[Git][security-tracker-team/security-tracker][master] automatic update
Salvatore Bonaccorso (@carnil)
carnil at debian.org
Fri Oct 25 21:12:53 BST 2024
Salvatore Bonaccorso pushed to branch master at Debian Security Tracker / security-tracker
Commits:
311b15cd by security tracker role at 2024-10-25T20:12:46+00:00
automatic update
- - - - -
1 changed file:
- data/CVE/list
Changes:
=====================================
data/CVE/list
=====================================
@@ -1,3 +1,147 @@
+CVE-2024-9991 (This vulnerability exists in Philips lighting devices due to storage o ...)
+ TODO: check
+CVE-2024-9585 (The Image Map Pro plugin for WordPress is vulnerable to Stored Cross-S ...)
+ TODO: check
+CVE-2024-9584 (The Image Map Pro plugin for WordPress is vulnerable to unauthorized m ...)
+ TODO: check
+CVE-2024-8666 (The Shoutcast Icecast HTML5 Radio Player plugin for WordPress is vulne ...)
+ TODO: check
+CVE-2024-8036 (ABB is aware of privately reported vulnerabilities in the product vers ...)
+ TODO: check
+CVE-2024-49767 (Werkzeug is a Web Server Gateway Interface web application library. Ap ...)
+ TODO: check
+CVE-2024-49766 (Werkzeug is a Web Server Gateway Interface web application library. On ...)
+ TODO: check
+CVE-2024-49757 (The open-source identity infrastructure software Zitadel allows admini ...)
+ TODO: check
+CVE-2024-49753 (Zitadel is open-source identity infrastructure software. Versions prio ...)
+ TODO: check
+CVE-2024-49381 (Plenti, a static site generator, has an arbitrary file deletion vulner ...)
+ TODO: check
+CVE-2024-49380 (Plenti, a static site generator, has an arbitrary file write vulnerabi ...)
+ TODO: check
+CVE-2024-49378 (smartUp, a web browser mouse gestures extension, has a universal cross ...)
+ TODO: check
+CVE-2024-49376 (Autolab, a course management service that enables auto-graded programm ...)
+ TODO: check
+CVE-2024-48743 (Cross Site Scripting vulnerability in Sentry v.6.0.9 allows a remote a ...)
+ TODO: check
+CVE-2024-48700 (Kliqqi-CMS has a background arbitrary code execution vulnerability tha ...)
+ TODO: check
+CVE-2024-48655 (An issue in Total.js CMS v.1.0 allows a remote attacker to execute arb ...)
+ TODO: check
+CVE-2024-48654 (Cross Site Scripting vulnerability in Blood Bank v.1 allows a remote a ...)
+ TODO: check
+CVE-2024-48581 (File Upload vulnerability in Best courier management system in php v.1 ...)
+ TODO: check
+CVE-2024-48580 (SQL Injection vulnerability in Best courier management system in php v ...)
+ TODO: check
+CVE-2024-48579 (SQL Injection vulnerability in Best House rental management system pro ...)
+ TODO: check
+CVE-2024-48459 (A command execution vulnerability exists in the AX2 Pro home router pr ...)
+ TODO: check
+CVE-2024-48450 (An arbitrary file upload vulnerability in Huly Platform v0.6.295 allow ...)
+ TODO: check
+CVE-2024-48448 (An arbitrary file upload vulnerability in Huly Platform v0.6.295 allow ...)
+ TODO: check
+CVE-2024-48428 (An issue in Olive VLE allows an attacker to obtain sensitive informati ...)
+ TODO: check
+CVE-2024-48343 (A SQL Injection vulnerability in ESAFENET CDG 5 and earlier allows an ...)
+ TODO: check
+CVE-2024-48204 (SQL injection vulnerability in Hanzhou Haobo network management system ...)
+ TODO: check
+CVE-2024-47483 (Dell Data Lakehouse, version(s) 1.0.0.0 and 1.1.0.0, contain(s) an Imp ...)
+ TODO: check
+CVE-2024-47481 (Dell Data Lakehouse, version(s) 1.0.0.0, 1.1.0., contain(s) an Imprope ...)
+ TODO: check
+CVE-2024-47041 (In valid_address of syscall.c, there is a possible out of bounds read ...)
