[Git][security-tracker-team/security-tracker][master] automatic update
Salvatore Bonaccorso (@carnil)
carnil at debian.org
Thu Sep 26 21:15:17 BST 2024
Salvatore Bonaccorso pushed to branch master at Debian Security Tracker / security-tracker
Commits:
a39b675f by security tracker role at 2024-09-26T20:13:02+00:00
automatic update
- - - - -
1 changed file:
- data/CVE/list
Changes:
=====================================
data/CVE/list
=====================================
@@ -1,3 +1,165 @@
+CVE-2024-9203 (A vulnerability, which was classified as problematic, has been found i ...)
+ TODO: check
+CVE-2024-9199 (Rate limit vulnerability in Clibo Manager v1.1.9.2 that could allow an ...)
+ TODO: check
+CVE-2024-9198 (Vulnerability in Clibo Manager v1.1.9.1 that could allow an attacker t ...)
+ TODO: check
+CVE-2024-9177 (The Themedy Toolbox plugin for WordPress is vulnerable to Stored Cross ...)
+ TODO: check
+CVE-2024-9173 (The GF Custom Style plugin for WordPress is vulnerable to Stored Cross ...)
+ TODO: check
+CVE-2024-9166 (The device enables an unauthorized attacker to execute system commands ...)
+ TODO: check
+CVE-2024-9155 (Mattermost versions 9.10.x <= 9.10.1, 9.9.x <= 9.9.2, 9.5.x <= 9.5.8 f ...)
+ TODO: check
+CVE-2024-9127 (The Super Testimonials plugin for WordPress is vulnerable to Stored Cr ...)
+ TODO: check
+CVE-2024-9125 (The king_IE plugin for WordPress is vulnerable to Stored Cross-Site Sc ...)
+ TODO: check
+CVE-2024-9117 (The Mapplic Lite plugin for WordPress is vulnerable to Stored Cross-Si ...)
+ TODO: check
+CVE-2024-9115 (The Common Tools for Site plugin for WordPress is vulnerable to Stored ...)
+ TODO: check
+CVE-2024-9025 (The Sight \u2013 Professional Image Gallery and Portfolio plugin for W ...)
+ TODO: check
+CVE-2024-8872 (The Store Hours for WooCommerce plugin for WordPress is vulnerable to ...)
+ TODO: check
+CVE-2024-8771 (The Email Subscribers by Icegram Express \u2013 Email Marketing, Newsl ...)
+ TODO: check
+CVE-2024-8725 (Multiple plugins and/or themes for WordPress are vulnerable to Limited ...)
+ TODO: check
+CVE-2024-8704 (The Advanced File Manager plugin for WordPress is vulnerable to Local ...)
+ TODO: check
+CVE-2024-8633 (The Form Maker by 10Web \u2013 Mobile-Friendly Drag & Drop Contact For ...)
+ TODO: check
+CVE-2024-8126 (The Advanced File Manager plugin for WordPress is vulnerable to arbitr ...)
+ TODO: check
+CVE-2024-8118 (In Grafana, the wrong permission is applied to the alert rule write AP ...)
+ TODO: check
+CVE-2024-7594 (Vault\u2019s SSH secrets engine did not require the valid_principals l ...)
+ TODO: check
+CVE-2024-7259 (A flaw was found in oVirt. A user with administrator privileges, inclu ...)
+ TODO: check
+CVE-2024-7108 (Incorrect Authorization vulnerability in National Keep Cyber Security ...)
+ TODO: check
+CVE-2024-7107 (Files or Directories Accessible to External Parties vulnerability in N ...)
+ TODO: check
+CVE-2024-47337 (Missing Authorization vulnerability in Stuart Wilson Joy Of Text Lite. ...)
+ TODO: check
+CVE-2024-47197 (Exposure of Sensitive Information to an Unauthorized Actor, Insecure S ...)
+ TODO: check
+CVE-2024-47180 (Shields.io is a service for concise, consistent, and legible badges in ...)
+ TODO: check
+CVE-2024-47179 (RSSHub is an RSS network. Prior to commit 64e00e7, RSSHub's `docker-te ...)
