[Git][security-tracker-team/security-tracker][master] automatic update
Salvatore Bonaccorso (@carnil)
carnil at debian.org
Thu Nov 21 08:12:07 GMT 2024
Salvatore Bonaccorso pushed to branch master at Debian Security Tracker / security-tracker
Commits:
68386344 by security tracker role at 2024-11-21T08:12:01+00:00
automatic update
- - - - -
1 changed file:
- data/CVE/list
Changes:
=====================================
data/CVE/list
=====================================
@@ -1,3 +1,345 @@
+CVE-2024-9875 (Okta Privileged Access server agent (SFTD) versions 1.82.0 to 1.84.0 a ...)
+ TODO: check
+CVE-2024-9851 (The LSX Tour Operator plugin for WordPress is vulnerable to Stored Cro ...)
+ TODO: check
+CVE-2024-9828 (The Taskbuilder WordPress plugin before 3.0.5 does not sanitize user ...)
+ TODO: check
+CVE-2024-9768 (The Formidable Forms WordPress plugin before 6.14.1 does not sanitise ...)
+ TODO: check
+CVE-2024-9653 (The Restaurant Menu \u2013 Food Ordering System \u2013 Table Reservati ...)
+ TODO: check
+CVE-2024-9600 (The Ditty WordPress plugin before 3.1.47 does not sanitise and escape ...)
+ TODO: check
+CVE-2024-9479 (Improper Privilege Management vulnerability in upKeeper Solutions upKe ...)
+ TODO: check
+CVE-2024-9478 (Improper Privilege Management vulnerability in upKeeper Solutions upKe ...)
+ TODO: check
+CVE-2024-9442 (The F4 Improvements plugin for WordPress is vulnerable to Stored Cross ...)
+ TODO: check
+CVE-2024-9371 (The Branda \u2013 White Label & Branding, Custom Login Page Customizer ...)
+ TODO: check
+CVE-2024-9239 (The Booster for WooCommerce plugin for WordPress is vulnerable to Refl ...)
+ TODO: check
+CVE-2024-9111 (The Product Designer plugin for WordPress is vulnerable to Stored Cros ...)
+ TODO: check
+CVE-2024-8726 (The MailChimp Forms by MailMunch plugin for WordPress is vulnerable to ...)
+ TODO: check
+CVE-2024-8157 (The Alphabetical List WordPress plugin through 1.0.3 does not have CSR ...)
+ TODO: check
+CVE-2024-7517 (A command injection vulnerability in Brocade Fabric OS before 9.2.0c, ...)
+ TODO: check
+CVE-2024-5029 (The CM Table Of Contents WordPress plugin before 1.2.4 does not have ...)
+ TODO: check
+CVE-2024-52797 (Opencast is free and open source software for automated video capture ...)
+ TODO: check
+CVE-2024-52796 (Password Pusher, an open source application to communicate sensitive i ...)
+ TODO: check
+CVE-2024-52771 (DedeBIZ v6.3.0 was discovered to contain an arbitrary file deletion vu ...)
+ TODO: check
+CVE-2024-52770 (An arbitrary file upload vulnerability in the component /admin/file_ma ...)
+ TODO: check
+CVE-2024-52769 (An arbitrary file upload vulnerability in the component /admin/friendl ...)
+ TODO: check
+CVE-2024-52765 (H3C GR-1800AX MiniGRW1B0V100R007 is vulnerable to remote code executio ...)
+ TODO: check
+CVE-2024-52763 (A cross-site scripting (XSS) vulnerability in the component /graph_all ...)
+ TODO: check
+CVE-2024-52762 (A cross-site scripting (XSS) vulnerability in the component /master/he ...)
+ TODO: check
+CVE-2024-52757 (D-LINK DI-8003 v16.07.16A1 was discovered to contain a buffer overflow ...)
+ TODO: check
+CVE-2024-52755 (D-LINK DI-8003 v16.07.26A1 was discovered to contain a buffer overflow ...)
+ TODO: check
+CVE-2024-52754 (D-LINK DI-8003 v16.07.16A1 was discovered to contain a buffer overflow ...)
+ TODO: check
+CVE-2024-52739 (D-LINK DI-8400 v16.07.26A1 was discovered to contain multiple remote c ...)
+ TODO: check
+CVE-2024-52725 (SemCms v4.8 was discovered to contain a SQL injection vulnerability. T ...)
+ TODO: check
+CVE-2024-52702 (A stored cross-site scripting (XSS) vulnerability in the component ins ...)
+ TODO: check
+CVE-2024-52701 (A stored cross-site scripting (XSS) vulnerability in the Configuration ...)
+ TODO: check
+CVE-2024-52677 (HkCms <= v2.3.2.240702 is vulnerable to file upload in the getFileName ...)
+ TODO: check
+CVE-2024-52614 (Use of hard-coded cryptographic key issue exists in "Kura Sushi Offici ...)
+ TODO: check
+CVE-2024-52598 (2FAuth is a web app to manage Two-Factor Authentication (2FA) accounts ...)
