[Git][security-tracker-team/security-tracker][master] automatic update
Salvatore Bonaccorso (@carnil)
carnil at debian.org
Fri Dec 6 20:12:16 GMT 2024
Salvatore Bonaccorso pushed to branch master at Debian Security Tracker / security-tracker
Commits:
98b6bbfc by security tracker role at 2024-12-06T20:12:10+00:00
automatic update
- - - - -
1 changed file:
- data/CVE/list
Changes:
=====================================
data/CVE/list
=====================================
@@ -1,3 +1,261 @@
+CVE-2024-9872 (The Online Booking & Scheduling Calendar for WordPress by vcita plugin ...)
+ TODO: check
+CVE-2024-9866 (The Event Tickets with Ticket Scanner plugin for WordPress is vulnerab ...)
+ TODO: check
+CVE-2024-9706 (The Ultimate Coming Soon & Maintenance plugin for WordPress is vulnera ...)
+ TODO: check
+CVE-2024-9705 (The Ultimate Coming Soon & Maintenance plugin for WordPress is vulnera ...)
+ TODO: check
+CVE-2024-55268 (A Reflected Cross Site Scripting (XSS) vulnerability was found in /cov ...)
+ TODO: check
+CVE-2024-54750 (Ubiquiti U6-LR 6.6.65 was discovered to contain a hardcoded password v ...)
+ TODO: check
+CVE-2024-54749 (Ubiquiti U7-Pro 7.0.35 was discovered to contain a hardcoded password ...)
+ TODO: check
+CVE-2024-54747 (WAVLINK WN531P3 202383 was discovered to contain a hardcoded password ...)
+ TODO: check
+CVE-2024-54745 (WAVLINK WN701AE M01AE_V240305 was discovered to contain a hardcoded pa ...)
+ TODO: check
+CVE-2024-54216 (Path Traversal vulnerability in NotFound ARForms allows Path Traversal ...)
+ TODO: check
+CVE-2024-54214 (Unrestricted Upload of File with Dangerous Type vulnerability in NotFo ...)
+ TODO: check
+CVE-2024-54213 (Improper Neutralization of Input During Web Page Generation ('Cross-si ...)
+ TODO: check
+CVE-2024-54212 (Improper Neutralization of Input During Web Page Generation ('Cross-si ...)
+ TODO: check
+CVE-2024-54211 (Improper Neutralization of Input During Web Page Generation ('Cross-si ...)
+ TODO: check
+CVE-2024-54210 (Improper Neutralization of Input During Web Page Generation ('Cross-si ...)
+ TODO: check
+CVE-2024-54209 (Improper Neutralization of Input During Web Page Generation ('Cross-si ...)
+ TODO: check
+CVE-2024-54208 (Improper Neutralization of Input During Web Page Generation ('Cross-si ...)
+ TODO: check
+CVE-2024-54207 (Improper Neutralization of Input During Web Page Generation ('Cross-si ...)
+ TODO: check
+CVE-2024-54206 (Improper Neutralization of Input During Web Page Generation ('Cross-si ...)
+ TODO: check
+CVE-2024-54205 (Cross-Site Request Forgery (CSRF) vulnerability in Paloma Paloma Widge ...)
+ TODO: check
+CVE-2024-54143 (openwrt/asu is an image on demand server for OpenWrt based distributio ...)
+ TODO: check
+CVE-2024-54141 (phpMyFAQ is an open source FAQ web application for PHP 8.1+ and MySQL, ...)
+ TODO: check
+CVE-2024-54137 (liboqs is a C-language cryptographic library that provides implementat ...)
+ TODO: check
+CVE-2024-54136 (ClipBucket V5 provides open source video hosting with PHP. ClipBucket- ...)
+ TODO: check
+CVE-2024-54135 (ClipBucket V5 provides open source video hosting with PHP. ClipBucket- ...)
+ TODO: check
+CVE-2024-53826 (Missing Authorization vulnerability in WPSight WPCasa allows Accessing ...)
+ TODO: check
+CVE-2024-53825 (Missing Authorization vulnerability in Ninja Team Filebird allows Expl ...)
