Salvatore Bonaccorso pushed to branch master at Debian Security Tracker / security-tracker
Commits: 652d3782 by security tracker role at 2024-05-13T20:12:09+00:00 automatic update - - - - - 1 changed file: - data/CVE/list Changes: ===================================== data/CVE/list ===================================== @@ -1,28 +1,214 @@ -CVE-2024-27401 [firewire: nosy: ensure user_length is taken into account when fetching packet contents] +CVE-2024-4825 (A vulnerability has been discovered in Agentejo Cockpit CMS v0.5.5 tha ...) + TODO: check +CVE-2024-4824 (Vulnerability in School ERP Pro+Responsive 1.0 that allows SQL injecti ...) + TODO: check +CVE-2024-4823 (Vulnerability in School ERP Pro+Responsive 1.0 that allows XSS via the ...) + TODO: check +CVE-2024-4822 (Vulnerability in School ERP Pro+Responsive 1.0 that allows XSS via the ...) + TODO: check +CVE-2024-4820 (A vulnerability was found in SourceCodester Online Computer and Laptop ...) + TODO: check +CVE-2024-4819 (A vulnerability was found in Campcodes Online Laundry Management Syste ...) + TODO: check +CVE-2024-4818 (A vulnerability was found in Campcodes Online Laundry Management Syste ...) + TODO: check +CVE-2024-4817 (A vulnerability has been found in Campcodes Online Laundry Management ...) + TODO: check +CVE-2024-4816 (A vulnerability, which was classified as critical, was found in Ruijie ...) + TODO: check +CVE-2024-4815 (A vulnerability, which was classified as critical, has been found in R ...) + TODO: check +CVE-2024-4814 (A vulnerability classified as critical was found in Ruijie RG-UAC up t ...) + TODO: check +CVE-2024-4813 (A vulnerability classified as critical has been found in Ruijie RG-UAC ...) + TODO: check +CVE-2024-4747 (Improper Neutralization of Input During Web Page Generation ('Cross-si ...) + TODO: check +CVE-2024-4068 (The NPM package `braces` fails to limit the number of characters it ca ...) + TODO: check +CVE-2024-4067 (The NPM package `micromatch` is vulnerable to Regular Expression Denia ...) + TODO: check +CVE-2024-3462 (Ant Media Server Community Edition in a default configuration is vulne ...) + TODO: check +CVE-2024-3263 (YMS VIS Pro is an information system for veterinary and food administr ...) + TODO: check +CVE-2024-35172 (Server-Side Request Forgery (SSRF) vulnerability in ShortPixel ShortPi ...) + TODO: check +CVE-2024-35171 (Exposure of Sensitive Information to an Unauthorized Actor vulnerabili ...) + TODO: check +CVE-2024-35170 (Improper Neutralization of Input During Web Page Generation ('Cross-si ...) + TODO: check +CVE-2024-35169 (Improper Neutralization of Input During Web Page Generation ('Cross-si ...) + TODO: check +CVE-2024-35167 (Improper Neutralization of Input During Web Page Generation ('Cross-si ...) + TODO: check +CVE-2024-35166 (Exposure of Sensitive Information to an Unauthorized Actor vulnerabili ...) + TODO: check +CVE-2024-35165 (Exposure of Sensitive Information to an Unauthorized Actor vulnerabili ...) + TODO: check +CVE-2024-35099 (TOTOLINK LR350 V9.3.5u.6698_B20230810 was discovered to contain a stac ...) + TODO: check +CVE-2024-35050 (An issue in SurveyKing v1.3.1 allows attackers to escalate privileges ...) + TODO: check +CVE-2024-35049 (SurveyKing v1.3.1 was discovered to keep users' sessions active after ...) + TODO: check +CVE-2024-35048 (An issue in SurveyKing v1.3.1 allows attackers to execute a session re ...) + TODO: check +CVE-2024-34921 (TOTOLINK