[Git][security-tracker-team/security-tracker][master] automatic update
Salvatore Bonaccorso (@carnil)
carnil at debian.org
Fri Oct 11 21:12:50 BST 2024
Salvatore Bonaccorso pushed to branch master at Debian Security Tracker / security-tracker
Commits:
3f120fda by security tracker role at 2024-10-11T20:12:44+00:00
automatic update
- - - - -
1 changed file:
- data/CVE/list
Changes:
=====================================
data/CVE/list
=====================================
@@ -1,48 +1,216 @@
+CVE-2024-9869
+ REJECTED
+CVE-2024-9859 (Type confusion in WebAssembly in Google Chrome prior to 126.0.6478.126 ...)
+ TODO: check
+CVE-2024-9856 (A vulnerability was found in 07FLYCMS, 07FLY-CMS and 07FlyCRM 1.3.8. I ...)
+ TODO: check
+CVE-2024-9855 (A vulnerability was found in 07FLYCMS, 07FLY-CMS and 07FlyCRM 1.3.8. I ...)
+ TODO: check
+CVE-2024-9539 (An information disclosure vulnerability was identified in GitHub Enter ...)
+ TODO: check
+CVE-2024-9538 (The ShopLentor plugin for WordPress is vulnerable to Sensitive Informa ...)
+ TODO: check
+CVE-2024-9164 (An issue was discovered in GitLab EE affecting all versions starting f ...)
+ TODO: check
+CVE-2024-9046 (A DLL hijack vulnerability was reported in Lenovo stARstudio that coul ...)
+ TODO: check
+CVE-2024-9002 (CWE-269: Improper Privilege Management vulnerability exists that could ...)
+ TODO: check
+CVE-2024-8970 (An issue was discovered in GitLab CE/EE affecting all versions startin ...)
+ TODO: check
+CVE-2024-8913 (The The Plus Addons for Elementor \u2013 Elementor Addons, Page Templa ...)
+ TODO: check
+CVE-2024-8912 (An HTTP Request Smuggling vulnerability in Looker allowed an unauthori ...)
+ TODO: check
+CVE-2024-8755 (Improper Input Validation vulnerability of Authenticated User in Progr ...)
+ TODO: check
+CVE-2024-8531 (CWE-347: Improper Verification of Cryptographic Signature vulnerabilit ...)
+ TODO: check
+CVE-2024-8530 (CWE-306: Missing Authentication for Critical Function vulnerability ex ...)
+ TODO: check
+CVE-2024-8376 (In Eclipse Mosquitto up to version 2.0.18a, an attacker can achieve me ...)
+ TODO: check
+CVE-2024-7514 (The WordPress Comments Import & Export plugin for WordPress is vulnera ...)
+ TODO: check
+CVE-2024-6985 (A path traversal vulnerability exists in the api open_personality_fold ...)
+ TODO: check
+CVE-2024-6971 (A path traversal vulnerability exists in the parisneo/lollms-webui rep ...)
+ TODO: check
+CVE-2024-6657 (A denial of service may be caused to a single peripheral device in a B ...)
+ TODO: check
+CVE-2024-5474 (A potential information disclosure vulnerability was reported in Lenov ...)
+ TODO: check
+CVE-2024-5005 (An issue has been discovered discovered in GitLab EE/CE affecting all ...)
+ TODO: check
+CVE-2024-4132 (A DLL hijack vulnerability was reported in Lenovo Lock Screen that cou ...)
+ TODO: check
+CVE-2024-4131 (A DLL hijack vulnerability was reported in Lenovo Emulator that could ...)
+ TODO: check
+CVE-2024-4130 (A DLL hijack vulnerability was reported in Lenovo App Store that could ...)
+ TODO: check
+CVE-2024-4089 (A DLL hijack vulnerability was reported in Lenovo Super File that coul ...)
+ TODO: check
+CVE-2024-48827 (An issue in sbondCo Watcharr v.1.43.0 allows a remote attacker to exec ...)
+ TODO: check
+CVE-2024-48813 (SQL injection vulnerability in employee-management-system-php-and-mysq ...)
+ TODO: check
+CVE-2024-48787 (An issue in Revic Optics Revic Ops (us.revic.revicops) 1.12.5 allows a ...)
