Salvatore Bonaccorso pushed to branch master at Debian Security Tracker /
security-tracker
Commits:
652d3782 by security tracker role at 2024-05-13T20:12:09+00:00
automatic update
- - - - -
1 changed file:
- data/CVE/list
Changes:
=====================================
data/CVE/list
=====================================
@@ -1,28 +1,214 @@
-CVE-2024-27401 [firewire: nosy: ensure user_length is taken into account when
fetching packet contents]
+CVE-2024-4825 (A vulnerability has been discovered in Agentejo Cockpit CMS
v0.5.5 tha ...)
+ TODO: check
+CVE-2024-4824 (Vulnerability in School ERP Pro+Responsive 1.0 that allows SQL
injecti ...)
+ TODO: check
+CVE-2024-4823 (Vulnerability in School ERP Pro+Responsive 1.0 that allows XSS
via the ...)
+ TODO: check
+CVE-2024-4822 (Vulnerability in School ERP Pro+Responsive 1.0 that allows XSS
via the ...)
+ TODO: check
+CVE-2024-4820 (A vulnerability was found in SourceCodester Online Computer and
Laptop ...)
+ TODO: check
+CVE-2024-4819 (A vulnerability was found in Campcodes Online Laundry
Management Syste ...)
+ TODO: check
+CVE-2024-4818 (A vulnerability was found in Campcodes Online Laundry
Management Syste ...)
+ TODO: check
+CVE-2024-4817 (A vulnerability has been found in Campcodes Online Laundry
Management ...)
+ TODO: check
+CVE-2024-4816 (A vulnerability, which was classified as critical, was found in
Ruijie ...)
+ TODO: check
+CVE-2024-4815 (A vulnerability, which was classified as critical, has been
found in R ...)
+ TODO: check
+CVE-2024-4814 (A vulnerability classified as critical was found in Ruijie
RG-UAC up t ...)
+ TODO: check
+CVE-2024-4813 (A vulnerability classified as critical has been found in Ruijie
RG-UAC ...)
+ TODO: check
+CVE-2024-4747 (Improper Neutralization of Input During Web Page Generation
('Cross-si ...)
+ TODO: check
+CVE-2024-4068 (The NPM package `braces` fails to limit the number of
characters it ca ...)
+ TODO: check
+CVE-2024-4067 (The NPM package `micromatch` is vulnerable to Regular
Expression Denia ...)
+ TODO: check
+CVE-2024-3462 (Ant Media Server Community Edition in a default configuration
is vulne ...)
+ TODO: check
+CVE-2024-3263 (YMS VIS Pro is an information system for veterinary and food
administr ...)
+ TODO: check
+CVE-2024-35172 (Server-Side Request Forgery (SSRF) vulnerability in ShortPixel
ShortPi ...)
+ TODO: check
+CVE-2024-35171 (Exposure of Sensitive Information to an Unauthorized Actor
vulnerabili ...)
+ TODO: check
+CVE-2024-35170 (Improper Neutralization of Input During Web Page Generation
('Cross-si ...)
+ TODO: check
+CVE-2024-35169 (Improper Neutralization of Input During Web Page Generation
('Cross-si ...)
+ TODO: check
+CVE-2024-35167 (Improper Neutralization of Input During Web Page Generation
('Cross-si ...)
+ TODO: check
+CVE-2024-35166 (Exposure of Sensitive Information to an Unauthorized Actor
vulnerabili ...)
+ TODO: check
+CVE-2024-35165 (Exposure of Sensitive Information to an Unauthorized Actor
vulnerabili ...)
+ TODO: check
+CVE-2024-35099 (TOTOLINK LR350 V9.3.5u.6698_B20230810 was discovered to
contain a stac ...)
+ TODO: check
+CVE-2024-35050 (An issue in SurveyKing v1.3.1 allows attackers to escalate
privileges ...)
+ TODO: check
+CVE-2024-35049 (SurveyKing v1.3.1 was discovered to keep users' sessions
active after ...)
+ TODO: check
+CVE-2024-35048 (An issue in SurveyKing v1.3.1 allows attackers to execute a
session re ...)
+ TODO: check
+CVE-2024-34921 (TOTOLINK X5000R v9.1.0cu.2350_B20230313 was discovered to
contain a co ...)
