[Git][security-tracker-team/security-tracker][master] automatic update

Thu, 11 Jul 2024 14:01:03 -0700 


Salvatore Bonaccorso pushed to branch master at Debian Security Tracker / 
security-tracker


Commits:
be06487e by security tracker role at 2024-07-11T20:12:26+00:00
automatic update

- - - - -


1 changed file:

- data/CVE/list


Changes:

=====================================
data/CVE/list
=====================================
@@ -1,3 +1,107 @@
+CVE-2024-6681 (A vulnerability, which was classified as critical, has been 
found in w ...)
+       TODO: check
+CVE-2024-6680 (A vulnerability classified as critical was found in witmy 
my-springsec ...)
+       TODO: check
+CVE-2024-6679 (A vulnerability classified as critical has been found in witmy 
my-spri ...)
+       TODO: check
+CVE-2024-6643
+       REJECTED
+CVE-2024-6531 (A vulnerability has been identified in Bootstrap that exposes 
users to ...)
+       TODO: check
+CVE-2024-6528 (CWE-79: Improper Neutralization of Input During Web Page 
Generation (' ...)
+       TODO: check
+CVE-2024-6485 (A security vulnerability has been discovered in bootstrap that 
could e ...)
+       TODO: check
+CVE-2024-6484 (A vulnerability has been identified in Bootstrap that exposes 
users to ...)
+       TODO: check
+CVE-2024-6407 (CWE-200: Information Exposure vulnerability exists that could 
cause di ...)
+       TODO: check
+CVE-2024-6035 (A Stored Cross-Site Scripting (XSS) vulnerability exists in 
gaizhenbia ...)
+       TODO: check
+CVE-2024-5681 (CWE-20: Improper Input Validation vulnerability exists that 
could caus ...)
+       TODO: check
+CVE-2024-5680 (CWE-129: Improper Validation of Array Index vulnerability 
exists that  ...)
+       TODO: check
+CVE-2024-5679 (CWE-787: Out-of-Bounds Write vulnerability exists that could 
cause loc ...)
+       TODO: check
+CVE-2024-39905 (Red is a fully modular Discord bot. Due to a bug in Red's Core 
API, 3r ...)
+       TODO: check
+CVE-2024-39904 (VNote is a note-taking platform. Prior to 3.18.1, a code 
execution vul ...)
+       TODO: check
+CVE-2024-39553 (An Exposure of Resource to Wrong Sphere vulnerability in the 
sampling  ...)
+       TODO: check
+CVE-2024-39552 (An Improper Handling of Exceptional Conditions vulnerability 
in the ro ...)
+       TODO: check
+CVE-2024-39551 (An Uncontrolled Resource Consumption vulnerability in the 
H.323 ALG (A ...)
+       TODO: check
+CVE-2024-39550 (A Missing Release of Memory after Effective Lifetime 
vulnerability in  ...)
+       TODO: check
+CVE-2024-39549 (A Missing Release of Memory after Effective Lifetime 
vulnerability in  ...)
+       TODO: check
+CVE-2024-39548 (An Uncontrolled Resource Consumption vulnerability in the 
aftmand proc ...)
+       TODO: check
+CVE-2024-39546 (A Missing Authorization vulnerability in the Socket Intercept 
(SI) com ...)
+       TODO: check
+CVE-2024-39545 (An Improper Check for Unusual or Exceptional Conditions 
vulnerability  ...)
+       TODO: check
+CVE-2024-39543 (A Buffer Copy without Checking Size of Inputvulnerability in 
the routi ...)
+       TODO: check
+CVE-2024-39542 (An Improper Validation of Syntactic Correctness of Input 
vulnerability ...)
+       TODO: check
+CVE-2024-39541 (An Improper Handling of Exceptional Conditions vulnerability 
in the Ro ...)
+       TODO: check
+CVE-2024-39540 (An Improper Check for Unusual or Exceptional Conditions 
vulnerability  ...)
+       TODO: check
+CVE-2024-39539 (A Missing Release of Memory after Effective Lifetime 
vulnerability in  ...)
+       TODO: check
+CVE-2024-39538 (A Buffer Copy without Checking Size of Input vulnerability in 
the PFE  ...)
+       TODO: check
+CVE-2024-39537 (An Improper Restriction of Communication Channel to Intended 
Endpoints ...)
+       TODO: check
+CVE-2024-39536 (A Missing Release of Memory after Effective Lifetime 
