[Git][security-tracker-team/security-tracker][master] automatic update
Salvatore Bonaccorso (@carnil)
carnil at debian.org
Thu Dec 12 20:12:32 GMT 2024
Salvatore Bonaccorso pushed to branch master at Debian Security Tracker / security-tracker
Commits:
d2885226 by security tracker role at 2024-12-12T20:12:26+00:00
automatic update
- - - - -
1 changed file:
- data/CVE/list
Changes:
=====================================
data/CVE/list
=====================================
@@ -1,4 +1,144 @@
-CVE-2024-55633
+CVE-2024-9387 (An issue was discovered in GitLab CE/EE affecting all versions from 11 ...)
+ TODO: check
+CVE-2024-9367 (An issue was discovered in GitLab CE/EE affecting all versions startin ...)
+ TODO: check
+CVE-2024-8647 (An issue was discovered in GitLab affecting all versions starting 15.2 ...)
+ TODO: check
+CVE-2024-8233 (An issue has been discovered in GitLab CE/EE affecting all versions fr ...)
+ TODO: check
+CVE-2024-8179 (An issue has been discovered in GitLab CE/EE affecting all versions fr ...)
+ TODO: check
+CVE-2024-55888 (Hush Line is an open-source whistleblower management system. Starting ...)
+ TODO: check
+CVE-2024-55886 (OpenSearch Data Prepper is a component of the OpenSearch project that ...)
+ TODO: check
+CVE-2024-55885 (beego is an open-source web framework for the Go programming language. ...)
+ TODO: check
+CVE-2024-55879 (XWiki Platform is a generic wiki platform. Starting in version 2.3 and ...)
+ TODO: check
+CVE-2024-55878 (SimpleXLSX is software for parsing and retrieving data from Excel XLSx ...)
+ TODO: check
+CVE-2024-55877 (XWiki Platform is a generic wiki platform. Starting in version 9.7-rc- ...)
+ TODO: check
+CVE-2024-55876 (XWiki Platform is a generic wiki platform. Starting in version 1.2-mil ...)
+ TODO: check
+CVE-2024-55875 (http4k is a functional toolkit for Kotlin HTTP applications. Prior to ...)
+ TODO: check
+CVE-2024-55663 (XWiki Platform is a generic wiki platform. Starting in version 11.10.6 ...)
+ TODO: check
+CVE-2024-55662 (XWiki Platform is a generic wiki platform. Starting in version 3.3-mil ...)
+ TODO: check
+CVE-2024-55099 (A SQL Injection vulnerability was found in /admin/index.php in phpguru ...)
+ TODO: check
+CVE-2024-54842 (A SQL injection vulnerability was found in phpgurukul Online Nurse Hir ...)
+ TODO: check
+CVE-2024-54811 (A SQL injection vulnerability in /index.php in PHPGurukul Park Ticketi ...)
+ TODO: check
+CVE-2024-54810 (A SQL Injection vulnerability was found in /preschool/admin/password-r ...)
+ TODO: check
+CVE-2024-54122 (Concurrent variable access vulnerability in the ability module Impact: ...)
+ TODO: check
+CVE-2024-54119 (Cross-process screen stack vulnerability in the UIExtension module Imp ...)
+ TODO: check
+CVE-2024-54118 (Cross-process screen stack vulnerability in the UIExtension module Imp ...)
+ TODO: check
+CVE-2024-54117 (Cross-process screen stack vulnerability in the UIExtension module Imp ...)
+ TODO: check
+CVE-2024-54116 (Out-of-bounds read vulnerability in the M3U8 module Impact: Successful ...)
+ TODO: check
+CVE-2024-54115 (Out-of-bounds read vulnerability in the DASH module Impact: Successful ...)
+ TODO: check
+CVE-2024-54114 (Out-of-bounds access vulnerability in playback in the DASH module Impa ...)
+ TODO: check
+CVE-2024-54113 (Process residence vulnerability in abnormal scenarios in the print mod ...)