+ TODO: check
+CVE-2024-47174 (Nix is a package manager for Linux and other Unix systems. Starting in ...)
+ TODO: check
+CVE-2024-47171 (Agnai is an artificial-intelligence-agnostic multi-user, mult-bot role ...)
+ TODO: check
+CVE-2024-47170 (Agnai is an artificial-intelligence-agnostic multi-user, mult-bot role ...)
+ TODO: check
+CVE-2024-47169 (Agnai is an artificial-intelligence-agnostic multi-user, mult-bot role ...)
+ TODO: check
+CVE-2024-47145 (Mattermost versions 9.5.x <= 9.5.8 fail to properly authorize access t ...)
+ TODO: check
+CVE-2024-47130 (The goTenna Pro series allows unauthenticated attackers to remotely up ...)
+ TODO: check
+CVE-2024-47129 (The goTenna Pro has a payload length vulnerability that makes it possi ...)
+ TODO: check
+CVE-2024-47128 (The goTenna Pro broadcast key name is always sent unencrypted and coul ...)
+ TODO: check
+CVE-2024-47127 (In the goTenna Pro there is a vulnerability that makes it possible to ...)
+ TODO: check
+CVE-2024-47126 (The goTenna Pro series does not use SecureRandom when generating its c ...)
+ TODO: check
+CVE-2024-47125 (The goTenna Pro series does not authenticate public keys which allows ...)
+ TODO: check
+CVE-2024-47124 (The goTenna pro series does not encrypt the callsigns of its users. Th ...)
+ TODO: check
+CVE-2024-47123 (The goTenna Pro series use AES CTR mode for short, encrypted messages ...)
+ TODO: check
+CVE-2024-47122 (In the goTenna Pro application, the encryption keys are stored along w ...)
+ TODO: check
+CVE-2024-47121 (The goTenna Pro series uses a weak password for the QR broadcast messa ...)
+ TODO: check
+CVE-2024-47075 (LayUI is a native minimalist modular Web UI component library. Version ...)
+ TODO: check
+CVE-2024-47044 (Multiple Home GateWay/Hikari Denwa routers provided by NIPPON TELEGRAP ...)
+ TODO: check
+CVE-2024-47003 (Mattermost versions 9.11.x <= 9.11.0 and 9.5.x <= 9.5.8 fail to valida ...)
+ TODO: check
+CVE-2024-46632 (Assimp v5.4.3 is vulnerable to Buffer Overflow via the MD5Importer::Lo ...)
+ TODO: check
+CVE-2024-46627 (Incorrect access control in BECN DATAGERRY v2.2 allows attackers to ex ...)
+ TODO: check
+CVE-2024-46330 (VONETS VAP11G-300 v3.3.23.6.9 was discovered to contain a command inje ...)
+ TODO: check
+CVE-2024-46329 (VONETS VAP11G-300 v3.3.23.6.9 was discovered to contain a command inje ...)
+ TODO: check
+CVE-2024-46328 (VONETS VAP11G-300 v3.3.23.6.9 was discovered to contain hardcoded cred ...)
+ TODO: check
+CVE-2024-46327 (An issue in the Http_handle object of VONETS VAP11G-300 v3.3.23.6.9 al ...)
+ TODO: check
+CVE-2024-45989 (Monica AI Assistant desktop application v2.3.0 is vulnerable to Exposu ...)
+ TODO: check
+CVE-2024-45987 (Projectworld Online Voting System Version 1.0 is vulnerable to Cross S ...)
+ TODO: check
+CVE-2024-45985 (A Cross Site Scripting (XSS) vulnerability in update_contact.php of Bl ...)
+ TODO: check
+CVE-2024-45984 (A Cross Site Scripting (XSS) vulnerability in add_donor.php of Blood B ...)
+ TODO: check
+CVE-2024-45983 (A Cross-Site Request Forgery (CSRF) vulnerability exists in kishan0725 ...)
+ TODO: check
+CVE-2024-45982 (A host header injection vulnerability in scheduleR v0.0.18 allows atta ...)
