[Git][security-tracker-team/security-tracker][master] automatic update

Salvatore Bonaccorso (@carnil) Mon, 23 Sep 2024 13:29:51 -0700


Salvatore Bonaccorso pushed to branch master at Debian Security Tracker / 
security-tracker



Commits:
14ecb8bb by security tracker role at 2024-09-23T20:12:34+00:00
automatic update

- - - - -


1 changed file:

- data/CVE/list


Changes:

=====================================
data/CVE/list
=====================================
@@ -1,4 +1,74 @@
-CVE-2022-48945 [media: vivid: fix compose size exceed boundary]
+CVE-2024-9014 (pgAdmin versions 8.11 and earlier are vulnerable to a security 
flaw in ...)
+       TODO: check
+CVE-2024-8903 (Local active protection service settings manipulation due to 
unnecessa ...)
+       TODO: check
+CVE-2024-7835 (Improper Neutralization of Input During Web Page Generation 
(XSS or 'C ...)
+       TODO: check
+CVE-2024-7735 (Improper Neutralization of Special Elements used in an SQL 
Command ('S ...)
+       TODO: check
+CVE-2024-47222 (New Cloud MyOffice SDK Collaborative Editing Server 2.2.2 
through 2.8  ...)
+       TODO: check
+CVE-2024-47069 (Oveleon Cookie Bar is a cookie bar is for the Contao Open 
Source CMS a ...)
+       TODO: check
+CVE-2024-47068 (Rollup is a module bundler for JavaScript. Versions prior to 
3.29.5 an ...)
+       TODO: check
+CVE-2024-47066 (Lobe Chat is an open-source artificial intelligence chat 
framework. Pr ...)
+       TODO: check
+CVE-2024-46997 (DataEase is an open source data visualization analysis tool. 
Prior to  ...)
+       TODO: check
+CVE-2024-46985 (DataEase is an open source data visualization analysis tool. 
Prior to  ...)
+       TODO: check
+CVE-2024-46639 (A cross-site scripting (XSS) vulnerability in HelpDeskZ v2.0.2 
allows  ...)
+       TODO: check
+CVE-2024-46544 (Incorrect Default Permissions vulnerability in Apache Tomcat 
Connector ...)
+       TODO: check
+CVE-2024-46241 (PHPGurukul Dairy Farm Shop Management System v1.1 is 
vulnerable to Cro ...)
+       TODO: check
+CVE-2024-45348 (Xiaomi Router AX9000 has a post-authorization command 
injection vulner ...)
+       TODO: check
+CVE-2024-44540 (Ubiquiti AirMax firmware version firmware version 8 allows 
attackers w ...)
+       TODO: check
+CVE-2024-43201 (The Planet Fitness Workouts iOS and Android mobile apps prior 
to versi ...)
+       TODO: check
+CVE-2024-41228 (A symlink following vulnerability in the pouch cp function of 
AliyunCo ...)
+       TODO: check
+CVE-2024-40442 (An issue in Doccano Open source annotation tools for machine 
learning  ...)
+       TODO: check
+CVE-2024-40441 (An issue in Doccano Open source annotation tools for machine 
learning  ...)
+       TODO: check
+CVE-2024-39843 (A SQL injection vulnerability in Centreon 24.04.2 allows a 
remote high ...)
+       TODO: check
+CVE-2024-39842 (A SQL injection vulnerability in Centreon 24.04.2 allows a 
remote high ...)
+       TODO: check
+CVE-2024-39342 (Entrust Instant Financial Issuance (formerly known as 
Cardwizard) 6.10 ...)
+       TODO: check
+CVE-2024-39341 (Entrust Instant Financial Issuance (On Premise) Software 
(formerly kno ...)
+       TODO: check
+CVE-2024-37779 (WoodWing Elvis DAM v6.98.1 was discovered to contain an 
authenticated  ...)
+       TODO: check
+CVE-2024-34331 (A lack of code signature verification in Parallels Desktop for 
Mac v19 ...)
+       TODO: check
+CVE-2024-23972 (Sony XAV-AX5500 USB Configuration Descriptor Buffer Overflow 
Remote Co ...)
+       TODO: check
+CVE-2024-23934 (Sony XAV-AX5500 WMV/ASF Parsing Stack-based Buffer Overflow 
Remote Cod ...)
+       TODO: check
+CVE-2024-23933 (Sony XAV-AX5500 CarPlay TLV Stack-based Buffer Overflow Remote 
