[Git][security-tracker-team/security-tracker][master] automatic update

Salvatore Bonaccorso (@carnil) carnil at debian.org
Thu Dec 12 20:12:32 GMT 2024



Salvatore Bonaccorso pushed to branch master at Debian Security Tracker / security-tracker


Commits:
d2885226 by security tracker role at 2024-12-12T20:12:26+00:00
automatic update

- - - - -


1 changed file:

- data/CVE/list


Changes:

=====================================
data/CVE/list
=====================================
@@ -1,4 +1,144 @@
-CVE-2024-55633
+CVE-2024-9387 (An issue was discovered in GitLab CE/EE affecting all versions from 11 ...)
+	TODO: check
+CVE-2024-9367 (An issue was discovered in GitLab CE/EE affecting all versions startin ...)
+	TODO: check
+CVE-2024-8647 (An issue was discovered in GitLab affecting all versions starting 15.2 ...)
+	TODO: check
+CVE-2024-8233 (An issue has been discovered in GitLab CE/EE affecting all versions fr ...)
+	TODO: check
+CVE-2024-8179 (An issue has been discovered in GitLab CE/EE affecting all versions fr ...)
+	TODO: check
+CVE-2024-55888 (Hush Line is an open-source whistleblower management system. Starting  ...)
+	TODO: check
+CVE-2024-55886 (OpenSearch Data Prepper is a component of the OpenSearch project that  ...)
+	TODO: check
+CVE-2024-55885 (beego is an open-source web framework for the Go programming language. ...)
+	TODO: check
+CVE-2024-55879 (XWiki Platform is a generic wiki platform. Starting in version 2.3 and ...)
+	TODO: check
+CVE-2024-55878 (SimpleXLSX is software for parsing and retrieving data from Excel XLSx ...)
+	TODO: check
+CVE-2024-55877 (XWiki Platform is a generic wiki platform. Starting in version 9.7-rc- ...)
+	TODO: check
+CVE-2024-55876 (XWiki Platform is a generic wiki platform. Starting in version 1.2-mil ...)
+	TODO: check
+CVE-2024-55875 (http4k is a functional toolkit for Kotlin HTTP applications. Prior to  ...)
+	TODO: check
+CVE-2024-55663 (XWiki Platform is a generic wiki platform. Starting in version 11.10.6 ...)
+	TODO: check
+CVE-2024-55662 (XWiki Platform is a generic wiki platform. Starting in version 3.3-mil ...)
+	TODO: check
+CVE-2024-55099 (A SQL Injection vulnerability was found in /admin/index.php in phpguru ...)
+	TODO: check
+CVE-2024-54842 (A SQL injection vulnerability was found in phpgurukul Online Nurse Hir ...)
+	TODO: check
+CVE-2024-54811 (A SQL injection vulnerability in /index.php in PHPGurukul Park Ticketi ...)
+	TODO: check
+CVE-2024-54810 (A SQL Injection vulnerability was found in /preschool/admin/password-r ...)
+	TODO: check
+CVE-2024-54122 (Concurrent variable access vulnerability in the ability module Impact: ...)
+	TODO: check
+CVE-2024-54119 (Cross-process screen stack vulnerability in the UIExtension module Imp ...)
+	TODO: check
+CVE-2024-54118 (Cross-process screen stack vulnerability in the UIExtension module Imp ...)
+	TODO: check
+CVE-2024-54117 (Cross-process screen stack vulnerability in the UIExtension module Imp ...)
+	TODO: check
+CVE-2024-54116 (Out-of-bounds read vulnerability in the M3U8 module Impact: Successful ...)
+	TODO: check
+CVE-2024-54115 (Out-of-bounds read vulnerability in the DASH module Impact: Successful ...)
+	TODO: check
