[Git][security-tracker-team/security-tracker][master] automatic update
Salvatore Bonaccorso (@carnil)
carnil at debian.org
Thu Sep 12 21:12:48 BST 2024
Salvatore Bonaccorso pushed to branch master at Debian Security Tracker / security-tracker
Commits:
99e6538a by security tracker role at 2024-09-12T20:12:42+00:00
automatic update
- - - - -
1 changed file:
- data/CVE/list
Changes:
=====================================
data/CVE/list
=====================================
@@ -1,3 +1,225 @@
+CVE-2024-8754 (An issue has been discovered in GitLab EE/CE affecting all versions fr ...)
+ TODO: check
+CVE-2024-8750 (Cross-site Scripting (XSS) vulnerability in idoit pro version 28. This ...)
+ TODO: check
+CVE-2024-8749 (SQL injection vulnerability in idoit pro version 28. This vulnerabilit ...)
+ TODO: check
+CVE-2024-8711 (A vulnerability, which was classified as problematic, has been found i ...)
+ TODO: check
+CVE-2024-8710 (A vulnerability classified as critical was found in code-projects Inve ...)
+ TODO: check
+CVE-2024-8709 (A vulnerability classified as critical has been found in SourceCodeste ...)
+ TODO: check
+CVE-2024-8708 (A vulnerability was found in SourceCodester Best House Rental Manageme ...)
+ TODO: check
+CVE-2024-8707 (A vulnerability was found in \u4e91\u8bfe\u7f51\u7edc\u79d1\u6280\u670 ...)
+ TODO: check
+CVE-2024-8706 (A vulnerability was found in JFinalCMS up to 20240903. It has been cla ...)
+ TODO: check
+CVE-2024-8705 (A vulnerability was found in Shandong Star Measurement and Control Equ ...)
+ TODO: check
+CVE-2024-8696 (A remote code execution (RCE) vulnerability via crafted extension publ ...)
+ TODO: check
+CVE-2024-8695 (A remote code execution (RCE) vulnerability via crafted extension desc ...)
+ TODO: check
+CVE-2024-8694 (A vulnerability, which was classified as problematic, was found in JFi ...)
+ TODO: check
+CVE-2024-8641 (An issue has been discovered in GitLab CE/EE affecting all versions st ...)
+ TODO: check
+CVE-2024-8640 (An issue has been discovered in GitLab EE affecting all versions start ...)
+ TODO: check
+CVE-2024-8635 (A server-side request forgery issue has been discovered in GitLab EE a ...)
+ TODO: check
+CVE-2024-8631 (A privilege escalation issue has been discovered in GitLab EE affectin ...)
+ TODO: check
+CVE-2024-8622 (The amCharts: Charts and Maps plugin for WordPress is vulnerable to Re ...)
+ TODO: check
+CVE-2024-8533 (A privilege escalation vulnerability exists in the Rockwell Automation ...)
+ TODO: check
+CVE-2024-8529 (The LearnPress \u2013 WordPress LMS Plugin plugin for WordPress is vul ...)
+ TODO: check
+CVE-2024-8522 (The LearnPress \u2013 WordPress LMS Plugin plugin for WordPress is vul ...)
+ TODO: check
+CVE-2024-8311 (An issue was discovered with pipeline execution policies in GitLab EE ...)
+ TODO: check
+CVE-2024-8124 (An issue was discovered in GitLab CE/EE affecting all versions startin ...)
+ TODO: check
+CVE-2024-8056 (The MM-Breaking News WordPress plugin through 0.7.9 does not escape th ...)
+ TODO: check
+CVE-2024-8054 (The MM-Breaking News WordPress plugin through 0.7.9 does not have CSRF ...)
+ TODO: check
+CVE-2024-7890 (Local privilege escalation allows a low-privileged user to gain SYSTEM ...)
+ TODO: check
+CVE-2024-7889 (Local privilege escalation allows a low-privileged user to gain SYSTEM ...)
