[Git][security-tracker-team/security-tracker][master] automatic update
Salvatore Bonaccorso (@carnil)
carnil at debian.org
Thu Dec 19 08:12:06 GMT 2024
Salvatore Bonaccorso pushed to branch master at Debian Security Tracker / security-tracker
Commits:
ebf6451a by security tracker role at 2024-12-19T08:11:59+00:00
automatic update
- - - - -
1 changed file:
- data/CVE/list
Changes:
=====================================
data/CVE/list
=====================================
@@ -1,13 +1,85 @@
-CVE-2024-12695
+CVE-2024-56319 (In Matter (aka connectedhomeip or Project CHIP) through 1.4.0.0 before ...)
+ TODO: check
+CVE-2024-56318 (In raw\TCP.cpp in Matter (aka connectedhomeip or Project CHIP) through ...)
+ TODO: check
+CVE-2024-56317 (In Matter (aka connectedhomeip or Project CHIP) through 1.4.0.0, the W ...)
+ TODO: check
+CVE-2024-56145 (Craft is a flexible, user-friendly CMS for creating custom digital exp ...)
+ TODO: check
+CVE-2024-56140 (Astro is a web framework for content-driven websites. In affected vers ...)
+ TODO: check
+CVE-2024-56116 (A Cross-Site Request Forgery vulnerability in Amiro.CMS before 7.8.4 a ...)
+ TODO: check
+CVE-2024-56115 (A vulnerability in Amiro.CMS before 7.8.4 exists due to the failure to ...)
+ TODO: check
+CVE-2024-55603 (Kanboard is project management software that focuses on the Kanban met ...)
+ TODO: check
+CVE-2024-55506 (An IDOR vulnerability in CodeAstro's Complaint Management System v1.0 ...)
+ TODO: check
+CVE-2024-55505 (An issue in CodeAstro Complaint Management System v.1.0 allows a remot ...)
+ TODO: check
+CVE-2024-55461 (SeaCMS <=13.0 is vulnerable to command execution in phome.php via the ...)
+ TODO: check
+CVE-2024-55239 (A reflected Cross-Site Scripting vulnerability in the standard documen ...)
+ TODO: check
+CVE-2024-55232 (An IDOR vulnerability in the manage-notes.php module in PHPGurukul Onl ...)
+ TODO: check
+CVE-2024-55231 (An IDOR vulnerability in the edit-notes.php module of PHPGurukul Onlin ...)
+ TODO: check
+CVE-2024-53580 (iperf v3.17.1 was discovered to contain a segmentation violation via t ...)
+ TODO: check
+CVE-2024-51532 (Dell PowerStore contains an Improper Neutralization of Argument Delimi ...)
+ TODO: check
+CVE-2024-4230 (External Control of File Name or Path vulnerability in Edgecross Basic ...)
+ TODO: check
+CVE-2024-4229 (Incorrect Default Permissions vulnerability in Edgecross Basic Softwar ...)
+ TODO: check
+CVE-2024-45338 (An attacker can craft an input to the Parse functions that would be pr ...)
+ TODO: check
+CVE-2024-43106 (A library injection vulnerability exists in Microsoft Excel 16.83 for ...)
+ TODO: check
+CVE-2024-42220 (A library injection vulnerability exists in Microsoft Outlook 16.83.3 ...)
+ TODO: check
+CVE-2024-42004 (A library injection vulnerability exists in Microsoft Teams (work or s ...)
+ TODO: check
+CVE-2024-41165 (A library injection vulnerability exists in Microsoft Word 16.83 for m ...)
+ TODO: check
+CVE-2024-41159 (A library injection vulnerability exists in Microsoft OneNote 16.83 fo ...)
+ TODO: check
+CVE-2024-41145 (A library injection vulnerability exists in the WebView.app helper app ...)
+ TODO: check
+CVE-2024-41138 (A library injection vulnerability exists in the com.microsoft.teams2.m ...)
+ TODO: check
+CVE-2024-39804 (A library injection vulnerability exists in Microsoft PowerPoint 16.83 ...)
+ TODO: check
+CVE-2024-37649 (Insecure Permissions vulnerability in SecureSTATION v.2.5.5.3116-S50-S ...)
+ TODO: check
+CVE-2024-35141 (IBM Security Verify Access Docker 10.0.0 through 10.0.6 could allow a ...)