+ TODO: check
+CVE-2024-52597 (2FAuth is a web app to manage Two-Factor Authentication (2FA) accounts ...)
+ TODO: check
+CVE-2024-52595 (lxml_html_clean is a project for HTML cleaning functionalities copied ...)
+ TODO: check
+CVE-2024-52581 (Litestar is an Asynchronous Server Gateway Interface (ASGI) framework. ...)
+ TODO: check
+CVE-2024-52473 (Improper Neutralization of Input During Web Page Generation (XSS or 'C ...)
+ TODO: check
+CVE-2024-52472 (Improper Neutralization of Input During Web Page Generation (XSS or 'C ...)
+ TODO: check
+CVE-2024-52471 (Improper Neutralization of Input During Web Page Generation (XSS or 'C ...)
+ TODO: check
+CVE-2024-52470 (Improper Neutralization of Input During Web Page Generation (XSS or 'C ...)
+ TODO: check
+CVE-2024-52451 (Cross-Site Request Forgery (CSRF) vulnerability in Aaron Robbins Post ...)
+ TODO: check
+CVE-2024-52450 (Improper Control of Filename for Include/Require Statement in PHP Prog ...)
+ TODO: check
+CVE-2024-52449 (Improper Limitation of a Pathname to a Restricted Directory ('Path Tra ...)
+ TODO: check
+CVE-2024-52448 (Improper Limitation of a Pathname to a Restricted Directory ('Path Tra ...)
+ TODO: check
+CVE-2024-52447 (Path Traversal: '.../...//' vulnerability in Corporate Zen Contact Pag ...)
+ TODO: check
+CVE-2024-52446 (Cross-Site Request Forgery (CSRF) vulnerability in Buying Buddy Buying ...)
+ TODO: check
+CVE-2024-52445 (Deserialization of Untrusted Data vulnerability in Modeltheme QRMenu R ...)
+ TODO: check
+CVE-2024-52444 (Improper Limitation of a Pathname to a Restricted Directory ('Path Tra ...)
+ TODO: check
+CVE-2024-52443 (Deserialization of Untrusted Data vulnerability in Nerijus Masikonis G ...)
+ TODO: check
+CVE-2024-52442 (Incorrect Privilege Assignment vulnerability in Userplus UserPlus allo ...)
+ TODO: check
+CVE-2024-52441 (Improperly Controlled Modification of Object Prototype Attributes ('Pr ...)
+ TODO: check
+CVE-2024-52440 (Deserialization of Untrusted Data vulnerability in Bueno Labs Pvt. Ltd ...)
+ TODO: check
+CVE-2024-52439 (Deserialization of Untrusted Data vulnerability in Mark O\u2019Donnell ...)
+ TODO: check
+CVE-2024-52438 (Missing Authentication for Critical Function vulnerability in deco.Age ...)
+ TODO: check
+CVE-2024-52437 (Missing Authentication for Critical Function vulnerability in Saul Mor ...)
+ TODO: check
+CVE-2024-52392 (Cross-Site Request Forgery (CSRF) vulnerability in W3speedster W3SPEED ...)
+ TODO: check
+CVE-2024-52033 (Exposure of sensitive system information to an unauthorized control sp ...)
+ TODO: check
+CVE-2024-51669 (Cross-Site Request Forgery (CSRF) vulnerability in Vivwebs Dynamic Wid ...)
+ TODO: check
+CVE-2024-51209 (Cross-Site Scripting (XSS) vulnerabilities in Anuj Kumar's Client Mana ...)
+ TODO: check
+CVE-2024-51208 (File Upload vulnerability in change-image.php in Anuj Kumar's Boat Boo ...)
+ TODO: check
+CVE-2024-51163 (Local File Inclusion vulnerability in Vegam Solutions Vegam 4i v.6.3.4 ...)
+ TODO: check
+CVE-2024-51162 (An issue in Audimex EE v.15.1.20 and before allows a remote attacker t ...)
+ TODO: check
+CVE-2024-51151 (D-Link DI-8200 16.07.26A1 is vulnerable to remote command execution in ...)
+ TODO: check
+CVE-2024-49203 (Querydsl 5.1.0 allows SQL/HQL injection in orderBy in JPAQuery.)
+ TODO: check
+CVE-2024-48986 (An issue was discovered in MBed OS 6.16.0. Its hci parsing software dy ...)
+ TODO: check
+CVE-2024-48985 (An issue was discovered in MBed OS 6.16.0. During processing of HCI pa ...)
+ TODO: check
+CVE-2024-48984 (An issue was discovered in MBed OS 6.16.0. When parsing hci reports, t ...)
+ TODO: check
+CVE-2024-48983 (An issue was discovered in MBed OS 6.16.0. During processing of HCI pa ...)
+ TODO: check
+CVE-2024-48982 (An issue was discovered in MBed OS 6.16.0. Its hci parsing software dy ...)
+ TODO: check
+CVE-2024-48981 (An issue was discovered in MBed OS 6.16.0. During processing of HCI pa ...)
