[Git][security-tracker-team/security-tracker][master] automatic update
Salvatore Bonaccorso (@carnil)
carnil at debian.org
Mon Oct 28 20:13:09 GMT 2024
Salvatore Bonaccorso pushed to branch master at Debian Security Tracker / security-tracker
Commits:
1493dbfc by security tracker role at 2024-10-28T20:12:37+00:00
automatic update
- - - - -
1 changed file:
- data/CVE/list
Changes:
=====================================
data/CVE/list
=====================================
@@ -1,4 +1,186 @@
-CVE-2024-45802
+CVE-2024-9825 (The Chef Habitat builder-api on-prem-builder package with any version ...)
+ TODO: check
+CVE-2024-9629 (The Contact Form 7 + Telegram plugin for WordPress is vulnerable to un ...)
+ TODO: check
+CVE-2024-8013 (A bug in query analysis of certain complex self-referential $lookup su ...)
+ TODO: check
+CVE-2024-6245 (Use of Default Credentials vulnerability in Maruti Suzuki SmartPlay on ...)
+ TODO: check
+CVE-2024-5532 (Improper Neutralization of Input During Web Page Generation (XSS or 'C ...)
+ TODO: check
+CVE-2024-50582 (In JetBrains YouTrack before 2024.3.47707 stored XSS was possible due ...)
+ TODO: check
+CVE-2024-50581 (In JetBrains YouTrack before 2024.3.47707 improper HTML sanitization c ...)
+ TODO: check
+CVE-2024-50580 (In JetBrains YouTrack before 2024.3.47707 multiple XSS were possible d ...)
+ TODO: check
+CVE-2024-50579 (In JetBrains YouTrack before 2024.3.47707 reflected XSS due to insecur ...)
+ TODO: check
+CVE-2024-50578 (In JetBrains YouTrack before 2024.3.47707 stored XSS was possible via ...)
+ TODO: check
+CVE-2024-50577 (In JetBrains YouTrack before 2024.3.47707 stored XSS was possible via ...)
+ TODO: check
+CVE-2024-50576 (In JetBrains YouTrack before 2024.3.47707 stored XSS was possible via ...)
+ TODO: check
+CVE-2024-50575 (In JetBrains YouTrack before 2024.3.47707 reflected XSS was possible i ...)
+ TODO: check
+CVE-2024-50574 (In JetBrains YouTrack before 2024.3.47707 potential ReDoS exploit was ...)
+ TODO: check
+CVE-2024-50573 (In JetBrains Hub before 2024.3.47707 improper access control allowed u ...)
+ TODO: check
+CVE-2024-50502 (Improper Neutralization of Input During Web Page Generation (XSS or 'C ...)
+ TODO: check
+CVE-2024-50501 (Improper Neutralization of Input During Web Page Generation (XSS or 'C ...)
+ TODO: check
+CVE-2024-50498 (Improper Control of Generation of Code ('Code Injection') vulnerabilit ...)
+ TODO: check
+CVE-2024-50497 (Improper Control of Filename for Include/Require Statement in PHP Prog ...)
+ TODO: check
+CVE-2024-50492 (Improper Control of Generation of Code ('Code Injection') vulnerabilit ...)
+ TODO: check
+CVE-2024-50491 (Improper Neutralization of Special Elements used in an SQL Command ('S ...)
+ TODO: check
+CVE-2024-50489 (Authentication Bypass Using an Alternate Path or Channel vulnerability ...)
+ TODO: check
+CVE-2024-50488 (Authentication Bypass Using an Alternate Path or Channel vulnerability ...)
+ TODO: check
+CVE-2024-50487 (Authentication Bypass Using an Alternate Path or Channel vulnerability ...)
+ TODO: check
+CVE-2024-50486 (Authentication Bypass Using an Alternate Path or Channel vulnerability ...)
+ TODO: check
+CVE-2024-50483 (Authorization Bypass Through User-Controlled Key vulnerability in Meet ...)
