[Git][security-tracker-team/security-tracker][master] automatic update
Salvatore Bonaccorso (@carnil)
carnil at debian.org
Wed Dec 11 20:22:33 GMT 2024
Salvatore Bonaccorso pushed to branch master at Debian Security Tracker / security-tracker
Commits:
6b61fa05 by security tracker role at 2024-12-11T20:12:46+00:00
automatic update
- - - - -
1 changed file:
- data/CVE/list
Changes:
=====================================
data/CVE/list
=====================================
@@ -1,7 +1,143 @@
-CVE-2024-12382
+CVE-2024-9845 (Under specific circumstances, insecure permissions in Ivanti Automatio ...)
+ TODO: check
+CVE-2024-8496 (Under specific circumstances, insecure permissions in Ivanti Workspace ...)
+ TODO: check
+CVE-2024-55587 (python-libarchive through 4.2.1 allows directory traversal (to create ...)
+ TODO: check
+CVE-2024-54269 (Missing Authorization vulnerability in Ninja Team Notibar allows Explo ...)
+ TODO: check
+CVE-2024-53677 (File upload logic is flawed vulnerability in Apache Struts. This issu ...)
+ TODO: check
+CVE-2024-51460 (IBM InfoSphere Information Server 11.7 could allow an authenticated us ...)
+ TODO: check
+CVE-2024-50585 (Users who click on a malicious link or visit a website under the contr ...)
+ TODO: check
+CVE-2024-50339 (GLPI is a free asset and IT management software package. Starting in v ...)
+ TODO: check
+CVE-2024-48912 (GLPI is a free asset and IT management software package. Starting in v ...)
+ TODO: check
+CVE-2024-47835 (GStreamer is a library for constructing graphs of media-handling compo ...)
+ TODO: check
+CVE-2024-47834 (GStreamer is a library for constructing graphs of media-handling compo ...)
+ TODO: check
+CVE-2024-47778 (GStreamer is a library for constructing graphs of media-handling compo ...)
+ TODO: check
+CVE-2024-47777 (GStreamer is a library for constructing graphs of media-handling compo ...)
+ TODO: check
+CVE-2024-47776 (GStreamer is a library for constructing graphs of media-handling compo ...)
+ TODO: check
+CVE-2024-47775 (GStreamer is a library for constructing graphs of media-handling compo ...)
+ TODO: check
+CVE-2024-47774 (GStreamer is a library for constructing graphs of media-handling compo ...)
+ TODO: check
+CVE-2024-47761 (GLPI is a free asset and IT management software package. Starting in v ...)
+ TODO: check
+CVE-2024-47760 (GLPI is a free asset and IT management software package. Starting in v ...)
+ TODO: check
+CVE-2024-47758 (GLPI is a free asset and IT management software package. Starting in v ...)
+ TODO: check
+CVE-2024-47615 (GStreamer is a library for constructing graphs of media-handling compo ...)
+ TODO: check
+CVE-2024-47613 (GStreamer is a library for constructing graphs of media-handling compo ...)
+ TODO: check
+CVE-2024-47607 (GStreamer is a library for constructing graphs of media-handling compo ...)
+ TODO: check
+CVE-2024-47606 (GStreamer is a library for constructing graphs of media-handling compo ...)
+ TODO: check
+CVE-2024-47603 (GStreamer is a library for constructing graphs of media-handling compo ...)
+ TODO: check
+CVE-2024-47602 (GStreamer is a library for constructing graphs of media-handling compo ...)
+ TODO: check
+CVE-2024-47601 (GStreamer is a library for constructing graphs of media-handling compo ...)
+ TODO: check
+CVE-2024-47600 (GStreamer is a library for constructing graphs of media-handling compo ...)
+ TODO: check
+CVE-2024-47599 (GStreamer is a library for constructing graphs of media-handling compo ...)
+ TODO: check
+CVE-2024-47598 (GStreamer is a library for constructing graphs of media-handling compo ...)
+ TODO: check
+CVE-2024-47597 (GStreamer is a library for constructing graphs of media-handling compo ...)
+ TODO: check
+CVE-2024-47596 (GStreamer is a library for constructing graphs of media-handling compo ...)
+ TODO: check
+CVE-2024-47546 (GStreamer is a library for constructing graphs of media-handling compo ...)
+ TODO: check
+CVE-2024-47545 (GStreamer is a library for constructing graphs of media-handling compo ...)
+ TODO: check
+CVE-2024-47544 (GStreamer is a library for constructing graphs of media-handling compo ...)
+ TODO: check
+CVE-2024-47543 (GStreamer is a library for constructing graphs of media-handling compo ...)
+ TODO: check
+CVE-2024-47542 (GStreamer is a library for constructing graphs of media-handling compo ...)
+ TODO: check
+CVE-2024-47541 (GStreamer is a library for constructing graphs of media-handling compo ...)
+ TODO: check
+CVE-2024-47540 (GStreamer is a library for constructing graphs of media-handling compo ...)
+ TODO: check
+CVE-2024-47539 (GStreamer is a library for constructing graphs of media-handling compo ...)
