[Git][security-tracker-team/security-tracker][master] automatic update
Salvatore Bonaccorso (@carnil)
carnil at debian.org
Fri Nov 22 08:15:07 GMT 2024
Salvatore Bonaccorso pushed to branch master at Debian Security Tracker / security-tracker
Commits:
b4a2d0cf by security tracker role at 2024-11-22T08:15:01+00:00
automatic update
- - - - -
1 changed file:
- data/CVE/list
Changes:
=====================================
data/CVE/list
=====================================
@@ -1,35 +1,183 @@
-CVE-2024-52067
+CVE-2024-9542 (The Sky Addons for Elementor plugin for WordPress is vulnerable to Sen ...)
+ TODO: check
+CVE-2024-9422 (The GEO my WP WordPress plugin before 4.5, gmw-premium-settings WordPr ...)
+ TODO: check
+CVE-2024-8735 (The MailMunch \u2013 Grow your Email List plugin for WordPress is vuln ...)
+ TODO: check
+CVE-2024-8526 (A vulnerability in Automated Logic WebCTRL 7.0 could allow an attacker ...)
+ TODO: check
+CVE-2024-8525 (An unrestricted upload of file with dangerous type in Automated Logic ...)
+ TODO: check
+CVE-2024-7130 (Improper Neutralization of Input During Web Page Generation (XSS or 'C ...)
+ TODO: check
+CVE-2024-7026 (SQL Injection: Hibernate vulnerability in Teknogis Informatics Closed ...)
+ TODO: check
+CVE-2024-7016 (Improper Neutralization of Input During Web Page Generation (XSS or 'C ...)
+ TODO: check
+CVE-2024-53432 (While parsing certain malformed PLY files, PCL version 1.14.1 crashes ...)
+ TODO: check
+CVE-2024-53429 (Open62541 v1.4.6 is has an assertion failure in fuzz_binary_decode, wh ...)
+ TODO: check
+CVE-2024-53426 (A heap-buffer-overflow vulnerability has been identified in ntopng 6.2 ...)
+ TODO: check
+CVE-2024-53425 (A heap-buffer-overflow vulnerability was discovered in the SkipSpacesA ...)
+ TODO: check
+CVE-2024-53335 (TOTOLINK A810R V4.1.2cu.5182_B20201026 is vulnerable to Buffer Overflo ...)
+ TODO: check
+CVE-2024-53334 (TOTOLINK A810R V4.1.2cu.5182_B20201026 is vulnerable to Buffer Overflo ...)
+ TODO: check
+CVE-2024-53333 (TOTOLINK EX200 v4.0.3c.7646_B20201211 was found to contain a command i ...)
+ TODO: check
+CVE-2024-52803 (LLama Factory enables fine-tuning of large language models. A critical ...)
+ TODO: check
+CVE-2024-52799 (Argo Workflows Chart is used to set up argo and its needed dependencie ...)
+ TODO: check
+CVE-2024-52309 (SFTPGo is a full-featured and highly configurable SFTP, HTTP/S, FTP/S ...)
+ TODO: check
+CVE-2024-52307 (authentik is an open-source identity provider. Due to the usage of a n ...)
+ TODO: check
+CVE-2024-52289 (authentik is an open-source identity provider. Redirect URIs in the OA ...)
+ TODO: check
+CVE-2024-52287 (authentik is an open-source identity provider. When using the client_c ...)
+ TODO: check
+CVE-2024-52056 (Path Traversal in the Manager component of Wowza Streaming Engine belo ...)
+ TODO: check
+CVE-2024-52055 (Path Traversal in the Manager component of Wowza Streaming Engine belo ...)
+ TODO: check
+CVE-2024-52054 (Path Traversal in the Manager component of Wowza Streaming Engine belo ...)
+ TODO: check
+CVE-2024-52053 (Stored Cross-Site Scripting in the Manager component of Wowza Streamin ...)
+ TODO: check
+CVE-2024-52052 (Wowza Streaming Engine below 4.9.1 permits an authenticated Streaming ...)