+ TODO: check
+CVE-2024-7862 (The blogintroduction-wordpress-plugin WordPress plugin through 0.3.0 d ...)
+ TODO: check
+CVE-2024-7861 (The Misiek Paypal WordPress plugin through 1.1.20090324 does not have ...)
+ TODO: check
+CVE-2024-7860 (The Simple Headline Rotator WordPress plugin through 1.0 does not have ...)
+ TODO: check
+CVE-2024-7859 (The Visual Sound WordPress plugin through 1.03 does not have CSRF chec ...)
+ TODO: check
+CVE-2024-7822 (The Quick Code WordPress plugin through 1.0 does not have CSRF check i ...)
+ TODO: check
+CVE-2024-7820 (The ILC Thickbox WordPress plugin through 1.0 does not have CSRF check ...)
+ TODO: check
+CVE-2024-7818 (The Misiek Photo Album WordPress plugin through 1.4.3 does not have CS ...)
+ TODO: check
+CVE-2024-7817 (The Misiek Photo Album WordPress plugin through 1.4.3 does not have CS ...)
+ TODO: check
+CVE-2024-7816 (The Gixaw Chat WordPress plugin through 1.0 does not have CSRF check i ...)
+ TODO: check
+CVE-2024-7766 (The Adicon Server WordPress plugin through 1.2 does not sanitize and e ...)
+ TODO: check
+CVE-2024-6887 (The Giveaways and Contests by RafflePress WordPress plugin before 1.1 ...)
+ TODO: check
+CVE-2024-6702 (Pega Platform versions 8.1 to Infinity 24.1.2 are affected by an HTML ...)
+ TODO: check
+CVE-2024-6701 (Pega Platform versions 8.1 to Infinity 24.1.2 are affected by an XSS i ...)
+ TODO: check
+CVE-2024-6700 (Pega Platform versions 8.1 to Infinity 24.1.2 are affected by an XSS i ...)
+ TODO: check
+CVE-2024-6678 (An issue was discovered in GitLab CE/EE affecting all versions startin ...)
+ TODO: check
+CVE-2024-6658 (Improper Input Validation vulnerability of Authenticated User in Progr ...)
+ TODO: check
+CVE-2024-6510 (Local Privilege Escalation in AVG Internet Security v24 on Windows all ...)
+ TODO: check
+CVE-2024-6446 (An issue has been discovered in GitLab affecting all versions starting ...)
+ TODO: check
+CVE-2024-6389 (An issue was discovered in GitLab-CE/EE affecting all versions startin ...)
+ TODO: check
+CVE-2024-6077 (A denial-of-service vulnerability exists in the Rockwell Automation af ...)
+ TODO: check
+CVE-2024-6019 (The Music Request Manager WordPress plugin through 1.3 does not saniti ...)
+ TODO: check
+CVE-2024-6018 (The Music Request Manager WordPress plugin through 1.3 does not escape ...)
+ TODO: check
+CVE-2024-6017 (The Music Request Manager WordPress plugin through 1.3 does not have C ...)
+ TODO: check
+CVE-2024-5799 (The CM Pop-Up Banners for WordPress plugin before 1.7.3 does not sanit ...)
+ TODO: check
+CVE-2024-5435 (An issue has been discovered discovered in GitLab EE/CE affecting all ...)
+ TODO: check
+CVE-2024-4660 (An issue has been discovered in GitLab EE affecting all versions start ...)
+ TODO: check
+CVE-2024-4612 (An issue has been discovered in GitLab EE affecting all versions start ...)
+ TODO: check
+CVE-2024-4472 (An issue was discovered in GitLab CE/EE affecting all versions startin ...)
+ TODO: check
+CVE-2024-45857 (Deserialization of untrusted data can occur in versions 2.4.0 or newer ...)
+ TODO: check
+CVE-2024-45856 (A cross-site scripting (XSS) vulnerability exists in all versions of t ...)