+ TODO: check
+CVE-2024-45981 (A host header injection vulnerability in BookReviewLibrary 1.0 allows ...)
+ TODO: check
+CVE-2024-45980 (A host header injection vulnerability in MEANStore 1.0 allows attacker ...)
+ TODO: check
+CVE-2024-45979 (A host header injection vulnerability in Lines Police CAD 1.0 allows a ...)
+ TODO: check
+CVE-2024-45843 (Mattermost versions 9.5.x <= 9.5.8 fail to include themetadata endpoin ...)
+ TODO: check
+CVE-2024-45838 (The goTenna Pro ATAK Plugin does not encrypt the callsigns of its user ...)
+ TODO: check
+CVE-2024-45723 (The goTenna Pro ATAK Plugin does not use SecureRandom when generating ...)
+ TODO: check
+CVE-2024-45374 (In the goTenna Pro ATAK Plugin application, the encryption keys are s ...)
+ TODO: check
+CVE-2024-45042 (Ory Kratos is an identity, user management and authentication system f ...)
+ TODO: check
+CVE-2024-44860 (An information disclosure vulnerability in the /Letter/PrintQr/ endpoi ...)
+ TODO: check
+CVE-2024-43814 (goTenna Pro ATAK Plugin by default enables frequent unencrypted Posit ...)
+ TODO: check
+CVE-2024-43694 (In the goTenna Pro ATAK Plugin application, the encryption keys are s ...)
+ TODO: check
+CVE-2024-43191 (IBM ManageIQ could allow a remote authenticated attacker to execute ar ...)
+ TODO: check
+CVE-2024-43108 (The goTenna Pro ATAK Plugin use AES CTR mode for short, encrypted mes ...)
+ TODO: check
+CVE-2024-42406 (Mattermost versions 9.11.x <= 9.11.0, 9.10.x <= 9.10.1, 9.9.x <= 9.9.2 ...)
+ TODO: check
+CVE-2024-41931 (The goTenna Pro ATAK Plugin broadcast key name is always sent unencryp ...)
+ TODO: check
+CVE-2024-41722 (In the goTenna Pro ATAK Plugin there is a vulnerability that makes it ...)
+ TODO: check
+CVE-2024-41715 (The goTenna Pro ATAK Plugin has a payload length vulnerability that m ...)
+ TODO: check
+CVE-2024-41605 (An issue in Foxit Software Foxit PDF Reader v.2024.2.2.25170 allows a ...)
+ TODO: check
+CVE-2024-39577 (Dell SmartFabric OS10 Software, versions 10.5.6.x, 10.5.5.x, 10.5.4.x, ...)
+ TODO: check
+CVE-2024-39319 (aimeos/ai-controller-frontend is the Aimeos frontend controller packag ...)
+ TODO: check
+CVE-2024-37125 (Dell SmartFabric OS10 Software, versions 10.5.6.x, 10.5.5.x, 10.5.4.x, ...)
+ TODO: check
+CVE-2024-31899 (IBM Cognos Command Center 10.2.4.1 and 10.2.5 could disclose highly se ...)
+ TODO: check
+CVE-2024-30134 (The HCL Traveler for Microsoft Outlook executable (HTMO.exe) is being ...)
+ TODO: check
+CVE-2023-46175 (IBM Cloud Pak for Multicloud Management 2.3 through 2.3 FP8 stores use ...)
+ TODO: check
CVE-2024-47177
- cups-filters <unfixed>
NOTE: https://github.com/OpenPrinting/cups-filters/security/advisories/GHSA-p9rh-jxmq-gq47
@@ -344,15 +506,19 @@ CVE-2024-45817 (In x86's APIC (Advanced Programmable Interrupt Controller) archi
[bullseye] - xen <end-of-life> (EOLed in Bullseye)
NOTE: https://xenbits.xen.org/xsa/advisory-462.html
CVE-2024-9123 (Integer overflow in Skia in Google Chrome prior to 129.0.6668.70 allow ...)
