[Git][security-tracker-team/security-tracker][master] automatic update
Salvatore Bonaccorso (@carnil)
carnil at debian.org
Fri Sep 20 09:12:07 BST 2024
Salvatore Bonaccorso pushed to branch master at Debian Security Tracker / security-tracker
Commits:
5575fd72 by security tracker role at 2024-09-20T08:12:01+00:00
automatic update
- - - - -
1 changed file:
- data/CVE/list
Changes:
=====================================
data/CVE/list
=====================================
@@ -1,12 +1,108 @@
-CVE-2024-8986
+CVE-2024-9011 (A vulnerability, which was classified as critical, was found in code-p ...)
+ TODO: check
+CVE-2024-9009 (A vulnerability, which was classified as critical, has been found in c ...)
+ TODO: check
+CVE-2024-9008 (A vulnerability classified as critical was found in SourceCodester Bes ...)
+ TODO: check
+CVE-2024-9007 (A vulnerability classified as problematic has been found in jeanmarc77 ...)
+ TODO: check
+CVE-2024-9006 (A vulnerability was found in jeanmarc77 123solar 1.8.4.5. It has been ...)
+ TODO: check
+CVE-2024-9004 (A vulnerability classified as critical has been found in D-Link DAR-70 ...)
+ TODO: check
+CVE-2024-9003 (A vulnerability was found in Jinan Chicheng Company JFlow 2.0.0. It ha ...)
+ TODO: check
+CVE-2024-9001 (A vulnerability was found in TOTOLINK T10 4.1.8cu.5207. It has been de ...)
+ TODO: check
+CVE-2024-8963 (Path Traversal in the Ivanti CSA before 4.6 Patch 519 allows a remote ...)
+ TODO: check
+CVE-2024-8853 (The Webo-facto plugin for WordPress is vulnerable to privilege escalat ...)
+ TODO: check
+CVE-2024-8653 (A vulnerability in NetCat CMS allows an attacker to execute JavaScript ...)
+ TODO: check
+CVE-2024-8652 (A vulnerability in NetCat CMS allows an attacker to execute JavaScript ...)
+ TODO: check
+CVE-2024-8651 (A vulnerability in NetCat CMS allows an attacker to send a specially c ...)
+ TODO: check
+CVE-2024-8375 (There exists a use after free vulnerability in Reverb.Reverb supports ...)
+ TODO: check
+CVE-2024-8354 (A flaw was found in QEMU. An assertion failure was present in the usb_ ...)
+ TODO: check
+CVE-2024-7785 (Improper Neutralization of Input During Web Page Generation (XSS or 'C ...)
+ TODO: check
+CVE-2024-7737 (A stored Cross-site Scripting (XSS) vulnerability affecting 3DSwym in ...)
+ TODO: check
+CVE-2024-7736 (A reflected Cross-site Scripting (XSS) vulnerability affecting ENOVIA ...)
+ TODO: check
+CVE-2024-47162 (In JetBrains YouTrack before 2024.3.44799 token could be revealed on I ...)
+ TODO: check
+CVE-2024-47160 (In JetBrains YouTrack before 2024.3.44799 access to global app config ...)
+ TODO: check
+CVE-2024-47159 (In JetBrains YouTrack before 2024.3.44799 user without appropriate per ...)
+ TODO: check
+CVE-2024-47060 (Zitadel is an open source identity management platform. In Zitadel, ev ...)
+ TODO: check
+CVE-2024-47000 (Zitadel is an open source identity management platform. ZITADEL's user ...)
+ TODO: check
+CVE-2024-46999 (Zitadel is an open source identity management platform. ZITADEL's user ...)
+ TODO: check
+CVE-2024-46984 (The reference validator is a tool to perform advanced validation of FH ...)
+ TODO: check
+CVE-2024-46983 (sofa-hessian is an internal improved version of Hessian3/4 powered by ...)
+ TODO: check
+CVE-2024-46394 (FrogCMS v0.9.5 was discovered to contain a Cross-Site Request Forgery ...)
+ TODO: check
+CVE-2024-46382 (A SQL injection vulnerability in linlinjava litemall 1.8.0 allows a re ...)
+ TODO: check
+CVE-2024-45862 (Kastle Systems firmware prior to May 1, 2024, stored machine credentia ...)