+ TODO: check
+CVE-2024-34899 (WWBN AVideo 12.4 is vulnerable to Cross Site Scripting (XSS).)
+ TODO: check
+CVE-2024-34812 (Exposure of Sensitive Information to an Unauthorized Actor
vulnerabili ...)
+ TODO: check
+CVE-2024-34811 (Improper Neutralization of Input During Web Page Generation
('Cross-si ...)
+ TODO: check
+CVE-2024-34749 (Phormer prior to version 3.35 contains a cross-site scripting
vulnerab ...)
+ TODO: check
+CVE-2024-34709 (Directus is a real-time API and App dashboard for managing SQL
databas ...)
+ TODO: check
+CVE-2024-34708 (Directus is a real-time API and App dashboard for managing SQL
databas ...)
+ TODO: check
+CVE-2024-34707 (Nautobot is a Network Source of Truth and Network Automation
Platform. ...)
+ TODO: check
+CVE-2024-34706 (Valtimo is an open source business process and case management
platfor ...)
+ TODO: check
+CVE-2024-34704 (era-compiler-solidity is the ZKsync compiler for Solidity.
The proble ...)
+ TODO: check
+CVE-2024-34701 (CreateWiki is Miraheze's MediaWiki extension for requesting &
creating ...)
+ TODO: check
+CVE-2024-34699 (GZ::CTF is a capture the flag platform. Prior to 0.20.1,
unprivileged ...)
+ TODO: check
+CVE-2024-34698 (FreeScout is a free, self-hosted help desk and shared mailbox.
Version ...)
+ TODO: check
+CVE-2024-34697 (FreeScout is a free, self-hosted help desk and shared mailbox.
A store ...)
+ TODO: check
+CVE-2024-34555 (Unrestricted Upload of File with Dangerous Type vulnerability
in URBAN ...)
+ TODO: check
+CVE-2024-34459 (An issue was discovered in xmllint (from libxml2) before
2.11.8 and 2. ...)
+ TODO: check
+CVE-2024-34440 (Unrestricted Upload of File with Dangerous Type vulnerability
in Jordy ...)
+ TODO: check
+CVE-2024-34416 (Unrestricted Upload of File with Dangerous Type vulnerability
in Pk Fa ...)
+ TODO: check
+CVE-2024-34411 (Unrestricted Upload of File with Dangerous Type vulnerability
in Thoma ...)
+ TODO: check
+CVE-2024-34353 (matrix-rust-sdk is an implementation of a Matrix client-server
library ...)
+ TODO: check
+CVE-2024-34340 (Cacti provides an operational monitoring and fault management
framewor ...)
+ TODO: check
+CVE-2024-34231 (A cross-site scripting (XSS) vulnerability in Sourcecodester
Laborator ...)
+ TODO: check
+CVE-2024-34230 (A cross-site scripting (XSS) vulnerability in Sourcecodester
Laborator ...)
+ TODO: check
+CVE-2024-34226 (SQL injection vulnerability in
/php-sqlite-vms/?page=manage_visitor&id ...)
+ TODO: check
+CVE-2024-34225 (Cross Site Scripting vulnerability in
php-lms/admin/?page=system_info ...)
+ TODO: check
+CVE-2024-34224 (Cross Site Scripting vulnerability in
/php-lms/classes/Users.php?f=sav ...)
+ TODO: check
+CVE-2024-34223 (Insecure permission vulnerability in /hrm/leaverequest.php in
SourceCo ...)
+ TODO: check
+CVE-2024-34222 (Sourcecodester Human Resource Management System 1.0 is
vulnerable to S ...)
+ TODO: check
+CVE-2024-34221 (Sourcecodester Human Resource Management System 1.0 is
vulnerable to I ...)
+ TODO: check
+CVE-2024-34081 (MantisBT (Mantis Bug Tracker) is an open source issue tracker.
Improp ...)
+ TODO: check
+CVE-2024-34080 (MantisBT (Mantis Bug Tracker) is an open source issue tracker.
If an i ...)
+ TODO: check
+CVE-2024-34077 (MantisBT (Mantis Bug Tracker) is an open source issue tracker.
Insuffi ...)
+ TODO: check
+CVE-2024-33433 (Cross Site Scripting vulnerability in TOTOLINK X2000R before
v1.0.0-B2 ...)
