Salvatore Bonaccorso pushed to branch master at Debian Security Tracker /
security-tracker
Commits:
5575fd72 by security tracker role at 2024-09-20T08:12:01+00:00
automatic update
- - - - -
1 changed file:
- data/CVE/list
Changes:
=====================================
data/CVE/list
=====================================
@@ -1,12 +1,108 @@
-CVE-2024-8986
+CVE-2024-9011 (A vulnerability, which was classified as critical, was found in
code-p ...)
+ TODO: check
+CVE-2024-9009 (A vulnerability, which was classified as critical, has been
found in c ...)
+ TODO: check
+CVE-2024-9008 (A vulnerability classified as critical was found in
SourceCodester Bes ...)
+ TODO: check
+CVE-2024-9007 (A vulnerability classified as problematic has been found in
jeanmarc77 ...)
+ TODO: check
+CVE-2024-9006 (A vulnerability was found in jeanmarc77 123solar 1.8.4.5. It
has been ...)
+ TODO: check
+CVE-2024-9004 (A vulnerability classified as critical has been found in D-Link
DAR-70 ...)
+ TODO: check
+CVE-2024-9003 (A vulnerability was found in Jinan Chicheng Company JFlow
2.0.0. It ha ...)
+ TODO: check
+CVE-2024-9001 (A vulnerability was found in TOTOLINK T10 4.1.8cu.5207. It has
been de ...)
+ TODO: check
+CVE-2024-8963 (Path Traversal in the Ivanti CSA before 4.6 Patch 519 allows a
remote ...)
+ TODO: check
+CVE-2024-8853 (The Webo-facto plugin for WordPress is vulnerable to privilege
escalat ...)
+ TODO: check
+CVE-2024-8653 (A vulnerability in NetCat CMS allows an attacker to execute
JavaScript ...)
+ TODO: check
+CVE-2024-8652 (A vulnerability in NetCat CMS allows an attacker to execute
JavaScript ...)
+ TODO: check
+CVE-2024-8651 (A vulnerability in NetCat CMS allows an attacker to send a
specially c ...)
+ TODO: check
+CVE-2024-8375 (There exists a use after free vulnerability in Reverb.Reverb
supports ...)
+ TODO: check
+CVE-2024-8354 (A flaw was found in QEMU. An assertion failure was present in
the usb_ ...)
+ TODO: check
+CVE-2024-7785 (Improper Neutralization of Input During Web Page Generation
(XSS or 'C ...)
+ TODO: check
+CVE-2024-7737 (A stored Cross-site Scripting (XSS) vulnerability affecting
3DSwym in ...)
+ TODO: check
+CVE-2024-7736 (A reflected Cross-site Scripting (XSS) vulnerability affecting
ENOVIA ...)
+ TODO: check
+CVE-2024-47162 (In JetBrains YouTrack before 2024.3.44799 token could be
revealed on I ...)
+ TODO: check
+CVE-2024-47160 (In JetBrains YouTrack before 2024.3.44799 access to global app
config ...)
+ TODO: check
+CVE-2024-47159 (In JetBrains YouTrack before 2024.3.44799 user without
appropriate per ...)
+ TODO: check
+CVE-2024-47060 (Zitadel is an open source identity management platform. In
Zitadel, ev ...)
+ TODO: check
+CVE-2024-47000 (Zitadel is an open source identity management platform.
ZITADEL's user ...)
+ TODO: check
+CVE-2024-46999 (Zitadel is an open source identity management platform.
ZITADEL's user ...)
+ TODO: check
+CVE-2024-46984 (The reference validator is a tool to perform advanced
validation of FH ...)
+ TODO: check
+CVE-2024-46983 (sofa-hessian is an internal improved version of Hessian3/4
powered by ...)
+ TODO: check
+CVE-2024-46394 (FrogCMS v0.9.5 was discovered to contain a Cross-Site Request
Forgery ...)
+ TODO: check
+CVE-2024-46382 (A SQL injection vulnerability in linlinjava litemall 1.8.0
allows a re ...)
+ TODO: check
+CVE-2024-45862 (Kastle Systems firmware prior to May 1, 2024, stored machine
credentia ...)
+ TODO: check
+CVE-2024-45861 (Kastle Systems firmware prior to May 1, 2024, contained a
hard-coded c ...)