+ TODO: check
+CVE-2024-45855 (Deserialization of untrusted data can occur in versions 23.10.2.0 and ...)
+ TODO: check
+CVE-2024-45854 (Deserialization of untrusted data can occur in versions 23.10.3.0 and ...)
+ TODO: check
+CVE-2024-45853 (Deserialization of untrusted data can occur in versions 23.10.2.0 and ...)
+ TODO: check
+CVE-2024-45852 (Deserialization of untrusted data can occur in versions 23.3.2.0 and n ...)
+ TODO: check
+CVE-2024-45851 (An arbitrary code execution vulnerability exists in versions 23.10.5.0 ...)
+ TODO: check
+CVE-2024-45850 (An arbitrary code execution vulnerability exists in versions 23.10.5.0 ...)
+ TODO: check
+CVE-2024-45849 (An arbitrary code execution vulnerability exists in versions 23.10.5.0 ...)
+ TODO: check
+CVE-2024-45848 (An arbitrary code execution vulnerability exists in versions 23.12.4.0 ...)
+ TODO: check
+CVE-2024-45847 (An arbitrary code execution vulnerability exists in versions 23.11.4.2 ...)
+ TODO: check
+CVE-2024-45846 (An arbitrary code execution vulnerability exists in versions 23.10.3.0 ...)
+ TODO: check
+CVE-2024-45826 (CVE-2024-45826 IMPACT Due to improper input validation, a path travers ...)
+ TODO: check
+CVE-2024-45825 (CVE-2024-45825 IMPACT A denial-of-service vulnerability exists in the ...)
+ TODO: check
+CVE-2024-45824 (CVE-2024-45824 IMPACT A remote code vulnerability exists in the aff ...)
+ TODO: check
+CVE-2024-45823 (CVE-2024-45823 IMPACT An authentication bypass vulnerability exists ...)
+ TODO: check
+CVE-2024-45624 (Exposure of sensitive information due to incompatible policies issue e ...)
+ TODO: check
+CVE-2024-45607 (whatsapp-api-js is a TypeScript server agnostic Whatsapp's Official AP ...)
+ TODO: check
+CVE-2024-45383 (A mishandling of IRP requests vulnerability exists in the HDAudBus_DMA ...)
+ TODO: check
+CVE-2024-45303 (Discourse Calendar plugin adds the ability to create a dynamic calenda ...)
+ TODO: check
+CVE-2024-45182 (An issue was discovered in WibuKey64.sys in WIBU-SYSTEMS WibuKey befor ...)
+ TODO: check
+CVE-2024-45181 (An issue was discovered in WibuKey64.sys in WIBU-SYSTEMS WibuKey befor ...)
+ TODO: check
+CVE-2024-44460 (An invalid read size in Nanomq v0.21.9 allows attackers to cause a Den ...)
+ TODO: check
+CVE-2024-44459 (A memory allocation issue in vernemq v2.0.1 allows attackers to cause ...)
+ TODO: check
+CVE-2024-42484 (ESP-NOW Component provides a connectionless Wi-Fi communication protoc ...)
+ TODO: check
+CVE-2024-42483 (ESP-NOW Component provides a connectionless Wi-Fi communication protoc ...)
+ TODO: check
+CVE-2024-41629 (An issue in Texas Instruments Fusion Digital Power Designer v.7.10.1 a ...)
+ TODO: check
+CVE-2024-40457 (No-IP Dynamic Update Client (DUC) v3.x uses cleartext credentials that ...)
+ TODO: check
+CVE-2024-3306 (Authorization Bypass Through User-Controlled Key vulnerability in Utar ...)
+ TODO: check
+CVE-2024-3305 (Exposure of Sensitive Information to an Unauthorized Actor vulnerabili ...)
+ TODO: check
+CVE-2024-3163 (The Easy Property Listings WordPress plugin before 3.5.4 does not have ...)