+ TODO: check
+CVE-2024-51367 (An arbitrary file upload vulnerability in the component \Users\usernam ...)
+ TODO: check
+CVE-2024-51366 (An arbitrary file upload vulnerability in the component \Roaming\Omega ...)
+ TODO: check
+CVE-2024-51365 (An arbitrary file upload vulnerability in the importSettings method of ...)
+ TODO: check
+CVE-2024-51364 (An arbitrary file upload vulnerability in ModbusMechanic v3.0 allows a ...)
+ TODO: check
+CVE-2024-51337 (Cross Site Scripting vulnerability in Gibbon before v.27.0.01 and fixe ...)
+ TODO: check
+CVE-2024-49588 (Multiple endpoints in `oracle-sidecar` in versions 0.347.0 to 0.543.0 ...)
+ TODO: check
+CVE-2024-49529 (InDesign Desktop versions 19.0, 20.0 and earlier are affected by an ou ...)
+ TODO: check
+CVE-2024-48747 (An issue in alist-tvbox v1.7.1 allows a remote attacker to execute arb ...)
+ TODO: check
+CVE-2024-48288 (TP-Link TL-IPC42C V4.0_20211227_1.0.16 is vulnerable to command inject ...)
+ TODO: check
+CVE-2024-48286 (Linksys E3000 1.0.06.002_US is vulnerable to command injection via the ...)
+ TODO: check
+CVE-2024-47142 (AIPHONE IXG SYSTEM IXG-2C7 firmware Ver.2.03 and earlier and IXG-2C7-L ...)
+ TODO: check
+CVE-2024-45837 (Use of hard-coded cryptographic key issue exists in AIPHONE IX SYSTEM, ...)
+ TODO: check
+CVE-2024-45517 (An issue was discovered in Zimbra Collaboration (ZCS) through 10.1. A ...)
+ TODO: check
+CVE-2024-45514 (An issue was discovered in Zimbra Collaboration (ZCS) through v10.1. A ...)
+ TODO: check
+CVE-2024-45513 (An issue was discovered in Zimbra Collaboration (ZCS) through 10.1. A ...)
+ TODO: check
+CVE-2024-45512 (An issue was discovered in webmail in Zimbra Collaboration (ZCS) throu ...)
+ TODO: check
+CVE-2024-45194 (In Zimbra Collaboration (ZCS) 9.0 and 10.0, a vulnerability in the Web ...)
+ TODO: check
+CVE-2024-39290 (Insufficiently protected credentials issue exists in AIPHONE IX SYSTEM ...)
+ TODO: check
+CVE-2024-38296 (Dell Edge Gateway 5200 (Coffee Lake S), versions prior to 12.0.94.2380 ...)
+ TODO: check
+CVE-2024-31408 (OS command injection vulnerability exists in AIPHONE IX SYSTEM and IXG ...)
+ TODO: check
+CVE-2024-29224 (An OS command injection vulnerability exists in the NAT parameter of G ...)
+ TODO: check
+CVE-2024-28892 (An OS command injection vulnerability exists in the name parameter of ...)
+ TODO: check
+CVE-2024-28027 (Three OS command injection vulnerabilities exist in the web interface ...)
+ TODO: check
+CVE-2024-28026 (Three OS command injection vulnerabilities exist in the web interface ...)
+ TODO: check
+CVE-2024-28025 (Three OS command injection vulnerabilities exist in the web interface ...)
+ TODO: check
+CVE-2024-21855 (A lack of authentication vulnerability exists in the HTTP API function ...)
+ TODO: check
+CVE-2024-21786 (An OS command injection vulnerability exists in the web interface conf ...)
+ TODO: check
+CVE-2024-11601 (The Sky Addons for Elementor (Free Templates Library, Live Copy, Anima ...)
+ TODO: check
+CVE-2024-11592 (A vulnerability has been found in 1000 Projects Beauty Parlour Managem ...)
+ TODO: check
+CVE-2024-11591 (A vulnerability, which was classified as critical, was found in 1000 P ...)
