[Git][security-tracker-team/security-tracker][master] automatic update
Salvatore Bonaccorso (@carnil)
carnil at debian.org
Wed Nov 6 20:12:46 GMT 2024
Salvatore Bonaccorso pushed to branch master at Debian Security Tracker / security-tracker
Commits:
72aa6f0f by security tracker role at 2024-11-06T20:12:40+00:00
automatic update
- - - - -
1 changed file:
- data/CVE/list
Changes:
=====================================
data/CVE/list
=====================================
@@ -1,3 +1,99 @@
+CVE-2024-9902 (A flaw was found in Ansible. The ansible-core `user` module can allow ...)
+ TODO: check
+CVE-2024-8615 (The JobSearch WP Job Board plugin for WordPress is vulnerable to arbit ...)
+ TODO: check
+CVE-2024-8614 (The JobSearch WP Job Board plugin for WordPress is vulnerable to arbit ...)
+ TODO: check
+CVE-2024-8323 (The Pricing Tables WordPress Plugin \u2013 Easy Pricing Tables plugin ...)
+ TODO: check
+CVE-2024-51988 (RabbitMQ is a feature rich, multi-protocol messaging and streaming bro ...)
+ TODO: check
+CVE-2024-51757 (happy-dom is a JavaScript implementation of a web browser without its ...)
+ TODO: check
+CVE-2024-51755 (Twig is a template language for PHP. In a sandbox, and attacker can ac ...)
+ TODO: check
+CVE-2024-51754 (Twig is a template language for PHP. In a sandbox, an attacker can cal ...)
+ TODO: check
+CVE-2024-51751 (Gradio is an open-source Python package designed to enable quick build ...)
+ TODO: check
+CVE-2024-50637 (UnoPim 0.1.3 and below is vulnerable to Cross Site Scripting (XSS) in ...)
+ TODO: check
+CVE-2024-50315
+ REJECTED
+CVE-2024-35146 (IBM Maximo Application Suite - Monitor Component 8.10.11, 8.11.8, and ...)
+ TODO: check
+CVE-2024-20540 (A vulnerability in the web-based management interface of Cisco Unified ...)
+ TODO: check
+CVE-2024-20539 (A vulnerability in the web-based management interface of Cisco ISE cou ...)
+ TODO: check
+CVE-2024-20538 (A vulnerability in the web-based management interface of Cisco ISE cou ...)
+ TODO: check
+CVE-2024-20537 (A vulnerability in the web-based management interface of Cisco ISE cou ...)
+ TODO: check
+CVE-2024-20536 (A vulnerability in a REST API endpoint and web-based management interf ...)
+ TODO: check
+CVE-2024-20534 (A vulnerability in the web UI of Cisco Desk Phone 9800 Series, Cisco I ...)
+ TODO: check
+CVE-2024-20533 (A vulnerability in the web UI of Cisco Desk Phone 9800 Series, Cisco I ...)
+ TODO: check
+CVE-2024-20532 (A vulnerability in the API of Cisco ISE could allow an authenticated, ...)
+ TODO: check
+CVE-2024-20531 (A vulnerability in the API of Cisco ISE could allow an authenticated, ...)
+ TODO: check
+CVE-2024-20530 (A vulnerability in the web-based management interface of Cisco ISE cou ...)
+ TODO: check
+CVE-2024-20529 (A vulnerability in the API of Cisco ISE could allow an authenticated, ...)
+ TODO: check
+CVE-2024-20528 (A vulnerability in the API of Cisco ISE could allow an authenticated, ...)
+ TODO: check
+CVE-2024-20527 (A vulnerability in the API of Cisco ISE could allow an authenticated, ...)
+ TODO: check
+CVE-2024-20525 (A vulnerability in the web-based management interface of Cisco ISE cou ...)
+ TODO: check
+CVE-2024-20514 (A vulnerability in the web-based management interface of Cisco Evolved ...)