+ TODO: check
+CVE-2024-45810 (Envoy is a cloud-native high-performance edge/middle/service
proxy. En ...)
+ TODO: check
+CVE-2024-45809 (Envoy is a cloud-native high-performance edge/middle/service
proxy. Jw ...)
+ TODO: check
+CVE-2024-45808 (Envoy is a cloud-native high-performance edge/middle/service
proxy. A ...)
+ TODO: check
+CVE-2024-45807 (Envoy is a cloud-native high-performance edge/middle/service
proxy. En ...)
+ TODO: check
+CVE-2024-45806 (Envoy is a cloud-native high-performance edge/middle/service
proxy. A ...)
+ TODO: check
+CVE-2024-45770 (A vulnerability was found in Performance Co-Pilot (PCP). This
flaw can ...)
+ TODO: check
+CVE-2024-45769 (A vulnerability was found in Performance Co-Pilot (PCP). This
flaw all ...)
+ TODO: check
+CVE-2024-45752 (logiops through 0.3.4, in its default configuration, allows
any unpriv ...)
+ TODO: check
+CVE-2024-45614 (Puma is a Ruby/Rack web server built for parallelism. In
affected vers ...)
+ TODO: check
+CVE-2024-43496 (Microsoft Edge (Chromium-based) Remote Code Execution
Vulnerability)
+ TODO: check
+CVE-2024-43489 (Microsoft Edge (Chromium-based) Remote Code Execution
Vulnerability)
+ TODO: check
+CVE-2024-41721 (An insufficient boundary validation in the USB code could lead
to an o ...)
+ TODO: check
+CVE-2024-40125 (An arbitrary file upload vulnerability in the Media Manager
function o ...)
+ TODO: check
+CVE-2024-38221 (Microsoft Edge (Chromium-based) Spoofing Vulnerability)
+ TODO: check
+CVE-2024-38016 (Microsoft Office Visio Remote Code Execution Vulnerability)
+ TODO: check
+CVE-2024-33109 (Directory Traversal in the web interface of the Tiptel IP 286
with fir ...)
+ TODO: check
+CVE-2024-31570 (libfreeimage in FreeImage 3.4.0 through 3.18.0 has a
stack-based buffe ...)
+ TODO: check
+CVE-2024-25673 (Couchbase Server 7.6.x before 7.6.2, 7.2.x before 7.2.6, and
all earli ...)
+ TODO: check
+CVE-2024-8986 (The grafana plugin SDK bundles build metadata into the binaries
it com ...)
NOT-FOR-US: Grafana plugin
-CVE-2024-8883
+CVE-2024-8883 (A misconfiguration flaw was found in Keycloak. This issue can
allow an ...)
NOT-FOR-US: Keycloak
-CVE-2024-8698
+CVE-2024-8698 (A flaw exists in the SAML signature validation method within
the Keycl ...)
NOT-FOR-US: Keycloak
-CVE-2024-7207
+CVE-2024-7207 (A flaw was found in Envoy. It is possible to modify or
manipulate head ...)
- envoyproxy <itp> (bug #987544)
-CVE-2024-45410
+CVE-2024-45410 (Traefik is a golang, Cloud Native Application Proxy. When a
HTTP reque ...)
- traefik <itp> (bug #983289)
CVE-2024-8850 (The MC4WP: Mailchimp for WordPress plugin for WordPress is
vulnerable ...)
NOT-FOR-US: WordPress plugin
@@ -702,21 +798,27 @@ CVE-2024-45816 (Backstage is an open framework for
building developer portals. W
CVE-2024-45815 (Backstage is an open framework for building developer portals.
A malic ...)
NOT-FOR-US: Backstage
CVE-2024-8909 (Inappropriate implementation in UI in Google Chrome on iOS
prior to 12 ...)
+ {DSA-5773-1}
- chromium 129.0.6668.58-1
[bullseye] - chromium <end-of-life> (see #1061268)
CVE-2024-8908 (Inappropriate implementation in Autofill in Google Chrome prior
to 129 ...)
+ {DSA-5773-1}
- chromium 129.0.6668.58-1
[bullseye] - chromium <end-of-life> (see #1061268)
CVE-2024-8907 (Insufficient data validation in Omnibox in Google Chrome on
Android pr ...)