+ TODO: check
+CVE-2024-11590 (A vulnerability, which was classified as critical, has been found in 1 ...)
+ TODO: check
+CVE-2024-11589 (A vulnerability classified as critical was found in itsourcecode Tailo ...)
+ TODO: check
+CVE-2024-11588 (A vulnerability was found in AVL-DiTEST-DiagDev libdoip 1.0.0. It has ...)
+ TODO: check
+CVE-2024-11587 (A vulnerability was found in idcCMS 1.60. It has been classified as pr ...)
+ TODO: check
+CVE-2024-11456 (The Run Contests, Raffles, and Giveaways with ContestsWP plugin for Wo ...)
+ TODO: check
+CVE-2024-11381 (The Control horas plugin for WordPress is vulnerable to Stored Cross-S ...)
+ TODO: check
+CVE-2024-11371 (The Theater for WordPress plugin for WordPress is vulnerable to Reflec ...)
+ TODO: check
+CVE-2024-11355 (The Ultimate YouTube Video & Shorts Player With Vimeo plugin for WordP ...)
+ TODO: check
+CVE-2024-11320 (Arbitrary commands execution on the server by exploiting a command inj ...)
+ TODO: check
+CVE-2024-11225 (The Premium Packages \u2013 Sell Digital Products Securely plugin for ...)
+ TODO: check
+CVE-2024-11104 (The Sky Addons for Elementor (Free Templates Library, Live Copy, Anima ...)
+ TODO: check
+CVE-2024-11089 (The Anonymous Restricted Content plugin for WordPress is vulnerable to ...)
+ TODO: check
+CVE-2024-11088 (The Simple Membership plugin for WordPress is vulnerable to Sensitive ...)
+ TODO: check
+CVE-2024-10792 (The Easiest Funnel Builder For WordPress & WooCommerce by WPFunnels pl ...)
+ TODO: check
+CVE-2024-10675 (The affiliate-toolkit plugin for WordPress is vulnerable to Reflected ...)
+ TODO: check
+CVE-2024-10666 (The Easy Twitter Feed \u2013 Twitter feeds plugin for WP plugin for Wo ...)
+ TODO: check
+CVE-2024-10316 (The Stratum \u2013 Elementor Widgets plugin for WordPress is vulnerabl ...)
+ TODO: check
+CVE-2024-10034 (The Gallery Blocks with Lightbox. Image Gallery, (HTML5 video , YouTub ...)
+ TODO: check
+CVE-2024-52067 (Apache NiFi 1.16.0 through 1.28.0 and 2.0.0-M1 through 2.0.0-M4 includ ...)
NOT-FOR-US: Apache NiFi
-CVE-2024-11596 [ECMP dissector crash]
+CVE-2024-11596 (ECMP dissector crash in Wireshark 4.4.0 to 4.4.1 and 4.2.0 to 4.2.8 al ...)
- wireshark 4.4.2-1
NOTE: https://www.wireshark.org/security/wnpa-sec-2024-15.html
NOTE: https://gitlab.com/wireshark/wireshark/-/issues/20214
-CVE-2024-11595 [FiveCo RAP dissector infinite loop]
+CVE-2024-11595 (FiveCo RAP dissector infinite loop in Wireshark 4.4.0 to 4.4.1 and 4.2 ...)
- wireshark 4.4.2-1
NOTE: https://www.wireshark.org/security/wnpa-sec-2024-14.html
NOTE: https://gitlab.com/wireshark/wireshark/-/issues/20176
-CVE-2024-53095 [smb: client: Fix use-after-free of network namespace.]
+CVE-2024-53095 (In the Linux kernel, the following vulnerability has been resolved: s ...)
- linux 6.11.9-1
NOTE: https://git.kernel.org/linus/ef7134c7fc48e1441b398e55a862232868a6f0a7 (6.12-rc7)
-CVE-2024-53094 [RDMA/siw: Add sendpage_ok() check to disable MSG_SPLICE_PAGES]
+CVE-2024-53094 (In the Linux kernel, the following vulnerability has been resolved: R ...)
