[Git][security-tracker-team/security-tracker][master] automatic update
Salvatore Bonaccorso (@carnil)
carnil at debian.org
Thu Dec 5 20:12:10 GMT 2024
Salvatore Bonaccorso pushed to branch master at Debian Security Tracker / security-tracker
Commits:
61f356a0 by security tracker role at 2024-12-05T20:12:04+00:00
automatic update
- - - - -
1 changed file:
- data/CVE/list
Changes:
=====================================
data/CVE/list
=====================================
@@ -1,3 +1,161 @@
+CVE-2024-6784 (Server-Side Request Forgery vulnerabilities were found providing a pot ...)
+ TODO: check
+CVE-2024-6516 (Cross Site Scripting vulnerabilities where found providing a potential ...)
+ TODO: check
+CVE-2024-6515 (Web browser interface may manipulate application username/password in ...)
+ TODO: check
+CVE-2024-54679 (CyberPanel (aka Cyber Panel) before 6778ad1 does not require the Filem ...)
+ TODO: check
+CVE-2024-54130 (The NASA\u2019s Interplanetary Overlay Network (ION) is an implementat ...)
+ TODO: check
+CVE-2024-54129 (The NASA\u2019s Interplanetary Overlay Network (ION) is an implementat ...)
+ TODO: check
+CVE-2024-54128 (Directus is a real-time API and App dashboard for managing SQL databas ...)
+ TODO: check
+CVE-2024-54127 (This vulnerability exists in the TP-Link Archer C50 due to presence of ...)
+ TODO: check
+CVE-2024-54126 (This vulnerability exists in the TP-Link Archer C50 due to improper si ...)
+ TODO: check
+CVE-2024-54001 (Kanboard is project management software that focuses on the Kanban met ...)
+ TODO: check
+CVE-2024-53857 (rPGP is a pure Rust implementation of OpenPGP. Prior to 0.14.1, rPGP a ...)
+ TODO: check
+CVE-2024-53856 (rPGP is a pure Rust implementation of OpenPGP. Prior to 0.14.1, rPGP a ...)
+ TODO: check
+CVE-2024-53846 (OTP is a set of Erlang libraries, which consists of the Erlang runtime ...)
+ TODO: check
+CVE-2024-53703 (A vulnerability in the SonicWall SMA100 SSLVPN firmware 10.2.1.13-72sv ...)
+ TODO: check
+CVE-2024-53702 (Use of cryptographically weak pseudo-random number generator (PRNG) vu ...)
+ TODO: check
+CVE-2024-53490 (Favorites-web 1.3.0 favorites-web has a directory traversal vulnerabil ...)
+ TODO: check
+CVE-2024-53472 (WeGIA v3.2.0 was discovered to contain a Cross-Site Request Forgery (C ...)
+ TODO: check
+CVE-2024-53471 (Multiple stored cross-site scripting (XSS) vulnerabilities in the comp ...)
+ TODO: check
+CVE-2024-53470 (Multiple stored cross-site scripting (XSS) vulnerabilities in the comp ...)
+ TODO: check
+CVE-2024-53442 (whapa v1.59 is vulnerable to Command Injection via a crafted filename ...)
+ TODO: check
+CVE-2024-52564 (Inclusion of undocumented features or chicken bits issue exists in UD- ...)
+ TODO: check
+CVE-2024-52271 (User Interface (UI) Misrepresentation of Critical Information vulnerab ...)
+ TODO: check
+CVE-2024-52270 (User Interface (UI) Misrepresentation of Critical Information vulnerab ...)
+ TODO: check
+CVE-2024-51555 (Default Credentail vulnerabilities allows access to an Aspect device u ...)
+ TODO: check
+CVE-2024-51554 (Default Credentail vulnerabilities in ASPECT on Linux allows access to ...)
+ TODO: check
+CVE-2024-51551 (Default Credentail vulnerabilities in ASPECT on Linux allows access to ...)
+ TODO: check
+CVE-2024-51550 (Data Validation / Data Sanitization vulnerabilities in Linux allows u ...)
+ TODO: check
+CVE-2024-51549 (Absolute File Traversal vulnerabilities allows access and modificatio ...)
+ TODO: check
+CVE-2024-51548 (Dangerous File Upload vulnerabilities allow upload of malicious script ...)
+ TODO: check
+CVE-2024-51546 (Credentials Disclosure vulnerabilities allow access to on board projec ...)
+ TODO: check
+CVE-2024-51545 (Username Enumeration vulnerabilities allow access to application level ...)
+ TODO: check
+CVE-2024-51544 (Service Control vulnerabilities allow access to service restart reques ...)
+ TODO: check
+CVE-2024-51543 (Information Disclosure vulnerabilities allow access to application con ...)
+ TODO: check
+CVE-2024-51542 (Configuration Download vulnerabilities allow access to dependency conf ...)
+ TODO: check
+CVE-2024-51541 (Local File Inclusion vulnerabilities allow access to sensitive system ...)