+CVE-2024-54114 (Out-of-bounds access vulnerability in playback in the DASH module Impa ...)
+	TODO: check
+CVE-2024-54113 (Process residence vulnerability in abnormal scenarios in the print mod ...)
+	TODO: check
+CVE-2024-54112 (Cross-process screen stack vulnerability in the UIExtension module Imp ...)
+	TODO: check
+CVE-2024-54111 (Read/Write vulnerability in the image decoding module Impact: Successf ...)
+	TODO: check
+CVE-2024-54110 (Cross-process screen stack vulnerability in the UIExtension module Imp ...)
+	TODO: check
+CVE-2024-54109 (Read/Write vulnerability in the image decoding module Impact: Successf ...)
+	TODO: check
+CVE-2024-54108 (Read/Write vulnerability in the image decoding module Impact: Successf ...)
+	TODO: check
+CVE-2024-54107 (Read/Write vulnerability in the image decoding module Impact: Successf ...)
+	TODO: check
+CVE-2024-54106 (Null pointer dereference vulnerability in the image decoding module Im ...)
+	TODO: check
+CVE-2024-54105 (Read/Write vulnerability in the image decoding module Impact: Successf ...)
+	TODO: check
+CVE-2024-54104 (Cross-process screen stack vulnerability in the UIExtension module Imp ...)
+	TODO: check
+CVE-2024-54103 (Vulnerability of improper access control in the album module Impact: S ...)
+	TODO: check
+CVE-2024-54102 (Race condition vulnerability in the DDR module Impact: Successful expl ...)
+	TODO: check
+CVE-2024-54101 (Denial of service (DoS) vulnerability in the installation module Impac ...)
+	TODO: check
+CVE-2024-54100 (Vulnerability of improper access control in the secure input module Im ...)
+	TODO: check
+CVE-2024-54099 (File replacement vulnerability on some devices Impact: Successful expl ...)
+	TODO: check
+CVE-2024-54098 (Service logic error vulnerability in the system service module Impact: ...)
+	TODO: check
+CVE-2024-54097 (Security vulnerability in the HiView module Impact: Successful exploit ...)
+	TODO: check
+CVE-2024-54096 (Vulnerability of improper access control in the MTP module Impact: Suc ...)
+	TODO: check
+CVE-2024-52901 (IBM InfoSphere Information Server 11.7 could allow an authenticated us ...)
+	TODO: check
+CVE-2024-50584 (An authenticated attacker with the user/role "Poweruser" can perform a ...)
+	TODO: check
+CVE-2024-4109 (A flaw was found in Undertow. An HTTP request header value from a prev ...)
+	TODO: check
+CVE-2024-49147 (Deserialization of untrusted data in Microsoft Update Catalog allows a ...)
+	TODO: check
+CVE-2024-49071 (Improper authorization of an index that contains sensitive information ...)
+	TODO: check
+CVE-2024-47947 (Due to missing input sanitization, an attacker can perform cross-site- ...)
+	TODO: check
+CVE-2024-47238 (Dell Client Platform BIOS contains an Improper Input Validation vulner ...)
+	TODO: check
+CVE-2024-36498 (Due to missing input sanitization, an attacker can perform cross-site- ...)
+	TODO: check
+CVE-2024-36494 (Due to missing input sanitization, an attacker can perform cross-site- ...)
+	TODO: check
+CVE-2024-31670 (rizin before v0.6.3 is vulnerable to Buffer Overflow via create_cache_ ...)
+	TODO: check
+CVE-2024-28146 (The application uses several hard-coded credentialsto encrypt config f ...)
+	TODO: check
