Salvatore Bonaccorso pushed to branch master at Debian Security Tracker /
security-tracker
Commits:
99e6538a by security tracker role at 2024-09-12T20:12:42+00:00
automatic update
- - - - -
1 changed file:
- data/CVE/list
Changes:
=====================================
data/CVE/list
=====================================
@@ -1,3 +1,225 @@
+CVE-2024-8754 (An issue has been discovered in GitLab EE/CE affecting all
versions fr ...)
+ TODO: check
+CVE-2024-8750 (Cross-site Scripting (XSS) vulnerability in idoit pro version
28. This ...)
+ TODO: check
+CVE-2024-8749 (SQL injection vulnerability in idoit pro version 28. This
vulnerabilit ...)
+ TODO: check
+CVE-2024-8711 (A vulnerability, which was classified as problematic, has been
found i ...)
+ TODO: check
+CVE-2024-8710 (A vulnerability classified as critical was found in
code-projects Inve ...)
+ TODO: check
+CVE-2024-8709 (A vulnerability classified as critical has been found in
SourceCodeste ...)
+ TODO: check
+CVE-2024-8708 (A vulnerability was found in SourceCodester Best House Rental
Manageme ...)
+ TODO: check
+CVE-2024-8707 (A vulnerability was found in
\u4e91\u8bfe\u7f51\u7edc\u79d1\u6280\u670 ...)
+ TODO: check
+CVE-2024-8706 (A vulnerability was found in JFinalCMS up to 20240903. It has
been cla ...)
+ TODO: check
+CVE-2024-8705 (A vulnerability was found in Shandong Star Measurement and
Control Equ ...)
+ TODO: check
+CVE-2024-8696 (A remote code execution (RCE) vulnerability via crafted
extension publ ...)
+ TODO: check
+CVE-2024-8695 (A remote code execution (RCE) vulnerability via crafted
extension desc ...)
+ TODO: check
+CVE-2024-8694 (A vulnerability, which was classified as problematic, was found
in JFi ...)
+ TODO: check
+CVE-2024-8641 (An issue has been discovered in GitLab CE/EE affecting all
versions st ...)
+ TODO: check
+CVE-2024-8640 (An issue has been discovered in GitLab EE affecting all
versions start ...)
+ TODO: check
+CVE-2024-8635 (A server-side request forgery issue has been discovered in
GitLab EE a ...)
+ TODO: check
+CVE-2024-8631 (A privilege escalation issue has been discovered in GitLab EE
affectin ...)
+ TODO: check
+CVE-2024-8622 (The amCharts: Charts and Maps plugin for WordPress is
vulnerable to Re ...)
+ TODO: check
+CVE-2024-8533 (A privilege escalation vulnerability exists in the Rockwell
Automation ...)
+ TODO: check
+CVE-2024-8529 (The LearnPress \u2013 WordPress LMS Plugin plugin for WordPress
is vul ...)
+ TODO: check
+CVE-2024-8522 (The LearnPress \u2013 WordPress LMS Plugin plugin for WordPress
is vul ...)
+ TODO: check
+CVE-2024-8311 (An issue was discovered with pipeline execution policies in
GitLab EE ...)
+ TODO: check
+CVE-2024-8124 (An issue was discovered in GitLab CE/EE affecting all versions
startin ...)
+ TODO: check
+CVE-2024-8056 (The MM-Breaking News WordPress plugin through 0.7.9 does not
escape th ...)
+ TODO: check
+CVE-2024-8054 (The MM-Breaking News WordPress plugin through 0.7.9 does not
have CSRF ...)
+ TODO: check
+CVE-2024-7890 (Local privilege escalation allows a low-privileged user to gain
SYSTEM ...)
+ TODO: check
+CVE-2024-7889 (Local privilege escalation allows a low-privileged user to gain
SYSTEM ...)
+ TODO: check
+CVE-2024-7862 (The blogintroduction-wordpress-plugin WordPress plugin through
0.3.0 d ...)
