[Git][security-tracker-team/security-tracker][master] automatic update
Salvatore Bonaccorso (@carnil)
carnil at debian.org
Fri Dec 20 08:12:06 GMT 2024
Salvatore Bonaccorso pushed to branch master at Debian Security Tracker / security-tracker
Commits:
f5d8a865 by security tracker role at 2024-12-20T08:11:59+00:00
automatic update
- - - - -
1 changed file:
- data/CVE/list
Changes:
=====================================
data/CVE/list
=====================================
@@ -1,3 +1,107 @@
+CVE-2024-9619 (The WP SHAPES plugin for WordPress is vulnerable to Stored Cross-Site ...)
+ TODO: check
+CVE-2024-9503 (The Maintenance & Coming Soon Redirect Animation plugin for WordPress ...)
+ TODO: check
+CVE-2024-8968 (The WordPress Button Plugin MaxButtons WordPress plugin before 9.8.1 d ...)
+ TODO: check
+CVE-2024-5955 (Cross-site scripting vulnerability in Trellix ePolicy Orchestrator pri ...)
+ TODO: check
+CVE-2024-56327 (pyrage is a set of Python bindings for the rage file encryption librar ...)
+ TODO: check
+CVE-2024-54984 (An issue in Quectel BG96 BG96MAR02A08M1G allows attackers to bypass au ...)
+ TODO: check
+CVE-2024-54983 (An issue in Quectel BC95-CNV V100R001C00SPC051 allows attackers to byp ...)
+ TODO: check
+CVE-2024-54982 (An issue in Quectel BC25 with firmware version BC25PAR01A06 allows att ...)
+ TODO: check
+CVE-2024-54663 (An issue was discovered in the Webmail Classic UI in Zimbra Collaborat ...)
+ TODO: check
+CVE-2024-54538 (A denial-of-service issue was addressed with improved input validation ...)
+ TODO: check
+CVE-2024-54009 (Remote authentication bypass vulnerability in HPE Alletra Storage MP B ...)
+ TODO: check
+CVE-2024-44298 (A privacy issue was addressed with improved private data redaction for ...)
+ TODO: check
+CVE-2024-44293 (A privacy issue was addressed with improved private data redaction for ...)
+ TODO: check
+CVE-2024-44292 (A privacy issue was addressed with improved private data redaction for ...)
+ TODO: check
+CVE-2024-44231 (This issue was addressed through improved state management. This issue ...)
+ TODO: check
+CVE-2024-44223 (This issue was addressed through improved state management. This issue ...)
+ TODO: check
+CVE-2024-44211 (This issue was addressed with improved validation of symlinks. This is ...)
+ TODO: check
+CVE-2024-44195 (A logic issue was addressed with improved validation. This issue is fi ...)
+ TODO: check
+CVE-2024-21549 (Versions of the package spatie/browsershot before 5.0.3 are vulnerable ...)
+ TODO: check
+CVE-2024-12832 (Arista NG Firewall ReportEntry SQL Injection Arbitrary File Read and W ...)
+ TODO: check
+CVE-2024-12831 (Arista NG Firewall uvm_login Incorrect Authorization Privilege Escalat ...)
+ TODO: check
+CVE-2024-12830 (Arista NG Firewall custom_handler Directory Traversal Remote Code Exec ...)
+ TODO: check
+CVE-2024-12829 (Arista NG Firewall ExecManagerImpl Command Injection Remote Code Execu ...)
+ TODO: check
+CVE-2024-12729 (A post-auth code injection vulnerability in the User Portal allows aut ...)
+ TODO: check
+CVE-2024-12728 (A weak credentials vulnerability potentially allows privileged system ...)
+ TODO: check
+CVE-2024-12727 (A pre-auth SQL injection vulnerability in the email protection feature ...)
+ TODO: check
+CVE-2024-12700 (There is an unrestricted file upload vulnerability where it is possibl ...)
+ TODO: check
+CVE-2024-12678 (Nomad Community and Nomad Enterprise ("Nomad") allocations are vulnera ...)
+ TODO: check
+CVE-2024-12672 (A third-party vulnerability exists in the Rockwell AutomationArena\xae ...)
+ TODO: check
+CVE-2024-12571 (The Store Locator for WordPress with Google Maps \u2013 LotsOfLocales ...)
+ TODO: check
+CVE-2024-12509 (The Embed Twine plugin for WordPress is vulnerable to Stored Cross-Sit ...)
+ TODO: check
+CVE-2024-12506 (The NACC WordPress Plugin plugin for WordPress is vulnerable to Stored ...)
