[Git][security-tracker-team/security-tracker][master] automatic update
Salvatore Bonaccorso (@carnil)
carnil at debian.org
Mon Dec 16 20:12:18 GMT 2024
Salvatore Bonaccorso pushed to branch master at Debian Security Tracker / security-tracker
Commits:
7e3d4a34 by security tracker role at 2024-12-16T20:12:12+00:00
automatic update
- - - - -
1 changed file:
- data/CVE/list
Changes:
=====================================
data/CVE/list
=====================================
@@ -1,3 +1,337 @@
+CVE-2024-8058 (An improper parsing vulnerability was reported in the FileZ client tha ...)
+ TODO: check
+CVE-2024-6002
+ REJECTED
+CVE-2024-6001 (An improper certificate validation vulnerability was reported in LADM ...)
+ TODO: check
+CVE-2024-56015 (Cross-Site Request Forgery (CSRF) vulnerability in John Godley Tidy Up ...)
+ TODO: check
+CVE-2024-56013 (Authentication Bypass Using an Alternate Path or Channel vulnerability ...)
+ TODO: check
+CVE-2024-56012 (Cross-Site Request Forgery (CSRF) vulnerability in Pearlbells Flash Ne ...)
+ TODO: check
+CVE-2024-56011 (Improper Neutralization of Input During Web Page Generation ('Cross-si ...)
+ TODO: check
+CVE-2024-56009 (Missing Authorization vulnerability in spreadr Spreadr Woocommerce all ...)
+ TODO: check
+CVE-2024-56007 (Missing Authorization vulnerability in Ram Segev Leader allows Exploit ...)
+ TODO: check
+CVE-2024-56005 (Cross-Site Request Forgery (CSRF) vulnerability in Posti Posti Shippin ...)
+ TODO: check
+CVE-2024-56004 (Missing Authorization vulnerability in Alex W Fowler Easy Site Importe ...)
+ TODO: check
+CVE-2024-56003 (Missing Authorization vulnerability in David Cramer Caldera SMTP Maile ...)
+ TODO: check
+CVE-2024-56001 (Missing Authorization vulnerability in Ksher Ksher allows Exploiting I ...)
+ TODO: check
+CVE-2024-55999 (Missing Authorization vulnerability in Marco Giannini XML Multilanguag ...)
+ TODO: check
+CVE-2024-55998 (Missing Authorization vulnerability in dusthazard Popup Surveys & Poll ...)
+ TODO: check
+CVE-2024-55996 (Missing Authorization vulnerability in Dreamfox Dreamfox Media Payment ...)
+ TODO: check
+CVE-2024-55994 (Missing Authorization vulnerability in \u641c\u72d0\u7545\u8a00 \u7545 ...)
+ TODO: check
+CVE-2024-55993 (Missing Authorization vulnerability in PickPlugins Job Board Manager a ...)
+ TODO: check
+CVE-2024-55992 (Missing Authorization vulnerability in Open Tools WooCommerce Basic Or ...)
+ TODO: check
+CVE-2024-55990 (Improper Neutralization of Special Elements used in an SQL Command ('S ...)
+ TODO: check
+CVE-2024-55989 (Improper Neutralization of Special Elements used in an SQL Command ('S ...)
+ TODO: check
+CVE-2024-55988 (Improper Neutralization of Special Elements used in an SQL Command ('S ...)
+ TODO: check
+CVE-2024-55987 (Improper Neutralization of Special Elements used in an SQL Command ('S ...)
+ TODO: check
+CVE-2024-55986 (Improper Neutralization of Special Elements used in an SQL Command ('S ...)
+ TODO: check
+CVE-2024-55982 (Improper Neutralization of Special Elements used in an SQL Command ('S ...)
+ TODO: check
+CVE-2024-55981 (Improper Neutralization of Special Elements used in an SQL Command ('S ...)
+ TODO: check
+CVE-2024-55980 (Improper Neutralization of Special Elements used in an SQL Command ('S ...)
+ TODO: check
+CVE-2024-55979 (Improper Neutralization of Special Elements used in an SQL Command ('S ...)
+ TODO: check
+CVE-2024-55978 (Improper Neutralization of Special Elements used in an SQL Command ('S ...)
+ TODO: check
+CVE-2024-55977 (Improper Neutralization of Special Elements used in an SQL Command ('S ...)
