[Git][security-tracker-team/security-tracker][master] automatic update

Salvatore Bonaccorso (@carnil) carnil at debian.org
Wed Dec 4 08:12:08 GMT 2024 


Salvatore Bonaccorso pushed to branch master at Debian Security Tracker / security-tracker


Commits:
f34e26d7 by security tracker role at 2024-12-04T08:12:01+00:00
automatic update

- - - - -


1 changed file:

- data/CVE/list


Changes:

=====================================
data/CVE/list
=====================================
@@ -1,3 +1,101 @@
+CVE-2024-9404 (Moxa\u2019s IP Cameras are affected by a medium-severity vulnerability ...)
+	TODO: check
+CVE-2024-54664 (An issue was discovered in Veritas NetBackup before 10.5. This only ap ...)
+	TODO: check
+CVE-2024-54661 (readline.sh in socat through 1.8.0.1 relies on the /tmp/$USER/stderr2  ...)
+	TODO: check
+CVE-2024-54131 (The Kolide Agent (aka: Launcher) is the lightweight agent designed to  ...)
+	TODO: check
+CVE-2024-53672 (A vulnerability in the ClearPass Policy Manager web-based management i ...)
+	TODO: check
+CVE-2024-53502 (Seecms v4.8 was discovered to contain a SQL injection vulnerability in ...)
+	TODO: check
+CVE-2024-51773 (A vulnerability in the HPE Aruba Networking ClearPass Policy Manager w ...)
+	TODO: check
+CVE-2024-51772 (An authenticated RCE vulnerability in the ClearPass Policy Manager web ...)
+	TODO: check
+CVE-2024-51363 (Insecure deserialization in Hodoku v2.3.0 to v2.3.2 allows attackers t ...)
+	TODO: check
+CVE-2024-46625 (An authenticated arbitrary file upload vulnerability in the /documentC ...)
+	TODO: check
+CVE-2024-46624 (An issue in InfoDom Performa 365 v4.0.1 allows authenticated attackers ...)
+	TODO: check
+CVE-2024-45757 (An issue was discovered in Centreon centreon-bam 24.04, 23.10, 23.04,  ...)
+	TODO: check
+CVE-2024-45717 (The SolarWinds Platform was susceptible to a XSS vulnerability that af ...)
+	TODO: check
+CVE-2024-45207 (DLL injection in Veeam Agent for Windows can occur if the system's PAT ...)
+	TODO: check
+CVE-2024-45206 (A vulnerability in Veeam Service Provider Console has been identified, ...)
+	TODO: check
+CVE-2024-45205 (An Improper Certificate Validation on the UniFi iOS App managing a sta ...)
+	TODO: check
+CVE-2024-45204 (A vulnerability exists where a low-privileged user can exploit insuffi ...)
+	TODO: check
+CVE-2024-42457 (A vulnerability in Veeam Backup & Replication allows users with certai ...)
+	TODO: check
+CVE-2024-42456 (A vulnerability in Veeam Backup & Replication platform allows a low-pr ...)
+	TODO: check
+CVE-2024-42455 (A vulnerability in Veeam Backup & Replication allows a low-privileged  ...)
+	TODO: check
+CVE-2024-42453 (A vulnerability Veeam Backup & Replication allows low-privileged users ...)
+	TODO: check
+CVE-2024-42452 (A vulnerability in Veeam Backup & Replication allows a low-privileged  ...)
+	TODO: check
+CVE-2024-42451 (A vulnerability in Veeam Backup & Replication allows low-privileged us ...)
+	TODO: check
+CVE-2024-42449 (From the VSPC management agent machine, under condition that the manag ...)
+	TODO: check
+CVE-2024-40717 (A vulnerability in Veeam Backup & Replication allows a low-privileged  ...)
+	TODO: check
+CVE-2024-40391
+	REJECTED
+CVE-2024-12123 (A hidden field manipulation vulnerability was identified in Issuetrak  ...)
+	TODO: check
+CVE-2024-12099 (The Dollie Hub \u2013 Build Your Own WordPress Cloud Platform plugin f ...)
+	TODO: check
+CVE-2024-11985 (An improper input validation vulnerability leads to device crashes in  ...)
+	TODO: check
+CVE-2024-11903 (The WP eCards plugin for WordPress is vulnerable to Stored Cross-Site  ...)
+	TODO: check
+CVE-2024-11897 (The Contact Form, Survey & Form Builder \u2013 MightyForms plugin for  ...)
+	TODO: check
+CVE-2024-11813 (The Pulsating Chat Button plugin for WordPress is vulnerable to Cross- ...)
+	TODO: check
+CVE-2024-11807 (The NPS computy plugin for WordPress is vulnerable to Reflected Cross- ...)
+	TODO: check
+CVE-2024-11769 (The Flower Delivery by Florist One plugin for WordPress is vulnerable  ...)
+	TODO: check
+CVE-2024-11747 (The Responsive Videos plugin for WordPress is vulnerable to Stored Cro ...)
+	TODO: check
+CVE-2024-11479 (A HTML Injection vulnerability was identified in Issuetrak version 17. ...)
+	TODO: check
+CVE-2024-11466 (The Intro Tour Tutorial DeepPresentation plugin for WordPress is vulne ...)
+	TODO: check
+CVE-2024-11398 (Improper limitation of a pathname to a restricted directory ('Path Tra ...)