+ TODO: check
+CVE-2024-33386 (An issue in SoundCloud Prometheu v.2.5.1 and before allows a
remote at ...)
+ TODO: check
+CVE-2024-33250 (An issue in Open-Source Technology Committee SRS real-time
video serve ...)
+ TODO: check
+CVE-2024-32100 (Exposure of Sensitive Information to an Unauthorized Actor
vulnerabili ...)
+ TODO: check
+CVE-2024-31810 (TOTOLINK EX200 V4.0.3c.7646_B20201211 was discovered to
contain a hard ...)
+ TODO: check
+CVE-2024-31771 (Insecure Permission vulnerability in TotalAV v.6.0.740 allows
a local ...)
+ TODO: check
+CVE-2024-31460 (Cacti provides an operational monitoring and fault management
framewor ...)
+ TODO: check
+CVE-2024-31459 (Cacti provides an operational monitoring and fault management
framewor ...)
+ TODO: check
+CVE-2024-31458 (Cacti provides an operational monitoring and fault management
framewor ...)
+ TODO: check
+CVE-2024-31445 (Cacti provides an operational monitoring and fault management
framewor ...)
+ TODO: check
+CVE-2024-31444 (Cacti provides an operational monitoring and fault management
framewor ...)
+ TODO: check
+CVE-2024-31443 (Cacti provides an operational monitoring and fault management
framewor ...)
+ TODO: check
+CVE-2024-31377 (Unrestricted Upload of File with Dangerous Type vulnerability
in J.N. ...)
+ TODO: check
+CVE-2024-30268 (Cacti provides an operational monitoring and fault management
framewor ...)
+ TODO: check
+CVE-2024-30259 (FastDDS is a C++ implementation of the DDS (Data Distribution
Service) ...)
+ TODO: check
+CVE-2024-30258 (FastDDS is a C++ implementation of the DDS (Data Distribution
Service) ...)
+ TODO: check
+CVE-2024-29895 (Cacti provides an operational monitoring and fault management
framewor ...)
+ TODO: check
+CVE-2024-29894 (Cacti provides an operational monitoring and fault management
framewor ...)
+ TODO: check
+CVE-2024-29513 (An issue in briscKernelDriver.sys in BlueRiSC WindowsSCOPE
Cyber Foren ...)
+ TODO: check
+CVE-2024-28866 (GoCD is a continuous delivery server. GoCD versions from
19.4.0 to 23. ...)
+ TODO: check
+CVE-2024-28285 (A Fault Injection vulnerability in the SymmetricDecrypt
function in cr ...)
+ TODO: check
+CVE-2024-28279 (Code-projects Computer Book Store 1.0 is vulnerable to SQL
Injection v ...)
+ TODO: check
+CVE-2024-28277 (In Sourcecodester School Task Manager v1.0, a vulnerability
was identi ...)
+ TODO: check
+CVE-2024-28276 (Sourcecodester School Task Manager 1.0 is vulnerable to Cross
Site Scr ...)
+ TODO: check
+CVE-2024-27082 (Cacti provides an operational monitoring and fault management
framewor ...)
+ TODO: check
+CVE-2024-25662 (Oxygen XML Web Author v26.0.0 and older and Oxygen Content
Fusion v6.1 ...)
+ TODO: check
+CVE-2024-25641 (Cacti provides an operational monitoring and fault management
framewor ...)
+ TODO: check
+CVE-2024-22774 (An issue in Panoramic Corporation Digital Imaging Software
v.9.1.2.760 ...)
+ TODO: check
+CVE-2023-50718 (NocoDB is software for building databases as spreadsheets.
Prior to ve ...)
+ TODO: check
+CVE-2023-50717 (NocoDB is software for building databases as spreadsheets.
Starting in ...)
+ TODO: check
+CVE-2023-49781 (NocoDB is software for building databases as spreadsheets.
Prior to 0. ...)
+ TODO: check
+CVE-2023-46870 (extcap/nrf_sniffer_ble.py, extcap/nrf_sniffer_ble.sh,
extcap/SnifferAP ...)
+ TODO: check
+CVE-2022-4967 (strongSwan versions 5.9.2 through 5.9.5 are affected by
authorization ...)
+ TODO: check
+CVE-2024-27401 (In the Linux kernel, the following vulnerability has been
resolved: f ...)
