[Git][security-tracker-team/security-tracker][master] automatic update
Salvatore Bonaccorso (@carnil)
carnil at debian.org
Wed Dec 18 08:12:12 GMT 2024
Salvatore Bonaccorso pushed to branch master at Debian Security Tracker / security-tracker
Commits:
803cdd57 by security tracker role at 2024-12-18T08:12:06+00:00
automatic update
- - - - -
1 changed file:
- data/CVE/list
Changes:
=====================================
data/CVE/list
=====================================
@@ -1,3 +1,91 @@
+CVE-2024-56175 (In Optimizely Configured Commerce before 5.2.2408, malicious payloads ...)
+ TODO: check
+CVE-2024-56174 (In Optimizely Configured Commerce before 5.2.2408, malicious payloads ...)
+ TODO: check
+CVE-2024-56173 (In Optimizely Configured Commerce before 5.2.2408, malicious payloads ...)
+ TODO: check
+CVE-2024-56170 (A validation integrity issue was discovered in Fort through 1.6.4 befo ...)
+ TODO: check
+CVE-2024-56169 (A validation integrity issue was discovered in Fort through 1.6.4 befo ...)
+ TODO: check
+CVE-2024-56142 (pghoard is a PostgreSQL backup daemon and restore tooling that stores ...)
+ TODO: check
+CVE-2024-55059 (A stored HTML Injection vulnerability was identified in PHPGurukul Onl ...)
+ TODO: check
+CVE-2024-55058 (An insecure direct object reference (IDOR) vulnerability was discovere ...)
+ TODO: check
+CVE-2024-55057 (Phpgurukul Online Birth Certificate System 1.0 suffers from insufficie ...)
+ TODO: check
+CVE-2024-55056 (A stored cross-site scripting (XSS) vulnerability was identified in Ph ...)
+ TODO: check
+CVE-2024-54457 (Inclusion of undocumented features or chicken bits issue exists in AE1 ...)
+ TODO: check
+CVE-2024-53688 (Improper neutralization of special elements used in an OS command ('OS ...)
+ TODO: check
+CVE-2024-52792 (LDAP Account Manager (LAM) is a php webfrontend for managing entries ( ...)
+ TODO: check
+CVE-2024-51175 (An issue in H3C switch h3c-S1526 allows a remote attacker to obtain se ...)
+ TODO: check
+CVE-2024-4464 (Authorization bypass through user-controlled key vulnerability in stre ...)
+ TODO: check
+CVE-2024-47480 (Dell Inventory Collector Client, versions prior to 12.7.0, contains an ...)
+ TODO: check
+CVE-2024-47397 (Weak authentication issue exists in AE1021 firmware versions 2.0.10 an ...)
+ TODO: check
+CVE-2024-39703 (In ThreatQuotient ThreatQ before 5.29.3, authenticated users are able ...)
+ TODO: check
+CVE-2024-31668 (rizin before v0.6.3 is vulnerable to Improper Neutralization of Specia ...)
+ TODO: check
+CVE-2024-29646 (Buffer Overflow vulnerability in radarorg radare2 v.5.8.8 allows an at ...)
+ TODO: check
+CVE-2024-21548 (Versions of the package bun before 1.1.30 are vulnerable to Prototype ...)
+ TODO: check
+CVE-2024-21547 (Versions of the package spatie/browsershot before 5.0.2 are vulnerable ...)
+ TODO: check
+CVE-2024-21546 (Versions of the package unisharp/laravel-filemanager before 2.9.1 are ...)
+ TODO: check
+CVE-2024-1610 (In OPPO Store APP, there's a possible escalation of privilege due to i ...)
+ TODO: check
+CVE-2024-12698 (An incomplete fix for ose-olm-catalogd-container was issued for the Ra ...)
+ TODO: check
+CVE-2024-12596 (The LifterLMS \u2013 WP LMS for eLearning, Online Courses, & Quizzes p ...)
+ TODO: check
+CVE-2024-12539 (An issue was discovered where improper authorization controls affected ...)
+ TODO: check
+CVE-2024-12513 (The Contests by Rewards Fuel plugin for WordPress is vulnerable to Sto ...)
+ TODO: check
+CVE-2024-12500 (The Philantro \u2013 Donations and Donor Management plugin for WordPre ...)
+ TODO: check
+CVE-2024-12449 (The Video Share VOD \u2013 Turnkey Video Site Builder Script plugin fo ...)
+ TODO: check
+CVE-2024-12432 (The WPC Shop as a Customer for WooCommerce plugin for WordPress is vul ...)
+ TODO: check
+CVE-2024-12287 (The Biagiotti Membership plugin for WordPress is vulnerable to authent ...)
+ TODO: check
+CVE-2024-12259 (The CRM WordPress Plugin \u2013 RepairBuddy plugin for WordPress is vu ...)
+ TODO: check
+CVE-2024-12250 (The Accept Authorize.NET Payments Using Contact Form 7 plugin for Word ...)
+ TODO: check
+CVE-2024-12061 (The Events Addon for Elementor plugin for WordPress is vulnerable to I ...)
+ TODO: check
+CVE-2024-12025 (The Collapsing Categories plugin for WordPress is vulnerable to SQL In ...)
+ TODO: check
+CVE-2024-11993 (Reflected cross-site scripting (XSS) vulnerability in Liferay Portal 7 ...)