+ TODO: check
+CVE-2024-55976 (Improper Neutralization of Special Elements used in an SQL Command ('S ...)
+ TODO: check
+CVE-2024-55974 (Improper Neutralization of Special Elements used in an SQL Command ('S ...)
+ TODO: check
+CVE-2024-55973 (Improper Neutralization of Special Elements used in an SQL Command ('S ...)
+ TODO: check
+CVE-2024-55972 (Improper Neutralization of Special Elements used in an SQL Command ('S ...)
+ TODO: check
+CVE-2024-55949 (MinIO is a high-performance, S3 compatible object store, open sourced ...)
+ TODO: check
+CVE-2024-54682 (Mattermost versions 10.1.x <= 10.1.2, 10.0.x <= 10.0.2, 9.11.x <= 9.11 ...)
+ TODO: check
+CVE-2024-54443 (Improper Neutralization of Input During Web Page Generation ('Cross-si ...)
+ TODO: check
+CVE-2024-54442 (Improper Neutralization of Input During Web Page Generation ('Cross-si ...)
+ TODO: check
+CVE-2024-54441 (Improper Neutralization of Input During Web Page Generation ('Cross-si ...)
+ TODO: check
+CVE-2024-54440 (Cross-Site Request Forgery (CSRF) vulnerability in blueskyy WP-Ban-Use ...)
+ TODO: check
+CVE-2024-54439 (Cross-Site Request Forgery (CSRF) vulnerability in Alok Tiwari Amazon ...)
+ TODO: check
+CVE-2024-54438 (Cross-Site Request Forgery (CSRF) vulnerability in GAxx Gaxx Keywords ...)
+ TODO: check
+CVE-2024-54437 (Improper Neutralization of Input During Web Page Generation ('Cross-si ...)
+ TODO: check
+CVE-2024-54436 (Cross-Site Request Forgery (CSRF) vulnerability in Jettochkin Jet Foot ...)
+ TODO: check
+CVE-2024-54435 (Cross-Site Request Forgery (CSRF) vulnerability in Thomas Hoefter Only ...)
+ TODO: check
+CVE-2024-54434 (Cross-Site Request Forgery (CSRF) vulnerability in Phoetry phZoom allo ...)
+ TODO: check
+CVE-2024-54433 (Cross-Site Request Forgery (CSRF) vulnerability in Simple Booking Simp ...)
+ TODO: check
+CVE-2024-54432 (Cross-Site Request Forgery (CSRF) vulnerability in Shambhu Prasad Patn ...)
+ TODO: check
+CVE-2024-54431 (Cross-Site Request Forgery (CSRF) vulnerability in Mohamed Riyaz Admin ...)
+ TODO: check
+CVE-2024-54430 (Cross-Site Request Forgery (CSRF) vulnerability in Bastien Ho EELV New ...)
+ TODO: check
+CVE-2024-54429 (Cross-Site Request Forgery (CSRF) vulnerability in Ivan Ovsyannikov Ap ...)
+ TODO: check
+CVE-2024-54428 (Cross-Site Request Forgery (CSRF) vulnerability in onigetoc Add image ...)
+ TODO: check
+CVE-2024-54427 (Cross-Site Request Forgery (CSRF) vulnerability in Linda MacPhee-Cobb ...)
+ TODO: check
+CVE-2024-54426 (Cross-Site Request Forgery (CSRF) vulnerability in Andy Fradelakis Lea ...)
+ TODO: check
+CVE-2024-54425 (Cross-Site Request Forgery (CSRF) vulnerability in LionScripts.com Lio ...)
+ TODO: check
+CVE-2024-54424 (Improper Neutralization of Input During Web Page Generation ('Cross-si ...)
+ TODO: check
+CVE-2024-54423 (Cross-Site Request Forgery (CSRF) vulnerability in Jesse Overright Soc ...)
+ TODO: check
+CVE-2024-54422 (Improper Neutralization of Input During Web Page Generation ('Cross-si ...)
+ TODO: check
+CVE-2024-54421 (Cross-Site Request Forgery (CSRF) vulnerability in Sanjay Singh Negi F ...)
+ TODO: check
+CVE-2024-54420 (Cross-Site Request Forgery (CSRF) vulnerability in Aleksander Novikov ...)
+ TODO: check
+CVE-2024-54419 (Cross-Site Request Forgery (CSRF) vulnerability in Mansur Ahamed Ui Sl ...)