+ TODO: check
+CVE-2024-7861 (The Misiek Paypal WordPress plugin through 1.1.20090324 does
not have ...)
+ TODO: check
+CVE-2024-7860 (The Simple Headline Rotator WordPress plugin through 1.0 does
not have ...)
+ TODO: check
+CVE-2024-7859 (The Visual Sound WordPress plugin through 1.03 does not have
CSRF chec ...)
+ TODO: check
+CVE-2024-7822 (The Quick Code WordPress plugin through 1.0 does not have CSRF
check i ...)
+ TODO: check
+CVE-2024-7820 (The ILC Thickbox WordPress plugin through 1.0 does not have
CSRF check ...)
+ TODO: check
+CVE-2024-7818 (The Misiek Photo Album WordPress plugin through 1.4.3 does not
have CS ...)
+ TODO: check
+CVE-2024-7817 (The Misiek Photo Album WordPress plugin through 1.4.3 does not
have CS ...)
+ TODO: check
+CVE-2024-7816 (The Gixaw Chat WordPress plugin through 1.0 does not have CSRF
check i ...)
+ TODO: check
+CVE-2024-7766 (The Adicon Server WordPress plugin through 1.2 does not
sanitize and e ...)
+ TODO: check
+CVE-2024-6887 (The Giveaways and Contests by RafflePress WordPress plugin
before 1.1 ...)
+ TODO: check
+CVE-2024-6702 (Pega Platform versions 8.1 to Infinity 24.1.2 are affected by
an HTML ...)
+ TODO: check
+CVE-2024-6701 (Pega Platform versions 8.1 to Infinity 24.1.2 are affected by
an XSS i ...)
+ TODO: check
+CVE-2024-6700 (Pega Platform versions 8.1 to Infinity 24.1.2 are affected by
an XSS i ...)
+ TODO: check
+CVE-2024-6678 (An issue was discovered in GitLab CE/EE affecting all versions
startin ...)
+ TODO: check
+CVE-2024-6658 (Improper Input Validation vulnerability of Authenticated User
in Progr ...)
+ TODO: check
+CVE-2024-6510 (Local Privilege Escalation in AVG Internet Security v24 on
Windows all ...)
+ TODO: check
+CVE-2024-6446 (An issue has been discovered in GitLab affecting all versions
starting ...)
+ TODO: check
+CVE-2024-6389 (An issue was discovered in GitLab-CE/EE affecting all versions
startin ...)
+ TODO: check
+CVE-2024-6077 (A denial-of-service vulnerability exists in the Rockwell
Automation af ...)
+ TODO: check
+CVE-2024-6019 (The Music Request Manager WordPress plugin through 1.3 does not
saniti ...)
+ TODO: check
+CVE-2024-6018 (The Music Request Manager WordPress plugin through 1.3 does not
escape ...)
+ TODO: check
+CVE-2024-6017 (The Music Request Manager WordPress plugin through 1.3 does not
have C ...)
+ TODO: check
+CVE-2024-5799 (The CM Pop-Up Banners for WordPress plugin before 1.7.3 does
not sanit ...)
+ TODO: check
+CVE-2024-5435 (An issue has been discovered discovered in GitLab EE/CE
affecting all ...)
+ TODO: check
+CVE-2024-4660 (An issue has been discovered in GitLab EE affecting all
versions start ...)
+ TODO: check
+CVE-2024-4612 (An issue has been discovered in GitLab EE affecting all
versions start ...)
+ TODO: check
+CVE-2024-4472 (An issue was discovered in GitLab CE/EE affecting all versions
startin ...)
+ TODO: check
+CVE-2024-45857 (Deserialization of untrusted data can occur in versions 2.4.0
or newer ...)
+ TODO: check
+CVE-2024-45856 (A cross-site scripting (XSS) vulnerability exists in all
versions of t ...)