+ TODO: check
+CVE-2024-54112 (Cross-process screen stack vulnerability in the UIExtension module Imp ...)
+ TODO: check
+CVE-2024-54111 (Read/Write vulnerability in the image decoding module Impact: Successf ...)
+ TODO: check
+CVE-2024-54110 (Cross-process screen stack vulnerability in the UIExtension module Imp ...)
+ TODO: check
+CVE-2024-54109 (Read/Write vulnerability in the image decoding module Impact: Successf ...)
+ TODO: check
+CVE-2024-54108 (Read/Write vulnerability in the image decoding module Impact: Successf ...)
+ TODO: check
+CVE-2024-54107 (Read/Write vulnerability in the image decoding module Impact: Successf ...)
+ TODO: check
+CVE-2024-54106 (Null pointer dereference vulnerability in the image decoding module Im ...)
+ TODO: check
+CVE-2024-54105 (Read/Write vulnerability in the image decoding module Impact: Successf ...)
+ TODO: check
+CVE-2024-54104 (Cross-process screen stack vulnerability in the UIExtension module Imp ...)
+ TODO: check
+CVE-2024-54103 (Vulnerability of improper access control in the album module Impact: S ...)
+ TODO: check
+CVE-2024-54102 (Race condition vulnerability in the DDR module Impact: Successful expl ...)
+ TODO: check
+CVE-2024-54101 (Denial of service (DoS) vulnerability in the installation module Impac ...)
+ TODO: check
+CVE-2024-54100 (Vulnerability of improper access control in the secure input module Im ...)
+ TODO: check
+CVE-2024-54099 (File replacement vulnerability on some devices Impact: Successful expl ...)
+ TODO: check
+CVE-2024-54098 (Service logic error vulnerability in the system service module Impact: ...)
+ TODO: check
+CVE-2024-54097 (Security vulnerability in the HiView module Impact: Successful exploit ...)
+ TODO: check
+CVE-2024-54096 (Vulnerability of improper access control in the MTP module Impact: Suc ...)
+ TODO: check
+CVE-2024-52901 (IBM InfoSphere Information Server 11.7 could allow an authenticated us ...)
+ TODO: check
+CVE-2024-50584 (An authenticated attacker with the user/role "Poweruser" can perform a ...)
+ TODO: check
+CVE-2024-4109 (A flaw was found in Undertow. An HTTP request header value from a prev ...)
+ TODO: check
+CVE-2024-49147 (Deserialization of untrusted data in Microsoft Update Catalog allows a ...)
+ TODO: check
+CVE-2024-49071 (Improper authorization of an index that contains sensitive information ...)
+ TODO: check
+CVE-2024-47947 (Due to missing input sanitization, an attacker can perform cross-site- ...)
+ TODO: check
+CVE-2024-47238 (Dell Client Platform BIOS contains an Improper Input Validation vulner ...)
+ TODO: check
+CVE-2024-36498 (Due to missing input sanitization, an attacker can perform cross-site- ...)
+ TODO: check
+CVE-2024-36494 (Due to missing input sanitization, an attacker can perform cross-site- ...)
+ TODO: check
+CVE-2024-31670 (rizin before v0.6.3 is vulnerable to Buffer Overflow via create_cache_ ...)
+ TODO: check
+CVE-2024-28146 (The application uses several hard-coded credentialsto encrypt config f ...)
+ TODO: check
+CVE-2024-28145 (An unauthenticated attacker can perform an SQL injection by accessing ...)
+ TODO: check
+CVE-2024-28144 (An attacker who can spoof the IP address and the User-Agent of a logge ...)
+ TODO: check
+CVE-2024-28143 (The password change function at /cgi/admin.cgi does not require the cu ...)
+ TODO: check
+CVE-2024-28142 (Due to missing input sanitization, an attacker can perform cross-site- ...)
+ TODO: check
+CVE-2024-21575 (ComfyUI-Impact-Pack is vulnerable to Path Traversal. The issue stems f ...)
