Salvatore Bonaccorso pushed to branch master at Debian Security Tracker /
security-tracker
Commits:
a39b675f by security tracker role at 2024-09-26T20:13:02+00:00
automatic update
- - - - -
1 changed file:
- data/CVE/list
Changes:
=====================================
data/CVE/list
=====================================
@@ -1,3 +1,165 @@
+CVE-2024-9203 (A vulnerability, which was classified as problematic, has been
found i ...)
+ TODO: check
+CVE-2024-9199 (Rate limit vulnerability in Clibo Manager v1.1.9.2 that could
allow an ...)
+ TODO: check
+CVE-2024-9198 (Vulnerability in Clibo Manager v1.1.9.1 that could allow an
attacker t ...)
+ TODO: check
+CVE-2024-9177 (The Themedy Toolbox plugin for WordPress is vulnerable to
Stored Cross ...)
+ TODO: check
+CVE-2024-9173 (The GF Custom Style plugin for WordPress is vulnerable to
Stored Cross ...)
+ TODO: check
+CVE-2024-9166 (The device enables an unauthorized attacker to execute system
commands ...)
+ TODO: check
+CVE-2024-9155 (Mattermost versions 9.10.x <= 9.10.1, 9.9.x <= 9.9.2, 9.5.x <=
9.5.8 f ...)
+ TODO: check
+CVE-2024-9127 (The Super Testimonials plugin for WordPress is vulnerable to
Stored Cr ...)
+ TODO: check
+CVE-2024-9125 (The king_IE plugin for WordPress is vulnerable to Stored
Cross-Site Sc ...)
+ TODO: check
+CVE-2024-9117 (The Mapplic Lite plugin for WordPress is vulnerable to Stored
Cross-Si ...)
+ TODO: check
+CVE-2024-9115 (The Common Tools for Site plugin for WordPress is vulnerable to
Stored ...)
+ TODO: check
+CVE-2024-9025 (The Sight \u2013 Professional Image Gallery and Portfolio
plugin for W ...)
+ TODO: check
+CVE-2024-8872 (The Store Hours for WooCommerce plugin for WordPress is
vulnerable to ...)
+ TODO: check
+CVE-2024-8771 (The Email Subscribers by Icegram Express \u2013 Email
Marketing, Newsl ...)
+ TODO: check
+CVE-2024-8725 (Multiple plugins and/or themes for WordPress are vulnerable to
Limited ...)
+ TODO: check
+CVE-2024-8704 (The Advanced File Manager plugin for WordPress is vulnerable to
Local ...)
+ TODO: check
+CVE-2024-8633 (The Form Maker by 10Web \u2013 Mobile-Friendly Drag & Drop
Contact For ...)
+ TODO: check
+CVE-2024-8126 (The Advanced File Manager plugin for WordPress is vulnerable to
arbitr ...)
+ TODO: check
+CVE-2024-8118 (In Grafana, the wrong permission is applied to the alert rule
write AP ...)
+ TODO: check
+CVE-2024-7594 (Vault\u2019s SSH secrets engine did not require the
valid_principals l ...)
+ TODO: check
+CVE-2024-7259 (A flaw was found in oVirt. A user with administrator
privileges, inclu ...)
+ TODO: check
+CVE-2024-7108 (Incorrect Authorization vulnerability in National Keep Cyber
Security ...)
+ TODO: check
+CVE-2024-7107 (Files or Directories Accessible to External Parties
vulnerability in N ...)
+ TODO: check
+CVE-2024-47337 (Missing Authorization vulnerability in Stuart Wilson Joy Of
Text Lite. ...)
+ TODO: check
+CVE-2024-47197 (Exposure of Sensitive Information to an Unauthorized Actor,
Insecure S ...)
+ TODO: check
+CVE-2024-47180 (Shields.io is a service for concise, consistent, and legible
badges in ...)
+ TODO: check
+CVE-2024-47179 (RSSHub is an RSS network. Prior to commit 64e00e7, RSSHub's
`docker-te ...)
