Salvatore Bonaccorso pushed to branch master at Debian Security Tracker /
security-tracker
Commits:
2ca57aaa by security tracker role at 2024-07-26T08:11:42+00:00
automatic update
- - - - -
1 changed file:
- data/CVE/list
Changes:
=====================================
data/CVE/list
=====================================
@@ -1,3 +1,45 @@
+CVE-2024-7120 (A vulnerability, which was classified as critical, was found in
Raisec ...)
+ TODO: check
+CVE-2024-7119 (A vulnerability, which was classified as critical, has been
found in M ...)
+ TODO: check
+CVE-2024-7118 (A vulnerability classified as critical was found in
MD-MAFUJUL-HASAN O ...)
+ TODO: check
+CVE-2024-7117 (A vulnerability classified as critical has been found in
MD-MAFUJUL-HA ...)
+ TODO: check
+CVE-2024-7116 (A vulnerability was found in MD-MAFUJUL-HASAN
Online-Payroll-Managemen ...)
+ TODO: check
+CVE-2024-7115 (A vulnerability was found in MD-MAFUJUL-HASAN
Online-Payroll-Managemen ...)
+ TODO: check
+CVE-2024-7114 (A vulnerability was found in Tianchoy Blog up to 1.8.8. It has
been cl ...)
+ TODO: check
+CVE-2024-7106 (A vulnerability classified as problematic was found in Spina
CMS 2.18. ...)
+ TODO: check
+CVE-2024-7105 (A vulnerability classified as critical has been found in ForIP
Tecnolo ...)
+ TODO: check
+CVE-2024-6490 (During testing of the Master Slider WordPress plugin through
3.9.10, ...)
+ TODO: check
+CVE-2024-4447 (In the System \u2192 Maintenance tool, the Logged Users tab
surfaces s ...)
+ TODO: check
+CVE-2024-41809 (OpenObserve is an open-source observability platform. Starting
in vers ...)
+ TODO: check
+CVE-2024-41808 (The OpenObserve open-source observability platform provides
the abilit ...)
+ TODO: check
+CVE-2024-41473 (Tenda FH1201 v1.2.0.14 was discovered to contain a command
injection v ...)
+ TODO: check
+CVE-2024-41468 (Tenda FH1201 v1.2.0.14 was discovered to contain a command
injection v ...)
+ TODO: check
+CVE-2024-40897 (Stack-based buffer overflow vulnerability exists in orcparse.c
of ORC ...)
+ TODO: check
+CVE-2024-3938 (The "reset password" login page accepted an HTML injection via
URL par ...)
+ TODO: check
+CVE-2024-38103 (Microsoft Edge (Chromium-based) Information Disclosure
Vulnerability)
+ TODO: check
+CVE-2024-24623 (Softaculous Webuzo contains a command injection vulnerability
in the F ...)
+ TODO: check
+CVE-2024-24622 (Softaculous Webuzo contains a command injection in the
password reset ...)
+ TODO: check
+CVE-2024-24621 (Softaculous Webuzo contains an authentication bypass
vulnerability thr ...)
+ TODO: check
CVE-2024-35296 [Invalid Accept-Encoding can force forwarding requests]
- trafficserver <unfixed> (bug #1077141)
NOTE: https://www.openwall.com/lists/oss-security/2024/07/25/1
@@ -316,6 +358,7 @@ CVE-2024-4080 (A memory corruption issue due to an improper
length check in LabV
CVE-2024-4079 (An out of bounds read due to a missing bounds check in LabVIEW
may dis ...)
NOT-FOR-US: NI LabVIEW
CVE-2024-4076 (Client queries that trigger serving stale data and that also
require l ...)
+ {DSA-5734-1}
- bind9 1:9.20.0-1
NOTE: https://kb.isc.org/docs/cve-2024-4076
CVE-2024-41839 (Adobe Experience Manager versions 6.5.20 and earlier are
affected by a ...)
@@ -347,9 +390,11 @@ CVE-2024-34128 (Adobe Experience Manager versions 6.5.20
and earlier are affecte
CVE-2024-29070 (On versions before 2.1.4,session is not invalidated after
logout. When ...)
NOT-FOR-US: Apache StreamPark
CVE-2024-1975 (If a server hosts a zone containing a "KEY" Resource Record, or
a reso ...)
+ {DSA-5734-1}
- bind9 1:9.20.0-1
NOTE: https://kb.isc.org/docs/cve-2024-1975
CVE-2024-1737 (Resolver caches and authoritative zone databases that hold
significant ...)
+ {DSA-5734-1}
- bind9 1:9.20.0-1
NOTE: https://kb.isc.org/docs/cve-2024-1737
NOTE: RRset limits in zones:
https://kb.isc.org/docs/rrset-limits-in-zones
@@ -3531,7 +3576,7 @@ CVE-2024-39071 (Fujian Kelixun <=7.6.6.4391 is vulnerable
to SQL Injection in se
NOT-FOR-US: Fujian Kelixun
CVE-2024-39069 (An issue in ifood Order Manager v3.35.5 'Gestor de
Peddios.exe' allows ...)
NOT-FOR-US: ifood Order Manager
-CVE-2024-39031 (In Silverpeas Core <= 6.3.5, inside of mes agendas a user can
create a ...)
+CVE-2024-39031 (In Silverpeas Core <= 6.3.5, in Mes Agendas, a user can create
new eve ...)
NOT-FOR-US: Silverpeas Core
CVE-2024-38963 (Nopcommerce 4.70.1 is vulnerable to Cross Site Scripting (XSS)
via the ...)
NOT-FOR-US: Nopcommerce
@@ -62077,7 +62122,7 @@ CVE-2023-6710 (A flaw was found in the
mod_proxy_cluster in the Apache server. T
CVE-2023-5379 (A flaw was found in Undertow. When an AJP request is sent that
exceeds ...)
- undertow <unfixed> (bug #1059055)
NOTE: https://bugzilla.redhat.com/show_bug.cgi?id=2242099
-CVE-2023-49921
+CVE-2023-49921 (An issue was discovered by Elastic whereby Watcher search
input logged ...)
- elasticsearch <removed>
CVE-2023-6687 (An issue was discovered by Elastic whereby Elastic Agent would
log a r ...)
NOT-FOR-US: Elastic whereby Elastic Agent
View it on GitLab:
https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/2ca57aaa8a452947b8a51e2c762fdd3dbe8692b7
--
This project does not include diff previews in email notifications.
View it on GitLab:
https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/2ca57aaa8a452947b8a51e2c762fdd3dbe8692b7
You're receiving this email because of your account on salsa.debian.org.
_______________________________________________
debian-security-tracker-commits mailing list
debian-security-tracker-commits@alioth-lists.debian.net
https://alioth-lists.debian.net/cgi-bin/mailman/listinfo/debian-security-tracker-commits
