[Git][security-tracker-team/security-tracker][master] automatic update

Fri, 26 Jul 2024 13:12:46 -0700 


Salvatore Bonaccorso pushed to branch master at Debian Security Tracker / 
security-tracker


Commits:
5162cab5 by security tracker role at 2024-07-26T20:12:21+00:00
automatic update

- - - - -


1 changed file:

- data/CVE/list


Changes:

=====================================
data/CVE/list
=====================================
@@ -1,3 +1,97 @@
+CVE-2024-7128 (A flaw was found in the Openshift console. Several endpoints in 
the ap ...)
+       TODO: check
+CVE-2024-7062 (Nimble Commander suffers from a privilege escalation 
vulnerability due ...)
+       TODO: check
+CVE-2024-7050 (Improper Authentication vulnerability in OpenText OpenText 
Directory S ...)
+       TODO: check
+CVE-2024-6922 (Automation Anywhere Automation 360 v21-v32 is vulnerable to 
Server-Sid ...)
+       TODO: check
+CVE-2024-4786 (An improper validation vulnerability was reported in the Lenovo 
Tab K1 ...)
+       TODO: check
+CVE-2024-42007 (SPX (aka php-spx) through 0.4.15 allows SPX_UI_URI Directory 
Traversal ...)
+       TODO: check
+CVE-2024-41813 (txtdot is an HTTP proxy that parses only text, links, and 
pictures fro ...)
+       TODO: check
+CVE-2024-41812 (txtdot is an HTTP proxy that parses only text, links, and 
pictures fro ...)
+       TODO: check
+CVE-2024-41807
+       REJECTED
+CVE-2024-41805 (Tracks, a Getting Things Done (GTD) web application, is 
vulnerable to  ...)
+       TODO: check
+CVE-2024-41692 (This vulnerability exists in SyroTech SY-GPON-1110-WDONT 
Router due to ...)
+       TODO: check
+CVE-2024-41691 (This vulnerability exists in SyroTech SY-GPON-1110-WDONT 
Router due to ...)
+       TODO: check
+CVE-2024-41690 (This vulnerability exists in SyroTech SY-GPON-1110-WDONT 
Router due to ...)
+       TODO: check
+CVE-2024-41689 (This vulnerability exists in SyroTech SY-GPON-1110-WDONT 
Router due to ...)
+       TODO: check
+CVE-2024-41688 (This vulnerability exists in SyroTech SY-GPON-1110-WDONT 
Router due la ...)
+       TODO: check
+CVE-2024-41687 (This vulnerability exists in SyroTech SY-GPON-1110-WDONT 
Router due to ...)
+       TODO: check
+CVE-2024-41686 (This vulnerability exists in SyroTech SY-GPON-1110-WDONT 
Router due to ...)
+       TODO: check
+CVE-2024-41685 (This vulnerability exists in SyroTech SY-GPON-1110-WDONT 
Router due to ...)
+       TODO: check
+CVE-2024-41684 (This vulnerability exists in SyroTech SY-GPON-1110-WDONT 
Router due to ...)
+       TODO: check
+CVE-2024-41670 (In the module "PayPal Official" for PrestaShop 7+ releases 
prior to ve ...)
+       TODO: check
+CVE-2024-41375 (ICEcoder 8.1 is vulnerable to Cross Site Scripting (XSS) via 
lib/termi ...)
+       TODO: check
+CVE-2024-41374 (ICEcoder 8.1 is vulnerable to Cross Site Scripting (XSS) via 
lib/setti ...)
+       TODO: check
+CVE-2024-41373 (ICEcoder 8.1 contains a Path Traversal vulnerability via 
lib/backup-ve ...)
+       TODO: check
+CVE-2024-41357 (phpipam 1.6 is vulnerable to Cross Site Scripting (XSS) via 
/app/admin ...)
+       TODO: check
+CVE-2024-41356 (phpipam 1.6 is vulnerable to Cross Site Scripting (XSS) via 
app\admin\ ...)
+       TODO: check
+CVE-2024-41355 (phpipam 1.6 is vulnerable to Cross Site Scripting (XSS) via 
/app/tools ...)
+       TODO: check
+CVE-2024-41354 (phpipam 1.6 is vulnerable to Cross Site Scripting (XSS) via 
/app/admin ...)
+       TODO: check
+CVE-2024-41353 (phpipam 1.6 is vulnerable to Cross Site Scripting (XSS) via 
app\admin\ ...)
+       TODO: check
+CVE-2024-41113 (streamlit-geospatial is a streamlit multipage app for 
geospatial appli ...)
+       TODO: check
+CVE-2024-41112 (streamlit-geospatial is a streamlit multipage app for 
geospatial appli ...)
+       TODO: check
+CVE-2024-40689 (IBM InfoSphere Information Server 11.7 is vulnerable to SQL 
injection. ...)
+       TODO: check
