Salvatore Bonaccorso pushed to branch master at Debian Security Tracker / security-tracker
Commits: f4f28bc4 by security tracker role at 2024-07-03T20:12:13+00:00 automatic update - - - - - 1 changed file: - data/CVE/list Changes: ===================================== data/CVE/list ===================================== @@ -1,4 +1,80 @@ -CVE-2024-39844 +CVE-2024-6488 + REJECTED +CVE-2024-6471 (A vulnerability classified as critical has been found in SourceCodeste ...) + TODO: check +CVE-2024-6470 (A vulnerability was found in playSMS 1.4.3. It has been rated as probl ...) + TODO: check +CVE-2024-6469 (A vulnerability was found in playSMS 1.4.3. It has been declared as pr ...) + TODO: check +CVE-2024-6428 (Mattermost versions 9.8.0, 9.7.x <= 9.7.4, 9.6.x <= 9.6.2, 9.5.x <= 9. ...) + TODO: check +CVE-2024-6427 (Uncontrolled Resource Consumption vulnerability in MESbook20221021.03 ...) + TODO: check +CVE-2024-6426 (Information exposure vulnerability in MESbook 20221021.03 version, the ...) + TODO: check +CVE-2024-6126 (A flaw was found in the cockpit package. This flaw allows an authentic ...) + TODO: check +CVE-2024-6052 (Stored XSS in Checkmk before versions 2.3.0p8, 2.2.0p29, 2.1.0p45, and ...) + TODO: check +CVE-2024-5887 (Cross-Site Request Forgery (CSRF) in stitionai/devika) + TODO: check +CVE-2024-5821 (Improper Access Control in stitionai/devika) + TODO: check +CVE-2024-5672 (A high privileged remote attacker canexecute arbitrary system commands ...) + TODO: check +CVE-2024-3332 (A malicious BLE device can send a specific order of packet sequence to ...) + TODO: check +CVE-2024-39830 (Mattermost versions 9.8.x <= 9.8.0, 9.7.x <= 9.7.4, 9.6.x <= 9.6.2 and ...) + TODO: check +CVE-2024-39807 (Mattermost versions 9.5.x <= 9.5.5 and 9.8.0fail to properly sanitize ...) + TODO: check +CVE-2024-39683 (ZITADEL is an open-source identity infrastructure tool. ZITADEL provid ...) + TODO: check +CVE-2024-39361 (Mattermost versions 9.8.0, 9.7.x <= 9.7.4, 9.6.x <= 9.6.2 and 9.5.x <= ...) + TODO: check +CVE-2024-39353 (Mattermost versions 9.5.x <= 9.5.5 and 9.8.0 fail to sanitize the Remo ...) + TODO: check +CVE-2024-39248 (A cross-site scripting (XSS) vulnerability in SimpCMS v0.1 allows atta ...) + TODO: check +CVE-2024-39223 (An authentication bypass in the SSH service of gost v2.11.5 allows att ...) + TODO: check +CVE-2024-39220 (BAS-IP AV-01D, AV-01MD, AV-01MFD, AV-01ED, AV-01KD, AV-01BD, AV-01KBD, ...) + TODO: check +CVE-2024-37726 (Insecure Permissions vulnerability in Micro-Star International Co., Lt ...) + TODO: check +CVE-2024-37157 (Discourse is an open-source discussion platform. Prior to version 3.2. ...) + TODO: check +CVE-2024-36257 (Mattermost versions 9.5.x <= 9.5.5 and 9.8.0,when using shared channel ...) + TODO: check +CVE-2024-36122 (Discourse is an open-source discussion platform. Prior to version 3.2. ...) + TODO: check +CVE-2024-36113 (Discourse is an open-source discussion platform. Prior to version 3.2. ...) + TODO: check +CVE-2024-35234 (Discourse is an open-source discussion platform. Prior to version 3.2. ...) + TODO: check +CVE-2024-35227 (Discourse is an open-source discussion platform. Prior to version 3.2. ...) + TODO: check +CVE-2024-34750 (Improper Handling of Exceptional Conditions, Uncontrolled Resource Con ...) + TODO: check +CVE-2024-32937 (An os command injection vulnerability exists in the CWMP SelfDefinedTi ...) + TODO: check +CVE-2024-31223 (Fides is an open-source privacy engineering platform, and `SERVER_SIDE ...) + TODO: check +CVE-2024-29511 (Artifex Ghostscript before 10.03.1, when Tesseract is used for OCR, ha ...) + TODO: check +CVE-2024-29509 (Artifex Ghostscript before 10.03.0 has a heap-based overflow when PDFP ...) + TODO: check +CVE-2024-29508 (Artifex Ghostscript before 10.03.0 has a heap-based pointer disclosure ...) + TODO: check +CVE-2024-29507 (Artifex Ghostscript before 10.03.0 sometimes has a stack-based buffer ...) + TODO: check +CVE-2024-29506 (Artifex Ghostscript before 10.03.0 has a stack-based buffer overflow i ...) + TODO: check +CVE-2023-52169 (The NtfsHandler.cpp NTFS handler in 7-Zip before 24.01 (for 7zz) conta ...) + TODO: check +CVE-2023-52168 (The NtfsHandler.cpp NTFS handler in 7-Zip before 24.01 (for 7zz) conta ...) + TODO: check +CVE-2024-39844 (In ZNC before 1.9.1, remote code execution can occur in modtcl via a K ...) - znc <unfixed> NOTE: Fixed by: https://github.com/znc/znc/commit/8cbf8d628174ddf23da680f3f117dc54da0eb06e (znc-1.9.1) CVE-2024-6453 (A vulnerability was found in itsourcecode Farm Management System 1.0. ...) @@ -17752,7 +17828,7 @@ CVE-2023-6682 (An issue has been discovered in GitLab CE/EE affecting all versio - gitlab <unfixed> CVE-2023-5971 (The Save as PDF Plugin by Pdfcrowd WordPress plugin before 3.2.0 does ...) NOT-FOR-US: WordPress plugin -CVE-2024-29510 +CVE-2024-29510 (Artifex Ghostscript before 10.03.1 allows memory corruption, and SAFER ...) {DSA-5692-1} - ghostscript 10.03.1~dfsg~git20240518-1 [buster] - ghostscript <ignored> (fix requires API functions introduced in 9.50) @@ -17761,7 +17837,7 @@ CVE-2024-29510 NOTE: https://bugs.ghostscript.com/show_bug.cgi?id=707662 NOTE: API functions used by fixing commit were introduced in: NOTE: https://cgit.ghostscript.com/cgi-bin/cgit.cgi/ghostpdl.git/commit/?id=9de16a6637b73e35f79d2d622de403b24e6502f2 -CVE-2024-33871 +CVE-2024-33871 (An issue was discovered in Artifex Ghostscript before 10.03.1. contrib ...) {DSA-5692-1} - ghostscript 10.03.1~dfsg~git20240518-1 [buster] - ghostscript <ignored> (fix requires API functions introduced in 9.50) @@ -17770,14 +17846,14 @@ CVE-2024-33871 NOTE: https://bugs.ghostscript.com/show_bug.cgi?id=707754 NOTE: API functions used by fixing commit were introduced in: NOTE: https://cgit.ghostscript.com/cgi-bin/cgit.cgi/ghostpdl.git/commit/?id=9de16a6637b73e35f79d2d622de403b24e6502f2 -CVE-2024-33870 +CVE-2024-33870 (An issue was discovered in Artifex Ghostscript before 10.03.1. There i ...) {DSA-5692-1} - ghostscript 10.03.1~dfsg~git20240518-1 [buster] - ghostscript <not-affected> (The vulnerable code was introduced later) NOTE: https://ghostscript.readthedocs.io/en/gs10.03.1/News.html NOTE: https://cgit.ghostscript.com/cgi-bin/cgit.cgi/ghostpdl.git/commit/?id=79aef19c685984dc3da2dc090450407d9fbcff80 (ghostpdl-10.03.1) NOTE: https://bugs.ghostscript.com/show_bug.cgi?id=707686 -CVE-2024-33869 +CVE-2024-33869 (An issue was discovered in Artifex Ghostscript before 10.03.1. Path tr ...) {DSA-5692-1} - ghostscript 10.03.1~dfsg~git20240518-1 [buster] - ghostscript <not-affected> (The vulnerable code was introduced later) @@ -22553,7 +22629,7 @@ CVE-2024-33851 (phpecc, as used in paragonie/phpecc before 2.0.1, has a branch-b NOT-FOR-US: phpecc CVE-2024-25050 (IBM i 7.2, 7.3, 7.4, 7.5 and IBM Rational Development Studio for i 7.2 ...) NOT-FOR-US: IBM -CVE-2023-52722 (An issue was discovered in Artifex Ghostscript through 10.01.0. psi/zm ...) +CVE-2023-52722 (An issue was discovered in Artifex Ghostscript before 10.03.1. psi/zmi ...) {DSA-5692-1} - ghostscript 10.02.0~dfsg-1 [buster] - ghostscript <ignored> (fix requires API functions introduced in 9.50) View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/f4f28bc4561a886afacf54ece9721f14c40375a9 -- This project does not include diff previews in email notifications. View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/f4f28bc4561a886afacf54ece9721f14c40375a9 You're receiving this email because of your account on salsa.debian.org.
_______________________________________________ debian-security-tracker-commits mailing list debian-security-tracker-commits@alioth-lists.debian.net https://alioth-lists.debian.net/cgi-bin/mailman/listinfo/debian-security-tracker-commits