[Git][security-tracker-team/security-tracker][master] automatic update
Salvatore Bonaccorso (@carnil)
carnil at debian.org
Thu Dec 19 20:12:22 GMT 2024
Salvatore Bonaccorso pushed to branch master at Debian Security Tracker / security-tracker
Commits:
58fed669 by security tracker role at 2024-12-19T20:12:16+00:00
automatic update
- - - - -
1 changed file:
- data/CVE/list
Changes:
=====================================
data/CVE/list
=====================================
@@ -1,7 +1,95 @@
-CVE-2024-9102
+CVE-2024-9154 (A code injection vulnerability in HMS Networks Ewon Flexy 205 allows e ...)
+ TODO: check
+CVE-2024-7139 (Due to an unchecked buffer length, a specially crafted L2CAP packet ca ...)
+ TODO: check
+CVE-2024-7138 (An assert may be triggered, causing a temporary denial of service when ...)
+ TODO: check
+CVE-2024-7137 (The L2CAP receive data buffer for L2CAP packets is restricted to packe ...)
+ TODO: check
+CVE-2024-56200 (Altair is a fork of Misskey v12. Affected versions lack of request val ...)
+ TODO: check
+CVE-2024-56159 (Astro is a web framework for content-driven websites. A bug in the bui ...)
+ TODO: check
+CVE-2024-55196 (Insufficiently Protected Credentials in the Mail Server Configuration ...)
+ TODO: check
+CVE-2024-55082 (A Server-Side Request Forgery (SSRF) in the endpoint http://{your-serv ...)
+ TODO: check
+CVE-2024-55081 (An XML External Entity (XXE) injection vulnerability in the component ...)
+ TODO: check
+CVE-2024-54790 (A SQL Injection vulnerability was found in /index.php in PHPGurukul Pr ...)
+ TODO: check
+CVE-2024-54150 (cjwt is a C JSON Web Token (JWT) Implementation. Algorithm confusion o ...)
+ TODO: check
+CVE-2024-53991 (Discourse is an open source platform for community discussion. This vu ...)
+ TODO: check
+CVE-2024-52897 (IBM MQ Appliance 9.3 LTS, 9.3 CD, and 9.4 LTSweb console could allow a ...)
+ TODO: check
+CVE-2024-52896 (IBM MQ Appliance 9.3 LTS, 9.3 CD, 9.4 LTS, and 9.4 CD web console coul ...)
+ TODO: check
+CVE-2024-52794 (Discourse is an open source platform for community discussion. Users c ...)
+ TODO: check
+CVE-2024-52589 (Discourse is an open source platform for community discussion. Moderat ...)
+ TODO: check
+CVE-2024-51471 (IBM MQ Appliance 9.3 LTS, 9.3 CD, and 9.4 LTSweb console could allow a ...)
+ TODO: check
+CVE-2024-49765 (Discourse is an open source platform for community discussion. Sites t ...)
+ TODO: check
+CVE-2024-49336 (IBM Security Guardium 11.5 is vulnerable to server-side request forger ...)
+ TODO: check
+CVE-2024-47093 (Improper neutralization of input in Nagvis before version 1.9.42 which ...)
+ TODO: check
+CVE-2024-38864 (Incorrect permissions on the Checkmk Windows Agent's data directory in ...)
+ TODO: check
+CVE-2024-37962 (Improper Neutralization of Input During Web Page Generation ('Cross-si ...)
+ TODO: check
+CVE-2024-12801 (Server-Side Request Forgery (SSRF) in SaxEventRecorder by QOS.CH logba ...)
+ TODO: check
+CVE-2024-12798 (ACE vulnerability in JaninoEventEvaluator by QOS.CH logback-core ...)
+ TODO: check
+CVE-2024-12794 (A vulnerability, which was classified as critical, was found in Codezi ...)
+ TODO: check
+CVE-2024-12793 (A vulnerability, which was classified as problematic, has been found i ...)