+ TODO: check
+CVE-2024-48899 (A vulnerability was found in Moodle. Additional checks are required to ...)
+ TODO: check
+CVE-2024-48895 (Improper neutralization of special elements used in an OS command ('OS ...)
+ TODO: check
+CVE-2024-48536 (Incorrect access control in eSoft Planner 3.24.08271-USA allow attacke ...)
+ TODO: check
+CVE-2024-48535 (A stored cross-site scripting (XSS) vulnerability in eSoft Planner 3.2 ...)
+ TODO: check
+CVE-2024-48534 (A reflected cross-site scripting (XSS) vulnerability on the Camp Detai ...)
+ TODO: check
+CVE-2024-48533 (A discrepancy between responses for valid and invalid e-mail accounts ...)
+ TODO: check
+CVE-2024-48531 (A reflected cross-site scripting (XSS) vulnerability on the Rental Ava ...)
+ TODO: check
+CVE-2024-48530 (An issue in the Instructor Appointment Availability module of eSoft Pl ...)
+ TODO: check
+CVE-2024-47865 (Missing authentication for critical function vulnerability exists in R ...)
+ TODO: check
+CVE-2024-45691 (A flaw was found in Moodle. When restricting access to a lesson activi ...)
+ TODO: check
+CVE-2024-45690 (A flaw was found in Moodle. Additional checks were required to ensure ...)
+ TODO: check
+CVE-2024-45689 (A flaw was found in Moodle. Dynamic tables did not enforce capability ...)
+ TODO: check
+CVE-2024-45663 (IBM Db2 for Linux, UNIX and Windows (includes Db2 Connect Server) 11.1 ...)
+ TODO: check
+CVE-2024-45511 (An issue was discovered in Zimbra Collaboration (ZCS) through 10.1. A ...)
+ TODO: check
+CVE-2024-45510 (An issue was discovered in Zimbra Collaboration (ZCS) through 10.0. Zi ...)
+ TODO: check
+CVE-2024-44309 (A cookie management issue was addressed with improved state management ...)
+ TODO: check
+CVE-2024-44308 (The issue was addressed with improved checks. This issue is fixed in S ...)
+ TODO: check
+CVE-2024-44307 (A buffer overflow issue was addressed with improved memory handling. T ...)
+ TODO: check
+CVE-2024-44306 (A buffer overflow issue was addressed with improved memory handling. T ...)
+ TODO: check
+CVE-2024-33439 (An issue in Kasda LinkSmart Router KW5515 v1.7 and before allows an au ...)
+ TODO: check
+CVE-2024-30896 (InfluxDB through 2.7.10 allows allAccess administrators to retrieve al ...)
+ TODO: check
+CVE-2024-30424 (Improper Neutralization of Input During Web Page Generation (XSS or 'C ...)
+ TODO: check
+CVE-2024-29292 (Multiple OS Command Injection vulnerabilities affecting Kasda LinkSmar ...)
+ TODO: check
+CVE-2024-11495 (Buffer overflow vulnerability in OllyDbg, version 1.10, which could al ...)
+ TODO: check
+CVE-2024-11494 (**UNSUPPORTED WHEN ASSIGNED** The improper authentication vulnerabilit ...)
+ TODO: check
+CVE-2024-11493 (A vulnerability classified as problematic was found in 115cms up to 20 ...)
+ TODO: check
+CVE-2024-11492 (A vulnerability classified as problematic has been found in 115cms up ...)
+ TODO: check
+CVE-2024-11491 (A vulnerability was found in 115cms up to 20240807. It has been rated ...)
+ TODO: check
+CVE-2024-11490 (A vulnerability was found in 115cms up to 20240807. It has been declar ...)
+ TODO: check
+CVE-2024-11489 (A vulnerability was found in 115cms up to 20240807. It has been classi ...)
+ TODO: check
+CVE-2024-11488 (A vulnerability was found in 115cms up to 20240807 and classified as p ...)
+ TODO: check
+CVE-2024-11487 (A vulnerability has been found in Code4Berry Decoration Management Sys ...)
+ TODO: check
+CVE-2024-11486 (A vulnerability, which was classified as problematic, was found in Cod ...)
+ TODO: check
+CVE-2024-11485 (A vulnerability, which was classified as critical, has been found in C ...)
+ TODO: check
+CVE-2024-11484 (A vulnerability classified as critical was found in Code4Berry Decorat ...)
+ TODO: check
+CVE-2024-11455 (The Include Mastodon Feed plugin for WordPress is vulnerable to Stored ...)
+ TODO: check
+CVE-2024-11447 (The Community by PeepSo \u2013 Download from PeepSo.com plugin for Wor ...)
+ TODO: check
+CVE-2024-11440 (The Grey Owl Lightbox plugin for WordPress is vulnerable to Stored Cro ...)
+ TODO: check
+CVE-2024-11438 (The StreamWeasels Online Status Bar plugin for WordPress is vulnerable ...)
+ TODO: check
+CVE-2024-11435 (The salavat counter Plugin plugin for WordPress is vulnerable to Refle ...)
