[Git][security-tracker-team/security-tracker][master] automatic update
Salvatore Bonaccorso (@carnil)
carnil at debian.org
Wed Dec 18 20:12:26 GMT 2024
Salvatore Bonaccorso pushed to branch master at Debian Security Tracker / security-tracker
Commits:
80e7fe62 by security tracker role at 2024-12-18T20:12:19+00:00
automatic update
- - - - -
1 changed file:
- data/CVE/list
Changes:
=====================================
data/CVE/list
=====================================
@@ -1,3 +1,151 @@
+CVE-2024-56128 (Incorrect Implementation of Authentication Algorithm in Apache Kafka's ...)
+ TODO: check
+CVE-2024-56059 (Improperly Controlled Modification of Object Prototype Attributes ('Pr ...)
+ TODO: check
+CVE-2024-56058 (Deserialization of Untrusted Data vulnerability in Gueststream VRPConn ...)
+ TODO: check
+CVE-2024-56057 (Unrestricted Upload of File with Dangerous Type vulnerability in VibeT ...)
+ TODO: check
+CVE-2024-56055 (Path Traversal: '.../...//' vulnerability in VibeThemes WPLMS allows P ...)
+ TODO: check
+CVE-2024-56054 (Unrestricted Upload of File with Dangerous Type vulnerability in VibeT ...)
+ TODO: check
+CVE-2024-56053 (Improper Neutralization of Special Elements used in an SQL Command ('S ...)
+ TODO: check
+CVE-2024-56052 (Unrestricted Upload of File with Dangerous Type vulnerability in VibeT ...)
+ TODO: check
+CVE-2024-56051 (Improper Control of Generation of Code ('Code Injection') vulnerabilit ...)
+ TODO: check
+CVE-2024-56050 (Unrestricted Upload of File with Dangerous Type vulnerability in VibeT ...)
+ TODO: check
+CVE-2024-56049 (Path Traversal: '.../...//' vulnerability in VibeThemes WPLMS allows P ...)
+ TODO: check
+CVE-2024-56048 (Missing Authorization vulnerability in VibeThemes WPLMS allows Accessi ...)
+ TODO: check
+CVE-2024-56047 (Improper Neutralization of Special Elements used in an SQL Command ('S ...)
+ TODO: check
+CVE-2024-56016 (Improper Neutralization of Input During Web Page Generation ('Cross-si ...)
+ TODO: check
+CVE-2024-56010 (Improper Neutralization of Input During Web Page Generation ('Cross-si ...)
+ TODO: check
+CVE-2024-56008 (Missing Authorization vulnerability in spreadr Spreadr Woocommerce all ...)
+ TODO: check
+CVE-2024-55997 (Missing Authorization vulnerability in Web Chunky Order Delivery & Pic ...)
+ TODO: check
+CVE-2024-55985 (Improper Neutralization of Special Elements used in an SQL Command ('S ...)
+ TODO: check
+CVE-2024-55984 (Improper Neutralization of Special Elements used in an SQL Command ('S ...)
+ TODO: check
+CVE-2024-55983 (Improper Neutralization of Special Elements used in an SQL Command ('S ...)
+ TODO: check
+CVE-2024-55975 (Improper Neutralization of Special Elements used in an SQL Command ('S ...)
+ TODO: check
+CVE-2024-55953 (DataEase is an open source business analytics tool. Authenticated user ...)
+ TODO: check
+CVE-2024-55952 (DataEase is an open source business analytics tool. Authenticated user ...)
+ TODO: check
+CVE-2024-55492 (Winmail Server 4.4 is vulnerable to f_user=%22%3E%3Csvg%20onload Cross ...)
+ TODO: check
+CVE-2024-55089 (Rhymix 2.1.19 is vulnerable to Server-Side Request Forgery (SSRF) in t ...)
+ TODO: check
+CVE-2024-55088 (GetSimple CMS CE 3.3.19 is vulnerable to Server-Side Request Forgery ( ...)
+ TODO: check
+CVE-2024-55086 (In the GetSimple CMS CE 3.3.19 management page, Server-Side Request Fo ...)
+ TODO: check
+CVE-2024-54383 (Incorrect Privilege Assignment vulnerability in wpweb WooCommerce PDF ...)
+ TODO: check
+CVE-2024-54381 (Missing Authorization vulnerability in theDotstore Advance Menu Manage ...)
+ TODO: check
+CVE-2024-54350 (Improper Neutralization of Input During Web Page Generation ('Cross-si ...)
