[Git][security-tracker-team/security-tracker][master] automatic update
Salvatore Bonaccorso (@carnil)
carnil at debian.org
Fri Nov 29 08:12:39 GMT 2024
Salvatore Bonaccorso pushed to branch master at Debian Security Tracker / security-tracker
Commits:
9da99758 by security tracker role at 2024-11-29T08:12:33+00:00
automatic update
- - - - -
1 changed file:
- data/CVE/list
Changes:
=====================================
data/CVE/list
=====================================
@@ -1,3 +1,51 @@
+CVE-2024-9852 (Uncontrolled Search Path Element vulnerability in ICONICS GENESIS64 al ...)
+ TODO: check
+CVE-2024-9044 (A XML External Entity (XXE) vulnerability has been identified in Easy ...)
+ TODO: check
+CVE-2024-8300 (Dead Code vulnerability in ICONICS GENESIS64 Version 10.97.2, 10.97.2 ...)
+ TODO: check
+CVE-2024-8299 (Uncontrolled Search Path Element vulnerability in ICONICS GENESIS64 al ...)
+ TODO: check
+CVE-2024-54124 (In Click Studios Passwordstate before build 9920, there is a potential ...)
+ TODO: check
+CVE-2024-54123 (Backdrop CMS before 1.28.4 and 1.29.x before 1.29.2 allows XSS via an ...)
+ TODO: check
+CVE-2024-53701 (Multiple FCNT Android devices provide the original security features s ...)
+ TODO: check
+CVE-2024-45495 (MSA FieldServer Gateway 5.0.0 through 6.5.2 allows cross-origin WebSoc ...)
+ TODO: check
+CVE-2024-39162 (pyspider through 0.3.10 allows /update XSS. NOTE: This vulnerability o ...)
+ TODO: check
+CVE-2024-35451 (LinkStack 2.7.9 through 4.7.7 allows resources\views\components\favico ...)
+ TODO: check
+CVE-2024-11983 (Certain models of routers from Billion Electric has an OS Command Inje ...)
+ TODO: check
+CVE-2024-11982 (Certain models of routers from Billion Electric has a Plaintext Storag ...)
+ TODO: check
+CVE-2024-11981 (Certain models of routers from Billion Electric has an Authentication ...)
+ TODO: check
+CVE-2024-11980 (Certain modes of routers from Billion Electric have a Missing Authenti ...)
+ TODO: check
+CVE-2024-11979 (DreamMaker from Interinfo has a Path Traversal vulnerability and does ...)
+ TODO: check
+CVE-2024-11978 (DreamMaker from Interinfo has a Path Traversal vulnerability, allowing ...)
+ TODO: check
+CVE-2024-11971 (A vulnerability classified as problematic was found in Guizhou Xiaoma ...)
+ TODO: check
+CVE-2024-11970 (A vulnerability classified as critical has been found in code-projects ...)
+ TODO: check
+CVE-2024-11482 (A vulnerability in ESM 11.6.10 allows unauthenticated access to the in ...)
+ TODO: check
+CVE-2024-11481 (A vulnerability in ESM 11.6.10 allows unauthenticated access to the in ...)
+ TODO: check
+CVE-2024-11014 (Cross-site request forgery (CSRF) vulnerability in NEC Corporation UNI ...)
+ TODO: check
+CVE-2024-11013 (Command Injection vulnerability in NEC Corporation UNIVERGE IX from Ve ...)
+ TODO: check
+CVE-2024-10980 (The Element Pack Elementor Addons (Header Footer, Template Library, Dy ...)
+ TODO: check
+CVE-2024-10704 (The Photo Gallery by 10Web WordPress plugin before 1.8.31 does not sa ...)
+ TODO: check
CVE-2024-9669 (The File Manager Pro \u2013 Filester plugin for WordPress is vulnerabl ...)
NOT-FOR-US: WordPress plugin
CVE-2024-8672 (The Widget Options \u2013 The #1 WordPress Widget & Block Control Plug ...)
@@ -498,7 +546,7 @@ CVE-2024-10308 (The Jeg Elementor Kit plugin for WordPress is vulnerable to Stor
NOT-FOR-US: WordPress plugin
CVE-2024-10240 (An issue has been discovered in GitLab EE affecting all versions start ...)
- gitlab <not-affected> (Vulnerable code introduced later)
-CVE-2024-48651 [Supplemental group inheritance grants unintended access to GID 0 due to lack of supplemental groups from mod_sql]
+CVE-2024-48651 (In ProFTPD through 1.3.8b before cec01cc, supplemental group inheritan ...)
- proftpd-dfsg 1.3.8.b+dfsg-4 (bug #1082326)
NOTE: https://github.com/proftpd/proftpd/issues/1830
NOTE: Fixed by: https://github.com/proftpd/proftpd/commit/cec01cc0a2523453e5da5a486bc6d977c3768db1
@@ -16200,6 +16248,7 @@ CVE-2024-31449 (Redis is an open source, in-memory database that persists on dis
NOTE: https://github.com/valkey-io/valkey/pull/1114
NOTE: https://github.com/valkey-io/valkey/commit/4fbab5740bfef66918d6c2950dd2b3b4e07815a2 (8.0.1)
CVE-2024-31228 (Redis is an open source, in-memory database that persists on disk. Aut ...)
+ {DLA-3973-1}
- redis 5:7.0.15-2 (bug #1084805)
- redict 7.3.1+ds-1
- valkey 8.0.1+dfsg1-1
@@ -194013,6 +194062,7 @@ CVE-2022-35978 (Minetest is a free open-source voxel game engine with easy moddi
NOTE: https://github.com/minetest/minetest/security/advisories/GHSA-663q-pcjw-27cc
NOTE: https://github.com/minetest/minetest/commit/da71e86633d0b27cd02d7aac9fdac625d141ca13 (5.6.0)
CVE-2022-35977 (Redis is an in-memory database that persists on disk. Authenticated us ...)
+ {DLA-3973-1}
- redis 5:7.0.8-1
[buster] - redis <ignored> (Minor issue; requires authed user)
NOTE: https://github.com/redis/redis/commit/6c25c6b7da116e110e89a5db45eeae743879e7ea (7.0.8)
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/9da99758c323ae74b55bdf1885b3df96658e7412
--
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/9da99758c323ae74b55bdf1885b3df96658e7412
You're receiving this email because of your account on salsa.debian.org.
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://alioth-lists.debian.net/pipermail/debian-security-tracker-commits/attachments/20241129/c3cc7fc0/attachment.htm>
More information about the debian-security-tracker-commits
mailing list