[Git][security-tracker-team/security-tracker][master] automatic update
Salvatore Bonaccorso (@carnil)
carnil at debian.org
Fri Nov 22 20:12:19 GMT 2024
Salvatore Bonaccorso pushed to branch master at Debian Security Tracker / security-tracker
Commits:
83ff3152 by security tracker role at 2024-11-22T20:12:11+00:00
automatic update
- - - - -
1 changed file:
- data/CVE/list
Changes:
=====================================
data/CVE/list
=====================================
@@ -1,3 +1,117 @@
+CVE-2024-7882 (Improper Neutralization of Special Elements used in an SQL Command ('S ...)
+ TODO: check
+CVE-2024-7837 (Improper Neutralization of Special Elements used in an SQL Command ('S ...)
+ TODO: check
+CVE-2024-53438 (EventAttendance.php in ChurchCRM 5.7.0 is vulnerable to SQL injection. ...)
+ TODO: check
+CVE-2024-53253 (Sentry is an error tracking and performance monitoring platform. Versi ...)
+ TODO: check
+CVE-2024-52998 (Substance3D - Stager versions 3.0.2 and earlier are affected by an out ...)
+ TODO: check
+CVE-2024-52814 (Argo Helm is a collection of community maintained charts for `argoproj ...)
+ TODO: check
+CVE-2024-52804 (Tornado is a Python web framework and asynchronous networking library. ...)
+ TODO: check
+CVE-2024-52802 (RIOT is an operating system for internet of things (IoT) devices. In v ...)
+ TODO: check
+CVE-2024-52793 (The Deno Standard Library provides APIs for Deno and the Web. Prior to ...)
+ TODO: check
+CVE-2024-52726 (CRMEB v5.4.0 is vulnerable to Arbitrary file read in the save_basics f ...)
+ TODO: check
+CVE-2024-52723 (In TOTOLINK X6000R V9.4.0cu.1041_B20240224 in the shttpd file, the Uci ...)
+ TODO: check
+CVE-2024-51766 (A potential security vulnerability has been identified in the HPE NonS ...)
+ TODO: check
+CVE-2024-51074 (Incorrect access control in Instrument Cluster KIA Seltos Software v1. ...)
+ TODO: check
+CVE-2024-51073 (An issue in Instrument Cluster KIA Seltos Software v1.0, Hardware v1.0 ...)
+ TODO: check
+CVE-2024-51072 (An issue in Instrument Cluster KIA Seltos Software v1.0, Hardware v1.0 ...)
+ TODO: check
+CVE-2024-50965 (Cross Site Scripting vulnerability in Public Knowledge Project PKP Pla ...)
+ TODO: check
+CVE-2024-50657 (An issue in Owncloud android apk v.4.3.1 allows a physically proximate ...)
+ TODO: check
+CVE-2024-50401 (A use of externally-controlled format string vulnerability has been re ...)
+ TODO: check
+CVE-2024-50400 (A use of externally-controlled format string vulnerability has been re ...)
+ TODO: check
+CVE-2024-50399 (A use of externally-controlled format string vulnerability has been re ...)
+ TODO: check
+CVE-2024-50398 (A use of externally-controlled format string vulnerability has been re ...)
+ TODO: check
+CVE-2024-50397 (A use of externally-controlled format string vulnerability has been re ...)
+ TODO: check
+CVE-2024-50396 (A use of externally-controlled format string vulnerability has been re ...)
+ TODO: check
+CVE-2024-50395 (An authorization bypass through user-controlled key vulnerability has ...)
+ TODO: check
+CVE-2024-49054 (Microsoft Edge (Chromium-based) Spoofing Vulnerability)
+ TODO: check
+CVE-2024-48862 (A link following vulnerability has been reported to affect QuLog Cente ...)
+ TODO: check
+CVE-2024-48861 (An OS command injection vulnerability has been reported to affect seve ...)
+ TODO: check
+CVE-2024-48860 (An OS command injection vulnerability has been reported to affect seve ...)
+ TODO: check
+CVE-2024-47863 (An issue was discovered in Centreon Web through 24.10. A stored XSS wa ...)
