[Git][security-tracker-team/security-tracker][master] automatic update

[Salvatore Bonaccorso (@carnil)]

Salvatore Bonaccorso pushed to branch master at Debian Security Tracker / security-tracker


Commits:
52ea3b0c by security tracker role at 2024-12-09T08:12:15+00:00
automatic update

- - - - -


1 changed file:

- data/CVE/list


Changes:

=====================================
data/CVE/list
=====================================
@@ -1,3 +1,67 @@
+CVE-2024-9651 (The Fluent Forms  WordPress plugin before 5.2.1 does not sanitise and  ...)
+	TODO: check
+CVE-2024-55582 (Oxide before 6 has unencrypted Control Plane datastores.)
+	TODO: check
+CVE-2024-55580 (An issue was discovered in Qlik Sense Enterprise for Windows before No ...)
+	TODO: check
+CVE-2024-55579 (An issue was discovered in Qlik Sense Enterprise for Windows before No ...)
+	TODO: check
+CVE-2024-55578 (Zammad before 6.4.1 places sensitive data (such as auth_microsoft_offi ...)
+	TODO: check
+CVE-2024-55566 (ColPack 1.0.10 through 9a7293a has a predictable temporary file (locat ...)
+	TODO: check
+CVE-2024-55565 (nanoid (aka Nano ID) before 5.0.9 mishandles non-integer values. 3.3.8 ...)
+	TODO: check
+CVE-2024-55564 (The POSIX::2008 package before 0.24 for Perl has a potential _execve50 ...)
+	TODO: check
+CVE-2024-55563 (Bitcoin Core through 27.2 allows transaction-relay jamming via an off- ...)
+	TODO: check
+CVE-2024-55560 (MailCleaner before 28d913e has default values of ssh_host_dsa_key, ssh ...)
+	TODO: check
+CVE-2024-53285 (Improper neutralization of input during web page generation ('Cross-si ...)
+	TODO: check
+CVE-2024-53284 (Improper neutralization of input during web page generation ('Cross-si ...)
+	TODO: check
+CVE-2024-53283 (Improper neutralization of input during web page generation ('Cross-si ...)
+	TODO: check
+CVE-2024-53282 (Improper neutralization of input during web page generation ('Cross-si ...)
+	TODO: check
+CVE-2024-53281 (Improper neutralization of input during web page generation ('Cross-si ...)
+	TODO: check
+CVE-2024-53280 (Improper neutralization of input during web page generation ('Cross-si ...)
+	TODO: check
+CVE-2024-53279 (Improper neutralization of input during web page generation ('Cross-si ...)
+	TODO: check
+CVE-2024-12360 (A vulnerability was found in code-projects Online Class and Exam Sched ...)
+	TODO: check
+CVE-2024-12359 (A vulnerability was found in code-projects Admin Dashboard 1.0. It has ...)
+	TODO: check
+CVE-2024-12358 (A vulnerability was found in WeiYe-Jing datax-web 2.1.1. It has been c ...)
+	TODO: check
+CVE-2024-12357 (A vulnerability was found in SourceCodester Best House Rental Manageme ...)
+	TODO: check
+CVE-2024-12355 (A vulnerability has been found in SourceCodester Phone Contact Manager ...)
+	TODO: check
+CVE-2024-12354 (A vulnerability, which was classified as critical, was found in Source ...)
+	TODO: check
+CVE-2024-12353 (A vulnerability, which was classified as problematic, has been found i ...)
+	TODO: check
+CVE-2024-12352 (A vulnerability classified as problematic was found in TOTOLINK EX1800 ...)
+	TODO: check
+CVE-2024-12351 (A vulnerability classified as critical has been found in JFinalCMS 1.0 ...)
+	TODO: check
+CVE-2024-12350 (A vulnerability was found in JFinalCMS 1.0. It has been rated as criti ...)
+	TODO: check
+CVE-2024-12349 (A vulnerability was found in JFinalCMS 1.0. It has been declared as pr ...)
+	TODO: check
+CVE-2024-12348 (A vulnerability was found in Guizhou Xiaoma Technology jpress 5.1.2. I ...)
+	TODO: check
+CVE-2024-12347 (A vulnerability was found in Guangzhou Huayi Intelligent Technology Je ...)
+	TODO: check
+CVE-2024-12346 (A vulnerability has been found in Talentera up to 20241128 and classif ...)
+	TODO: check
+CVE-2024-12344 (A vulnerability, which was classified as critical, was found in TP-Lin ...)
+	TODO: check
 CVE-2024-12343 (A vulnerability classified as critical has been found in TP-Link VN020 ...)
 	NOT-FOR-US: TP-Link
 CVE-2024-53473 (WeGIA 3.2.0 before 3998672 does not verify permission to change a pass ...)
@@ -59023,6 +59087,7 @@ CVE-2024-34069 (Werkzeug is a comprehensive WSGI web application library. The de
 	NOTE: Fixed by: https://github.com/pallets/werkzeug/commit/71b69dfb7df3d912e66bab87fbb1f21f83504967 (3.0.3)
 	NOTE: Fixed by: https://github.com/pallets/werkzeug/commit/890b6b62634fa61224222aee31081c61b054ff01 (3.0.3)
 CVE-2024-34064 (Jinja is an extensible templating engine. The `xmlattr` filter in affe ...)
+	{DLA-3988-1}
 	- jinja2 <unfixed> (bug #1070712)
 	[bookworm] - jinja2 <no-dsa> (Minor issue)
 	[buster] - jinja2 <postponed> (Minor issue)
@@ -91381,7 +91446,7 @@ CVE-2023-4246 (The GiveWP plugin for WordPress is vulnerable to Cross-Site Reque
 CVE-2022-4958 (A vulnerability classified as problematic has been found in qkmc-rk re ...)
 	NOT-FOR-US: qkmc-rk redbbs
 CVE-2024-22195 (Jinja is an extensible templating engine. Special placeholders in the  ...)
-	{DLA-3715-1}
+	{DLA-3988-1 DLA-3715-1}
 	- jinja2 3.1.3-1 (bug #1060748)
 	[bookworm] - jinja2 <no-dsa> (Minor issue)
 	NOTE: https://github.com/pallets/jinja/security/advisories/GHSA-h5c8-rqwp-cp95
@@ -125033,7 +125098,7 @@ CVE-2023-34335 (AMI BMC contains a vulnerability in the IPMI handler, where an u
 CVE-2023-34334 (AMI BMC contains a vulnerability in the SPX REST API, where an attacke ...)
 	NOT-FOR-US: AMI BMC
 CVE-2023-34246 (Doorkeeper is an OAuth 2 provider for Ruby on Rails / Grape. Prior to  ...)
-	{DLA-3494-1}
+	{DLA-3989-1 DLA-3494-1}
 	[experimental] - ruby-doorkeeper 5.6.6-1
 	- ruby-doorkeeper 5.6.6-2 (bug #1038950)
 	[bookworm] - ruby-doorkeeper <no-dsa> (Minor issue)



View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/52ea3b0cd8939c75d1678a21f7b3ad7b21273bef

-- 
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/52ea3b0cd8939c75d1678a21f7b3ad7b21273bef
You're receiving this email because of your account on salsa.debian.org.


-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://alioth-lists.debian.net/pipermail/debian-security-tracker-commits/attachments/20241209/63ae2aa7/attachment.htm>