+ TODO: check
+CVE-2024-11432 (The SuevaFree Essential Kit plugin for WordPress is vulnerable to Stor ...)
+ TODO: check
+CVE-2024-11428 (The Lazy load videos and sticky control plugin for WordPress is vulner ...)
+ TODO: check
+CVE-2024-11424 (The Slick Sitemap plugin for WordPress is vulnerable to Stored Cross-S ...)
+ TODO: check
+CVE-2024-11416 (The WIP Incoming Lite plugin for WordPress is vulnerable to Cross-Site ...)
+ TODO: check
+CVE-2024-11414 (The RecipePress Reloaded plugin for WordPress is vulnerable to Stored ...)
+ TODO: check
+CVE-2024-11412 (The Shine PDF Embeder plugin for WordPress is vulnerable to Stored Cro ...)
+ TODO: check
+CVE-2024-11409 (The Grid View Gallery plugin for WordPress is vulnerable to PHP Object ...)
+ TODO: check
+CVE-2024-11406 (Improper Neutralization of Input During Web Page Generation (XSS or 'C ...)
+ TODO: check
+CVE-2024-11404 (Unrestricted Upload of File with Dangerous Type, Improper Input Valida ...)
+ TODO: check
+CVE-2024-11400 (The HUSKY \u2013 Products Filter Professional for WooCommerce plugin f ...)
+ TODO: check
+CVE-2024-11388 (The Dino Game \u2013 Embed Google Chrome Dinosaur Game in WordPress pl ...)
+ TODO: check
+CVE-2024-11385 (The Pure CSS Circle Progress bar plugin for WordPress is vulnerable to ...)
+ TODO: check
+CVE-2024-11370 (The Subaccounts for WooCommerce plugin for WordPress is vulnerable to ...)
+ TODO: check
+CVE-2024-11365 (The Crypto and DeFi Widgets \u2013 Web3 Cryptocurrency Shortcodes plug ...)
+ TODO: check
+CVE-2024-11360 (The Page Parts plugin for WordPress is vulnerable to Reflected Cross-S ...)
+ TODO: check
+CVE-2024-11354 (The Ultimate YouTube Video & Shorts Player With Vimeo plugin for WordP ...)
+ TODO: check
+CVE-2024-11334 (The My Contador lesr plugin for WordPress is vulnerable to unauthorize ...)
+ TODO: check
+CVE-2024-11278 (The GD bbPress Attachments plugin for WordPress is vulnerable to Refle ...)
+ TODO: check
+CVE-2024-11277 (The 404 Solution plugin for WordPress is vulnerable to Reflected Cross ...)
+ TODO: check
+CVE-2024-11197 (The Lock User Account plugin for WordPress is vulnerable to user lock ...)
+ TODO: check
+CVE-2024-11179 (The MStore API \u2013 Create Native Android & iOS Apps On The Cloud pl ...)
+ TODO: check
+CVE-2024-11176 (Improper access control vulnerability in M-Files Aino in versions befo ...)
+ TODO: check
+CVE-2024-11154 (The PublishPress Revisions: Duplicate Posts, Submit, Approve and Sched ...)
+ TODO: check
+CVE-2024-11086
+ REJECTED
+CVE-2024-11081
+ REJECTED
+CVE-2024-10913 (The Clone plugin for WordPress is vulnerable to PHP Object Injection i ...)
+ TODO: check
+CVE-2024-10900 (The ProfileGrid \u2013 User Profiles, Groups and Communities plugin fo ...)
+ TODO: check
+CVE-2024-10899 (The The WooCommerce Product Table Lite plugin for WordPress is vulnera ...)
+ TODO: check
+CVE-2024-10898 (The Contact Form 7 Email Add on plugin for WordPress is vulnerable to ...)
+ TODO: check
+CVE-2024-10891 (The Save as PDF Plugin by Pdfcrowd plugin for WordPress is vulnerable ...)
+ TODO: check
+CVE-2024-10890 (The WPAdverts \u2013 Classifieds Plugin plugin for WordPress is vulner ...)
+ TODO: check
+CVE-2024-10872 (The Getwid \u2013 Gutenberg Blocks plugin for WordPress is vulnerable ...)
+ TODO: check
+CVE-2024-10855 (The Image Optimizer, Resizer and CDN \u2013 Sirv plugin for WordPress ...)
+ TODO: check
+CVE-2024-10796 (The If-So Dynamic Content Personalization plugin for WordPress is vuln ...)
+ TODO: check
+CVE-2024-10788 (The Activity Log \u2013 Monitor & Record User Changes plugin for WordP ...)
+ TODO: check
+CVE-2024-10785 (The Gutenberg Blocks with AI by Kadence WP \u2013 Page Builder Feature ...)
+ TODO: check
+CVE-2024-10782 (The Theme Builder For Elementor plugin for WordPress is vulnerable to ...)
+ TODO: check
+CVE-2024-10726 (The Friendly Functions for Welcart plugin for WordPress is vulnerable ...)