+ TODO: check
+CVE-2024-45719 (Inadequate Encryption Strength vulnerability in Apache Answer. This i ...)
+ TODO: check
+CVE-2024-44786 (Incorrect access control in Meabilis CMS 1.0 allows attackers to acces ...)
+ TODO: check
+CVE-2024-41781 (IBM PowerVM Platform KeyStore (IBM PowerVM Hypervisor FW950.00 through ...)
+ TODO: check
+CVE-2024-41779 (IBM Engineering Systems Design Rhapsody - Model Manager 7.0.2 and 7.0. ...)
+ TODO: check
+CVE-2024-38647 (An exposure of sensitive information vulnerability has been reported t ...)
+ TODO: check
+CVE-2024-38646 (An incorrect permission assignment for critical resource vulnerability ...)
+ TODO: check
+CVE-2024-38645 (A server-side request forgery (SSRF) vulnerability has been reported t ...)
+ TODO: check
+CVE-2024-38644 (An OS command injection vulnerability has been reported to affect Note ...)
+ TODO: check
+CVE-2024-38643 (A missing authentication for critical function vulnerability has been ...)
+ TODO: check
+CVE-2024-37783 (A reflected cross-site scripting (XSS) vulnerability in Gladinet Centr ...)
+ TODO: check
+CVE-2024-37782 (An LDAP injection vulnerability in the login page of Gladinet CentreSt ...)
+ TODO: check
+CVE-2024-37050 (A buffer copy without checking size of input vulnerability has been re ...)
+ TODO: check
+CVE-2024-37049 (A buffer copy without checking size of input vulnerability has been re ...)
+ TODO: check
+CVE-2024-37048 (A NULL pointer dereference vulnerability has been reported to affect s ...)
+ TODO: check
+CVE-2024-37047 (A buffer copy without checking size of input vulnerability has been re ...)
+ TODO: check
+CVE-2024-37046 (A path traversal vulnerability has been reported to affect several QNA ...)
+ TODO: check
+CVE-2024-37045 (A NULL pointer dereference vulnerability has been reported to affect s ...)
+ TODO: check
+CVE-2024-37044 (A buffer copy without checking size of input vulnerability has been re ...)
+ TODO: check
+CVE-2024-37043 (A path traversal vulnerability has been reported to affect several QNA ...)
+ TODO: check
+CVE-2024-37042 (A NULL pointer dereference vulnerability has been reported to affect s ...)
+ TODO: check
+CVE-2024-37041 (A buffer copy without checking size of input vulnerability has been re ...)
+ TODO: check
+CVE-2024-32770 (A cross-site scripting (XSS) vulnerability has been reported to affect ...)
+ TODO: check
+CVE-2024-32769 (A cross-site scripting (XSS) vulnerability has been reported to affect ...)
+ TODO: check
+CVE-2024-32768 (A cross-site scripting (XSS) vulnerability has been reported to affect ...)
+ TODO: check
+CVE-2024-32767 (A cross-site scripting (XSS) vulnerability has been reported to affect ...)
+ TODO: check
+CVE-2024-11618 (A vulnerability classified as critical was found in IPC Unigy Manageme ...)
+ TODO: check
+CVE-2024-10863 (: Insufficient Logging vulnerability in OpenText Secure Content Manage ...)
+ TODO: check
+CVE-2024-10220 (The Kubernetes kubelet component allows arbitrary command execution vi ...)
+ TODO: check
CVE-2024-9542 (The Sky Addons for Elementor plugin for WordPress is vulnerable to Sen ...)
NOT-FOR-US: WordPress plugin
CVE-2024-9422 (The GEO my WP WordPress plugin before 4.5, gmw-premium-settings WordPr ...)
@@ -310,9 +424,9 @@ CVE-2024-51209 (Cross-Site Scripting (XSS) vulnerabilities in Anuj Kumar's Clien
NOT-FOR-US: Anuj Kumar's Client Management System
CVE-2024-51208 (File Upload vulnerability in change-image.php in Anuj Kumar's Boat Boo ...)
NOT-FOR-US: Anuj Kumar's Boat Booking System
-CVE-2024-51163 (Local File Inclusion vulnerability in Vegam Solutions Vegam 4i v.6.3.4 ...)