+ TODO: check
+CVE-2024-47035 (In vring_init of external/headers/include/virtio/virtio_ring.h, there ...)
+ TODO: check
+CVE-2024-47034 (there is a possible out of bounds read due to a missing bounds check. ...)
+ TODO: check
+CVE-2024-47033 (In lwis_allocator_free of lwis_allocator.c, there is a possible memory ...)
+ TODO: check
+CVE-2024-47031 (Android before 2024-10-05 on Google Pixel devices allows privilege esc ...)
+ TODO: check
+CVE-2024-47030 (Android before 2024-10-05 on Google Pixel devices allows information d ...)
+ TODO: check
+CVE-2024-47029 (In TrustySharedMemoryManager::GetSharedMemory of ondevice/trusty/trust ...)
+ TODO: check
+CVE-2024-47028 (In ffu_flash_pack of ffu.c, there is a possible out of bounds read due ...)
+ TODO: check
+CVE-2024-47027 (In sm_mem_compat_get_vmm_obj of lib/sm/shared_mem.c, there is a possib ...)
+ TODO: check
+CVE-2024-47026 (In gsc_gsa_rescue of gsc_gsa.c, there is a possible out of bounds read ...)
+ TODO: check
+CVE-2024-47025 (In ppmp_protect_buf of drm_fw.c, there is a possible information discl ...)
+ TODO: check
+CVE-2024-47024 (In vring_size of external/headers/include/virtio/virtio_ring.h, there ...)
+ TODO: check
+CVE-2024-47023 (there is a possible man-in-the-middle attack due to a logic error in t ...)
+ TODO: check
+CVE-2024-47022 (Android before 2024-10-05 on Google Pixel devices allows information d ...)
+ TODO: check
+CVE-2024-47021 (In sms_ExtractCbLanguage of sms_CellBroadcast.c, there is a possible o ...)
+ TODO: check
+CVE-2024-47020 (Android before 2024-10-05 on Google Pixel devices allows information d ...)
+ TODO: check
+CVE-2024-47019 (In ProtocolEmbmsSaiListAdapter::Init() of protocolembmsadapter.cpp, th ...)
+ TODO: check
+CVE-2024-47018 (In pmucal_rae_handle_seq_int of flexpmu_cal_rae.c, there is a possible ...)
+ TODO: check
+CVE-2024-47017 (In ufshc_scsi_cmd of ufs.c, there is a possible stack variable use aft ...)
+ TODO: check
+CVE-2024-47016 (there is a possible privilege escalation due to an insecure default va ...)
+ TODO: check
+CVE-2024-47015 (In ProtocolMiscHwConfigChangeAdapter::GetData() of protocolmiscadapter ...)
+ TODO: check
+CVE-2024-47014 (Android before 2024-10-05 on Google Pixel devices allows privilege esc ...)
+ TODO: check
+CVE-2024-47013 (In pmucal_rae_handle_seq_int of flexpmu_cal_rae.c, there is a possible ...)
+ TODO: check
+CVE-2024-47012 (In mm_GetMobileIdIndexForNsUpdate of mm_GmmPduCodec.c, there is a poss ...)
+ TODO: check
+CVE-2024-44101 (there is a possible Null Pointer Dereference (modem crash) due to impr ...)
+ TODO: check
+CVE-2024-44100 (Android before 2024-10-05 on Google Pixel devices allows information d ...)
+ TODO: check
+CVE-2024-44099 (There is a possible Local bypass of user interaction due to an insecur ...)
+ TODO: check
+CVE-2024-44098 (In lwis_device_event_states_clear_locked of lwis_event.c, there is a p ...)
+ TODO: check
+CVE-2024-37847 (An arbitrary file upload vulnerability in MangoOS before 5.1.4 and Man ...)
+ TODO: check
+CVE-2024-37846 (MangoOS before 5.2.0 was discovered to contain a Client-Side Template ...)
+ TODO: check
+CVE-2024-37845 (MangoOS before 5.2.0 was discovered to contain an authenticated remote ...)
+ TODO: check
+CVE-2024-37844 (A stored cross-site scripting (XSS) vulnerability in MangoOS before 5. ...)