+ TODO: check
+CVE-2024-12792 (A vulnerability classified as critical was found in Codezips E-Commerc ...)
+ TODO: check
+CVE-2024-12791 (A vulnerability was found in Codezips E-Commerce Site 1.0. It has been ...)
+ TODO: check
+CVE-2024-12790 (A vulnerability was found in code-projects Hostel Management Site 1.0. ...)
+ TODO: check
+CVE-2024-12789 (A vulnerability was found in PbootCMS up to 3.2.3. It has been classif ...)
+ TODO: check
+CVE-2024-12788 (A vulnerability was found in Codezips Technical Discussion Forum 1.0 a ...)
+ TODO: check
+CVE-2024-12787 (A vulnerability has been found in 1000 Projects Attendance Tracking Ma ...)
+ TODO: check
+CVE-2024-12786 (A vulnerability, which was classified as critical, was found in X1a0He ...)
+ TODO: check
+CVE-2024-12785 (A vulnerability was found in itsourcecode Vehicle Management System 1. ...)
+ TODO: check
+CVE-2024-12784 (A vulnerability was found in itsourcecode Vehicle Management System 1. ...)
+ TODO: check
+CVE-2024-12783 (A vulnerability was found in itsourcecode Vehicle Management System 1. ...)
+ TODO: check
+CVE-2024-12782 (A vulnerability has been found in Fujifilm Apeos C3070, Apeos C5570 an ...)
+ TODO: check
+CVE-2024-12626 (The AutomatorWP \u2013 Automator plugin for no-code automations, webho ...)
+ TODO: check
+CVE-2024-12569 (Disclosure of sensitive information in HikVision camera driver's log f ...)
+ TODO: check
+CVE-2024-12331 (The File Manager Pro \u2013 Filester plugin for WordPress is vulnerabl ...)
+ TODO: check
+CVE-2024-11616 (Netskope was made aware of a security vulnerability in Netskope Endpoi ...)
+ TODO: check
+CVE-2024-10244 (Improper Neutralization of Special Elements used in an SQL Command ('S ...)
+ TODO: check
+CVE-2023-7005 (A specially crafted message can be sent to the TTLock App that downgra ...)
+ TODO: check
+CVE-2023-4617 (Incorrect authorization vulnerability in HTTP POST method in Govee Hom ...)
+ TODO: check
+CVE-2024-9102 (phpLDAPadmin since at least version 1.2.0 through the latest version 1 ...)
- phpldapadmin <unfixed>
NOTE: https://www.redguard.ch/blog/2024/12/19/security-advisory-phpldapadmin/
-CVE-2024-9101
+CVE-2024-9101 (A reflected cross-site scripting (XSS) vulnerability in the 'Entry Cho ...)
- phpldapadmin <unfixed>
NOTE: https://www.redguard.ch/blog/2024/12/19/security-advisory-phpldapadmin/
CVE-2024-56319 (In Matter (aka connectedhomeip or Project CHIP) through 1.4.0.0 before ...)
@@ -6368,7 +6456,7 @@ CVE-2024-53901 (The Imager package before 1.025 for Perl has a heap-based buffer
NOTE: https://github.com/tonycoz/imager/issues/534
NOTE: https://github.com/tonycoz/imager/commit/7851737838aa86113b276aea02729cc1f6e9eed0 (v1.025)
NOTE: https://github.com/briandfoy/cpan-security-advisory/issues/167
-CVE-2024-38819
+CVE-2024-38819 (Applications serving static resources through the functional web frame ...)