+ TODO: check
+CVE-2024-54418 (Cross-Site Request Forgery (CSRF) vulnerability in Diversified Technol ...)
+ TODO: check
+CVE-2024-54417 (Missing Authorization vulnerability in Pixelgrade PixProof allows Acce ...)
+ TODO: check
+CVE-2024-54416 (Cross-Site Request Forgery (CSRF) vulnerability in Navdeep Kumar Wp Lo ...)
+ TODO: check
+CVE-2024-54415 (Cross-Site Request Forgery (CSRF) vulnerability in Cyle Conoly WP-Hide ...)
+ TODO: check
+CVE-2024-54414 (Cross-Site Request Forgery (CSRF) vulnerability in geoWP Geoportail Sh ...)
+ TODO: check
+CVE-2024-54413 (Cross-Site Request Forgery (CSRF) vulnerability in Stefan Brandt Displ ...)
+ TODO: check
+CVE-2024-54412 (Cross-Site Request Forgery (CSRF) vulnerability in Ecommerce Templates ...)
+ TODO: check
+CVE-2024-54411 (Cross-Site Request Forgery (CSRF) vulnerability in hosting.io, campaig ...)
+ TODO: check
+CVE-2024-54410 (Cross-Site Request Forgery (CSRF) vulnerability in Toby Cox SOPA Black ...)
+ TODO: check
+CVE-2024-54409 (Cross-Site Request Forgery (CSRF) vulnerability in fzmaster @ XPD XPD ...)
+ TODO: check
+CVE-2024-54408 (Cross-Site Request Forgery (CSRF) vulnerability in Jake H. Youtube Vid ...)
+ TODO: check
+CVE-2024-54407 (Cross-Site Request Forgery (CSRF) vulnerability in \u968f\u610f\u7684\ ...)
+ TODO: check
+CVE-2024-54406 (Improper Neutralization of Input During Web Page Generation ('Cross-si ...)
+ TODO: check
+CVE-2024-54405 (Cross-Site Request Forgery (CSRF) vulnerability in Andy Chapman ECT So ...)
+ TODO: check
+CVE-2024-54404 (Cross-Site Request Forgery (CSRF) vulnerability in Nazmul Ahsan MDC Co ...)
+ TODO: check
+CVE-2024-54403 (Improper Neutralization of Input During Web Page Generation ('Cross-si ...)
+ TODO: check
+CVE-2024-54402 (Missing Authorization vulnerability in Jozoor Arabic Webfonts allows E ...)
+ TODO: check
+CVE-2024-54401 (Cross-Site Request Forgery (CSRF) vulnerability in Turcu Ciprian Advan ...)
+ TODO: check
+CVE-2024-54400 (Cross-Site Request Forgery (CSRF) vulnerability in MELONIQ.NET AppMaps ...)
+ TODO: check
+CVE-2024-54399 (Cross-Site Request Forgery (CSRF) vulnerability in CRUDLab CRUDLab Goo ...)
+ TODO: check
+CVE-2024-54398 (Cross-Site Request Forgery (CSRF) vulnerability in Project Caruso Flam ...)
+ TODO: check
+CVE-2024-54397 (Cross-Site Request Forgery (CSRF) vulnerability in Antonio Gocaj Go An ...)
+ TODO: check
+CVE-2024-54396 (Cross-Site Request Forgery (CSRF) vulnerability in Ryan Bet sport Free ...)
+ TODO: check
+CVE-2024-54395 (Improper Neutralization of Input During Web Page Generation ('Cross-si ...)
+ TODO: check
+CVE-2024-54394 (Cross-Site Request Forgery (CSRF) vulnerability in Web solution soft M ...)
+ TODO: check
+CVE-2024-54393 (Cross-Site Request Forgery (CSRF) vulnerability in Sheikh Heera WP Fid ...)
+ TODO: check
+CVE-2024-54392 (Cross-Site Request Forgery (CSRF) vulnerability in Midoks WP\u5fae\u4f ...)
+ TODO: check
+CVE-2024-54391 (Cross-Site Request Forgery (CSRF) vulnerability in Matt Walters WordPr ...)
+ TODO: check
+CVE-2024-54390 (Improper Neutralization of Input During Web Page Generation ('Cross-si ...)
