[Git][security-tracker-team/security-tracker][master] automatic update
Salvatore Bonaccorso (@carnil)
carnil at debian.org
Tue Sep 17 21:12:33 BST 2024
Salvatore Bonaccorso pushed to branch master at Debian Security Tracker / security-tracker
Commits:
f0607847 by security tracker role at 2024-09-17T20:12:27+00:00
automatic update
- - - - -
1 changed file:
- data/CVE/list
Changes:
=====================================
data/CVE/list
=====================================
@@ -1,3 +1,95 @@
+CVE-2024-8956 (PTZOptics PT30X-SDI/NDI-xx before firmware 6.3.40 is vulnerable to an ...)
+ TODO: check
+CVE-2024-8951 (A vulnerability classified as problematic was found in SourceCodester ...)
+ TODO: check
+CVE-2024-8949 (A vulnerability classified as critical has been found in SourceCodeste ...)
+ TODO: check
+CVE-2024-8948 (A vulnerability was found in MicroPython 1.23.0. It has been rated as ...)
+ TODO: check
+CVE-2024-8947 (A vulnerability was found in MicroPython 1.22.2. It has been declared ...)
+ TODO: check
+CVE-2024-8946 (A vulnerability was found in MicroPython 1.23.0. It has been classifie ...)
+ TODO: check
+CVE-2024-8945 (A vulnerability has been found in CodeCanyon RISE Ultimate Project Man ...)
+ TODO: check
+CVE-2024-8944 (A vulnerability, which was classified as critical, was found in code-p ...)
+ TODO: check
+CVE-2024-8939 (A vulnerability was found in the ilab model serve component, where imp ...)
+ TODO: check
+CVE-2024-8900 (An attacker could write data to the user's clipboard, bypassing the us ...)
+ TODO: check
+CVE-2024-8897 (Under certain conditions, an attacker with the ability to redirect use ...)
+ TODO: check
+CVE-2024-8796 (Under the default configuration, Devise-Two-Factor versions >= 2.2.0 & ...)
+ TODO: check
+CVE-2024-8767 (Sensitive data disclosure and manipulation due to unnecessary privileg ...)
+ TODO: check
+CVE-2024-8761 (The Share This Image plugin for WordPress is vulnerable to Open Redire ...)
+ TODO: check
+CVE-2024-8660 (Concrete CMS versions 9.0.0 through 9.3.3 are affected by a stored XSS ...)
+ TODO: check
+CVE-2024-7873 (Improper Neutralization of Input During Web Page Generation (XSS or 'C ...)
+ TODO: check
+CVE-2024-7788 (Improper Digital Signature Invalidation vulnerability in Zip Repair Mo ...)
+ TODO: check
+CVE-2024-5998 (A vulnerability in the FAISS.deserialize_from_bytes function of langch ...)
+ TODO: check
+CVE-2024-47049 (The czim/file-handling package before 1.5.0 and 2.x before 2.3.0 (used ...)
+ TODO: check
+CVE-2024-47047 (An issue was discovered in the powermail extension through 12.4.0 for ...)
+ TODO: check
+CVE-2024-46362 (FrogCMS V0.9.5 was discovered to contain a Cross-Site Request Forgery ...)
+ TODO: check
+CVE-2024-46085 (FrogCMS V0.9.5 was discovered to contain a Cross-Site Request Forgery ...)
+ TODO: check
+CVE-2024-45812 (Vite a frontend build tooling framework for javascript. Affected versi ...)
+ TODO: check
+CVE-2024-45811 (Vite a frontend build tooling framework for javascript. In affected ve ...)
+ TODO: check
+CVE-2024-45804
+ REJECTED
+CVE-2024-45803 (Wire UI is a library of components and resources to empower Laravel an ...)
+ TODO: check
+CVE-2024-45798 (arduino-esp32 is an Arduino core for the ESP32, ESP32-S2, ESP32-S3, ES ...)
+ TODO: check
+CVE-2024-45682 (There is a command injection vulnerability that may allow an attacker ...)
+ TODO: check
+CVE-2024-45612 (Contao is an Open Source CMS. In affected versions an untrusted user c ...)
+ TODO: check
+CVE-2024-45606 (Sentry is a developer-first error tracking and performance monitoring ...)
+ TODO: check
+CVE-2024-45605 (Sentry is a developer-first error tracking and performance monitoring ...)
+ TODO: check
+CVE-2024-45604 (Contao is an Open Source CMS. In affected versions authenticated users ...)
+ TODO: check
+CVE-2024-45537 (Apache Druid allows users with certain permissions to read data from o ...)
+ TODO: check
+CVE-2024-45398 (Contao is an Open Source CMS. In affected versions a back end user wit ...)
+ TODO: check
+CVE-2024-45384 (Padding Oracle vulnerability in Apache Druid extension, druid-pac4j. T ...)
+ TODO: check
+CVE-2024-43460 (Improper authorization in Dynamics 365 Business Central resulted in a ...)
+ TODO: check
+CVE-2024-42503 (Authenticated command execution vulnerability exist in the ArubaOS co ...)
+ TODO: check
+CVE-2024-42502 (Authenticated command injection vulnerability exists in the ArubaOS co ...)
+ TODO: check
+CVE-2024-42501 (An authenticated Path Traversal vulnerabilities exists in the ArubaOS. ...)
+ TODO: check
+CVE-2024-38860 (Improper neutralization of input in Checkmk before versions 2.3.0p16 a ...)
+ TODO: check
+CVE-2024-38813 (The vCenter Server contains a privilege escalation vulnerability.A mal ...)
+ TODO: check
+CVE-2024-38812 (ThevCenter Server contains a heap-overflow vulnerability in the implem ...)