+ TODO: check
+CVE-2024-12175 (Another \u201cuse after free\u201dcode execution vulnerability exists ...)
+ TODO: check
+CVE-2024-12111 (In a specific scenario a LDAP user can abuse the authentication proces ...)
+ TODO: check
+CVE-2024-11893 (The Spoki \u2013 Chat Buttons and WooCommerce Notifications plugin for ...)
+ TODO: check
+CVE-2024-11878 (The Category Post Slider plugin for WordPress is vulnerable to Stored ...)
+ TODO: check
+CVE-2024-11812 (The Wtyczka SeoPilot dla WP plugin for WordPress is vulnerable to Cros ...)
+ TODO: check
+CVE-2024-11806 (The PKT1 Centro de envios plugin for WordPress is vulnerable to Reflec ...)
+ TODO: check
+CVE-2024-11784 (The Sell Tickets Online \u2013 TicketSource Ticket Shop for WordPress ...)
+ TODO: check
+CVE-2024-11783 (The Financial Calculator plugin for WordPress is vulnerable to Stored ...)
+ TODO: check
+CVE-2024-11776 (The PCRecruiter Extensions plugin for WordPress is vulnerable to Store ...)
+ TODO: check
+CVE-2024-11775 (The Particle Background plugin for WordPress is vulnerable to Stored C ...)
+ TODO: check
+CVE-2024-11774 (The Outdooractive Embed plugin for WordPress is vulnerable to Stored C ...)
+ TODO: check
+CVE-2024-11411 (The Spotlightr plugin for WordPress is vulnerable to Stored Cross-Site ...)
+ TODO: check
+CVE-2024-11364 (Another \u201cuninitialized variable\u201d code execution vulnerabilit ...)
+ TODO: check
+CVE-2024-11331 (The \u0627\u0633\u062a\u062e\u0631\u0627\u062c \u0645\u062d\u0635\u064 ...)
+ TODO: check
+CVE-2024-11297 (The Page Restriction WordPress (WP) \u2013 Protect WP Pages/Post plugi ...)
+ TODO: check
+CVE-2024-11157 (A third-party vulnerability exists in the Rockwell Automation Arena\xa ...)
+ TODO: check
+CVE-2024-11108 (The Serious Slider WordPress plugin before 1.2.7 does not validate and ...)
+ TODO: check
+CVE-2024-10706 (The Download Manager WordPress plugin before 3.3.03 does not sanitise ...)
+ TODO: check
+CVE-2024-10555 (The WordPress Button Plugin MaxButtons WordPress plugin before 9.8.1 d ...)
+ TODO: check
+CVE-2023-42867 (This issue was addressed with improved validation of the process entit ...)
+ TODO: check
CVE-2024-9154 (A code injection vulnerability in HMS Networks Ewon Flexy 205 allows e ...)
NOT-FOR-US: HMS Networks Ewon Flexy 205
CVE-2024-7139 (Due to an unchecked buffer length, a specially crafted L2CAP packet ca ...)
@@ -173,15 +277,19 @@ CVE-2024-11740 (The The Download Manager plugin for WordPress is vulnerable to a
CVE-2024-10548 (The WP Project Manager plugin for WordPress is vulnerable to Sensitive ...)
NOT-FOR-US: WordPress plugin
CVE-2024-12695 (Out of bounds write in V8 in Google Chrome prior to 131.0.6778.204 all ...)
+ {DSA-5834-1}
- chromium 131.0.6778.204-1
[bullseye] - chromium <end-of-life> (see #1061268)
CVE-2024-12694 (Use after free in Compositing in Google Chrome prior to 131.0.6778.204 ...)
+ {DSA-5834-1}
- chromium 131.0.6778.204-1
[bullseye] - chromium <end-of-life> (see #1061268)
CVE-2024-12693 (Out of bounds memory access in V8 in Google Chrome prior to 131.0.6778 ...)
+ {DSA-5834-1}
- chromium 131.0.6778.204-1
[bullseye] - chromium <end-of-life> (see #1061268)
CVE-2024-12692 (Type Confusion in V8 in Google Chrome prior to 131.0.6778.204 allowed ...)
+ {DSA-5834-1}
- chromium 131.0.6778.204-1
[bullseye] - chromium <end-of-life> (see #1061268)
CVE-2024-56128 (Incorrect Implementation of Authentication Algorithm in Apache Kafka's ...)
@@ -70467,7 +70575,7 @@ CVE-2024-1456 (An S3 bucket takeover vulnerability was identified in the h2oai/h
CVE-2024-1183 (An SSRF (Server-Side Request Forgery) vulnerability exists in the grad ...)