+ TODO: check
+CVE-2024-10387 (CVE-2024-10387 IMPACT A Denial-of-Service vulnerability exists in t ...)
+ TODO: check
+CVE-2024-10386 (CVE-2024-10386 IMPACT An authentication vulnerability exists in the ...)
+ TODO: check
+CVE-2024-10381 (This vulnerability exists in Matrix Door Controller Cosec Vega FAXQ du ...)
+ TODO: check
+CVE-2024-10380 (A vulnerability, which was classified as critical, has been found in S ...)
+ TODO: check
+CVE-2024-10379 (A vulnerability classified as problematic was found in ESAFENET CDG 5. ...)
+ TODO: check
+CVE-2024-10378 (A vulnerability classified as critical has been found in ESAFENET CDG ...)
+ TODO: check
+CVE-2024-10377 (A vulnerability was found in ESAFENET CDG 5. It has been rated as crit ...)
+ TODO: check
+CVE-2024-10376 (A vulnerability was found in ESAFENET CDG 5. It has been declared as c ...)
+ TODO: check
+CVE-2024-10374 (The WP-Members Membership Plugin plugin for WordPress is vulnerable to ...)
+ TODO: check
+CVE-2024-10343 (The Beek Widget Extention plugin for WordPress is vulnerable to Stored ...)
+ TODO: check
+CVE-2024-10112 (The Simple News plugin for WordPress is vulnerable to Stored Cross-Sit ...)
+ TODO: check
+CVE-2024-10016 (The File Upload Types by WPForms plugin for WordPress is vulnerable to ...)
+ TODO: check
CVE-2024-9686 (The Order Notification for Telegram plugin for WordPress is vulnerable ...)
NOT-FOR-US: WordPress plugin
CVE-2024-9630 (The WPS Telegram Chat plugin for WordPress is vulnerable to authorizat ...)
@@ -2339,7 +2483,7 @@ CVE-2024-47634 (Cross-Site Request Forgery (CSRF) vulnerability in Streamline.Lv
NOT-FOR-US: WordPress plugin
CVE-2024-47325 (Improper Neutralization of Special Elements used in an SQL Command ('S ...)
NOT-FOR-US: WordPress plugin
-CVE-2024-44061 (Improper Neutralization of Script-Related HTML Tags in a Web Page (Bas ...)
+CVE-2024-44061 (: Improper Neutralization of Script-Related HTML Tags in a Web Page (B ...)
NOT-FOR-US: WordPress plugin
CVE-2024-44000 (Insufficiently Protected Credentials vulnerability in LiteSpeed Techno ...)
NOT-FOR-US: WordPress plugin
@@ -3304,7 +3448,7 @@ CVE-2024-45085 (IBM WebSphere Application Server 8.5 is vulnerable to a denial o
CVE-2024-44775 (An issue in kmqtt v0.2.7 allows attackers to cause a Denial of Service ...)
NOT-FOR-US: kmqtt
CVE-2024-41311 (In Libheif 1.17.6, insufficient checks in ImageOverlay::parse() decodi ...)
- {DLA-3934-1}
+ {DSA-5796-1 DLA-3934-1}
- libheif 1.18.1-1
NOTE: https://github.com/strukturag/libheif/issues/1226
NOTE: https://github.com/strukturag/libheif/pull/1227
@@ -3953,7 +4097,7 @@ CVE-2024-40616
REJECTED
CVE-2023-50780 (Apache ActiveMQ Artemis allows access to diagnostic information and co ...)
NOT-FOR-US: Apache ActiveMQ Artemis
-CVE-2023-48082 (Nagios XI before 5.11.3 2024R1 was discovered to improperly handle API ...)
+CVE-2023-48082 (Nagios XI before 2024R1 was discovered to improperly handle API keys g ...)
NOT-FOR-US: Nagios XI
CVE-2023-45817
REJECTED
@@ -21033,6 +21177,7 @@ CVE-2024-41817 (ImageMagick is a free and open-source software suite, used for e
NOTE: https://github.com/ImageMagick/ImageMagick/security/advisories/GHSA-8rxc-922v-phg8
NOTE: https://github.com/ImageMagick/ImageMagick/commit/6526a2b28510ead6a3e14de711bb991ad9abff38
CVE-2024-41810 (Twisted is an event-based framework for internet applications, support ...)