vulnerability in  ...)
+       TODO: check
+CVE-2024-39535 (An Improper Check for Unusual or Exceptional Conditions 
vulnerability  ...)
+       TODO: check
+CVE-2024-39533 (An Unimplemented or Unsupported Feature in the UI 
vulnerability in Jun ...)
+       TODO: check
+CVE-2024-39532 (AnInsertion of Sensitive Information into Log File 
vulnerability in Ju ...)
+       TODO: check
+CVE-2024-39531 (An Improper Handling of Values vulnerability in the Packet 
Forwarding  ...)
+       TODO: check
+CVE-2024-39530 (An Improper Check for Unusual or Exceptional Conditions 
vulnerability  ...)
+       TODO: check
+CVE-2024-39529 (A Use of Externally-Controlled Format String vulnerability in 
the Pack ...)
+       TODO: check
+CVE-2024-39528 (A Use After Free vulnerability in the Routing Protocol Daemon 
(rpd) of ...)
+       TODO: check
+CVE-2024-39524 (An Improper Neutralization of Special Elements vulnerability 
in Junipe ...)
+       TODO: check
+CVE-2024-39523 (An Improper Neutralization of Special Elements vulnerability 
in Junipe ...)
+       TODO: check
+CVE-2024-39522 (An Improper Neutralization of Special Elements vulnerability 
in Junipe ...)
+       TODO: check
+CVE-2024-39521 (An Improper Neutralization of Special Elements vulnerability 
in Junipe ...)
+       TODO: check
+CVE-2024-39520 (AnImproper Neutralization of Special Elements vulnerability in 
Juniper ...)
+       TODO: check
+CVE-2024-39519 (An Improper Check for Unusual or Exceptional Conditions 
vulnerability  ...)
+       TODO: check
+CVE-2024-39317 (Wagtail is an open source content management system built on 
Django. A ...)
+       TODO: check
+CVE-2024-38536 (Suricata is a network Intrusion Detection System, Intrusion 
Prevention ...)
+       TODO: check
+CVE-2024-38535 (Suricata is a network Intrusion Detection System, Intrusion 
Prevention ...)
+       TODO: check
+CVE-2024-38534 (Suricata is a network Intrusion Detection System, Intrusion 
Prevention ...)
+       TODO: check
+CVE-2024-37151 (Suricata is a network Intrusion Detection System, Intrusion 
Prevention ...)
+       TODO: check
+CVE-2024-32753 (Under certain circumstances the camera may be susceptible to 
known vul ...)
+       TODO: check
+CVE-2024-2602 (CWE-22: Improper Limitation of a Pathname to a Restricted 
Directory (' ...)
+       TODO: check
+CVE-2024-28872 (The TLS certificate validation code is flawed. An attacker can 
obtain  ...)
+       TODO: check
 CVE-2024-6676 (A vulnerability has been found in witmy my-springsecurity-plus 
up to 2 ...)
        TODO: check
 CVE-2024-6666 (The WP ERP plugin for WordPress is vulnerable to SQL Injection 
via the ...)
@@ -2485,10 +2589,12 @@ CVE-2024-39884 (A regression in the core of Apache HTTP 
Server 2.4.60 ignores so
        NOTE: Introduced by 
https://github.com/apache/httpd/commit/925b6f0ceb8983a11662b5f3a6f2fa75860c2cde
        NOTE: Likely a regression during fix of CVE-2024-38476
 CVE-2024-39573 (Potential SSRF in mod_rewrite in Apache HTTP Server 2.4.59 and 
earlier ...)
+       {DSA-5729-1}
        - apache2 2.4.60-1
        NOTE: 
https://httpd.apache.org/security/vulnerabilities_24.html#CVE-2024-39573
        NOTE: likely fix according to comment in code 
https://github.com/apache/httpd/commit/9494aa8d52e3c263bc0413b77ac8a73b0d524388
 CVE-2024-38477 (null pointer dereference in mod_proxy in Apache HTTP Server 
2.4.59 and ...)
+       {DSA-5729-1}
        - apache2 2.4.60-1
        NOTE: 
https://httpd.apache.org/security/vulnerabilities_24.html#CVE-2024-38477
        NOTE: Fixed by 
https://github.com/apache/httpd/commit/1d98d4db186e708f059336fb9342d0adb6925e85
@@ -2496,12 +2602,14 @@ CVE-2024-38477 (null pointer dereference in mod_proxy 
in Apache HTTP Server 2.4.
        NOTE: Regression identified by Ubuntu 
https://bugs.launchpad.net/ubuntu/+source/apache2/+bug/2072648