- linux 6.11.9-1
NOTE: https://git.kernel.org/linus/4e1e3dd88a4cedd5ccc1a3fc3d71e03b70a7a791 (6.12-rc4)
-CVE-2024-53093 [nvme-multipath: defer partition scanning]
+CVE-2024-53093 (In the Linux kernel, the following vulnerability has been resolved: n ...)
- linux 6.11.9-1
NOTE: https://git.kernel.org/linus/1f021341eef41e77a633186e9be5223de2ce5d48 (6.12-rc4)
-CVE-2024-53092 [virtio_pci: Fix admin vq cleanup by using correct info pointer]
+CVE-2024-53092 (In the Linux kernel, the following vulnerability has been resolved: v ...)
- linux 6.11.9-1
[bookworm] - linux <not-affected> (Vulnerable code not present)
[bullseye] - linux <not-affected> (Vulnerable code not present)
NOTE: https://git.kernel.org/linus/97ee04feb682c906a1fa973ebe586fe91567d165 (6.12)
-CVE-2024-53091 [bpf: Add sk_is_inet and IS_ICSK check in tls_sw_has_ctx_tx/rx]
+CVE-2024-53091 (In the Linux kernel, the following vulnerability has been resolved: b ...)
- linux 6.11.9-1
[bullseye] - linux <not-affected> (Vulnerable code not present)
NOTE: https://git.kernel.org/linus/44d0469f79bd3d0b3433732877358df7dc6b17b1 (6.12)
-CVE-2024-53090 [afs: Fix lock recursion]
+CVE-2024-53090 (In the Linux kernel, the following vulnerability has been resolved: a ...)
- linux 6.11.9-1
NOTE: https://git.kernel.org/linus/610a79ffea02102899a1373fe226d949944a7ed6 (6.12-rc5)
-CVE-2024-53089 [LoongArch: KVM: Mark hrtimer to expire in hard interrupt context]
+CVE-2024-53089 (In the Linux kernel, the following vulnerability has been resolved: L ...)
- linux 6.11.9-1
NOTE: https://git.kernel.org/linus/73adbd92f3223dc0c3506822b71c6b259d5d537b (6.12-rc5)
CVE-2024-9875 (Okta Privileged Access server agent (SFTD) versions 1.82.0 to 1.84.0 a ...)
@@ -162,7 +310,7 @@ CVE-2024-51162 (An issue in Audimex EE v.15.1.20 and before allows a remote atta
NOT-FOR-US: Audimex EE
CVE-2024-51151 (D-Link DI-8200 16.07.26A1 is vulnerable to remote command execution in ...)
NOT-FOR-US: D-Link
-CVE-2024-49203 (Querydsl 5.1.0 allows SQL/HQL injection in orderBy in JPAQuery.)
+CVE-2024-49203 (Querydsl 5.1.0 and OpenFeign Querydsl 6.8 allows SQL/HQL injection in ...)
NOT-FOR-US: Querydsl
CVE-2024-48986 (An issue was discovered in MBed OS 6.16.0. Its hci parsing software dy ...)
NOT-FOR-US: MBed OS
@@ -401,12 +549,12 @@ CVE-2024-11236
NOTE: https://github.com/php/php-src/security/advisories/GHSA-5hqh-c84r-qjcv
NOTE: https://github.com/php/php-src/commit/7742f79a8a9c20522dbf40e1dc1d4ccad71d399c (php-8.2.26)
NOTE: https://github.com/php/php-src/commit/2dbe1425c5768faea2aa7bca26081dd208c94ac8 (php-8.2.26)
-CVE-2024-8929
+CVE-2024-8929 (In PHP versions 8.1.* before 8.1.31, 8.2.* before 8.2.26, 8.3.* before ...)