+ {DSA-5775-1}
- chromium 129.0.6668.70-1
[bullseye] - chromium <end-of-life> (see #1061268)
CVE-2024-9122 (Type Confusion in V8 in Google Chrome prior to 129.0.6668.70 allowed a ...)
+ {DSA-5775-1}
- chromium 129.0.6668.70-1
[bullseye] - chromium <end-of-life> (see #1061268)
CVE-2024-9121 (Inappropriate implementation in V8 in Google Chrome prior to 129.0.666 ...)
+ {DSA-5775-1}
- chromium 129.0.6668.70-1
[bullseye] - chromium <end-of-life> (see #1061268)
CVE-2024-9120 (Use after free in Dawn in Google Chrome on Windows prior to 129.0.6668 ...)
+ {DSA-5775-1}
- chromium 129.0.6668.70-1
[bullseye] - chromium <end-of-life> (see #1061268)
CVE-2024-8919 (The Confetti Fall Animation plugin for WordPress is vulnerable to Stor ...)
@@ -25645,6 +25811,7 @@ CVE-2024-27857 (An out-of-bounds access issue was addressed with improved bounds
CVE-2024-27855 (The issue was addressed with improved checks. This issue is fixed in m ...)
NOT-FOR-US: Apple
CVE-2024-27851 (The issue was addressed with improved bounds checks. This issue is fix ...)
+ {DSA-5762-1}
- webkit2gtk 2.44.3-1
[buster] - webkit2gtk <end-of-life> (EOL in buster LTS)
- wpewebkit 2.44.3-1
@@ -25652,6 +25819,7 @@ CVE-2024-27851 (The issue was addressed with improved bounds checks. This issue
[bullseye] - wpewebkit <ignored> (wpewebkit >= 2.40 can no longer be sensibly backported)
NOTE: https://webkitgtk.org/security/WSA-2024-0005.html
CVE-2024-27850 (This issue was addressed with improvements to the noise injection algo ...)
+ {DSA-5695-1}
- webkit2gtk 2.44.2-1
[buster] - webkit2gtk <end-of-life> (EOL in buster LTS)
- wpewebkit 2.44.2-1
@@ -25667,6 +25835,7 @@ CVE-2024-27844 (The issue was addressed with improved checks. This issue is fixe
CVE-2024-27840 (The issue was addressed with improved memory handling. This issue is f ...)
NOT-FOR-US: Apple
CVE-2024-27838 (The issue was addressed by adding additional logic. This issue is fixe ...)
+ {DSA-5762-1}
- webkit2gtk 2.44.3-1
[buster] - webkit2gtk <end-of-life> (EOL in buster LTS)
- wpewebkit 2.44.3-1
@@ -25676,6 +25845,7 @@ CVE-2024-27838 (The issue was addressed by adding additional logic. This issue i
CVE-2024-27836 (The issue was addressed with improved checks. This issue is fixed in v ...)
NOT-FOR-US: Apple
CVE-2024-27833 (An integer overflow was addressed with improved input validation. This ...)
+ {DSA-5695-1}
- webkit2gtk 2.44.2-1
[buster] - webkit2gtk <end-of-life> (EOL in buster LTS)
- wpewebkit 2.44.2-1
@@ -25687,6 +25857,7 @@ CVE-2024-27832 (The issue was addressed with improved checks. This issue is fixe
CVE-2024-27831 (An out-of-bounds write issue was addressed with improved input validat ...)
NOT-FOR-US: Apple
CVE-2024-27830 (This issue was addressed through improved state management. This issue ...)
+ {DSA-5762-1}
- webkit2gtk 2.44.3-1
[buster] - webkit2gtk <end-of-life> (EOL in buster LTS)
- wpewebkit 2.44.3-1
@@ -25696,6 +25867,7 @@ CVE-2024-27830 (This issue was addressed through improved state management. This
CVE-2024-27828 (The issue was addressed with improved memory handling. This issue is f ...)
NOT-FOR-US: Apple
CVE-2024-27820 (The issue was addressed with improved memory handling. This issue is f ...)
