[Git][security-tracker-team/security-tracker][master] automatic update

Salvatore Bonaccorso (@carnil) carnil at debian.org
Wed Nov 27 20:12:23 GMT 2024 


Salvatore Bonaccorso pushed to branch master at Debian Security Tracker / security-tracker


Commits:
a0cc68ef by security tracker role at 2024-11-27T20:12:17+00:00
automatic update

- - - - -


1 changed file:

- data/CVE/list


Changes:

=====================================
data/CVE/list
=====================================
@@ -1,6 +1,76 @@
-CVE-2024-54003
+CVE-2024-53920 (In elisp-mode.el in GNU Emacs through 30.0.92, a user who chooses to i ...)
+	TODO: check
+CVE-2024-53855 (Centurion ERP (Enterprise Rescource Planning) is a simple application  ...)
+	TODO: check
+CVE-2024-53635 (A Reflected Cross Site Scripting (XSS) vulnerability was found in /cov ...)
+	TODO: check
+CVE-2024-53604 (A SQL Injection vulnerability was found in /covid-tms/check_availabili ...)
+	TODO: check
+CVE-2024-53603 (A SQL Injection vulnerability was found in /covid-tms/password-recover ...)
+	TODO: check
+CVE-2024-53264 (bunkerweb is an Open-source and next-generation Web Application Firewa ...)
+	TODO: check
+CVE-2024-53254
+	REJECTED
+CVE-2024-52951 (Stored Cross-Site Scripting in the Access Request History in Omada Ide ...)
+	TODO: check
+CVE-2024-52323 (ZohocorpManageEngine Analytics Plus versions below 6100 are vulnerable ...)
+	TODO: check
+CVE-2024-51228 (An issue in TOTOLINK-CX-A3002RU V1.0.4-B20171106.1512 and TOTOLINK-CX- ...)
+	TODO: check
+CVE-2024-47181 (Contiki-NG is an open-source, cross-platform operating system for IoT  ...)
+	TODO: check
+CVE-2024-46055 (OpenVidReview 1.0 is vulnerable to Cross Site Scripting (XSS) in revie ...)
+	TODO: check
+CVE-2024-46054 (OpenVidReview 1.0 is vulnerable to Incorrect Access Control. The /uplo ...)
+	TODO: check
+CVE-2024-42333 (The researcher is showing that it is possible to leak a small amount o ...)
+	TODO: check
+CVE-2024-42332 (The researcher is showing that due to the way the SNMP trap log is par ...)
+	TODO: check
+CVE-2024-42331 (In the src/libs/zbxembed/browser.c file, the es_browser_ctor method re ...)
+	TODO: check
+CVE-2024-42330 (The HttpRequest object allows to get the HTTP headers from the server' ...)
+	TODO: check
+CVE-2024-42329 (The webdriver for the Browser object expects an error object to be ini ...)
+	TODO: check
+CVE-2024-42328 (When the webdriver for the Browser object downloads data from a HTTP s ...)
+	TODO: check
+CVE-2024-42327 (A non-admin user account on the Zabbix frontend with the default User  ...)
+	TODO: check
+CVE-2024-42326 (There was discovered a use after free bug in browser.c in the es_brows ...)
+	TODO: check
+CVE-2024-41126 (Contiki-NG is an open-source, cross-platform operating system for IoT  ...)
+	TODO: check
+CVE-2024-41125 (Contiki-NG is an open-source, cross-platform operating system for IoT  ...)
+	TODO: check
+CVE-2024-37816 (Quectel EC25-EUX EC25EUXGAR08A05M1G was discovered to contain a stack  ...)
+	TODO: check
+CVE-2024-36468 (The reported vulnerability is a stack buffer overflow in the zbx_snmp_ ...)
+	TODO: check
+CVE-2024-36464 (When exporting media types, the password is exported in the YAML in pl ...)
+	TODO: check
+CVE-2024-31976 (EnGenius EWS356-FIR 1.1.30 and earlier devices allow a remote attacker ...)