Code Ex ...)
+       TODO: check
+CVE-2024-23922 (Sony XAV-AX5500 Insufficient Firmware Update Validation Remote 
Code Ex ...)
+       TODO: check
+CVE-2024-0005 (A condition exists in FlashArray and FlashBlade Purity whereby 
a malic ...)
+       TODO: check
+CVE-2024-0004 (A condition exists in FlashArray Purity whereby an user with 
array adm ...)
+       TODO: check
+CVE-2024-0003 (A condition exists in FlashArray Purity whereby a malicious 
user could ...)
+       TODO: check
+CVE-2024-0002 (A condition exists in FlashArray Purity whereby an attacker can 
employ ...)
+       TODO: check
+CVE-2024-0001 (A condition exists in FlashArray Purity whereby a local account 
intend ...)
+       TODO: check
+CVE-2023-46948 (A reflected Cross-Site Scripting (XSS) vulnerability was found 
on Teme ...)
+       TODO: check
+CVE-2022-48945 (In the Linux kernel, the following vulnerability has been 
resolved:  m ...)
        - linux 6.1.4-1
        [bullseye] - linux 5.10.178-1
        NOTE: 
https://git.kernel.org/linus/94a7ad9283464b75b12516c5512541d467cefcf8 (6.2-rc1)
@@ -2863,9 +2933,9 @@ CVE-2024-26191 (Microsoft SQL Server Native Scoring 
Remote Code Execution Vulner
        NOT-FOR-US: Microsoft
 CVE-2024-26186 (Microsoft SQL Server Native Scoring Remote Code Execution 
Vulnerabilit ...)
        NOT-FOR-US: Microsoft
-CVE-2024-25074 (An issue was discovered in Samsung Semiconductor Mobile 
Processor, Aut ...)
+CVE-2024-25074 (An issue was discovered in Samsung Semiconductor Mobile 
Processor and  ...)
        NOT-FOR-US: Samsung
-CVE-2024-25073 (An issue was discovered in Samsung Semiconductor Mobile 
Processor, Aut ...)
+CVE-2024-25073 (An issue was discovered in Samsung Semiconductor Mobile 
Processor and  ...)
        NOT-FOR-US: Samsung
 CVE-2024-21753 (A improper limitation of a pathname to a restricted directory 
('path t ...)
        NOT-FOR-US: Fortinet
@@ -6865,7 +6935,7 @@ CVE-2022-48867 (In the Linux kernel, the following 
vulnerability has been resolv
        - linux 6.1.8-1
        [bullseye] - linux <not-affected> (Vulnerable code not present)
        NOTE: 
https://git.kernel.org/linus/1beeec45f9ac31eba52478379f70a5fa9c2ad005 (6.2-rc5)
-CVE-2024-8007 (A flaw was found in the Red Hat OpenStack Platform (RHOSP) 
director. T ...)
+CVE-2024-8007 (A flaw was found in the openstack-tripleo-common component of 
the Red  ...)
        NOT-FOR-US: RHOSP Director / Red Hat OpenStack Platform
 CVE-2024-22034
        - osc 1.9.0-1
@@ -16077,7 +16147,7 @@ CVE-2024-39909 (KubeClarity is a tool for detection and 
management of Software B
        NOT-FOR-US: KubeClarity
 CVE-2024-39903 (Solara is a pure Python, React-style framework for scaling 
Jupyter and ...)
        NOT-FOR-US: Solara
-CVE-2024-39340 (A security vulnerability has been discovered in the handling 
of OTP ke ...)
+CVE-2024-39340 (The authentication system of Securepoint UTM mishandles OTP 
keys. This ...)
        NOT-FOR-US: Securepoint
 CVE-2024-38736 (Unrestricted Upload of File with Dangerous Type vulnerability 
in Realt ...)
        NOT-FOR-US: WordPress plugin



View it on GitLab: 
https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/14ecb8bb555691e65773a08bcca7bc7284507b23

-- 
View it on GitLab: 
https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/14ecb8bb555691e65773a08bcca7bc7284507b23
You're receiving this email because of your account on salsa.debian.org.

_______________________________________________
debian-security-tracker-commits mailing list
[email protected]
https://alioth-lists.debian.net/cgi-bin/mailman/listinfo/debian-security-tracker-commits

[Git][security-tracker-team/security-tracker][master] automatic update

Reply via email to