+ TODO: check
+CVE-2024-12686 (A vulnerability has been discovered in Privileged Remote Access (PRA) ...)
+ TODO: check
+CVE-2024-12560 (The Button Block \u2013 Get fully customizable & multi-functional butt ...)
+ TODO: check
+CVE-2024-12121 (The Broken Link Checker | Finder plugin for WordPress is vulnerable to ...)
+ TODO: check
+CVE-2024-11984 (A unrestricted upload of file with dangerous type vulnerability in epa ...)
+ TODO: check
+CVE-2024-11768 (The Download Manager plugin for WordPress is vulnerable to unauthorize ...)
+ TODO: check
+CVE-2024-11740 (The The Download Manager plugin for WordPress is vulnerable to arbitra ...)
+ TODO: check
+CVE-2024-10548 (The WP Project Manager plugin for WordPress is vulnerable to Sensitive ...)
+ TODO: check
+CVE-2024-12695 (Out of bounds write in V8 in Google Chrome prior to 131.0.6778.204 all ...)
- chromium <unfixed>
[bullseye] - chromium <end-of-life> (see #1061268)
-CVE-2024-12694
+CVE-2024-12694 (Use after free in Compositing in Google Chrome prior to 131.0.6778.204 ...)
- chromium <unfixed>
[bullseye] - chromium <end-of-life> (see #1061268)
-CVE-2024-12693
+CVE-2024-12693 (Out of bounds memory access in V8 in Google Chrome prior to 131.0.6778 ...)
- chromium <unfixed>
[bullseye] - chromium <end-of-life> (see #1061268)
-CVE-2024-12692
+CVE-2024-12692 (Type Confusion in V8 in Google Chrome prior to 131.0.6778.204 allowed ...)
- chromium <unfixed>
[bullseye] - chromium <end-of-life> (see #1061268)
CVE-2024-56128 (Incorrect Implementation of Authentication Algorithm in Apache Kafka's ...)
@@ -2936,7 +3008,7 @@ CVE-2024-45493 (An issue was discovered in MSA FieldServer Gateway 5.0.0 through
NOT-FOR-US: SolarWinds
CVE-2024-43600 (Microsoft Office Elevation of Privilege Vulnerability)
NOT-FOR-US: Microsoft
-CVE-2024-43594 (System Center Operations Manager Elevation of Privilege Vulnerability)
+CVE-2024-43594 (Microsoft System Center Elevation of Privilege Vulnerability)
NOT-FOR-US: Microsoft
CVE-2024-12323 (The turboSMTP plugin for WordPress is vulnerable to Reflected Cross-Si ...)
NOT-FOR-US: WordPress plugin
@@ -135354,8 +135426,8 @@ CVE-2023-30445 (IBM Db2 for Linux, UNIX and Windows (includes Db2 Connect Server
NOT-FOR-US: IBM
CVE-2023-30444 (IBM Watson Machine Learning on Cloud Pak for Data 4.0 and 4.5 is vulne ...)
NOT-FOR-US: IBM
-CVE-2023-30443
- RESERVED
+CVE-2023-30443 (IBM Db2 for Linux, UNIX and Windows (includes Db2 Connect Server) 10.5 ...)
+ TODO: check
CVE-2023-30442 (IBM Db2 for Linux, UNIX and Windows (includes Db2 Connect Server) 11.1 ...)
NOT-FOR-US: IBM
CVE-2023-30441 (IBM Runtime Environment, Java Technology Edition IBMJCEPlus and JSSE 8 ...)
@@ -156961,14 +157033,14 @@ CVE-2023-23359
RESERVED
CVE-2023-23358
RESERVED
-CVE-2023-23357
- RESERVED
-CVE-2023-23356
- RESERVED
+CVE-2023-23357 (A cross-site scripting (XSS) vulnerability has been reported to affect ...)
+ TODO: check
+CVE-2023-23356 (A command injection vulnerability has been reported to affect several ...)
+ TODO: check
CVE-2023-23355 (An OS command injection vulnerability has been reported to affect QNAP ...)
NOT-FOR-US: QNAP
-CVE-2023-23354
- RESERVED
+CVE-2023-23354 (A cross-site scripting (XSS) vulnerability has been reported to affect ...)