+ TODO: check
+CVE-2024-54389 (Cross-Site Request Forgery (CSRF) vulnerability in Eduardo Chiaro addW ...)
+ TODO: check
+CVE-2024-54388 (Cross-Site Request Forgery (CSRF) vulnerability in Phuc Pham Multiple ...)
+ TODO: check
+CVE-2024-54387 (Improper Neutralization of Input During Web Page Generation ('Cross-si ...)
+ TODO: check
+CVE-2024-54386 (Cross-Site Request Forgery (CSRF) vulnerability in Get Push Monkey LLC ...)
+ TODO: check
+CVE-2024-54385 (Server-Side Request Forgery (SSRF) vulnerability in SoftLab Radio Play ...)
+ TODO: check
+CVE-2024-54384 (Missing Authorization vulnerability in eLightUp Falcon \u2013 WordPres ...)
+ TODO: check
+CVE-2024-54382 (Improper Limitation of a Pathname to a Restricted Directory ('Path Tra ...)
+ TODO: check
+CVE-2024-54380 (Improper Limitation of a Pathname to a Restricted Directory ('Path Tra ...)
+ TODO: check
+CVE-2024-54379 (Missing Authorization vulnerability in Blokhaus Minterpress allows Pri ...)
+ TODO: check
+CVE-2024-54378 (Missing Authorization vulnerability in Quietly Quietly Insights allows ...)
+ TODO: check
+CVE-2024-54376 (Improper Control of Filename for Include/Require Statement in PHP Prog ...)
+ TODO: check
+CVE-2024-54375 (Improper Limitation of a Pathname to a Restricted Directory ('Path Tra ...)
+ TODO: check
+CVE-2024-54374 (Improper Limitation of a Pathname to a Restricted Directory ('Path Tra ...)
+ TODO: check
+CVE-2024-54373 (Improper Limitation of a Pathname to a Restricted Directory ('Path Tra ...)
+ TODO: check
+CVE-2024-54372 (Cross-Site Request Forgery (CSRF) vulnerability in Sourov Amin Inserti ...)
+ TODO: check
+CVE-2024-54370 (Unrestricted Upload of File with Dangerous Type vulnerability in Suite ...)
+ TODO: check
+CVE-2024-54369 (Missing Authorization vulnerability in ThemeHunk Zita Site Builder all ...)
+ TODO: check
+CVE-2024-54368 (Cross-Site Request Forgery (CSRF) vulnerability in Ruben Garza, Jr. Gi ...)
+ TODO: check
+CVE-2024-54367 (Deserialization of Untrusted Data vulnerability in ForumWP ForumWP all ...)
+ TODO: check
+CVE-2024-54366 (Generation of Error Message Containing Sensitive Information vulnerabi ...)
+ TODO: check
+CVE-2024-54365 (Incorrect Privilege Assignment vulnerability in Halim KH Easy User Set ...)
+ TODO: check
+CVE-2024-54364 (Improper Neutralization of Input During Web Page Generation ('Cross-si ...)
+ TODO: check
+CVE-2024-54363 (Incorrect Privilege Assignment vulnerability in nssTheme Wp NssUser Re ...)
+ TODO: check
+CVE-2024-54361 (Improper Neutralization of Special Elements used in an SQL Command ('S ...)
+ TODO: check
+CVE-2024-54360 (Improper Neutralization of Input During Web Page Generation ('Cross-si ...)
+ TODO: check
+CVE-2024-54359 (Missing Authorization vulnerability in Saul Morales Pacheco Banner Sys ...)
+ TODO: check
+CVE-2024-54358 (Improper Neutralization of Input During Web Page Generation ('Cross-si ...)
+ TODO: check
+CVE-2024-54357 (Cross-Site Request Forgery (CSRF) vulnerability in ThemeFusion Avada.T ...)
+ TODO: check
+CVE-2024-54356 (Cross-Site Request Forgery (CSRF) vulnerability in vCita.com Online Bo ...)
+ TODO: check
+CVE-2024-54355 (Cross-Site Request Forgery (CSRF) vulnerability in brandtoss WP Mailst ...)
+ TODO: check
+CVE-2024-54354 (Missing Authorization vulnerability in Beat Kueffer Termin-Kalender al ...)
+ TODO: check
+CVE-2024-54353 (Cross-Site Request Forgery (CSRF) vulnerability in WPGear Hack-Info al ...)