+ TODO: check
+CVE-2024-50479 (Improper Neutralization of Special Elements used in an SQL Command ('S ...)
+ TODO: check
+CVE-2024-50478 (Authentication Bypass by Primary Weakness vulnerability in Swoop 1-Cli ...)
+ TODO: check
+CVE-2024-50477 (Authentication Bypass Using an Alternate Path or Channel vulnerability ...)
+ TODO: check
+CVE-2024-50472 (Improper Neutralization of Input During Web Page Generation (XSS or 'C ...)
+ TODO: check
+CVE-2024-50471 (Improper Neutralization of Input During Web Page Generation (XSS or 'C ...)
+ TODO: check
+CVE-2024-50470 (Improper Neutralization of Input During Web Page Generation (XSS or 'C ...)
+ TODO: check
+CVE-2024-50469 (Improper Neutralization of Input During Web Page Generation (XSS or 'C ...)
+ TODO: check
+CVE-2024-50468 (Improper Neutralization of Input During Web Page Generation (XSS or 'C ...)
+ TODO: check
+CVE-2024-50467 (Improper Neutralization of Input During Web Page Generation (XSS or 'C ...)
+ TODO: check
+CVE-2024-50465 (Improper Neutralization of Special Elements used in an SQL Command ('S ...)
+ TODO: check
+CVE-2024-50464 (Improper Neutralization of Input During Web Page Generation (XSS or 'C ...)
+ TODO: check
+CVE-2024-50463 (URL Redirection to Untrusted Site ('Open Redirect') vulnerability in W ...)
+ TODO: check
+CVE-2024-50462 (Improper Neutralization of Input During Web Page Generation (XSS or 'C ...)
+ TODO: check
+CVE-2024-50461 (Improper Neutralization of Input During Web Page Generation (XSS or 'C ...)
+ TODO: check
+CVE-2024-50460 (Improper Neutralization of Input During Web Page Generation (XSS or 'C ...)
+ TODO: check
+CVE-2024-50458 (Improper Neutralization of Input During Web Page Generation (XSS or 'C ...)
+ TODO: check
+CVE-2024-50457 (: Improper Control of Filename for Include/Require Statement in PHP Pr ...)
+ TODO: check
+CVE-2024-50453 (Relative Path Traversal vulnerability in Webangon The Pack Elementor a ...)
+ TODO: check
+CVE-2024-50451 (Improper Neutralization of Input During Web Page Generation (XSS or 'C ...)
+ TODO: check
+CVE-2024-50450 (Improper Control of Generation of Code ('Code Injection') vulnerabilit ...)
+ TODO: check
+CVE-2024-50449 (Improper Neutralization of Input During Web Page Generation (XSS or 'C ...)
+ TODO: check
+CVE-2024-50448 (Improper Neutralization of Input During Web Page Generation (XSS or 'C ...)
+ TODO: check
+CVE-2024-50447 (Improper Neutralization of Input During Web Page Generation (XSS or 'C ...)
+ TODO: check
+CVE-2024-50446 (Improper Neutralization of Input During Web Page Generation (XSS or 'C ...)
+ TODO: check
+CVE-2024-50445 (Improper Neutralization of Input During Web Page Generation (XSS or 'C ...)
+ TODO: check
+CVE-2024-50443 (Improper Neutralization of Input During Web Page Generation (XSS or 'C ...)
+ TODO: check
+CVE-2024-50442 (Improper Restriction of XML External Entity Reference vulnerability in ...)
+ TODO: check
+CVE-2024-50441 (Improper Neutralization of Input During Web Page Generation (XSS or 'C ...)
+ TODO: check
+CVE-2024-50440 (Improper Neutralization of Input During Web Page Generation (XSS or 'C ...)
+ TODO: check
+CVE-2024-50439 (Improper Neutralization of Input During Web Page Generation (XSS or 'C ...)
+ TODO: check
+CVE-2024-50438 (Improper Neutralization of Input During Web Page Generation (XSS or 'C ...)
