[Git][security-tracker-team/security-tracker][master] automatic update
Salvatore Bonaccorso (@carnil)
carnil at debian.org
Mon Nov 11 08:12:09 GMT 2024
Salvatore Bonaccorso pushed to branch master at Debian Security Tracker / security-tracker
Commits:
08242560 by security tracker role at 2024-11-11T08:12:03+00:00
automatic update
- - - - -
1 changed file:
- data/CVE/list
Changes:
=====================================
data/CVE/list
=====================================
@@ -1,3 +1,91 @@
+CVE-2024-52358 (Improper Neutralization of Input During Web Page Generation (XSS or 'C ...)
+ TODO: check
+CVE-2024-52357 (Improper Neutralization of Input During Web Page Generation (XSS or 'C ...)
+ TODO: check
+CVE-2024-52356 (Improper Neutralization of Input During Web Page Generation (XSS or 'C ...)
+ TODO: check
+CVE-2024-52355 (Improper Neutralization of Input During Web Page Generation (XSS or 'C ...)
+ TODO: check
+CVE-2024-52354 (Improper Neutralization of Input During Web Page Generation (XSS or 'C ...)
+ TODO: check
+CVE-2024-52353 (Improper Neutralization of Input During Web Page Generation (XSS or 'C ...)
+ TODO: check
+CVE-2024-52352 (Improper Neutralization of Input During Web Page Generation (XSS or 'C ...)
+ TODO: check
+CVE-2024-52351 (Improper Neutralization of Input During Web Page Generation (XSS or 'C ...)
+ TODO: check
+CVE-2024-52350 (Improper Neutralization of Input During Web Page Generation (XSS or 'C ...)
+ TODO: check
+CVE-2024-51882 (Improper Neutralization of Special Elements used in an SQL Command ('S ...)
+ TODO: check
+CVE-2024-51845 (Improper Neutralization of Special Elements used in an SQL Command ('S ...)
+ TODO: check
+CVE-2024-51843 (Improper Neutralization of Special Elements used in an SQL Command ('S ...)
+ TODO: check
+CVE-2024-51837 (Improper Neutralization of Special Elements used in an SQL Command ('S ...)
+ TODO: check
+CVE-2024-51820 (Improper Neutralization of Special Elements used in an SQL Command ('S ...)
+ TODO: check
+CVE-2024-51793 (Unrestricted Upload of File with Dangerous Type vulnerability in Webfu ...)
+ TODO: check
+CVE-2024-51792 (Unrestricted Upload of File with Dangerous Type vulnerability in Dang ...)
+ TODO: check
+CVE-2024-51791 (Unrestricted Upload of File with Dangerous Type vulnerability in Made ...)
+ TODO: check
+CVE-2024-51790 (Unrestricted Upload of File with Dangerous Type vulnerability in Team ...)
+ TODO: check
+CVE-2024-51789 (Unrestricted Upload of File with Dangerous Type vulnerability in UjW0L ...)
+ TODO: check
+CVE-2024-51788 (Unrestricted Upload of File with Dangerous Type vulnerability in Joshu ...)
+ TODO: check
+CVE-2024-51575 (Improper Neutralization of Input During Web Page Generation (XSS or 'C ...)
+ TODO: check
+CVE-2024-51574 (Improper Neutralization of Input During Web Page Generation (XSS or 'C ...)
+ TODO: check
+CVE-2024-51573 (Improper Neutralization of Input During Web Page Generation (XSS or 'C ...)
+ TODO: check
+CVE-2024-51572 (Improper Neutralization of Input During Web Page Generation (XSS or 'C ...)
+ TODO: check
+CVE-2024-51571 (Improper Neutralization of Input During Web Page Generation (XSS or 'C ...)
+ TODO: check
+CVE-2024-48939 (Insufficient validation performed on the REST API License file in Paxt ...)
+ TODO: check
+CVE-2024-41992 (Wi-Fi Alliance wfa_dut (in Wi-Fi Test Suite) through 9.0.0 allows OS c ...)
