[Git][security-tracker-team/security-tracker][master] automatic update

Salvatore Bonaccorso (@carnil) carnil at debian.org
Tue Nov 26 08:12:12 GMT 2024 


Salvatore Bonaccorso pushed to branch master at Debian Security Tracker / security-tracker


Commits:
c6b96c31 by security tracker role at 2024-11-26T08:12:06+00:00
automatic update

- - - - -


1 changed file:

- data/CVE/list


Changes:

=====================================
data/CVE/list
=====================================
@@ -1,26 +1,126 @@
-CVE-2024-53102 [nvme: make keep-alive synchronous operation]
+CVE-2024-9504 (The Booking calendar, Appointment Booking System plugin for WordPress  ...)
+	TODO: check
+CVE-2024-8772 (51l3nc3, member of the AXIS OS Bug Bounty Program, has found that the  ...)
+	TODO: check
+CVE-2024-8160 (Erik de Jong, member of the AXIS OS Bug Bounty Program, has found that ...)
+	TODO: check
+CVE-2024-6831 (Seth Fogie, member of AXIS Camera Station Pro Bug Bounty Program has f ...)
+	TODO: check
+CVE-2024-6749 (Seth Fogie, member of the AXIS Camera Station Pro Bug Bounty Program,  ...)
+	TODO: check
+CVE-2024-6476 (Gee-netics, member of the AXIS Camera Station Pro Bug Bounty Program h ...)
+	TODO: check
+CVE-2024-53843 (@dapperduckling/keycloak-connector-server is an opinionated series of  ...)
+	TODO: check
+CVE-2024-53597 (masterstack_imgcap v0.0.1 was discovered to contain a SQL injection vu ...)
+	TODO: check
+CVE-2024-53556 (An Open Redirect vulnerability in Taiga v6.8.1 allows attackers to red ...)
+	TODO: check
+CVE-2024-53554 (A Client-Side Template Injection (CSTI) vulnerability in the component ...)
+	TODO: check
+CVE-2024-53278 (Cross-site scripting vulnerability exists in WP Admin UI Customize ver ...)
+	TODO: check
+CVE-2024-52899 (IBM Data Virtualization Manager for z/OS 1.1 and 1.2 could allow an au ...)
+	TODO: check
+CVE-2024-50672 (A NoSQL injection vulnerability in Adapt Learning Adapt Authoring Tool ...)
+	TODO: check
+CVE-2024-50671 (Incorrect access control in Adapt Learning Adapt Authoring Tool <= 0.1 ...)
+	TODO: check
+CVE-2024-49597 (Dell Wyse Management Suite, versions WMS 4.4 and prior, contain an Imp ...)
+	TODO: check
+CVE-2024-49596 (Dell Wyse Management Suite, version WMS 4.4 and prior, contain a Missi ...)
+	TODO: check
+CVE-2024-49595 (Dell Wyse Management Suite, version WMS 4.4 and before, contain an Aut ...)
+	TODO: check
+CVE-2024-49353 (IBM Watson Speech Services Cartridge for IBM Cloud Pak for Data 4.0.0  ...)
+	TODO: check
+CVE-2024-49351 (IBM Workload Scheduler 9.5, 10.1, and 10.2 stores user credentials in  ...)
+	TODO: check
+CVE-2024-47257 (Florent Thi\xe9ry has found that selected Axis devices were vulnerable ...)
+	TODO: check
+CVE-2024-36254 (Out-of-bounds read vulnerability exists in Sharp Corporation and Toshi ...)
+	TODO: check
+CVE-2024-36251 (The web interface of the affected devices process some crafted HTTP re ...)
+	TODO: check
+CVE-2024-36249 (Cross-site scripting vulnerability exists in Sharp Corporation and Tos ...)
+	TODO: check
+CVE-2024-36248 (API keys for some cloud services are hardcoded in the "main" binary. A ...)
+	TODO: check
+CVE-2024-35244 (There are several hidden accounts. Some of them are intended for maint ...)
+	TODO: check
+CVE-2024-34162 (The web interface of the affected devices is designed to hide the LDAP ...)
+	TODO: check
+CVE-2024-33616 (Admin authentication can be bypassed with some specific invalid creden ...)
+	TODO: check
+CVE-2024-33610 ("sessionlist.html" and "sys_trayentryreboot.html" are accessible with  ...)
+	TODO: check
+CVE-2024-33605 (Improper processing of some parameters of installed_emanual_list.html  ...)