+ TODO: check
+CVE-2024-47538 (GStreamer is a library for constructing graphs of media-handling compo ...)
+ TODO: check
+CVE-2024-47537 (GStreamer is a library for constructing graphs of media-handling compo ...)
+ TODO: check
+CVE-2024-45337 (Applications and libraries which misuse the ServerConfig.PublicKeyCall ...)
+ TODO: check
+CVE-2024-42448 (From the VSPC management agent machine, under condition that the manag ...)
+ TODO: check
+CVE-2024-37401 (An out-of-bounds read in IPsec of Ivanti Connect Secure before version ...)
+ TODO: check
+CVE-2024-37377 (A heap-based buffer overflow in IPsec of Ivanti Connect Secure before ...)
+ TODO: check
+CVE-2024-28141 (The web application is not protected against cross-site request forger ...)
+ TODO: check
+CVE-2024-28140 (The scanner device boots into a kiosk mode by default and opens the Sc ...)
+ TODO: check
+CVE-2024-28139 (The www-data user can elevate its privileges because sudo is configure ...)
+ TODO: check
+CVE-2024-12484 (A vulnerability classified as critical was found in Codezips Technical ...)
+ TODO: check
+CVE-2024-12483 (A vulnerability classified as problematic has been found in Dromara UJ ...)
+ TODO: check
+CVE-2024-12482 (A vulnerability was found in cjbi wetech-cms 1.0/1.1/1.2. It has been ...)
+ TODO: check
+CVE-2024-12481 (A vulnerability was found in cjbi wetech-cms 1.0/1.1/1.2. It has been ...)
+ TODO: check
+CVE-2024-12480 (A vulnerability was found in cjbi wetech-cms 1.0/1.1/1.2. It has been ...)
+ TODO: check
+CVE-2024-12479 (A vulnerability was found in cjbi wetech-cms 1.0/1.1/1.2 and classifie ...)
+ TODO: check
+CVE-2024-12363 (Insufficient permissions in the TeamViewer Patch & Asset Management co ...)
+ TODO: check
+CVE-2024-12325 (The Waymark plugin for WordPress is vulnerable to Reflected Cross-Site ...)
+ TODO: check
+CVE-2024-12294 (The Last Viewed Posts by WPBeginner plugin for WordPress is vulnerable ...)
+ TODO: check
+CVE-2024-12283 (The WP Pipes plugin for WordPress is vulnerable to Reflected Cross-Sit ...)
+ TODO: check
+CVE-2024-12004 (The WPC Order Notes for WooCommerce plugin for WordPress is vulnerable ...)
+ TODO: check
+CVE-2024-11840 (The RapidLoad \u2013 Optimize Web Vitals Automatically plugin for Word ...)
+ TODO: check
+CVE-2024-11737 (CWE-20: Improper Input Validation vulnerability exists that could lead ...)
+ TODO: check
+CVE-2024-11598 (Under specific circumstances, insecure permissions in Ivanti Applicati ...)
+ TODO: check
+CVE-2024-11597 (Under specific circumstances, insecure permissions in Ivanti Performan ...)
+ TODO: check
+CVE-2024-11401 (Rapid7 Insight Platform versions prior to November 13th 2024, suffer f ...)
+ TODO: check
+CVE-2024-11351 (The Restrict \u2013 membership, site, content and user access restrict ...)
+ TODO: check
+CVE-2024-11008 (The Members \u2013 Membership & User Role Editor Plugin plugin for Wor ...)
+ TODO: check
+CVE-2024-10511 (CWE-287: Improper Authentication vulnerability exists that could cause ...)
+ TODO: check
+CVE-2024-10251 (Under specific circumstances, insecure permissions in Ivanti Security ...)
+ TODO: check
+CVE-2024-12382 (Use after free in Translate in Google Chrome prior to 131.0.6778.139 a ...)
- chromium <unfixed>
[bullseye] - chromium <end-of-life> (see #1061268)
-CVE-2024-12381
+CVE-2024-12381 (Type Confusion in V8 in Google Chrome prior to 131.0.6778.139 allowed ...)
- chromium <unfixed>
[bullseye] - chromium <end-of-life> (see #1061268)
CVE-2024-55655 (sigstore-python is a Python tool for generating and verifying Sigstore ...)
@@ -6155,6 +6291,7 @@ CVE-2024-52340 (Improper Neutralization of Input During Web Page Generation (XSS
CVE-2024-52339 (Improper Neutralization of Input During Web Page Generation (XSS or 'C ...)
NOT-FOR-US: WordPress plugin
CVE-2024-52304 (aiohttp is an asynchronous HTTP client/server framework for asyncio an ...)
+ {DSA-5828-1}
- python-aiohttp <unfixed> (bug #1088109)
NOTE: https://github.com/aio-libs/aiohttp/security/advisories/GHSA-8495-4g3g-x7pr
NOTE: https://github.com/aio-libs/aiohttp/commit/259edc369075de63e6f3a4eaade058c62af0df71 (v3.10.11)
@@ -62637,6 +62774,7 @@ CVE-2024-4140 (An excessive memory use issue (CWE-770) exists in Email-MIME, bef
CVE-2024-4029 (A vulnerability was found in Wildfly\u2019s management interface. Due ...)