- php8.2 <unfixed>
- php7.4 <removed>
NOTE: https://github.com/php/php-src/security/advisories/GHSA-h35g-vwh6-m678
NOTE: https://github.com/php/php-src/commit/6c0e2eb2f839d066924c164f65f17d1261529334 (php-8.2.26)
-CVE-2024-8932
+CVE-2024-8932 (In PHP versions 8.1.* before 8.1.31, 8.2.* before 8.2.26, 8.3.* before ...)
- php8.2 <unfixed>
- php7.4 <removed>
NOTE: https://github.com/php/php-src/security/advisories/GHSA-g665-fm4p-vhff
@@ -1177,7 +1325,7 @@ CVE-2024-51053 (An arbitrary file upload vulnerability in the component /main/fi
NOT-FOR-US: AVSCMS
CVE-2024-51051 (AVSCMS v8.2.0 was discovered to contain weak default credentials for t ...)
NOT-FOR-US: AVSCMS
-CVE-2024-50849 (Cross-Site Scripting (XSS) in the "Rules" functionality in WordServer ...)
+CVE-2024-50849 (A Stored Cross-Site Scripting (XSS) vulnerability in the "Rules" funct ...)
NOT-FOR-US: WordServer
CVE-2024-50848 (An XML External Entity (XXE) vulnerability in the Import object and Tr ...)
NOT-FOR-US: WorldServer
@@ -1759,7 +1907,7 @@ CVE-2024-47208 (Server-Side Request Forgery (SSRF), Improper Control of Generati
NOT-FOR-US: Apache OFBiz
CVE-2024-48962 (Improper Control of Generation of Code ('Code Injection'), Cross-Site ...)
NOT-FOR-US: Apache OFBiz
-CVE-2024-52616 [Avahi Wide-Area DNS Predictable Transaction IDs]
+CVE-2024-52616 (A flaw was found in the Avahi-daemon, where it initializes DNS transac ...)
- avahi <unfixed>
[bookworm] - avahi <no-dsa> (Minor issue; workarounds/mitigation exist by setting enable-wide-area=no)
[bullseye] - avahi <postponed> (Minor issue; workarounds/mitigation exist by setting enable-wide-area=no)
@@ -1769,7 +1917,7 @@ CVE-2024-52616 [Avahi Wide-Area DNS Predictable Transaction IDs]
NOTE: turn off wide-area feature: https://github.com/avahi/avahi/pull/577
NOTE: Revisiting of feature: https://github.com/avahi/avahi/issues/578
NOTE: https://github.com/avahi/avahi/security/advisories/GHSA-r9j3-vjjh-p8vm
-CVE-2024-52615 [Avahi Wide-Area DNS Uses Constant Source Port]
+CVE-2024-52615 (A flaw was found in Avahi-daemon, which relies on fixed source ports f ...)
- avahi <unfixed>
[bookworm] - avahi <no-dsa> (Minor issue; workarounds/mitigation exist by setting enable-wide-area=no)
[bullseye] - avahi <postponed> (Minor issue; workarounds/mitigation exist by setting enable-wide-area=no)
@@ -18367,7 +18515,8 @@ CVE-2024-45799 (FluxCP is a web-based Control Panel for rAthena servers written
NOT-FOR-US: rAthena FluxCP
CVE-2024-44623 (An issue in TuomoKu SPx-GC v.1.3.0 and before allows a remote attacker ...)
NOT-FOR-US: TuomoKu SPx-GC
-CVE-2024-44445 (An issue was discovered in BSC Smart Contract 0x0506e571aba3dd4c9d71be ...)
+CVE-2024-44445
+ REJECTED
NOT-FOR-US: BSC Smart Contract
CVE-2024-42798 (An Incorrect Access Control vulnerability was found in /music/index.ph ...)
NOT-FOR-US: Kashipara Music Management System
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/b4a2d0cfdff323b37e386ee721a0b73ea111e3d4
--
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/b4a2d0cfdff323b37e386ee721a0b73ea111e3d4
You're receiving this email because of your account on salsa.debian.org.
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://alioth-lists.debian.net/pipermail/debian-security-tracker-commits/attachments/20241122/09d59861/attachment-0001.htm>
More information about the debian-security-tracker-commits
mailing list