+ TODO: check
+CVE-2024-10696 (The UltraAddons \u2013 Elementor Addons (Header Footer Builder, Custom ...)
+ TODO: check
+CVE-2024-10682 (The Announcement & Notification Banner \u2013 Bulletin plugin for Word ...)
+ TODO: check
+CVE-2024-10671 (The Button Block \u2013 Get fully customizable & multi-functional butt ...)
+ TODO: check
+CVE-2024-10665 (The Yaad Sarig Payment Gateway For WC plugin for WordPress is vulnerab ...)
+ TODO: check
+CVE-2024-10623 (The ForumEngine theme for WordPress is vulnerable to Reflected Cross-S ...)
+ TODO: check
+CVE-2024-10532 (The Bard Extra plugin for WordPress is vulnerable to unauthorized modi ...)
+ TODO: check
+CVE-2024-10528 (The Ultimate Member \u2013 User Profile, Registration, Login, Member D ...)
+ TODO: check
+CVE-2024-10522 (The Co-marquage service-public.fr plugin for WordPress is vulnerable t ...)
+ TODO: check
+CVE-2024-10520 (The WP Project Manager plugin for WordPress is vulnerable to unauthori ...)
+ TODO: check
+CVE-2024-10515 (In the process of testing the SEO Plugin by Squirrly SEO WordPress plu ...)
+ TODO: check
+CVE-2024-10482 (The Media File Rename, Find Unused File, Add Alt text, Caption, Desc F ...)
+ TODO: check
+CVE-2024-10403 (Brocade Fabric OS versions before 8.2.3e2, versions 9.0.0 through 9.2 ...)
+ TODO: check
+CVE-2024-10400 (The Tutor LMS plugin for WordPress is vulnerable to SQL Injection via ...)
+ TODO: check
+CVE-2024-10393 (The Tutor LMS plugin for WordPress is vulnerable to bypass to user reg ...)
+ TODO: check
+CVE-2024-10382 (There exists a code execution vulnerability in the Car App Android Jet ...)
+ TODO: check
+CVE-2024-10365 (The The Plus Addons for Elementor \u2013 Elementor Addons, Page Templa ...)
+ TODO: check
+CVE-2024-10177 (The Beds24 Online Booking plugin for WordPress is vulnerable to Stored ...)
+ TODO: check
+CVE-2024-10172 (The WPBakery Visual Composer WHMCS Elements plugin for WordPress is vu ...)
+ TODO: check
+CVE-2024-10164 (The Premium Packages \u2013 Sell Digital Products Securely plugin for ...)
+ TODO: check
+CVE-2024-10127 (Authentication bypass condition in LDAP authentication in M-Files serv ...)
+ TODO: check
+CVE-2024-10126 (Local File Inclusion vulnerability in M-Files Server in versions befor ...)
+ TODO: check
+CVE-2024-10094 (Pega Platform versions 6.x to Infinity 24.1.1 are affected by an issue ...)
+ TODO: check
CVE-2024-11477
- 7zip 24.07+dfsg-1
- p7zip 16.02+transitional.1
@@ -671,11 +1013,11 @@ CVE-2024-48694 (File Upload vulnerability in Xi'an Daxi Information technology O
NOT-FOR-US: Xi'an Daxi Information technology OfficeWeb365
CVE-2024-48072 (Weaver Ecology v9.* was discovered to contain a SQL injection vulnerab ...)
NOT-FOR-US: Weaver Ecology
-CVE-2024-48071 (An issue in the component /importmould/deletefolder of Weaver Ecology ...)
+CVE-2024-48071 (E-cology has a directory traversal vulnerability. An attacker can expl ...)
NOT-FOR-US: Weaver Ecology
-CVE-2024-48070 (Weaver Ecology v9* was discovered to contain a SQL injection vulnerabi ...)
+CVE-2024-48070 (An issue in Weaver E-cology v. attackers construct special requests to ...)
NOT-FOR-US: Weaver Ecology
-CVE-2024-48069 (A remote code execution (RCE) vulnerability in the component /inventor ...)
+CVE-2024-48069 (A vulnerability was found in Weaver E-cology allows attackers use race ...)
NOT-FOR-US: Weaver Ecology
CVE-2024-45422 (Improper input validation in some Zoom Apps before version 6.2.0 may a ...)
NOT-FOR-US: Zoom
@@ -2458,7 +2800,7 @@ CVE-2023-35686 (In PVRSRVRGXKickTA3DKM of rgxta3d.c, there is a possible arbitra
CVE-2023-35659 (In DevmemIntChangeSparse of devicemem_server.c, there is a possible ar ...)
NOT-FOR-US: Android
CVE-2024-11159 (Using remote content in OpenPGP encrypted messages can lead to the dis ...)
- {DSA-5814-1}
+ {DSA-5814-1 DLA-3960-1}
- thunderbird 1:128.4.3esr-1
NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2024-61/#CVE-2024-11159
CVE-2024-9614 (The Constant Contact Forms by MailMunch plugin for WordPress is vulner ...)