X5000R v9.1.0cu.2350_B20230313 was discovered to contain a co ...) + TODO: check +CVE-2024-34899 (WWBN AVideo 12.4 is vulnerable to Cross Site Scripting (XSS).) + TODO: check +CVE-2024-34812 (Exposure of Sensitive Information to an Unauthorized Actor vulnerabili ...) + TODO: check +CVE-2024-34811 (Improper Neutralization of Input During Web Page Generation ('Cross-si ...) + TODO: check +CVE-2024-34749 (Phormer prior to version 3.35 contains a cross-site scripting vulnerab ...) + TODO: check +CVE-2024-34709 (Directus is a real-time API and App dashboard for managing SQL databas ...) + TODO: check +CVE-2024-34708 (Directus is a real-time API and App dashboard for managing SQL databas ...) + TODO: check +CVE-2024-34707 (Nautobot is a Network Source of Truth and Network Automation Platform. ...) + TODO: check +CVE-2024-34706 (Valtimo is an open source business process and case management platfor ...) + TODO: check +CVE-2024-34704 (era-compiler-solidity is the ZKsync compiler for Solidity. The proble ...) + TODO: check +CVE-2024-34701 (CreateWiki is Miraheze's MediaWiki extension for requesting & creating ...) + TODO: check +CVE-2024-34699 (GZ::CTF is a capture the flag platform. Prior to 0.20.1, unprivileged ...) + TODO: check +CVE-2024-34698 (FreeScout is a free, self-hosted help desk and shared mailbox. Version ...) + TODO: check +CVE-2024-34697 (FreeScout is a free, self-hosted help desk and shared mailbox. A store ...) + TODO: check +CVE-2024-34555 (Unrestricted Upload of File with Dangerous Type vulnerability in URBAN ...) + TODO: check +CVE-2024-34459 (An issue was discovered in xmllint (from libxml2) before 2.11.8 and 2. ...) + TODO: check +CVE-2024-34440 (Unrestricted Upload of File with Dangerous Type vulnerability in Jordy ...) + TODO: check +CVE-2024-34416 (Unrestricted Upload of File with Dangerous Type vulnerability in Pk Fa ...) + TODO: check +CVE-2024-34411 (Unrestricted Upload of File with Dangerous Type vulnerability in Thoma ...) + TODO: check +CVE-2024-34353 (matrix-rust-sdk is an implementation of a Matrix client-server library ...) + TODO: check +CVE-2024-34340 (Cacti provides an operational monitoring and fault management framewor ...) + TODO: check +CVE-2024-34231 (A cross-site scripting (XSS) vulnerability in Sourcecodester Laborator ...) + TODO: check +CVE-2024-34230 (A cross-site scripting (XSS) vulnerability in Sourcecodester Laborator ...) + TODO: check +CVE-2024-34226 (SQL injection vulnerability in /php-sqlite-vms/?page=manage_visitor&id ...) + TODO: check +CVE-2024-34225 (Cross Site Scripting vulnerability in php-lms/admin/?page=system_info ...) + TODO: check +CVE-2024-34224 (Cross Site Scripting vulnerability in /php-lms/classes/Users.php?f=sav ...) + TODO: check +CVE-2024-34223 (Insecure permission vulnerability in /hrm/leaverequest.php in SourceCo ...) + TODO: check +CVE-2024-34222 (Sourcecodester Human Resource Management System 1.0 is vulnerable to S ...) + TODO: check +CVE-2024-34221 (Sourcecodester Human Resource Management System 1.0 is vulnerable to I ...) + TODO: check +CVE-2024-34081 (MantisBT (Mantis Bug Tracker) is an open source issue tracker. Improp ...) + TODO: check +CVE-2024-34080 (MantisBT (Mantis Bug Tracker) is an open source issue tracker. If an i ...) + TODO: check +CVE-2024-34077 (MantisBT (Mantis Bug Tracker) is an open source issue tracker. Insuffi ...) + TODO: check +CVE-2024-33433 (Cross Site Scripting vulnerability in TOTOLINK X2000R