+ {DSA-5797-1}
- twisted 24.7.0-1 (bug #1077680)
NOTE: https://github.com/twisted/twisted/security/advisories/GHSA-cf56-g6w6-pqq2
NOTE: Merge commit: https://github.com/twisted/twisted/commit/046a164f89a0f08d3239ecebd750360f8914df33 (twisted-24.7.0rc1)
@@ -21043,6 +21188,7 @@ CVE-2024-41726 (Path traversal vulnerability exists in SKYSEA Client View Ver.3.
CVE-2024-41676 (Magento-lts is a long-term support alternative to Magento Community Ed ...)
NOT-FOR-US: Magento LTS (alternative to Magento Community Edition)
CVE-2024-41671 (Twisted is an event-based framework for internet applications, support ...)
+ {DSA-5797-1}
- twisted 24.7.0-1 (bug #1077679)
NOTE: https://github.com/twisted/twisted/security/advisories/GHSA-c8m8-j448-xjx7
NOTE: https://github.com/twisted/twisted/commit/4a930de12fb67e88fefcb8822104152f42b27abc (twisted-24.7.0rc1)
@@ -85437,6 +85583,7 @@ CVE-2023-49463 (libheif v1.17.5 was discovered to contain a segmentation violati
NOTE: https://github.com/strukturag/libheif/commit/26ec3953d46bb5756b97955661565bcbc6647abf (v1.17.6)
NOTE: Crash in CLI tool, no security impact (only affects example tool shipped in libheif-examples)
CVE-2023-49462 (libheif v1.17.5 was discovered to contain a segmentation violation via ...)
+ {DSA-5796-1}
- libheif 1.17.6-1 (bug #1059151)
[bullseye] - libheif <no-dsa> (Minor issue)
[buster] - libheif <not-affected> (Vulnerable code not present)
@@ -92082,7 +92229,7 @@ CVE-2023-46852 (In Memcached before 1.6.22, a buffer overflow exists when proces
[buster] - memcached <not-affected> (The vulnerable code was introduced later)
NOTE: https://github.com/memcached/memcached/commit/76a6c363c18cfe7b6a1524ae64202ac9db330767 (1.6.22)
CVE-2023-46604 (The Java OpenWire protocol marshaller is vulnerable to Remote Code Ex ...)
- {DLA-3657-1}
+ {DLA-3936-1 DLA-3657-1}
- activemq 5.17.6+dfsg-1 (bug #1054909)
NOTE: https://activemq.apache.org/security-advisories.data/CVE-2023-46604-announcement.txt
NOTE: http://www.openwall.com/lists/oss-security/2023/10/27/5
@@ -92372,6 +92519,7 @@ CVE-2023-46233 (crypto-js is a JavaScript library of crypto standards. Prior to
CVE-2023-46232 (era-compiler-vyper is the EraVM Vyper compiler for zkSync Era, a layer ...)
NOT-FOR-US: era-compiler-vyper
CVE-2023-46137 (Twisted is an event-based framework for internet applications. Prior t ...)
+ {DSA-5797-1}
- twisted 23.10.0-1 (bug #1054913)
[bullseye] - twisted <no-dsa> (Minor issue)
[buster] - twisted <no-dsa> (Minor issue)
@@ -92486,7 +92634,7 @@ CVE-2023-46525 (TP-LINK TL-WR886N V7.0_3.0.14_Build_221115_Rel.56908n.bin was di
NOT-FOR-US: TP-LINK
CVE-2023-46523 (TP-LINK TL-WR886N V7.0_3.0.14_Build_221115_Rel.56908n.bin was discover ...)
NOT-FOR-US: TP-LINK
-CVE-2023-46522 (TP-LINK TL-WR886N V7.0_3.0.14_Build_221115_Rel.56908n.bin was discover ...)
+CVE-2023-46522 (TP-LINK device TL-WR886N V7.0_3.0.14_Build_221115_Rel.56908n.bin and T ...)
NOT-FOR-US: TP-LINK
CVE-2023-46521 (TP-LINK TL-WR886N V7.0_3.0.14_Build_221115_Rel.56908n.bin was discover ...)