+ TODO: check
+CVE-2024-54352 (Cross-Site Request Forgery (CSRF) vulnerability in Sabri Taieb Sogrid ...)
+ TODO: check
+CVE-2024-54348 (Improper Neutralization of Input During Web Page Generation ('Cross-si ...)
+ TODO: check
+CVE-2024-54332 (Cross-Site Request Forgery (CSRF) vulnerability in WPFactory WP Curren ...)
+ TODO: check
+CVE-2024-54331 (Cross-Site Request Forgery (CSRF) vulnerability in Micha I Plant A Tre ...)
+ TODO: check
+CVE-2024-54285 (Unrestricted Upload of File with Dangerous Type vulnerability in SeedP ...)
+ TODO: check
+CVE-2024-54284 (Improper Neutralization of Special Elements used in an SQL Command ('S ...)
+ TODO: check
+CVE-2024-54283 (Improper Neutralization of Special Elements used in an SQL Command ('S ...)
+ TODO: check
+CVE-2024-54280 (Improper Neutralization of Special Elements used in an SQL Command ('S ...)
+ TODO: check
+CVE-2024-54279 (Exposure of Sensitive System Information to an Unauthorized Control Sp ...)
+ TODO: check
+CVE-2024-54257 (Improper Neutralization of Input During Web Page Generation ('Cross-si ...)
+ TODO: check
+CVE-2024-54249 (Improper Neutralization of Input During Web Page Generation ('Cross-si ...)
+ TODO: check
+CVE-2024-54229 (Incorrect Privilege Assignment vulnerability in Straightvisions GmbH S ...)
+ TODO: check
+CVE-2024-54083 (Mattermost versions 10.1.x <= 10.1.2, 10.0.x <= 10.0.2, 9.11.x <= 9.11 ...)
+ TODO: check
+CVE-2024-4762 (An improper validation vulnerability was reported in the firmware upda ...)
+ TODO: check
+CVE-2024-49775 (A vulnerability has been identified in Opcenter Execution Foundation ( ...)
+ TODO: check
+CVE-2024-48872 (Mattermost versions 10.1.x <= 10.1.2, 10.0.x <= 10.0.2, 9.11.x <= 9.11 ...)
+ TODO: check
+CVE-2024-43234 (Authentication Bypass Using an Alternate Path or Channel vulnerability ...)
+ TODO: check
+CVE-2024-37251 (Cross-Site Request Forgery (CSRF) vulnerability in WPENGINE, INC. Adva ...)
+ TODO: check
+CVE-2024-12687 (Deserialization of Untrusted Data vulnerability in PlexTrac (Runbooks ...)
+ TODO: check
+CVE-2024-12668 (Velocidex WinPmem versions below 4.1 suffer from an Out of Bounds Writ ...)
+ TODO: check
+CVE-2024-12667 (A vulnerability was found in InvoicePlane up to 1.6.1 and classified a ...)
+ TODO: check
+CVE-2024-12666 (A vulnerability has been found in ClassCMS up to 4.8 and classified as ...)
+ TODO: check
+CVE-2024-12665 (A vulnerability, which was classified as problematic, was found in rui ...)
+ TODO: check
+CVE-2024-12664 (A vulnerability, which was classified as problematic, has been found i ...)
+ TODO: check
+CVE-2024-12663 (A vulnerability classified as problematic was found in funnyzpc Mee-Ad ...)
+ TODO: check
+CVE-2024-12662 (A vulnerability classified as problematic has been found in IObit Adva ...)
+ TODO: check
+CVE-2024-12661 (A vulnerability was found in IObit Advanced SystemCare Utimate up to 1 ...)
+ TODO: check
+CVE-2024-12660 (A vulnerability was found in IObit Advanced SystemCare Utimate up to 1 ...)
+ TODO: check
+CVE-2024-12659 (A vulnerability was found in IObit Advanced SystemCare Utimate up to 1 ...)
+ TODO: check
+CVE-2024-12658 (A vulnerability was found in IObit Advanced SystemCare Utimate up to 1 ...)
+ TODO: check
+CVE-2024-12657 (A vulnerability has been found in IObit Advanced SystemCare Utimate up ...)
+ TODO: check
+CVE-2024-12656 (A vulnerability, which was classified as problematic, was found in Fab ...)
+ TODO: check
+CVE-2024-12655 (A vulnerability, which was classified as problematic, has been found i ...)
