Salvatore Bonaccorso pushed to branch master at Debian Security Tracker /
security-tracker
Commits:
4454ba20 by security tracker role at 2024-09-25T20:12:36+00:00
automatic update
- - - - -
1 changed file:
- data/CVE/list
Changes:
=====================================
data/CVE/list
=====================================
@@ -1,3 +1,113 @@
+CVE-2024-9169 (The LiteSpeed Cache plugin for WordPress is vulnerable to
Stored Cross ...)
+ TODO: check
+CVE-2024-8996 (Unquoted Search Path or Element vulnerability in Grafana Agent
(Flow m ...)
+ TODO: check
+CVE-2024-8975 (Unquoted Search Path or Element vulnerability in Grafana Alloy
on Wind ...)
+ TODO: check
+CVE-2024-8858 (The Elementor Addons by Livemesh plugin for WordPress is
vulnerable to ...)
+ TODO: check
+CVE-2024-8546 (The ElementsKit Elementor addons plugin for WordPress is
vulnerable to ...)
+ TODO: check
+CVE-2024-8316 (In Progress Telerik UI for WPF versions prior to 2024 Q3
(2024.3.924), ...)
+ TODO: check
+CVE-2024-7679 (In Progress Telerik UI for WinForms versions prior to 2024 Q3
(2024.3. ...)
+ TODO: check
+CVE-2024-7576 (In Progress Telerik UI for WPF versions prior to 2024 Q3
(2024.3.924), ...)
+ TODO: check
+CVE-2024-7575 (In Progress Telerik UI for WPF versions prior to 2024 Q3
(2024.3.924), ...)
+ TODO: check
+CVE-2024-7481 (Improper verification of cryptographic signature during
installation o ...)
+ TODO: check
+CVE-2024-7479 (Improper verification of cryptographic signature during
installation o ...)
+ TODO: check
+CVE-2024-7421 (An information exposure in Devolutions Remote Desktop Manager
2024.2.2 ...)
+ TODO: check
+CVE-2024-6594 (Improper Handling of Exceptional Conditions vulnerability in
the Watch ...)
+ TODO: check
+CVE-2024-6593 (Incorrect Authorization vulnerability in WatchGuard
Authentication Gat ...)
+ TODO: check
+CVE-2024-6592 (Incorrect Authorization vulnerability in the protocol
communication be ...)
+ TODO: check
+CVE-2024-6512 (Authorization bypass in thePAM access request approval
mechanism in De ...)
+ TODO: check
+CVE-2024-4657 (Improper Neutralization of Input During Web Page Generation
(XSS or 'C ...)
+ TODO: check
+CVE-2024-47315 (Cross-Site Request Forgery (CSRF) vulnerability in GiveWP.This
issue a ...)
+ TODO: check
+CVE-2024-47305 (Cross-Site Request Forgery (CSRF) vulnerability in Dnesscarkey
Use Any ...)
+ TODO: check
+CVE-2024-47082 (Strawberry GraphQL is a library for creating GraphQL APIs.
Prior to ve ...)
+ TODO: check
+CVE-2024-47078 (Meshtastic is an open source, off-grid, decentralized, mesh
network. M ...)
+ TODO: check
+CVE-2024-46655 (A reflected cross-site scripting (XSS) vulnerability in Ellevo
6.2.0.3 ...)
+ TODO: check
+CVE-2024-46600 (dingfanzu CMS 1.0 was discovered to contain a Cross-Site
Request Forge ...)
+ TODO: check
+CVE-2024-46489 (A remote command execution (RCE) vulnerability in promptr
v6.0.7 allow ...)
+ TODO: check
+CVE-2024-46488 (sqlite-vec v0.1.1 was discovered to contain a heap buffer
overflow via ...)
+ TODO: check
+CVE-2024-46485 (dingfanzu CMS 1.0 was discovered to contain a Cross-Site
Request Forge ...)
+ TODO: check
+CVE-2024-46461 (VLC media player 3.0.20 and earlier is vulnerable to denial of
service ...)
+ TODO: check
+CVE-2024-45750 (An issue in TheGreenBow Windows Standard VPN Client 6.87.108
(and olde ...)
+ TODO: check
+CVE-2024-45613 (CKEditor 5 is a JavaScript rich-text editor. Starting in
version 40.0. ...)
+ TODO: check
+CVE-2024-44825 (Directory Traversal vulnerability in Centro de Tecnologia da
Informaco ...)