+CVE-2024-28145 (An unauthenticated attacker can perform an SQL injection by accessing  ...)
+	TODO: check
+CVE-2024-28144 (An attacker who can spoof the IP address and the User-Agent of a logge ...)
+	TODO: check
+CVE-2024-28143 (The password change function at /cgi/admin.cgi does not require the cu ...)
+	TODO: check
+CVE-2024-28142 (Due to missing input sanitization, an attacker can perform cross-site- ...)
+	TODO: check
+CVE-2024-21575 (ComfyUI-Impact-Pack is vulnerable to Path Traversal. The issue stems f ...)
+	TODO: check
+CVE-2024-21574 (The issue stems from a missing validation of the pip field in a POST r ...)
+	TODO: check
+CVE-2024-12570 (An issue has been discovered in GitLab CE/EE affecting all versions st ...)
+	TODO: check
+CVE-2024-12401 (A flaw was found in the cert-manager package. This flaw allows an atta ...)
+	TODO: check
+CVE-2024-12333 (The Woodmart theme for WordPress is vulnerable to arbitrary shortcode  ...)
+	TODO: check
+CVE-2024-12292 (An issue was discovered in GitLab CE/EE affecting all versions startin ...)
+	TODO: check
+CVE-2024-12271 (The 360 Javascript Viewer plugin for WordPress is vulnerable to Stored ...)
+	TODO: check
+CVE-2024-12160 (The Seraphinite Bulk Discounts for WooCommerce plugin for WordPress is ...)
+	TODO: check
+CVE-2024-11760 (The Currency Converter Widget \u26a1 PRO plugin for WordPress is vulne ...)
+	TODO: check
+CVE-2024-11274 (An issue was discovered in GitLab CE/EE affecting all versions startin ...)
+	TODO: check
+CVE-2024-10043 (An issue has been discovered in GitLab EE affecting all versions start ...)
+	TODO: check
+CVE-2024-55633 (Improper Authorization vulnerability in Apache Superset. On Postgres a ...)
 	NOT-FOR-US: Apache Superset
 CVE-2024-9881 (The LearnPress  WordPress plugin before 4.2.7.2 does not sanitise and  ...)
 	NOT-FOR-US: WordPress plugin
@@ -612,9 +752,11 @@ CVE-2024-10511 (CWE-287: Improper Authentication vulnerability exists that could
 CVE-2024-10251 (Under specific circumstances, insecure permissions in Ivanti Security  ...)
 	NOT-FOR-US: Ivanti
 CVE-2024-12382 (Use after free in Translate in Google Chrome prior to 131.0.6778.139 a ...)
+	{DSA-5829-1}
 	- chromium 131.0.6778.139-1
 	[bullseye] - chromium <end-of-life> (see #1061268)
 CVE-2024-12381 (Type Confusion in V8 in Google Chrome prior to 131.0.6778.139 allowed  ...)
+	{DSA-5829-1}
 	- chromium 131.0.6778.139-1
 	[bullseye] - chromium <end-of-life> (see #1061268)
 CVE-2024-55655 (sigstore-python is a Python tool for generating and verifying Sigstore ...)
@@ -953,7 +1095,7 @@ CVE-2024-11053 (When asked to both use a `.netrc` file for credentials and to fo
 	NOTE: https://curl.se/docs/CVE-2024-11053.html
 	NOTE: Introduced by: https://github.com/curl/curl/commit/ae1912cb0d494b48d514d937826c9fe83ec96c4d (curl-6_5)
 	NOTE: Fixed by: https://github.com/curl/curl/commit/e9b9bbac22c26cf67316fa8e6c6b9e831af31949 (curl-8_11_1)
-CVE-2024-12397
+CVE-2024-12397 (A flaw was found in Quarkus-HTTP, which incorrectly parses cookies wit ...)
 	NOT-FOR-US: Quarkus
 CVE-2024-9844 (Insufficient server-side controls in Secure Application Manager of Iva ...)
 	NOT-FOR-US: Ivanti
@@ -10887,7 +11029,8 @@ CVE-2024-10927 (A vulnerability was found in MonoCMS up to 20240528. It has been