+ {DSA-5695-1}
- webkit2gtk 2.44.2-1
[buster] - webkit2gtk <end-of-life> (EOL in buster LTS)
- wpewebkit 2.44.2-1
@@ -25715,6 +25887,7 @@ CVE-2024-27812 (The issue was addressed with improvements to the file handling p
CVE-2024-27811 (The issue was addressed with improved checks. This issue is fixed in t ...)
NOT-FOR-US: Apple
CVE-2024-27808 (The issue was addressed with improved memory handling. This issue is f ...)
+ {DSA-5695-1}
- webkit2gtk 2.44.2-1
[buster] - webkit2gtk <end-of-life> (EOL in buster LTS)
- wpewebkit 2.44.2-1
@@ -36635,7 +36808,7 @@ CVE-2024-3239 (The Post Grid Gutenberg Blocks and WordPress Blog Plugin WordPre
NOT-FOR-US: WordPress plugin
CVE-2024-35205 (The WPS Office (aka cn.wps.moffice_eng) application before 17.0.0 for ...)
NOT-FOR-US: WPS Office
-CVE-2024-35204 (Veritas System Recovery before 23.2_Hotfix has incorrect permissions f ...)
+CVE-2024-35204 (Veritas System Recovery before 23.3_Hotfix has incorrect permissions f ...)
NOT-FOR-US: Veritas
CVE-2024-32700 (Unrestricted Upload of File with Dangerous Type vulnerability in Kogne ...)
NOT-FOR-US: WordPress plugin
@@ -43360,6 +43533,7 @@ CVE-2024-27537
CVE-2024-27536
REJECTED
CVE-2024-23271 (A logic issue was addressed with improved checks. This issue is fixed ...)
+ {DSA-5618-1}
- webkit2gtk 2.42.5-1
[buster] - webkit2gtk <end-of-life> (EOL in buster LTS)
- wpewebkit 2.42.5-1
@@ -49269,7 +49443,7 @@ CVE-2024-0072 (NVIDIA CUDA toolkit for all platforms contains a vulnerability in
NOTE: https://nvidia.custhelp.com/app/answers/detail/a_id/5517
CVE-2023-6523 (Authorization Bypass Through User-Controlled Key vulnerability in Extr ...)
NOT-FOR-US: ExtremePacs Extreme XDS
-CVE-2023-6522 (Improper Privilege Management vulnerability in ExtremePacs Extreme XDS ...)
+CVE-2023-6522 (Incorrect Use of Privileged APIs vulnerability in ExtremePacs Extreme ...)
NOT-FOR-US: ExtremePacs Extreme XDS
CVE-2023-5692 (WordPress Core is vulnerable to Sensitive Information Exposure in vers ...)
- wordpress 6.5+dfsg1-1
@@ -63483,7 +63657,7 @@ CVE-2023-6255 (Use of Hard-coded Credentials vulnerability in Utarit Information
NOT-FOR-US: Utarit
CVE-2023-5155 (Improper Neutralization of Special Elements used in an SQL Command ('S ...)
NOT-FOR-US: Utarit
-CVE-2023-4993 (Improper Privilege Management vulnerability in Utarit Information Tech ...)
+CVE-2023-4993 (Incorrect Use of Privileged APIs vulnerability in Utarit Information T ...)
NOT-FOR-US: Utarit
CVE-2023-4539 (Use of a hard-coded password for a special database account created du ...)
NOT-FOR-US: Comarch ERP XL
@@ -73405,7 +73579,7 @@ CVE-2023-6531 (A use-after-free flaw was found in the Linux Kernel due to a race
- linux 6.6.8-1
[buster] - linux <not-affected> (Vulnerable code not present)
NOTE: https://git.kernel.org/linus/705318a99a138c29a512a72c3e0043b3cd7f55f4 (6.7-rc5)
-CVE-2023-6190 (Improper Input Validation vulnerability in \u0130zmir Katip \xc7elebi ...)
+CVE-2023-6190 (Improper Limitation of a Pathname to a Restricted Directory ('Path Tra ...)
