Salvatore Bonaccorso pushed to branch master at Debian Security Tracker /
security-tracker
Commits:
f4f28bc4 by security tracker role at 2024-07-03T20:12:13+00:00
automatic update
- - - - -
1 changed file:
- data/CVE/list
Changes:
=====================================
data/CVE/list
=====================================
@@ -1,4 +1,80 @@
-CVE-2024-39844
+CVE-2024-6488
+ REJECTED
+CVE-2024-6471 (A vulnerability classified as critical has been found in
SourceCodeste ...)
+ TODO: check
+CVE-2024-6470 (A vulnerability was found in playSMS 1.4.3. It has been rated
as probl ...)
+ TODO: check
+CVE-2024-6469 (A vulnerability was found in playSMS 1.4.3. It has been
declared as pr ...)
+ TODO: check
+CVE-2024-6428 (Mattermost versions 9.8.0, 9.7.x <= 9.7.4, 9.6.x <= 9.6.2,
9.5.x <= 9. ...)
+ TODO: check
+CVE-2024-6427 (Uncontrolled Resource Consumption vulnerability in
MESbook20221021.03 ...)
+ TODO: check
+CVE-2024-6426 (Information exposure vulnerability in MESbook 20221021.03
version, the ...)
+ TODO: check
+CVE-2024-6126 (A flaw was found in the cockpit package. This flaw allows an
authentic ...)
+ TODO: check
+CVE-2024-6052 (Stored XSS in Checkmk before versions 2.3.0p8, 2.2.0p29,
2.1.0p45, and ...)
+ TODO: check
+CVE-2024-5887 (Cross-Site Request Forgery (CSRF) in stitionai/devika)
+ TODO: check
+CVE-2024-5821 (Improper Access Control in stitionai/devika)
+ TODO: check
+CVE-2024-5672 (A high privileged remote attacker canexecute arbitrary system
commands ...)
+ TODO: check
+CVE-2024-3332 (A malicious BLE device can send a specific order of packet
sequence to ...)
+ TODO: check
+CVE-2024-39830 (Mattermost versions 9.8.x <= 9.8.0, 9.7.x <= 9.7.4, 9.6.x <=
9.6.2 and ...)
+ TODO: check
+CVE-2024-39807 (Mattermost versions 9.5.x <= 9.5.5 and 9.8.0fail to properly
sanitize ...)
+ TODO: check
+CVE-2024-39683 (ZITADEL is an open-source identity infrastructure tool.
ZITADEL provid ...)
+ TODO: check
+CVE-2024-39361 (Mattermost versions 9.8.0, 9.7.x <= 9.7.4, 9.6.x <= 9.6.2 and
9.5.x <= ...)
+ TODO: check
+CVE-2024-39353 (Mattermost versions 9.5.x <= 9.5.5 and 9.8.0 fail to sanitize
the Remo ...)
+ TODO: check
+CVE-2024-39248 (A cross-site scripting (XSS) vulnerability in SimpCMS v0.1
allows atta ...)
+ TODO: check
+CVE-2024-39223 (An authentication bypass in the SSH service of gost v2.11.5
allows att ...)
+ TODO: check
+CVE-2024-39220 (BAS-IP AV-01D, AV-01MD, AV-01MFD, AV-01ED, AV-01KD, AV-01BD,
AV-01KBD, ...)
+ TODO: check
+CVE-2024-37726 (Insecure Permissions vulnerability in Micro-Star International
Co., Lt ...)
+ TODO: check
+CVE-2024-37157 (Discourse is an open-source discussion platform. Prior to
version 3.2. ...)
+ TODO: check
+CVE-2024-36257 (Mattermost versions 9.5.x <= 9.5.5 and 9.8.0,when using shared
channel ...)
+ TODO: check
+CVE-2024-36122 (Discourse is an open-source discussion platform. Prior to
version 3.2. ...)
+ TODO: check
+CVE-2024-36113 (Discourse is an open-source discussion platform. Prior to
version 3.2. ...)
+ TODO: check
+CVE-2024-35234 (Discourse is an open-source discussion platform. Prior to
version 3.2. ...)
+ TODO: check
+CVE-2024-35227 (Discourse is an open-source discussion platform. Prior to
version 3.2. ...)
+ TODO: check
+CVE-2024-34750 (Improper Handling of Exceptional Conditions, Uncontrolled
Resource Con ...)
+ TODO: check
+CVE-2024-32937 (An os command injection vulnerability exists in the CWMP
SelfDefinedTi ...)
+ TODO: check
+CVE-2024-31223 (Fides is an open-source privacy engineering platform, and
`SERVER_SIDE ...)
+ TODO: check
+CVE-2024-29511 (Artifex Ghostscript before 10.03.1, when Tesseract is used for
OCR, ha ...)
+ TODO: check
+CVE-2024-29509 (Artifex Ghostscript before 10.03.0 has a heap-based overflow
when PDFP ...)
+ TODO: check
+CVE-2024-29508 (Artifex Ghostscript before 10.03.0 has a heap-based pointer
disclosure ...)
