[Git][security-tracker-team/security-tracker][master] automatic update
Salvatore Bonaccorso (@carnil)
carnil at debian.org
Mon Nov 25 20:12:13 GMT 2024
Salvatore Bonaccorso pushed to branch master at Debian Security Tracker / security-tracker
Commits:
9fff0d6c by security tracker role at 2024-11-25T20:12:06+00:00
automatic update
- - - - -
1 changed file:
- data/CVE/list
Changes:
=====================================
data/CVE/list
=====================================
@@ -1,3 +1,115 @@
+CVE-2024-8272 (The com.uaudio.bsd.helperservice, responsible for handling privileged ...)
+ TODO: check
+CVE-2024-7915 (The application Sensei Mac Cleaner contains a local privilege escalati ...)
+ TODO: check
+CVE-2024-7056 (The WPForms WordPress plugin before 1.9.1.6 does not sanitise and esc ...)
+ TODO: check
+CVE-2024-6393 (The Photo Gallery, Sliders, Proofing and WordPress plugin before 3.5 ...)
+ TODO: check
+CVE-2024-53930 (WikiDocs before 1.0.65 allows stored XSS by authenticated users via da ...)
+ TODO: check
+CVE-2024-53916 (In OpenStack Neutron through 25.0.0, neutron/extensions/tagging.py can ...)
+ TODO: check
+CVE-2024-53915 (An issue was discovered in the server in Veritas Enterprise Vault befo ...)
+ TODO: check
+CVE-2024-53914 (An issue was discovered in the server in Veritas Enterprise Vault befo ...)
+ TODO: check
+CVE-2024-53913 (An issue was discovered in the server in Veritas Enterprise Vault befo ...)
+ TODO: check
+CVE-2024-53912 (An issue was discovered in the server in Veritas Enterprise Vault befo ...)
+ TODO: check
+CVE-2024-53911 (An issue was discovered in the server in Veritas Enterprise Vault befo ...)
+ TODO: check
+CVE-2024-53910 (An issue was discovered in the server in Veritas Enterprise Vault befo ...)
+ TODO: check
+CVE-2024-53909 (An issue was discovered in the server in Veritas Enterprise Vault befo ...)
+ TODO: check
+CVE-2024-53599 (A cross-site scripting (XSS) vulnerability in the /scroll.php endpoint ...)
+ TODO: check
+CVE-2024-53268 (Joplin is an open source, privacy-focused note taking app with sync ca ...)
+ TODO: check
+CVE-2024-53262 (SvelteKit is a framework for rapidly developing robust, performant web ...)
+ TODO: check
+CVE-2024-53261 (SvelteKit is a framework for rapidly developing robust, performant web ...)
+ TODO: check
+CVE-2024-53258 (Autolab is a course management service that enables auto-graded progra ...)
+ TODO: check
+CVE-2024-53255 (BoidCMS is a free and open-source flat file CMS for building simple we ...)
+ TODO: check
+CVE-2024-52811 (The ngtcp2 project is an effort to implement IETF QUIC protocol in C. ...)
+ TODO: check
+CVE-2024-52787 (An issue in the upload_documents method of libre-chat v0.0.6 allows at ...)
+ TODO: check
+CVE-2024-52529 (Cilium is a networking, observability, and security solution with an e ...)
+ TODO: check
+CVE-2024-51723 (A Stored Cross-Site Scripting (XSS) vulnerability in the Management Co ...)
+ TODO: check
+CVE-2024-45756 (An issue was discovered in Centreon centreon-open-tickets 24.10.x befo ...)
+ TODO: check
+CVE-2024-45755 (An issue was discovered in Centreon centreon-dsm-server 24.10.x before ...)
+ TODO: check
+CVE-2024-32468 (Deno is a runtime for JavaScript and TypeScript written in rust. Sever ...)
+ TODO: check
+CVE-2024-27134 (Excessive directory permissions in MLflow leads to local privilege esc ...)
+ TODO: check
+CVE-2024-11672 (Incorrect authorization in the add permission component in Devolutions ...)