+ TODO: check
+CVE-2024-48786 (An issue in SWITCHBOT INC SwitchBot (com.theswitchbot.switchbot) 5.0.4 ...)
+ TODO: check
+CVE-2024-48784 (An Incorrect Access Control issue in SAMPMAX com.sampmax.homemax 2.1.2 ...)
+ TODO: check
+CVE-2024-48778 (An issue in GIANT MANUFACTURING CO., LTD RideLink (tw.giant.ridelink) ...)
+ TODO: check
+CVE-2024-48777 (LEDVANCE com.ledvance.smartplus.eu 2.1.10 allows a remote attacker to ...)
+ TODO: check
+CVE-2024-48776 (An issue in Shelly com.home.shelly 1.0.4 allows a remote attacker to o ...)
+ TODO: check
+CVE-2024-48775 (An issue in Plug n Play Camera com.ezset.delaney 1.2.0 allows a remote ...)
+ TODO: check
+CVE-2024-48774 (An issue in Fermax Asia Pacific Pte Ltd com.fermax.vida 2.4.6 allows a ...)
+ TODO: check
+CVE-2024-48773 (An issue in WoFit v.7.2.3 allows a remote attacker to obtain sensitive ...)
+ TODO: check
+CVE-2024-48771 (An issue in almando GmbH Almando Play APP (com.almando.play) 1.8.2 all ...)
+ TODO: check
+CVE-2024-48770 (An issue in Plug n Play Camera com.wisdomcity.zwave 1.1.0 allows a rem ...)
+ TODO: check
+CVE-2024-48769 (An issue in BURG-WCHTER KG de.burgwachter.keyapp.app 4.5.0 allows a re ...)
+ TODO: check
+CVE-2024-48768 (An issue in almaodo GmbH appinventor.ai_google.almando_control 2.3.1 a ...)
+ TODO: check
+CVE-2024-48041 (Improper Neutralization of Input During Web Page Generation (XSS or 'C ...)
+ TODO: check
+CVE-2024-48040 (Improper Neutralization of Special Elements used in an SQL Command ('S ...)
+ TODO: check
+CVE-2024-48033 (Deserialization of Untrusted Data vulnerability in Elie Burstein, Bapt ...)
+ TODO: check
+CVE-2024-48020 (Improper Neutralization of Special Elements used in an SQL Command ('S ...)
+ TODO: check
+CVE-2024-47884 (foxmarks is a CLI read-only interface for Firefox's bookmarks and hist ...)
+ TODO: check
+CVE-2024-47877 (Extract is aA Go library to extract archives in zip, tar.gz or tar.bz2 ...)
+ TODO: check
+CVE-2024-47875 (DOMPurify is a DOM-only, super-fast, uber-tolerant XSS sanitizer for H ...)
+ TODO: check
+CVE-2024-47830 (Plane is an open-source project management tool. Plane uses the ** wil ...)
+ TODO: check
+CVE-2024-47509 (An Allocation of Resources Without Limits or Throttlingvulnerability i ...)
+ TODO: check
+CVE-2024-47508 (An Allocation of Resources Without Limits or Throttlingvulnerability i ...)
+ TODO: check
+CVE-2024-47505 (An Allocation of Resources Without Limits or Throttlingvulnerability i ...)
+ TODO: check
+CVE-2024-47353 (URL Redirection to Untrusted Site ('Open Redirect') vulnerability in Q ...)
+ TODO: check
+CVE-2024-47331 (Improper Neutralization of Special Elements used in an SQL Command ('S ...)
+ TODO: check
+CVE-2024-47074 (DataEase is an open source data visualization analysis tool. In Dataea ...)
+ TODO: check
+CVE-2024-46532 (SQL Injection vulnerability in OpenHIS v.1.0 allows an attacker to exe ...)
+ TODO: check
+CVE-2024-46215 (A vulnerability was discovered in KM08-708H-v1.1, There is a buffer ov ...)
+ TODO: check
+CVE-2024-46088 (An arbitrary file upload vulnerability in the ProductAction.entphone i ...)
+ TODO: check
+CVE-2024-45403 (h2o is an HTTP server with support for HTTP/1.x, HTTP/2 and HTTP/3. Wh ...)