+ TODO: check
+CVE-2024-38826 (Authenticated users can upload specifically crafted files to leak serv ...)
+ TODO: check
+CVE-2024-11066 (The D-Link DSL6740C modem has an OS Command Injection vulnerability, a ...)
+ TODO: check
+CVE-2024-11065 (The D-Link DSL6740C modem has an OS Command Injection vulnerability, a ...)
+ TODO: check
+CVE-2024-11064 (The D-Link DSL6740C modem has an OS Command Injection vulnerability, a ...)
+ TODO: check
+CVE-2024-11063 (The D-Link DSL6740C modem has an OS Command Injection vulnerability, a ...)
+ TODO: check
+CVE-2024-11062 (The D-Link DSL6740C modem has an OS Command Injection vulnerability, a ...)
+ TODO: check
+CVE-2024-11061 (A vulnerability classified as critical was found in Tenda AC10 16.03.1 ...)
+ TODO: check
+CVE-2024-11060 (A vulnerability classified as critical has been found in Jinher Networ ...)
+ TODO: check
+CVE-2024-11059 (A vulnerability was found in Project Worlds Free Download Online Shopp ...)
+ TODO: check
+CVE-2024-11058 (A vulnerability was found in CodeAstro Real Estate Management System u ...)
+ TODO: check
+CVE-2024-11021 (Webopac from Grand Vice info has Stored Cross-site Scripting vulnerabi ...)
+ TODO: check
+CVE-2024-11020 (Webopac from Grand Vice info has a SQL Injection vulnerability, allowi ...)
+ TODO: check
+CVE-2024-11019 (Webopac from Grand Vice info has a Reflected Cross-site Scripting vuln ...)
+ TODO: check
+CVE-2024-11018 (Webopac from Grand Vice info does not properly validate uploaded file ...)
+ TODO: check
+CVE-2024-11017 (Webopac from Grand Vice info does not properly validate uploaded file ...)
+ TODO: check
+CVE-2024-11016 (Webopac from Grand Vice info has a SQL Injection vulnerability, allowi ...)
+ TODO: check
+CVE-2023-40457 (The BGP daemon in Extreme Networks ExtremeXOS (aka EXOS) 30.7.1.1 allo ...)
+ TODO: check
CVE-2024-51584 (Improper Neutralization of Input During Web Page Generation (XSS or 'C ...)
NOT-FOR-US: WordPress plugin
CVE-2024-51583 (Improper Neutralization of Input During Web Page Generation (XSS or 'C ...)
@@ -3196,17 +3284,17 @@ CVE-2024-10108 (The WPAdverts \u2013 Classifieds Plugin plugin for WordPress is
NOT-FOR-US: WordPress plugin
CVE-2023-5816 (The Code Explorer plugin for WordPress is vulnerable to arbitrary exte ...)
NOT-FOR-US: WordPress plugin
-CVE-2024-46956 [PostScript interpreter - fix buffer length check]
+CVE-2024-46956 (An issue was discovered in psi/zfile.c in Artifex Ghostscript before 1 ...)
- ghostscript 10.04.0~dfsg-1
NOTE: https://bugs.ghostscript.com/show_bug.cgi?id=707895
NOTE: https://cgit.ghostscript.com/cgi-bin/cgit.cgi/ghostpdl.git/commit/?id=f4151f12db32cd3ed26c24327de714bf2c3ed6ca
NOTE: https://cgit.ghostscript.com/cgi-bin/cgit.cgi/ghostpdl.git/commit/?id=ea69a1388245ad959d31c272b5ba66d40cebba2c (ghostpdl-10.04.0)
-CVE-2024-46955 [PS interpreter - check Indexed colour space index]
+CVE-2024-46955 (An issue was discovered in psi/zcolor.c in Artifex Ghostscript before ...)