+ TODO: check
+CVE-2024-38222 (Microsoft Edge (Chromium-based) Information Disclosure Vulnerability)
+ TODO: check
+CVE-2024-37397 (An External XML Entity (XXE) vulnerability in the provisioning web ser ...)
+ TODO: check
+CVE-2024-36066 (The CMP CLI client in KeyFactor EJBCA before 8.3.1 has only 6 octets o ...)
+ TODO: check
+CVE-2024-34785 (An unspecified SQL injection in Ivanti EPM before 2022 SU6, or the 202 ...)
+ TODO: check
+CVE-2024-34783 (An unspecified SQL injection in Ivanti EPM before 2022 SU6, or the 202 ...)
+ TODO: check
+CVE-2024-34779 (An unspecified SQL injection in Ivanti EPM before 2022 SU6, or the 202 ...)
+ TODO: check
+CVE-2024-34336 (User enumeration vulnerability in ORDAT FOSS-Online before v2.24.01 al ...)
+ TODO: check
+CVE-2024-34335 (ORDAT FOSS-Online before version 2.24.01 was discovered to contain a r ...)
+ TODO: check
+CVE-2024-34334 (ORDAT FOSS-Online before v2.24.01 was discovered to contain a SQL inje ...)
+ TODO: check
+CVE-2024-32848 (An unspecified SQL injection in Ivanti EPM before 2022 SU6, or the 202 ...)
+ TODO: check
+CVE-2024-32846 (An unspecified SQL injection in Ivanti EPM before 2022 SU6, or the 202 ...)
+ TODO: check
+CVE-2024-32845 (An unspecified SQL injection in Ivanti EPM before 2022 SU6, or the 202 ...)
+ TODO: check
+CVE-2024-32843 (An unspecified SQL injection in Ivanti EPM before 2022 SU6, or the 202 ...)
+ TODO: check
+CVE-2024-32842 (An unspecified SQL injection in Ivanti EPM before 2022 SU6, or the 202 ...)
+ TODO: check
+CVE-2024-32840 (An unspecified SQL injection in Ivanti EPM before 2022 SU6, or the 202 ...)
+ TODO: check
+CVE-2024-2743 (An issue was discovered in GitLab-EE starting with version 13.3 before ...)
+ TODO: check
+CVE-2024-2010 (Improper Neutralization of Script-Related HTML Tags in a Web Page (Bas ...)
+ TODO: check
+CVE-2024-29847 (Deserialization of untrusted data in the agent portal of Ivanti EPM be ...)
+ TODO: check
+CVE-2024-28991 (SolarWinds Access Rights Manager (ARM) was found to be susceptible to ...)
+ TODO: check
+CVE-2024-28990 (SolarWinds Access Rights Manager (ARM) was found to contain a hard-cod ...)
+ TODO: check
+CVE-2024-28981 (Hitachi Vantara Pentaho Data Integration & Analytics versions before 1 ...)
+ TODO: check
+CVE-2024-27321 (An arbitrary code execution vulnerability exists in versions 0.0.8 and ...)
+ TODO: check
+CVE-2024-27320 (An arbitrary code execution vulnerability exists in versions 0.0.8 and ...)
+ TODO: check
+CVE-2024-25270 (An issue in Mirapolis LMS 4.6.XX allows authenticated users to exploit ...)
+ TODO: check
+CVE-2024-20430 (A vulnerability in Cisco Meraki Systems Manager (SM) Agent for Windows ...)
+ TODO: check
CVE-2024-8693 (A vulnerability, which was classified as problematic, has been found i ...)
NOT-FOR-US: Kaon CG3000
CVE-2024-8692 (A vulnerability classified as critical was found in TDuckCloud TDuckPr ...)