+ TODO: check
+CVE-2024-53824 (Improper Control of Filename for Include/Require Statement in PHP Prog ...)
+ TODO: check
+CVE-2024-53823 (Improper Neutralization of Input During Web Page Generation ('Cross-si ...)
+ TODO: check
+CVE-2024-53821 (Improper Neutralization of Input During Web Page Generation ('Cross-si ...)
+ TODO: check
+CVE-2024-53820 (Improper Neutralization of Input During Web Page Generation ('Cross-si ...)
+ TODO: check
+CVE-2024-53817 (Improper Neutralization of Special Elements used in an SQL Command ('S ...)
+ TODO: check
+CVE-2024-53815 (Improper Neutralization of Special Elements used in an SQL Command ('S ...)
+ TODO: check
+CVE-2024-53813 (Missing Authorization vulnerability in WP Travel WP Travel allows Expl ...)
+ TODO: check
+CVE-2024-53812 (Improper Neutralization of Input During Web Page Generation ('Cross-si ...)
+ TODO: check
+CVE-2024-53811 (Unrestricted Upload of File with Dangerous Type vulnerability in POSIM ...)
+ TODO: check
+CVE-2024-53810 (Missing Authorization vulnerability in Najeeb Ahmad Simple User Regist ...)
+ TODO: check
+CVE-2024-53809 (Cross-Site Request Forgery (CSRF) vulnerability in Kiboko Labs Namaste ...)
+ TODO: check
+CVE-2024-53808 (Improper Neutralization of Special Elements used in an SQL Command ('S ...)
+ TODO: check
+CVE-2024-53807 (Improper Neutralization of Special Elements used in an SQL Command ('S ...)
+ TODO: check
+CVE-2024-53806 (Missing Authorization vulnerability in WpMaspik Maspik \u2013 Spam bla ...)
+ TODO: check
+CVE-2024-53805 (Missing Authorization vulnerability in brandtoss WP Mailster allows Ex ...)
+ TODO: check
+CVE-2024-53804 (Insertion of Sensitive Information Into Sent Data vulnerability in bra ...)
+ TODO: check
+CVE-2024-53803 (Missing Authorization vulnerability in brandtoss WP Mailster allows Ex ...)
+ TODO: check
+CVE-2024-53802 (Improper Neutralization of Input During Web Page Generation ('Cross-si ...)
+ TODO: check
+CVE-2024-53801 (Improper Neutralization of Input During Web Page Generation ('Cross-si ...)
+ TODO: check
+CVE-2024-53799 (Missing Authorization vulnerability in BAKKBONE Australia FloristPress ...)
+ TODO: check
+CVE-2024-53797 (Improper Neutralization of Input During Web Page Generation ('Cross-si ...)
+ TODO: check
+CVE-2024-53796 (Improper Neutralization of Input During Web Page Generation ('Cross-si ...)
+ TODO: check
+CVE-2024-53795 (Missing Authorization vulnerability in Andy Moyle Church Admin allows ...)
+ TODO: check
+CVE-2024-53794 (Improper Neutralization of Input During Web Page Generation ('Cross-si ...)
+ TODO: check
+CVE-2024-53691 (A link following vulnerability has been reported to affect several QNA ...)
+ TODO: check
+CVE-2024-52558 (The affected product is vulnerable to an integer underflow. An unauthe ...)
+ TODO: check
+CVE-2024-52335 (A vulnerability has been identified in syngo.plaza VB30E (All versions ...)
+ TODO: check
+CVE-2024-52324 (Ruijie Reyee OS versions 2.206.x up to but not including 2.320.x uses ...)
+ TODO: check
+CVE-2024-52320 (The affected product is vulnerable to a command injection. An unauthen ...)
+ TODO: check
+CVE-2024-51815 (Improper Control of Generation of Code ('Code Injection') vulnerabilit ...)
+ TODO: check
+CVE-2024-51727 (Ruijie Reyee OS versions 2.206.x up to but not including 2.320.x conta ...)
+ TODO: check
+CVE-2024-51615 (Improper Neutralization of Special Elements used in an SQL Command ('S ...)