- ghostscript 10.04.0~dfsg-1
NOTE: https://bugs.ghostscript.com/show_bug.cgi?id=707990
NOTE: https://cgit.ghostscript.com/cgi-bin/cgit.cgi/ghostpdl.git/commit/?id=85bd9d2f4b792fe67aef22f1a4117457461b8ba6
NOTE: https://cgit.ghostscript.com/cgi-bin/cgit.cgi/ghostpdl.git/commit/?id=ca1fc2aefe9796e321d0589afe7efb35063c8b2a (ghostpdl-10.04.0)
-CVE-2024-46954 [Fix decode_utf8 to forbid overlong encodings]
+CVE-2024-46954 (An issue was discovered in decode_utf8 in base/gp_utf8.c in Artifex Gh ...)
- ghostscript 10.04.0~dfsg-1
[bookworm] - ghostscript <not-affected> (Vulnerable code introduced later)
[bullseye] - ghostscript <not-affected> (Vulnerable code introduced later)
@@ -3215,17 +3303,17 @@ CVE-2024-46954 [Fix decode_utf8 to forbid overlong encodings]
NOTE: Introduced when making previously windows specific functions generically available.
NOTE: https://cgit.ghostscript.com/cgi-bin/cgit.cgi/ghostpdl.git/commit/?id=55f587dd039282316f512e1bea64218fd991f934
NOTE: https://cgit.ghostscript.com/cgi-bin/cgit.cgi/ghostpdl.git/commit/?id=282f691f5e57b6bf55ba51ad8c2be2cce8edb938 (ghostpdl-10.04.0)
-CVE-2024-46953 [Check for overflow validating format string]
+CVE-2024-46953 (An issue was discovered in base/gsdevice.c in Artifex Ghostscript befo ...)
- ghostscript 10.04.0~dfsg-1
NOTE: https://bugs.ghostscript.com/show_bug.cgi?id=707793
NOTE: https://cgit.ghostscript.com/cgi-bin/cgit.cgi/ghostpdl.git/commit/?id=1f21a45df0fa3abec4cff12951022b192dda3c00
NOTE: https://cgit.ghostscript.com/cgi-bin/cgit.cgi/ghostpdl.git/commit/?id=294a3755e33f453dd92e2a7c4cfceb087ac09d6a (ghostpdl-10.04.0)
-CVE-2024-46952 [PDF interpreter - sanitise W array values in Xref streams]
+CVE-2024-46952 (An issue was discovered in pdf/pdf_xref.c in Artifex Ghostscript befor ...)
- ghostscript 10.04.0~dfsg-1
NOTE: https://bugs.ghostscript.com/show_bug.cgi?id=708001
NOTE: https://cgit.ghostscript.com/cgi-bin/cgit.cgi/ghostpdl.git/commit/?id=b1f0827c30f59a2dcbc8a39e42cace7a1de35f7f
NOTE: https://cgit.ghostscript.com/cgi-bin/cgit.cgi/ghostpdl.git/commit/?id=1fb76aaddac34530242dfbb9579d9997dae41264 (ghostpdl-10.04.0)
-CVE-2024-46951 [PS interpreter - check the type of the Pattern Implementation]
+CVE-2024-46951 (An issue was discovered in psi/zcolor.c in Artifex Ghostscript before ...)
- ghostscript 10.04.0~dfsg-1
NOTE: https://bugs.ghostscript.com/show_bug.cgi?id=707991
NOTE: https://cgit.ghostscript.com/cgi-bin/cgit.cgi/ghostpdl.git/commit/?id=f49812186baa7d1362880673408a6fbe8719b4f8
@@ -14412,7 +14500,7 @@ CVE-2023-42772 (Untrusted pointer dereference in UEFI firmware for some Intel(R)
NOT-FOR-US: Intel
CVE-2023-41833 (A race condition in UEFI firmware for some Intel(R) processors may all ...)
NOT-FOR-US: Intel
-CVE-2024-46613 [Integer Overflow to Buffer Overflow vulnerability in "string_free_split" functions]
+CVE-2024-46613 (WeeChat before 4.4.2 has an integer overflow and resultant buffer over ...)