+ TODO: check
+CVE-2024-21574 (The issue stems from a missing validation of the pip field in a POST r ...)
+ TODO: check
+CVE-2024-12570 (An issue has been discovered in GitLab CE/EE affecting all versions st ...)
+ TODO: check
+CVE-2024-12401 (A flaw was found in the cert-manager package. This flaw allows an atta ...)
+ TODO: check
+CVE-2024-12333 (The Woodmart theme for WordPress is vulnerable to arbitrary shortcode ...)
+ TODO: check
+CVE-2024-12292 (An issue was discovered in GitLab CE/EE affecting all versions startin ...)
+ TODO: check
+CVE-2024-12271 (The 360 Javascript Viewer plugin for WordPress is vulnerable to Stored ...)
+ TODO: check
+CVE-2024-12160 (The Seraphinite Bulk Discounts for WooCommerce plugin for WordPress is ...)
+ TODO: check
+CVE-2024-11760 (The Currency Converter Widget \u26a1 PRO plugin for WordPress is vulne ...)
+ TODO: check
+CVE-2024-11274 (An issue was discovered in GitLab CE/EE affecting all versions startin ...)
+ TODO: check
+CVE-2024-10043 (An issue has been discovered in GitLab EE affecting all versions start ...)
+ TODO: check
+CVE-2024-55633 (Improper Authorization vulnerability in Apache Superset. On Postgres a ...)
NOT-FOR-US: Apache Superset
CVE-2024-9881 (The LearnPress WordPress plugin before 4.2.7.2 does not sanitise and ...)
NOT-FOR-US: WordPress plugin
@@ -612,9 +752,11 @@ CVE-2024-10511 (CWE-287: Improper Authentication vulnerability exists that could
CVE-2024-10251 (Under specific circumstances, insecure permissions in Ivanti Security ...)
NOT-FOR-US: Ivanti
CVE-2024-12382 (Use after free in Translate in Google Chrome prior to 131.0.6778.139 a ...)
+ {DSA-5829-1}
- chromium 131.0.6778.139-1
[bullseye] - chromium <end-of-life> (see #1061268)
CVE-2024-12381 (Type Confusion in V8 in Google Chrome prior to 131.0.6778.139 allowed ...)
+ {DSA-5829-1}
- chromium 131.0.6778.139-1
[bullseye] - chromium <end-of-life> (see #1061268)
CVE-2024-55655 (sigstore-python is a Python tool for generating and verifying Sigstore ...)
@@ -953,7 +1095,7 @@ CVE-2024-11053 (When asked to both use a `.netrc` file for credentials and to fo
NOTE: https://curl.se/docs/CVE-2024-11053.html
NOTE: Introduced by: https://github.com/curl/curl/commit/ae1912cb0d494b48d514d937826c9fe83ec96c4d (curl-6_5)
NOTE: Fixed by: https://github.com/curl/curl/commit/e9b9bbac22c26cf67316fa8e6c6b9e831af31949 (curl-8_11_1)
-CVE-2024-12397
+CVE-2024-12397 (A flaw was found in Quarkus-HTTP, which incorrectly parses cookies wit ...)
NOT-FOR-US: Quarkus
CVE-2024-9844 (Insufficient server-side controls in Secure Application Manager of Iva ...)
NOT-FOR-US: Ivanti
@@ -10887,7 +11029,8 @@ CVE-2024-10927 (A vulnerability was found in MonoCMS up to 20240528. It has been
NOT-FOR-US: MonoCMS
CVE-2024-10926 (A vulnerability was found in IBPhoenix ibWebAdmin up to 1.0.2 and clas ...)
NOT-FOR-US: IBPhoenix ibWebAdmin
-CVE-2024-10922 (The Featured Posts Scroll plugin for WordPress is vulnerable to Cross- ...)