+ TODO: check
+CVE-2024-20511 (A vulnerability in the web-based management interface of Cisco Unified ...)
+ TODO: check
+CVE-2024-20507 (A vulnerability in the logging subsystem of Cisco Meeting Management c ...)
+ TODO: check
+CVE-2024-20504 (A vulnerability in the web-based management interface of Cisco AsyncOS ...)
+ TODO: check
+CVE-2024-20487 (A vulnerability in the web-based management interface of Cisco ISE cou ...)
+ TODO: check
+CVE-2024-20484 (A vulnerability in the External Agent Assignment Service (EAAS) featur ...)
+ TODO: check
+CVE-2024-20476 (A vulnerability in the web-based management interface of Cisco ISE cou ...)
+ TODO: check
+CVE-2024-20457 (A vulnerability in the logging component of Cisco Unified Communicatio ...)
+ TODO: check
+CVE-2024-20445 (A vulnerability in the web UI of Cisco Desk Phone 9800 Series, Cisco I ...)
+ TODO: check
+CVE-2024-20418 (A vulnerability in the web-based management interface of Cisco Unified ...)
+ TODO: check
+CVE-2024-20371 (A vulnerability in the access control list (ACL) programming of Cisco ...)
+ TODO: check
+CVE-2024-10920 (A vulnerability was found in mariazevedo88 travels-java-api up to 5.0. ...)
+ TODO: check
+CVE-2024-10919 (A vulnerability has been found in didi Super-Jacoco 1.0 and classified ...)
+ TODO: check
+CVE-2024-10916 (A vulnerability classified as problematic has been found in D-Link DNS ...)
+ TODO: check
+CVE-2024-10915 (A vulnerability was found in D-Link DNS-320, DNS-320LW, DNS-325 and DN ...)
+ TODO: check
+CVE-2024-10914 (A vulnerability was found in D-Link DNS-320, DNS-320LW, DNS-325 and DN ...)
+ TODO: check
+CVE-2024-10715 (The MapPress Maps for WordPress plugin for WordPress is vulnerable to ...)
+ TODO: check
+CVE-2024-10318 (A session fixation issue was discovered in the NGINX OpenID Connect re ...)
+ TODO: check
+CVE-2024-10186 (The Event post plugin for WordPress is vulnerable to Stored Cross-Site ...)
+ TODO: check
+CVE-2024-10168 (The Active Products Tables for WooCommerce. Use constructor to create ...)
+ TODO: check
+CVE-2024-10082 (CodeChecker is an analyzer tooling, defect database and viewer extensi ...)
+ TODO: check
+CVE-2024-10081 (CodeChecker is an analyzer tooling, defect database and viewer extensi ...)
+ TODO: check
CVE-2024-9946 (The Social Share, Social Login and Social Comments Plugin \u2013 Super ...)
NOT-FOR-US: WordPress plugin
CVE-2024-9934 (The Wp-ImageZoom WordPress plugin through 1.1.0 does not sanitise and ...)
@@ -17,7 +113,7 @@ CVE-2024-7879 (The WP ULike WordPress plugin before 4.7.5 does not sanitise and
NOT-FOR-US: WordPress plugin
CVE-2024-6626 (The EleForms \u2013 All In One Form Integration including DB for Eleme ...)
NOT-FOR-US: WordPress plugin
-CVE-2024-52043 (Observable Response Discrepancy vulnerability in HumHub GmbH & Co. KG ...)
+CVE-2024-52043 (Generation of Error Message Containing Sensitive Informationin HumHub ...)
NOT-FOR-US: HumHub
CVE-2024-51756 (The cap-std project is organized around the eponymous `cap-std` crate, ...)
TODO: check
@@ -95,10 +191,10 @@ CVE-2024-10028 (The Everest Backup \u2013 WordPress Cloud Backup, Migration, Res
NOT-FOR-US: WordPress plugin
CVE-2024-10020 (The Heateor Social Login WordPress plugin for WordPress is vulnerable ...)