+ TODO: check
+CVE-2024-45402 (Picotls is a TLS protocol library that allows users select different c ...)
+ TODO: check
+CVE-2024-45397 (h2o is an HTTP server with support for HTTP/1.x, HTTP/2 and HTTP/3. Wh ...)
+ TODO: check
+CVE-2024-45396 (Quicly is an IETF QUIC protocol implementation. Quicly up to commtit d ...)
+ TODO: check
+CVE-2024-45317 (A Server-Side Request Forgery (SSRF) vulnerability in SMA1000 applianc ...)
+ TODO: check
+CVE-2024-45316 (The Improper link resolution before file access ('Link Following') vul ...)
+ TODO: check
+CVE-2024-45315 (The Improper link resolution before file access ('Link Following') vul ...)
+ TODO: check
+CVE-2024-44807 (A directory listing issue in the baserCMS plugin in D-ZERO CO., LTD. B ...)
+ TODO: check
+CVE-2024-44734 (Incorrect access control in Mirotalk before commit 9de226 allows attac ...)
+ TODO: check
+CVE-2024-44731 (Mirotalk before commit 9de226 was discovered to contain a DOM-based cr ...)
+ TODO: check
+CVE-2024-44730 (Incorrect access control in the function handleDataChannelChat(dataMes ...)
+ TODO: check
+CVE-2024-44729 (Incorrect access control in the component app/src/server.js of Mirotal ...)
+ TODO: check
+CVE-2024-44415 (A vulnerability was discovered in DI_8200-16.07.26A1, There is a buffe ...)
+ TODO: check
+CVE-2024-44414 (A vulnerability was discovered in FBM_292W-21.03.10V, which has been c ...)
+ TODO: check
+CVE-2024-44413 (A vulnerability was discovered in DI_8200-16.07.26A1, which has been c ...)
+ TODO: check
+CVE-2024-44157 (A stack buffer overflow was addressed through improved input validatio ...)
+ TODO: check
+CVE-2024-42640 (angular-base64-upload prior to v0.1.21 is vulnerable to unauthenticate ...)
+ TODO: check
+CVE-2024-42018 (An issue was discovered in Atos Eviden SMC xScale before 1.6.6. During ...)
+ TODO: check
+CVE-2024-38365 (btcd is an alternative full node bitcoin implementation written in Go ...)
+ TODO: check
+CVE-2024-33582 (A DLL hijack vulnerability was reported in Lenovo Service Framework th ...)
+ TODO: check
+CVE-2024-33581 (A DLL hijack vulnerability was reported in Lenovo PC Manager AI intell ...)
+ TODO: check
+CVE-2024-33580 (A DLL hijack vulnerability was reported in Lenovo Personal Cloud that ...)
+ TODO: check
+CVE-2024-33579 (A DLL hijack vulnerability was reported in Lenovo Baiying that could a ...)
+ TODO: check
+CVE-2024-33578 (A DLL hijack vulnerability was reported in Lenovo Leyun that could all ...)
+ TODO: check
+CVE-2024-25622 (h2o is an HTTP server with support for HTTP/1.x, HTTP/2 and HTTP/3. Th ...)
+ TODO: check
+CVE-2023-42133 (PAX Android based POS devices allow for escalation of privilege via im ...)
+ TODO: check
CVE-2024-9779
NOT-FOR-US: Open Cluster Management (OCM)
-CVE-2024-47499
+CVE-2024-47499 (An Improper Check for Unusual or Exceptional Conditions vulnerability ...)
NOT-FOR-US: Juniper
-CVE-2024-47506
+CVE-2024-47506 (A Deadlock vulnerability in the packet forwarding engine (PFE) of Juni ...)
NOT-FOR-US: Juniper
-CVE-2024-39544
+CVE-2024-39544 (AnIncorrect Default Permissions vulnerability in the command line inte ...)
NOT-FOR-US: Juniper
-CVE-2024-47494
+CVE-2024-47494 (A Time-of-check Time-of-use (TOCTOU) Race Condition vulnerability in t ...)
NOT-FOR-US: Juniper
-CVE-2024-47493
+CVE-2024-47493 (A Missing Release of Memory after Effective Lifetime vulnerability in ...)