+ TODO: check
+CVE-2024-45855 (Deserialization of untrusted data can occur in versions
23.10.2.0 and ...)
+ TODO: check
+CVE-2024-45854 (Deserialization of untrusted data can occur in versions
23.10.3.0 and ...)
+ TODO: check
+CVE-2024-45853 (Deserialization of untrusted data can occur in versions
23.10.2.0 and ...)
+ TODO: check
+CVE-2024-45852 (Deserialization of untrusted data can occur in versions
23.3.2.0 and n ...)
+ TODO: check
+CVE-2024-45851 (An arbitrary code execution vulnerability exists in versions
23.10.5.0 ...)
+ TODO: check
+CVE-2024-45850 (An arbitrary code execution vulnerability exists in versions
23.10.5.0 ...)
+ TODO: check
+CVE-2024-45849 (An arbitrary code execution vulnerability exists in versions
23.10.5.0 ...)
+ TODO: check
+CVE-2024-45848 (An arbitrary code execution vulnerability exists in versions
23.12.4.0 ...)
+ TODO: check
+CVE-2024-45847 (An arbitrary code execution vulnerability exists in versions
23.11.4.2 ...)
+ TODO: check
+CVE-2024-45846 (An arbitrary code execution vulnerability exists in versions
23.10.3.0 ...)
+ TODO: check
+CVE-2024-45826 (CVE-2024-45826 IMPACT Due to improper input validation, a path
travers ...)
+ TODO: check
+CVE-2024-45825 (CVE-2024-45825 IMPACT A denial-of-service vulnerability exists
in the ...)
+ TODO: check
+CVE-2024-45824 (CVE-2024-45824 IMPACT A remote code vulnerability exists in
the aff ...)
+ TODO: check
+CVE-2024-45823 (CVE-2024-45823 IMPACT An authentication bypass
vulnerability exists ...)
+ TODO: check
+CVE-2024-45624 (Exposure of sensitive information due to incompatible policies
issue e ...)
+ TODO: check
+CVE-2024-45607 (whatsapp-api-js is a TypeScript server agnostic Whatsapp's
Official AP ...)
+ TODO: check
+CVE-2024-45383 (A mishandling of IRP requests vulnerability exists in the
HDAudBus_DMA ...)
+ TODO: check
+CVE-2024-45303 (Discourse Calendar plugin adds the ability to create a dynamic
calenda ...)
+ TODO: check
+CVE-2024-45182 (An issue was discovered in WibuKey64.sys in WIBU-SYSTEMS
WibuKey befor ...)
+ TODO: check
+CVE-2024-45181 (An issue was discovered in WibuKey64.sys in WIBU-SYSTEMS
WibuKey befor ...)
+ TODO: check
+CVE-2024-44460 (An invalid read size in Nanomq v0.21.9 allows attackers to
cause a Den ...)
+ TODO: check
+CVE-2024-44459 (A memory allocation issue in vernemq v2.0.1 allows attackers
to cause ...)
+ TODO: check
+CVE-2024-42484 (ESP-NOW Component provides a connectionless Wi-Fi
communication protoc ...)
+ TODO: check
+CVE-2024-42483 (ESP-NOW Component provides a connectionless Wi-Fi
communication protoc ...)
+ TODO: check
+CVE-2024-41629 (An issue in Texas Instruments Fusion Digital Power Designer
v.7.10.1 a ...)
+ TODO: check
+CVE-2024-40457 (No-IP Dynamic Update Client (DUC) v3.x uses cleartext
credentials that ...)
+ TODO: check
+CVE-2024-3306 (Authorization Bypass Through User-Controlled Key vulnerability
in Utar ...)
+ TODO: check
+CVE-2024-3305 (Exposure of Sensitive Information to an Unauthorized Actor
vulnerabili ...)
+ TODO: check
+CVE-2024-3163 (The Easy Property Listings WordPress plugin before 3.5.4 does
not have ...)