+	TODO: check
+CVE-2024-21703 (This Medium severity Security Misconfiguration vulnerability was intro ...)
+	TODO: check
+CVE-2024-11862 (Non constant time cryptographic operation in Devolutions.XTS.NET 2024. ...)
+	TODO: check
+CVE-2024-11860 (A vulnerability classified as critical has been found in SourceCodeste ...)
+	TODO: check
+CVE-2024-11667 (A directory traversal vulnerability in the web management interface of ...)
+	TODO: check
+CVE-2024-11160
+	REJECTED
+CVE-2024-11025 (An authenticated attacker with low privileges may use a SQL Injection  ...)
+	TODO: check
+CVE-2024-11009 (The Internal Linking for SEO traffic & Ranking \u2013 Auto internal li ...)
+	TODO: check
+CVE-2024-10521 (The WordPress Contact Forms by Cimatti plugin for WordPress is vulnera ...)
+	TODO: check
+CVE-2024-54003 (Jenkins Simple Queue Plugin 1.4.4 and earlier does not escape the view ...)
 	NOT-FOR-US: Jenkins plugin
-CVE-2024-54004
+CVE-2024-54004 (Jenkins Filesystem List Parameter Plugin 0.0.14 and earlier does not r ...)
 	NOT-FOR-US: Jenkins plugin
 CVE-2024-5921 (An insufficient certification validation issue in the Palo Alto Networ ...)
 	NOT-FOR-US: Palo Alto Networks
@@ -17,7 +87,7 @@ CVE-2024-53675 (An XML external entity injection (XXE) vulnerability in HPE Insi
 	NOT-FOR-US: HPE
 CVE-2024-53674 (An XML external entity injection (XXE) vulnerability in HPE Insight Re ...)
 	NOT-FOR-US: HPE
-CVE-2024-53673 (A java deserialization vulnerability in HPE Remote Insight Support all ...)
+CVE-2024-53673 (A java deserialization vulnerability in HPE Remote Insight Support may ...)
 	NOT-FOR-US: HPE
 CVE-2024-52959 (A Improper Control of Generation of Code ('Code Injection') vulnerabil ...)
 	NOT-FOR-US: iota C.ai Conversational Platform
@@ -209,6 +279,7 @@ CVE-2024-XXXX [Supplemental group inheritance grants unintended access to GID 0
 	NOTE: https://github.com/proftpd/proftpd/issues/1830
 	NOTE: Pending confirmation for CVE assignment (likely to get CVE-2024-48651)
 CVE-2024-11699 (Memory safety bugs present in Firefox 132, Firefox ESR 128.4, and Thun ...)
+	{DSA-5821-1 DSA-5820-1}
 	- firefox 133.0-1
 	- firefox-esr 128.5.0esr-1
 	- thunderbird 1:128.5.0esr-1
@@ -235,6 +306,7 @@ CVE-2024-11704 (A double-free issue could have occurred in `sec_pkcs7_decoder_st
 	- firefox <unfixed>
 	NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2024-63/#CVE-2024-11704
 CVE-2024-11697 (When handling keypress events, an attacker may have been able to trick ...)
+	{DSA-5821-1 DSA-5820-1}
 	- firefox 133.0-1
 	- firefox-esr 128.5.0esr-1
 	- thunderbird 1:128.5.0esr-1
@@ -242,6 +314,7 @@ CVE-2024-11697 (When handling keypress events, an attacker may have been able to
 	NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2024-64/#CVE-2024-11697
 	NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2024-68/#CVE-2024-11697
 CVE-2024-11696 (The application failed to account for exceptions thrown by the `loadMa ...)
+	{DSA-5821-1 DSA-5820-1}
 	- firefox 133.0-1
 	- firefox-esr 128.5.0esr-1
 	- thunderbird 1:128.5.0esr-1
@@ -252,6 +325,7 @@ CVE-2024-11703 (On Android, Firefox may have inadvertently allowed viewing saved
 	- firefox <unfixed>
 	NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2024-63/#CVE-2024-11703
