[Git][security-tracker-team/security-tracker][master] automatic update
Salvatore Bonaccorso (@carnil)
carnil at debian.org
Fri Dec 20 20:12:55 GMT 2024
Salvatore Bonaccorso pushed to branch master at Debian Security Tracker / security-tracker
Commits:
b05d4319 by security tracker role at 2024-12-20T20:12:49+00:00
automatic update
- - - - -
1 changed file:
- data/CVE/list
Changes:
=====================================
data/CVE/list
=====================================
@@ -1,3 +1,65 @@
+CVE-2024-7726 (There exists an unauthenticated accessible JTAG port on the Kioxia PM6 ...)
+ TODO: check
+CVE-2024-56356 (In JetBrains TeamCity before 2024.12 insecure XMLParser configuration ...)
+ TODO: check
+CVE-2024-56355 (In JetBrains TeamCity before 2024.12 missing Content-Type header in Re ...)
+ TODO: check
+CVE-2024-56354 (In JetBrains TeamCity before 2024.12 password field value were accessi ...)
+ TODO: check
+CVE-2024-56353 (In JetBrains TeamCity before 2024.12 backup file exposed user credenti ...)
+ TODO: check
+CVE-2024-56352 (In JetBrains TeamCity before 2024.12 stored XSS was possible via image ...)
+ TODO: check
+CVE-2024-56351 (In JetBrains TeamCity before 2024.12 access tokens were not revoked af ...)
+ TODO: check
+CVE-2024-56350 (In JetBrains TeamCity before 2024.12 build credentials allowed unautho ...)
+ TODO: check
+CVE-2024-56349 (In JetBrains TeamCity before 2024.12 improper access control allowed u ...)
+ TODO: check
+CVE-2024-56348 (In JetBrains TeamCity before 2024.12 improper access control allowed v ...)
+ TODO: check
+CVE-2024-56337 (Time-of-check Time-of-use (TOCTOU) Race Condition vulnerability in Apa ...)
+ TODO: check
+CVE-2024-56333 (Onyxia is a web app that aims at being the glue between multiple open ...)
+ TODO: check
+CVE-2024-56331 (Uptime Kuma is an open source, self-hosted monitoring tool. An **Impro ...)
+ TODO: check
+CVE-2024-56330 (Stardust is a platform for streaming isolated desktop containers. With ...)
+ TODO: check
+CVE-2024-56329 (Socialstream is a third-party package for Laravel Jetstream. It replac ...)
+ TODO: check
+CVE-2024-55471 (Oqtane Framework is vulnerable to Insecure Direct Object Reference (ID ...)
+ TODO: check
+CVE-2024-55470 (Oqtane Framework 6.0.0 is vulnerable to Incorrect Access Control. By m ...)
+ TODO: check
+CVE-2024-55342 (A file upload functionality in Piranha CMS 11.1 allows authenticated r ...)
+ TODO: check
+CVE-2024-55341 (A stored cross-site scripting (XSS) vulnerability in Piranha CMS 11.1 ...)
+ TODO: check
+CVE-2024-55186 (An IDOR (Insecure Direct Object Reference) vulnerability exists in oqt ...)
+ TODO: check
+CVE-2024-51466 (IBM Cognos Analytics 11.2.0 through 11.2.4 FP4 and 12.0.0 through 12 ...)
+ TODO: check
+CVE-2024-40695 (IBM Cognos Analytics 11.2.0 through 11.2.4 FP4 and 12.0.0 through 12 ...)
+ TODO: check
+CVE-2024-37758 (Improper access control in the endpoint /RoleMenuMapping/AddRoleMenu o ...)
+ TODO: check
+CVE-2024-28767 (IBM Security Directory Integrator 7.2.0 through 7.2.0.13 and 10.0.0 th ...)
+ TODO: check
+CVE-2024-12867 (Server-Side Request Forgery in URL Mapper in Arctic Security's Arctic ...)
+ TODO: check
+CVE-2024-12842 (A vulnerability was found in Emlog Pro up to 2.4.1. It has been declar ...)
+ TODO: check
+CVE-2024-12841 (A vulnerability was found in Emlog Pro up to 2.4.1. It has been classi ...)
+ TODO: check
+CVE-2024-12840 (A server-side request forgery exists in Satellite. When a PUT HTTP req ...)