+CVE-2024-40117 (Incorrect access control in Solar-Log 1000 before v2.8.2 and 
build 52- ...)
+       TODO: check
+CVE-2024-40116 (An issue in Solar-Log 1000 before v2.8.2 and build 
52-23.04.2013 was d ...)
+       TODO: check
+CVE-2024-39304 (ChurchCRM is an open-source church management system. Versions 
of the  ...)
+       TODO: check
+CVE-2024-38872 (Zohocorp ManageEngine Exchange Reporter Plus versions 5717 and 
below a ...)
+       TODO: check
+CVE-2024-38871 (Zohocorp ManageEngine Exchange Reporter Plus versions 5717 and 
below a ...)
+       TODO: check
+CVE-2024-38512 (A privilege escalation vulnerability was discovered in XCC 
that could  ...)
+       TODO: check
+CVE-2024-38511 (A privilege escalation vulnerability was discovered in an 
upload proce ...)
+       TODO: check
+CVE-2024-38510 (A privilege escalation vulnerability was discovered in the SSH 
captive ...)
+       TODO: check
+CVE-2024-38509 (A privilege escalation vulnerability was discovered in XCC 
that could  ...)
+       TODO: check
+CVE-2024-38508 (A privilege escalation vulnerability was discovered in the web 
interfa ...)
+       TODO: check
+CVE-2024-27358 (An issue was discovered in WithSecure Elements Agent through 
23.x for  ...)
+       TODO: check
+CVE-2024-27357 (An issue was discovered in WithSecure Elements Agent through 
23.x for  ...)
+       TODO: check
+CVE-2024-26520 (An issue in Hangzhou Xiongwei Technology Development Co., Ltd. 
Restaur ...)
+       TODO: check
+CVE-2024-25090 (Insufficient input validation and sanitation in Profile name & 
screenn ...)
+       TODO: check
+CVE-2024-24257 (An issue in skteco.com Central Control Attendance Machine web 
manageme ...)
+       TODO: check
+CVE-2023-50700 (Insecure Permissions vulnerability in Deepin dde-file-manager 
6.0.54 a ...)
+       TODO: check
 CVE-2024-7120 (A vulnerability, which was classified as critical, was found in 
Raisec ...)
        NOT-FOR-US: Raisecom MSG1200, MSG2100E, MSG2200 and MSG2300
 CVE-2024-7119 (A vulnerability, which was classified as critical, has been 
found in M ...)
@@ -41,13 +135,13 @@ CVE-2024-24622 (Softaculous Webuzo contains a command 
injection in the password
        NOT-FOR-US: Softaculous Webuzo
 CVE-2024-24621 (Softaculous Webuzo contains an authentication bypass 
vulnerability thr ...)
        NOT-FOR-US: Softaculous Webuzo
-CVE-2024-35296 [Invalid Accept-Encoding can force forwarding requests]
+CVE-2024-35296 (Invalid Accept-Encoding header can cause Apache Traffic Server 
to fail ...)
        - trafficserver <unfixed> (bug #1077141)
        NOTE: https://www.openwall.com/lists/oss-security/2024/07/25/1
-CVE-2024-35161 [Incomplete check for chunked trailer section allows request 
smuggling]
+CVE-2024-35161 (Apache Traffic Server forwards malformed HTTP chunked trailer 
section  ...)
        - trafficserver <unfixed> (bug #1077141)
        NOTE: https://www.openwall.com/lists/oss-security/2024/07/25/1
-CVE-2023-38522 [Incomplete field name check allows request smuggling]
+CVE-2023-38522 (Apache Traffic Server accepts characters that are not allowed 
for HTTP ...)
        - trafficserver <unfixed> (bug #1077141)
        NOTE: https://www.openwall.com/lists/oss-security/2024/07/25/1
 CVE-2024-7101 (A vulnerability, which was classified as critical, has been 
found in F ...)



View it on GitLab: 
https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/5162cab56298601a5c9a5b472c60d05260d12ee1

-- 
This project does not include diff previews in email notifications.
View it on GitLab: 
https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/5162cab56298601a5c9a5b472c60d05260d12ee1
You're receiving this email because of your account on salsa.debian.org.



_______________________________________________
debian-security-tracker-commits mailing list
debian-security-tracker-commits@alioth-lists.debian.net
https://alioth-lists.debian.net/cgi-bin/mailman/listinfo/debian-security-tracker-commits

Reply via email to