+ TODO: check
+CVE-2024-47174 (Nix is a package manager for Linux and other Unix systems.
Starting in ...)
+ TODO: check
+CVE-2024-47171 (Agnai is an artificial-intelligence-agnostic multi-user,
mult-bot role ...)
+ TODO: check
+CVE-2024-47170 (Agnai is an artificial-intelligence-agnostic multi-user,
mult-bot role ...)
+ TODO: check
+CVE-2024-47169 (Agnai is an artificial-intelligence-agnostic multi-user,
mult-bot role ...)
+ TODO: check
+CVE-2024-47145 (Mattermost versions 9.5.x <= 9.5.8 fail to properly authorize
access t ...)
+ TODO: check
+CVE-2024-47130 (The goTenna Pro series allows unauthenticated attackers to
remotely up ...)
+ TODO: check
+CVE-2024-47129 (The goTenna Pro has a payload length vulnerability that makes
it possi ...)
+ TODO: check
+CVE-2024-47128 (The goTenna Pro broadcast key name is always sent unencrypted
and coul ...)
+ TODO: check
+CVE-2024-47127 (In the goTenna Pro there is a vulnerability that makes it
possible to ...)
+ TODO: check
+CVE-2024-47126 (The goTenna Pro series does not use SecureRandom when
generating its c ...)
+ TODO: check
+CVE-2024-47125 (The goTenna Pro series does not authenticate public keys which
allows ...)
+ TODO: check
+CVE-2024-47124 (The goTenna pro series does not encrypt the callsigns of its
users. Th ...)
+ TODO: check
+CVE-2024-47123 (The goTenna Pro series use AES CTR mode for short, encrypted
messages ...)
+ TODO: check
+CVE-2024-47122 (In the goTenna Pro application, the encryption keys are stored
along w ...)
+ TODO: check
+CVE-2024-47121 (The goTenna Pro series uses a weak password for the QR
broadcast messa ...)
+ TODO: check
+CVE-2024-47075 (LayUI is a native minimalist modular Web UI component library.
Version ...)
+ TODO: check
+CVE-2024-47044 (Multiple Home GateWay/Hikari Denwa routers provided by NIPPON
TELEGRAP ...)
+ TODO: check
+CVE-2024-47003 (Mattermost versions 9.11.x <= 9.11.0 and 9.5.x <= 9.5.8 fail
to valida ...)
+ TODO: check
+CVE-2024-46632 (Assimp v5.4.3 is vulnerable to Buffer Overflow via the
MD5Importer::Lo ...)
+ TODO: check
+CVE-2024-46627 (Incorrect access control in BECN DATAGERRY v2.2 allows
attackers to ex ...)
+ TODO: check
+CVE-2024-46330 (VONETS VAP11G-300 v3.3.23.6.9 was discovered to contain a
command inje ...)
+ TODO: check
+CVE-2024-46329 (VONETS VAP11G-300 v3.3.23.6.9 was discovered to contain a
command inje ...)
+ TODO: check
+CVE-2024-46328 (VONETS VAP11G-300 v3.3.23.6.9 was discovered to contain
hardcoded cred ...)
+ TODO: check
+CVE-2024-46327 (An issue in the Http_handle object of VONETS VAP11G-300
v3.3.23.6.9 al ...)
+ TODO: check
+CVE-2024-45989 (Monica AI Assistant desktop application v2.3.0 is vulnerable
to Exposu ...)
+ TODO: check
+CVE-2024-45987 (Projectworld Online Voting System Version 1.0 is vulnerable to
Cross S ...)
+ TODO: check
+CVE-2024-45985 (A Cross Site Scripting (XSS) vulnerability in
update_contact.php of Bl ...)
+ TODO: check
+CVE-2024-45984 (A Cross Site Scripting (XSS) vulnerability in add_donor.php of
Blood B ...)
+ TODO: check
+CVE-2024-45983 (A Cross-Site Request Forgery (CSRF) vulnerability exists in
kishan0725 ...)