+ TODO: check
+CVE-2024-50677 (A cross-site scripting (XSS) vulnerability in OroPlatform CMS v5.1 all ...)
+ TODO: check
+CVE-2024-50404 (A link following vulnerability has been reported to affect Qsync Centr ...)
+ TODO: check
+CVE-2024-50403 (A use of externally-controlled format string vulnerability has been re ...)
+ TODO: check
+CVE-2024-50402 (A use of externally-controlled format string vulnerability has been re ...)
+ TODO: check
+CVE-2024-50393 (A command injection vulnerability has been reported to affect several ...)
+ TODO: check
+CVE-2024-50389 (A SQL injection vulnerability has been reported to affect QuRouter. If ...)
+ TODO: check
+CVE-2024-50388 (An OS command injection vulnerability has been reported to affect HBS ...)
+ TODO: check
+CVE-2024-50387 (A SQL injection vulnerability has been reported to affect several QNAP ...)
+ TODO: check
+CVE-2024-4633 (The Slider and Carousel slider by Depicter plugin for WordPress is vul ...)
+ TODO: check
+CVE-2024-48874 (Ruijie Reyee OS versions 2.206.x up to but not including 2.320.x could ...)
+ TODO: check
+CVE-2024-48871 (The affected product is vulnerable to a stack-based buffer overflow. A ...)
+ TODO: check
+CVE-2024-48868 (An improper neutralization of CRLF sequences ('CRLF Injection') vulner ...)
+ TODO: check
+CVE-2024-48867 (An improper neutralization of CRLF sequences ('CRLF Injection') vulner ...)
+ TODO: check
+CVE-2024-48866 (An improper handling of URL encoding (Hex Encoding) vulnerability has ...)
+ TODO: check
+CVE-2024-48865 (An improper certificate validation vulnerability has been reported to ...)
+ TODO: check
+CVE-2024-48863 (A command injection vulnerability has been reported to affect License ...)
+ TODO: check
+CVE-2024-48859 (An improper authentication vulnerability has been reported to affect s ...)
+ TODO: check
+CVE-2024-48703 (PhpGurukul Medical Card Generation System v1.0 is vulnerable to Cross ...)
+ TODO: check
+CVE-2024-47791 (Ruijie Reyee OS versions 2.206.x up to but not including 2.320.x could ...)
+ TODO: check
+CVE-2024-47547 (Ruijie Reyee OS versions 2.206.x up to but not including 2.320.x conta ...)
+ TODO: check
+CVE-2024-47146 (Ruijie Reyee OS versions 2.206.x up to but not including 2.320.x could ...)
+ TODO: check
+CVE-2024-47043 (Ruijie Reyee OS versions 2.206.x up to but not including 2.320.x could ...)
+ TODO: check
+CVE-2024-46874 (Ruijie Reyee OS versions 2.206.x up to but not including 2.320.x could ...)
+ TODO: check
+CVE-2024-45722 (Ruijie Reyee OS versions 2.206.x up to but not including 2.320.x uses ...)
+ TODO: check
+CVE-2024-42494 (Ruijie Reyee OS versions 2.206.x up to but not including 2.320.x conta ...)
+ TODO: check
+CVE-2024-42196 (HCL Launch stores potentially sensitive information in log files that ...)
+ TODO: check
+CVE-2024-30129 (The HTTP host header can be manipulated and cause the application to b ...)
+ TODO: check
+CVE-2024-21571 (Snyk has identified a remote code execution (RCE) vulnerability in all ...)
+ TODO: check
+CVE-2024-12254 (Starting in Python 3.12.0, the asyncio._SelectorSocketTransport.writel ...)
+ TODO: check
+CVE-2024-12155 (The SV100 Companion plugin for WordPress is vulnerable to unauthorized ...)
+ TODO: check
+CVE-2024-12110 (The Gold Addons for Elementor plugin for WordPress is vulnerable to un ...)
+ TODO: check
+CVE-2024-12060 (The WP Media Optimizer (.webp) plugin for WordPress is vulnerable to R ...)
+ TODO: check
+CVE-2024-12028 (The Friends plugin for WordPress is vulnerable to unauthorized access ...)