@@ -5844,7 +6186,7 @@ CVE-2024-10731 (A vulnerability, which was classified as critical, was found in
CVE-2024-10730 (A vulnerability, which was classified as critical, has been found in T ...)
NOT-FOR-US: Tongda OA
CVE-2024-52867 (guix-daemon in GNU Guix before 5ab3c4c allows privilege escalation bec ...)
- {DSA-5805-1}
+ {DSA-5805-1 DLA-3959-1}
- guix 1.4.0-8
NOTE: https://guix.gnu.org/en/blog/2024/build-user-takeover-vulnerability/
NOTE: Fixed by: https://git.savannah.gnu.org/cgit/guix.git/commit/?id=558224140dab669cabdaebabff18504a066c48d4
@@ -121329,13 +121671,13 @@ CVE-2023-32549 (Landscape cryptographic keys were insecurely generated with a we
NOT-FOR-US: Landscape
CVE-2023-32545 (The affected application lacks proper validation of user-supplied data ...)
NOT-FOR-US: Horner Automation
-CVE-2023-32539 (The affected application lacks proper validation of user-supplied data ...)
+CVE-2023-32539 (Horner Automation Cscape lacks proper validation of user-supplied data ...)
NOT-FOR-US: Horner Automation
CVE-2023-32289 (The affected application lacks proper validation of user-supplied data ...)
NOT-FOR-US: Horner Automation
CVE-2023-32281 (The affected application lacks proper validation of user-supplied data ...)
NOT-FOR-US: Horner Automation
-CVE-2023-32203 (The affected application lacks proper validation of user-supplied data ...)
+CVE-2023-32203 (Horner Automation Cscape lacks proper validation of user-supplied data ...)
NOT-FOR-US: Horner Automation
CVE-2023-31606 (A Regular Expression Denial of Service (ReDoS) issue was discovered in ...)
{DLA-3480-1}
@@ -121348,7 +121690,7 @@ CVE-2023-31606 (A Regular Expression Denial of Service (ReDoS) issue was discove
NOTE: https://github.com/e23e/CVE-2023-31606#readme
CVE-2023-31569 (TOTOLINK X5000R V9.1.0cu.2350_B20230313 was discovered to contain a co ...)
NOT-FOR-US: TOTOLINK
-CVE-2023-31278 (The affected application lacks proper validation of user-supplied data ...)
+CVE-2023-31278 (Horner Automation Cscape lacks proper validation of user-supplied data ...)
NOT-FOR-US: Horner Automation
CVE-2023-31244 (The affected product does not properly validate user-supplied data. If ...)
NOT-FOR-US: Horner Automation
@@ -136254,8 +136596,8 @@ CVE-2023-27611 (Cross-Site Request Forgery (CSRF) vulnerability in audrasjb Reus
NOT-FOR-US: WordPress plugin
CVE-2023-27610 (Auth. (admin+) SQL Injection (SQLi) vulnerability in TransbankDevelope ...)
NOT-FOR-US: TransbankDevelopers Transbank Webpay
-CVE-2023-27609
- RESERVED
+CVE-2023-27609 (Improper Neutralization of Input During Web Page Generation (XSS or 'C ...)
+ TODO: check
CVE-2023-27608 (Missing Authorization vulnerability in WP Swings Points and Rewards fo ...)
NOT-FOR-US: WordPress plugin
CVE-2023-27607 (Missing Authorization vulnerability in WP Swings Points and Rewards fo ...)
@@ -169662,16 +170004,16 @@ CVE-2022-43939 (Hitachi Vantara Pentaho Business Analytics Server versions befor
NOT-FOR-US: Hitachi
CVE-2022-43938 (Hitachi Vantara Pentaho Business Analytics Server prior to versions 9. ...)
NOT-FOR-US: Hitachi
-CVE-2022-43937
- RESERVED
-CVE-2022-43936
- RESERVED
-CVE-2022-43935
- RESERVED
-CVE-2022-43934
- RESERVED
-CVE-2022-43933
- RESERVED
+CVE-2022-43937 (Possible information exposure through log file vulnerability where sen ...)
+ TODO: check
+CVE-2022-43936 (Brocade SANnav versions before 2.2.2 log Brocade Fabric OS switch pass ...)
+ TODO: check
+CVE-2022-43935 (An information exposure through log file vulnerability exists in Broca ...)
+ TODO: check
+CVE-2022-43934 (Brocade SANnav before Brocade SANnav 2.2.2 supports key exchange algor ...)
+ TODO: check
+CVE-2022-43933 (An information exposure through log file vulnerability exists in Broca ...)
+ TODO: check
CVE-2022-3713 (A code injection vulnerability allows adjacent attackers to execute co ...)
NOT-FOR-US: Sophos
CVE-2022-3712
@@ -472551,68 +472893,49 @@ CVE-2018-9489 (When wifi is switched, function sendNetworkStateChangeBroadcast o
NOT-FOR-US: Android
CVE-2018-9488 (In the SELinux permissions of crash_dump.te, there is a permissions by ...)
