[Git][security-tracker-team/security-tracker][master] automatic update
Salvatore Bonaccorso (@carnil)
carnil at debian.org
Thu Oct 17 13:47:20 BST 2024
Salvatore Bonaccorso pushed to branch master at Debian Security Tracker / security-tracker
Commits:
d3975344 by security tracker role at 2024-10-16T20:12:10+00:00
automatic update
- - - - -
1 changed file:
- data/CVE/list
Changes:
=====================================
data/CVE/list
=====================================
@@ -1,3 +1,175 @@
+CVE-2024-9893 (The Nextend Social Login Pro plugin for WordPress is vulnerable to aut ...)
+ TODO: check
+CVE-2024-9858 (There exists an insecure default user permission in Google Cloud Migra ...)
+ TODO: check
+CVE-2024-9444 (The ElementsReady Addons for Elementor plugin for WordPress is vulnera ...)
+ TODO: check
+CVE-2024-9348 (Docker Desktop before v4.34.3 allows RCE via unsanitized GitHub source ...)
+ TODO: check
+CVE-2024-9143 (Issue summary: Use of the low-level GF(2^m) elliptic curve APIs with u ...)
+ TODO: check
+CVE-2024-8921 (The Zita Elementor Site Library plugin for WordPress is vulnerable to ...)
+ TODO: check
+CVE-2024-8040 (An authorization bypass through user-controlled key vulnerability affe ...)
+ TODO: check
+CVE-2024-6380 (A reflected Cross-site Scripting (XSS) vulnerability affecting ENOVIA ...)
+ TODO: check
+CVE-2024-4692 (Improper Validation of Specified Quantity in Input vulnerability in Op ...)
+ TODO: check
+CVE-2024-49271 (: Improper Neutralization of Special Elements Used in a Template Engin ...)
+ TODO: check
+CVE-2024-49270 (Improper Neutralization of Input During Web Page Generation (XSS or 'C ...)
+ TODO: check
+CVE-2024-49268 (Improper Neutralization of Input During Web Page Generation (XSS or 'C ...)
+ TODO: check
+CVE-2024-49267 (Improper Neutralization of Input During Web Page Generation (XSS or 'C ...)
+ TODO: check
+CVE-2024-49266 (Improper Neutralization of Input During Web Page Generation (XSS or 'C ...)
+ TODO: check
+CVE-2024-49265 (Improper Neutralization of Input During Web Page Generation (XSS or 'C ...)
+ TODO: check
+CVE-2024-49260 (Unrestricted Upload of File with Dangerous Type vulnerability in Limb ...)
+ TODO: check
+CVE-2024-49258 (Path Traversal: '.../...//' vulnerability in Limb WordPress Gallery Pl ...)
+ TODO: check
+CVE-2024-49257 (Unrestricted Upload of File with Dangerous Type vulnerability in Denis ...)
+ TODO: check
+CVE-2024-49254 (Improper Control of Generation of Code ('Code Injection') vulnerabilit ...)
+ TODO: check
+CVE-2024-49253 (Relative Path Traversal vulnerability in James Park Analyse Uploads al ...)
+ TODO: check
+CVE-2024-49252 (: Exposure of Sensitive System Information to an Unauthorized Control ...)
+ TODO: check
+CVE-2024-49251 (: Improper Control of Filename for Include/Require Statement in PHP Pr ...)
+ TODO: check
+CVE-2024-49247 (: Authentication Bypass Using an Alternate Path or Channel vulnerabili ...)
+ TODO: check
+CVE-2024-49245 (Improper Limitation of a Pathname to a Restricted Directory ('Path Tra ...)
+ TODO: check
+CVE-2024-49242 (Unrestricted Upload of File with Dangerous Type vulnerability in Shafi ...)
+ TODO: check
+CVE-2024-49227 (Deserialization of Untrusted Data vulnerability in Innovaweb Sp. Z o.O ...)
+ TODO: check
+CVE-2024-49226 (Deserialization of Untrusted Data vulnerability in TAKETIN TAKETIN To ...)
+ TODO: check
+CVE-2024-49218 (Deserialization of Untrusted Data vulnerability in Al Imran Akash Rece ...)
+ TODO: check
+CVE-2024-49216 (Unrestricted Upload of File with Dangerous Type vulnerability in Joshu ...)
+ TODO: check
+CVE-2024-48744 (A Reflected Cross Site Scripting (XSS) vulnerability was found in /trm ...)