 	NOT-FOR-US: MonoCMS
 CVE-2024-10926 (A vulnerability was found in IBPhoenix ibWebAdmin up to 1.0.2 and clas ...)
 	NOT-FOR-US: IBPhoenix ibWebAdmin
-CVE-2024-10922 (The Featured Posts Scroll plugin for WordPress is vulnerable to Cross- ...)
+CVE-2024-10922
+	REJECTED
 	NOT-FOR-US: WordPress plugin
 CVE-2024-10027 (The WP Booking Calendar WordPress plugin before 10.6.3 does not saniti ...)
 	NOT-FOR-US: WordPress plugin
@@ -18939,7 +19082,7 @@ CVE-2024-45121 (Adobe Commerce versions 2.4.7-p2, 2.4.6-p7, 2.4.5-p9, 2.4.4-p10
 	NOT-FOR-US: Adobe
 CVE-2024-45120 (Adobe Commerce versions 2.4.7-p2, 2.4.6-p7, 2.4.5-p9, 2.4.4-p10 and ea ...)
 	NOT-FOR-US: Adobe
-CVE-2024-45119 (Adobe Commerce versions 2.4.7-p2, 2.4.6-p7, 2.4.5-p9, 2.4.4-p10 and ea ...)
+CVE-2024-45119 (Adobe Commerce versions 2.4.7-p2, 2.4.6-p7, 2.4.5-p9, 2.4.4-p10 (and e ...)
 	NOT-FOR-US: Adobe
 CVE-2024-45118 (Adobe Commerce versions 2.4.7-p2, 2.4.6-p7, 2.4.5-p9, 2.4.4-p10 and ea ...)
 	NOT-FOR-US: Adobe
@@ -24901,6 +25044,7 @@ CVE-2024-45824 (CVE-2024-45824 IMPACT    A remote code vulnerability exists in t
 CVE-2024-45823 (CVE-2024-45823 IMPACT    An authentication bypass vulnerability exists ...)
 	NOT-FOR-US: Rockwell Automation
 CVE-2024-45624 (Exposure of sensitive information due to incompatible policies issue e ...)
+	{DLA-3993-1}
 	- pgpool2 4.5.4-1 (bug #1081659)
 	NOTE: https://www.pgpool.net/mediawiki/index.php/Main_Page#Pgpool-II_4.5.4.2C_4.4.9.2C_4.3.12.2C_4.2.19_and_4.1.22_officially_released_.282024.2F09.2F09.29
 	NOTE: https://github.com/pgpool/pgpool2/commit/6b7d585eb1c693e4ffb5b8e6ed9aa0f067fa1b89 (master)
@@ -51294,7 +51438,7 @@ CVE-2024-35240 (Umbraco Commerce is an open source dotnet ecommerce solution. In
 CVE-2024-35239 (Umbraco Commerce is an open source dotnet web forms solution. In affec ...)
 	NOT-FOR-US: Umbraco Commerce
 CVE-2024-35226 (Smarty is a template engine for PHP, facilitating the separation of pr ...)
-	{DSA-5826-1 DLA-3956-1}
+	{DSA-5830-1 DSA-5826-1 DLA-3956-1}
 	- smarty3 3.1.48-2 (bug #1072530)
 	- smarty4 4.5.4-1 (bug #1072529)
 	NOTE: https://github.com/smarty-php/smarty/security/advisories/GHSA-4rmg-292m-wg3w
@@ -159279,6 +159423,7 @@ CVE-2023-22335 (Improper access control vulnerability in SS1 Ver.13.0.0.40 and e
 CVE-2023-22333 (Cross-site scripting vulnerability in EasyMail 2.00.130 and earlier al ...)
 	NOT-FOR-US: EasyMail
 CVE-2023-22332 (Information disclosure vulnerability exists in Pgpool-II 4.4.0 to 4.4. ...)
+	{DLA-3993-1}
 	- pgpool2 4.3.5-1 (bug #1030048)
 	[buster] - pgpool2 <postponed> (Minor issue, restricted system account password hash leak to authentified users)
 	NOTE: https://www.pgpool.net/mediawiki/index.php/Main_Page#News



View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/d2885226ea1898db334bb428c2355a5936b2da5a

-- 
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/d2885226ea1898db334bb428c2355a5936b2da5a
You're receiving this email because of your account on salsa.debian.org.


-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://alioth-lists.debian.net/pipermail/debian-security-tracker-commits/attachments/20241212/5c39a8ac/attachment.htm>


More information about the debian-security-tracker-commits mailing list