+ TODO: check
+CVE-2024-29507 (Artifex Ghostscript before 10.03.0 sometimes has a stack-based
buffer ...)
+ TODO: check
+CVE-2024-29506 (Artifex Ghostscript before 10.03.0 has a stack-based buffer
overflow i ...)
+ TODO: check
+CVE-2023-52169 (The NtfsHandler.cpp NTFS handler in 7-Zip before 24.01 (for
7zz) conta ...)
+ TODO: check
+CVE-2023-52168 (The NtfsHandler.cpp NTFS handler in 7-Zip before 24.01 (for
7zz) conta ...)
+ TODO: check
+CVE-2024-39844 (In ZNC before 1.9.1, remote code execution can occur in modtcl
via a K ...)
- znc <unfixed>
NOTE: Fixed by:
https://github.com/znc/znc/commit/8cbf8d628174ddf23da680f3f117dc54da0eb06e
(znc-1.9.1)
CVE-2024-6453 (A vulnerability was found in itsourcecode Farm Management
System 1.0. ...)
@@ -17752,7 +17828,7 @@ CVE-2023-6682 (An issue has been discovered in GitLab
CE/EE affecting all versio
- gitlab <unfixed>
CVE-2023-5971 (The Save as PDF Plugin by Pdfcrowd WordPress plugin before
3.2.0 does ...)
NOT-FOR-US: WordPress plugin
-CVE-2024-29510
+CVE-2024-29510 (Artifex Ghostscript before 10.03.1 allows memory corruption,
and SAFER ...)
{DSA-5692-1}
- ghostscript 10.03.1~dfsg~git20240518-1
[buster] - ghostscript <ignored> (fix requires API functions introduced
in 9.50)
@@ -17761,7 +17837,7 @@ CVE-2024-29510
NOTE: https://bugs.ghostscript.com/show_bug.cgi?id=707662
NOTE: API functions used by fixing commit were introduced in:
NOTE:
https://cgit.ghostscript.com/cgi-bin/cgit.cgi/ghostpdl.git/commit/?id=9de16a6637b73e35f79d2d622de403b24e6502f2
-CVE-2024-33871
+CVE-2024-33871 (An issue was discovered in Artifex Ghostscript before 10.03.1.
contrib ...)
{DSA-5692-1}
- ghostscript 10.03.1~dfsg~git20240518-1
[buster] - ghostscript <ignored> (fix requires API functions introduced
in 9.50)
@@ -17770,14 +17846,14 @@ CVE-2024-33871
NOTE: https://bugs.ghostscript.com/show_bug.cgi?id=707754
NOTE: API functions used by fixing commit were introduced in:
NOTE:
https://cgit.ghostscript.com/cgi-bin/cgit.cgi/ghostpdl.git/commit/?id=9de16a6637b73e35f79d2d622de403b24e6502f2
-CVE-2024-33870
+CVE-2024-33870 (An issue was discovered in Artifex Ghostscript before 10.03.1.
There i ...)
{DSA-5692-1}
- ghostscript 10.03.1~dfsg~git20240518-1
[buster] - ghostscript <not-affected> (The vulnerable code was
introduced later)
NOTE: https://ghostscript.readthedocs.io/en/gs10.03.1/News.html
NOTE:
https://cgit.ghostscript.com/cgi-bin/cgit.cgi/ghostpdl.git/commit/?id=79aef19c685984dc3da2dc090450407d9fbcff80
(ghostpdl-10.03.1)
NOTE: https://bugs.ghostscript.com/show_bug.cgi?id=707686
-CVE-2024-33869
+CVE-2024-33869 (An issue was discovered in Artifex Ghostscript before 10.03.1.
Path tr ...)
{DSA-5692-1}
- ghostscript 10.03.1~dfsg~git20240518-1
[buster] - ghostscript <not-affected> (The vulnerable code was
introduced later)
@@ -22553,7 +22629,7 @@ CVE-2024-33851 (phpecc, as used in paragonie/phpecc
before 2.0.1, has a branch-b
NOT-FOR-US: phpecc
CVE-2024-25050 (IBM i 7.2, 7.3, 7.4, 7.5 and IBM Rational Development Studio
for i 7.2 ...)
NOT-FOR-US: IBM
-CVE-2023-52722 (An issue was discovered in Artifex Ghostscript through
10.01.0. psi/zm ...)
+CVE-2023-52722 (An issue was discovered in Artifex Ghostscript before 10.03.1.
psi/zmi ...)
{DSA-5692-1}
- ghostscript 10.02.0~dfsg-1
[buster] - ghostscript <ignored> (fix requires API functions introduced
in 9.50)
View it on GitLab:
https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/f4f28bc4561a886afacf54ece9721f14c40375a9
--
This project does not include diff previews in email notifications.
View it on GitLab:
https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/f4f28bc4561a886afacf54ece9721f14c40375a9
You're receiving this email because of your account on salsa.debian.org.
_______________________________________________
debian-security-tracker-commits mailing list
debian-security-tracker-commits@alioth-lists.debian.net
https://alioth-lists.debian.net/cgi-bin/mailman/listinfo/debian-security-tracker-commits