+ TODO: check
+CVE-2024-12027 (The Message Filter for Contact Form 7 plugin for WordPress is vulnerab ...)
+ TODO: check
+CVE-2024-12003 (The WP System plugin for WordPress is vulnerable to Cross-Site Request ...)
+ TODO: check
+CVE-2024-11823 (The Folder Gallery plugin for WordPress is vulnerable to Stored Cross- ...)
+ TODO: check
+CVE-2024-11730 (The KiviCare \u2013 Clinic & Patient Management System (EHR) plugin fo ...)
+ TODO: check
+CVE-2024-11729 (The KiviCare \u2013 Clinic & Patient Management System (EHR) plugin fo ...)
+ TODO: check
+CVE-2024-11728 (The KiviCare \u2013 Clinic & Patient Management System (EHR) plugin fo ...)
+ TODO: check
+CVE-2024-11687 (The Next-Cart Store to WooCommerce Migration plugin for WordPress is v ...)
+ TODO: check
+CVE-2024-11460 (The Verowa Connect plugin for WordPress is vulnerable to SQL Injection ...)
+ TODO: check
+CVE-2024-11450 (The ONLYOFFICE Docs plugin for WordPress is vulnerable to Stored Cross ...)
+ TODO: check
+CVE-2024-11444 (The CLUEVO LMS, E-Learning Platform plugin for WordPress is vulnerable ...)
+ TODO: check
+CVE-2024-11368 (The Splash Sync plugin for WordPress is vulnerable to Reflected Cross- ...)
+ TODO: check
+CVE-2024-11352 (The TwentyTwenty plugin for WordPress is vulnerable to Stored Cross-Si ...)
+ TODO: check
+CVE-2024-11339 (The Smart PopUp Blaster plugin for WordPress is vulnerable to Stored C ...)
+ TODO: check
+CVE-2024-11336 (The Clickbank WordPress Plugin (Storefront) plugin for WordPress is vu ...)
+ TODO: check
+CVE-2024-11323 (The AI Quiz | Quiz Maker plugin for WordPress is vulnerable to unautho ...)
+ TODO: check
+CVE-2024-11321 (Improper Neutralization of Input During Web Page Generation (XSS or 'C ...)
+ TODO: check
+CVE-2024-11292 (The WP Private Content Plus plugin for WordPress is vulnerable to Sens ...)
+ TODO: check
+CVE-2024-11289 (The Soledad theme for WordPress is vulnerable to Local File Inclusion ...)
+ TODO: check
+CVE-2024-11276 (The PDF Builder for WooCommerce. Create invoices,packing slips and mor ...)
+ TODO: check
+CVE-2024-11220 (A local low-level user on the server machine with credentials to the r ...)
+ TODO: check
+CVE-2024-11204 (The ForumWP \u2013 Forum & Discussion Board plugin for WordPress is vu ...)
+ TODO: check
+CVE-2024-11022 (The authentication process to the web server uses a challenge response ...)
+ TODO: check
+CVE-2024-10909 (The The Pojo Forms plugin for WordPress is vulnerable to arbitrary sho ...)
+ TODO: check
+CVE-2024-10879 (The ForumWP \u2013 Forum & Discussion Board plugin for WordPress is vu ...)
+ TODO: check
+CVE-2024-10849 (The NewsMash theme for WordPress is vulnerable to Stored Cross-Site Sc ...)
+ TODO: check
+CVE-2024-10776 (Lua apps can be deployed, removed, started, reloaded or stopped withou ...)
+ TODO: check
+CVE-2024-10774 (Unauthenticated CROWN APIs allow access to critical functions. This le ...)
+ TODO: check
+CVE-2024-10773 (The product is vulnerable to pass-the-hash attacks in combination with ...)
+ TODO: check
+CVE-2024-10772 (Since the firmware update is not validated, an attacker can install mo ...)
+ TODO: check
+CVE-2024-10771 (Due to missing input validation during one step of the firmware update ...)
+ TODO: check
+CVE-2024-10692 (The PowerPack Elementor Addons (Free Widgets, Extensions and Templates ...)
+ TODO: check
+CVE-2024-10689 (The XLTab \u2013 Accordions and Tabs for Elementor Page Builder plugin ...)