before v1.0.0-B2 ...) + TODO: check +CVE-2024-33386 (An issue in SoundCloud Prometheu v.2.5.1 and before allows a remote at ...) + TODO: check +CVE-2024-33250 (An issue in Open-Source Technology Committee SRS real-time video serve ...) + TODO: check +CVE-2024-32100 (Exposure of Sensitive Information to an Unauthorized Actor vulnerabili ...) + TODO: check +CVE-2024-31810 (TOTOLINK EX200 V4.0.3c.7646_B20201211 was discovered to contain a hard ...) + TODO: check +CVE-2024-31771 (Insecure Permission vulnerability in TotalAV v.6.0.740 allows a local ...) + TODO: check +CVE-2024-31460 (Cacti provides an operational monitoring and fault management framewor ...) + TODO: check +CVE-2024-31459 (Cacti provides an operational monitoring and fault management framewor ...) + TODO: check +CVE-2024-31458 (Cacti provides an operational monitoring and fault management framewor ...) + TODO: check +CVE-2024-31445 (Cacti provides an operational monitoring and fault management framewor ...) + TODO: check +CVE-2024-31444 (Cacti provides an operational monitoring and fault management framewor ...) + TODO: check +CVE-2024-31443 (Cacti provides an operational monitoring and fault management framewor ...) + TODO: check +CVE-2024-31377 (Unrestricted Upload of File with Dangerous Type vulnerability in J.N. ...) + TODO: check +CVE-2024-30268 (Cacti provides an operational monitoring and fault management framewor ...) + TODO: check +CVE-2024-30259 (FastDDS is a C++ implementation of the DDS (Data Distribution Service) ...) + TODO: check +CVE-2024-30258 (FastDDS is a C++ implementation of the DDS (Data Distribution Service) ...) + TODO: check +CVE-2024-29895 (Cacti provides an operational monitoring and fault management framewor ...) + TODO: check +CVE-2024-29894 (Cacti provides an operational monitoring and fault management framewor ...) + TODO: check +CVE-2024-29513 (An issue in briscKernelDriver.sys in BlueRiSC WindowsSCOPE Cyber Foren ...) + TODO: check +CVE-2024-28866 (GoCD is a continuous delivery server. GoCD versions from 19.4.0 to 23. ...) + TODO: check +CVE-2024-28285 (A Fault Injection vulnerability in the SymmetricDecrypt function in cr ...) + TODO: check +CVE-2024-28279 (Code-projects Computer Book Store 1.0 is vulnerable to SQL Injection v ...) + TODO: check +CVE-2024-28277 (In Sourcecodester School Task Manager v1.0, a vulnerability was identi ...) + TODO: check +CVE-2024-28276 (Sourcecodester School Task Manager 1.0 is vulnerable to Cross Site Scr ...) + TODO: check +CVE-2024-27082 (Cacti provides an operational monitoring and fault management framewor ...) + TODO: check +CVE-2024-25662 (Oxygen XML Web Author v26.0.0 and older and Oxygen Content Fusion v6.1 ...) + TODO: check +CVE-2024-25641 (Cacti provides an operational monitoring and fault management framewor ...) + TODO: check +CVE-2024-22774 (An issue in Panoramic Corporation Digital Imaging Software v.9.1.2.760 ...) + TODO: check +CVE-2023-50718 (NocoDB is software for building databases as spreadsheets. Prior to ve ...) + TODO: check +CVE-2023-50717 (NocoDB is software for building databases as spreadsheets. Starting in ...) + TODO: check +CVE-2023-49781 (NocoDB is software for building databases as spreadsheets. Prior to 0. ...) + TODO: check +CVE-2023-46870 (extcap/nrf_sniffer_ble.py, extcap/nrf_sniffer_ble.sh, extcap/SnifferAP ...) + TODO: check +CVE-2022-4967 (strongSwan versions 5.9.2 through 5.9.5 are affected by authorization ...) + TODO: