[Git][security-tracker-team/security-tracker][master] automatic update

Salvatore Bonaccorso (@carnil) carnil at debian.org
Mon Nov 4 20:12:46 GMT 2024 


Salvatore Bonaccorso pushed to branch master at Debian Security Tracker / security-tracker


Commits:
450caa33 by security tracker role at 2024-11-04T20:12:40+00:00
automatic update

- - - - -


1 changed file:

- data/CVE/list


Changes:

=====================================
data/CVE/list
=====================================
@@ -1,4 +1,190 @@
-CVE-2024-23590
+CVE-2024-9147 (Improper Neutralization of Script-Related HTML Tags in a Web Page (Bas ...)
+	TODO: check
+CVE-2024-51685 (Improper Neutralization of Input During Web Page Generation (XSS or 'C ...)
+	TODO: check
+CVE-2024-51683 (Improper Neutralization of Input During Web Page Generation (XSS or 'C ...)
+	TODO: check
+CVE-2024-51682 (Improper Neutralization of Input During Web Page Generation (XSS or 'C ...)
+	TODO: check
+CVE-2024-51681 (Improper Neutralization of Input During Web Page Generation (XSS or 'C ...)
+	TODO: check
+CVE-2024-51680 (Improper Neutralization of Input During Web Page Generation (XSS or 'C ...)
+	TODO: check
+CVE-2024-51678 (Improper Neutralization of Input During Web Page Generation (XSS or 'C ...)
+	TODO: check
+CVE-2024-51677 (Improper Neutralization of Input During Web Page Generation (XSS or 'C ...)
+	TODO: check
+CVE-2024-51672 (Improper Neutralization of Special Elements used in an SQL Command ('S ...)
+	TODO: check
+CVE-2024-51665 (Server-Side Request Forgery (SSRF) vulnerability in Noor alam Magical  ...)
+	TODO: check
+CVE-2024-51661 (Improper Neutralization of Special Elements used in an OS Command ('OS ...)
+	TODO: check
+CVE-2024-51626 (Improper Neutralization of Special Elements used in an SQL Command ('S ...)
+	TODO: check
+CVE-2024-51582 (Path Traversal: '.../...//' vulnerability in ThimPress WP Hotel Bookin ...)
+	TODO: check
+CVE-2024-51561 (This vulnerability exists in Aero due to improper implementation of OT ...)
+	TODO: check
+CVE-2024-51560 (This vulnerability exists in the Wave 2.0due to improper exception han ...)
+	TODO: check
+CVE-2024-51559 (This vulnerability exists in the Wave 2.0dueto missing authorization c ...)
+	TODO: check
+CVE-2024-51558 (This vulnerability exists in the Wave 2.0due to missing restrictions f ...)
+	TODO: check
+CVE-2024-51557 (This vulnerability exists in the Wave 2.0 due to missing rate limiting ...)
+	TODO: check
+CVE-2024-51556 (This vulnerability exists in the Wave 2.0 due to weak encryption of se ...)
+	TODO: check
+CVE-2024-51408 (AppSmith Community 1.8.3 before 1.46 allows SSRF via New DataSource fo ...)
+	TODO: check
+CVE-2024-51329 (A Host header injection vulnerability in Agile-Board 1.0 allows attack ...)
+	TODO: check
+CVE-2024-51328 (Cross Site Scripting vulnerability in addcategory.php in projectworld' ...)
+	TODO: check
+CVE-2024-51327 (SQL Injection in loginform.php in ProjectWorld's Travel Management Sys ...)
+	TODO: check
+CVE-2024-51326 (SQL Injection vulnerability in projectworlds Travel management System  ...)
+	TODO: check
+CVE-2024-51253 (In Draytek Vigor3900 1.5.1.3, attackers can inject malicious commands  ...)
+	TODO: check
+CVE-2024-51251 (In Draytek Vigor3900 1.5.1.3, attackers can inject malicious commands  ...)
+	TODO: check
+CVE-2024-51249 (In Draytek Vigor3900 1.5.1.3, attackers can inject malicious commands  ...)
+	TODO: check
+CVE-2024-51246 (In Draytek Vigor3900 1.5.1.3, attackers can inject malicious commands  ...)
+	TODO: check
+CVE-2024-51136 (An XML External Entity (XXE) vulnerability in Dmoz2CSV in openimaj v1. ...)
+	TODO: check
+CVE-2024-51127 (An issue in the createTempFile method of hornetq v2.4.9 allows attacke ...)
+	TODO: check
+CVE-2024-50531 (Unrestricted Upload of File with Dangerous Type vulnerability in David ...)
+	TODO: check
+CVE-2024-50530 (Unrestricted Upload of File with Dangerous Type vulnerability in Myria ...)