+ TODO: check
+CVE-2024-54270 (Improper Control of Filename for Include/Require Statement in PHP Prog ...)
+ TODO: check
+CVE-2024-53271 (Envoy is a cloud-native high-performance edge/middle/service proxy. In ...)
+ TODO: check
+CVE-2024-53270 (Envoy is a cloud-native high-performance edge/middle/service proxy. In ...)
+ TODO: check
+CVE-2024-53269 (Envoy is a cloud-native high-performance edge/middle/service proxy. Wh ...)
+ TODO: check
+CVE-2024-52593 (Misskey is an open source, federated social media platform.In affected ...)
+ TODO: check
+CVE-2024-52592 (Misskey is an open source, federated social media platform. In affecte ...)
+ TODO: check
+CVE-2024-52591 (Misskey is an open source, federated social media platform. In affecte ...)
+ TODO: check
+CVE-2024-52590 (Misskey is an open source, federated social media platform. In affecte ...)
+ TODO: check
+CVE-2024-52579 (Misskey is an open source, federated social media platform. Some APIs ...)
+ TODO: check
+CVE-2024-52485 (Missing Authorization vulnerability in Yudiz Solutions Ltd. WP Menu Im ...)
+ TODO: check
+CVE-2024-52361 (IBM Storage Defender - Resiliency Service 2.0.0 through 2.0.9 stor ...)
+ TODO: check
+CVE-2024-51646 (Improper Neutralization of Input During Web Page Generation ('Cross-si ...)
+ TODO: check
+CVE-2024-51470 (IBM MQ9.1 LTS, 9.2 LTS, 9.3 LTS, 9.3 CD, 9.4 LTS, 9.4 CD, IBM MQ Appli ...)
+ TODO: check
+CVE-2024-50570 (A Cleartext Storage of Sensitive Information vulnerability [CWE-312] i ...)
+ TODO: check
+CVE-2024-4996 (Use of a hard-coded password for a database administrator account crea ...)
+ TODO: check
+CVE-2024-4995 (Wapro ERP Desktop is vulnerable to MS SQL protocol downgrade request f ...)
+ TODO: check
+CVE-2024-49677 (Improper Neutralization of Input During Web Page Generation ('Cross-si ...)
+ TODO: check
+CVE-2024-49576 (A use-after-free vulnerability exists in the way Foxit Reader 2024.3.0 ...)
+ TODO: check
+CVE-2024-49363 (Misskey is an open source, federated social media platform. In affecte ...)
+ TODO: check
+CVE-2024-49202 (Keyfactor Command before 12.5.0 has Incorrect Access Control: access t ...)
+ TODO: check
+CVE-2024-49201 (Keyfactor Remote File Orchestrator (aka remote-file-orchestrator) 2.8 ...)
+ TODO: check
+CVE-2024-48889 (An Improper Neutralization of Special Elements used in an OS Command ( ...)
+ TODO: check
+CVE-2024-47810 (A use-after-free vulnerability exists in the way Foxit Reader 2024.3.0 ...)
+ TODO: check
+CVE-2024-47119 (IBM Storage Defender - Resiliency Service 2.0.0 through 2.0.9 does not ...)
+ TODO: check
+CVE-2024-47104 (IBM i 7.4 and 7.5 is vulnerable to an authenticated user gaining eleva ...)
+ TODO: check
+CVE-2024-47040 (There is a possible UAF due to a logic error in the code.This could le ...)
+ TODO: check
+CVE-2024-47039 (In isSlotMarkedSuccessful of BootControl.cpp, there is a possible out ...)
+ TODO: check
+CVE-2024-47038 (In dhd_prot_flowrings_pool_release of dhd_msgbuf.c, there is a possibl ...)
+ TODO: check
+CVE-2024-45082 (IBM Cognos Analytics11.2.0 through 11.2.4 and 12.0.0 through 12.0.3 ...)
+ TODO: check
+CVE-2024-41752 (IBM Cognos Analytics11.2.0 through 11.2.4 and 12.0.0 through 12.0.3 is ...)
+ TODO: check
+CVE-2024-36694 (OpenCart 4.0.2.3 is vulnerable to Server-Side Template Injection (SSTI ...)
+ TODO: check
+CVE-2024-25042 (IBM Cognos Analytics11.2.0 through 11.2.4 and 12.0.0 through 12.0.3 ...)
+ TODO: check
+CVE-2024-12741 (A deserialization of untrusted data vulnerability exists in NI DAQExpr ...)
+ TODO: check
+CVE-2024-12554 (The Peter\u2019s Custom Anti-Spam plugin for WordPress is vulnerable t ...)