check +CVE-2024-27401 (In the Linux kernel, the following vulnerability has been resolved: f ...) - linux <unfixed> NOTE: https://git.kernel.org/linus/38762a0763c10c24a4915feee722d7aa6e73eb98 (6.9-rc7) -CVE-2024-27400 [drm/amdgpu: once more fix the call oder in amdgpu_ttm_move() v2] +CVE-2024-27400 (In the Linux kernel, the following vulnerability has been resolved: d ...) - linux <unfixed> [bullseye] - linux <not-affected> (Vulnerable code not present) [buster] - linux <not-affected> (Vulnerable code not present) NOTE: https://git.kernel.org/linus/d3a9331a6591e9df64791e076f6591f440af51c3 (6.9-rc7) -CVE-2024-27399 [Bluetooth: l2cap: fix null-ptr-deref in l2cap_chan_timeout] +CVE-2024-27399 (In the Linux kernel, the following vulnerability has been resolved: B ...) - linux <unfixed> NOTE: https://git.kernel.org/linus/adf0398cee86643b8eacde95f17d073d022f782c (6.9) -CVE-2024-27398 [Bluetooth: Fix use-after-free bugs caused by sco_sock_timeout] +CVE-2024-27398 (In the Linux kernel, the following vulnerability has been resolved: B ...) - linux <unfixed> NOTE: https://git.kernel.org/linus/483bc08181827fc475643272ffb69c533007e546 (6.9) -CVE-2023-52656 [io_uring: drop any code related to SCM_RIGHTS] +CVE-2023-52656 (In the Linux kernel, the following vulnerability has been resolved: i ...) - linux 6.7.12-1 [bookworm] - linux 6.1.85-1 [bullseye] - linux 5.10.216-1 NOTE: https://git.kernel.org/linus/6e5e6d274956305f1fc0340522b38f5f5be74bdb (6.8-rc1) -CVE-2023-52655 [usb: aqc111: check packet for fixup for true limit] +CVE-2023-52655 (In the Linux kernel, the following vulnerability has been resolved: u ...) - linux 6.6.8-1 [bookworm] - linux 6.1.69-1 [bullseye] - linux 5.10.205-1 NOTE: https://git.kernel.org/linus/ccab434e674ca95d483788b1895a70c21b7f016a (6.7-rc3) -CVE-2024-25581 [Transfer requests received over DoH can lead to a denial of service in DNSdist] +CVE-2024-25581 (When incoming DNS over HTTPS support is enabled using the nghttp2 prov ...) - dnsdist <unfixed> [bookworm] - dnsdist <not-affected> (Vulnerable code not present) [bullseye] - dnsdist <not-affected> (Vulnerable code not present) @@ -1830,7 +2016,7 @@ CVE-2023-32873 (In keyInstall, there is a possible out of bounds write due to a NOT-FOR-US: MediaTek CVE-2023-32871 (In DA, there is a possible permission bypass due to an incorrect statu ...) NOT-FOR-US: MediaTek -CVE-2024-29857 (An issue was discovered in Bouncy Castle Java Cryptography APIs before ...) +CVE-2024-29857 (An issue was discovered in ECCurve.java and ECCurve.cs in Bouncy Castl ...) - bouncycastle <unfixed> (bug #1070655) [bookworm] - bouncycastle <no-dsa> (Minor issue) [bullseye] - bouncycastle <no-dsa> (Minor issue) @@ -286467,8 +286653,8 @@ CVE-2020-18307 RESERVED CVE-2020-18306 RESERVED -CVE-2020-18305 - RESERVED +CVE-2020-18305 (Extreme Networks EXOS before v.22.7 and before v.30.2 was discovered t ...) + TODO: check CVE-2020-18304 RESERVED CVE-2020-18303 View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/652d3782ac0a47daf957cd3c8f1df34df69a1a31 -- View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/652d3782ac0a47daf957cd3c8f1df34df69a1a31 You're receiving this email because of your account on salsa.debian.org.
_______________________________________________ debian-security-tracker-commits mailing list debian-security-tracker-commits@alioth-lists.debian.net https://alioth-lists.debian.net/cgi-bin/mailman/listinfo/debian-security-tracker-commits