- weechat 4.4.2-1 (bug #1081942)
[bookworm] - weechat <no-dsa> (Minor issue)
[bullseye] - weechat <postponed> (Minor issue)
@@ -246902,8 +246990,7 @@ CVE-2021-41739 (A OS Command Injection vulnerability was discovered in Artica Pr
NOT-FOR-US: Artica Web Proxy
CVE-2021-41738 (ZeroShell 3.9.5 has a command injection vulnerability in /cgi-bin/kerb ...)
NOT-FOR-US: ZeroShell
-CVE-2021-41737
- RESERVED
+CVE-2021-41737 (In Faust 2.23.1, an input file with the lines "// r visualisation tCst ...)
- faust <unfixed> (bug #1014783)
[bookworm] - faust <postponed> (Minor issue, revisit when fixed upstream)
[bullseye] - faust <no-dsa> (Minor issue)
@@ -262864,8 +262951,7 @@ CVE-2021-35474 (Stack-based Buffer Overflow vulnerability in cachekey plugin of
NOTE: https://github.com/apache/trafficserver/pull/7945 (8.1.x)
NOTE: https://github.com/apache/trafficserver/commit/5a9339d7bc65e1c2d8d2a0fc80bb051daf3cdb0b (master)
NOTE: https://github.com/apache/trafficserver/commit/b82a3d192f995fb9d78e1c44d51d9acca4783277 (8.1.x)
-CVE-2021-35473 [Access token lifetime is not verified with OAuth2 Handler]
- RESERVED
+CVE-2021-35473 (An issue was discovered in LemonLDAP::NG before 2.0.12. There is a mis ...)
- lemonldap-ng 2.0.11+ds-4
[buster] - lemonldap-ng <not-affected> (OAuth2 Handler introduced later)
[stretch] - lemonldap-ng <not-affected> (OAuth2 Handler introduced later)
@@ -358251,16 +358337,15 @@ CVE-2020-10372 (Ramp AltitudeCDN Altimeter before 2.4.0 allows authenticated Sto
NOT-FOR-US: Ramp AltitudeCDN Altimeter
CVE-2020-10371
RESERVED
-CVE-2020-10370
- RESERVED
+CVE-2020-10370 (Certain Cypress (and Broadcom) Wireless Combo chips such as CYW43455, ...)
- bluez-firmware <not-affected> (BCM4345C0.hcd introduced already in fixed version in Debian with bluez-firmware/1.2-6)
NOTE: https://github.com/RPi-Distro/bluez-firmware/commit/8445a53ce2c51a77472b908a0c8f6f8e1fa5c37a
-CVE-2020-10369
- RESERVED
-CVE-2020-10368
- RESERVED
-CVE-2020-10367
- RESERVED
+CVE-2020-10369 (Certain Cypress (and Broadcom) Wireless Combo chips, when a January 20 ...)
+ TODO: check
+CVE-2020-10368 (Certain Cypress (and Broadcom) Wireless Combo chips, when a January 20 ...)
+ TODO: check
+CVE-2020-10367 (Certain Cypress (and Broadcom) Wireless Combo chips, when a January 20 ...)
+ TODO: check
CVE-2020-10366 (LogicalDoc before 8.3.3 allows /servlet.gupld Directory Traversal, a d ...)
NOT-FOR-US: LogicalDoc
CVE-2020-10365 (LogicalDoc before 8.3.3 allows SQL Injection. LogicalDoc populates the ...)
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/08242560b11dab9919a53401fb656152c809319d
--
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/08242560b11dab9919a53401fb656152c809319d
You're receiving this email because of your account on salsa.debian.org.
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://alioth-lists.debian.net/pipermail/debian-security-tracker-commits/attachments/20241111/87bfdafc/attachment-0001.htm>
More information about the debian-security-tracker-commits
mailing list