+ TODO: check
+CVE-2024-12454 (The Affiliate Program Suite \u2014 SliceWP Affiliates plugin for WordP ...)
+ TODO: check
+CVE-2024-12373 (A denial-of-service vulnerability exists in the Rockwell Automation Po ...)
+ TODO: check
+CVE-2024-12372 (A denial-of-service and possible remote code execution vulnerability e ...)
+ TODO: check
+CVE-2024-12371 (A device takeover vulnerability exists in the Rockwell Automation Powe ...)
+ TODO: check
+CVE-2024-12340 (The Animation Addons for Elementor plugin for WordPress is vulnerable ...)
+ TODO: check
+CVE-2024-11926 (The Travel Booking WordPress Theme theme for WordPress is vulnerable t ...)
+ TODO: check
+CVE-2024-11912 (The Travel Booking WordPress Theme theme for WordPress is vulnerable t ...)
+ TODO: check
+CVE-2024-11291 (The Paid Membership Subscriptions \u2013 Effortless Memberships, Recur ...)
+ TODO: check
+CVE-2023-50956 (IBM Storage Defender - Resiliency Service 2.0.0 through 2.0.9 could ...)
+ TODO: check
+CVE-2023-34990 (A relative path traversal in Fortinet FortiWLM version 8.6.0 through 8 ...)
+ TODO: check
CVE-2024-56175 (In Optimizely Configured Commerce before 5.2.2408, malicious payloads ...)
NOT-FOR-US: Optimizely Configured Commerce
CVE-2024-56174 (In Optimizely Configured Commerce before 5.2.2408, malicious payloads ...)
@@ -224,7 +372,7 @@ CVE-2024-10476 (Default credentials are used in the above listed BD Diagnostic S
NOT-FOR-US: BD Diagnostic Solutions
CVE-2024-10356 (The ElementsReady Addons for Elementor plugin for WordPress is vulnera ...)
NOT-FOR-US: WordPress plugin
-CVE-2024-11614
+CVE-2024-11614 (An out-of-bounds read vulnerability was found in DPDK's Vhost library ...)
{DSA-5833-1}
- dpdk 24.11.1-1
NOTE: Introduced by: https://git.dpdk.org/dpdk/commit/?id=ca7036b4af3a82d258cca914e71171434b3d0320 (main, v21.05-rc2)
@@ -22256,9 +22404,9 @@ CVE-2024-41584 (DrayTek Vigor3910 devices through 4.3.2.6 are vulnerable to refl
NOT-FOR-US: DrayTek Vigor310 devices
CVE-2024-41583 (DrayTek Vigor3910 devices through 4.3.2.6 are vulnerable to stored Cro ...)
NOT-FOR-US: DrayTek Vigor310 devices
-CVE-2024-41163 (A directory traversal vulnerability exists in the archive download fun ...)
+CVE-2024-41163 (A directory traversal vulnerability exists in the archive functionalit ...)
NOT-FOR-US: Veertu Anka
-CVE-2024-39755 (A privilege escalation vulnerability exists in the Veertu Anka Build 1 ...)
+CVE-2024-39755 (A privilege escalation vulnerability exists in the node update functio ...)
NOT-FOR-US: Veertu Anka
CVE-2024-36474 (An integer overflow vulnerability exists in the Compound Document Bina ...)
{DSA-5786-1 DLA-3911-1}
@@ -39342,7 +39490,8 @@ CVE-2024-40633 (Sylius is an Open Source eCommerce Framework on Symfony. A secur
NOT-FOR-US: Sylius
CVE-2024-40617 (Path traversal vulnerability exists in FUJITSU Network Edgiot GW1500 ( ...)
NOT-FOR-US: FUJITSU Network Edgiot GW1500
-CVE-2024-40420 (A Server-Side Template Injection (SSTI) vulnerability in the edit them ...)
+CVE-2024-40420
+ REJECTED
NOT-FOR-US: openCart
CVE-2024-40402 (A SQL injection vulnerability was found in 'ajax.php' of Sourcecodeste ...)
NOT-FOR-US: Sourcecodester Simple Library Management System
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/80e7fe624a5f5c12abca7c2e1bc84b71507e77c3
--
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/80e7fe624a5f5c12abca7c2e1bc84b71507e77c3
You're receiving this email because of your account on salsa.debian.org.
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://alioth-lists.debian.net/pipermail/debian-security-tracker-commits/attachments/20241218/7aab4df0/attachment.htm>
More information about the debian-security-tracker-commits
mailing list