+ TODO: check
+CVE-2024-38222 (Microsoft Edge (Chromium-based) Information Disclosure
Vulnerability)
+ TODO: check
+CVE-2024-37397 (An External XML Entity (XXE) vulnerability in the provisioning
web ser ...)
+ TODO: check
+CVE-2024-36066 (The CMP CLI client in KeyFactor EJBCA before 8.3.1 has only 6
octets o ...)
+ TODO: check
+CVE-2024-34785 (An unspecified SQL injection in Ivanti EPM before 2022 SU6, or
the 202 ...)
+ TODO: check
+CVE-2024-34783 (An unspecified SQL injection in Ivanti EPM before 2022 SU6, or
the 202 ...)
+ TODO: check
+CVE-2024-34779 (An unspecified SQL injection in Ivanti EPM before 2022 SU6, or
the 202 ...)
+ TODO: check
+CVE-2024-34336 (User enumeration vulnerability in ORDAT FOSS-Online before
v2.24.01 al ...)
+ TODO: check
+CVE-2024-34335 (ORDAT FOSS-Online before version 2.24.01 was discovered to
contain a r ...)
+ TODO: check
+CVE-2024-34334 (ORDAT FOSS-Online before v2.24.01 was discovered to contain a
SQL inje ...)
+ TODO: check
+CVE-2024-32848 (An unspecified SQL injection in Ivanti EPM before 2022 SU6, or
the 202 ...)
+ TODO: check
+CVE-2024-32846 (An unspecified SQL injection in Ivanti EPM before 2022 SU6, or
the 202 ...)
+ TODO: check
+CVE-2024-32845 (An unspecified SQL injection in Ivanti EPM before 2022 SU6, or
the 202 ...)
+ TODO: check
+CVE-2024-32843 (An unspecified SQL injection in Ivanti EPM before 2022 SU6, or
the 202 ...)
+ TODO: check
+CVE-2024-32842 (An unspecified SQL injection in Ivanti EPM before 2022 SU6, or
the 202 ...)
+ TODO: check
+CVE-2024-32840 (An unspecified SQL injection in Ivanti EPM before 2022 SU6, or
the 202 ...)
+ TODO: check
+CVE-2024-2743 (An issue was discovered in GitLab-EE starting with version 13.3
before ...)
+ TODO: check
+CVE-2024-2010 (Improper Neutralization of Script-Related HTML Tags in a Web
Page (Bas ...)
+ TODO: check
+CVE-2024-29847 (Deserialization of untrusted data in the agent portal of
Ivanti EPM be ...)
+ TODO: check
+CVE-2024-28991 (SolarWinds Access Rights Manager (ARM) was found to be
susceptible to ...)
+ TODO: check
+CVE-2024-28990 (SolarWinds Access Rights Manager (ARM) was found to contain a
hard-cod ...)
+ TODO: check
+CVE-2024-28981 (Hitachi Vantara Pentaho Data Integration & Analytics versions
before 1 ...)
+ TODO: check
+CVE-2024-27321 (An arbitrary code execution vulnerability exists in versions
0.0.8 and ...)
+ TODO: check
+CVE-2024-27320 (An arbitrary code execution vulnerability exists in versions
0.0.8 and ...)
+ TODO: check
+CVE-2024-25270 (An issue in Mirapolis LMS 4.6.XX allows authenticated users to
exploit ...)
+ TODO: check
+CVE-2024-20430 (A vulnerability in Cisco Meraki Systems Manager (SM) Agent for
Windows ...)
+ TODO: check
CVE-2024-8693 (A vulnerability, which was classified as problematic, has been
found i ...)
NOT-FOR-US: Kaon CG3000
CVE-2024-8692 (A vulnerability classified as critical was found in TDuckCloud
TDuckPr ...)
@@ -293,15 +515,19 @@ CVE-2024-23984
NOTE:
https://www.intel.com/content/www/us/en/security-center/advisory/intel-sa-01103.html
NOTE:
https://github.com/intel/Intel-Linux-Processor-Microcode-Data-Files/releases/tag/microcode-20240910
CVE-2024-8639 (Use after free in Autofill in Google Chrome on Android prior to
128.0. ...)
