[Git][security-tracker-team/security-tracker][master] automatic update

Salvatore Bonaccorso (@carnil) carnil at debian.org
Tue Dec 17 20:12:55 GMT 2024



Salvatore Bonaccorso pushed to branch master at Debian Security Tracker / security-tracker


Commits:
4c5bbf87 by security tracker role at 2024-12-17T20:12:49+00:00
automatic update

- - - - -


1 changed file:

- data/CVE/list


Changes:

=====================================
data/CVE/list
=====================================
@@ -1,10 +1,116 @@
+CVE-2024-9819 (Authorization Bypass Through User-Controlled Key vulnerability in Next ...)
+	TODO: check
+CVE-2024-9654 (The Easy Digital Downloads plugin for WordPress is vulnerable to Impro ...)
+	TODO: check
+CVE-2024-8972 (Improper Neutralization of Special Elements used in an SQL Command ('S ...)
+	TODO: check
+CVE-2024-8475 (Authentication Bypass by Assumed-Immutable Data vulnerability in Digit ...)
+	TODO: check
+CVE-2024-8429 (Improper Restriction of Excessive Authentication Attempts vulnerabilit ...)
+	TODO: check
+CVE-2024-8326 (The s2Member \u2013 Excellent for All Kinds of Memberships, Content Re ...)
+	TODO: check
+CVE-2024-56139 (pdftools is a high level tools to convert PDF files to ePUB formats. I ...)
+	TODO: check
+CVE-2024-55516 (A vulnerability was found in Raisecom MSG1200, MSG2100E, MSG2200, and  ...)
+	TODO: check
+CVE-2024-55515 (A vulnerability was found in Raisecom MSG1200, MSG2100E, MSG2200, and  ...)
+	TODO: check
+CVE-2024-55514 (A vulnerability was found in Raisecom MSG1200, MSG2100E, MSG2200, and  ...)
+	TODO: check
+CVE-2024-55513 (A vulnerability was found in Raisecom MSG1200, MSG2100E, MSG2200, and  ...)
+	TODO: check
+CVE-2024-55496 (A vulnerability has been found in the 1000projects Bookstore Managemen ...)
+	TODO: check
+CVE-2024-54677 (Uncontrolled Resource Consumption vulnerability in the examples web ap ...)
+	TODO: check
+CVE-2024-54662 (Dante 1.4.0 through 1.4.3 (fixed in 1.4.4) has incorrect access contro ...)
+	TODO: check
+CVE-2024-52542 (Dell AppSync, version 4.6.0.x, contain a Symbolic Link (Symlink) Follo ...)
+	TODO: check
+CVE-2024-51479 (Next.js is a React framework for building full-stack web applications. ...)
+	TODO: check
+CVE-2024-50379 (Time-of-check Time-of-use (TOCTOU) Race Condition vulnerability during ...)
+	TODO: check
+CVE-2024-49820 (IBM Security Guardium Key Lifecycle Manager 4.1, 4.1.1, 4.2.0, and 4.2 ...)
+	TODO: check
+CVE-2024-49819 (IBM Security Guardium Key Lifecycle Manager 4.1, 4.1.1, 4.2.0, and 4.2 ...)
+	TODO: check
+CVE-2024-49818 (IBM Security Guardium Key Lifecycle Manager 4.1, 4.1.1, 4.2.0, and 4.2 ...)
+	TODO: check
+CVE-2024-49817 (IBM Security Guardium Key Lifecycle Manager 4.1, 4.1.1, 4.2.0, and 4.2 ...)
+	TODO: check
+CVE-2024-49816 (IBM Security Guardium Key Lifecycle Manager 4.1, 4.1.1, 4.2.0, and 4.2 ...)
+	TODO: check
+CVE-2024-49194 (Databricks JDBC Driver before 2.6.40 could potentially allow remote co ...)
+	TODO: check
+CVE-2024-42194 (An improper handling of insufficient permissions or privileges affects ...)
+	TODO: check
+CVE-2024-37607 (A Buffer overflow vulnerability in D-Link DAP-2555 REVA_FIRMWARE_1.20  ...)
+	TODO: check
+CVE-2024-37606 (A Stack overflow vulnerability in D-Link DCS-932L REVB_FIRMWARE_2.18.0 ...)
+	TODO: check
+CVE-2024-37605 (A NULL pointer dereference in D-Link DIR-860L REVB_FIRMWARE_2.04.B04_i ...)
+	TODO: check
+CVE-2024-36832 (A NULL pointer dereference in D-Link DAP-1513 REVA_FIRMWARE_1.01 allow ...)
+	TODO: check
+CVE-2024-36831 (A NULL pointer dereference in the plugins_call_handle_uri_clean functi ...)
+	TODO: check
+CVE-2024-12671 (A maliciously crafted DWFX file, when parsed through Autodesk Naviswor ...)
+	TODO: check
+CVE-2024-12670 (A maliciously crafted DWF file, when parsed through Autodesk Naviswork ...)
+	TODO: check
+CVE-2024-12669 (A maliciously crafted DWFX file, when parsed through Autodesk Naviswor ...)
+	TODO: check
+CVE-2024-12601 (The Calculated Fields Form plugin for WordPress is vulnerable to Denia ...)
+	TODO: check
+CVE-2024-12469 (The WP BASE Booking of Appointments, Services and Events plugin for Wo ...)
+	TODO: check
+CVE-2024-12395 (The WooCommerce Additional Fees On Checkout (Free) plugin for WordPres ...)
+	TODO: check