+CVE-2024-51163 (A Local File Inclusion vulnerability in Vegam Solutions Vegam 4i versi ...)
NOT-FOR-US: Vegam Solutions Vegam 4i
-CVE-2024-51162 (An issue in Audimex EE v.15.1.20 and before allows a remote attacker t ...)
+CVE-2024-51162 (An issue in Audimex EE versions 15.1.20 and earlier allowing a remote ...)
NOT-FOR-US: Audimex EE
CVE-2024-51151 (D-Link DI-8200 16.07.26A1 is vulnerable to remote command execution in ...)
NOT-FOR-US: D-Link
@@ -3440,7 +3554,7 @@ CVE-2024-47909 (A stack-based buffer overflow in Ivanti Connect Secure before ve
NOT-FOR-US: Ivanti
CVE-2024-47907 (A stack-based buffer overflow in IPsec of Ivanti Connect Secure before ...)
NOT-FOR-US: Ivanti
-CVE-2024-47906 (Excessive binary privileges in Ivanti Connect Secure which affects ver ...)
+CVE-2024-47906 (Excessive binary privileges in Ivanti Connect Secure before version 22 ...)
NOT-FOR-US: Ivanti
CVE-2024-47905 (A stack-based buffer overflow in Ivanti Connect Secure before version ...)
NOT-FOR-US: Ivanti
@@ -3708,11 +3822,11 @@ CVE-2024-11122 (A vulnerability, which was classified as critical, has been foun
NOT-FOR-US: Lingdang CRM
CVE-2024-11121 (A vulnerability classified as critical was found in \u4e0a\u6d77\u7075 ...)
NOT-FOR-US: Lingdang CRM
-CVE-2024-11007 (Command injection in Ivanti Connect Secure before version 22.7R2.1 and ...)
+CVE-2024-11007 (Command injection in Ivanti Connect Secure before version 22.7R2.1 (No ...)
NOT-FOR-US: Ivanti
-CVE-2024-11006 (Command injection in Ivanti Connect Secure before version 22.7R2.1 and ...)
+CVE-2024-11006 (Command injection in Ivanti Connect Secure before version 22.7R2.1 (No ...)
NOT-FOR-US: Ivanti
-CVE-2024-11005 (Command injection in Ivanti Connect Secure before version 22.7R2.1 and ...)
+CVE-2024-11005 (Command injection in Ivanti Connect Secure before version 22.7R2.1 (No ...)
NOT-FOR-US: Ivanti
CVE-2024-11004 (Reflected XSS in Ivanti Connect Secure before version 22.7R2.1 and Iva ...)
NOT-FOR-US: Ivanti
@@ -6123,13 +6237,13 @@ CVE-2024-51561 (This vulnerability exists in Aero due to improper implementation
NOT-FOR-US: Aero
CVE-2024-51560 (This vulnerability exists in the Wave 2.0due to improper exception han ...)
NOT-FOR-US: Wave 2.0
-CVE-2024-51559 (This vulnerability exists in the Wave 2.0dueto missing authorization c ...)
+CVE-2024-51559 (This vulnerability exists in the Wave 2.0 due to improper authorizatio ...)
NOT-FOR-US: Wave 2.0
CVE-2024-51558 (This vulnerability exists in the Wave 2.0due to missing restrictions f ...)
NOT-FOR-US: Wave 2.0
CVE-2024-51557 (This vulnerability exists in the Wave 2.0 due to missing rate limiting ...)
NOT-FOR-US: Wave 2.0
-CVE-2024-51556 (This vulnerability exists in the Wave 2.0 due to weak encryption of se ...)
+CVE-2024-51556 (This vulnerability exists in the Wave 2.0 due to insufficient encrypti ...)
NOT-FOR-US: Wave 2.0
CVE-2024-51408 (AppSmith Community 1.8.3 before 1.46 allows SSRF via New DataSource fo ...)
NOT-FOR-US: AppSmith Community
@@ -7773,7 +7887,7 @@ CVE-2024-44301 (The issue was addressed with improved checks. This issue is fixe
CVE-2024-44297 (The issue was addressed with improved bounds checks. This issue is fix ...)