+ TODO: check
+CVE-2024-48847 (MD5 Checksum Bypass vulnerabilities where found exploiting a weakness ...)
+ TODO: check
+CVE-2024-48846 (Cross Site Request Forgery vulnerabilities where found providing a pot ...)
+ TODO: check
+CVE-2024-48845 (Weak Password Reset Rules vulnerabilities where found providing a pot ...)
+ TODO: check
+CVE-2024-48844 (Denial of Service vulnerabilities where found providing a potiential f ...)
+ TODO: check
+CVE-2024-48843 (Denial of Service vulnerabilities where found providing a potiential f ...)
+ TODO: check
+CVE-2024-48840 (Unauthorized Access vulnerabilities allow Remote Code Execution. Affec ...)
+ TODO: check
+CVE-2024-48839 (Improper Input Validation vulnerability allows Remote Code Execution. ...)
+ TODO: check
+CVE-2024-47133 (UD-LT1 firmware Ver.2.1.8 and earlier and UD-LT1/EX firmware Ver.2.1.8 ...)
+ TODO: check
+CVE-2024-45841 (Incorrect permission assignment for critical resource issue exists in ...)
+ TODO: check
+CVE-2024-45319 (A vulnerability in the SonicWall SMA100 SSLVPN firmware10.2.1.13-72s ...)
+ TODO: check
+CVE-2024-45318 (A vulnerability in the SonicWall SMA100 SSLVPN web management interfac ...)
+ TODO: check
+CVE-2024-41579 (DTStack Taier 1.4.0 allows remote attackers to specify the jobName par ...)
+ TODO: check
+CVE-2024-40763 (Heap-based buffer overflow vulnerability in the SonicWall SMA100 SSLVP ...)
+ TODO: check
+CVE-2024-12247 (Mattermost versions 9.7.x <= 9.7.5, 9.8.x <= 9.8.2 and 9.9.x <= 9.9.2 ...)
+ TODO: check
+CVE-2024-12235 (A vulnerability was found in Shenzhen Dashi Tongzhou Information Techn ...)
+ TODO: check
+CVE-2024-12234 (A vulnerability was found in 1000 Projects Beauty Parlour Management S ...)
+ TODO: check
+CVE-2024-12233 (A vulnerability was found in code-projects Online Notice Board up to 1 ...)
+ TODO: check
+CVE-2024-12232 (A vulnerability has been found in code-projects Simple CRUD Functional ...)
+ TODO: check
+CVE-2024-12231 (A vulnerability, which was classified as critical, was found in CodeZi ...)
+ TODO: check
+CVE-2024-12230 (A vulnerability, which was classified as critical, has been found in P ...)
+ TODO: check
+CVE-2024-12229 (A vulnerability classified as critical was found in PHPGurukul Complai ...)
+ TODO: check
+CVE-2024-12228 (A vulnerability classified as critical has been found in PHPGurukul Co ...)
+ TODO: check
+CVE-2024-12227 (A vulnerability, which was classified as problematic, was found in MSI ...)
+ TODO: check
+CVE-2024-12130 (An \u201cout of bounds read\u201d code execution vulnerability exists ...)
+ TODO: check
+CVE-2024-12094 (This vulnerability exists in the Tinxy mobile app due to storage of lo ...)
+ TODO: check
+CVE-2024-11942 (A vulnerability in Drupal Core allows File Manipulation.This issue aff ...)
+ TODO: check
+CVE-2024-11941 (A vulnerability in Drupal Core allows Excessive Allocation.This issue ...)
+ TODO: check
+CVE-2024-11779 (The WIP WooCarousel Lite plugin for WordPress is vulnerable to Stored ...)
+ TODO: check
+CVE-2024-11420 (The Blocksy theme for WordPress is vulnerable to Stored Cross-Site Scr ...)
+ TODO: check
+CVE-2024-11341 (The Simple Redirection plugin for WordPress is vulnerable to Cross-Sit ...)
+ TODO: check
+CVE-2024-11324 (The Accounting for WooCommerce plugin for WordPress is vulnerable to R ...)
+ TODO: check
+CVE-2024-11317 (Session Fixation vulnerabilities allow an attacker to fix a users sess ...)
+ TODO: check
+CVE-2024-11316 (Fileszie Check vulnerabilities allow a malicious user to bypass size l ...)
+ TODO: check
+CVE-2024-11158 (An \u201cuninitialized variable\u201d code execution vulnerability exi ...)
+ TODO: check
+CVE-2024-11156 (An \u201cout of bounds write\u201d code execution vulnerability exist ...)
+ TODO: check
+CVE-2024-11155 (A \u201cuse after free\u201d code execution vulnerability exists in t ...)
+ TODO: check
+CVE-2024-11148 (In OpenBSD 7.4 before errata 006 and OpenBSD 7.3 before errata 020, ht ...)