+CVE-2024-12293 (The User Role Editor plugin for WordPress is vulnerable to Cross-Site  ...)
+	TODO: check
+CVE-2024-12200 (A maliciously crafted DWFX file, when parsed through Autodesk Naviswor ...)
+	TODO: check
+CVE-2024-12199 (A maliciously crafted DWFX file, when parsed through Autodesk Naviswor ...)
+	TODO: check
+CVE-2024-12198 (A maliciously crafted DWFX file, when parsed through Autodesk Naviswor ...)
+	TODO: check
+CVE-2024-12197 (A maliciously crafted DWFX file, when parsed through Autodesk Naviswor ...)
+	TODO: check
+CVE-2024-12194 (A maliciously crafted DWFX file, when parsed through Autodesk Naviswor ...)
+	TODO: check
+CVE-2024-12193 (A maliciously crafted DWFX file, when parsed through Autodesk Naviswor ...)
+	TODO: check
+CVE-2024-12192 (A maliciously crafted DWF file, when parsed through Autodesk Naviswork ...)
+	TODO: check
+CVE-2024-12191 (A maliciously crafted DWFX file, when parsed through Autodesk Naviswor ...)
+	TODO: check
+CVE-2024-12179 (A maliciously crafted DWFX file, when parsed through Autodesk Naviswor ...)
+	TODO: check
+CVE-2024-12178 (A maliciously crafted DWFX file, when parsed through Autodesk Naviswor ...)
+	TODO: check
+CVE-2024-12127 (The Learning Management System, eLearning, Course Builder, WordPress L ...)
+	TODO: check
+CVE-2024-12024 (The EventPrime \u2013 Events Calendar, Bookings and Tickets plugin for ...)
+	TODO: check
+CVE-2024-11422 (A maliciously crafted DWFX file, when parsed through Autodesk Naviswor ...)
+	TODO: check
+CVE-2024-11294 (The Memberful plugin for WordPress is vulnerable to Sensitive Informat ...)
+	TODO: check
+CVE-2024-11280 (The PPWP \u2013 Password Protect Pages plugin for WordPress is vulnera ...)
+	TODO: check
+CVE-2024-10476 (Default credentials are used in the above listed BD Diagnostic Solutio ...)
+	TODO: check
+CVE-2024-10356 (The ElementsReady Addons for Elementor plugin for WordPress is vulnera ...)
+	TODO: check
 CVE-2024-11614
 	- dpdk 24.11.1-1
 	NOTE: Introduced by: https://git.dpdk.org/dpdk/commit/?id=ca7036b4af3a82d258cca914e71171434b3d0320 (main, v21.05-rc2)
 	NOTE: Fixed by: https://git.dpdk.org/dpdk/commit/?id=4dc4e33ffa108e945fc8a1e2bbc7819791faa61e (main)
 	NOTE: Fixed by: https://git.dpdk.org/dpdk-stable/commit/?id=fdf13ea6fede07538fbe5e2a46fa6d4b2368fa81 (v24.11.1)
 	NOTE: Fixed by: https://git.dpdk.org/dpdk-stable/commit/?id=1570aef08bfde179449a9501bd54888a7d5f2cd6 (v22.11.7)
-CVE-2024-53144 [Bluetooth: hci_event: Align BR/EDR JUST_WORKS paring with LE]
+CVE-2024-53144 (In the Linux kernel, the following vulnerability has been resolved:  B ...)
 	- linux 6.11.4-1
 	[bookworm] - linux 6.1.115-1
 	NOTE: https://git.kernel.org/linus/b25e11f978b63cb7857890edb3a698599cddb10e (6.12-rc3)
@@ -2514,9 +2620,9 @@ CVE-2024-46340 (TP-Link TL-WR845N(UN)_V4_200909 and TL-WR845N(UN)_V4_190219 was
 	NOT-FOR-US: TP-Link
 CVE-2024-45709 (SolarWinds Web Help Desk was susceptible to a local file read vulnerab ...)
 	NOT-FOR-US: SolarWinds
-CVE-2024-45494 (An issue was discovered in MSA Safety FieldServer Gateways and Embedde ...)
+CVE-2024-45494 (An issue was discovered in MSA FieldServer Gateway 5.0.0 through 6.5.2 ...)
 	NOT-FOR-US: Nette DatabaseSolarWinds
-CVE-2024-45493 (An issue was discovered in MSA Safety FieldServer Gateways and Embedde ...)
+CVE-2024-45493 (An issue was discovered in MSA FieldServer Gateway 5.0.0 through 6.5.2 ...)
 	NOT-FOR-US: SolarWinds
 CVE-2024-43600 (Microsoft Office Elevation of Privilege Vulnerability)
 	NOT-FOR-US: Microsoft
@@ -402325,7 +402431,7 @@ CVE-2019-17084
 	RESERVED
 CVE-2019-17083
 	RESERVED
-CVE-2019-17082 (Missing Authentication for Critical Function vulnerability in OpenText ...)
+CVE-2019-17082 (Insufficiently Protected Credentials vulnerability in OpenText\u2122 A ...)
 	NOT-FOR-US: OpenText
 CVE-2019-17081
 	RESERVED



View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/4c5bbf878d61524b173fff90128995e967b321a7

-- 
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/4c5bbf878d61524b173fff90128995e967b321a7
You're receiving this email because of your account on salsa.debian.org.


-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://alioth-lists.debian.net/pipermail/debian-security-tracker-commits/attachments/20241217/b678eeae/attachment.htm>


More information about the debian-security-tracker-commits mailing list