NOT-FOR-US: Android
-CVE-2018-9487
- RESERVED
+CVE-2018-9487 (In setVpnForcedLocked of Vpn.java, there is a possible blocking of int ...)
NOT-FOR-US: Android
-CVE-2018-9486
- RESERVED
+CVE-2018-9486 (In hidh_l2cif_data_ind of hidh_conn.cc, there is a possible out of bou ...)
NOT-FOR-US: Android
-CVE-2018-9485
- RESERVED
+CVE-2018-9485 (In l2cble_process_sig_cmd of l2c_ble.cc, there is a possible out of bo ...)
NOT-FOR-US: Android
-CVE-2018-9484
- RESERVED
+CVE-2018-9484 (In l2cu_send_peer_config_rej of l2c_utils.cc, there is a possible out ...)
NOT-FOR-US: Android
-CVE-2018-9483
- RESERVED
+CVE-2018-9483 (In bta_dm_remove_sec_dev_entry of bta_dm_act.cc, there is a possible o ...)
NOT-FOR-US: Android
-CVE-2018-9482
- RESERVED
+CVE-2018-9482 (In intr_data_copy_cb of btif_hd.cc, there is a possible out of bounds ...)
NOT-FOR-US: Android
-CVE-2018-9481
- RESERVED
+CVE-2018-9481 (In bta_hd_set_report_act of bta_hd_act.cc, there is a possible out-of- ...)
NOT-FOR-US: Android
-CVE-2018-9480
- RESERVED
+CVE-2018-9480 (In bta_hd_get_report_act of bta_hd_act.cc, there is a possible out-of- ...)
NOT-FOR-US: Android
-CVE-2018-9479
- RESERVED
+CVE-2018-9479 (In process_service_attr_req and process_service_search_attr_req of sdp ...)
NOT-FOR-US: Android
-CVE-2018-9478
- RESERVED
+CVE-2018-9478 (In process_service_attr_req and process_service_search_attr_req of sdp ...)
NOT-FOR-US: Android
-CVE-2018-9477
- RESERVED
+CVE-2018-9477 (In the development options section of the Settings app, there is a pos ...)
NOT-FOR-US: Android
CVE-2018-9476 (In avrc_pars_browsing_cmd of avrc_pars_tg.cc, there is a possible use- ...)
NOT-FOR-US: Android
-CVE-2018-9475
- RESERVED
+CVE-2018-9475 (In HeadsetInterface::ClccResponse of btif_hf.cc, there is a possible o ...)
NOT-FOR-US: Android
-CVE-2018-9474
- RESERVED
+CVE-2018-9474 (In writeToParcel of MediaPlayer.java, there is a possible serializatio ...)
+ TODO: check
CVE-2018-9473 (In ihevcd_parse_sei_payload of ihevcd_parse_headers.c, there is a poss ...)
NOT-FOR-US: Android Media Framework
-CVE-2018-9472
- RESERVED
+CVE-2018-9472 (In xmlMemStrdupLoc of xmlmemory.c, there is a possible out-of-bounds w ...)
NOT-FOR-US: Android
-CVE-2018-9471
- RESERVED
+CVE-2018-9471 (In the deserialization constructor of NanoAppFilter.java, there is a p ...)
NOT-FOR-US: Android
-CVE-2018-9470
- RESERVED
+CVE-2018-9470 (In bff_Scanner_addOutPos of Scanner.c, there is a possible out-of-boun ...)
NOT-FOR-US: Android
-CVE-2018-9469
- RESERVED
+CVE-2018-9469 (In multiple functions of ShortcutService.java, there is a possible cre ...)
NOT-FOR-US: Android
-CVE-2018-9468
- RESERVED
+CVE-2018-9468 (In query of DownloadManager.java, there is a possible read/write of ar ...)
NOT-FOR-US: Android
-CVE-2018-9467
- RESERVED
+CVE-2018-9467 (In the getHost() function of UriTest.java, there is the possibility of ...)
NOT-FOR-US: Android
-CVE-2018-9466
- RESERVED
+CVE-2018-9466 (In the xmlSnprintfElementContent function of valid.c, there is a possi ...)
NOT-FOR-US: Android
CVE-2018-9465 (In task_get_unused_fd_flags of binder.c, there is a possible memory co ...)
- linux 4.14.12-1 (unimportant)
@@ -472635,8 +472958,7 @@ CVE-2018-9458 (In computeFocusedWindow of RootWindowContainer.java, and related
NOT-FOR-US: Android
CVE-2018-9457 (In onCheckedChanged of BluetoothPairingController.java, there is a pos ...)
NOT-FOR-US: Android
-CVE-2018-9456
- RESERVED
+CVE-2018-9456 (In sdpu_extract_attr_seq of sdp_utils.cc, there is a possible out of b ...)
NOT-FOR-US: Android
CVE-2018-9455 (In sdpu_extract_attr_seq of sdp_utils.cc, there is a possible out of b ...)
NOT-FOR-US: Android
@@ -472668,8 +472990,7 @@ CVE-2018-9442
RESERVED
CVE-2018-9441
RESERVED
-CVE-2018-9440
- RESERVED
+CVE-2018-9440 (In parse of M3UParser.cpp there is a possible resource exhaustion due ...)