- linux <unfixed>
NOTE:
https://git.kernel.org/linus/38762a0763c10c24a4915feee722d7aa6e73eb98 (6.9-rc7)
-CVE-2024-27400 [drm/amdgpu: once more fix the call oder in amdgpu_ttm_move()
v2]
+CVE-2024-27400 (In the Linux kernel, the following vulnerability has been
resolved: d ...)
- linux <unfixed>
[bullseye] - linux <not-affected> (Vulnerable code not present)
[buster] - linux <not-affected> (Vulnerable code not present)
NOTE:
https://git.kernel.org/linus/d3a9331a6591e9df64791e076f6591f440af51c3 (6.9-rc7)
-CVE-2024-27399 [Bluetooth: l2cap: fix null-ptr-deref in l2cap_chan_timeout]
+CVE-2024-27399 (In the Linux kernel, the following vulnerability has been
resolved: B ...)
- linux <unfixed>
NOTE:
https://git.kernel.org/linus/adf0398cee86643b8eacde95f17d073d022f782c (6.9)
-CVE-2024-27398 [Bluetooth: Fix use-after-free bugs caused by sco_sock_timeout]
+CVE-2024-27398 (In the Linux kernel, the following vulnerability has been
resolved: B ...)
- linux <unfixed>
NOTE:
https://git.kernel.org/linus/483bc08181827fc475643272ffb69c533007e546 (6.9)
-CVE-2023-52656 [io_uring: drop any code related to SCM_RIGHTS]
+CVE-2023-52656 (In the Linux kernel, the following vulnerability has been
resolved: i ...)
- linux 6.7.12-1
[bookworm] - linux 6.1.85-1
[bullseye] - linux 5.10.216-1
NOTE:
https://git.kernel.org/linus/6e5e6d274956305f1fc0340522b38f5f5be74bdb (6.8-rc1)
-CVE-2023-52655 [usb: aqc111: check packet for fixup for true limit]
+CVE-2023-52655 (In the Linux kernel, the following vulnerability has been
resolved: u ...)
- linux 6.6.8-1
[bookworm] - linux 6.1.69-1
[bullseye] - linux 5.10.205-1
NOTE:
https://git.kernel.org/linus/ccab434e674ca95d483788b1895a70c21b7f016a (6.7-rc3)
-CVE-2024-25581 [Transfer requests received over DoH can lead to a denial of
service in DNSdist]
+CVE-2024-25581 (When incoming DNS over HTTPS support is enabled using the
nghttp2 prov ...)
- dnsdist <unfixed>
[bookworm] - dnsdist <not-affected> (Vulnerable code not present)
[bullseye] - dnsdist <not-affected> (Vulnerable code not present)
@@ -1830,7 +2016,7 @@ CVE-2023-32873 (In keyInstall, there is a possible out of
bounds write due to a
NOT-FOR-US: MediaTek
CVE-2023-32871 (In DA, there is a possible permission bypass due to an
incorrect statu ...)
NOT-FOR-US: MediaTek
-CVE-2024-29857 (An issue was discovered in Bouncy Castle Java Cryptography
APIs before ...)
+CVE-2024-29857 (An issue was discovered in ECCurve.java and ECCurve.cs in
Bouncy Castl ...)
- bouncycastle <unfixed> (bug #1070655)
[bookworm] - bouncycastle <no-dsa> (Minor issue)
[bullseye] - bouncycastle <no-dsa> (Minor issue)
@@ -286467,8 +286653,8 @@ CVE-2020-18307
RESERVED
CVE-2020-18306
RESERVED
-CVE-2020-18305
- RESERVED
+CVE-2020-18305 (Extreme Networks EXOS before v.22.7 and before v.30.2 was
discovered t ...)
+ TODO: check
CVE-2020-18304
RESERVED
CVE-2020-18303
View it on GitLab:
https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/652d3782ac0a47daf957cd3c8f1df34df69a1a31
--
View it on GitLab:
https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/652d3782ac0a47daf957cd3c8f1df34df69a1a31
You're receiving this email because of your account on salsa.debian.org.
_______________________________________________
debian-security-tracker-commits mailing list
debian-security-tracker-commits@alioth-lists.debian.net
https://alioth-lists.debian.net/cgi-bin/mailman/listinfo/debian-security-tracker-commits
