[Git][security-tracker-team/security-tracker][master] automatic update

Salvatore Bonaccorso (@carnil) carnil at debian.org
Thu Oct 31 20:13:13 GMT 2024 


Salvatore Bonaccorso pushed to branch master at Debian Security Tracker / security-tracker


Commits:
1243acd6 by security tracker role at 2024-10-31T20:13:03+00:00
automatic update

- - - - -


1 changed file:

- data/CVE/list


Changes:

=====================================
data/CVE/list
=====================================
@@ -1,3 +1,89 @@
+CVE-2024-8934 (A local user with administrative access rights can enter specialy craf ...)
+	TODO: check
+CVE-2024-8553 (A vulnerability was found in Foreman's loader macros introduced with r ...)
+	TODO: check
+CVE-2024-8185 (Vault Community and Vault Enterprise (\u201cVault\u201d) clusters usin ...)
+	TODO: check
+CVE-2024-7883 (When using Arm Cortex-M Security Extensions (CMSE), Secure stack  cont ...)
+	TODO: check
+CVE-2024-51482 (ZoneMinder is a free, open source closed-circuit television software a ...)
+	TODO: check
+CVE-2024-51481 (Nix is a package manager for Linux and other Unix systems. On macOS, b ...)
+	TODO: check
+CVE-2024-51478 (YesWiki is a wiki system written in PHP. Prior to 4.4.5, the use of a  ...)
+	TODO: check
+CVE-2024-51430 (Cross Site Scripting vulnerability in online diagnostic lab management ...)
+	TODO: check
+CVE-2024-51260 (DrayTek Vigor3900 1.5.1.3 allows attackers to inject malicious command ...)
+	TODO: check
+CVE-2024-51259 (DrayTek Vigor3900 1.5.1.3 allows attackers to inject malicious command ...)
+	TODO: check
+CVE-2024-51255 (DrayTek Vigor3900 1.5.1.3 allows attackers to inject malicious command ...)
+	TODO: check
+CVE-2024-51254 (DrayTek Vigor3900 1.5.1.3 allows attackers to inject malicious command ...)
+	TODO: check
+CVE-2024-51066 (An Insecure Direct Object Reference (IDOR) vulnerability in appointmen ...)
+	TODO: check
+CVE-2024-51065 (Phpgurukul Beauty Parlour Management System v1.1 is vulnerable to SQL  ...)
+	TODO: check
+CVE-2024-51064 (Phpgurukul Teachers Record Management System v2.1 is vulnerable to SQL ...)
+	TODO: check
+CVE-2024-51063 (Phpgurukul Teachers Record Management System v2.1 is vulnerable to SQL ...)
+	TODO: check
+CVE-2024-51060 (Projectworlds Online Admission System v1 is vulnerable to SQL Injectio ...)
+	TODO: check
+CVE-2024-50802 (A SQL Injection vulnerability was discovered in AbanteCart 1.4.0 in th ...)
+	TODO: check
+CVE-2024-50801 (A SQL Injection vulnerability was discovered in AbanteCart 1.4.0 in th ...)
+	TODO: check
+CVE-2024-50356 (Press, a Frappe custom app that runs Frappe Cloud, manages infrastruct ...)
+	TODO: check
+CVE-2024-50354 (gnark is a fast zk-SNARK library that offers a high-level API to desig ...)
+	TODO: check
+CVE-2024-50347 (Laravel Reverb provides a real-time WebSocket communication backend fo ...)
+	TODO: check
+CVE-2024-49685 (Cross-Site Request Forgery (CSRF) vulnerability in Smash Balloon Custo ...)
+	TODO: check
+CVE-2024-49674 (Cross-Site Request Forgery (CSRF) vulnerability in Lukas Huser EKC Tou ...)
+	TODO: check
+CVE-2024-48910 (DOMPurify is a DOM-only, super-fast, uber-tolerant XSS sanitizer for H ...)
+	TODO: check