@@ -293,15 +515,19 @@ CVE-2024-23984
NOTE: https://www.intel.com/content/www/us/en/security-center/advisory/intel-sa-01103.html
NOTE: https://github.com/intel/Intel-Linux-Processor-Microcode-Data-Files/releases/tag/microcode-20240910
CVE-2024-8639 (Use after free in Autofill in Google Chrome on Android prior to 128.0. ...)
+ {DSA-5768-1}
- chromium 128.0.6613.137-1
[bullseye] - chromium <end-of-life> (see #1061268)
CVE-2024-8638 (Type Confusion in V8 in Google Chrome prior to 128.0.6613.137 allowed ...)
+ {DSA-5768-1}
- chromium 128.0.6613.137-1
[bullseye] - chromium <end-of-life> (see #1061268)
CVE-2024-8637 (Use after free in Media Router in Google Chrome on Android prior to 12 ...)
+ {DSA-5768-1}
- chromium 128.0.6613.137-1
[bullseye] - chromium <end-of-life> (see #1061268)
CVE-2024-8636 (Heap buffer overflow in Skia in Google Chrome prior to 128.0.6613.137 ...)
+ {DSA-5768-1}
- chromium 128.0.6613.137-1
[bullseye] - chromium <end-of-life> (see #1061268)
CVE-2024-8655 (A vulnerability was found in Mercury MNVR816 up to 2.0.1.0.5. It has b ...)
@@ -338,7 +564,8 @@ CVE-2024-6876 (Out-of-Bounds read vulnerability in OSCAT Basic Library allows an
NOT-FOR-US: OSCAT
CVE-2024-6282 (The Master Addons \u2013 Free Widgets, Hover Effects, Toggle, Conditio ...)
NOT-FOR-US: WordPress plugin
-CVE-2024-45845 (nix 2.24 through 2.24.5 allows directory traversal via a symlink in a ...)
+CVE-2024-45845
+ REJECTED
- nix <not-affected> (Vulnerable code introduced later)
NOTE: https://github.com/NixOS/nix/security/advisories/GHSA-h4vv-h3jq-v493
NOTE: https://github.com/NixOS/nix/commit/eb11c1499876cd4c9c188cbda5b1003b36ce2e59
@@ -892,7 +1119,7 @@ CVE-2024-45625 (Cross-site scripting vulnerability exists in Forminator versions
NOT-FOR-US: WordPress plugin
CVE-2024-45203 (Improper authorization in handler for custom URL scheme issue in "@cos ...)
NOT-FOR-US: @cosme app
-CVE-2024-6840
+CVE-2024-6840 (An improper authorization flaw exists in the Ansible Automation Contro ...)
NOT-FOR-US: Ansible Automation Controller
CVE-2024-8579 (A vulnerability classified as critical has been found in TOTOLINK AC12 ...)
NOT-FOR-US: TOTOLINK
@@ -6774,7 +7001,8 @@ CVE-2024-38724 (Cross-Site Request Forgery (CSRF), Improper Neutralization of In
NOT-FOR-US: WordPress plugin
CVE-2024-38699 (Missing Authorization vulnerability in WP Swings Wallet System for Woo ...)
NOT-FOR-US: WordPress plugin
-CVE-2024-38688 (Missing Authorization vulnerability in Igor Beni\u0107 Recipe Maker Fo ...)
+CVE-2024-38688
+ REJECTED
NOT-FOR-US: WordPress plugin
CVE-2024-38502 (An unauthenticated remote attacker may use stored XSS vulnerability to ...)
NOT-FOR-US: Pepperl+Fuchs SE
@@ -200306,8 +200534,8 @@ CVE-2022-26324
RESERVED
CVE-2022-26323
RESERVED
-CVE-2022-26322
- RESERVED
+CVE-2022-26322 (Possible Insertion of Sensitive Information into Log File Vulnerabilit ...)
+ TODO: check
CVE-2022-26321
RESERVED
CVE-2022-26320 (The Rambus SafeZone Basic Crypto Module before 10.4.0, as used in cert ...)