+	TODO: check
+CVE-2024-32151 (User passwords are decrypted and stored on memory before any user logg ...)
+	TODO: check
+CVE-2024-29978 (User passwords are decrypted and stored on memory before any user logg ...)
+	TODO: check
+CVE-2024-29146 (User passwords are decrypted and stored on memory before any user logg ...)
+	TODO: check
+CVE-2024-28955 (Affected devices create coredump files when crashed, storing them with ...)
+	TODO: check
+CVE-2024-28038 (The web interface of the affected devices processes a cookie value imp ...)
+	TODO: check
+CVE-2024-11678 (A vulnerability was found in CodeAstro Hospital Management System 1.0. ...)
+	TODO: check
+CVE-2024-11677 (A vulnerability was found in CodeAstro Hospital Management System 1.0. ...)
+	TODO: check
+CVE-2024-11676 (A vulnerability was found in CodeAstro Hospital Management System 1.0  ...)
+	TODO: check
+CVE-2024-11675 (A vulnerability has been found in CodeAstro Hospital Management System ...)
+	TODO: check
+CVE-2024-11674 (A vulnerability, which was classified as critical, was found in CodeAs ...)
+	TODO: check
+CVE-2024-11673 (A vulnerability, which was classified as problematic, has been found i ...)
+	TODO: check
+CVE-2024-11418 (The Additional Order Filters for WooCommerce plugin for WordPress is v ...)
+	TODO: check
+CVE-2024-11342 (The Skt NURCaptcha plugin for WordPress is vulnerable to Cross-Site Re ...)
+	TODO: check
+CVE-2024-11202 (Multiple plugins for WordPress are vulnerable to Reflected Cross-Site  ...)
+	TODO: check
+CVE-2024-11002 (The The InPost Gallery plugin for WordPress is vulnerable to arbitrary ...)
+	TODO: check
+CVE-2024-10857 (The Product Input Fields for WooCommerce plugin for WordPress is vulne ...)
+	TODO: check
+CVE-2024-10781 (The Spam protection, Anti-Spam, FireWall by CleanTalk plugin for WordP ...)
+	TODO: check
+CVE-2024-10729 (The Booking & Appointment Plugin for WooCommerce plugin for WordPress  ...)
+	TODO: check
+CVE-2024-10570 (The Security & Malware scan by CleanTalk plugin for WordPress is vulne ...)
+	TODO: check
+CVE-2024-10542 (The Spam protection, Anti-Spam, FireWall by CleanTalk plugin for WordP ...)
+	TODO: check
+CVE-2024-10471 (The Everest Forms  WordPress plugin before 3.0.4.2 does not sanitise a ...)
+	TODO: check
+CVE-2024-53102 (In the Linux kernel, the following vulnerability has been resolved:  n ...)
 	- linux 6.11.9-1
 	[bookworm] - linux 6.1.119-1
 	NOTE: https://git.kernel.org/linus/d06923670b5a5f609603d4a9fee4dec02d38de9c (6.12-rc4)
-CVE-2024-53101 [fs: Fix uninitialized value issue in from_kuid and from_kgid]
+CVE-2024-53101 (In the Linux kernel, the following vulnerability has been resolved:  f ...)
 	- linux 6.11.9-1
 	[bookworm] - linux 6.1.119-1
 	NOTE: https://git.kernel.org/linus/15f34347481648a567db67fb473c23befb796af5 (6.12-rc5)
-CVE-2024-53100 [nvme: tcp: avoid race between queue_lock lock and destroy]
+CVE-2024-53100 (In the Linux kernel, the following vulnerability has been resolved:  n ...)
 	- linux 6.11.9-1
 	[bookworm] - linux 6.1.119-1
 	NOTE: https://git.kernel.org/linus/782373ba27660ba7d330208cf5509ece6feb4545 (6.12-rc4)
-CVE-2024-53099 [bpf: Check validity of link->type in bpf_link_show_fdinfo()]
+CVE-2024-53099 (In the Linux kernel, the following vulnerability has been resolved:  b ...)
 	- linux 6.11.9-1
 	NOTE: https://git.kernel.org/linus/8421d4c8762bd022cb491f2f0f7019ef51b4f0a7 (6.12-rc5)
-CVE-2024-53098 [drm/xe/ufence: Prefetch ufence addr to catch bogus address]
+CVE-2024-53098 (In the Linux kernel, the following vulnerability has been resolved:  d ...)