+ TODO: check
+CVE-2024-45982 (A host header injection vulnerability in scheduleR v0.0.18
allows atta ...)
+ TODO: check
+CVE-2024-45981 (A host header injection vulnerability in BookReviewLibrary 1.0
allows ...)
+ TODO: check
+CVE-2024-45980 (A host header injection vulnerability in MEANStore 1.0 allows
attacker ...)
+ TODO: check
+CVE-2024-45979 (A host header injection vulnerability in Lines Police CAD 1.0
allows a ...)
+ TODO: check
+CVE-2024-45843 (Mattermost versions 9.5.x <= 9.5.8 fail to include themetadata
endpoin ...)
+ TODO: check
+CVE-2024-45838 (The goTenna Pro ATAK Plugin does not encrypt the callsigns of
its user ...)
+ TODO: check
+CVE-2024-45723 (The goTenna Pro ATAK Plugin does not use SecureRandom when
generating ...)
+ TODO: check
+CVE-2024-45374 (In the goTenna Pro ATAK Plugin application, the encryption
keys are s ...)
+ TODO: check
+CVE-2024-45042 (Ory Kratos is an identity, user management and authentication
system f ...)
+ TODO: check
+CVE-2024-44860 (An information disclosure vulnerability in the
/Letter/PrintQr/ endpoi ...)
+ TODO: check
+CVE-2024-43814 (goTenna Pro ATAK Plugin by default enables frequent
unencrypted Posit ...)
+ TODO: check
+CVE-2024-43694 (In the goTenna Pro ATAK Plugin application, the encryption
keys are s ...)
+ TODO: check
+CVE-2024-43191 (IBM ManageIQ could allow a remote authenticated attacker to
execute ar ...)
+ TODO: check
+CVE-2024-43108 (The goTenna Pro ATAK Plugin use AES CTR mode for short,
encrypted mes ...)
+ TODO: check
+CVE-2024-42406 (Mattermost versions 9.11.x <= 9.11.0, 9.10.x <= 9.10.1, 9.9.x
<= 9.9.2 ...)
+ TODO: check
+CVE-2024-41931 (The goTenna Pro ATAK Plugin broadcast key name is always sent
unencryp ...)
+ TODO: check
+CVE-2024-41722 (In the goTenna Pro ATAK Plugin there is a vulnerability that
makes it ...)
+ TODO: check
+CVE-2024-41715 (The goTenna Pro ATAK Plugin has a payload length vulnerability
that m ...)
+ TODO: check
+CVE-2024-41605 (An issue in Foxit Software Foxit PDF Reader v.2024.2.2.25170
allows a ...)
+ TODO: check
+CVE-2024-39577 (Dell SmartFabric OS10 Software, versions 10.5.6.x, 10.5.5.x,
10.5.4.x, ...)
+ TODO: check
+CVE-2024-39319 (aimeos/ai-controller-frontend is the Aimeos frontend
controller packag ...)
+ TODO: check
+CVE-2024-37125 (Dell SmartFabric OS10 Software, versions 10.5.6.x, 10.5.5.x,
10.5.4.x, ...)
+ TODO: check
+CVE-2024-31899 (IBM Cognos Command Center 10.2.4.1 and 10.2.5 could disclose
highly se ...)
+ TODO: check
+CVE-2024-30134 (The HCL Traveler for Microsoft Outlook executable (HTMO.exe)
is being ...)
+ TODO: check
+CVE-2023-46175 (IBM Cloud Pak for Multicloud Management 2.3 through 2.3 FP8
stores use ...)
+ TODO: check
CVE-2024-47177
- cups-filters <unfixed>
NOTE:
https://github.com/OpenPrinting/cups-filters/security/advisories/GHSA-p9rh-jxmq-gq47
@@ -344,15 +506,19 @@ CVE-2024-45817 (In x86's APIC (Advanced Programmable
Interrupt Controller) archi
[bullseye] - xen <end-of-life> (EOLed in Bullseye)
NOTE: https://xenbits.xen.org/xsa/advisory-462.html
CVE-2024-9123 (Integer overflow in Skia in Google Chrome prior to
129.0.6668.70 allow ...)