+ TODO: check
+CVE-2024-11881 (The Easy Waveform Player plugin for WordPress is vulnerable to Stored ...)
+ TODO: check
+CVE-2024-11748 (The Taeggie Feed plugin for WordPress is vulnerable to Stored Cross-Si ...)
+ TODO: check
+CVE-2024-11439 (The ScanCircle plugin for WordPress is vulnerable to Stored Cross-Site ...)
+ TODO: check
+CVE-2024-11295 (The Simple Page Access Restriction plugin for WordPress is vulnerable ...)
+ TODO: check
+CVE-2024-11254 (The AMP for WP \u2013 Accelerated Mobile Pages plugin for WordPress is ...)
+ TODO: check
+CVE-2024-10892 (The Cost Calculator Builder WordPress plugin before 3.2.43 does not ha ...)
+ TODO: check
+CVE-2023-37940 (Cross-site scripting (XSS) vulnerability in the edit Service Access Po ...)
+ TODO: check
CVE-2024-9819 (Authorization Bypass Through User-Controlled Key vulnerability in Next ...)
NOT-FOR-US: NextGeography NG Analyser
CVE-2024-9654 (The Easy Digital Downloads plugin for WordPress is vulnerable to Impro ...)
@@ -134,6 +222,7 @@ CVE-2024-10476 (Default credentials are used in the above listed BD Diagnostic S
CVE-2024-10356 (The ElementsReady Addons for Elementor plugin for WordPress is vulnera ...)
NOT-FOR-US: WordPress plugin
CVE-2024-11614
+ {DSA-5833-1}
- dpdk 24.11.1-1
NOTE: Introduced by: https://git.dpdk.org/dpdk/commit/?id=ca7036b4af3a82d258cca914e71171434b3d0320 (main, v21.05-rc2)
NOTE: Fixed by: https://git.dpdk.org/dpdk/commit/?id=4dc4e33ffa108e945fc8a1e2bbc7819791faa61e (main)
@@ -3804,7 +3893,7 @@ CVE-2024-48840 (Unauthorized Access vulnerabilities allow Remote Code Execution.
NOT-FOR-US: ABB
CVE-2024-48839 (Improper Input Validation vulnerability allows Remote Code Execution. ...)
NOT-FOR-US: ABB
-CVE-2024-47133 (UD-LT1 firmware Ver.2.1.8 and earlier and UD-LT1/EX firmware Ver.2.1.8 ...)
+CVE-2024-47133 (UD-LT1 firmware Ver.2.1.9 and earlier and UD-LT1/EX firmware Ver.2.1.9 ...)
NOT-FOR-US: UD-LT1
CVE-2024-45841 (Incorrect permission assignment for critical resource issue exists in ...)
NOT-FOR-US: UD-LT1
@@ -4350,7 +4439,7 @@ CVE-2024-53937 (An issue was discovered on Victure RX1800 WiFi 6 Router (softwar
NOT-FOR-US: Victure RX1800 WiFi 6 Route
CVE-2024-53477 (JFinal CMS 5.1.0 is vulnerable to Command Execution via unauthorized e ...)
NOT-FOR-US: JFinal CMS
-CVE-2024-53375 (Authenticated remote code execution (RCE) vulnerabilities affect TP-Li ...)
+CVE-2024-53375 (An Authenticated Remote Code Execution (RCE) vulnerability affects the ...)
NOT-FOR-US: TP-Link
CVE-2024-49581 (Restricted Views backed objects (OSV1) could be bypassed under specifi ...)
NOT-FOR-US: Palantir
@@ -11747,7 +11836,7 @@ CVE-2024-10285 (The CE21 Suite plugin for WordPress is vulnerable to sensitive i
NOT-FOR-US: WordPress plugin
CVE-2024-10284 (The CE21 Suite plugin for WordPress is vulnerable to authentication by ...)
NOT-FOR-US: WordPress plugin
-CVE-2024-10973
+CVE-2024-10973 (A vulnerability was found in Keycloak. The environment option `KC_CACH ...)
NOT-FOR-US: Keycloak
CVE-2024-9841 (A Reflected Cross-Site Scripting (XSS) vulnerability has been identifi ...)
NOT-FOR-US: OpenText
@@ -20171,7 +20260,7 @@ CVE-2024-25622 (h2o is an HTTP server with support for HTTP/1.x, HTTP/2 and HTTP
NOTE: https://github.com/h2o/h2o/commit/123f5e2b65dcdba8f7ef659a00d24bd1249141be
CVE-2023-42133 (PAX Android based POS devices allow for escalation of privilege via im ...)
NOT-FOR-US: PAX Android based POS devices
-CVE-2024-9779
+CVE-2024-9779 (A flaw was found in Open Cluster Management (OCM) when a user has acce ...)
NOT-FOR-US: Open Cluster Management (OCM)
CVE-2024-47499 (An Improper Check for Unusual or Exceptional Conditions vulnerability ...)
NOT-FOR-US: Juniper
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/803cdd57ec03e8841d39fd747b940abd91ef9f54
--
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/803cdd57ec03e8841d39fd747b940abd91ef9f54
You're receiving this email because of your account on salsa.debian.org.
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://alioth-lists.debian.net/pipermail/debian-security-tracker-commits/attachments/20241218/3d501a89/attachment.htm>
More information about the debian-security-tracker-commits
mailing list