+ TODO: check
+CVE-2024-38380 (This vulnerability occurs when user-supplied input is improperly sanit ...)
+ TODO: check
+CVE-2024-38183 (An improper access control vulnerability in GroupMe allows an a unauth ...)
+ TODO: check
+CVE-2024-22303 (Incorrect Privilege Assignment vulnerability in favethemes Houzez houz ...)
+ TODO: check
+CVE-2024-21743 (Privilege Escalation vulnerability in favethemes Houzez Login Register ...)
+ TODO: check
CVE-2024-8421
NOT-FOR-US: Red Hat specific golang.org/x/net/http2 CVE relating to CVE-2023-39325
NOTE: https://bugzilla.redhat.com/show_bug.cgi?id=2309710#c7
@@ -231,7 +323,7 @@ CVE-2024-8766 (Local privilege escalation due to DLL hijacking vulnerability. Th
NOT-FOR-US: Acronis Cyber Protect Cloud Agent (Windows)
CVE-2024-8752 (The Windows version of WebIQ 2.15.9 is affected by a directory travers ...)
NOT-FOR-US: WebIQ
-CVE-2024-8661 (Concrete CMS versions 9.0.0 to 9.3.4 and below 8.5.18 are vulnerable t ...)
+CVE-2024-8661 (Concrete CMS versions 9.0.0 to 9.3.3 and below 8.5.18 are vulnerable t ...)
NOT-FOR-US: Concrete CMS
CVE-2024-7104 (Improper Control of Generation of Code ('Code Injection') vulnerabilit ...)
NOT-FOR-US: SFS Consulting ww.Winsure
@@ -428,7 +520,7 @@ CVE-2024-6482 (The Login with phone number plugin for WordPress is vulnerable to
NOT-FOR-US: WordPress plugin
CVE-2023-3410 (The Bricks theme for WordPress is vulnerable to Stored Cross-Site Scri ...)
NOT-FOR-US: WordPress theme
-CVE-2024-8768
+CVE-2024-8768 (A flaw was found in the vLLM library. A completions API request with a ...)
NOT-FOR-US: vLLM
CVE-2024-8797 (The WP Booking System \u2013 Booking Calendar plugin for WordPress is ...)
NOT-FOR-US: WordPress plugin
@@ -2489,7 +2581,7 @@ CVE-2024-20505 (A vulnerability in the PDF parsing module of Clam AntiVirus (Cla
[bookworm] - clamav <no-dsa> (clamav is updated via -updates)
[bullseye] - clamav <postponed> (Minor issue)
NOTE: https://blog.clamav.net/2024/09/clamav-141-132-107-and-010312-security.html
-CVE-2024-8418 (A flaw was found in Aardvark-dns versions 1.12.0 and 1.12.1. They cont ...)
+CVE-2024-8418 (A flaw was found in Aardvark-dns, which is vulnerable to a Denial of S ...)
- aardvark-dns 1.12.2-1 (bug #1080964)
[bookworm] - aardvark-dns <not-affected> (Vulnerable code not present)
NOTE: https://github.com/containers/aardvark-dns/issues/500
@@ -9495,7 +9587,7 @@ CVE-2024-7527 (Unexpected marking work at the start of sweeping could have led t
NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2024-33/#CVE-2024-7527
NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2024-34/#CVE-2024-7527
NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2024-38/#CVE-2024-7527
-CVE-2024-7526 (ANGLE failed to initialize parameters which led to reading from uninit ...)
+CVE-2024-7526 (ANGLE failed to initialize parameters which lead to reading from unini ...)
{DSA-5744-1 DSA-5740-1}
- firefox 129.0-1
- firefox-esr 115.14.0esr-1
@@ -91821,7 +91913,7 @@ CVE-2023-4678 (Divide By Zero in GitHub repository gpac/gpac prior to 2.3-DEV.)
NOTE: https://huntr.dev/bounties/688a4a01-8c18-469d-8cbe-a2e79e80c877
CVE-2023-41748 (Remote command execution due to improper input validation. The followi ...)
NOT-FOR-US: Acronis
-CVE-2023-41747 (Sensitive information disclosure due to improper input validation. The ...)
+CVE-2023-41747 (Sensitive information disclosure due to unauthenticated path traversal ...)
NOT-FOR-US: Acronis
CVE-2023-41746 (Remote command execution due to improper input validation. The followi ...)
NOT-FOR-US: Acronis
@@ -268117,10 +268209,10 @@ CVE-2021-3420 (A flaw was found in newlib in versions prior to 4.0.0. Improper o
NOTE: https://sourceware.org/git/?p=newlib-cygwin.git;a=commit;h=aa106b29a6a8a1b0df9e334704292cbc32f2d44e
CVE-2021-27917
RESERVED
-CVE-2021-27916
- RESERVED
-CVE-2021-27915
- RESERVED
+CVE-2021-27916 (Prior to the patched version, logged in users of Mautic are vulnerable ...)
+ TODO: check
+CVE-2021-27915 (Prior to the patched version, there is an XSS vulnerability in the des ...)
+ TODO: check
CVE-2021-27914 (A cross-site scripting (XSS) vulnerability in the installer component ...)
NOT-FOR-US: installer component of Mautic
CVE-2021-27913 (The function mt_rand is used to generate session tokens, this function ...)
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/f060784716e6409bb113e7c09654231949bbe8b8
--
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/f060784716e6409bb113e7c09654231949bbe8b8
You're receiving this email because of your account on salsa.debian.org.
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://alioth-lists.debian.net/pipermail/debian-security-tracker-commits/attachments/20240917/d577465b/attachment.htm>
More information about the debian-security-tracker-commits
mailing list