Salvatore Bonaccorso pushed to branch master at Debian Security Tracker / security-tracker
Commits: df08a2d1 by security tracker role at 2024-06-03T20:12:16+00:00 automatic update - - - - - 1 changed file: - data/CVE/list Changes: ===================================== data/CVE/list ===================================== @@ -1,3 +1,143 @@ +CVE-2024-5404 (An unauthenticated remote attackercan change the admin password in amo ...) + TODO: check +CVE-2024-5388 + REJECTED +CVE-2024-5387 + REJECTED +CVE-2024-5214 + REJECTED +CVE-2024-5197 (There exists interger overflows in libvpx in versions prior to 1.14.1. ...) + TODO: check +CVE-2024-4540 (A flaw was found in Keycloak in OAuth 2.0 Pushed Authorization Request ...) + TODO: check +CVE-2024-4332 (An authentication bypass vulnerability has been identified in the REST ...) + TODO: check +CVE-2024-3829 (qdrant/qdrant version 1.9.0-dev is vulnerable to arbitrary file read a ...) + TODO: check +CVE-2024-37019 (Northern.tech Mender Enterprise before 3.6.4 and 3.7.x before 3.7.4 ha ...) + TODO: check +CVE-2024-36783 (TOTOLINK LR350 V9.3.5u.6369_B20220309 was discovered to contain a comm ...) + TODO: check +CVE-2024-36729 (TRENDnet TEW-827DRU devices through 2.06B04 contain a stack-based buff ...) + TODO: check +CVE-2024-36728 (TRENDnet TEW-827DRU devices through 2.06B04 contain a stack-based buff ...) + TODO: check +CVE-2024-36674 (LyLme_spage v1.9.5 is vulnerable to Cross Site Scripting (XSS) via adm ...) + TODO: check +CVE-2024-36569 (Sourcecodester Gas Agency Management System v1.0 is vulnerable to arbi ...) + TODO: check +CVE-2024-36568 (Sourcecodester Gas Agency Management System v1.0 is vulnerable to SQL ...) + TODO: check +CVE-2024-36128 (Directus is a real-time API and App dashboard for managing SQL databas ...) + TODO: check +CVE-2024-36127 (apko is an apk-based OCI image builder. apko exposures HTTP basic auth ...) + TODO: check +CVE-2024-36124 (iq80 Snappy is a compression/decompression library. When uncompressing ...) + TODO: check +CVE-2024-36123 (Citizen is a MediaWiki skin that makes extensions part of the cohesive ...) + TODO: check +CVE-2024-35639 (Improper Neutralization of Input During Web Page Generation (XSS or 'C ...) + TODO: check +CVE-2024-35638 (Cross-Site Request Forgery (CSRF) vulnerability in JumpDEMAND Inc. Act ...) + TODO: check +CVE-2024-35637 (Server-Side Request Forgery (SSRF) vulnerability in Church Admin.This ...) + TODO: check +CVE-2024-35635 (Server-Side Request Forgery (SSRF) vulnerability in WPManageNinja LLC ...) + TODO: check +CVE-2024-35633 (Server-Side Request Forgery (SSRF) vulnerability in CreativeThemes Blo ...) + TODO: check +CVE-2024-35632 (Cross-Site Request Forgery (CSRF) vulnerability in CRM Perks. Integrat ...) + TODO: check +CVE-2024-35631 (Improper Neutralization of Input During Web Page Generation (XSS or 'C ...) + TODO: check +CVE-2024-35630 (Improper Neutralization of Special Elements used in an SQL Command ('S ...) + TODO: check +CVE-2024-34987 (A SQL Injection vulnerability exists in the `ofrs/admin/index.php` scr ...) + TODO: check +CVE-2024-34803 (Missing Authorization vulnerability in Fastly.This issue affects Fastl ...) + TODO: check +CVE-2024-34801 (Improper Neutralization of Input During Web Page Generation (XSS or 'C ...) + TODO: check +CVE-2024-34798 (Insertion of Sensitive Information into Log File vulnerability in Lukm ...) + TODO: check +CVE-2024-34797 (Improper Neutralization of Input During Web Page Generation (XSS or 'C ...) + TODO: check +CVE-2024-34796 (Improper Neutralization of Input During Web Page Generation (XSS or 'C ...) + TODO: check +CVE-2024-34795 (Improper Neutralization of Input During Web Page Generation (XSS or 'C ...) + TODO: check +CVE-2024-34794 (Improper Neutralization of Input During Web Page Generation (XSS or 'C ...) + TODO: check +CVE-2024-34793 (Improper Neutralization of Input During Web Page Generation (XSS or 'C ...) + TODO: check +CVE-2024-34791 (Improper Neutralization of Input During Web Page Generation (XSS or 'C ...) + TODO: check +CVE-2024-34790 (Improper Neutralization of Input During Web Page Generation (XSS or 'C ...) + TODO: check +CVE-2024-34789 (Improper Neutralization of Input During Web Page Generation (XSS or 'C ...) + TODO: check +CVE-2024-34770 (Improper Neutralization of Input During Web Page Generation (XSS or 'C ...) + TODO: check +CVE-2024-34769 (Improper Neutralization of Input During Web Page Generation (XSS or 'C ...) + TODO: check +CVE-2024-34767 (Improper Neutralization of Input During Web Page Generation (XSS or 'C ...) + TODO: check +CVE-2024-34766 (Improper Neutralization of Input During Web Page Generation (XSS or 'C ...) + TODO: check +CVE-2024-34764 (Improper Neutralization of Input During Web Page Generation (XSS or 'C ...) + TODO: check +CVE-2024-34754 (Exposure of Sensitive Information to an Unauthorized Actor vulnerabili ...) + TODO: check +CVE-2024-34385 (Improper Neutralization of Input During Web Page Generation (XSS or 'C ...) + TODO: check +CVE-2024-34051 (A Reflected Cross-site scripting (XSS) vulnerability located in htdocs ...) + TODO: check +CVE-2024-32983 (Misskey is an open source, decentralized microblogging platform. Missk ...) + TODO: check +CVE-2024-31684 (Incorrect access control in the fingerprint authentication mechanism o ...) + TODO: check +CVE-2024-31682 (Incorrect access control in the fingerprint authentication mechanism o ...) + TODO: check +CVE-2024-23670 (An improper authorization in Fortinet FortiWebManager version 7.2.0 an ...) + TODO: check +CVE-2024-23668 (An improper authorization in Fortinet FortiWebManager version 7.2.0 an ...) + TODO: check +CVE-2024-23667 (An improper authorization in Fortinet FortiWebManager version 7.2.0 an ...) + TODO: check +CVE-2024-23665 (Multiple improper authorization vulnerabilities [CWE-285] in FortiWeb ...) + TODO: check +CVE-2024-23664 (A URL redirection to untrusted site ('open redirect') in Fortinet Fort ...) + TODO: check +CVE-2024-23363 (Transient DOS while processing an improperly formatted Fine Time Measu ...) + TODO: check +CVE-2024-23360 (Memory corruption while creating a LPAC client as LPAC engine was allo ...) + TODO: check +CVE-2024-21478 (transient DOS when setting up a fence callback to free a KGSL memory e ...) + TODO: check +CVE-2024-0336 (Improper Access Control vulnerability in EMTA Grup PDKS allows Exploit ...) + TODO: check +CVE-2023-52162 (Mercusys MW325R EU V3 (Firmware MW325R(EU)_V3_1.11.0 Build 221019) is ...) + TODO: check +CVE-2023-51219 (A deep link validation issue in KakaoTalk 10.4.3 allowed a remote adve ...) + TODO: check +CVE-2023-43556 (Memory corruption in Hypervisor when platform information mentioned is ...) + TODO: check +CVE-2023-43555 (Information disclosure in Video while parsing mp2 clip with invalid se ...) + TODO: check +CVE-2023-43551 (Cryptographic issue while performing attach with a LTE network, a rogu ...) + TODO: check +CVE-2023-43545 (Memory corruption when more scan frequency list or channels are sent f ...) + TODO: check +CVE-2023-43544 (Memory corruption when IPC callback handle is used after it has been r ...) + TODO: check +CVE-2023-43543 (Memory corruption in Audio during a playback or a recording due to rac ...) + TODO: check +CVE-2023-43542 (Memory corruption while copying a keyblob`s material when the key mate ...) + TODO: check +CVE-2023-43538 (Memory corruption in TZ Secure OS while Tunnel Invoke Manager initiali ...) + TODO: check +CVE-2023-43537 (Information disclosure while handling T2LM Action Frame in WLAN Host.) + TODO: check CVE-2024-36104 NOT-FOR-US: Apache OFBiz CVE-2024-5590 (A vulnerability was found in Netentsec NS-ASG Application Security Gat ...) @@ -167904,8 +168044,8 @@ CVE-2022-1244 (heap-buffer-overflow in GitHub repository radareorg/radare2 prior NOTE: https://github.com/radareorg/radare2/commit/2b77b277d67ce061ee6ef839e7139ebc2103c1e3 CVE-2022-1243 (CRHTLF can lead to invalid protocol extraction potentially leading to ...) NOT-FOR-US: URI.js -CVE-2022-1242 - RESERVED +CVE-2022-1242 (Apport can be tricked into connecting to arbitrary sockets as the root ...) + TODO: check CVE-2022-1241 (The Ask me WordPress theme before 6.8.2 does not properly sanitise and ...) NOT-FOR-US: WordPress theme CVE-2022-28796 (jbd2_journal_wait_updates in fs/jbd2/transaction.c in the Linux kernel ...) @@ -179761,8 +179901,8 @@ CVE-2022-24700 (An issue was discovered in WinAPRS 2.9.0. A buffer overflow in D NOT-FOR-US: WinAPRS CVE-2022-0556 (A local privilege escalation vulnerability caused by incorrect permiss ...) NOT-FOR-US: Zyxel -CVE-2022-0555 - RESERVED +CVE-2022-0555 (Subiquity Shows Guided Storage Passphrase in Plaintext with Read-all P ...) + TODO: check CVE-2022-0554 (Use of Out-of-range Pointer Offset in GitHub repository vim/vim prior ...) {DLA-3182-1 DLA-2947-1} - vim 2:8.2.4659-1 (unimportant) @@ -201599,8 +201739,8 @@ CVE-2021-42849 (A weak default password for the serial port was reported in some NOT-FOR-US: Lenovo CVE-2021-42848 (An information disclosure vulnerability was reported in some Lenovo Pe ...) NOT-FOR-US: Lenovo -CVE-2021-3899 - RESERVED +CVE-2021-3899 (There is a race condition in the 'replaced executable' detection that, ...) + TODO: check CVE-2021-3898 (Versions of Motorola Ready For and Motorola Device Help Android applic ...) NOT-FOR-US: Lenovo CVE-2021-3897 (An authentication bypass vulnerability was discovered in an internal s ...) View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/df08a2d1466031c14f2688d3ce8e45610b627f14 -- This project does not include diff previews in email notifications. View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/df08a2d1466031c14f2688d3ce8e45610b627f14 You're receiving this email because of your account on salsa.debian.org.
_______________________________________________ debian-security-tracker-commits mailing list debian-security-tracker-commits@alioth-lists.debian.net https://alioth-lists.debian.net/cgi-bin/mailman/listinfo/debian-security-tracker-commits