NOT-FOR-US: Izmir Katip Celebi University University Information Management System
CVE-2023-52077 (Nexkey is a lightweight fork of Misskey v12 optimized for small to med ...)
NOT-FOR-US: Nexkey
@@ -74028,7 +74202,7 @@ CVE-2023-51708 (Bentley eB System Management Console applications within Assetwi
CVE-2023-51707 (MotionPro in Array ArrayOS AG before 9.4.0.505 on AG and vxAG allows r ...)
NOT-FOR-US: MotionPro
CVE-2023-51704 (An issue was discovered in MediaWiki before 1.35.14, 1.36.x through 1. ...)
- {DLA-3796-1}
+ {DLA-3896-1 DLA-3796-1}
- mediawiki 1:1.39.6-1
[bookworm] - mediawiki 1:1.39.7-1~deb12u1
NOTE: https://lists.wikimedia.org/hyperkitty/list/wikitech-l@lists.wikimedia.org/thread/TDBUBCCOQJUT4SCHJNPHKQNPBUUETY52/
@@ -79281,9 +79455,9 @@ CVE-2023-6239 (Under rare conditions, the effective permissions of an object mig
NOT-FOR-US: M-Files
CVE-2023-6201 (Improper Neutralization of Special Elements used in an OS Command ('OS ...)
NOT-FOR-US: Univera Computer System Panorama
-CVE-2023-6151 (Improper Privilege Management vulnerability in ESKOM Computer e-munici ...)
+CVE-2023-6151 (Incorrect Use of Privileged APIs vulnerability in ESKOM Computer e-mun ...)
NOT-FOR-US: ESKOM Computer e-municipality module
-CVE-2023-6150 (Improper Privilege Management vulnerability in ESKOM Computer e-munici ...)
+CVE-2023-6150 (Incorrect Use of Privileged APIs vulnerability in ESKOM Computer e-mun ...)
NOT-FOR-US: ESKOM Computer e-municipality module
CVE-2023-49314 (Asana Desktop 2.1.0 on macOS allows code injection because of specific ...)
NOT-FOR-US: Asana Desktop
@@ -79900,7 +80074,7 @@ CVE-2023-6004 (A flaw was found in libssh. By utilizing the ProxyCommand or Prox
NOTE: https://gitlab.com/libssh/libssh-mirror/-/commit/2c492ee179d5caa2718c5e768bab6e0b2b64a8b0 (libssh-0.10.6)
NOTE: Original patchset introduces a regression (with IPv6 parsing in ssh_options_set API):
NOTE: https://gitlab.com/libssh/libssh-mirror/-/issues/227
-CVE-2023-5983 (Exposure of Sensitive Information to an Unauthorized Actor vulnerabili ...)
+CVE-2023-5983 (Exposure of Private Personal Information to an Unauthorized Actor vuln ...)
NOT-FOR-US: Botanik Software Pharmacy Automation
CVE-2023-5921 (Improper Enforcement of Behavioral Workflow vulnerability in DECE Soft ...)
NOT-FOR-US: DECE Software Geodi
@@ -139739,8 +139913,8 @@ CVE-2023-0012 (In SAP Host Agent (Windows) - versions 7.21, 7.22, an attacker wh
NOT-FOR-US: SAP
CVE-2022-4542 (The Compact WP Audio Player WordPress plugin before 1.9.8 does not val ...)
NOT-FOR-US: WordPress plugin
-CVE-2022-4541
- RESERVED
+CVE-2022-4541 (The WordPress Visitors plugin for WordPress is vulnerable to Stored Cr ...)
+ TODO: check
CVE-2022-4540
REJECTED
CVE-2022-4539 (The Web Application Firewall plugin for WordPress is vulnerable to IP ...)
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/a39b675fe42d11bbd390260e74f73d8d47df59ee
--
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/a39b675fe42d11bbd390260e74f73d8d47df59ee
You're receiving this email because of your account on salsa.debian.org.
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://alioth-lists.debian.net/pipermail/debian-security-tracker-commits/attachments/20240926/958bf75d/attachment-0001.htm>
More information about the debian-security-tracker-commits
mailing list