+CVE-2024-48360 (Qualitor v8.24 was discovered to contain a Server-Side Request Forgery ...)
+	TODO: check
+CVE-2024-48359 (Qualitor v8.24 was discovered to contain a remote code execution (RCE) ...)
+	TODO: check
+CVE-2024-48200 (An issue in MobaXterm v24.2 allows a local attacker to escalate privil ...)
+	TODO: check
+CVE-2024-43984 (Cross-Site Request Forgery (CSRF) vulnerability in Podlove Podlove Pod ...)
+	TODO: check
+CVE-2024-43933 (Cross-Site Request Forgery (CSRF) vulnerability in WPMobile.App allows ...)
+	TODO: check
+CVE-2024-43930 (Cross-Site Request Forgery (CSRF) vulnerability in eyecix JobSearch al ...)
+	TODO: check
+CVE-2024-43383 (Deserialization of Untrusted Data vulnerability in Apache Lucene.Net.R ...)
+	TODO: check
+CVE-2024-42835 (langflow v1.0.12 was discovered to contain a remote code execution (RC ...)
+	TODO: check
+CVE-2024-42515 (Glossarizer through 1.5.2 improperly tries to convert text into HTML.  ...)
+	TODO: check
+CVE-2024-39722 (An issue was discovered in Ollama before 0.1.46. It exposes which file ...)
+	TODO: check
+CVE-2024-39721 (An issue was discovered in Ollama before 0.1.34. The CreateModelHandle ...)
+	TODO: check
+CVE-2024-39720 (An issue was discovered in Ollama before 0.1.46. An attacker can use t ...)
+	TODO: check
+CVE-2024-39719 (An issue was discovered in Ollama through 0.3.14. File existence discl ...)
+	TODO: check
+CVE-2024-39332 (Webswing 23.2.2 allows remote attackers to modify client-side JavaScri ...)
+	TODO: check
+CVE-2024-30149 (HCL AppScan Source <= 10.6.0 does not properly validate a TLS/SSL cert ...)
+	TODO: check
+CVE-2024-10454 (Clickjacking vulnerability in Clibo Manager v1.1.9.12 in the '/public/ ...)
+	TODO: check
+CVE-2023-52045 (Studio-42 eLfinder 2.1.62 contains a filename restriction bypass leadi ...)
+	TODO: check
+CVE-2023-52044 (Studio-42 eLfinder 2.1.62 is vulnerable to Remote Code Execution (RCE) ...)
+	TODO: check
 CVE-2024-9708 (The Easy SVG Upload plugin for WordPress is vulnerable to Stored Cross ...)
 	NOT-FOR-US: WordPress plugin
 CVE-2024-9700 (The Forminator Forms \u2013 Contact Form, Payment Form & Custom Form B ...)
@@ -164,7 +250,7 @@ CVE-2024-10525 (In Eclipse Mosquitto, from version 1.3.2 through 2.0.18, if a ma
 	NOTE: https://mosquitto.org/blog/2024/10/version-2-0-19-released/
 CVE-2024-10456 (Delta Electronics InfraSuite Device Master versions prior to 1.0.12 ar ...)
 	TODO: check
-CVE-2024-10573 [buffer overflow involving "Frankenstein streams"]
+CVE-2024-10573 (An out-of-bounds write flaw was found in mpg123 when handling crafted  ...)
 	- mpg123 1.32.8-1 (bug #1086443)
 	NOTE: https://www.openwall.com/lists/oss-security/2024/10/30/2
 	NOTE: https://sourceforge.net/p/mpg123/bugs/322/
@@ -537,7 +623,7 @@ CVE-2024-49634 (Improper Neutralization of Input During Web Page Generation (XSS
 	NOT-FOR-US: WordPress plugin
 CVE-2024-49632 (Improper Neutralization of Input During Web Page Generation (XSS or 'C ...)
 	NOT-FOR-US: WordPress plugin
-CVE-2024-48955 (In NetAdmin 4.0.30319, an attacker can steal a valid session cookie an ...)
+CVE-2024-48955 (Broken access control in NetAdmin 4.030319 returns data with functiona ...)
