE-2024-9038 (A vulnerability classified as problematic was found in Codezips
Online ...)
+ TODO: check
+CVE-2024-9037 (A vulnerability classified as critical has been found in
Codezips Inte ...)
+ TODO: check
+CVE-2024-9036 (A vulnerability was found in itsourcecode Online Bookstore 1.0.
It has ...)
+ TODO: check
+CVE-2024-9035 (A vulnerability was found in code-projects Blood Bank
Management Syste ...)
+ TODO: check
+CVE-2024-9034 (A vulnerability was found in code-projects Patient Record
Management S ...)
+ TODO: check
+CVE-2024-9033 (A vulnerability has been found in SourceCodester Best House
Rental Man ...)
+ TODO: check
+CVE-2024-9032 (A vulnerability, which was classified as critical, was found in
Source ...)
+ TODO: check
+CVE-2024-9031 (A vulnerability, which was classified as problematic, has been
found i ...)
+ TODO: check
+CVE-2024-9030 (A vulnerability classified as problematic was found in
CodeCanyon CRMG ...)
+ TODO: check
+CVE-2024-47062 (Navidrome is an open source web-based music collection server
and stre ...)
+ TODO: check
+CVE-2024-47061 (Plate is a javascript toolkit that makes it easier for you to
develop ...)
+ TODO: check
+CVE-2024-46654 (A stored cross-site scripting (XSS) vulnerability in the Add
Scheduled ...)
+ TODO: check
+CVE-2024-46652 (Tenda AC8v4 V16.03.34.06 has a stack overflow vulnerability in
the fro ...)
+ TODO: check
+CVE-2024-45793 (Confidant is a open source secret management service that
provides use ...)
+ TODO: check
+CVE-2024-45489 (Arc before 2024-08-26 allows remote code execution in
JavaScript boost ...)
+ TODO: check
+CVE-2024-45229 (The Versa Director offers REST APIs for orchestration and
management. ...)
+ TODO: check
+CVE-2024-42697 (Cross Site Scripting vulnerability in Leotheme Leo Product
Search Modu ...)
+ TODO: check
+CVE-2024-42351 (Galaxy is a free, open-source system for analyzing data,
authoring wor ...)
+ TODO: check
+CVE-2024-42346 (Galaxy is a free, open-source system for analyzing data,
authoring wor ...)
+ TODO: check
+CVE-2024-37879 (Improper input validation in /admin/config/save in
User-friendly SVN ( ...)
+ TODO: check
+CVE-2023-47480 (An issue in Pure Data 0.54-0 and fixed in 0.54-1 allows a
local attack ...)
+ TODO: check
+CVE-2024-8612 (A flaw was found in QEMU, in the virtio-scsi, virtio-blk, and
virtio-c ...)
- qemu <unfixed> (bug #1082406)
NOTE: https://bugzilla.redhat.com/show_bug.cgi?id=2313760
NOTE:
https://gitlab.com/qemu-project/qemu/-/commit/637b0aa139565cb82a7b9269e62214f87082635c
-CVE-2024-45769
+CVE-2024-45769 (A vulnerability was found in Performance Co-Pilot (PCP). This
flaw all ...)
- pcp 6.3.1-1
NOTE: https://bugzilla.redhat.com/show_bug.cgi?id=2310452
NOTE: https://www.openwall.com/lists/oss-security/2024/09/20/1
NOTE: Fixed by:
https://github.com/performancecopilot/pcp/commit/3fc59861174ac0bbb08f5fa98cadb0d206f5cc60
(6.3.1)
NOTE: Fixed by:
https://github.com/performancecopilot/pcp/commit/eadb79aab46175d7a58d0fa88028408743e2a93f
(6.3.1)
-CVE-2024-45770
+CVE-2024-45770 (A vulnerability was found in Performance Co-Pilot (PCP). This
flaw can ...)
- pcp 6.3.1-1
NOTE: https://bugzilla.redhat.com/show_bug.cgi?id=2310451
NOTE: https://www.openwall.com/lists/oss-security/2024/09/20/1
@@ -2400,6 +2450,7 @@ CVE-2024-45590 (body-parser is Node.js body parsing
middleware. body-parser <1.2
CVE-2024-45412 (Yeti bridges the gap between CTI and DFIR practitioners by
providing a ...)
NOT-FOR-US: Yeti
CVE-2024-45409 (The Ruby SAML library is for implementing the client side of a
SAML au ...)
+ {DSA-5774-1}
- ruby-saml <unfixed> (bug #1081560)
NOTE:
https://github.com/SAML-Toolkits/ruby-saml/security/advisories/GHSA-jw9c-mfg7-9rx2
NOTE:
https://github.com/SAML-Toolkits/ruby-saml/commit/1ec5392bc506fe43a02dbb66b68741051c5ffeae
(v1.12.3)
@@ -41153,7 +41204,8 @@ CVE-2023-45385 (ProQuality pqprintshippinglabels before
v.4.15.0 is vulnerable t
NOT-FOR-US: ProQuality pqprintshippinglabels
CVE-2023-38002 (IBM Storage Scale 5.1.0.0 through 5.1.9.2 could allow an
authenticated ...)
NOT-FOR-US: IBM
-CVE-2023-36268 (An issue in The Document Foundation Libreoffice v.7.4.7 allows
a remot ...)
+CVE-2023-36268
+ REJECTED
- libreoffice <unfixed> (unimportant)
NOTE: Resource overload in desktop app, no security impact
CVE-2024-29040 (This repository hosts source code implementing the Trusted
Computing G ...)