+ TODO: check
+CVE-2024-12654 (A vulnerability classified as problematic was found in FabulaTech USB ...)
+ TODO: check
+CVE-2024-12653 (A vulnerability classified as problematic has been found in FabulaTech ...)
+ TODO: check
+CVE-2024-12478 (A vulnerability was found in InvoicePlane up to 1.6.1. It has been dec ...)
+ TODO: check
+CVE-2024-12362 (A vulnerability was found in InvoicePlane up to 1.6.1. It has been cla ...)
+ TODO: check
+CVE-2024-12092 (A stored Cross-site Scripting (XSS) vulnerability affecting ENOVIA Col ...)
+ TODO: check
+CVE-2024-12091 (A stored Cross-site Scripting (XSS) vulnerability affecting ENOVIA Col ...)
+ TODO: check
+CVE-2024-12090 (A stored Cross-site Scripting (XSS) vulnerability affecting ENOVIA Col ...)
+ TODO: check
+CVE-2024-12089 (A stored Cross-site Scripting (XSS) vulnerability affecting ENOVIA Col ...)
+ TODO: check
+CVE-2024-11358 (Mattermost Android Mobile Apps versions <=2.21.0 fail to properly conf ...)
+ TODO: check
+CVE-2024-11144 (The server lacks thread safety and can be crashed by anomalous data se ...)
+ TODO: check
+CVE-2024-10972 (Velocidex WinPmem versions 4.1 and below suffer from an Improper Input ...)
+ TODO: check
+CVE-2024-10095 (In Progress Telerik UI for WPF versions prior to 2024 Q4 (2024.4.1213) ...)
+ TODO: check
CVE-2024-55919 [Improper input validation on generic SSO login]
- sympa <unfixed> (bug #1090188)
NOTE: https://www.sympa.community/security/2024-001.html
@@ -744,7 +1078,7 @@ CVE-2024-55876 (XWiki Platform is a generic wiki platform. Starting in version 1
NOT-FOR-US: XWiki
CVE-2024-55875 (http4k is a functional toolkit for Kotlin HTTP applications. Prior to ...)
NOT-FOR-US: http4k
-CVE-2024-55663 (XWiki Platform is a generic wiki platform. Starting in version 11.10.6 ...)
+CVE-2024-55663 (XWiki Platform is a generic wiki platform. Starting in version 6.3-mil ...)
NOT-FOR-US: XWiki
CVE-2024-55662 (XWiki Platform is a generic wiki platform. Starting in version 3.3-mil ...)
NOT-FOR-US: XWiki
@@ -1281,7 +1615,7 @@ CVE-2024-47607 (GStreamer is a library for constructing graphs of media-handling
NOTE: Fixed by: https://gitlab.freedesktop.org/gstreamer/gstreamer/-/commit/2838374d6ee4a0c9c4c4221ac46d5c1688f26e59
NOTE: Fixed by: https://gitlab.freedesktop.org/gstreamer/gstreamer/-/commit/804eca458fb547942ed70b88c021b996be9228a2 (1.24.10)
CVE-2024-47606 (GStreamer is a library for constructing graphs of media-handling compo ...)
- {DLA-3994-1}
+ {DSA-5832-1 DLA-3994-1}
- gstreamer1.0 1.24.10-1
- gstreamer0.10 <removed>
- gst-plugins-good1.0 1.24.10-1
@@ -1725,7 +2059,7 @@ CVE-2024-49538 (Illustrator versions 29.0.0, 28.7.2 and earlier are affected by
NOT-FOR-US: Adobe
CVE-2024-49537 (After Effects versions 24.6.2, 25.0.1 and earlier are affected by a St ...)
NOT-FOR-US: Adobe
-CVE-2024-49513 (Not a product versions 21.0.0.5 and earlier are affected by an out-of- ...)
+CVE-2024-49513 (PDFL SDK versions 21.0.0.5 and earlier are affected by an out-of-bound ...)
NOT-FOR-US: Adobe
CVE-2024-45156 (Animate versions 23.0.8, 24.0.5 and earlier are affected by a NULL Poi ...)
NOT-FOR-US: Adobe
@@ -1894,7 +2228,7 @@ CVE-2024-53242 (A vulnerability has been identified in Teamcenter Visualization
NOT-FOR-US: Siemens
CVE-2024-53041 (A vulnerability has been identified in Teamcenter Visualization V14.2 ...)