+ TODO: check
+CVE-2024-48042 (Improper Neutralization of Special Elements Used in a Template Engine ...)
+ TODO: check
+CVE-2024-48035 (Unrestricted Upload of File with Dangerous Type vulnerability in Takay ...)
+ TODO: check
+CVE-2024-48034 (Unrestricted Upload of File with Dangerous Type vulnerability in Flipe ...)
+ TODO: check
+CVE-2024-48030 (Deserialization of Untrusted Data vulnerability in Gabriele Valenti Te ...)
+ TODO: check
+CVE-2024-48029 (: Improper Control of Filename for Include/Require Statement in PHP Pr ...)
+ TODO: check
+CVE-2024-48028 (Deserialization of Untrusted Data vulnerability in Boyan Raichev IP Lo ...)
+ TODO: check
+CVE-2024-48027 (Unrestricted Upload of File with Dangerous Type vulnerability in xaraa ...)
+ TODO: check
+CVE-2024-48026 (Deserialization of Untrusted Data vulnerability in Grayson Robbins Dis ...)
+ TODO: check
+CVE-2024-47836 (Admidio is an open-source user management solution. Prior to version 4 ...)
+ TODO: check
+CVE-2024-47649 (Unrestricted Upload of File with Dangerous Type vulnerability in THATp ...)
+ TODO: check
+CVE-2024-47645 (Improper Limitation of a Pathname to a Restricted Directory ('Path Tra ...)
+ TODO: check
+CVE-2024-47637 (: Relative Path Traversal vulnerability in LiteSpeed Technologies Lite ...)
+ TODO: check
+CVE-2024-47522 (Suricata is a network Intrusion Detection System, Intrusion Prevention ...)
+ TODO: check
+CVE-2024-47351 (Improper Limitation of a Pathname to a Restricted Directory ('Path Tra ...)
+ TODO: check
+CVE-2024-47188 (Suricata is a network Intrusion Detection System, Intrusion Prevention ...)
+ TODO: check
+CVE-2024-47187 (Suricata is a network Intrusion Detection System, Intrusion Prevention ...)
+ TODO: check
+CVE-2024-47139 (A stored cross-site scripting (XSS) vulnerability exists in an undiscl ...)
+ TODO: check
+CVE-2024-46606 (A cross-site scripting (XSS) vulnerability in the component /admin.php ...)
+ TODO: check
+CVE-2024-46605 (A cross-site scripting (XSS) vulnerability in the component /admin.php ...)
+ TODO: check
+CVE-2024-45844 (BIG-IP monitor functionality may allow an attacker to bypass access co ...)
+ TODO: check
+CVE-2024-45797 (LibHTP is a security-aware parser for the HTTP protocol and the relate ...)
+ TODO: check
+CVE-2024-45796 (Suricata is a network Intrusion Detection System, Intrusion Prevention ...)
+ TODO: check
+CVE-2024-45795 (Suricata is a network Intrusion Detection System, Intrusion Prevention ...)
+ TODO: check
+CVE-2024-45072 (IBM WebSphere Application Server 8.5 and 9.0 is vulnerable to an XML E ...)
+ TODO: check
+CVE-2024-45071 (IBM WebSphere Application Server 8.5 and 9.0 is vulnerable to stored c ...)
+ TODO: check
+CVE-2024-41128 (Action Pack is a framework for handling and responding to web requests ...)
+ TODO: check
+CVE-2024-38814 (An authenticated SQL injection vulnerability in VMware HCX was private ...)
+ TODO: check
+CVE-2024-29155 (On Microchip RN4870 devices, when more than one consecutive PairReqNoI ...)
+ TODO: check
+CVE-2024-22033 (The OBS service obs-service-download_url was vulnerable to a command i ...)
+ TODO: check
+CVE-2024-22032 (A vulnerability has been identified in which an RKE1 cluster keeps co ...)
+ TODO: check
+CVE-2024-22030 (A vulnerability has been identified within Rancher that can be exploit ...)
+ TODO: check
+CVE-2024-20512 (A vulnerability in the web-based management interface of Cisco Unified ...)
+ TODO: check
+CVE-2024-20463 (A vulnerability in the web-based management interface of Cisco ATA 190 ...)
+ TODO: check
+CVE-2024-20462 (A vulnerability in the web-based management interface of Cisco ATA 190 ...)