@@ -77856,19 +77908,19 @@ CVE-2023-46956 (SQL injection vulnerability in
Packers and Movers Management Sys
NOT-FOR-US: Packers and Movers Management System
CVE-2023-46690 (In Delta Electronics InfraSuite Device Master v.1.0.7, a
vulnerability ...)
NOT-FOR-US: Delta Electronics
-CVE-2023-46389 (LOYTEC electronics GmbH LINX-212 firmware 6.2.4 and LINX-151
Firmware ...)
+CVE-2023-46389 (LOYTEC electronics GmbH LINX-212 and LINX-151 devices (all
versions) a ...)
NOT-FOR-US: LOYTEC
-CVE-2023-46388 (LOYTEC electronics GmbH LINX-212 6.2.4 and LINX-151 7.2.4 are
vulnerab ...)
+CVE-2023-46388 (LOYTEC electronics GmbH LINX-212 and LINX-151 devices (all
versions) a ...)
NOT-FOR-US: LOYTEC
-CVE-2023-46387 (LOYTEC electronics GmbH LINX-212 firmware 6.2.4 and LINX-151
firmware ...)
+CVE-2023-46387 (LOYTEC electronics GmbH LINX-212 and LINX-151 devices (all
versions) a ...)
NOT-FOR-US: LOYTEC
-CVE-2023-46386 (LOYTEC electronics GmbH LINX-212 firmware 6.2.4 and LINX-151
firmware ...)
+CVE-2023-46386 (LOYTEC electronics GmbH LINX-212 and LINX-151 devices (all
versions) a ...)
NOT-FOR-US: LOYTEC
-CVE-2023-46385 (LOYTEC electronics GmbH LINX Configurator 7.4.10 is vulnerable
to Inse ...)
+CVE-2023-46385 (LOYTEC electronics GmbH LINX Configurator (all versions) is
vulnerable ...)
NOT-FOR-US: LOYTEC
-CVE-2023-46384 (LOYTEC electronics GmbH LINX Configurator 7.4.10 is vulnerable
to Inse ...)
+CVE-2023-46384 (LOYTEC electronics GmbH LINX Configurator (all versions) is
vulnerable ...)
NOT-FOR-US: LOYTEC
-CVE-2023-46383 (LOYTEC electronics GmbH LINX Configurator 7.4.10 uses HTTP
Basic Authe ...)
+CVE-2023-46383 (LOYTEC electronics GmbH LINX Configurator (all versions) uses
HTTP Bas ...)
NOT-FOR-US: LOYTEC
CVE-2023-46326 (ZStack Cloud version 3.10.38 and before allows unauthenticated
API acc ...)
NOT-FOR-US: ZStack Cloud
@@ -90263,7 +90315,7 @@ CVE-2023-31808 (Technicolor TG670 10.5.N.9 devices
contain multiple accounts wit
NOT-FOR-US: Technicolor
CVE-2023-2995 (The Leyka WordPress plugin before 3.30.4 does not sanitise and
escape ...)
NOT-FOR-US: WordPress plugin
-CVE-2023-2567 (A SQL Injection vulnerability in Nozomi Networks Guardian and
CMC, due ...)
+CVE-2023-2567 (A SQL Injection vulnerability has been found in Nozomi Networks
Guardi ...)
NOT-FOR-US: Nozomi Networks Guardian and CMC
CVE-2023-29245 (A SQL Injection vulnerability in Nozomi Networks Guardian and
CMC, due ...)
NOT-FOR-US: Nozomi Networks Guardian and CMC
@@ -128536,7 +128588,7 @@ CVE-2023-23903 (An authenticated administrator can
upload a SAML configuration f
NOT-FOR-US: Nozomi Networks
CVE-2023-23574 (A blind SQL Injection vulnerability in Nozomi Networks
Guardian and CM ...)
NOT-FOR-US: Nozomi Networks Guardian and CMC
-CVE-2023-22843 (An authenticated attacker with administrative access to the
appliance ...)
+CVE-2023-22843 (An authenticated attacker with administrative access to the
web manage ...)
NOT-FOR-US: Nozomi Networks
CVE-2023-22378 (A blind SQL Injection vulnerability in Nozomi Networks
Guardian and CM ...)
NOT-FOR-US: Nozomi Networks
@@ -225152,7 +225204,7 @@ CVE-2022-21447 (Vulnerability in the PeopleSoft
Enterprise CS Academic Advisemen
NOT-FOR-US: Oracle
CVE-2022-21446 (Vulnerability in the Oracle Solaris product of Oracle Systems
(compone ...)
NOT-FOR-US: Oracle
-CVE-2022-21445 (Vulnerability in the Oracle JDeveloper product of Oracle
Fusion Middle ...)
+CVE-2022-21445 (Vulnerability in the Oracle Application Development Framework
(ADF) pr ...)
NOT-FOR-US: Oracle
CVE-2022-21444 (Vulnerability in the MySQL Server product of Oracle MySQL
(component: ...)
- mysql-8.0 8.0.29-1
View it on GitLab:
https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/0f4ff0689c3c409db6f2063dbc0b755e4468fc94
--
View it on GitLab:
https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/0f4ff0689c3c409db6f2063dbc0b755e4468fc94
You're receiving this email because of your account on salsa.debian.org.
_______________________________________________
debian-security-tracker-commits mailing list
[email protected]
https://alioth-lists.debian.net/cgi-bin/mailman/listinfo/debian-security-tracker-commits