NOT-FOR-US: Gradio
CVE-2024-1135 (Gunicorn fails to properly validate Transfer-Encoding headers, leading ...)
- {DLA-3851-1}
+ {DLA-3996-1 DLA-3851-1}
- gunicorn 22.0.0-1 (bug #1069126)
[bookworm] - gunicorn <no-dsa> (Minor issue)
[buster] - gunicorn <postponed> (Minor issue)
@@ -72919,7 +73027,7 @@ CVE-2023-41677 (A insufficiently protected credentials in Fortinet FortiProxy 7.
NOT-FOR-US: FortiGuard
CVE-2022-4965 (The Invitation Code Content Restriction Plugin from CreativeMinds plug ...)
NOT-FOR-US: WordPress plugin
-CVE-2024-2201 [Native Branch History Injection]
+CVE-2024-2201 (A cross-privilege Spectre v2 vulnerability allows attackers to bypass ...)
{DSA-5658-1}
- linux 6.8.9-1
[experimental] - xen 4.19.0+14-g0918434e0f-1~exp1
@@ -205025,8 +205133,8 @@ CVE-2022-34161 (IBM CICS TX 11.1 is vulnerable to cross-site request forgery whi
NOT-FOR-US: IBM
CVE-2022-34160 (IBM CICS TX Standard and Advanced 11.1 is vulnerable to HTML injection ...)
NOT-FOR-US: IBM
-CVE-2022-34159
- RESERVED
+CVE-2022-34159 (Huawei printers have an input verification vulnerability. Successful e ...)
+ TODO: check
CVE-2022-34158 (A carefully crafted invocation on the Image plugin could trigger an CS ...)
- jspwiki <removed>
CVE-2022-2143 (The affected product is vulnerable to two instances of command injecti ...)
@@ -210100,10 +210208,10 @@ CVE-2022-1973 (A use-after-free flaw was found in the Linux kernel in log_replay
NOTE: https://git.kernel.org/linus/f26967b9f7a830e228bb13fb41bd516ddd9d789d (5.19-rc1)
CVE-2022-1972
REJECTED
-CVE-2022-32204
- RESERVED
-CVE-2022-32203
- RESERVED
+CVE-2022-32204 (There is an improper input verification vulnerability in Huawei printe ...)
+ TODO: check
+CVE-2022-32203 (There is a command injection vulnerability in Huawei terminal printer ...)
+ TODO: check
CVE-2022-1971 (The NextCellent Gallery WordPress plugin through 1.9.35 does not sanit ...)
NOT-FOR-US: WordPress plugin
CVE-2022-1970
@@ -210293,8 +210401,8 @@ CVE-2022-32146
RESERVED
CVE-2022-32145 (A vulnerability has been identified in Teamcenter Active Workspace V5. ...)
NOT-FOR-US: Siemens
-CVE-2022-32144
- RESERVED
+CVE-2022-32144 (There is an insufficient input verification vulnerability in Huawei pr ...)
+ TODO: check
CVE-2022-32143 (In multiple CODESYS products, file download and upload function allows ...)
NOT-FOR-US: CODESYS
CVE-2022-32142 (Multiple CODESYS Products are prone to a out-of bounds read or write a ...)
@@ -372749,8 +372857,8 @@ CVE-2020-9252 (HUAWEI Mate 20 versions earlier than 10.1.0.160(C00E160R3P8), HUA
NOT-FOR-US: Huawei
CVE-2020-9251 (HUAWEI Mate 20 smartphones with versions earlier than 10.1.0.160(C00E1 ...)
NOT-FOR-US: Huawei
-CVE-2020-9250
- RESERVED
+CVE-2020-9250 (There is an insufficient authentication vulnerability in some Huawei s ...)
+ TODO: check
CVE-2020-9249 (HUAWEI P30 smartphones with versions earlier than 10.1.0.160(C00E160R2 ...)
NOT-FOR-US: Huawei
CVE-2020-9248 (Huawei FusionComput 8.0.0 have an improper authorization vulnerability ...)
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/f5d8a865c5dc1ca9398bdcc245d39844f76d3336
--
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/f5d8a865c5dc1ca9398bdcc245d39844f76d3336
You're receiving this email because of your account on salsa.debian.org.
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://alioth-lists.debian.net/pipermail/debian-security-tracker-commits/attachments/20241220/2365dec3/attachment.htm>
More information about the debian-security-tracker-commits
mailing list