+CVE-2024-10922
+ REJECTED
NOT-FOR-US: WordPress plugin
CVE-2024-10027 (The WP Booking Calendar WordPress plugin before 10.6.3 does not saniti ...)
NOT-FOR-US: WordPress plugin
@@ -18939,7 +19082,7 @@ CVE-2024-45121 (Adobe Commerce versions 2.4.7-p2, 2.4.6-p7, 2.4.5-p9, 2.4.4-p10
NOT-FOR-US: Adobe
CVE-2024-45120 (Adobe Commerce versions 2.4.7-p2, 2.4.6-p7, 2.4.5-p9, 2.4.4-p10 and ea ...)
NOT-FOR-US: Adobe
-CVE-2024-45119 (Adobe Commerce versions 2.4.7-p2, 2.4.6-p7, 2.4.5-p9, 2.4.4-p10 and ea ...)
+CVE-2024-45119 (Adobe Commerce versions 2.4.7-p2, 2.4.6-p7, 2.4.5-p9, 2.4.4-p10 (and e ...)
NOT-FOR-US: Adobe
CVE-2024-45118 (Adobe Commerce versions 2.4.7-p2, 2.4.6-p7, 2.4.5-p9, 2.4.4-p10 and ea ...)
NOT-FOR-US: Adobe
@@ -24901,6 +25044,7 @@ CVE-2024-45824 (CVE-2024-45824 IMPACT A remote code vulnerability exists in t
CVE-2024-45823 (CVE-2024-45823 IMPACT An authentication bypass vulnerability exists ...)
NOT-FOR-US: Rockwell Automation
CVE-2024-45624 (Exposure of sensitive information due to incompatible policies issue e ...)
+ {DLA-3993-1}
- pgpool2 4.5.4-1 (bug #1081659)
NOTE: https://www.pgpool.net/mediawiki/index.php/Main_Page#Pgpool-II_4.5.4.2C_4.4.9.2C_4.3.12.2C_4.2.19_and_4.1.22_officially_released_.282024.2F09.2F09.29
NOTE: https://github.com/pgpool/pgpool2/commit/6b7d585eb1c693e4ffb5b8e6ed9aa0f067fa1b89 (master)
@@ -51294,7 +51438,7 @@ CVE-2024-35240 (Umbraco Commerce is an open source dotnet ecommerce solution. In
CVE-2024-35239 (Umbraco Commerce is an open source dotnet web forms solution. In affec ...)
NOT-FOR-US: Umbraco Commerce
CVE-2024-35226 (Smarty is a template engine for PHP, facilitating the separation of pr ...)
- {DSA-5826-1 DLA-3956-1}
+ {DSA-5830-1 DSA-5826-1 DLA-3956-1}
- smarty3 3.1.48-2 (bug #1072530)
- smarty4 4.5.4-1 (bug #1072529)
NOTE: https://github.com/smarty-php/smarty/security/advisories/GHSA-4rmg-292m-wg3w
@@ -159279,6 +159423,7 @@ CVE-2023-22335 (Improper access control vulnerability in SS1 Ver.13.0.0.40 and e
CVE-2023-22333 (Cross-site scripting vulnerability in EasyMail 2.00.130 and earlier al ...)
NOT-FOR-US: EasyMail
CVE-2023-22332 (Information disclosure vulnerability exists in Pgpool-II 4.4.0 to 4.4. ...)
+ {DLA-3993-1}
- pgpool2 4.3.5-1 (bug #1030048)
[buster] - pgpool2 <postponed> (Minor issue, restricted system account password hash leak to authentified users)
NOTE: https://www.pgpool.net/mediawiki/index.php/Main_Page#News
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/d2885226ea1898db334bb428c2355a5936b2da5a
--
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/d2885226ea1898db334bb428c2355a5936b2da5a
You're receiving this email because of your account on salsa.debian.org.
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://alioth-lists.debian.net/pipermail/debian-security-tracker-commits/attachments/20241212/5c39a8ac/attachment.htm>
More information about the debian-security-tracker-commits
mailing list