+ TODO: check
+CVE-2024-11671 (Improper authentication in SQL data source MFA validation in Devolutio ...)
+ TODO: check
+CVE-2024-11670 (Incorrect authorization in the permission validation component of Devo ...)
+ TODO: check
+CVE-2024-11666 (Affected devices beacon to eCharge cloud infrastructure asking if ther ...)
+ TODO: check
+CVE-2024-11665 (Improper Neutralization of Special Elements used in a Command ('Comman ...)
+ TODO: check
+CVE-2024-11664 (A vulnerability, which was classified as critical, has been found in e ...)
+ TODO: check
+CVE-2024-11663 (A vulnerability classified as critical was found in Codezips E-Commerc ...)
+ TODO: check
+CVE-2024-11662 (A vulnerability was found in welliamcao OpsManage 3.0.1/3.0.2/3.0.3/3. ...)
+ TODO: check
+CVE-2024-11661 (A vulnerability was found in Codezips Free Exam Hall Seating Managemen ...)
+ TODO: check
+CVE-2024-11660 (A vulnerability was found in code-projects Farmacia 1.0. It has been c ...)
+ TODO: check
+CVE-2024-11659 (A vulnerability was found in EnGenius ENH1350EXT, ENS500-AC and ENS620 ...)
+ TODO: check
+CVE-2024-11658 (A vulnerability has been found in EnGenius ENH1350EXT, ENS500-AC and E ...)
+ TODO: check
+CVE-2024-11657 (A vulnerability, which was classified as critical, was found in EnGeni ...)
+ TODO: check
+CVE-2024-11656 (A vulnerability, which was classified as critical, has been found in E ...)
+ TODO: check
+CVE-2024-11655 (A vulnerability classified as critical was found in EnGenius ENH1350EX ...)
+ TODO: check
+CVE-2024-11654 (A vulnerability classified as critical has been found in EnGenius ENH1 ...)
+ TODO: check
+CVE-2024-11653 (A vulnerability was found in EnGenius ENH1350EXT, ENS500-AC and ENS620 ...)
+ TODO: check
+CVE-2024-11652 (A vulnerability was found in EnGenius ENH1350EXT, ENS500-AC and ENS620 ...)
+ TODO: check
+CVE-2024-11651 (A vulnerability was found in EnGenius ENH1350EXT, ENS500-AC and ENS620 ...)
+ TODO: check
+CVE-2024-11650 (A vulnerability was found in Tenda i9 1.0.0.8(3828) and classified as ...)
+ TODO: check
+CVE-2024-11649 (A vulnerability has been found in 1000 Projects Beauty Parlour Managem ...)
+ TODO: check
+CVE-2024-11648 (A vulnerability, which was classified as critical, was found in 1000 P ...)
+ TODO: check
+CVE-2024-11647 (A vulnerability, which was classified as critical, has been found in 1 ...)
+ TODO: check
+CVE-2024-11646 (A vulnerability classified as critical was found in 1000 Projects Beau ...)
+ TODO: check
+CVE-2024-11498 (There exists a stack buffer overflow in libjxl.A specifically-crafted ...)
+ TODO: check
+CVE-2024-11403 (There exists an out of bounds read/write in LibJXL versions prior to c ...)
+ TODO: check
+CVE-2024-10710 (The YaDisk Files WordPress plugin through 1.2.5 does not sanitise and ...)
+ TODO: check
+CVE-2024-10709 (The YaDisk Files WordPress plugin through 1.2.5 does not validate and ...)
+ TODO: check
+CVE-2023-45181 (IBM Jazz Foundation 7.0.2 and below are vulnerable to cross-site scrip ...)
+ TODO: check
CVE-2024-53901 (The Imager package before 1.025 for Perl has a heap-based buffer overf ...)
- libimager-perl 1.025+dfsg-1
[bookworm] - libimager-perl <no-dsa> (Minor issue)
@@ -30,17 +142,17 @@ CVE-2024-10519 (The Wishlist for WooCommerce: Multi Wishlists Per Customer PRO p
NOT-FOR-US: WordPress plugin
CVE-2023-7299 (A vulnerability was found in DataGear up to 4.60. It has been declared ...)