+ {DSA-5775-1}
- chromium 129.0.6668.70-1
[bullseye] - chromium <end-of-life> (see #1061268)
CVE-2024-9122 (Type Confusion in V8 in Google Chrome prior to 129.0.6668.70
allowed a ...)
+ {DSA-5775-1}
- chromium 129.0.6668.70-1
[bullseye] - chromium <end-of-life> (see #1061268)
CVE-2024-9121 (Inappropriate implementation in V8 in Google Chrome prior to
129.0.666 ...)
+ {DSA-5775-1}
- chromium 129.0.6668.70-1
[bullseye] - chromium <end-of-life> (see #1061268)
CVE-2024-9120 (Use after free in Dawn in Google Chrome on Windows prior to
129.0.6668 ...)
+ {DSA-5775-1}
- chromium 129.0.6668.70-1
[bullseye] - chromium <end-of-life> (see #1061268)
CVE-2024-8919 (The Confetti Fall Animation plugin for WordPress is vulnerable
to Stor ...)
@@ -25645,6 +25811,7 @@ CVE-2024-27857 (An out-of-bounds access issue was
addressed with improved bounds
CVE-2024-27855 (The issue was addressed with improved checks. This issue is
fixed in m ...)
NOT-FOR-US: Apple
CVE-2024-27851 (The issue was addressed with improved bounds checks. This
issue is fix ...)
+ {DSA-5762-1}
- webkit2gtk 2.44.3-1
[buster] - webkit2gtk <end-of-life> (EOL in buster LTS)
- wpewebkit 2.44.3-1
@@ -25652,6 +25819,7 @@ CVE-2024-27851 (The issue was addressed with improved
bounds checks. This issue
[bullseye] - wpewebkit <ignored> (wpewebkit >= 2.40 can no longer be
sensibly backported)
NOTE: https://webkitgtk.org/security/WSA-2024-0005.html
CVE-2024-27850 (This issue was addressed with improvements to the noise
injection algo ...)
+ {DSA-5695-1}
- webkit2gtk 2.44.2-1
[buster] - webkit2gtk <end-of-life> (EOL in buster LTS)
- wpewebkit 2.44.2-1
@@ -25667,6 +25835,7 @@ CVE-2024-27844 (The issue was addressed with improved
checks. This issue is fixe
CVE-2024-27840 (The issue was addressed with improved memory handling. This
issue is f ...)
NOT-FOR-US: Apple
CVE-2024-27838 (The issue was addressed by adding additional logic. This issue
is fixe ...)
+ {DSA-5762-1}
- webkit2gtk 2.44.3-1
[buster] - webkit2gtk <end-of-life> (EOL in buster LTS)
- wpewebkit 2.44.3-1
@@ -25676,6 +25845,7 @@ CVE-2024-27838 (The issue was addressed by adding
additional logic. This issue i
CVE-2024-27836 (The issue was addressed with improved checks. This issue is
fixed in v ...)
NOT-FOR-US: Apple
CVE-2024-27833 (An integer overflow was addressed with improved input
validation. This ...)
+ {DSA-5695-1}
- webkit2gtk 2.44.2-1
[buster] - webkit2gtk <end-of-life> (EOL in buster LTS)
- wpewebkit 2.44.2-1
@@ -25687,6 +25857,7 @@ CVE-2024-27832 (The issue was addressed with improved
checks. This issue is fixe
CVE-2024-27831 (An out-of-bounds write issue was addressed with improved input
validat ...)
NOT-FOR-US: Apple
CVE-2024-27830 (This issue was addressed through improved state management.
This issue ...)
+ {DSA-5762-1}
- webkit2gtk 2.44.3-1
[buster] - webkit2gtk <end-of-life> (EOL in buster LTS)
- wpewebkit 2.44.3-1
@@ -25696,6 +25867,7 @@ CVE-2024-27830 (This issue was addressed through
improved state management. This
CVE-2024-27828 (The issue was addressed with improved memory handling. This
issue is f ...)