+ TODO: check
+CVE-2024-12677 (Delta Electronics DTM Soft deserializes objects, which could allow an ...)
+ TODO: check
+CVE-2024-12014 (Path Traversal and Insecure Direct Object Reference (IDOR) vulnerabili ...)
+ TODO: check
+CVE-2024-10385 (Ticket management system in DirectAdmin Evolution Skin is vulnerable t ...)
+ TODO: check
CVE-2024-9619 (The WP SHAPES plugin for WordPress is vulnerable to Stored Cross-Site ...)
NOT-FOR-US: WordPress plugin
CVE-2024-9503 (The Maintenance & Coming Soon Redirect Animation plugin for WordPress ...)
@@ -292,7 +354,7 @@ CVE-2024-12692 (Type Confusion in V8 in Google Chrome prior to 131.0.6778.204 al
{DSA-5834-1}
- chromium 131.0.6778.204-1
[bullseye] - chromium <end-of-life> (see #1061268)
-CVE-2024-56128
+CVE-2024-56128 (Incorrect Implementation of Authentication Algorithm in Apache Kafka's ...)
- kafka <itp> (bug #786460)
CVE-2024-56059 (Improperly Controlled Modification of Object Prototype Attributes ('Pr ...)
NOT-FOR-US: WordPress plugin
@@ -2272,7 +2334,7 @@ CVE-2024-55587 (python-libarchive through 4.2.1 allows directory traversal (to c
NOT-FOR-US: python-libarchive (different from src:python-libarchive-c)
CVE-2024-54269 (Missing Authorization vulnerability in Ninja Team Notibar allows Explo ...)
NOT-FOR-US: WordPress plugin
-CVE-2024-53677 (File upload logic is flawed vulnerability in Apache Struts. This issu ...)
+CVE-2024-53677 (File upload logic in Apache Struts is flawed.An attacker can manipulat ...)
NOT-FOR-US: Struts 2
CVE-2024-51460 (IBM InfoSphere Information Server 11.7 could allow an authenticated us ...)
NOT-FOR-US: IBM
@@ -3488,7 +3550,7 @@ CVE-2024-45761 (Dell OpenManage Server Administrator, versions 11.0.1.0 and prio
NOT-FOR-US: Dell
CVE-2024-45760 (Dell OpenManage Server Administrator, versions 11.0.1.0 and prior, con ...)
NOT-FOR-US: Dell
-CVE-2024-43222 (Missing Authorization vulnerability in Envato Security Team Sweet Date ...)
+CVE-2024-43222 (Missing Authorization vulnerability in SeventhQueen Sweet Date.This is ...)
NOT-FOR-US: WordPress plugin
CVE-2024-42426 (Dell PowerScale OneFS Versions 9.5.0.x through 9.8.0.x contain an unco ...)
NOT-FOR-US: Dell
@@ -3906,9 +3968,9 @@ CVE-2024-54747 (WAVLINK WN531P3 202383 was discovered to contain a hardcoded pas
NOT-FOR-US: WAVLINK
CVE-2024-54745 (WAVLINK WN701AE M01AE_V240305 was discovered to contain a hardcoded pa ...)
NOT-FOR-US: WAVLINK
-CVE-2024-54216 (Path Traversal: '.../...//' vulnerability in Envato Security Team ARFo ...)
+CVE-2024-54216 (Path Traversal: '.../...//' vulnerability in Repute InfoSystems ARForm ...)
NOT-FOR-US: WordPress plugin
-CVE-2024-54214 (Unrestricted Upload of File with Dangerous Type vulnerability in Envat ...)
+CVE-2024-54214 (Unrestricted Upload of File with Dangerous Type vulnerability in Ronin ...)
NOT-FOR-US: WordPress plugin
CVE-2024-54213 (Improper Neutralization of Input During Web Page Generation ('Cross-si ...)
NOT-FOR-US: WordPress plugin
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/b05d4319d55a0641a495e6b7ffd747001573152e
--
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/b05d4319d55a0641a495e6b7ffd747001573152e
You're receiving this email because of your account on salsa.debian.org.
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://alioth-lists.debian.net/pipermail/debian-security-tracker-commits/attachments/20241220/b40c3d1f/attachment-0001.htm>
More information about the debian-security-tracker-commits
mailing list