NOT-FOR-US: Apple
CVE-2024-44296 (The issue was addressed with improved checks. This issue is fixed in t ...)
- {DSA-5804-1}
+ {DSA-5804-1 DLA-3961-1}
- webkit2gtk 2.46.3-1
[buster] - webkit2gtk <end-of-life> (EOL in buster LTS)
- wpewebkit 2.46.3-1
@@ -7851,7 +7965,7 @@ CVE-2024-44251 (This issue was addressed through improved state management. This
CVE-2024-44247 (The issue was addressed with improved checks. This issue is fixed in m ...)
NOT-FOR-US: Apple
CVE-2024-44244 (A memory corruption issue was addressed with improved input validation ...)
- {DSA-5804-1}
+ {DSA-5804-1 DLA-3961-1}
- webkit2gtk 2.46.3-1
[buster] - webkit2gtk <end-of-life> (EOL in buster LTS)
- wpewebkit 2.46.3-1
@@ -8890,7 +9004,7 @@ CVE-2024-44206 (An issue in the handling of URL protocols was addressed with imp
CVE-2024-44205 (A privacy issue was addressed with improved private data redaction for ...)
NOT-FOR-US: Apple
CVE-2024-44185 (The issue was addressed with improved checks. This issue is fixed in t ...)
- {DSA-5792-1}
+ {DSA-5792-1 DLA-3961-1}
- webkit2gtk 2.46.0-1
[buster] - webkit2gtk <end-of-life> (EOL in buster LTS)
- wpewebkit 2.46.1-1
@@ -18305,7 +18419,7 @@ CVE-2024-44189 (The issue was addressed with improved checks. This issue is fixe
CVE-2024-44188 (A permissions issue was addressed with additional restrictions. This i ...)
NOT-FOR-US: Apple
CVE-2024-44187 (A cross-origin issue existed with "iframe" elements. This was addresse ...)
- {DSA-5792-1}
+ {DSA-5792-1 DLA-3961-1}
- webkit2gtk 2.46.0-1
[buster] - webkit2gtk <end-of-life> (EOL in buster LTS)
- wpewebkit 2.46.1-1
@@ -18397,7 +18511,7 @@ CVE-2024-44125 (The issue was addressed with improved checks. This issue is fixe
CVE-2024-44124 (This issue was addressed through improved state management. This issue ...)
NOT-FOR-US: Apple
CVE-2024-40866 (The issue was addressed with improved UI. This issue is fixed in Safar ...)
- {DSA-5792-1}
+ {DSA-5792-1 DLA-3961-1}
- webkit2gtk 2.46.0-1
[buster] - webkit2gtk <end-of-life> (EOL in buster LTS)
- wpewebkit 2.46.1-1
@@ -146326,10 +146440,10 @@ CVE-2023-24469 (Potential Cross-Site Scripting in ArcSight Logger versions prior
NOT-FOR-US: ArcSight
CVE-2023-24468 (Broken access control in Advanced Authentication versions prior to 6.4 ...)
NOT-FOR-US: NetIQ
-CVE-2023-24467
- RESERVED
-CVE-2023-24466
- RESERVED
+CVE-2023-24467 (Possible Command Injection in iManager GET parameter has been disco ...)
+ TODO: check
+CVE-2023-24466 (Possible XML External Entity Injection in iManager GET parameter ha ...)
+ TODO: check
CVE-2023-24020 (Snap One Wattbox WB-300-IP-3 versions WB10.9a17 and prior could bypass ...)
NOT-FOR-US: Snap One Wattbox WB-300-IP-3
CVE-2023-23582 (Snap One Wattbox WB-300-IP-3 versions WB10.9a17 and prior are vulnerab ...)
@@ -220213,8 +220327,8 @@ CVE-2022-26326 (Potential open redirection vulnerability when URL is crafted in
NOT-FOR-US: NetIQ Access Manager
CVE-2022-26325 (Reflected Cross Site Scripting (XSS) vulnerability in NetIQ Access Man ...)