+ TODO: check
+CVE-2024-10681 (The The ARMember \u2013 Membership Plugin, Content Restriction, Member ...)
+ TODO: check
+CVE-2024-10516 (The Swift Performance Lite plugin for WordPress is vulnerable to Local ...)
+ TODO: check
+CVE-2024-10320 (The Cookielay plugin for WordPress is vulnerable to Stored Cross-Site ...)
+ TODO: check
+CVE-2024-0139 (NVIDIA Base Command Manager and Bright Cluster Manager for Linux conta ...)
+ TODO: check
+CVE-2024-0130 (NVIDIA UFM Enterprise, UFM Appliance, and UFM CyberAI contain a vulner ...)
+ TODO: check
CVE-2024-XXXX [RUSTSEC-2024-0409]
- rust-pyo3 <not-affected> (Only affects 0.23.x)
NOTE: https://github.com/PyO3/pyo3/issues/4757
@@ -19,10 +277,10 @@ CVE-2024-XXXX [RUSTSEC-2024-0402]
- rust-hashbrown <not-affected> (Only affects 0.15.0)
NOTE: https://rustsec.org/advisories/RUSTSEC-2024-0402.html
NOTE: https://github.com/rust-lang/hashbrown/issues/576
-CVE-2024-53142 [initramfs: avoid filename buffer overrun]
+CVE-2024-53142 (In the Linux kernel, the following vulnerability has been resolved: i ...)
- linux <unfixed>
NOTE: https://git.kernel.org/linus/e017671f534dd3f568db9e47b0583e853d2da9b5 (6.13-rc1)
-CVE-2024-53141 [netfilter: ipset: add missing range check in bitmap_ip_uadt]
+CVE-2024-53141 (In the Linux kernel, the following vulnerability has been resolved: n ...)
- linux <unfixed>
NOTE: https://git.kernel.org/linus/35f56c554eb1b56b77b3cf197a6b00922d49033d (6.13-rc1)
CVE-2024-9769 (The Video Gallery \u2013 Best WordPress YouTube Gallery plugin for Wor ...)
@@ -401,11 +659,11 @@ CVE-2024-10576 (Infinix devices contain a pre-loaded "com.transsion.agingfunctio
NOT-FOR-US: Infinix devices
CVE-2024-10567 (The TI WooCommerce Wishlist plugin for WordPress is vulnerable to unau ...)
NOT-FOR-US: WordPress plugin
-CVE-2024-53908 [Potential SQL injection in HasKey(lhs, rhs) on Oracle]
+CVE-2024-53908 (An issue was discovered in Django 5.1 before 5.1.4, 5.0 before 5.0.10, ...)
- python-django 3:4.2.17-1
NOTE: https://www.djangoproject.com/weblog/2024/dec/04/security-releases/
NOTE: Fixed by: https://github.com/django/django/commit/7376bcbf508883282ffcc0f0fac5cf0ed2d6cbc5 (4.2.17)
-CVE-2024-53907 [Potential denial-of-service in django.utils.html.strip_tags()]
+CVE-2024-53907 (An issue was discovered in Django 5.1 before 5.1.4, 5.0 before 5.0.10, ...)
- python-django 3:4.2.17-1
NOTE: https://www.djangoproject.com/weblog/2024/dec/04/security-releases/
NOTE: Fixed by: https://github.com/django/django/commit/790eb058b0716c536a2f2e8d1c6d5079d776c22b (4.2.17)
@@ -655,6 +913,7 @@ CVE-2024-12082 (in OpenHarmony v4.0.0 and prior versions allow a local attacker
CVE-2024-12062 (The Charity Addon for Elementor plugin for WordPress is vulnerable to ...)
NOT-FOR-US: WordPress plugin
CVE-2024-12053 (Type Confusion in V8 in Google Chrome prior to 131.0.6778.108 allowed ...)
+ {DSA-5824-1}
- chromium 131.0.6778.108-1
[bullseye] - chromium <end-of-life> (see #1061268)
CVE-2024-11866 (The BMLT Tabbed Map plugin for WordPress is vulnerable to Stored Cross ...)