+ TODO: check
+CVE-2024-10937 (The Related Posts, Inline Related Posts, Contextual Related Posts, Rel ...)
+ TODO: check
+CVE-2024-10848 (The NewsMunch theme for WordPress is vulnerable to Stored Cross-Site S ...)
+ TODO: check
+CVE-2024-10777 (The AnyWhere Elementor plugin for WordPress is vulnerable to Informati ...)
+ TODO: check
+CVE-2024-10716 (Pega Platform versions 8.1 to Infinity 24.2.0 are affected by an XSS i ...)
+ TODO: check
+CVE-2024-10056 (The Contact Form Builder by vcita plugin for WordPress is vulnerable t ...)
+ TODO: check
+CVE-2023-50913 (Oxide control plane software before 5 allows SSRF.)
+ TODO: check
+CVE-2023-48010 (STMicroelectronics SPC58 is vulnerable to Missing Protection Mechanism ...)
+ TODO: check
CVE-2024-54675 (app/webroot/js/workflows-editor/workflows-editor.js in MISP through 2. ...)
NOT-FOR-US: MISP
CVE-2024-54674 (app/View/GalaxyClusters/cluster_export_misp_galaxy.ctp in MISP through ...)
@@ -78,7 +236,7 @@ CVE-2024-52278
REJECTED
CVE-2024-52277 (User Interface (UI) Misrepresentation of Critical Information vulnerab ...)
NOT-FOR-US: DocuSeal
-CVE-2024-52276 (** INITIAL LIMITED RELEASE ** User Interface (UI) Misrepresentation o ...)
+CVE-2024-52276 (User Interface (UI) Misrepresentation of Critical Information vulnerab ...)
TODO: check
CVE-2024-52275 (Stack-based Buffer Overflow vulnerability in Shenzhen Tenda Technology ...)
NOT-FOR-US: Tenda
@@ -88,7 +246,7 @@ CVE-2024-52273 (Stack-based Buffer Overflow vulnerability in Shenzhen Tenda Tech
NOT-FOR-US: Tenda
CVE-2024-52272 (Stack-based Buffer Overflow vulnerability in Shenzhen Tenda Technology ...)
NOT-FOR-US: Tenda
-CVE-2024-52269 (** INITIAL LIMITED RELEASE ** User Interface (UI) Misrepresentation o ...)
+CVE-2024-52269 (User Interface (UI) Misrepresentation of Critical Information vulnerab ...)
TODO: check
CVE-2024-51465 (IBM App Connect Enterprise Certified Container 11.4, 11.5, 11.6, 12.0, ...)
NOT-FOR-US: IBM
@@ -38960,9 +39118,9 @@ CVE-2024-6505 (A flaw was found in the virtio-net device in QEMU. When enabling
[bookworm] - qemu <no-dsa> (Minor issue)
[bullseye] - qemu <no-dsa> (Minor issue)
NOTE: https://bugzilla.redhat.com/show_bug.cgi?id=2295760
-CVE-2024-6298 (Improper Input Validation vulnerability in ABB ASPECT-Enterprise on Li ...)
+CVE-2024-6298 (Unauthorized file access in WEB Server in ABB ASPECT - Enterprise v3.0 ...)
NOT-FOR-US: ABB
-CVE-2024-6209 (Unauthorized file access in WEB Server in ABB ASPECT - Enterprise v <= ...)
+CVE-2024-6209 (Unauthorized file access in WEB Server in ABB ASPECT - Enterprise v3.0 ...)
NOT-FOR-US: ABB
CVE-2024-5753 (vanna-ai/vanna version v0.3.4 is vulnerable to SQL injection in some f ...)
NOT-FOR-US: vanna-ai/vanna
@@ -181364,8 +181522,7 @@ CVE-2022-41139 (MITRE CALDERA 4.1.0 allows stored XSS via app.contact.gist (aka
CVE-2022-41138 (In Zutty before 0.13, DECRQSS in text written to the terminal can achi ...)
- zutty 0.13.0.20220910.112547+dfsg1-1
NOTE: https://github.com/tomszilagyi/zutty/commit/bde7458c60a7bafe08bbeaafbf861eb865edfa38 (0.13)
-CVE-2022-41137
- RESERVED
+CVE-2022-41137 (Apache HiveMetastore (HMS) usesSerializationUtilities#deserializeObjec ...)
NOT-FOR-US: Apache Hive
CVE-2022-40704 (A XSS vulnerability was found in phoromatic_r_add_test_details.php in ...)
- phoronix-test-suite <removed>
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/61f356a0074fe6ed96bd9d6cae0019f728597831
--
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/61f356a0074fe6ed96bd9d6cae0019f728597831
You're receiving this email because of your account on salsa.debian.org.
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://alioth-lists.debian.net/pipermail/debian-security-tracker-commits/attachments/20241205/7945a8e3/attachment-0001.htm>
More information about the debian-security-tracker-commits
mailing list