Salvatore Bonaccorso pushed to branch master at Debian Security Tracker / security-tracker
Commits: be06487e by security tracker role at 2024-07-11T20:12:26+00:00 automatic update - - - - - 1 changed file: - data/CVE/list Changes: ===================================== data/CVE/list ===================================== @@ -1,3 +1,107 @@ +CVE-2024-6681 (A vulnerability, which was classified as critical, has been found in w ...) + TODO: check +CVE-2024-6680 (A vulnerability classified as critical was found in witmy my-springsec ...) + TODO: check +CVE-2024-6679 (A vulnerability classified as critical has been found in witmy my-spri ...) + TODO: check +CVE-2024-6643 + REJECTED +CVE-2024-6531 (A vulnerability has been identified in Bootstrap that exposes users to ...) + TODO: check +CVE-2024-6528 (CWE-79: Improper Neutralization of Input During Web Page Generation (' ...) + TODO: check +CVE-2024-6485 (A security vulnerability has been discovered in bootstrap that could e ...) + TODO: check +CVE-2024-6484 (A vulnerability has been identified in Bootstrap that exposes users to ...) + TODO: check +CVE-2024-6407 (CWE-200: Information Exposure vulnerability exists that could cause di ...) + TODO: check +CVE-2024-6035 (A Stored Cross-Site Scripting (XSS) vulnerability exists in gaizhenbia ...) + TODO: check +CVE-2024-5681 (CWE-20: Improper Input Validation vulnerability exists that could caus ...) + TODO: check +CVE-2024-5680 (CWE-129: Improper Validation of Array Index vulnerability exists that ...) + TODO: check +CVE-2024-5679 (CWE-787: Out-of-Bounds Write vulnerability exists that could cause loc ...) + TODO: check +CVE-2024-39905 (Red is a fully modular Discord bot. Due to a bug in Red's Core API, 3r ...) + TODO: check +CVE-2024-39904 (VNote is a note-taking platform. Prior to 3.18.1, a code execution vul ...) + TODO: check +CVE-2024-39553 (An Exposure of Resource to Wrong Sphere vulnerability in the sampling ...) + TODO: check +CVE-2024-39552 (An Improper Handling of Exceptional Conditions vulnerability in the ro ...) + TODO: check +CVE-2024-39551 (An Uncontrolled Resource Consumption vulnerability in the H.323 ALG (A ...) + TODO: check +CVE-2024-39550 (A Missing Release of Memory after Effective Lifetime vulnerability in ...) + TODO: check +CVE-2024-39549 (A Missing Release of Memory after Effective Lifetime vulnerability in ...) + TODO: check +CVE-2024-39548 (An Uncontrolled Resource Consumption vulnerability in the aftmand proc ...) + TODO: check +CVE-2024-39546 (A Missing Authorization vulnerability in the Socket Intercept (SI) com ...) + TODO: check +CVE-2024-39545 (An Improper Check for Unusual or Exceptional Conditions vulnerability ...) + TODO: check +CVE-2024-39543 (A Buffer Copy without Checking Size of Inputvulnerability in the routi ...) + TODO: check +CVE-2024-39542 (An Improper Validation of Syntactic Correctness of Input vulnerability ...) + TODO: check +CVE-2024-39541 (An Improper Handling of Exceptional Conditions vulnerability in the Ro ...) + TODO: check +CVE-2024-39540 (An Improper Check for Unusual or Exceptional Conditions vulnerability ...) + TODO: check +CVE-2024-39539 (A Missing Release of Memory after Effective Lifetime vulnerability in ...) + TODO: check +CVE-2024-39538 (A Buffer Copy without Checking Size of Input vulnerability in the PFE ...) + TODO: check +CVE-2024-39537 (An Improper Restriction of Communication Channel to Intended Endpoints ...) + TODO: check +CVE-2024-39536 (A Missing Release of Memory after Effective Lifetime