+ TODO: check
+CVE-2024-44678 (Gigastone TR1 Travel Router R101 v1.0.2 is vulnerable to
Command Injec ...)
+ TODO: check
+CVE-2024-43990 (Insertion of Sensitive Information into Log File vulnerability
in Styl ...)
+ TODO: check
+CVE-2024-43959 (Improper Neutralization of Input During Web Page Generation
(XSS or 'C ...)
+ TODO: check
+CVE-2024-43237 (Exposure of Sensitive Information to an Unauthorized Actor
vulnerabili ...)
+ TODO: check
+CVE-2024-41708 (An issue was discovered in AdaCore ada_web_services 20.0
allows an att ...)
+ TODO: check
+CVE-2024-41445 (Library MDF (mdflib) v2.1 is vulnerable to a heap-based buffer
overrea ...)
+ TODO: check
+CVE-2024-30128 (HCL Nomad server on Domino is affected by an open proxy
vulnerability ...)
+ TODO: check
+CVE-2024-22893 (OpenSlides 4.0.15 verifies passwords by comparing password
hashes usin ...)
+ TODO: check
+CVE-2024-22892 (OpenSlides 4.0.15 was discovered to be using a weak hashing
algorithm ...)
+ TODO: check
+CVE-2024-20510 (A vulnerability in the Central Web Authentication (CWA)
feature of Cis ...)
+ TODO: check
+CVE-2024-20508 (A vulnerability in Cisco Unified Threat Defense (UTD) Snort
Intrusion ...)
+ TODO: check
+CVE-2024-20496 (A vulnerability in the UDP packet validation code of Cisco
SD-WAN vEdg ...)
+ TODO: check
+CVE-2024-20480 (A vulnerability in the DHCP Snooping feature of Cisco IOS XE
Software ...)
+ TODO: check
+CVE-2024-20475 (A vulnerability in the web-based management interface of Cisco
Catalys ...)
+ TODO: check
+CVE-2024-20467 (A vulnerability in the implementation of the IPv4
fragmentation reasse ...)
+ TODO: check
+CVE-2024-20465 (A vulnerability in the access control list (ACL) programming
of Cisco ...)
+ TODO: check
+CVE-2024-20464 (A vulnerability in the Protocol Independent Multicast (PIM)
feature of ...)
+ TODO: check
+CVE-2024-20455 (A vulnerability in the process that classifies traffic that is
going t ...)
+ TODO: check
+CVE-2024-20437 (A vulnerability in the web-based management interface of Cisco
IOS XE ...)
+ TODO: check
+CVE-2024-20436 (A vulnerability in the HTTP Server feature of Cisco IOS XE
Software wh ...)
+ TODO: check
+CVE-2024-20434 (A vulnerability in Cisco IOS XE Software could allow an
unauthenticate ...)
+ TODO: check
+CVE-2024-20433 (A vulnerability in the Resource Reservation Protocol (RSVP)
feature of ...)
+ TODO: check
+CVE-2024-20414 (A vulnerability in the web UI feature of Cisco IOS Software
and Cisco ...)
+ TODO: check
+CVE-2024-20350 (A vulnerability in the SSH server of Cisco Catalyst Center,
formerly C ...)
+ TODO: check
+CVE-2023-51157 (Cross Site Scripting vulnerability in ZKTeco WDMS v.5.1.3 Pro
allows a ...)
+ TODO: check
CVE-2024-9073 (The GutenGeek Free Gutenberg Blocks for WordPress plugin for
WordPress ...)
NOT-FOR-US: WordPress plugin
CVE-2024-9069 (The Graphicsly \u2013 The ultimate graphics plugin for
WordPress websi ...)
@@ -152,7 +262,7 @@ CVE-2024-42505 (Command injection vulnerabilities in the
underlying CLI service
NOT-FOR-US: HPE
CVE-2024-38324 (IBM Storage Defender 2.0.0 through 2.0.7 on-prem
defender-sensor-cmd C ...)
NOT-FOR-US: IBM
-CVE-2024-45817 [x86: Deadlock in vlapic_error()]
+CVE-2024-45817 (In x86's APIC (Advanced Programmable Interrupt Controller)
architectur ...)
- xen <unfixed>
[bullseye] - xen <end-of-life> (EOLed in Bullseye)
NOTE: https://xenbits.xen.org/xsa/advisory-462.html
@@ -1694,7 +1804,7 @@ CVE-2024-8766 (Local privilege escalation due to DLL
hijacking vulnerability. Th
NOT-FOR-US: Acronis Cyber Protect Cloud Agent (Windows)
CVE-2024-8752 (The Windows version of WebIQ 2.15.9 is affected by a directory
travers ...)