+ TODO: check
+CVE-2024-45861 (Kastle Systems firmware prior to May 1, 2024, contained a hard-coded c ...)
+ TODO: check
+CVE-2024-45810 (Envoy is a cloud-native high-performance edge/middle/service proxy. En ...)
+ TODO: check
+CVE-2024-45809 (Envoy is a cloud-native high-performance edge/middle/service proxy. Jw ...)
+ TODO: check
+CVE-2024-45808 (Envoy is a cloud-native high-performance edge/middle/service proxy. A ...)
+ TODO: check
+CVE-2024-45807 (Envoy is a cloud-native high-performance edge/middle/service proxy. En ...)
+ TODO: check
+CVE-2024-45806 (Envoy is a cloud-native high-performance edge/middle/service proxy. A ...)
+ TODO: check
+CVE-2024-45770 (A vulnerability was found in Performance Co-Pilot (PCP). This flaw can ...)
+ TODO: check
+CVE-2024-45769 (A vulnerability was found in Performance Co-Pilot (PCP). This flaw all ...)
+ TODO: check
+CVE-2024-45752 (logiops through 0.3.4, in its default configuration, allows any unpriv ...)
+ TODO: check
+CVE-2024-45614 (Puma is a Ruby/Rack web server built for parallelism. In affected vers ...)
+ TODO: check
+CVE-2024-43496 (Microsoft Edge (Chromium-based) Remote Code Execution Vulnerability)
+ TODO: check
+CVE-2024-43489 (Microsoft Edge (Chromium-based) Remote Code Execution Vulnerability)
+ TODO: check
+CVE-2024-41721 (An insufficient boundary validation in the USB code could lead to an o ...)
+ TODO: check
+CVE-2024-40125 (An arbitrary file upload vulnerability in the Media Manager function o ...)
+ TODO: check
+CVE-2024-38221 (Microsoft Edge (Chromium-based) Spoofing Vulnerability)
+ TODO: check
+CVE-2024-38016 (Microsoft Office Visio Remote Code Execution Vulnerability)
+ TODO: check
+CVE-2024-33109 (Directory Traversal in the web interface of the Tiptel IP 286 with fir ...)
+ TODO: check
+CVE-2024-31570 (libfreeimage in FreeImage 3.4.0 through 3.18.0 has a stack-based buffe ...)
+ TODO: check
+CVE-2024-25673 (Couchbase Server 7.6.x before 7.6.2, 7.2.x before 7.2.6, and all earli ...)
+ TODO: check
+CVE-2024-8986 (The grafana plugin SDK bundles build metadata into the binaries it com ...)
NOT-FOR-US: Grafana plugin
-CVE-2024-8883
+CVE-2024-8883 (A misconfiguration flaw was found in Keycloak. This issue can allow an ...)
NOT-FOR-US: Keycloak
-CVE-2024-8698
+CVE-2024-8698 (A flaw exists in the SAML signature validation method within the Keycl ...)
NOT-FOR-US: Keycloak
-CVE-2024-7207
+CVE-2024-7207 (A flaw was found in Envoy. It is possible to modify or manipulate head ...)
- envoyproxy <itp> (bug #987544)
-CVE-2024-45410
+CVE-2024-45410 (Traefik is a golang, Cloud Native Application Proxy. When a HTTP reque ...)
- traefik <itp> (bug #983289)
CVE-2024-8850 (The MC4WP: Mailchimp for WordPress plugin for WordPress is vulnerable ...)
NOT-FOR-US: WordPress plugin
@@ -702,21 +798,27 @@ CVE-2024-45816 (Backstage is an open framework for building developer portals. W
CVE-2024-45815 (Backstage is an open framework for building developer portals. A malic ...)
NOT-FOR-US: Backstage
CVE-2024-8909 (Inappropriate implementation in UI in Google Chrome on iOS prior to 12 ...)
+ {DSA-5773-1}
- chromium 129.0.6668.58-1
[bullseye] - chromium <end-of-life> (see #1061268)
CVE-2024-8908 (Inappropriate implementation in Autofill in Google Chrome prior to 129 ...)
+ {DSA-5773-1}
- chromium 129.0.6668.58-1
[bullseye] - chromium <end-of-life> (see #1061268)
CVE-2024-8907 (Insufficient data validation in Omnibox in Google Chrome on Android pr ...)