NOT-FOR-US: Juniper
-CVE-2024-47495
+CVE-2024-47495 (An Authorization Bypass Through User-Controlled Key vulnerability allo ...)
NOT-FOR-US: Juniper
-CVE-2024-39526
+CVE-2024-39526 (An Improper Handling of Exceptional Conditions vulnerability in packet ...)
NOT-FOR-US: Juniper
-CVE-2024-47497
+CVE-2024-47497 (An Uncontrolled Resource Consumption vulnerability in the http daemon ...)
NOT-FOR-US: Juniper
-CVE-2024-47507
+CVE-2024-47507 (An Improper Check for Unusual or Exceptional Conditions vulnerability ...)
NOT-FOR-US: Juniper
-CVE-2024-47503
+CVE-2024-47503 (An Improper Check for Unusual or Exceptional Conditions vulnerability ...)
NOT-FOR-US: Juniper
-CVE-2024-47504
+CVE-2024-47504 (An Improper Validation of Specified Type of Input vulnerability in the ...)
NOT-FOR-US: Juniper
-CVE-2024-47489
+CVE-2024-47489 (An Improper Handling of Exceptional Conditions vulnerability in the Pa ...)
NOT-FOR-US: Juniper
-CVE-2024-47501
+CVE-2024-47501 (A NULL Pointer Dereference vulnerability in the packet forwarding en ...)
NOT-FOR-US: Juniper
-CVE-2024-39534
+CVE-2024-39534 (AnIncorrect Comparison vulnerability in the local address verification ...)
NOT-FOR-US: Juniper
-CVE-2024-39547
+CVE-2024-39547 (AnImproper Handling of Exceptional Conditions vulnerability in the rpd ...)
NOT-FOR-US: Juniper
-CVE-2024-47502
+CVE-2024-47502 (An Allocation of Resources Without Limits or Throttling vulnerability ...)
NOT-FOR-US: Juniper
-CVE-2024-39563
+CVE-2024-39563 (A Command Injectionvulnerability in Juniper Networks Junos Space allow ...)
NOT-FOR-US: Juniper
-CVE-2024-47491
+CVE-2024-47491 (An Improper Handling of Exceptional Conditions vulnerability in the Ro ...)
NOT-FOR-US: Juniper
-CVE-2024-47490
+CVE-2024-47490 (An Improper Restriction of Communication Channel to Intended Endpoints ...)
NOT-FOR-US: Juniper
-CVE-2024-47496
+CVE-2024-47496 (ANULL Pointer Dereference vulnerability in the Packet Forwarding Engin ...)
NOT-FOR-US: Juniper
-CVE-2024-39527
+CVE-2024-39527 (AnExposure of Sensitive Information to an Unauthorized Actor vulnerabi ...)
NOT-FOR-US: Juniper
-CVE-2024-47498
+CVE-2024-47498 (An Unimplemented or Unsupported Feature in UI vulnerability in the CLI ...)
NOT-FOR-US: Juniper
CVE-2024-9822 (The Pedalo Connector plugin for WordPress is vulnerable to authenticat ...)
NOT-FOR-US: WordPress plugin
@@ -8042,7 +8210,7 @@ CVE-2024-44809 (A remote code execution (RCE) vulnerability exists in the Pi Cam
NOT-FOR-US: Pi Camera
CVE-2024-44808 (An issue in Vypor Attack API System v.1.0 allows a remote attacker to ...)
NOT-FOR-US: Vypor Attack API System
-CVE-2024-44400 (D-Link DI-8400 16.07.26A1 is vulnerable to Command Injection via upgra ...)
+CVE-2024-44400 (A vulnerability was discovered in DI_8400-16.07.26A1, which has been c ...)
NOT-FOR-US: D-Link
CVE-2024-44383 (WAYOS FBM-291W v19.09.11 is vulnerable to Command Execution via msp_in ...)
NOT-FOR-US: WAYOS
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/3f120fda729c5524a4469500a347f9bab8d35fd8
--
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/3f120fda729c5524a4469500a347f9bab8d35fd8
You're receiving this email because of your account on salsa.debian.org.
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://alioth-lists.debian.net/pipermail/debian-security-tracker-commits/attachments/20241011/3e897708/attachment-0001.htm>
More information about the debian-security-tracker-commits
mailing list