NOT-FOR-US: WebIQ
-CVE-2024-8661 (Concrete CMS versions 9.0.0 to 9.3.3 and below 8.5.18 are
vulnerable t ...)
+CVE-2024-8661 (Concrete CMS versions 9.0.0 to 9.3.3 and below 8.5.19 are
vulnerable t ...)
NOT-FOR-US: Concrete CMS
CVE-2024-7104 (Improper Control of Generation of Code ('Code Injection')
vulnerabilit ...)
NOT-FOR-US: SFS Consulting ww.Winsure
@@ -2640,7 +2750,7 @@ CVE-2024-20398 (A vulnerability in the CLI of Cisco IOS
XR Software could allow
NOT-FOR-US: Cisco
CVE-2024-20390 (A vulnerability in the Dedicated XML Agent feature of Cisco
IOS XR Sof ...)
NOT-FOR-US: Cisco
-CVE-2024-20381 (A vulnerability in the JSON-RPC API feature in ConfD that is
used by t ...)
+CVE-2024-20381 (A vulnerability in the JSON-RPC API feature in Cisco Crosswork
Network ...)
NOT-FOR-US: Cisco
CVE-2024-20343 (A vulnerability in the CLI of Cisco IOS XR Software could
allow an aut ...)
NOT-FOR-US: Cisco
@@ -8794,7 +8904,7 @@ CVE-2024-7793 (A vulnerability was found in
SourceCodester Task Progress Tracker
NOT-FOR-US: SourceCodester Task Progress Tracker
CVE-2024-7628 (The MStore API \u2013 Create Native Android & iOS Apps On The
Cloud pl ...)
NOT-FOR-US: WordPress plugin
-CVE-2024-7625 (In HashiCorp Nomad and Nomad Enterprise from 0.6.1 up to
1.16.13, 1.7. ...)
+CVE-2024-7625 (In HashiCorp Nomad and Nomad Enterprise from 0.6.1 up to
1.6.13, 1.7.1 ...)
- nomad <removed>
CVE-2024-7624 (The Zephyr Project Manager plugin for WordPress is vulnerable
to limit ...)
NOT-FOR-US: WordPress plugin
@@ -48240,11 +48350,11 @@ CVE-2024-2201 [Native Branch History Injection]
NOTE: https://vusec.net/projects/native-bhi
NOTE: https://download.vusec.net/papers/inspectre_sec24.pdf
NOTE: https://xenbits.xen.org/xsa/advisory-456.html
-CVE-2024-31146
+CVE-2024-31146 (When multiple devices share resources and one of them is to be
passed ...)
- xen <unfixed>
[bullseye] - xen <end-of-life> (EOLed in Bullseye)
NOTE: https://xenbits.xen.org/xsa/advisory-461.html
-CVE-2024-31145
+CVE-2024-31145 (Certain PCI devices in a system might be assigned Reserved
Memory Regi ...)
- xen <unfixed>
[bullseye] - xen <end-of-life> (EOLed in Bullseye)
NOTE: https://xenbits.xen.org/xsa/advisory-460.html
@@ -126839,8 +126949,8 @@ CVE-2017-20176 (A vulnerability classified as
problematic was found in ciubotaru
NOT-FOR-US: share-on-diaspora
CVE-2017-20175 (A vulnerability classified as problematic has been found in
DaSchTour ...)
NOT-FOR-US: Mamoto extension for MediaWiki
-CVE-2023-25189
- RESERVED
+CVE-2023-25189 (BTS is affected by information disclosure vulnerability where
mobile n ...)
+ TODO: check
CVE-2023-25188 (An issue was discovered on NOKIA Airscale ASIKA Single RAN
devices bef ...)
NOT-FOR-US: NOKIA
CVE-2023-25187 (An issue was discovered on NOKIA Airscale ASIKA Single RAN
devices bef ...)
View it on GitLab:
https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/4454ba20e11219ff2cbf79bc4b7a1e7e944d7bb4
--
View it on GitLab:
https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/4454ba20e11219ff2cbf79bc4b7a1e7e944d7bb4
You're receiving this email because of your account on salsa.debian.org.
_______________________________________________
debian-security-tracker-commits mailing list
[email protected]
https://alioth-lists.debian.net/cgi-bin/mailman/listinfo/debian-security-tracker-commits