NOT-FOR-US: NetIQ Access Manager
-CVE-2022-26324
- RESERVED
+CVE-2022-26324 (Possible XSS in iManager URL for access Component has been discovered ...)
+ TODO: check
CVE-2022-26323
RESERVED
CVE-2022-26322 (Possible Insertion of Sensitive Information into Log File Vulnerabilit ...)
@@ -260331,10 +260445,10 @@ CVE-2021-38136 (Corero SecureWatch Managed Services 9.7.2.0020 is affected by a
NOT-FOR-US: Corero SecureWatch Managed Services
CVE-2021-3688 (A flaw was found in Red Hat JBoss Core Services HTTP Server in all ver ...)
NOT-FOR-US: Red Hat JBoss Core Services HTTP Server
-CVE-2021-38135
- RESERVED
-CVE-2021-38134
- RESERVED
+CVE-2021-38135 (Possible External Service Interaction attack in iManager has been di ...)
+ TODO: check
+CVE-2021-38134 (Possible XSS in iManager URL for access Component has been discovered ...)
+ TODO: check
CVE-2021-38133 (Possible External Service Interaction attack in eDirectory has been ...)
NOT-FOR-US: NetIQ
CVE-2021-38132 (Possible External Service Interaction attack in eDirectory has been ...)
@@ -260363,14 +260477,14 @@ CVE-2021-38121 (Insufficient or weak TLS protocol version identified in Advance
NOT-FOR-US: NetIQ
CVE-2021-38120 (A vulnerability identified in Advance Authentication that allows bash ...)
NOT-FOR-US: NetIQ
-CVE-2021-38119
- RESERVED
-CVE-2021-38118
- RESERVED
-CVE-2021-38117
- RESERVED
-CVE-2021-38116
- RESERVED
+CVE-2021-38119 (Possible Reflected Cross-Site Scripting (XSS) Vulnerability in iManag ...)
+ TODO: check
+CVE-2021-38118 (Possible improper input validation Vulnerability in iManager has been ...)
+ TODO: check
+CVE-2021-38117 (Possible Command injection Vulnerability in iManager has been discove ...)
+ TODO: check
+CVE-2021-38116 (Possible Elevation of Privilege Vulnerability in iManager has been di ...)
+ TODO: check
CVE-2021-38115 (read_header_tga in gd_tga.c in the GD Graphics Library (aka LibGD) thr ...)
{DLA-3781-1}
- libgd2 2.3.3-1 (bug #991912)
@@ -280554,8 +280668,8 @@ CVE-2021-30301 (Possible denial of service due to out of memory while processing
NOT-FOR-US: Qualcomm
CVE-2021-30300 (Possible denial of service due to incorrectly decoding hex data for th ...)
NOT-FOR-US: Qualcomm
-CVE-2021-30299
- RESERVED
+CVE-2021-30299 (Possible out of bound access in audio module due to lack of validation ...)
+ TODO: check
CVE-2021-30298 (Possible out of bound access due to improper validation of item size a ...)
NOT-FOR-US: Qualcomm components for Android
CVE-2021-30297 (Possible out of bound read due to improper validation of packet length ...)
@@ -523269,8 +523383,8 @@ CVE-2017-9713
RESERVED
CVE-2017-9712 (In Android for MSM, Firefox OS for MSM, QRD Android, with all Android ...)
NOT-FOR-US: Qualcomm components for Android
-CVE-2017-9711
- RESERVED
+CVE-2017-9711 (Certain unprivileged processes are able to perform IOCTL calls.)
+ TODO: check
CVE-2017-9710 (In Android for MSM, Firefox OS for MSM, QRD Android, with all Android ...)
NOT-FOR-US: Qualcomm components for Android
CVE-2017-9709 (In Android for MSM, Firefox OS for MSM, QRD Android, with all Android ...)
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/83ff3152202c786a4b8d1e62fb23fcc1efaf2fbd
--
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/83ff3152202c786a4b8d1e62fb23fcc1efaf2fbd
You're receiving this email because of your account on salsa.debian.org.
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://alioth-lists.debian.net/pipermail/debian-security-tracker-commits/attachments/20241122/dd78b924/attachment-0001.htm>
More information about the debian-security-tracker-commits
mailing list