@@ -678,6 +937,7 @@ CVE-2023-7255
CVE-2024-45106 (Improper authentication of an HTTP endpoint in the S3 Gateway of Apach ...)
NOT-FOR-US: Apache Ozone
CVE-2024-48916 [Authentication bypass in CEPH RadosGW]
+ {DSA-5825-1}
- ceph 18.2.4+ds-11 (bug #1088993)
[bullseye] - ceph <not-affected> (Vulnerable code introduce later)
NOTE: https://bugzilla.redhat.com/show_bug.cgi?id=2329846
@@ -1668,7 +1928,7 @@ CVE-2024-10493 (The Element Pack Elementor Addons (Header Footer, Template Libra
NOT-FOR-US: WordPress plugin
CVE-2024-10473 (The Logo Slider WordPress plugin before 4.5.0 does not sanitise and e ...)
NOT-FOR-US: WordPress plugin
-CVE-2024-11738
+CVE-2024-11738 (A flaw was found in Rustls 0.23.13 and related APIs. This vulnerabilit ...)
- rust-rustls <not-affected> (Vulnerable code introduced later)
NOTE: https://rustsec.org/advisories/RUSTSEC-2024-0399.html
NOTE: https://github.com/rustls/rustls/issues/2227
@@ -1732,7 +1992,7 @@ CVE-2024-42328 (When the webdriver for the Browser object downloads data from a
- zabbix <unfixed> (bug #1088689)
[bullseye] - zabbix <not-affected> (Vulnerable code introduced later)
NOTE: https://support.zabbix.com/browse/ZBX-25624
- NOTE: webdriver introduced with version 7.0.0rc1 commit https://github.com/zabbix/zabbix/commit/4d22c15fe4499602e0da5399e3dd6dc9da03277b
+ NOTE: webdriver introduced with version 7.0.0rc1 commit https://github.com/zabbix/zabbix/commit/4d22c15fe4499602e0da5399e3dd6dc9da03277b
CVE-2024-42327 (A non-admin user account on the Zabbix frontend with the default User ...)
- zabbix 1:7.0.1+dfsg-1 (bug #1088689)
[bullseye] - zabbix <not-affected> (Vulnerable code introduced later)
@@ -14866,7 +15126,7 @@ CVE-2024-7755 (The EWON FLEXY 202 transmits credentials using a weak encoding me
NOT-FOR-US: EWON FLEXY
CVE-2024-6333 (Authenticated Remote Code Execution in Altalink, Versalink & WorkCentr ...)
NOT-FOR-US: Xerox
-CVE-2024-49580 (In JetBrains Ktor before 3.0.0 improper caching in HttpCache Plugin co ...)
+CVE-2024-49580 (In JetBrains Ktor before 2.3.13 improper caching in HttpCache Plugin c ...)
NOT-FOR-US: JetBrains Ktor
CVE-2024-49579 (In JetBrains YouTrack before 2024.3.47197 insecure plugin iframe allow ...)
NOT-FOR-US: JetBrains YouTrack
@@ -110513,7 +110773,7 @@ CVE-2023-2358 (Hitachi Vantara Pentaho Business Analytics Server prior to versio
CVE-2023-29497 (A privacy issue was addressed with improved handling of temporary file ...)
NOT-FOR-US: Apple
CVE-2023-43040 (IBM Spectrum Fusion HCI 2.5.2 through 2.7.2 could allow an attacker to ...)
- {DLA-3629-1}
+ {DSA-5825-1 DLA-3629-1}
- ceph 16.2.11+ds-5 (bug #1053690)
[bullseye] - ceph <no-dsa> (Minor issue)
NOTE: https://www.openwall.com/lists/oss-security/2023/09/26/10
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/98b6bbfc80740a893a4380d227058de82e9a5434
--
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/98b6bbfc80740a893a4380d227058de82e9a5434
You're receiving this email because of your account on salsa.debian.org.
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://alioth-lists.debian.net/pipermail/debian-security-tracker-commits/attachments/20241206/c8b799fb/attachment-0001.htm>
More information about the debian-security-tracker-commits
mailing list