+ {DSA-5773-1}
- chromium 129.0.6668.58-1
[bullseye] - chromium <end-of-life> (see #1061268)
CVE-2024-8906 (Incorrect security UI in Downloads in Google Chrome prior to 129.0.666 ...)
+ {DSA-5773-1}
- chromium 129.0.6668.58-1
[bullseye] - chromium <end-of-life> (see #1061268)
CVE-2024-8905 (Inappropriate implementation in V8 in Google Chrome prior to 129.0.666 ...)
+ {DSA-5773-1}
- chromium 129.0.6668.58-1
[bullseye] - chromium <end-of-life> (see #1061268)
CVE-2024-8904 (Type Confusion in V8 in Google Chrome prior to 129.0.6668.58 allowed a ...)
+ {DSA-5773-1}
- chromium 129.0.6668.58-1
[bullseye] - chromium <end-of-life> (see #1061268)
CVE-2024-8956 (PTZOptics PT30X-SDI/NDI-xx before firmware 6.3.40 is vulnerable to an ...)
@@ -81995,11 +82097,11 @@ CVE-2023-46964 (Cross Site Scripting (XSS) vulnerability in Hillstone Next Gener
NOT-FOR-US: Hillstone Next Generation FireWall SG-6000-e3960
CVE-2023-46963 (An issue in Beijing Yunfan Internet Technology Co., Ltd, Yunfan Learni ...)
NOT-FOR-US: Beijing Yunfan Internet Technology Co., Ltd, Yunfan Learning Examination System
-CVE-2023-46382 (LOYTEC LINX-212 firmware 6.2.4 and LVIS-3ME12-A1 firmware 6.2.2 and LI ...)
+CVE-2023-46382 (LOYTEC LINX-151, LINX-212, LVIS-3ME12-A1, LIOB-586, LIOB-580 V2, LIOB- ...)
NOT-FOR-US: LOYTEC electronics GmbH
-CVE-2023-46381 (LOYTEC LINX-212 firmware 6.2.4 and LVIS-3ME12-A1 firmware 6.2.2 and LI ...)
+CVE-2023-46381 (LOYTEC LINX-151, LINX-212, LVIS-3ME12-A1, LIOB-586, LIOB-580 V2, LIOB- ...)
NOT-FOR-US: LOYTEC electronics GmbH
-CVE-2023-46380 (LOYTEC LINX-212 firmware 6.2.4 and LVIS-3ME12-A1 firmware 6.2.2 and LI ...)
+CVE-2023-46380 (LOYTEC LINX-151, LINX-212, LVIS-3ME12-A1, LIOB-586, LIOB-580 V2, LIOB- ...)
NOT-FOR-US: LOYTEC electronics GmbH
CVE-2023-40922 (kerawen before v2.5.1 was discovered to contain a SQL injection vulner ...)
NOT-FOR-US: kerawen
@@ -119082,8 +119184,8 @@ CVE-2023-27585 (PJSIP is a free and open source multimedia communication library
NOTE: https://github.com/pjsip/pjproject/security/advisories/GHSA-q9cp-8wcq-7pfr
NOTE: https://github.com/pjsip/pjproject/security/advisories/GHSA-p6g5-v97c-w5q4
NOTE: https://github.com/pjsip/pjproject/commit/d1c5e4da5bae7f220bc30719888bb389c905c0c5
-CVE-2023-27584
- RESERVED
+CVE-2023-27584 (Dragonfly is an open source P2P-based file distribution and image acce ...)
+ TODO: check
CVE-2023-27583 (PanIndex is a network disk directory index. In Panindex prior to versi ...)
NOT-FOR-US: PanIndex
CVE-2023-27582 (maddy is a composable, all-in-one mail server. Starting with version 0 ...)
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/5575fd7284c4a27ededbac35d81cadc1c67271b2
--
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/5575fd7284c4a27ededbac35d81cadc1c67271b2
You're receiving this email because of your account on salsa.debian.org.
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://alioth-lists.debian.net/pipermail/debian-security-tracker-commits/attachments/20240920/666f433d/attachment.htm>
More information about the debian-security-tracker-commits
mailing list