 	- linux 6.11.9-1
 	NOTE: https://git.kernel.org/linus/9c1813b3253480b30604c680026c7dc721ce86d1 (6.12-rc5)
-CVE-2024-53097 [mm: krealloc: Fix MTE false alarm in __do_krealloc]
+CVE-2024-53097 (In the Linux kernel, the following vulnerability has been resolved:  m ...)
 	- linux 6.11.9-1
 	[bookworm] - linux 6.1.119-1
 	NOTE: https://git.kernel.org/linus/704573851b51808b45dae2d62059d1d8189138a2 (6.12-rc6)
-CVE-2024-53096 [mm: resolve faulty mmap_region() error path behaviour]
+CVE-2024-53096 (In the Linux kernel, the following vulnerability has been resolved:  m ...)
 	- linux <unfixed>
 	[bookworm] - linux 6.1.119-1
 	NOTE: https://git.kernel.org/linus/5de195060b2e251a835f622759550e6202167641 (6.12-rc7)
@@ -12168,7 +12268,7 @@ CVE-2024-8625 (The TS Poll  WordPress plugin before 2.4.0 does not sanitize and
 	NOT-FOR-US: WordPress plugin
 CVE-2024-49215 (An issue was discovered in Sangoma Asterisk through 18.20.0, 19.x and  ...)
 	NOTE: seems bogus, reached out to upstream
-CVE-2024-43689 (Stack-based buffer overflow vulnerability exists in WAB-I1750-PS and W ...)
+CVE-2024-43689 (Stack-based buffer overflow vulnerability exists in ELECOM wireless ac ...)
 	NOT-FOR-US: ELECOM
 CVE-2024-10202 (Administrative Management System from Wellchoose has an OS Command Inj ...)
 	NOT-FOR-US: Wellchoose Administrative Management System
@@ -23048,7 +23148,7 @@ CVE-2024-44944 (In the Linux kernel, the following vulnerability has been resolv
 	- linux 6.10.3-1
 	[bookworm] - linux 6.1.106-1
 	NOTE: https://git.kernel.org/linus/782161895eb4ac45cf7cfa8db375bd4766cb8299 (6.11-rc1)
-CVE-2024-42412 (Cross-site scripting vulnerability exists in WAB-I1750-PS and WAB-S116 ...)
+CVE-2024-42412 (Cross-site scripting vulnerability exists in ELECOM wireless access po ...)
 	NOT-FOR-US: WAB-I1750-PS and WAB-S1167-PS
 CVE-2024-41349 (unmark 1.9.2 is vulnerable to Cross Site Scripting (XSS) via applicati ...)
 	NOT-FOR-US: unmark
@@ -199499,7 +199599,7 @@ CVE-2022-33862 (IPP software prior to v1.71 is vulnerable to default credential
 CVE-2022-33861 (IPP software versions prior to v1.71 do not sufficiently verify the au ...)
 	TODO: check
 CVE-2022-33860
-	RESERVED
+	REJECTED
 CVE-2022-33859 (A security vulnerability was discovered in the Eaton Foreseer EPMS sof ...)
 	NOT-FOR-US: Eaton Foreseer EPMS
 CVE-2022-33858
@@ -360661,7 +360761,8 @@ CVE-2020-11313
 	REJECTED
 CVE-2020-11312
 	REJECTED
-CVE-2020-11311 (This record is rejected as duplicate. All references should point to C ...)
+CVE-2020-11311
+	REJECTED
 	TODO: check
 CVE-2020-11310
 	REJECTED
@@ -467690,7 +467791,7 @@ CVE-2018-11883 (In all android releases (Android for MSM, Firefox OS for MSM, QR
 CVE-2018-11882 (Incorrect bound check can lead to potential buffer overwrite in WLAN c ...)
 	NOT-FOR-US: Qualcomm components for Android
 CVE-2018-11881
-	RESERVED
+	REJECTED
 CVE-2018-11880 (Incorrect bound check can lead to potential buffer overwrite in WLAN f ...)
 	NOT-FOR-US: Qualcomm components for Android
 CVE-2018-11879 (When the buffer length passed is very large, bounds check could be byp ...)



View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/c6b96c31436757d0f7f5eafd32048b3a47d94b22

-- 
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/c6b96c31436757d0f7f5eafd32048b3a47d94b22
You're receiving this email because of your account on salsa.debian.org.


-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://alioth-lists.debian.net/pipermail/debian-security-tracker-commits/attachments/20241126/c4d0afc6/attachment-0001.htm>

More information about the debian-security-tracker-commits mailing list