+ {DSA-5773-1}
- chromium 129.0.6668.58-1
[bullseye] - chromium <end-of-life> (see #1061268)
CVE-2024-8906 (Incorrect security UI in Downloads in Google Chrome prior to
129.0.666 ...)
+ {DSA-5773-1}
- chromium 129.0.6668.58-1
[bullseye] - chromium <end-of-life> (see #1061268)
CVE-2024-8905 (Inappropriate implementation in V8 in Google Chrome prior to
129.0.666 ...)
+ {DSA-5773-1}
- chromium 129.0.6668.58-1
[bullseye] - chromium <end-of-life> (see #1061268)
CVE-2024-8904 (Type Confusion in V8 in Google Chrome prior to 129.0.6668.58
allowed a ...)
+ {DSA-5773-1}
- chromium 129.0.6668.58-1
[bullseye] - chromium <end-of-life> (see #1061268)
CVE-2024-8956 (PTZOptics PT30X-SDI/NDI-xx before firmware 6.3.40 is vulnerable
to an ...)
@@ -81995,11 +82097,11 @@ CVE-2023-46964 (Cross Site Scripting (XSS)
vulnerability in Hillstone Next Gener
NOT-FOR-US: Hillstone Next Generation FireWall SG-6000-e3960
CVE-2023-46963 (An issue in Beijing Yunfan Internet Technology Co., Ltd,
Yunfan Learni ...)
NOT-FOR-US: Beijing Yunfan Internet Technology Co., Ltd, Yunfan
Learning Examination System
-CVE-2023-46382 (LOYTEC LINX-212 firmware 6.2.4 and LVIS-3ME12-A1 firmware
6.2.2 and LI ...)
+CVE-2023-46382 (LOYTEC LINX-151, LINX-212, LVIS-3ME12-A1, LIOB-586, LIOB-580
V2, LIOB- ...)
NOT-FOR-US: LOYTEC electronics GmbH
-CVE-2023-46381 (LOYTEC LINX-212 firmware 6.2.4 and LVIS-3ME12-A1 firmware
6.2.2 and LI ...)
+CVE-2023-46381 (LOYTEC LINX-151, LINX-212, LVIS-3ME12-A1, LIOB-586, LIOB-580
V2, LIOB- ...)
NOT-FOR-US: LOYTEC electronics GmbH
-CVE-2023-46380 (LOYTEC LINX-212 firmware 6.2.4 and LVIS-3ME12-A1 firmware
6.2.2 and LI ...)
+CVE-2023-46380 (LOYTEC LINX-151, LINX-212, LVIS-3ME12-A1, LIOB-586, LIOB-580
V2, LIOB- ...)
NOT-FOR-US: LOYTEC electronics GmbH
CVE-2023-40922 (kerawen before v2.5.1 was discovered to contain a SQL
injection vulner ...)
NOT-FOR-US: kerawen
@@ -119082,8 +119184,8 @@ CVE-2023-27585 (PJSIP is a free and open source
multimedia communication library
NOTE:
https://github.com/pjsip/pjproject/security/advisories/GHSA-q9cp-8wcq-7pfr
NOTE:
https://github.com/pjsip/pjproject/security/advisories/GHSA-p6g5-v97c-w5q4
NOTE:
https://github.com/pjsip/pjproject/commit/d1c5e4da5bae7f220bc30719888bb389c905c0c5
-CVE-2023-27584
- RESERVED
+CVE-2023-27584 (Dragonfly is an open source P2P-based file distribution and
image acce ...)
+ TODO: check
CVE-2023-27583 (PanIndex is a network disk directory index. In Panindex prior
to versi ...)
NOT-FOR-US: PanIndex
CVE-2023-27582 (maddy is a composable, all-in-one mail server. Starting with
version 0 ...)
View it on GitLab:
https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/5575fd7284c4a27ededbac35d81cadc1c67271b2
--
View it on GitLab:
https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/5575fd7284c4a27ededbac35d81cadc1c67271b2
You're receiving this email because of your account on salsa.debian.org.
_______________________________________________
debian-security-tracker-commits mailing list
[email protected]
https://alioth-lists.debian.net/cgi-bin/mailman/listinfo/debian-security-tracker-commits