- libspring-java <unfixed> (unimportant)
NOTE: https://bugzilla.redhat.com/show_bug.cgi?id=2327614
NOTE: Only supported for building applications shipped in Debian, see README.Debian.security
@@ -11076,12 +11164,12 @@ CVE-2024-49369 (Icinga is a monitoring system which checks the availability of n
NOTE: Fixed by: https://github.com/Icinga/icinga2/commit/3504fc7ed688c10d86988e2029a65efc311393fe (v2.13.10)
NOTE: Fixed by: https://github.com/Icinga/icinga2/commit/0419a2c36de408e9a703aec0962061ec9a285d3c (v2.12.11)
NOTE: Fixed by: https://github.com/Icinga/icinga2/commit/8fed6608912c752b337d977f730547875a820831 (v2.11.12)
-CVE-2024-45819
+CVE-2024-45819 (PVH guests have their ACPI tables constructed by the toolstack. The c ...)
[experimental] - xen 4.19.1-1~exp1
- xen <unfixed>
[bullseye] - xen <end-of-life> (EOLed in Bullseye)
NOTE: https://xenbits.xen.org/xsa/advisory-464.html
-CVE-2024-45818
+CVE-2024-45818 (The hypervisor contains code to accelerate VGA memory accesses for HVM ...)
[experimental] - xen 4.19.1-1~exp1
- xen <unfixed>
[bullseye] - xen <end-of-life> (EOLed in Bullseye)
@@ -16225,7 +16313,7 @@ CVE-2024-48539 (Neye3C v4.5.2.0 was discovered to contain a hardcoded encryption
NOT-FOR-US: Neye3C
CVE-2024-48538 (Incorrect access control in the firmware update and download processes ...)
NOT-FOR-US: Neye3C
-CVE-2024-48514 (php-heic-to-jpg <= 1.0.5 is vulnerable to remote code execution. An at ...)
+CVE-2024-48514 (php-heic-to-jpg <= 1.0.5 is vulnerable to code injection (fixed in 1.0 ...)
NOT-FOR-US: php-heic-to-jpg
CVE-2024-48454 (An issue in SourceCodester Purchase Order Management System v1.0 allow ...)
NOT-FOR-US: SourceCodester Purchase Order Management System
@@ -49304,7 +49392,7 @@ CVE-2024-0427 (The ARForms - Premium WordPress Form Builder Plugin WordPress plu
NOT-FOR-US: WordPress plugin
CVE-2024-0160 (Dell Client Platform contains an incorrect authorization vulnerability ...)
NOT-FOR-US: Dell
-CVE-2024-25131
+CVE-2024-25131 (A flaw was found in the MustGather.managed.openshift.io Custom Defined ...)
NOT-FOR-US: MustGather.managed.openshift.io Custom Defined Resource (CRD)
CVE-2024-5847 (Use after free in PDFium in Google Chrome prior to 126.0.6478.54 allow ...)
{DSA-5710-1}
@@ -281736,8 +281824,8 @@ CVE-2021-32591 (A missing cryptographic steps vulnerability in the function that
NOT-FOR-US: FortiGuard
CVE-2021-32590 (Multiple improper neutralization of special elements used in an SQL co ...)
NOT-FOR-US: FortiPortal
-CVE-2021-32589
- RESERVED
+CVE-2021-32589 (A Use After Free (CWE-416) vulnerability in FortiManager version 7.0.0 ...)
+ TODO: check
CVE-2021-32588 (A use of hard-coded credentials (CWE-798) vulnerability in FortiPortal ...)
NOT-FOR-US: FortiGuard
CVE-2021-32587 (An improper access control vulnerability in FortiManager and FortiAnal ...)
@@ -298710,8 +298798,8 @@ CVE-2021-26117 (The optional ActiveMQ LDAP login module can be configured to use
NOTE: https://gitbox.apache.org/repos/asf?p=activemq.git;h=c9f68f4c64b2687eee283b95538753665d2b229b
CVE-2021-26116 (An improper neutralization of special elements used in an OS command v ...)
NOT-FOR-US: FortiAuthenticator
-CVE-2021-26115
- RESERVED
+CVE-2021-26115 (An OS command injection (CWE-78) vulnerability in FortiWAN version 4.5 ...)