+ TODO: check
CVE-2023-23353
RESERVED
CVE-2023-23352
@@ -167636,8 +167708,8 @@ CVE-2023-21588 (Adobe InDesign version 18.0 (and earlier), 17.4 (and earlier) ar
NOT-FOR-US: Adobe
CVE-2023-21587 (Adobe InDesign version 18.0 (and earlier), 17.4 (and earlier) are affe ...)
NOT-FOR-US: Adobe
-CVE-2023-21586
- RESERVED
+CVE-2023-21586 (Adobe Acrobat Reader versions 22.003.20282 (and earlier), 22.003.20281 ...)
+ TODO: check
CVE-2023-21585 (Adobe Acrobat Reader versions 22.003.20282 (and earlier), 22.003.20281 ...)
NOT-FOR-US: Adobe
CVE-2023-21584 (FrameMaker 2020 Update 4 (and earlier), 2022 (and earlier) are affecte ...)
@@ -174496,24 +174568,24 @@ CVE-2022-44522
RESERVED
CVE-2022-44521
RESERVED
-CVE-2022-44520
- RESERVED
-CVE-2022-44519
- RESERVED
-CVE-2022-44518
- RESERVED
-CVE-2022-44517
- RESERVED
-CVE-2022-44516
- RESERVED
-CVE-2022-44515
- RESERVED
-CVE-2022-44514
- RESERVED
-CVE-2022-44513
- RESERVED
-CVE-2022-44512
- RESERVED
+CVE-2022-44520 (Acrobat Reader DC version 22.001.20085 (and earlier), 20.005.3031x (an ...)
+ TODO: check
+CVE-2022-44519 (Acrobat Reader DC version 22.001.20085 (and earlier), 20.005.3031x (an ...)
+ TODO: check
+CVE-2022-44518 (Acrobat Reader DC version 22.001.20085 (and earlier), 20.005.3031x (an ...)
+ TODO: check
+CVE-2022-44517 (Acrobat Reader DC version 22.001.20085 (and earlier), 20.005.3031x (an ...)
+ TODO: check
+CVE-2022-44516 (Acrobat Reader DC version 22.001.20085 (and earlier), 20.005.3031x (an ...)
+ TODO: check
+CVE-2022-44515 (Acrobat Reader DC version 22.001.20085 (and earlier), 20.005.3031x (an ...)
+ TODO: check
+CVE-2022-44514 (Acrobat Reader DC version 22.001.20085 (and earlier), 20.005.3031x (an ...)
+ TODO: check
+CVE-2022-44513 (Acrobat Reader DC version 22.001.20085 (and earlier), 20.005.3031x (an ...)
+ TODO: check
+CVE-2022-44512 (Acrobat Reader DC version 22.001.20085 (and earlier), 20.005.3031x (an ...)
+ TODO: check
CVE-2022-44511
RESERVED
CVE-2022-44510 (Adobe Experience Manager version 6.5.14 (and earlier) is affected by a ...)
@@ -186602,10 +186674,10 @@ CVE-2022-40735 (The Diffie-Hellman Key Agreement Protocol allows use of long exp
NOTE: https://dheatattack.gitlab.io/details/
CVE-2022-40734 (UniSharp laravel-filemanager (aka Laravel Filemanager) before 2.6.4 al ...)
NOT-FOR-US: Laravel Filemanager
-CVE-2022-40733
- RESERVED
-CVE-2022-40732
- RESERVED
+CVE-2022-40733 (An access violation vulnerability exists in the DirectComposition func ...)
+ TODO: check
+CVE-2022-40732 (An access violation vulnerability exists in the DirectComposition func ...)
+ TODO: check
CVE-2022-40731
RESERVED
CVE-2022-40730
@@ -205432,8 +205504,8 @@ CVE-2022-33956
RESERVED
CVE-2022-33955 (IBM CICS TX 11.1 could allow allow an attacker with physical access to ...)
NOT-FOR-US: IBM
-CVE-2022-33954
- RESERVED
+CVE-2022-33954 (IBM Robotic Process Automation 21.0.1, 21.0.2, and 21.0.3 could allow ...)
+ TODO: check
CVE-2022-33953 (IBM Robotic Process Automation 21.0.1 and 21.0.2 could allow a user wi ...)
NOT-FOR-US: IBM
CVE-2022-33952
@@ -223840,8 +223912,8 @@ CVE-2022-27602
RESERVED
CVE-2022-27601
RESERVED
-CVE-2022-27600
- RESERVED
+CVE-2022-27600 (An uncontrolled resource consumption vulnerability has been reported t ...)