NOT-FOR-US: Siemens
-CVE-2024-52538 (Dell Avamar, version(s) 19.9, contain(s) an Improper Neutralization of ...)
+CVE-2024-52538 (Dell Avamar, version(s) 19.x, contain(s) an Improper Neutralization of ...)
NOT-FOR-US: Dell
CVE-2024-52051 (A vulnerability has been identified in SIMATIC S7-PLCSIM V17 (All vers ...)
NOT-FOR-US: Siemens
@@ -2078,9 +2412,9 @@ CVE-2024-49059 (Microsoft Office Elevation of Privilege Vulnerability)
NOT-FOR-US: Microsoft
CVE-2024-49057 (Microsoft Defender for Endpoint on Android Spoofing Vulnerability)
NOT-FOR-US: Microsoft
-CVE-2024-47977 (Dell Avamar, version(s) 19.9, contain(s) an Improper Neutralization of ...)
+CVE-2024-47977 (Dell Avamar, version(s) 19.x, contain(s) an Improper Neutralization of ...)
NOT-FOR-US: Dell
-CVE-2024-47484 (Dell Avamar, version(s) 19.9, contain(s) an Improper Neutralization of ...)
+CVE-2024-47484 (Dell Avamar, version(s) 19.x, contain(s) an Improper Neutralization of ...)
NOT-FOR-US: Dell
CVE-2024-47117 (IBM Carbon Design System (Carbon Charts 0.4.0 through 1.13.16) is vuln ...)
NOT-FOR-US: IBM
@@ -86433,7 +86767,7 @@ CVE-2024-25623 (Mastodon is a free, open-source social network server based on A
CVE-2024-1633 (During the secure boot, bl2 (the second stage of the bootloader) loops ...)
NOT-FOR-US: Renesas
CVE-2024-1597 (pgjdbc, the PostgreSQL JDBC Driver, allows attacker to inject SQL if u ...)
- {DLA-3812-1}
+ {DLA-3995-1 DLA-3812-1}
- libpgjava 42.7.2-1
[bookworm] - libpgjava <no-dsa> (Minor issue)
NOTE: https://github.com/pgjdbc/pgjdbc/security/advisories/GHSA-24rp-q3w6-vc56
@@ -182494,7 +182828,7 @@ CVE-2022-41948 (DHIS 2 is an open source information system for data capture, ma
CVE-2022-41947 (DHIS 2 is an open source information system for data capture, manageme ...)
NOT-FOR-US: DHIS
CVE-2022-41946 (pgjdbc is an open source postgresql JDBC Driver. In affected versions ...)
- {DLA-3218-1}
+ {DLA-3995-1 DLA-3218-1}
- libpgjava 42.5.1-1
NOTE: https://github.com/pgjdbc/pgjdbc/security/advisories/GHSA-562r-vg33-8x8h
NOTE: https://github.com/pgjdbc/pgjdbc/commit/9008dc9aade6dbfe4efafcd6872ebc55f4699cf5 (REL42.5.1-rc1)
@@ -212131,7 +212465,7 @@ CVE-2022-1797 (A malformed Class 3 common industrial protocol message with a cac
CVE-2022-31198 (OpenZeppelin Contracts is a library for secure smart contract developm ...)
NOT-FOR-US: OpenZeppelin
CVE-2022-31197 (PostgreSQL JDBC Driver (PgJDBC for short) allows Java programs to conn ...)
- {DLA-3140-1}
+ {DLA-3995-1 DLA-3140-1}
- libpgjava 42.4.1-1 (bug #1016662)
NOTE: https://github.com/pgjdbc/pgjdbc/security/advisories/GHSA-r38f-c4h4-hqq2
NOTE: https://github.com/pgjdbc/pgjdbc/commit/739e599d52ad80f8dcd6efedc6157859b1a9d637 (REL42.4.1-rc1)
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/7e3d4a34cbc63954701fcdc823f11c40dae4b400
--
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/7e3d4a34cbc63954701fcdc823f11c40dae4b400
You're receiving this email because of your account on salsa.debian.org.
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://alioth-lists.debian.net/pipermail/debian-security-tracker-commits/attachments/20241216/31d2f603/attachment-0001.htm>
More information about the debian-security-tracker-commits
mailing list