vulnerability in ...) + TODO: check +CVE-2024-39535 (An Improper Check for Unusual or Exceptional Conditions vulnerability ...) + TODO: check +CVE-2024-39533 (An Unimplemented or Unsupported Feature in the UI vulnerability in Jun ...) + TODO: check +CVE-2024-39532 (AnInsertion of Sensitive Information into Log File vulnerability in Ju ...) + TODO: check +CVE-2024-39531 (An Improper Handling of Values vulnerability in the Packet Forwarding ...) + TODO: check +CVE-2024-39530 (An Improper Check for Unusual or Exceptional Conditions vulnerability ...) + TODO: check +CVE-2024-39529 (A Use of Externally-Controlled Format String vulnerability in the Pack ...) + TODO: check +CVE-2024-39528 (A Use After Free vulnerability in the Routing Protocol Daemon (rpd) of ...) + TODO: check +CVE-2024-39524 (An Improper Neutralization of Special Elements vulnerability in Junipe ...) + TODO: check +CVE-2024-39523 (An Improper Neutralization of Special Elements vulnerability in Junipe ...) + TODO: check +CVE-2024-39522 (An Improper Neutralization of Special Elements vulnerability in Junipe ...) + TODO: check +CVE-2024-39521 (An Improper Neutralization of Special Elements vulnerability in Junipe ...) + TODO: check +CVE-2024-39520 (AnImproper Neutralization of Special Elements vulnerability in Juniper ...) + TODO: check +CVE-2024-39519 (An Improper Check for Unusual or Exceptional Conditions vulnerability ...) + TODO: check +CVE-2024-39317 (Wagtail is an open source content management system built on Django. A ...) + TODO: check +CVE-2024-38536 (Suricata is a network Intrusion Detection System, Intrusion Prevention ...) + TODO: check +CVE-2024-38535 (Suricata is a network Intrusion Detection System, Intrusion Prevention ...) + TODO: check +CVE-2024-38534 (Suricata is a network Intrusion Detection System, Intrusion Prevention ...) + TODO: check +CVE-2024-37151 (Suricata is a network Intrusion Detection System, Intrusion Prevention ...) + TODO: check +CVE-2024-32753 (Under certain circumstances the camera may be susceptible to known vul ...) + TODO: check +CVE-2024-2602 (CWE-22: Improper Limitation of a Pathname to a Restricted Directory (' ...) + TODO: check +CVE-2024-28872 (The TLS certificate validation code is flawed. An attacker can obtain ...) + TODO: check CVE-2024-6676 (A vulnerability has been found in witmy my-springsecurity-plus up to 2 ...) TODO: check CVE-2024-6666 (The WP ERP plugin for WordPress is vulnerable to SQL Injection via the ...) @@ -2485,10 +2589,12 @@ CVE-2024-39884 (A regression in the core of Apache HTTP Server 2.4.60 ignores so NOTE: Introduced by https://github.com/apache/httpd/commit/925b6f0ceb8983a11662b5f3a6f2fa75860c2cde NOTE: Likely a regression during fix of CVE-2024-38476 CVE-2024-39573 (Potential SSRF in mod_rewrite in Apache HTTP Server 2.4.59 and earlier ...) + {DSA-5729-1} - apache2 2.4.60-1 NOTE: https://httpd.apache.org/security/vulnerabilities_24.html#CVE-2024-39573 NOTE: likely fix according to comment in code https://github.com/apache/httpd/commit/9494aa8d52e3c263bc0413b77ac8a73b0d524388 CVE-2024-38477 (null pointer dereference in mod_proxy in Apache HTTP Server 2.4.59 and ...) + {DSA-5729-1} - apache2 2.4.60-1 NOTE: https://httpd.apache.org/security/vulnerabilities_24.html#CVE-2024-38477 NOTE: Fixed by https://github.com/apache/httpd/commit/1d98d4db186e708f059336fb9342d0adb6925e85 @@ -2496,12 +2602,14 @@ CVE-2024-38477 (null pointer dereference in mod_proxy in Apache HTTP Server 2.4. NOTE: Regression identified by Ubuntu