+ TODO: check
+CVE-2024-20461 (A vulnerability in the CLI of Cisco ATA 190 Series Analog Telepho ...)
+ TODO: check
+CVE-2024-20460 (A vulnerability in the web-based management interface of Cisco ATA 190 ...)
+ TODO: check
+CVE-2024-20459 (A vulnerability in the web-based management interface of Cisco ATA 190 ...)
+ TODO: check
+CVE-2024-20458 (A vulnerability in the web-based management interface of Cisco ATA 190 ...)
+ TODO: check
+CVE-2024-20421 (A vulnerability in the web-based management interface of Cisco ATA 190 ...)
+ TODO: check
+CVE-2024-20420 (A vulnerability in the web-based management interface of Cisco ATA 190 ...)
+ TODO: check
+CVE-2024-20280 (A vulnerability in the backup feature of Cisco UCS Central Software co ...)
+ TODO: check
+CVE-2024-10033 (A vulnerability was found in aap-gateway. A Cross-site Scripting (XSS) ...)
+ TODO: check
+CVE-2024-10024 (A vulnerability, which was classified as critical, has been found in c ...)
+ TODO: check
+CVE-2024-10023 (A vulnerability classified as critical was found in code-projects Phar ...)
+ TODO: check
+CVE-2024-10022 (A vulnerability classified as critical has been found in code-projects ...)
+ TODO: check
+CVE-2024-10021 (A vulnerability was found in code-projects Pharmacy Management System ...)
+ TODO: check
+CVE-2023-32266 (Untrusted Search Path vulnerability in OpenText\u2122 Application Life ...)
+ TODO: check
+CVE-2023-32196 (A vulnerability has been identified whereby privilege escalation check ...)
+ TODO: check
+CVE-2023-32194 (A vulnerability has been identified when granting a create or * global ...)
+ TODO: check
+CVE-2023-32193 (A vulnerability has been identified in which unauthenticated cross-sit ...)
+ TODO: check
+CVE-2023-32192 (A vulnerability has been identified in which unauthenticated cross-sit ...)
+ TODO: check
+CVE-2023-32191 (When RKE provisions a cluster, it stores the cluster state in a config ...)
+ TODO: check
+CVE-2023-32190 (mlocate's %post script allows RUN_UPDATEDB_AS user to make arbitrary f ...)
+ TODO: check
+CVE-2023-32189 (Insecure handling of ssh keys used to bootstrap clients allows local a ...)
+ TODO: check
+CVE-2023-32188 (A user can reverse engineer the JWT token (JSON Web Token) used in aut ...)
+ TODO: check
+CVE-2020-36841 (The WooCommerce Smart Coupons plugin for WordPress is vulnerable to au ...)
+ TODO: check
CVE-2024-9966 (Inappropriate implementation in Navigations in Google Chrome prior to ...)
- chromium <unfixed>
[bullseye] - chromium <end-of-life> (see #1061268)
@@ -353,7 +525,7 @@ CVE-2024-44337 (The package `github.com/gomarkdown/markdown` is a Go library for
TODO: check
CVE-2024-41344 (A Cross-Site Request Forgery (CSRF) in Codeigniter 3.1.13 allows attac ...)
TODO: check
-CVE-2024-35584 (SQL injection vulnerability in Ajax.php, ForWindow.php, ForExport.php, ...)
+CVE-2024-35584 (SQL injection vulnerabilities were discovered in Ajax.php, ForWindow.p ...)
TODO: check
CVE-2024-21286 (Vulnerability in the PeopleSoft Enterprise ELM Enterprise Learning Man ...)
NOT-FOR-US: Oracle
@@ -11974,7 +12146,7 @@ CVE-2022-48867 (In the Linux kernel, the following vulnerability has been resolv
NOTE: https://git.kernel.org/linus/1beeec45f9ac31eba52478379f70a5fa9c2ad005 (6.2-rc5)
CVE-2024-8007 (A flaw was found in the openstack-tripleo-common component of the Red ...)
NOT-FOR-US: RHOSP Director / Red Hat OpenStack Platform
-CVE-2024-22034
+CVE-2024-22034 (Attackers could put the special files in .osc into the actual package ...)
- osc 1.9.0-1
[bookworm] - osc <no-dsa> (Minor issue)
[bullseye] - osc <postponed> (Minor issue)
@@ -34503,13 +34675,13 @@ CVE-2021-47499 (In the Linux kernel, the following vulnerability has been resolv
NOTE: https://git.kernel.org/linus/70c9774e180d151abaab358108e3510a8e615215 (5.16-rc5)
CVE-2024-28793 (IBM Engineering Workflow Management 7.0.2 and 7.0.3 is vulnerable to s ...)