NOT-FOR-US: TP-LINK
@@ -120679,6 +120827,7 @@ CVE-2023-29661
CVE-2023-29660
RESERVED
CVE-2023-29659 (A Segmentation fault caused by a floating point exception exists in li ...)
+ {DSA-5796-1}
- libheif 1.16.2-1 (bug #1035607)
[bullseye] - libheif <no-dsa> (Minor issue)
[buster] - libheif <no-dsa> (Minor issue)
@@ -131612,8 +131761,8 @@ CVE-2023-26249 (Knot Resolver before 5.6.0 enables attackers to consume its reso
[bullseye] - knot-resolver <no-dsa> (Minor issue)
[buster] - knot-resolver <no-dsa> (Minor issue)
NOTE: https://www.knot-resolver.cz/2023-01-26-knot-resolver-5.6.0.html
-CVE-2023-26248
- RESERVED
+CVE-2023-26248 (The Kademlia DHT (go-libp2p-kad-dht 0.20.0 and earlier) used in IPFS ( ...)
+ TODO: check
CVE-2023-26247
RESERVED
CVE-2023-26246 (An issue was discovered in the Hyundai Gen5W_L in-vehicle infotainment ...)
@@ -167773,6 +167922,7 @@ CVE-2022-41680 (Forma LMS on its 3.1.0 version and earlier is vulnerable to a SQ
CVE-2022-41679 (Forma LMS version 3.1.0 and earlier are affected by an Cross-Site scri ...)
NOT-FOR-US: Forma LMS
CVE-2022-41678 (Once an user is authenticated on Jolokia, he can potentially trigger a ...)
+ {DLA-3936-1}
- activemq 5.17.6+dfsg-1 (unimportant)
NOTE: https://lists.apache.org/thread/7g17kwbtjl011mm4tr8bn1vnoq9wh4sl
NOTE: https://activemq.apache.org/security-advisories.data/CVE-2022-41678-announcement.txt
@@ -199165,22 +199315,22 @@ CVE-2022-30363
RESERVED
CVE-2022-30362
RESERVED
-CVE-2022-30361
- RESERVED
-CVE-2022-30360
- RESERVED
-CVE-2022-30359
- RESERVED
-CVE-2022-30358
- RESERVED
-CVE-2022-30357
- RESERVED
-CVE-2022-30356
- RESERVED
-CVE-2022-30355
- RESERVED
-CVE-2022-30354
- RESERVED
+CVE-2022-30361 (OvalEdge 5.2.8.0 and earlier is affected by a Sensitive Data Exposure ...)
+ TODO: check
+CVE-2022-30360 (OvalEdge 5.2.8.0 and earlier is affected by multiple Stored XSS (AKA P ...)
+ TODO: check
+CVE-2022-30359 (OvalEdge 5.2.8.0 and earlier is affected by a Sensitive Data Exposure ...)
+ TODO: check
+CVE-2022-30358 (OvalEdge 5.2.8.0 and earlier is affected by an Account Takeover vulner ...)
+ TODO: check
+CVE-2022-30357 (OvalEdge 5.2.8.0 and earlier is affected by an Account Takeover vulner ...)
+ TODO: check
+CVE-2022-30356 (OvalEdge 5.2.8.0 and earlier is affected by a Privilege Escalation vul ...)
+ TODO: check
+CVE-2022-30355 (OvalEdge 5.2.8.0 and earlier is affected by an Account Takeover vulner ...)
+ TODO: check
+CVE-2022-30354 (OvalEdge 5.2.8.0 and earlier is affected by a Sensitive Data Exposure ...)
+ TODO: check
CVE-2022-30353
RESERVED
CVE-2022-30352 (phpABook 0.9i is vulnerable to SQL Injection due to insufficient sanit ...)
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/311b15cd6351b388e81338a1dc5c7cc69745e44e
--
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/311b15cd6351b388e81338a1dc5c7cc69745e44e
You're receiving this email because of your account on salsa.debian.org.
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://alioth-lists.debian.net/pipermail/debian-security-tracker-commits/attachments/20241025/5361cd49/attachment.htm>
More information about the debian-security-tracker-commits
mailing list