+ {DSA-5768-1}
- chromium 128.0.6613.137-1
[bullseye] - chromium <end-of-life> (see #1061268)
CVE-2024-8638 (Type Confusion in V8 in Google Chrome prior to 128.0.6613.137
allowed ...)
+ {DSA-5768-1}
- chromium 128.0.6613.137-1
[bullseye] - chromium <end-of-life> (see #1061268)
CVE-2024-8637 (Use after free in Media Router in Google Chrome on Android
prior to 12 ...)
+ {DSA-5768-1}
- chromium 128.0.6613.137-1
[bullseye] - chromium <end-of-life> (see #1061268)
CVE-2024-8636 (Heap buffer overflow in Skia in Google Chrome prior to
128.0.6613.137 ...)
+ {DSA-5768-1}
- chromium 128.0.6613.137-1
[bullseye] - chromium <end-of-life> (see #1061268)
CVE-2024-8655 (A vulnerability was found in Mercury MNVR816 up to 2.0.1.0.5.
It has b ...)
@@ -338,7 +564,8 @@ CVE-2024-6876 (Out-of-Bounds read vulnerability in OSCAT
Basic Library allows an
NOT-FOR-US: OSCAT
CVE-2024-6282 (The Master Addons \u2013 Free Widgets, Hover Effects, Toggle,
Conditio ...)
NOT-FOR-US: WordPress plugin
-CVE-2024-45845 (nix 2.24 through 2.24.5 allows directory traversal via a
symlink in a ...)
+CVE-2024-45845
+ REJECTED
- nix <not-affected> (Vulnerable code introduced later)
NOTE:
https://github.com/NixOS/nix/security/advisories/GHSA-h4vv-h3jq-v493
NOTE:
https://github.com/NixOS/nix/commit/eb11c1499876cd4c9c188cbda5b1003b36ce2e59
@@ -892,7 +1119,7 @@ CVE-2024-45625 (Cross-site scripting vulnerability exists
in Forminator versions
NOT-FOR-US: WordPress plugin
CVE-2024-45203 (Improper authorization in handler for custom URL scheme issue
in "@cos ...)
NOT-FOR-US: @cosme app
-CVE-2024-6840
+CVE-2024-6840 (An improper authorization flaw exists in the Ansible Automation
Contro ...)
NOT-FOR-US: Ansible Automation Controller
CVE-2024-8579 (A vulnerability classified as critical has been found in
TOTOLINK AC12 ...)
NOT-FOR-US: TOTOLINK
@@ -6774,7 +7001,8 @@ CVE-2024-38724 (Cross-Site Request Forgery (CSRF),
Improper Neutralization of In
NOT-FOR-US: WordPress plugin
CVE-2024-38699 (Missing Authorization vulnerability in WP Swings Wallet System
for Woo ...)
NOT-FOR-US: WordPress plugin
-CVE-2024-38688 (Missing Authorization vulnerability in Igor Beni\u0107 Recipe
Maker Fo ...)
+CVE-2024-38688
+ REJECTED
NOT-FOR-US: WordPress plugin
CVE-2024-38502 (An unauthenticated remote attacker may use stored XSS
vulnerability to ...)
NOT-FOR-US: Pepperl+Fuchs SE
@@ -200306,8 +200534,8 @@ CVE-2022-26324
RESERVED
CVE-2022-26323
RESERVED
-CVE-2022-26322
- RESERVED
+CVE-2022-26322 (Possible Insertion of Sensitive Information into Log File
Vulnerabilit ...)
+ TODO: check
CVE-2022-26321
RESERVED
CVE-2022-26320 (The Rambus SafeZone Basic Crypto Module before 10.4.0, as used
in cert ...)