+ TODO: check
CVE-2021-26114 (Multiple improper neutralization of special elements used in an SQL co ...)
NOT-FOR-US: FortiWAN
CVE-2021-26113 (A use of a one-way hash with a predictable salt vulnerability [CWE-760 ...)
@@ -298736,8 +298824,8 @@ CVE-2021-26104 (Multiple OS command injection (CWE-78) vulnerabilities in the co
NOT-FOR-US: Fortiguard
CVE-2021-26103 (An insufficient verification of data authenticity vulnerability (CWE-3 ...)
NOT-FOR-US: FortiGuard
-CVE-2021-26102
- RESERVED
+CVE-2021-26102 (A relative path traversal vulnerability (CWE-23) in FortiWAN version 4 ...)
+ TODO: check
CVE-2021-26101
RESERVED
CVE-2021-26100 (A missing cryptographic step in the Identity-Based Encryption service ...)
@@ -307399,8 +307487,8 @@ CVE-2021-22503 (Possible Improper Neutralization of Input During Web Page Gener
NOT-FOR-US: NetIQ
CVE-2021-22502 (Remote Code execution vulnerability in Micro Focus Operation Bridge Re ...)
NOT-FOR-US: Micro Focus
-CVE-2021-22501
- RESERVED
+CVE-2021-22501 (Improper Restriction of XML External Entity Reference vulnerability in ...)
+ TODO: check
CVE-2021-22500 (Cross Site Request Forgery vulnerability in Micro Focus Application Pe ...)
NOT-FOR-US: Micro Focus
CVE-2021-22499 (Persistent Cross-Site scripting vulnerability in Micro Focus Applicati ...)
@@ -353282,8 +353370,8 @@ CVE-2020-15936 (A improper input validation in Fortinet FortiGate version 6.4.3
NOT-FOR-US: FortiGuard
CVE-2020-15935 (A cleartext storage of sensitive information in GUI in FortiADC versio ...)
NOT-FOR-US: Fortiguard
-CVE-2020-15934
- RESERVED
+CVE-2020-15934 (An execution with unnecessary privileges vulnerability in the VCM engi ...)
+ TODO: check
CVE-2020-15933 (A exposure of sensitive information to an unauthorized actor in Fortin ...)
NOT-FOR-US: FortiGuard
CVE-2020-15932 (Overwolf before 0.149.2.30 mishandles Symbolic Links during updates, c ...)
@@ -361816,8 +361904,8 @@ CVE-2020-12822
RESERVED
CVE-2020-12821 (Gossipsub 1.0 does not properly resist invalid message spam, such as a ...)
NOT-FOR-US: Gossipsub
-CVE-2020-12820
- RESERVED
+CVE-2020-12820 (Under non-default configuration, a stack-based buffer overflow in Fort ...)
+ TODO: check
CVE-2020-12819 (A heap-based buffer overflow vulnerability in the processing of Link C ...)
NOT-FOR-US: FortiGuard
CVE-2020-12818 (An insufficient logging vulnerability in FortiGate before 6.4.1 may al ...)
@@ -378445,8 +378533,8 @@ CVE-2020-6925
RESERVED
CVE-2020-6924
RESERVED
-CVE-2020-6923
- RESERVED
+CVE-2020-6923 (The HP Linux Imaging and Printing (HPLIP) software may potentially be ...)
+ TODO: check
CVE-2020-6922 (Potential security vulnerabilities including compromise of integrity, ...)
NOT-FOR-US: HP
CVE-2020-6921 (Potential security vulnerabilities including compromise of integrity, ...)
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/58fed66977624759ae522edcb3e8f10cdfb25464
--
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/58fed66977624759ae522edcb3e8f10cdfb25464
You're receiving this email because of your account on salsa.debian.org.
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://alioth-lists.debian.net/pipermail/debian-security-tracker-commits/attachments/20241219/d751bdf0/attachment-0001.htm>
More information about the debian-security-tracker-commits
mailing list