+ TODO: check
+CVE-2024-50437 (Improper Neutralization of Input During Web Page Generation (XSS or 'C ...)
+ TODO: check
+CVE-2024-50436 (Improper Control of Filename for Include/Require Statement in PHP Prog ...)
+ TODO: check
+CVE-2024-50435 (Improper Control of Filename for Include/Require Statement in PHP Prog ...)
+ TODO: check
+CVE-2024-50434 (Improper Control of Filename for Include/Require Statement in PHP Prog ...)
+ TODO: check
+CVE-2024-50433 (Improper Neutralization of Input During Web Page Generation (XSS or 'C ...)
+ TODO: check
+CVE-2024-50432 (Improper Neutralization of Input During Web Page Generation (XSS or 'C ...)
+ TODO: check
+CVE-2024-50431 (Improper Neutralization of Input During Web Page Generation (XSS or 'C ...)
+ TODO: check
+CVE-2024-50429 (Improper Neutralization of Input During Web Page Generation (XSS or 'C ...)
+ TODO: check
+CVE-2024-50416 (Deserialization of Untrusted Data vulnerability in WPClever WPC Shop a ...)
+ TODO: check
+CVE-2024-50408 (Deserialization of Untrusted Data vulnerability in Kiboko Labs Namaste ...)
+ TODO: check
+CVE-2024-49771 (MPXJ is an open source library to read and write project plans from a ...)
+ TODO: check
+CVE-2024-49761 (REXML is an XML toolkit for Ruby. The REXML gem before 3.3.9 has a ReD ...)
+ TODO: check
+CVE-2024-49755 (Duende IdentityServer is an OpenID Connect and OAuth 2.x framework for ...)
+ TODO: check
+CVE-2024-48826 (Tenda AC7 v.15.03.06.44 ate_iwpriv_set has pre-authentication command ...)
+ TODO: check
+CVE-2024-48825 (Tenda AC7 v.15.03.06.44 ate_ifconfig_set has pre-authentication comman ...)
+ TODO: check
+CVE-2024-48465 (The MRBS version 1.5.0 has an SQL injection vulnerability in the edit_ ...)
+ TODO: check
+CVE-2024-48291 (dingfanzu CMS 1.0 was discovered to contain a Cross-Site Request Forge ...)
+ TODO: check
+CVE-2024-48196 (An issue in eyouCMS v.1.6.7 allows a remote attacker to obtain sensiti ...)
+ TODO: check
+CVE-2024-48195 (Cross Site Scripting vulnerability in eyouCMS v.1.6.7 allows a remote ...)
+ TODO: check
+CVE-2024-48191 (dingfanzu CMS 1.0 was discovered to contain a Cross-Site Request Forge ...)
+ TODO: check
+CVE-2024-48074 (An authorized RCE vulnerability exists in the DrayTek Vigor2960 router ...)
+ TODO: check
+CVE-2024-47827 (Argo Workflows is an open source container-native workflow engine for ...)
+ TODO: check
+CVE-2024-42930 (PbootCMS 3.2.8 is vulnerable to URL Redirect.)
+ TODO: check
+CVE-2024-42028 (A Local privilege escalation vulnerability found in a Self-Hosted UniF ...)
+ TODO: check
+CVE-2024-39205 (An issue in pyload-ng v0.5.0b3.dev85 running under python3.11 or below ...)
+ TODO: check
+CVE-2024-34537 (TYPO3 before 13.3.1 allows denial of service (interface error) in the ...)
+ TODO: check
+CVE-2024-10469 (VINCE versions before 3.0.9 is vulnerable to exposure of User informat ...)
+ TODO: check
+CVE-2024-10455 (Reachable Assertion in BPv7 parser in \xb5D3TN v0.14.0 allows attacker ...)
+ TODO: check
+CVE-2024-10450 (A vulnerability has been found in SourceCodester Kortex Lite Advocate ...)
+ TODO: check
+CVE-2024-10449 (A vulnerability, which was classified as critical, was found in Codezi ...)