+	TODO: check
+CVE-2024-11293 (The  Registration Forms \u2013 User Registration Forms, Invitation-Bas ...)
+	TODO: check
+CVE-2024-11093 (The SG Helper plugin for WordPress is vulnerable to Stored Cross-Site  ...)
+	TODO: check
+CVE-2024-10952 (The The Authors List plugin for WordPress is vulnerable to arbitrary s ...)
+	TODO: check
+CVE-2024-10885 (The SearchIQ \u2013 The Search Solution plugin for WordPress is vulner ...)
+	TODO: check
+CVE-2024-10832 (The Posti Shipping plugin for WordPress is vulnerable to Cross-Site Re ...)
+	TODO: check
+CVE-2024-10664 (The Knowledge Base documentation & wiki plugin \u2013 BasePress Docs p ...)
+	TODO: check
+CVE-2024-10663 (The Eleblog \u2013 Elementor Blog And Magazine Addons plugin for WordP ...)
+	TODO: check
+CVE-2024-10587 (The Interactive Contact Form and Multi Step Form Builder with Drag & D ...)
+	TODO: check
+CVE-2023-6978 (The WP Job Manager \u2013 Company Profiles plugin for WordPress is vul ...)
+	TODO: check
+CVE-2023-52944 (Incorrect authorization vulnerability in ActionRule webapi component i ...)
+	TODO: check
+CVE-2023-52943 (Incorrect authorization vulnerability in Alert.Setting webapi componen ...)
+	TODO: check
 CVE-2024-9978 (in OpenHarmony v4.1.1 and prior versions allow a local attacker cause  ...)
 	NOT-FOR-US: OpenHarmony
 CVE-2024-54000 (Mobile Security Framework (MobSF) is a pen-testing, malware analysis a ...)
@@ -213,7 +311,7 @@ CVE-2024-53981 (python-multipart is a streaming multipart parser for Python. Whe
 	NOTE: https://github.com/Kludex/python-multipart/security/advisories/GHSA-59g5-xgcq-4qw3
 	NOTE: Fixed by: https://github.com/Kludex/python-multipart/commit/9205a0ec8c646b9f705430a6bfb52bd957b76c19 (0.0.18)
 	NOTE: Fixed by: https://github.com/Kludex/python-multipart/commit/c4fe4d3cebc08c660e57dd709af1ffa7059b3177 (0.0.19)
-CVE-2024-53900 (Mongoose before 8.8.3 can improperly use $where in match.)
+CVE-2024-53900 (Mongoose before 8.8.3 can improperly use $where in match, leading to s ...)
 	TODO: check
 CVE-2024-53862 (Argo Workflows is an open source container-native workflow engine for  ...)
 	NOT-FOR-US: Argo Workflows
@@ -315,7 +413,7 @@ CVE-2024-53617 (A Cross Site Scripting vulnerability in LibrePhotos before commi
 	NOT-FOR-US: LibrePhotos
 CVE-2024-53566 (An issue in the action_listcategories() function of Sangoma Asterisk v ...)
 	TODO: check
-CVE-2024-53564 (An authenticated arbitrary file upload vulnerability in the component  ...)
+CVE-2024-53564 (A serious vulnerability was discovered in FreePBX 17.0.19.17. FreePBX  ...)
 	NOT-FOR-US: FreePBX
 CVE-2024-53484 (Ever Traduora 0.20.0 and below is vulnerable to Privilege Escalation d ...)
 	NOT-FOR-US: Ever Traduora
@@ -1646,7 +1744,7 @@ CVE-2024-6393 (The Photo Gallery, Sliders, Proofing and   WordPress plugin befor
 	NOT-FOR-US: WordPress plugin
 CVE-2024-53930 (WikiDocs before 1.0.65 allows stored XSS by authenticated users via da ...)
 	NOT-FOR-US: WikiDocs
-CVE-2024-53916 (In OpenStack Neutron through 25.0.0, neutron/extensions/tagging.py can ...)
+CVE-2024-53916 (In OpenStack Neutron before 25.0.1, neutron/extensions/tagging.py can  ...)
 	- neutron 2:25.0.0-2 (bug #1088802)
 	[bookworm] - neutron <not-affected> (Vulnerable code not present)
 	[bullseye] - neutron <not-affected> (Vulnerable code not present)
@@ -3002,7 +3100,7 @@ CVE-2024-44306 (A buffer overflow issue was addressed with improved memory handl
 	NOT-FOR-US: Apple
 CVE-2024-33439 (An issue in Kasda LinkSmart Router KW5515 v1.7 and before allows an au ...)
 	NOT-FOR-US: Kasda LinkSmart Router KW5515
-CVE-2024-30896 (InfluxDB through 2.7.10 allows allAccess administrators to retrieve al ...)
+CVE-2024-30896 (InfluxDB OSS 2.x through 2.7.11 stores the administrative operator tok ...)
 	- influxdb <not-affected> (influxdb 1.x doesn't have multi tenancy yet)
 	NOTE: https://github.com/influxdata/influxdb/issues/24797
 	NOTE: https://github.com/XenoM0rph97/CVE-2024-30896



View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/f34e26d7ac1a5f89a7d3605316e33c454430fd5f

-- 
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/f34e26d7ac1a5f89a7d3605316e33c454430fd5f
You're receiving this email because of your account on salsa.debian.org.


-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://alioth-lists.debian.net/pipermail/debian-security-tracker-commits/attachments/20241204/30c1eaa0/attachment.htm>

More information about the debian-security-tracker-commits mailing list