NOT-FOR-US: DataGear
-CVE-2024-9666
+CVE-2024-9666 (A vulnerability was found in the Keycloak Server. The Keycloak Server ...)
NOT-FOR-US: Keycloak
-CVE-2024-6538
+CVE-2024-6538 (A flaw was found in OpenShift Console. A Server Side Request Forgery ( ...)
NOT-FOR-US: OpenShift
-CVE-2024-11483
+CVE-2024-11483 (A vulnerability was found in the Ansible Automation Platform (AAP). Th ...)
NOT-FOR-US: Ansible Automation Platform (AAP)
-CVE-2024-10492
+CVE-2024-10492 (A vulnerability was found in Keycloak. A user with high privileges cou ...)
NOT-FOR-US: Keycloak
-CVE-2024-10451
+CVE-2024-10451 (A flaw was found in Keycloak. This issue occurs because sensitive runt ...)
NOT-FOR-US: Keycloak
-CVE-2024-10270
+CVE-2024-10270 (A vulnerability was found in the Keycloak-services package. If untrust ...)
NOT-FOR-US: Keycloak
CVE-2024-10039
NOT-FOR-US: Keycloak
@@ -749,11 +861,11 @@ CVE-2024-52723 (In TOTOLINK X6000R V9.4.0cu.1041_B20240224 in the shttpd file, t
NOT-FOR-US: TOTOLINK
CVE-2024-51766 (A potential security vulnerability has been identified in the HPE NonS ...)
NOT-FOR-US: HPE
-CVE-2024-51074 (Incorrect access control in Instrument Cluster KIA Seltos Software v1. ...)
+CVE-2024-51074 (Incorrect access control in KIA Seltos vehicle instrument cluster with ...)
NOT-FOR-US: Instrument Cluster KIA Seltos
-CVE-2024-51073 (An issue in Instrument Cluster KIA Seltos Software v1.0, Hardware v1.0 ...)
+CVE-2024-51073 (An issue in KIA Seltos vehicle instrument cluster with software and ha ...)
NOT-FOR-US: Instrument Cluster KIA Seltos
-CVE-2024-51072 (An issue in Instrument Cluster KIA Seltos Software v1.0, Hardware v1.0 ...)
+CVE-2024-51072 (An issue in KIA Seltos vehicle instrument cluster with software and ha ...)
NOT-FOR-US: Instrument Cluster KIA Seltos
CVE-2024-50965 (Cross Site Scripting vulnerability in Public Knowledge Project PKP Pla ...)
NOT-FOR-US: Public Knowledge Project PKP Platform OJS/OMP/OPS-
@@ -781,7 +893,7 @@ CVE-2024-48861 (An OS command injection vulnerability has been reported to affec
NOT-FOR-US: QNAP
CVE-2024-48860 (An OS command injection vulnerability has been reported to affect seve ...)
NOT-FOR-US: QNAP
-CVE-2024-47863 (An issue was discovered in Centreon Web through 24.10. A stored XSS wa ...)
+CVE-2024-47863 (An issue was discovered in Centreon Web 24.10.x before 24.10.0, 24.04. ...)
- centreon-web <itp> (bug #913903)
CVE-2024-45719 (Inadequate Encryption Strength vulnerability in Apache Answer. This i ...)
NOT-FOR-US: Apache Answer
@@ -8282,13 +8394,13 @@ CVE-2024-10108 (The WPAdverts \u2013 Classifieds Plugin plugin for WordPress is
CVE-2023-5816 (The Code Explorer plugin for WordPress is vulnerable to arbitrary exte ...)
NOT-FOR-US: WordPress plugin
CVE-2024-46956 (An issue was discovered in psi/zfile.c in Artifex Ghostscript before 1 ...)