NOT-FOR-US: WordPress plugin
-CVE-2024-10826
+CVE-2024-10826 (Use after free in Family Experiences in Google Chrome on Android prior ...)
- chromium <unfixed>
[bullseye] - chromium <end-of-life> (see #1061268)
-CVE-2024-10827
+CVE-2024-10827 (Use after free in Serial in Google Chrome prior to 130.0.6723.116 allo ...)
- chromium <unfixed>
[bullseye] - chromium <end-of-life> (see #1061268)
CVE-2024-9878 (The Photo Gallery by 10Web \u2013 Mobile-Friendly Image Gallery plugin ...)
@@ -7925,7 +8021,7 @@ CVE-2024-46870 (In the Linux kernel, the following vulnerability has been resolv
NOTE: https://git.kernel.org/linus/7c70e60fbf4bff1123f0e8d5cb1ae71df6164d7f (6.11-rc1)
CVE-2024-9683 (A vulnerability was found in Quay, which allows successful authenticat ...)
NOT-FOR-US: Quay
-CVE-2024-6861
+CVE-2024-6861 (A disclosure of sensitive information flaw was found in foreman via th ...)
- foreman <itp> (bug #663101)
CVE-2023-33426
NOT-FOR-US: Apache RocketMQ
@@ -11813,6 +11909,7 @@ CVE-2024-45752 (logiops through 0.3.4, in its default configuration, allows any
NOTE: https://github.com/PixlOne/logiops/pull/476
NOTE: https://github.com/PixlOne/logiops/commit/628ab937a25724c1f21e7edf25c8e5aaff82c691 (v0.3.5)
CVE-2024-45614 (Puma is a Ruby/Rack web server built for parallelism. In affected vers ...)
+ {DLA-3947-1}
- puma <unfixed> (bug #1082379)
NOTE: https://github.com/puma/puma/security/advisories/GHSA-9hf4-67fc-4vf4
NOTE: Fixed by: https://github.com/puma/puma/commit/cac3fd18cf29ed43719ff5d52d9cfec215f0a043 (v6.4.3)
@@ -82799,6 +82896,7 @@ CVE-2024-21744 (Improper Neutralization of Input During Web Page Generation ('Cr
CVE-2024-21650 (XWiki Platform is a generic wiki platform offering runtime services fo ...)
NOT-FOR-US: XWiki
CVE-2024-21647 (Puma is a web server for Ruby/Rack applications built for parallelism. ...)
+ {DLA-3947-1}
- puma 6.4.2-1 (bug #1060345)
[bookworm] - puma <no-dsa> (Minor issue)
[buster] - puma <no-dsa> (Minor issue)
@@ -352062,8 +352160,8 @@ CVE-2020-11861 (Unauthorized escalation of local privileges vulnerability on Mic
NOT-FOR-US: Micro Focus
CVE-2020-11860 (Cross-Site Scripting vulnerability on Micro Focus ArcSight Logger prod ...)
NOT-FOR-US: Micro Focus
-CVE-2020-11859
- RESERVED
+CVE-2020-11859 (Improper Input Validation vulnerability in OpenText iManager allows Cr ...)
+ TODO: check
CVE-2020-11858 (Code execution with escalated privileges vulnerability in Micro Focus ...)
NOT-FOR-US: Micro Focus
CVE-2020-11857 (An Authorization Bypass vulnerability on Micro Focus Operation Bridge ...)
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/72aa6f0f979a5725d7693974648e808abff8f59f
--
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/72aa6f0f979a5725d7693974648e808abff8f59f
You're receiving this email because of your account on salsa.debian.org.
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://alioth-lists.debian.net/pipermail/debian-security-tracker-commits/attachments/20241106/fd2ab446/attachment-0001.htm>
More information about the debian-security-tracker-commits
mailing list