https://bugs.launchpad.net/ubuntu/+source/apache2/+bug/2072648 NOTE: Rgression fixed by https://github.com/apache/httpd/commit/4d3a308014be26e5407113b4c827a1ea2882bf38 CVE-2024-38476 (Vulnerability in core of Apache HTTP Server 2.4.59 and earlier are vul ...) + {DSA-5729-1} - apache2 2.4.60-1 NOTE: https://httpd.apache.org/security/vulnerabilities_24.html#CVE-2024-38476 NOTE: Fixed by https://github.com/apache/httpd/commit/925b6f0ceb8983a11662b5f3a6f2fa75860c2cde NOTE: (or https://svn.apache.org/viewvc?view=revision&revision=1918560) NOTE: see also regression CVE-2024-39884 CVE-2024-38475 (Improper escaping of output in mod_rewrite in Apache HTTP Server 2.4.5 ...) + {DSA-5729-1} - apache2 2.4.60-1 NOTE: https://httpd.apache.org/security/vulnerabilities_24.html#CVE-2024-38475 NOTE: same fix as CVE-2024-28474 @@ -2509,6 +2617,7 @@ CVE-2024-38475 (Improper escaping of output in mod_rewrite in Apache HTTP Server NOTE: Need also log fix https://github.com/apache/httpd/commit/4797330ad813d9f8a2bb1b3b8d03ceb523dc4884 NOTE: (or https://svn.apache.org/viewvc?view=revision&revision=1918561) CVE-2024-38474 (Substitution encoding issue in mod_rewrite in Apache HTTP Server 2.4.5 ...) + {DSA-5729-1} - apache2 2.4.60-1 NOTE: https://httpd.apache.org/security/vulnerabilities_24.html#CVE-2024-38474 NOTE: same fix as CVE-2024-28475 @@ -2516,6 +2625,7 @@ CVE-2024-38474 (Substitution encoding issue in mod_rewrite in Apache HTTP Server NOTE: need also log fix https://github.com/apache/httpd/commit/4797330ad813d9f8a2bb1b3b8d03ceb523dc4884 NOTE: (or https://svn.apache.org/viewvc?view=revision&revision=1918561) CVE-2024-38473 (Encoding problem in mod_proxy in Apache HTTP Server 2.4.59 and earlier ...) + {DSA-5729-1} - apache2 2.4.60-1 NOTE: https://httpd.apache.org/security/vulnerabilities_24.html#CVE-2024-38473 NOTE: https://github.com/apache/httpd/pull/457 @@ -2531,6 +2641,7 @@ CVE-2024-38472 (SSRF in Apache HTTP Server on Windows allows to potentially leak NOTE: https://github.com/apache/httpd/commit/12542a80324b69ad6a1a489e1b697398551a5fe0 NOTE: Only affects Apache HTTP Server on Windows CVE-2024-36387 (Serving WebSocket protocol upgrades over a HTTP/2 connection could res ...) + {DSA-5729-1} - apache2 2.4.60-1 NOTE: https://httpd.apache.org/security/vulnerabilities_24.html#CVE-2024-36387 NOTE: https://github.com/apache/httpd/commit/c69a51bff8157e403121f8436d85dde21ad28bd2 @@ -7764,7 +7875,7 @@ CVE-2024-23518 (Missing Authorization vulnerability in Navneil Naicker ACF Photo NOT-FOR-US: WordPress plugin CVE-2024-23503 (Missing Authorization vulnerability in WPManageNinja LLC Ninja Tables. ...) NOT-FOR-US: WordPress plugin -CVE-2024-23111 (A use of password hash with insufficient computational effort vulnerab ...) +CVE-2024-23111 (An improper neutralization of input during web page Generation ('Cross ...) NOT-FOR-US: FortiGuard CVE-2024-23110 (A stack-based buffer overflow in Fortinet FortiOS version 7.4.0 throug ...) NOT-FOR-US: FortiGuard View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/be06487e71c5d9d65a362add2c90c9d6e0c27b67 -- This project does not include diff previews in email notifications. View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/be06487e71c5d9d65a362add2c90c9d6e0c27b67 You're receiving this email because of your account on salsa.debian.org.
_______________________________________________ debian-security-tracker-commits mailing list debian-security-tracker-commits@alioth-lists.debian.net https://alioth-lists.debian.net/cgi-bin/mailman/listinfo/debian-security-tracker-commits