+	TODO: check
+CVE-2024-50529 (Unrestricted Upload of File with Dangerous Type vulnerability in Rudra ...)
+	TODO: check
+CVE-2024-50528 (Exposure of Sensitive System Information to an Unauthorized Control Sp ...)
+	TODO: check
+CVE-2024-50527 (Unrestricted Upload of File with Dangerous Type vulnerability in Stack ...)
+	TODO: check
+CVE-2024-50526 (Unrestricted Upload of File with Dangerous Type vulnerability in mahla ...)
+	TODO: check
+CVE-2024-50525 (Unrestricted Upload of File with Dangerous Type vulnerability in Hello ...)
+	TODO: check
+CVE-2024-50523 (Unrestricted Upload of File with Dangerous Type vulnerability in Rainb ...)
+	TODO: check
+CVE-2024-48878 (Zohocorp ManageEngine ADManager Plus versions 7241 and prior are vulne ...)
+	TODO: check
+CVE-2024-48809 (An issue in Open Networking Foundations sdran-in-a-box v.1.4.3 and ono ...)
+	TODO: check
+CVE-2024-48336 (The install() function of ProviderInstaller.java in Magisk App before  ...)
+	TODO: check
+CVE-2024-45893 (DrayTek Vigor3900 1.5.1.3 contains a post-authentication command injec ...)
+	TODO: check
+CVE-2024-45891 (DrayTek Vigor3900 1.5.1.3 contains a post-authentication command injec ...)
+	TODO: check
+CVE-2024-45890 (DrayTek Vigor3900 1.5.1.3 contains a post-authentication command injec ...)
+	TODO: check
+CVE-2024-45889 (DrayTek Vigor3900 1.5.1.3 contains a post-authentication command injec ...)
+	TODO: check
+CVE-2024-45888 (DrayTek Vigor3900 1.5.1.3 contains a command injection vulnerability.  ...)
+	TODO: check
+CVE-2024-45887 (DrayTek Vigor3900 1.5.1.3 contains a post-authentication command injec ...)
+	TODO: check
+CVE-2024-45885 (DrayTek Vigor3900 1.5.1.3 contains a post-authentication command injec ...)
+	TODO: check
+CVE-2024-45884 (DrayTek Vigor3900 1.5.1.3 contains a post-authentication command injec ...)
+	TODO: check
+CVE-2024-45882 (DrayTek Vigor3900 1.5.1.3 contains a command injection vulnerability.  ...)
+	TODO: check
+CVE-2024-45185 (An issue was discovered in Samsung Mobile Processor, Wearable Processo ...)
+	TODO: check
+CVE-2024-45164 (Akamai SIA (Secure Internet Access Enterprise) ThreatAvert, in SPS (Se ...)
+	TODO: check
+CVE-2024-45086 (IBM WebSphere Application Server 8.5 and 9.0 is vulnerable to an XML e ...)
+	TODO: check
+CVE-2024-38424 (Memory corruption during GNSS HAL process initialization.)
+	TODO: check
+CVE-2024-38423 (Memory corruption while processing GPU page table switch.)
+	TODO: check
+CVE-2024-38422 (Memory corruption while processing voice packet with arbitrary data re ...)
+	TODO: check
+CVE-2024-38421 (Memory corruption while processing GPU commands.)
+	TODO: check
+CVE-2024-38419 (Memory corruption while invoking IOCTL calls from the use-space for HG ...)
+	TODO: check
+CVE-2024-38415 (Memory corruption while handling session errors from firmware.)
+	TODO: check
+CVE-2024-38410 (Memory corruption while IOCLT is called when device is in invalid stat ...)
+	TODO: check
+CVE-2024-38409 (Memory corruption while station LL statistic handling.)
+	TODO: check
+CVE-2024-38408 (Cryptographic issue when a controller receives an LMP start encryption ...)
+	TODO: check
+CVE-2024-38407 (Memory corruption while processing input parameters for any IOCTL call ...)
+	TODO: check
+CVE-2024-38406 (Memory corruption while handling IOCTL calls in JPEG Encoder driver.)
+	TODO: check
+CVE-2024-38405 (Transient DOS while processing the CU information from RNR IE.)
+	TODO: check
+CVE-2024-38403 (Transient DOS while parsing BTM ML IE when per STA profile is not incl ...)
+	TODO: check
+CVE-2024-36485 (Zohocorp ManageEngine ADAudit Plus versions8121 and prior are vulnerab ...)
+	TODO: check
+CVE-2024-34891 (Insufficiently protected credentials in DAV server settings in 1C-Bitr ...)
+	TODO: check
+CVE-2024-34887 (Insufficiently protected credentials in AD/LDAP server settings in 1C- ...)
+	TODO: check