- wildfly <itp> (bug #752018)
CVE-2024-30251 (aiohttp is an asynchronous HTTP client/server framework for asyncio an ...)
+ {DSA-5828-1}
- python-aiohttp 3.9.5-1 (bug #1070364)
[buster] - python-aiohttp <postponed> (Minor issue)
NOTE: https://www.openwall.com/lists/oss-security/2024/05/02/4
@@ -88958,6 +89096,7 @@ CVE-2024-23829 (aiohttp is an asynchronous HTTP client/server framework for asyn
NOTE: https://github.com/aio-libs/aiohttp/commit/33ccdfb0a12690af5bb49bda2319ec0907fa7827 (master)
NOTE: https://github.com/aio-libs/aiohttp/commit/d33bc21414e283c9e6fe7f6caf69e2ed60d66c82 (v3.9.2)
CVE-2024-23334 (aiohttp is an asynchronous HTTP client/server framework for asyncio an ...)
+ {DSA-5828-1}
- python-aiohttp 3.9.5-1 (bug #1062709)
[bullseye] - python-aiohttp <no-dsa> (Minor issue)
[buster] - python-aiohttp <no-dsa> (Minor issue)
@@ -100979,6 +101118,7 @@ CVE-2023-49094 (Symbolicator is a symbolication service for native stacktraces a
CVE-2023-49087 (xml-security is a library that implements XML signatures and encryptio ...)
NOT-FOR-US: xml-security (SimpleSAMLphp library for XML Security)
CVE-2023-49082 (aiohttp is an asynchronous HTTP client/server framework for asyncio an ...)
+ {DSA-5828-1}
- python-aiohttp 3.9.1-1 (bug #1057164)
[bullseye] - python-aiohttp <no-dsa> (Minor issue)
[buster] - python-aiohttp <postponed> (Minor issue, limited request smuggling)
@@ -100986,6 +101126,7 @@ CVE-2023-49082 (aiohttp is an asynchronous HTTP client/server framework for asyn
NOTE: https://github.com/aio-libs/aiohttp/commit/493f06797654c383242f0e8007f6e06b818a1fbc (master)
NOTE: https://github.com/aio-libs/aiohttp/commit/4075c653fb67a29740bf9ac050bb02d10a57343a (v3.9.0b1)
CVE-2023-49081 (aiohttp is an asynchronous HTTP client/server framework for asyncio an ...)
+ {DSA-5828-1}
- python-aiohttp 3.9.1-1 (bug #1057163)
[bullseye] - python-aiohttp <no-dsa> (Minor issue)
[buster] - python-aiohttp <postponed> (Minor issue, limited request smuggling)
@@ -103008,6 +103149,7 @@ CVE-2023-47631 (vantage6 is a framework to manage and deploy privacy enhancing t
CVE-2023-47630 (Kyverno is a policy engine designed for Kubernetes. An issue was found ...)
NOT-FOR-US: Kyverno
CVE-2023-47627 (aiohttp is an asynchronous HTTP client/server framework for asyncio an ...)
+ {DSA-5828-1}
- python-aiohttp 3.8.6-1
[bullseye] - python-aiohttp <no-dsa> (Minor issue)
[buster] - python-aiohttp <no-dsa> (Minor issue)
@@ -154271,8 +154413,8 @@ CVE-2023-23474 (IBM Cognos Controller 10.4.1, 10.4.2, and 11.0.0 could allow a r
NOT-FOR-US: IBM
CVE-2023-23473 (IBM InfoSphere Information Server 11.7 is vulnerable to cross-site req ...)
NOT-FOR-US: IBM
-CVE-2023-23472
- RESERVED
+CVE-2023-23472 (IBM InfoSphere DataStage Flow Designer (InfoSphere Information Server ...)
+ TODO: check
CVE-2023-23471
RESERVED
CVE-2023-23470 (IBM i 7.2, 7.3, 7.4, and 7.5 could allow an authenticated privileged a ...)
@@ -154307,6 +154449,7 @@ CVE-2023-23457 (A Segmentation fault was found in UPX in PackLinuxElf64::invert_
NOTE: https://github.com/upx/upx/commit/779b648c5f6aa9b33f4728f79dd4d0efec0bf860 (v4.0.2)
NOTE: https://github.com/upx/upx/issues/631
CVE-2023-23456 (A heap-based buffer overflow issue was discovered in UPX in PackTmt::p ...)
+ {DLA-3991-1}
- upx-ucl 4.2.2-1 (bug #1033258)
[buster] - upx-ucl <no-dsa> (Minor issue)
NOTE: https://bugzilla.redhat.com/show_bug.cgi?id=2160381
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/6b61fa05ec55d70ca962d897eef920f03990d4fd
--
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/6b61fa05ec55d70ca962d897eef920f03990d4fd
You're receiving this email because of your account on salsa.debian.org.
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://alioth-lists.debian.net/pipermail/debian-security-tracker-commits/attachments/20241211/e728b9b4/attachment-0001.htm>
More information about the debian-security-tracker-commits
mailing list