 	NOT-FOR-US: NetAdmin
 CVE-2024-48921 (Kyverno is a policy engine designed for Kubernetes. A kyverno ClusterP ...)
 	NOT-FOR-US: Kyverno
@@ -592,6 +678,7 @@ CVE-2019-25219 (Asio C++ Library before 1.13.0 lacks a fallback error code in th
 CVE-2017-20195 (A vulnerability was found in LUNAD3v AreaLoad up to 1a1103182ed63a06dd ...)
 	NOT-FOR-US: LUNAD3v
 CVE-2024-10467 (Memory safety bugs present in Firefox 131, Firefox ESR 128.3, and Thun ...)
+	{DSA-5801-1 DLA-3943-1}
 	- firefox 132.0-1
 	- firefox-esr 128.4.0esr-1
 	- thunderbird 1:128.4.0esr-1
@@ -599,6 +686,7 @@ CVE-2024-10467 (Memory safety bugs present in Firefox 131, Firefox ESR 128.3, an
 	NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2024-56/#CVE-2024-10467
 	NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2024-58/#CVE-2024-10467
 CVE-2024-10466 (By sending a specially crafted push message, a remote server could hav ...)
+	{DSA-5801-1 DLA-3943-1}
 	- firefox 132.0-1
 	- firefox-esr 128.4.0esr-1
 	- thunderbird 1:128.4.0esr-1
@@ -606,6 +694,7 @@ CVE-2024-10466 (By sending a specially crafted push message, a remote server cou
 	NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2024-56/#CVE-2024-10466
 	NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2024-58/#CVE-2024-10466
 CVE-2024-10465 (A clipboard "paste" button could persist across tabs which allowed a s ...)
+	{DSA-5801-1 DLA-3943-1}
 	- firefox 132.0-1
 	- firefox-esr 128.4.0esr-1
 	- thunderbird 1:128.4.0esr-1
@@ -613,6 +702,7 @@ CVE-2024-10465 (A clipboard "paste" button could persist across tabs which allow
 	NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2024-56/#CVE-2024-10465
 	NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2024-58/#CVE-2024-10465
 CVE-2024-10464 (Repeated writes to history interface attributes could have been used t ...)
+	{DSA-5801-1 DLA-3943-1}
 	- firefox 132.0-1
 	- firefox-esr 128.4.0esr-1
 	- thunderbird 1:128.4.0esr-1
@@ -623,6 +713,7 @@ CVE-2024-10468 (Potential race conditions in IndexedDB could have caused memory
 	- firefox 132.0-1
 	NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2024-55/#CVE-2024-10468
 CVE-2024-10463 (Video frames could have been leaked between origins in some situations ...)
+	{DSA-5801-1 DLA-3943-1}
 	- firefox 132.0-1
 	- firefox-esr 128.4.0esr-1
 	- thunderbird 1:128.4.0esr-1
@@ -630,6 +721,7 @@ CVE-2024-10463 (Video frames could have been leaked between origins in some situ
 	NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2024-56/#CVE-2024-10463
 	NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2024-58/#CVE-2024-10463
 CVE-2024-10462 (Truncation of a long URL could have allowed origin spoofing in a permi ...)
+	{DSA-5801-1 DLA-3943-1}
 	- firefox 132.0-1
 	- firefox-esr 128.4.0esr-1
 	- thunderbird 1:128.4.0esr-1
@@ -637,6 +729,7 @@ CVE-2024-10462 (Truncation of a long URL could have allowed origin spoofing in a
 	NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2024-56/#CVE-2024-10462
 	NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2024-58/#CVE-2024-10462
 CVE-2024-10461 (In multipart/x-mixed-replace responses, `Content-Disposition: attachme ...)
+	{DSA-5801-1 DLA-3943-1}