@@ -240444,12 +240672,12 @@ CVE-2021-38135
RESERVED
CVE-2021-38134
RESERVED
-CVE-2021-38133
- RESERVED
-CVE-2021-38132
- RESERVED
-CVE-2021-38131
- RESERVED
+CVE-2021-38133 (Possible External Service Interaction attack in eDirectory has been ...)
+ TODO: check
+CVE-2021-38132 (Possible External Service Interaction attack in eDirectory has been ...)
+ TODO: check
+CVE-2021-38131 (Possible Cross-Site Scripting (XSS) Vulnerability in eDirectory has b ...)
+ TODO: check
CVE-2021-38130 (A potential Information leakage vulnerability has been identified in v ...)
NOT-FOR-US: Micro Focus
CVE-2021-38129 (Escalation of privileges vulnerability in Micro Focus in Micro Focus O ...)
@@ -279951,10 +280179,10 @@ CVE-2021-22535 (Unauthorized information security disclosure vulnerability on Mi
NOT-FOR-US: Micro Focus
CVE-2021-22534
RESERVED
-CVE-2021-22533
- RESERVED
-CVE-2021-22532
- RESERVED
+CVE-2021-22533 (Possible Insertion of Sensitive Information into Log File Vulnerabilit ...)
+ TODO: check
+CVE-2021-22532 (PossibleNLDAP Denial of Service attack Vulnerability in eDirectory ha ...)
+ TODO: check
CVE-2021-22531 (A bug exist in the input parameter of Access Manager that allows suppl ...)
NOT-FOR-US: Microfocus
CVE-2021-22530 (A vulnerability identified in NetIQ Advance Authentication that doesn' ...)
@@ -279981,8 +280209,8 @@ CVE-2021-22520
RESERVED
CVE-2021-22519 (Execute arbitrary code vulnerability in Micro Focus SiteScope product, ...)
NOT-FOR-US: Micro Focus
-CVE-2021-22518
- RESERVED
+CVE-2021-22518 (A vulnerability identified in OpenText\u2122 Identity Manager AzureAD ...)
+ TODO: check
CVE-2021-22517 (A potential unauthorized privilege escalation vulnerability has been i ...)
NOT-FOR-US: Micro Focus
CVE-2021-22516 (Insertion of Sensitive Information into Log File vulnerability in Micr ...)
@@ -280011,8 +280239,8 @@ CVE-2021-22505 (Escalation of privileges vulnerability in Micro Focus Operations
NOT-FOR-US: Micro Focus
CVE-2021-22504 (Arbitrary code execution vulnerability on Micro Focus Operations Bridg ...)
NOT-FOR-US: Micro Focus
-CVE-2021-22503
- RESERVED
+CVE-2021-22503 (Possible Improper Neutralization of Input During Web Page Generation ...)
+ TODO: check
CVE-2021-22502 (Remote Code execution vulnerability in Micro Focus Operation Bridge Re ...)
NOT-FOR-US: Micro Focus
CVE-2021-22501
@@ -308211,8 +308439,8 @@ CVE-2020-24063 (The Canto plugin 1.3.0 for WordPress allows includes/lib/downloa
NOT-FOR-US: Canto plugin for WordPress
CVE-2020-24062
RESERVED
-CVE-2020-24061
- RESERVED
+CVE-2020-24061 (Cross Site Scripting (XSS) Vulnerability in Firewall menu in Control P ...)
+ TODO: check
CVE-2020-24060
RESERVED
CVE-2020-24059
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/99e6538a6a25399b4e2936636428bde6dfd5b396
--
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/99e6538a6a25399b4e2936636428bde6dfd5b396
You're receiving this email because of your account on salsa.debian.org.
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://alioth-lists.debian.net/pipermail/debian-security-tracker-commits/attachments/20240912/49b7d3b2/attachment-0001.htm>
More information about the debian-security-tracker-commits
mailing list