@@ -240444,12 +240672,12 @@ CVE-2021-38135
RESERVED
CVE-2021-38134
RESERVED
-CVE-2021-38133
- RESERVED
-CVE-2021-38132
- RESERVED
-CVE-2021-38131
- RESERVED
+CVE-2021-38133 (Possible External Service Interaction attack in eDirectory
has been ...)
+ TODO: check
+CVE-2021-38132 (Possible External Service Interaction attack in eDirectory
has been ...)
+ TODO: check
+CVE-2021-38131 (Possible Cross-Site Scripting (XSS) Vulnerability in
eDirectory has b ...)
+ TODO: check
CVE-2021-38130 (A potential Information leakage vulnerability has been
identified in v ...)
NOT-FOR-US: Micro Focus
CVE-2021-38129 (Escalation of privileges vulnerability in Micro Focus in Micro
Focus O ...)
@@ -279951,10 +280179,10 @@ CVE-2021-22535 (Unauthorized information security
disclosure vulnerability on Mi
NOT-FOR-US: Micro Focus
CVE-2021-22534
RESERVED
-CVE-2021-22533
- RESERVED
-CVE-2021-22532
- RESERVED
+CVE-2021-22533 (Possible Insertion of Sensitive Information into Log File
Vulnerabilit ...)
+ TODO: check
+CVE-2021-22532 (PossibleNLDAP Denial of Service attack Vulnerability in
eDirectory ha ...)
+ TODO: check
CVE-2021-22531 (A bug exist in the input parameter of Access Manager that
allows suppl ...)
NOT-FOR-US: Microfocus
CVE-2021-22530 (A vulnerability identified in NetIQ Advance Authentication
that doesn' ...)
@@ -279981,8 +280209,8 @@ CVE-2021-22520
RESERVED
CVE-2021-22519 (Execute arbitrary code vulnerability in Micro Focus SiteScope
product, ...)
NOT-FOR-US: Micro Focus
-CVE-2021-22518
- RESERVED
+CVE-2021-22518 (A vulnerability identified in OpenText\u2122 Identity Manager
AzureAD ...)
+ TODO: check
CVE-2021-22517 (A potential unauthorized privilege escalation vulnerability
has been i ...)
NOT-FOR-US: Micro Focus
CVE-2021-22516 (Insertion of Sensitive Information into Log File vulnerability
in Micr ...)
@@ -280011,8 +280239,8 @@ CVE-2021-22505 (Escalation of privileges
vulnerability in Micro Focus Operations
NOT-FOR-US: Micro Focus
CVE-2021-22504 (Arbitrary code execution vulnerability on Micro Focus
Operations Bridg ...)
NOT-FOR-US: Micro Focus
-CVE-2021-22503
- RESERVED
+CVE-2021-22503 (Possible Improper Neutralization of Input During Web Page
Generation ...)
+ TODO: check
CVE-2021-22502 (Remote Code execution vulnerability in Micro Focus Operation
Bridge Re ...)
NOT-FOR-US: Micro Focus
CVE-2021-22501
@@ -308211,8 +308439,8 @@ CVE-2020-24063 (The Canto plugin 1.3.0 for WordPress
allows includes/lib/downloa
NOT-FOR-US: Canto plugin for WordPress
CVE-2020-24062
RESERVED
-CVE-2020-24061
- RESERVED
+CVE-2020-24061 (Cross Site Scripting (XSS) Vulnerability in Firewall menu in
Control P ...)
+ TODO: check
CVE-2020-24060
RESERVED
CVE-2020-24059
View it on GitLab:
https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/99e6538a6a25399b4e2936636428bde6dfd5b396
--
View it on GitLab:
https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/99e6538a6a25399b4e2936636428bde6dfd5b396
You're receiving this email because of your account on salsa.debian.org.
_______________________________________________
debian-security-tracker-commits mailing list
[email protected]
https://alioth-lists.debian.net/cgi-bin/mailman/listinfo/debian-security-tracker-commits