NOT-FOR-US: Android Media Framework
CVE-2018-9439
RESERVED
@@ -472684,11 +473005,9 @@ CVE-2018-9435
CVE-2018-9434
RESERVED
NOT-FOR-US: Android
-CVE-2018-9433
- RESERVED
+CVE-2018-9433 (In ArrayConcatVisitor of builtins-array.cc, there is a possible type c ...)
NOT-FOR-US: Android
-CVE-2018-9432
- RESERVED
+CVE-2018-9432 (In createPhonebookDialogView and createMapDialogView of BluetoothPermi ...)
NOT-FOR-US: Android
CVE-2018-9431
RESERVED
@@ -472699,8 +473018,7 @@ CVE-2018-9430
CVE-2018-9429
RESERVED
NOT-FOR-US: Android Media Framework
-CVE-2018-9428
- RESERVED
+CVE-2018-9428 (In startDevice of AAudioServiceStreamBase.cpp there is a possible out ...)
NOT-FOR-US: Android Media Framework
CVE-2018-9427 (In CopyToOMX of OMXNodeInstance.cpp there is a possible out-of-bounds ...)
NOT-FOR-US: Android Media Framework
@@ -472709,8 +473027,7 @@ CVE-2018-9426
NOT-FOR-US: Android
CVE-2018-9425 (In Platform, there is a possible bypass of user interaction requiremen ...)
NOT-FOR-US: Android
-CVE-2018-9424
- RESERVED
+CVE-2018-9424 (In CryptoPlugin::decrypt of CryptoPlugin.cpp, there is a possible out ...)
NOT-FOR-US: Android Media Framework
CVE-2018-9423
RESERVED
@@ -472719,20 +473036,16 @@ CVE-2018-9422 (In get_futex_key of futex.c, there is a use-after-free due to imp
{DLA-1422-1}
- linux 4.6.1-1
NOTE: https://git.kernel.org/linus/65d8fc777f6dcfee12785c057a6b57f679641c90
-CVE-2018-9421
- RESERVED
+CVE-2018-9421 (In writeInplace of Parcel.cpp, there is a possible information leak ac ...)
NOT-FOR-US: Android Media Framework
-CVE-2018-9420
- RESERVED
+CVE-2018-9420 (In BnCameraService::onTransact of CameraService.cpp, there is a possib ...)
NOT-FOR-US: Android
-CVE-2018-9419
- RESERVED
+CVE-2018-9419 (In l2cble_process_sig_cmd of l2c_ble.cc, there is a possible out of bo ...)
NOT-FOR-US: Android
CVE-2018-9418
RESERVED
NOT-FOR-US: Android
-CVE-2018-9417
- RESERVED
+CVE-2018-9417 (In f_hidg_read and hidg_disable of f_hid.c, there is a possible use-af ...)
NOT-FOR-US: Android kernel (no source release, so not from upstream kernel)
CVE-2018-9416
RESERVED
@@ -472749,14 +473062,11 @@ CVE-2018-9414
CVE-2018-9413
RESERVED
NOT-FOR-US: Android
-CVE-2018-9412
- RESERVED
+CVE-2018-9412 (In removeUnsynchronization of ID3.cpp there is a possible resource exh ...)
NOT-FOR-US: Android Media Framework
-CVE-2018-9411
- RESERVED
+CVE-2018-9411 (In decrypt of ClearKeyCasPlugin.cpp there is a possible out-of-bounds ...)
NOT-FOR-US: Android Media Framework
-CVE-2018-9410
- RESERVED
+CVE-2018-9410 (In analyzeAxes of FontUtils.cpp, there is a possible out of bounds rea ...)
NOT-FOR-US: Android
CVE-2018-9409 (In HWCSession::SetColorModeById of hwc_session.cpp, there is a possibl ...)
NOT-FOR-US: Android
@@ -472851,8 +473161,7 @@ CVE-2018-9367 (In FT_ACDK_CCT_V2_OP_ISP_SET_TUNING_PARAS of Meta_CCAP_Para.cpp,
NOT-FOR-US: Android
CVE-2018-9366 (In IMSA_Recv_Thread and VT_IMCB_Thread of ImsaClient.cpp and VideoTele ...)
NOT-FOR-US: Android
-CVE-2018-9365
- RESERVED
+CVE-2018-9365 (In smp_data_received of smp_l2c.cc, there is a possible out of bounds ...)
NOT-FOR-US: Android
CVE-2018-9364 (In the LG LAF component, there is a special command that allowed modif ...)
NOT-FOR-US: Android
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/683863442844f3c097584d095c36c40907326620
--
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/683863442844f3c097584d095c36c40907326620
You're receiving this email because of your account on salsa.debian.org.
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://alioth-lists.debian.net/pipermail/debian-security-tracker-commits/attachments/20241121/f4fb325b/attachment-0001.htm>
More information about the debian-security-tracker-commits
mailing list