 CVE-2024-11695 (A crafted URL containing Arabic script and whitespace characters could ...)
+	{DSA-5821-1 DSA-5820-1}
 	- firefox 133.0-1
 	- firefox-esr 128.5.0esr-1
 	- thunderbird 1:128.5.0esr-1
@@ -259,6 +333,7 @@ CVE-2024-11695 (A crafted URL containing Arabic script and whitespace characters
 	NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2024-64/#CVE-2024-11695
 	NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2024-68/#CVE-2024-11695
 CVE-2024-11694 (Enhanced Tracking Protection's Strict mode may have inadvertently allo ...)
+	{DSA-5821-1 DSA-5820-1}
 	- firefox 133.0-1
 	- firefox-esr 128.5.0esr-1
 	- thunderbird 1:128.5.0esr-1
@@ -279,6 +354,7 @@ CVE-2024-11701 (The incorrect domain may have been displayed in the address bar
 	- firefox 133.0-1
 	NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2024-63/#CVE-2024-11701
 CVE-2024-11692 (An attacker could cause a select dropdown to be shown over another tab ...)
+	{DSA-5821-1 DSA-5820-1}
 	- firefox 133.0-1
 	- firefox-esr 128.5.0esr-1
 	- thunderbird 1:128.5.0esr-1
@@ -16880,11 +16956,11 @@ CVE-2024-9370
 	{DSA-5781-1}
 	- chromium 129.0.6668.89-1
 	[bullseye] - chromium <end-of-life> (see #1061268)
-CVE-2024-9369
+CVE-2024-9369 (Insufficient data validation in Mojo in Google Chrome prior to 129.0.6 ...)
 	{DSA-5781-1}
 	- chromium 129.0.6668.89-1
 	[bullseye] - chromium <end-of-life> (see #1061268)
-CVE-2024-7025
+CVE-2024-7025 (Integer overflow in Layout in Google Chrome prior to 129.0.6668.89 all ...)
 	{DSA-5781-1}
 	- chromium 129.0.6668.89-1
 	[bullseye] - chromium <end-of-life> (see #1061268)
@@ -133467,8 +133543,8 @@ CVE-2023-29003 (SvelteKit is a web development framework. The SvelteKit framewor
 	NOT-FOR-US: SvelteKit
 CVE-2023-29002 (Cilium is a networking, observability, and security solution with an e ...)
 	- cilium <itp> (bug #858303)
-CVE-2023-29001
-	RESERVED
+CVE-2023-29001 (Contiki-NG is an open-source, cross-platform operating system for IoT  ...)
+	TODO: check
 CVE-2023-29000 (The Nextcloud Desktop Client is a tool to synchronize files from Nextc ...)
 	- nextcloud-desktop 3.7.0-1
 	[bullseye] - nextcloud-desktop <no-dsa> (Minor issue)
@@ -513788,8 +513864,7 @@ CVE-2017-13321
 CVE-2017-13320
 	RESERVED
 	NOT-FOR-US: Android Media Framework
-CVE-2017-13319
-	RESERVED
+CVE-2017-13319 (In pvmp3_get_main_data_size of pvmp3_get_main_data_size.cpp, there is  ...)
 	NOT-FOR-US: Android Media Framework
 CVE-2017-13318
 	RESERVED
@@ -513797,8 +513872,7 @@ CVE-2017-13318
 CVE-2017-13317
 	RESERVED
 	NOT-FOR-US: Android Media Framework
-CVE-2017-13316
-	RESERVED
+CVE-2017-13316 (In checkPermissions of RecognitionService.java, there is a possibleper ...)
 	NOT-FOR-US: Android
 CVE-2017-13315 (In writeToParcel and createFromParcel of DcParamObject.java, there is  ...)
 	NOT-FOR-US: Android



View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/a0cc68ef1b51115329fe6233c2a44ffacc3707fd

-- 
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/a0cc68ef1b51115329fe6233c2a44ffacc3707fd
You're receiving this email because of your account on salsa.debian.org.


-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://alioth-lists.debian.net/pipermail/debian-security-tracker-commits/attachments/20241127/fd088ea3/attachment.htm>

More information about the debian-security-tracker-commits mailing list