+CVE-2024-34885 (Insufficiently protected credentials in SMTP server settings in 1C-Bit ...)
+	TODO: check
+CVE-2024-34883 (Insufficiently protected credentials in DAV server settings in 1C-Bitr ...)
+	TODO: check
+CVE-2024-34882 (Insufficiently protected credentials in SMTP server settings in 1C-Bit ...)
+	TODO: check
+CVE-2024-33068 (Transient DOS while parsing fragments of MBSSID IE from beacon frame.)
+	TODO: check
+CVE-2024-33033 (Memory corruption while processing IOCTL calls to unmap the buffers.)
+	TODO: check
+CVE-2024-33032 (Memory corruption when the user application modifies the same shared m ...)
+	TODO: check
+CVE-2024-33031 (Memory corruption while processing the update SIM PB records request.)
+	TODO: check
+CVE-2024-33030 (Memory corruption while parsing IPC frequency table parameters for LPL ...)
+	TODO: check
+CVE-2024-33029 (Memory corruption while handling the PDR in driver for getting the rem ...)
+	TODO: check
+CVE-2024-30619 (Chamilo LMS Version 1.11.26 is vulnerable to Incorrect Access Control. ...)
+	TODO: check
+CVE-2024-30618 (A Stored Cross-Site Scripting (XSS) Vulnerability in Chamilo LMS 1.11. ...)
+	TODO: check
+CVE-2024-30617 (A Cross-Site Request Forgery (CSRF) vulnerability in Chamilo LMS 1.11. ...)
+	TODO: check
+CVE-2024-30616 (Chamilo LMS 1.11.26 is vulnerable to Incorrect Access Control via main ...)
+	TODO: check
+CVE-2024-23386 (memory corruption when WiFi display APIs are invoked with large random ...)
+	TODO: check
+CVE-2024-23385 (Transient DOS as modem reset occurs when an unexpected MAC RAR (with i ...)
+	TODO: check
+CVE-2024-23377 (Memory corruption while invoking IOCTL command from user-space, when a ...)
+	TODO: check
+CVE-2024-10791 (A vulnerability, which was classified as critical, has been found in C ...)
+	TODO: check
+CVE-2024-10768 (A vulnerability classified as problematic was found in PHPGurukul Onli ...)
+	TODO: check
+CVE-2024-10766 (A vulnerability, which was classified as critical, has been found in C ...)
+	TODO: check
+CVE-2024-10765 (A vulnerability classified as critical was found in Codezips Online In ...)
+	TODO: check
+CVE-2024-10764 (A vulnerability classified as critical has been found in Codezips Onli ...)
+	TODO: check
+CVE-2024-10523 (This vulnerability exists in TP-Link IoT Smart Hub due to storage of W ...)
+	TODO: check
+CVE-2024-10389 (There exists a Path Traversal vulnerability in Safearchive on Platform ...)
+	TODO: check
+CVE-2024-10035 (Improper Control of Generation of Code ('Code Injection') vulnerabilit ...)
+	TODO: check
+CVE-2024-23590 (Session Fixation vulnerability in Apache Kylin.  This issue affects Ap ...)
 	NOT-FOR-US: Apache Kylin (different from Kylin desktop environment)
 CVE-2024-48342
 	REJECTED
@@ -874,7 +1060,7 @@ CVE-2024-33603 (The LevelOne WBR-6012 router has an information disclosure vulne
 	NOT-FOR-US: LevelOne WBR-6012 router
 CVE-2024-32946 (A vulnerability in the LevelOne WBR-6012 router's firmware version R0. ...)
 	NOT-FOR-US: LevelOne WBR-6012 router
-CVE-2024-31975 (EnGenius ESR580 devices through 1.1.30 allow a remote attacker to cond ...)
+CVE-2024-31975 (EnGenius EWS356-Fit devices through 1.1.30 allow a remote attacker to  ...)
 	NOT-FOR-US: EnGenius ESR580 devices
 CVE-2024-31973 (Hitron CODA-4582 2AHKM-CODA4589 7.2.4.5.1b8 devices allow a remote att ...)
 	NOT-FOR-US: Hitron CODA-4582 2AHKM-CODA4589



View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/450caa3315e718c7b8bd1e2657eea16d4ebafc1e

-- 
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/450caa3315e718c7b8bd1e2657eea16d4ebafc1e
You're receiving this email because of your account on salsa.debian.org.


-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://alioth-lists.debian.net/pipermail/debian-security-tracker-commits/attachments/20241104/17fb6c11/attachment.htm>

More information about the debian-security-tracker-commits mailing list