+ TODO: check
+CVE-2024-10448 (A vulnerability, which was classified as problematic, has been found i ...)
+ TODO: check
+CVE-2024-10447 (A vulnerability classified as critical was found in Project Worlds Onl ...)
+ TODO: check
+CVE-2024-10446 (A vulnerability classified as critical has been found in Project World ...)
+ TODO: check
+CVE-2024-10214 (Mattermost versions 9.11.X <= 9.11.1, 9.5.x <= 9.5.9 icorrectly issues ...)
+ TODO: check
+CVE-2024-45802 (Squid is an open source caching proxy for the Web supporting HTTP, HTT ...)
- squid 6.12-1
NOTE: https://github.com/squid-cache/squid/security/advisories/GHSA-f975-v7qw-q7hj
NOTE: Not a code fix, this merely disables ESI by default (and thus in the Debian build)
@@ -98003,6 +98185,7 @@ CVE-2023-38871 (The commit 3730880 (April 2023) and v.0.9-beta1 of gugoan Econom
CVE-2023-38870 (A SQL injection vulnerability exists in gugoan Economizzer commit 3730 ...)
NOT-FOR-US: gugoan's Economizzer
CVE-2023-42119 (Exim dnsdb Out-Of-Bounds Read Information Disclosure Vulnerability. Th ...)
+ {DLA-3938-1}
- exim4 4.97~RC2-2
[bookworm] - exim4 4.96-15+deb12u3
[buster] - exim4 <no-dsa> (Minor issue; use Exim4 with a trustworthy DNS resolver able to validate the data according to the DNS record types)
@@ -98029,6 +98212,7 @@ CVE-2023-42118 (Exim libspf2 Integer Underflow Remote Code Execution Vulnerabili
NOTE: finder clarifies as "ut I haven't been able to get it to do anything after that because
NOTE: another buffer fills up." and 2. that this is the same issue as CVE-2023-42118 .
CVE-2023-42117 (Exim Improper Neutralization of Special Elements Remote Code Execution ...)
+ {DLA-3938-1}
- exim4 4.97~RC2-2
[bookworm] - exim4 4.96-15+deb12u3
[buster] - exim4 <no-dsa> (Only an issue if Exim4 run behind an untrusted proxy-protocol proxy)
@@ -164331,6 +164515,7 @@ CVE-2022-3560 (A flaw was found in pesign. The pesign package provides a systemd
NOTE: https://www.openwall.com/lists/oss-security/2023/02/01/2
NOTE: https://github.com/rhboot/pesign/commit/d8a8c259994d0278c59b30b41758a8dd0abff998 (116)
CVE-2022-3559 (A vulnerability was found in Exim and classified as problematic. This ...)
+ {DLA-3938-1}
- exim4 4.96-4
[buster] - exim4 <no-dsa> (Minor issue)
NOTE: https://bugs.exim.org/show_bug.cgi?id=2915
@@ -251108,6 +251293,7 @@ CVE-2021-38373 (In KDE KMail 19.12.3 (aka 5.13.3), the SMTP STARTTLS option is n
CVE-2021-38372 (In KDE Trojita 0.7, man-in-the-middle attackers can create new folders ...)
- trojita <itp> (bug #795701)
CVE-2021-38371 (The STARTTLS feature in Exim through 4.94.2 allows response injection ...)
+ {DLA-3938-1}
- exim4 4.95~RC2-1 (bug #992172)
[buster] - exim4 <no-dsa> (Minor issue)
[stretch] - exim4 <postponed> (Minor issue, revisit when fixed upstream)
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/1493dbfca4c80a42de40988d94d2fb79c71b561b
--
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/1493dbfca4c80a42de40988d94d2fb79c71b561b
You're receiving this email because of your account on salsa.debian.org.
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://alioth-lists.debian.net/pipermail/debian-security-tracker-commits/attachments/20241028/589cf070/attachment.htm>
More information about the debian-security-tracker-commits
mailing list