+ TODO: check
CVE-2022-27599 (An insertion of sensitive information into Log file vulnerability has ...)
NOT-FOR-US: QNAP
CVE-2022-27598 (A vulnerability has been reported to affect QNAP operating systems. If ...)
@@ -223850,8 +223922,8 @@ CVE-2022-27597 (A vulnerability has been reported to affect QNAP operating syste
NOT-FOR-US: QNAP
CVE-2022-27596 (A vulnerability has been reported to affect QNAP device running QuTS h ...)
NOT-FOR-US: QNAP
-CVE-2022-27595
- RESERVED
+CVE-2022-27595 (An insecure library loading vulnerability has been reported to affect ...)
+ TODO: check
CVE-2022-27594
RESERVED
CVE-2022-27593 (An externally controlled reference to a resource vulnerability has bee ...)
@@ -265369,8 +265441,8 @@ CVE-2021-39083
RESERVED
CVE-2021-39082 (IBM UrbanCode Deploy (UCD) 7.1.1.2 uses weaker than expected cryptogra ...)
NOT-FOR-US: IBM
-CVE-2021-39081
- RESERVED
+CVE-2021-39081 (IBM Cognos Analytics Mobile for Android 1.1.14 uses weaker than expect ...)
+ TODO: check
CVE-2021-39080 (Due to weak obfuscation, IBM Cognos Analytics Mobile for Android appli ...)
NOT-FOR-US: IBM
CVE-2021-39079 (IBM Cognos Analytics Mobile for Android applications prior to version ...)
@@ -289299,8 +289371,8 @@ CVE-2021-29829
RESERVED
CVE-2021-29828
RESERVED
-CVE-2021-29827
- RESERVED
+CVE-2021-29827 (IBM InfoSphere Information Server 11.7 could allow a remote attacker t ...)
+ TODO: check
CVE-2021-29826
RESERVED
CVE-2021-29825 (IBM Db2 for Linux, UNIX and Windows (includes Db2 Connect Server) coul ...)
@@ -298700,8 +298772,8 @@ CVE-2021-26095 (The combination of various cryptographic issues in the session m
NOT-FOR-US: FortiMail
CVE-2021-26094
RESERVED
-CVE-2021-26093
- RESERVED
+CVE-2021-26093 (An access of uninitialized pointer (CWE-824) vulnerabilityin FortiWLC ...)
+ TODO: check
CVE-2021-26092 (Failure to sanitize input in the SSL VPN web portal of FortiOS 5.2.10 ...)
NOT-FOR-US: FortiGuard
CVE-2021-26091
@@ -313606,8 +313678,8 @@ CVE-2021-20555
RESERVED
CVE-2021-20554 (IBM Sterling Order Management 9.4, 9.5, and 10.0 is vulnerable to cros ...)
NOT-FOR-US: IBM
-CVE-2021-20553
- RESERVED
+CVE-2021-20553 (IBM Sterling B2B Integrator Standard Edition 5.2.0.0 through 6.1.1.0 i ...)
+ TODO: check
CVE-2021-20552 (IBM Sterling File Gateway 6.0.0.0 through 6.1.1.0 could allow a remote ...)
NOT-FOR-US: IBM
CVE-2021-20551 (IBM Jazz Team Server 6.0.6, 6.0.6.1, 7.0, 7.0.1, and 7.0.2 allows web ...)
@@ -361764,8 +361836,8 @@ CVE-2020-12821 (Gossipsub 1.0 does not properly resist invalid message spam, suc
NOT-FOR-US: Gossipsub
CVE-2020-12820
RESERVED
-CVE-2020-12819
- RESERVED
+CVE-2020-12819 (A heap-based buffer overflow vulnerability in the processing of Link C ...)
+ TODO: check
CVE-2020-12818 (An insufficient logging vulnerability in FortiGate before 6.4.1 may al ...)
NOT-FOR-US: FortiGuard
CVE-2020-12817 (An improper neutralization of input vulnerability in FortiAnalyzer bef ...)
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/ebf6451ae3343fb03d3f0853736daced88917ec8
--
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/ebf6451ae3343fb03d3f0853736daced88917ec8
You're receiving this email because of your account on salsa.debian.org.
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://alioth-lists.debian.net/pipermail/debian-security-tracker-commits/attachments/20241219/0d375b10/attachment.htm>
More information about the debian-security-tracker-commits
mailing list