[Git][security-tracker-team/security-tracker][master] automatic update
Salvatore Bonaccorso (@carnil)
carnil at debian.org
Fri Oct 4 21:12:47 BST 2024
Salvatore Bonaccorso pushed to branch master at Debian Security Tracker / security-tracker
Commits:
faf99d47 by security tracker role at 2024-10-04T20:12:37+00:00
automatic update
- - - - -
1 changed file:
- data/CVE/list
Changes:
=====================================
data/CVE/list
=====================================
@@ -1,4 +1,119 @@
+CVE-2024-9515 (A vulnerability was found in D-Link DIR-605L 2.13B01 BETA. It has been ...)
+ TODO: check
+CVE-2024-9514 (A vulnerability was found in D-Link DIR-605L 2.13B01 BETA. It has been ...)
+ TODO: check
+CVE-2024-9513 (A vulnerability was found in Netadmin Software NetAdmin IAM up to 3.5 ...)
+ TODO: check
+CVE-2024-9484 (An null-pointer-derefrence in the engine module in AVG/Avast Antivirus ...)
+ TODO: check
+CVE-2024-9483 (A null-pointer-dereference in the signature verification module in AVG ...)
+ TODO: check
+CVE-2024-9482 (An out-of-bounds write in the engine module in AVG/Avast Antivirus sig ...)
+ TODO: check
+CVE-2024-9481 (An out-of-bounds write in the engine module in AVG/Avast Antivirus sig ...)
+ TODO: check
+CVE-2024-9410 (Ada.cx's Sentry configuration allowed for blind server-side request fo ...)
+ TODO: check
+CVE-2024-9271 (The Re:WP plugin for WordPress is vulnerable to Stored Cross-Site Scri ...)
+ TODO: check
+CVE-2024-9071 (The Easy Demo Importer \u2013 A Modern One-Click Demo Import Solution ...)
+ TODO: check
+CVE-2024-9054 (Improper Neutralization of Special Elements used in an OS Command ('OS ...)
+ TODO: check
+CVE-2024-8499 (The Checkout Field Editor (Checkout Manager) for WooCommerce plugin fo ...)
+ TODO: check
+CVE-2024-8149 (There is a reflected XSS vulnerability in Esri Portal for ArcGIS versi ...)
+ TODO: check
+CVE-2024-8148 (There is an unvalidated redirect vulnerability in Esri Portal for ArcG ...)
+ TODO: check
+CVE-2024-7801 (Improper Neutralization of Special Elements used in an SQL Command ('S ...)
+ TODO: check
+CVE-2024-6400 (Cleartext Storage of Sensitive Information vulnerability in Finrota Ne ...)
+ TODO: check
+CVE-2024-47790 (** UNSUPPORTED WHEN ASSIGNED ** This vulnerability exists in D3D Secur ...)
+ TODO: check
+CVE-2024-47789 (** UNSUPPORTED WHEN ASSIGNED ** This vulnerability exists in D3D Secur ...)
+ TODO: check
+CVE-2024-47769 (IDURAR is open source ERP CRM accounting invoicing software. The vulne ...)
+ TODO: check
+CVE-2024-47768 (Lif Authentication Server is a server used by Lif to do various tasks ...)
+ TODO: check
+CVE-2024-47765 (Minecraft MOTD Parser is a PHP library to parse minecraft server motd. ...)
+ TODO: check
+CVE-2024-47764 (cookie is a basic HTTP cookie parser and serializer for HTTP servers. ...)
+ TODO: check
+CVE-2024-47657 (This vulnerability exists in the Shilpi Net Back Office due to imprope ...)
+ TODO: check
+CVE-2024-47656 (This vulnerability exists in Shilpi Client Dashboard due to missing re ...)
+ TODO: check
+CVE-2024-47655 (This vulnerability exists in the Shilpi Client Dashboard due to improp ...)
+ TODO: check
+CVE-2024-47654 (This vulnerability exists in Shilpi Client Dashboard due to lack of ra ...)
+ TODO: check
+CVE-2024-47653 (This vulnerability exists in Shilpi Client Dashboard due to lack of au ...)
+ TODO: check
+CVE-2024-47652 (This vulnerability exists in Shilpi Client Dashboard due to implementa ...)
+ TODO: check
+CVE-2024-47651 (This vulnerability exists in Shilpi Client Dashboard due to improper h ...)
+ TODO: check
+CVE-2024-47211 (In OpenStack Ironic before 21.4.4, 22.x and 23.x before 23.0.3, 23.x a ...)
+ TODO: check
+CVE-2024-47183 (Parse Server is an open source backend that can be deployed to any inf ...)