NOT-FOR-US: Jenkins plugin
-CVE-2024-4189
+CVE-2024-4189 (Improper Restriction of XML External Entity Reference vulnerability in ...)
NOT-FOR-US: Jenkins plugin
-CVE-2024-4184
+CVE-2024-4184 (Improper Restriction of XML External Entity Reference vulnerability in ...)
NOT-FOR-US: Jenkins plugin
-CVE-2024-4690
+CVE-2024-4690 (Improper Restriction of XML External Entity Reference vulnerability in ...)
NOT-FOR-US: Jenkins plugin
-CVE-2024-4211
+CVE-2024-4211 (Improper Validation of Specified Quantity in Input vulnerability in Op ...)
NOT-FOR-US: Jenkins plugin
CVE-2024-4691
NOT-FOR-US: Jenkins plugin
@@ -57539,7 +57711,7 @@ CVE-2023-31634 (In TeslaMate before 1.27.2, there is unauthorized access to port
NOT-FOR-US: TeslaMate
CVE-2017-20190 (Some Microsoft technologies as used in Windows 8 through 11 allow a te ...)
NOT-FOR-US: Microsoft
-CVE-2024-22029
+CVE-2024-22029 (Insecure permissions in the packaging of tomcat allow local users that ...)
- tomcat10 <not-affected> (SUSE specfic packaging issue on /usr/share/tomcat/tomcat-webapps permissions)
- tomcat9 <not-affected> (SUSE specfic packaging issue on /usr/share/tomcat/tomcat-webapps permissions)
NOTE: https://bugzilla.suse.com/show_bug.cgi?id=1219208#c12
@@ -129329,15 +129501,15 @@ CVE-2023-25917
RESERVED
CVE-2023-25916
RESERVED
-CVE-2023-25915 (Due to improper input validation, a remote attacker could execute arbi ...)
+CVE-2023-25915 (Due to improper input validation, an authenticated remote attacker cou ...)
NOT-FOR-US: Danfoss AK-SM80A
-CVE-2023-25914 (Due to improper restriction, attackers could retrieve and read system ...)
+CVE-2023-25914 (Due to improper restriction, authenticated attackers could retrieve an ...)
NOT-FOR-US: Danfoss AK-SM80A
CVE-2023-25913 (Because of an authentication flaw an attacker would be capable of gene ...)
NOT-FOR-US: Danfoss AK-SM80A
CVE-2023-25912 (The webreport generation feature in the Danfoss AK-EM100 allows an una ...)
NOT-FOR-US: Danfoss AK-EM100
-CVE-2023-25911 (The Danfoss AK-EM100 web applications allow for OS command injection t ...)
+CVE-2023-25911 (The Danfoss AK-EM100 web applications allow for an authenticated user ...)
NOT-FOR-US: Danfoss AK-EM100
CVE-2023-25910 (A vulnerability has been identified in SIMATIC PCS 7 (All versions < V ...)
NOT-FOR-US: Siemens
@@ -139780,8 +139952,8 @@ CVE-2023-22652 (A Buffer Copy without Checking Size of Input ('Classic Buffer Ov
NOTE: https://github.com/openSUSE/libeconf/commit/8d086dfc69d4299e55e4844e3573b3a4cf420f19 (v0.5.2)
CVE-2023-22651 (Improper Privilege Management vulnerability in SUSE Rancher allows Pri ...)
NOT-FOR-US: Rancher
-CVE-2023-22650
- RESERVED
+CVE-2023-22650 (A vulnerability has been identified in which Rancher does not automati ...)
+ TODO: check
CVE-2023-22649 (A vulnerability has been identified which may lead to sensitive data b ...)
TODO: check
CVE-2023-22648 (A Improper Privilege Management vulnerability in SUSE Rancher causes p ...)
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/d39753448352c42f73283ed8b26f516ed1a19700
--
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/d39753448352c42f73283ed8b26f516ed1a19700
You're receiving this email because of your account on salsa.debian.org.
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://alioth-lists.debian.net/pipermail/debian-security-tracker-commits/attachments/20241017/2d8168db/attachment.htm>
More information about the debian-security-tracker-commits
mailing list