        NOTE: Rgression fixed by 
https://github.com/apache/httpd/commit/4d3a308014be26e5407113b4c827a1ea2882bf38
 CVE-2024-38476 (Vulnerability in core of Apache HTTP Server 2.4.59 and earlier 
are vul ...)
+       {DSA-5729-1}
        - apache2 2.4.60-1
        NOTE: 
https://httpd.apache.org/security/vulnerabilities_24.html#CVE-2024-38476
        NOTE: Fixed by 
https://github.com/apache/httpd/commit/925b6f0ceb8983a11662b5f3a6f2fa75860c2cde
        NOTE: (or https://svn.apache.org/viewvc?view=revision&revision=1918560)
        NOTE: see also regression CVE-2024-39884
 CVE-2024-38475 (Improper escaping of output in mod_rewrite in Apache HTTP 
Server 2.4.5 ...)
+       {DSA-5729-1}
        - apache2 2.4.60-1
        NOTE: 
https://httpd.apache.org/security/vulnerabilities_24.html#CVE-2024-38475
        NOTE: same fix as CVE-2024-28474
@@ -2509,6 +2617,7 @@ CVE-2024-38475 (Improper escaping of output in 
mod_rewrite in Apache HTTP Server
        NOTE: Need also log fix 
https://github.com/apache/httpd/commit/4797330ad813d9f8a2bb1b3b8d03ceb523dc4884
        NOTE: (or https://svn.apache.org/viewvc?view=revision&revision=1918561)
 CVE-2024-38474 (Substitution encoding issue in mod_rewrite in Apache HTTP 
Server 2.4.5 ...)
+       {DSA-5729-1}
        - apache2 2.4.60-1
        NOTE: 
https://httpd.apache.org/security/vulnerabilities_24.html#CVE-2024-38474
        NOTE: same fix as CVE-2024-28475
@@ -2516,6 +2625,7 @@ CVE-2024-38474 (Substitution encoding issue in 
mod_rewrite in Apache HTTP Server
        NOTE: need also log fix 
https://github.com/apache/httpd/commit/4797330ad813d9f8a2bb1b3b8d03ceb523dc4884
        NOTE: (or https://svn.apache.org/viewvc?view=revision&revision=1918561)
 CVE-2024-38473 (Encoding problem in mod_proxy in Apache HTTP Server 2.4.59 and 
earlier ...)
+       {DSA-5729-1}
        - apache2 2.4.60-1
        NOTE: 
https://httpd.apache.org/security/vulnerabilities_24.html#CVE-2024-38473
        NOTE: https://github.com/apache/httpd/pull/457
@@ -2531,6 +2641,7 @@ CVE-2024-38472 (SSRF in Apache HTTP Server on Windows 
allows to potentially leak
        NOTE: 
https://github.com/apache/httpd/commit/12542a80324b69ad6a1a489e1b697398551a5fe0
        NOTE: Only affects Apache HTTP Server on Windows
 CVE-2024-36387 (Serving WebSocket protocol upgrades over a HTTP/2 connection 
could res ...)
+       {DSA-5729-1}
        - apache2 2.4.60-1
        NOTE: 
https://httpd.apache.org/security/vulnerabilities_24.html#CVE-2024-36387
        NOTE: 
https://github.com/apache/httpd/commit/c69a51bff8157e403121f8436d85dde21ad28bd2
@@ -7764,7 +7875,7 @@ CVE-2024-23518 (Missing Authorization vulnerability in 
Navneil Naicker ACF Photo
        NOT-FOR-US: WordPress plugin
 CVE-2024-23503 (Missing Authorization vulnerability in WPManageNinja LLC Ninja 
Tables. ...)
        NOT-FOR-US: WordPress plugin
-CVE-2024-23111 (A use of password hash with insufficient computational effort 
vulnerab ...)
+CVE-2024-23111 (An improper neutralization of input during web page Generation 
('Cross ...)
        NOT-FOR-US: FortiGuard
 CVE-2024-23110 (A stack-based buffer overflow in Fortinet FortiOS version 
7.4.0 throug ...)
        NOT-FOR-US: FortiGuard



View it on GitLab: 
https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/be06487e71c5d9d65a362add2c90c9d6e0c27b67

-- 
This project does not include diff previews in email notifications.
View it on GitLab: 
https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/be06487e71c5d9d65a362add2c90c9d6e0c27b67
You're receiving this email because of your account on salsa.debian.org.



_______________________________________________
debian-security-tracker-commits mailing list
debian-security-tracker-commits@alioth-lists.debian.net
https://alioth-lists.debian.net/cgi-bin/mailman/listinfo/debian-security-tracker-commits

Reply via email to