- {DSA-5808-1}
+ {DSA-5808-1 DLA-3965-1}
- ghostscript 10.04.0~dfsg-1
NOTE: https://bugs.ghostscript.com/show_bug.cgi?id=707895
NOTE: https://cgit.ghostscript.com/cgi-bin/cgit.cgi/ghostpdl.git/commit/?id=f4151f12db32cd3ed26c24327de714bf2c3ed6ca
NOTE: https://cgit.ghostscript.com/cgi-bin/cgit.cgi/ghostpdl.git/commit/?id=ea69a1388245ad959d31c272b5ba66d40cebba2c (ghostpdl-10.04.0)
CVE-2024-46955 (An issue was discovered in psi/zcolor.c in Artifex Ghostscript before ...)
- {DSA-5808-1}
+ {DSA-5808-1 DLA-3965-1}
- ghostscript 10.04.0~dfsg-1
NOTE: https://bugs.ghostscript.com/show_bug.cgi?id=707990
NOTE: https://cgit.ghostscript.com/cgi-bin/cgit.cgi/ghostpdl.git/commit/?id=85bd9d2f4b792fe67aef22f1a4117457461b8ba6
@@ -8303,7 +8415,7 @@ CVE-2024-46954 (An issue was discovered in decode_utf8 in base/gp_utf8.c in Arti
NOTE: https://cgit.ghostscript.com/cgi-bin/cgit.cgi/ghostpdl.git/commit/?id=55f587dd039282316f512e1bea64218fd991f934
NOTE: https://cgit.ghostscript.com/cgi-bin/cgit.cgi/ghostpdl.git/commit/?id=282f691f5e57b6bf55ba51ad8c2be2cce8edb938 (ghostpdl-10.04.0)
CVE-2024-46953 (An issue was discovered in base/gsdevice.c in Artifex Ghostscript befo ...)
- {DSA-5808-1}
+ {DSA-5808-1 DLA-3965-1}
- ghostscript 10.04.0~dfsg-1
NOTE: https://bugs.ghostscript.com/show_bug.cgi?id=707793
NOTE: https://cgit.ghostscript.com/cgi-bin/cgit.cgi/ghostpdl.git/commit/?id=1f21a45df0fa3abec4cff12951022b192dda3c00
@@ -8317,7 +8429,7 @@ CVE-2024-46952 (An issue was discovered in pdf/pdf_xref.c in Artifex Ghostscript
NOTE: https://cgit.ghostscript.com/cgi-bin/cgit.cgi/ghostpdl.git/commit/?id=b1f0827c30f59a2dcbc8a39e42cace7a1de35f7f
NOTE: https://cgit.ghostscript.com/cgi-bin/cgit.cgi/ghostpdl.git/commit/?id=1fb76aaddac34530242dfbb9579d9997dae41264 (ghostpdl-10.04.0)
CVE-2024-46951 (An issue was discovered in psi/zcolor.c in Artifex Ghostscript before ...)
- {DSA-5808-1}
+ {DSA-5808-1 DLA-3965-1}
- ghostscript 10.04.0~dfsg-1
NOTE: https://bugs.ghostscript.com/show_bug.cgi?id=707991
NOTE: https://cgit.ghostscript.com/cgi-bin/cgit.cgi/ghostpdl.git/commit/?id=f49812186baa7d1362880673408a6fbe8719b4f8
@@ -92023,7 +92135,7 @@ CVE-2023-6129 (Issue summary: The POLY1305 MAC (message authentication code) imp
NOTE: https://git.openssl.org/gitweb/?p=openssl.git;a=commitdiff;h=050d26383d4e264966fb83428e72d5d48f402d35 (openssl-3.0)
CVE-2023-6122 (Improper Neutralization of Input During Web Page Generation ('Cross-si ...)
NOT-FOR-US: Istanbul Soft Informatics and Consultancy Limited Company Softomi Software
-CVE-2023-5989 (Improper Neutralization of Input During Web Page Generation ('Cross-si ...)
+CVE-2023-5989 (An Improper Neutralization of Input During Web Page Generation ('Cross ...)
NOT-FOR-US: LioXERP
CVE-2023-5988 (Improper Neutralization of Input During Web Page Generation ('Cross-si ...)