+ TODO: check
+CVE-2024-46486 (TP-LINK TL-WDR5620 v2.3 was discovered to contain a remote code execut ...)
+ TODO: check
+CVE-2024-46409 (A stored cross-site scripting (XSS) vulnerability in SeedDMS v6.0.28 a ...)
+ TODO: check
+CVE-2024-46078 (itsourcecode Sports Management System Project 1.0 is vulnerable to SQL ...)
+ TODO: check
+CVE-2024-46077 (itsourcecode Online Tours and Travels Management System v1.0 is vulner ...)
+ TODO: check
+CVE-2024-44439 (An issue in Shanghai Zhouma Network Technology CO., Ltd IMS Intelligen ...)
+ TODO: check
+CVE-2024-43687 (Improper Neutralization of Input During Web Page Generation (XSS or 'C ...)
+ TODO: check
+CVE-2024-43686 (Improper Neutralization of Input During Web Page Generation (XSS or 'C ...)
+ TODO: check
+CVE-2024-43685 (Improper Authentication vulnerability in Microchip TimeProvider 4100 ( ...)
+ TODO: check
+CVE-2024-43684 (Cross-Site Request Forgery (CSRF) vulnerability in Microchip TimeProvi ...)
+ TODO: check
+CVE-2024-43683 (URL Redirection to Untrusted Site ('Open Redirect') vulnerability in M ...)
+ TODO: check
+CVE-2024-41516 (A Reflected cross-site scripting (XSS) vulnerability in "ccHandler.asp ...)
+ TODO: check
+CVE-2024-41515 (A reflected cross-site scripting (XSS) vulnerability in "ccHandlerReso ...)
+ TODO: check
+CVE-2024-41514 (A reflected cross-site scripting (XSS) vulnerability in "PrevPgGroup.a ...)
+ TODO: check
+CVE-2024-41513 (A reflected cross-site scripting (XSS) vulnerability in "Artikel.aspx" ...)
+ TODO: check
+CVE-2024-41512 (A SQL Injection vulnerability in "ccHandler.aspx" in all versions of C ...)
+ TODO: check
+CVE-2024-41511 (A Path Traversal (Local File Inclusion) vulnerability in "BinaryFileRe ...)
+ TODO: check
+CVE-2024-38040 (There is a local file inclusion vulnerability in Esri Portal for ArcGI ...)
+ TODO: check
+CVE-2024-38039 (There is an HTML injection vulnerability in Esri Portal for ArcGIS ver ...)
+ TODO: check
+CVE-2024-38038 (There is a reflected XSS vulnerability in Esri Portal for ArcGIS versi ...)
+ TODO: check
+CVE-2024-38037 (There is an unvalidated redirect vulnerability in Esri Portal for ArcG ...)
+ TODO: check
+CVE-2024-38036 (There is a reflected XSS vulnerability in Esri Portal for ArcGIS versi ...)
+ TODO: check
+CVE-2024-25707 (There is a reflected cross site scripting in Esri Portal for ArcGIS 11 ...)
+ TODO: check
+CVE-2024-25702 (There is a stored Cross-site Scripting vulnerability in Esri Portal fo ...)
+ TODO: check
+CVE-2024-25701 (There is a stored Cross-site Scripting vulnerability in Esri Portal fo ...)
+ TODO: check
+CVE-2024-25694 (There is a stored Cross-site Scripting vulnerability in Esri Portal fo ...)
+ TODO: check
+CVE-2024-25691 (There is a reflected XSS vulnerability in Esri Portal for ArcGIS versi ...)
+ TODO: check
CVE-2024-47191
+ {DSA-5784-1}
- oath-toolkit 2.6.12-1
[bullseye] - oath-toolkit <not-affected> (Vulnerable code not present)
NOTE: https://www.openwall.com/lists/oss-security/2024/10/04/2
@@ -167,7 +282,7 @@ CVE-2024-0123 (NVIDIA CUDA toolkit for Windows and Linux contains a vulnerabilit
- nvidia-cuda-toolkit <unfixed> (bug #1084054)
[bookworm] - nvidia-cuda-toolkit <no-dsa> (Non-free not supported)
NOTE: https://nvidia.custhelp.com/app/answers/detail/a_id/5577
-CVE-2023-37822 (Eufy HomeBase 2 model T8010X v3.2.8.3h was discovered to use the depre ...)
+CVE-2023-37822 (The Eufy Homebase 2 before firmware version 3.3.4.1h creates a dedicat ...)
NOT-FOR-US: Eufy HomeBase 2 model T8010X
CVE-2024-8508 (NLnet Labs Unbound up to and including version 1.21.0 contains a vulne ...)