 	- firefox 132.0-1
 	- firefox-esr 128.4.0esr-1
 	- thunderbird 1:128.4.0esr-1
@@ -644,6 +737,7 @@ CVE-2024-10461 (In multipart/x-mixed-replace responses, `Content-Disposition: at
 	NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2024-56/#CVE-2024-10461
 	NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2024-58/#CVE-2024-10461
 CVE-2024-10460 (The origin of an external protocol handler prompt could have been obsc ...)
+	{DSA-5801-1 DLA-3943-1}
 	- firefox 132.0-1
 	- firefox-esr 128.4.0esr-1
 	- thunderbird 1:128.4.0esr-1
@@ -651,6 +745,7 @@ CVE-2024-10460 (The origin of an external protocol handler prompt could have bee
 	NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2024-56/#CVE-2024-10460
 	NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2024-58/#CVE-2024-10460
 CVE-2024-10459 (An attacker could have caused a use-after-free when accessibility was  ...)
+	{DSA-5801-1 DLA-3943-1}
 	- firefox 132.0-1
 	- firefox-esr 128.4.0esr-1
 	- thunderbird 1:128.4.0esr-1
@@ -658,6 +753,7 @@ CVE-2024-10459 (An attacker could have caused a use-after-free when accessibilit
 	NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2024-56/#CVE-2024-10459
 	NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2024-58/#CVE-2024-10459
 CVE-2024-10458 (A permission leak could have occurred from a trusted site to an untrus ...)
+	{DSA-5801-1 DLA-3943-1}
 	- firefox 132.0-1
 	- firefox-esr 128.4.0esr-1
 	- thunderbird 1:128.4.0esr-1
@@ -1802,6 +1898,7 @@ CVE-2024-44206 (An issue in the handling of URL protocols was addressed with imp
 CVE-2024-44205 (A privacy issue was addressed with improved private data redaction for ...)
 	NOT-FOR-US: Apple
 CVE-2024-44185 (The issue was addressed with improved checks. This issue is fixed in t ...)
+	{DSA-5792-1}
 	- webkit2gtk 2.46.0-1
 	[buster] - webkit2gtk <end-of-life> (EOL in buster LTS)
 	- wpewebkit 2.46.1-1
@@ -13120,9 +13217,9 @@ CVE-2024-40710 (A series of related high-severity vulnerabilities, the most nota
 	NOT-FOR-US: Veeam
 CVE-2024-40709 (A missing authorization vulnerability allows a local low-privileged us ...)
 	NOT-FOR-US: Veeam
-CVE-2024-40681 (IBM MQ Operator 2.0.26 and 3.2.4 could allow an authenticated user in  ...)
+CVE-2024-40681 (IBM MQ 9.1 LTS, 9.2 LTS, 9.3 LTS, 9.3 CD, 9.4 LTS, and 9.4 CD could al ...)
 	NOT-FOR-US: IBM
-CVE-2024-40680 (IBM MQ Operator 2.0.26 and 3.2.4 could allow a local user to cause a d ...)
+CVE-2024-40680 (IBM MQ 9.3 CD and 9.4 LTS/CD could allow a local user to cause a denia ...)
 	NOT-FOR-US: IBM
 CVE-2024-39718 (An improper input validation vulnerability that allows a low-privilege ...)
 	NOT-FOR-US: Veeam



View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/1243acd607e45b18b2a6ae4cb4e339e9620bad1f

-- 
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/1243acd607e45b18b2a6ae4cb4e339e9620bad1f
You're receiving this email because of your account on salsa.debian.org.


-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://alioth-lists.debian.net/pipermail/debian-security-tracker-commits/attachments/20241031/7af0bbad/attachment.htm>

More information about the debian-security-tracker-commits mailing list