NOT-FOR-US: LioXERP
@@ -141394,8 +141506,8 @@ CVE-2023-26282 (IBM Watson CP4D Data Stores 4.6.0 through 4.6.3 could allow a us
NOT-FOR-US: IBM
CVE-2023-26281 (IBM HTTP Server 8.5 used by IBM WebSphere Application Server could all ...)
NOT-FOR-US: IBM
-CVE-2023-26280
- RESERVED
+CVE-2023-26280 (IBM Jazz Foundation 7.0.2 and 7.0.3could allow a user to change their ...)
+ TODO: check
CVE-2023-26279 (IBM QRadar WinCollect Agent 10.0 through 10.1.7 could allow a local us ...)
NOT-FOR-US: IBM
CVE-2023-26278 (IBM QRadar WinCollect Agent 10.0 through 10.1.3 could allow a local au ...)
@@ -199349,10 +199461,10 @@ CVE-2022-33864
RESERVED
CVE-2022-33863
RESERVED
-CVE-2022-33862
- RESERVED
-CVE-2022-33861
- RESERVED
+CVE-2022-33862 (IPP software prior to v1.71 is vulnerable to default credential vulner ...)
+ TODO: check
+CVE-2022-33861 (IPP software versions prior to v1.71 do not sufficiently verify the au ...)
+ TODO: check
CVE-2022-33860
RESERVED
CVE-2022-33859 (A security vulnerability was discovered in the Eaton Foreseer EPMS sof ...)
@@ -299007,8 +299119,8 @@ CVE-2021-23284 (Eaton Intelligent Power Manager Infrastructure (IPM Infrastructu
NOT-FOR-US: Eaton Intelligent Power Manager (IPM)
CVE-2021-23283 (Eaton Intelligent Power Protector (IPP) prior to version 1.69 is vulne ...)
NOT-FOR-US: Eaton Intelligent Power Manager (IPM)
-CVE-2021-23282
- RESERVED
+CVE-2021-23282 (Eaton Intelligent Power Manager (IPM) prior to 1.70 is vulnerable to s ...)
+ TODO: check
CVE-2021-23281 (Eaton Intelligent Power Manager (IPM) prior to 1.69 is vulnerable to u ...)
NOT-FOR-US: Eaton Intelligent Power Manager (IPM)
CVE-2021-23280 (Eaton Intelligent Power Manager (IPM) prior to 1.69 is vulnerable to a ...)
@@ -356173,10 +356285,10 @@ CVE-2020-12494 (Beckhoff's TwinCAT RT network driver for Intel 8254x and 8255x i
NOT-FOR-US: Beckhoff
CVE-2020-12493 (An open port used for debugging in SWARCOs CPU LS4000 Series with vers ...)
NOT-FOR-US: SWARCOs CPU LS4000 Series
-CVE-2020-12492
- RESERVED
-CVE-2020-12491
- RESERVED
+CVE-2020-12492 (Improper handling of WiFi information by framework services can allow ...)
+ TODO: check
+CVE-2020-12491 (Improper control of framework service permissions with possibility of ...)
+ TODO: check
CVE-2020-12490
RESERVED
CVE-2020-12489
@@ -360516,8 +360628,8 @@ CVE-2020-11313
REJECTED
CVE-2020-11312
REJECTED
-CVE-2020-11311
- RESERVED
+CVE-2020-11311 (This record is rejected as duplicate. All references should point to C ...)
+ TODO: check
CVE-2020-11310
REJECTED
CVE-2020-11309 (Use after free in GPU driver while mapping the user memory to GPU memo ...)
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/9fff0d6c972d445075f7ecd32ea0eee334e864ee
--
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/9fff0d6c972d445075f7ecd32ea0eee334e864ee
You're receiving this email because of your account on salsa.debian.org.
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://alioth-lists.debian.net/pipermail/debian-security-tracker-commits/attachments/20241125/cfbac5c0/attachment-0001.htm>
More information about the debian-security-tracker-commits
mailing list