- unbound 1.21.1-1 (bug #1083282)
@@ -537,6 +652,7 @@ CVE-2024-9402 (Memory safety bugs present in Firefox 130, Firefox ESR 128.2, and
NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2024-46/#CVE-2024-9402
NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2024-49/#CVE-2024-9402
CVE-2024-9401 (Memory safety bugs present in Firefox 130, Firefox ESR 115.15, Firefox ...)
+ {DSA-5783-1}
- firefox 131.0-1
- firefox-esr 128.3.0esr-1
- thunderbird <unfixed>
@@ -572,6 +688,7 @@ CVE-2024-9395 (A specially crafted filename containing a large number of spaces
- firefox <not-affected> (Only affects Firefox on Android)
NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2024-46/#CVE-2024-9395
CVE-2024-9394 (An attacker could, via a specially crafted multipart response, execute ...)
+ {DSA-5783-1}
- firefox 131.0-1
- firefox-esr 128.3.0esr-1
- thunderbird <unfixed>
@@ -579,6 +696,7 @@ CVE-2024-9394 (An attacker could, via a specially crafted multipart response, ex
NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2024-48/#CVE-2024-9394
NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2024-49/#CVE-2024-9394
CVE-2024-9393 (An attacker could, via a specially crafted multipart response, execute ...)
+ {DSA-5783-1}
- firefox 131.0-1
- firefox-esr 128.3.0esr-1
- thunderbird <unfixed>
@@ -586,6 +704,7 @@ CVE-2024-9393 (An attacker could, via a specially crafted multipart response, ex
NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2024-48/#CVE-2024-9393
NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2024-49/#CVE-2024-9393
CVE-2024-9392 (A compromised content process could have allowed for the arbitrary loa ...)
+ {DSA-5783-1}
- firefox 131.0-1
- firefox-esr 128.3.0esr-1
- thunderbird <unfixed>
@@ -7436,7 +7555,8 @@ CVE-2024-8200 (The Reviews Feed \u2013 Add Testimonials and Customer Reviews Fro
NOT-FOR-US: WordPress plugin
CVE-2024-8199 (The Reviews Feed \u2013 Add Testimonials and Customer Reviews From Goo ...)
NOT-FOR-US: WordPress plugin
-CVE-2024-8197 (The Visual Sound plugin for WordPress is vulnerable to Cross-Site Requ ...)
+CVE-2024-8197
+ REJECTED
NOT-FOR-US: WordPress plugin
CVE-2024-8182 (An Unauthenticated Denial of Service (DoS) vulnerability exists in Flo ...)
NOT-FOR-US: Flowise
@@ -123911,10 +124031,10 @@ CVE-2023-26773 (Cross Site Scripting vulnerability found in Sales Tracker Manage
NOT-FOR-US: Sales Tracker Management System
CVE-2023-26772
RESERVED
-CVE-2023-26771
- RESERVED
-CVE-2023-26770
- RESERVED
+CVE-2023-26771 (Taskcafe 0.3.2 is vulnerable to Cross Site Scripting (XSS). There is a ...)
+ TODO: check
+CVE-2023-26770 (TaskCafe 0.3.2 lacks validation in the Cookie value. Any unauthenticat ...)
+ TODO: check
CVE-2023-26769 (Buffer Overflow vulnerability found in Liblouis Lou_Trace v.3.24.0 all ...)
- liblouis 3.24.0-2 (bug #1033202; unimportant)
NOTE: https://github.com/liblouis/liblouis/pull/1300
@@ -196998,6 +197118,7 @@ CVE-2022-1305 (Use after free in storage in Google Chrome prior to 100.0.4896.88
[buster] - chromium <end-of-life> (see DSA 5046)
[stretch] - chromium <end-of-life> (see DSA 4562)
CVE-2022-1304 (An out-of-bounds read/write vulnerability was found in e2fsprogs 1.46. ...)
+ {DLA-3910-1}
- e2fsprogs 1.46.6~rc1-1 (bug #1010263)
[buster] - e2fsprogs <no-dsa> (Minor issue)
[stretch] - e2fsprogs <no-dsa> (Minor issue)
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/faf99d47fd96ffc144880c9b96036d11c074ce27
--
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/faf99d47fd96ffc144880c9b96036d11c074ce27
You're receiving this email because of your account on salsa.debian.org.
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://alioth-lists.debian.net/pipermail/debian-security-tracker-commits/attachments/20241004/2d3d5ef5/attachment.htm>
More information about the debian-security-tracker-commits
mailing list