NOT-FOR-US: Apple
CVE-2024-27820 (The issue was addressed with improved memory handling. This
issue is f ...)
+ {DSA-5695-1}
- webkit2gtk 2.44.2-1
[buster] - webkit2gtk <end-of-life> (EOL in buster LTS)
- wpewebkit 2.44.2-1
@@ -25715,6 +25887,7 @@ CVE-2024-27812 (The issue was addressed with
improvements to the file handling p
CVE-2024-27811 (The issue was addressed with improved checks. This issue is
fixed in t ...)
NOT-FOR-US: Apple
CVE-2024-27808 (The issue was addressed with improved memory handling. This
issue is f ...)
+ {DSA-5695-1}
- webkit2gtk 2.44.2-1
[buster] - webkit2gtk <end-of-life> (EOL in buster LTS)
- wpewebkit 2.44.2-1
@@ -36635,7 +36808,7 @@ CVE-2024-3239 (The Post Grid Gutenberg Blocks and
WordPress Blog Plugin WordPre
NOT-FOR-US: WordPress plugin
CVE-2024-35205 (The WPS Office (aka cn.wps.moffice_eng) application before
17.0.0 for ...)
NOT-FOR-US: WPS Office
-CVE-2024-35204 (Veritas System Recovery before 23.2_Hotfix has incorrect
permissions f ...)
+CVE-2024-35204 (Veritas System Recovery before 23.3_Hotfix has incorrect
permissions f ...)
NOT-FOR-US: Veritas
CVE-2024-32700 (Unrestricted Upload of File with Dangerous Type vulnerability
in Kogne ...)
NOT-FOR-US: WordPress plugin
@@ -43360,6 +43533,7 @@ CVE-2024-27537
CVE-2024-27536
REJECTED
CVE-2024-23271 (A logic issue was addressed with improved checks. This issue
is fixed ...)
+ {DSA-5618-1}
- webkit2gtk 2.42.5-1
[buster] - webkit2gtk <end-of-life> (EOL in buster LTS)
- wpewebkit 2.42.5-1
@@ -49269,7 +49443,7 @@ CVE-2024-0072 (NVIDIA CUDA toolkit for all platforms
contains a vulnerability in
NOTE: https://nvidia.custhelp.com/app/answers/detail/a_id/5517
CVE-2023-6523 (Authorization Bypass Through User-Controlled Key vulnerability
in Extr ...)
NOT-FOR-US: ExtremePacs Extreme XDS
-CVE-2023-6522 (Improper Privilege Management vulnerability in ExtremePacs
Extreme XDS ...)
+CVE-2023-6522 (Incorrect Use of Privileged APIs vulnerability in ExtremePacs
Extreme ...)
NOT-FOR-US: ExtremePacs Extreme XDS
CVE-2023-5692 (WordPress Core is vulnerable to Sensitive Information Exposure
in vers ...)
- wordpress 6.5+dfsg1-1
@@ -63483,7 +63657,7 @@ CVE-2023-6255 (Use of Hard-coded Credentials
vulnerability in Utarit Information
NOT-FOR-US: Utarit
CVE-2023-5155 (Improper Neutralization of Special Elements used in an SQL
Command ('S ...)
NOT-FOR-US: Utarit
-CVE-2023-4993 (Improper Privilege Management vulnerability in Utarit
Information Tech ...)
+CVE-2023-4993 (Incorrect Use of Privileged APIs vulnerability in Utarit
Information T ...)
NOT-FOR-US: Utarit
CVE-2023-4539 (Use of a hard-coded password for a special database account
created du ...)
NOT-FOR-US: Comarch ERP XL
@@ -73405,7 +73579,7 @@ CVE-2023-6531 (A use-after-free flaw was found in the
Linux Kernel due to a race
- linux 6.6.8-1
[buster] - linux <not-affected> (Vulnerable code not present)
NOTE:
https://git.kernel.org/linus/705318a99a138c29a512a72c3e0043b3cd7f55f4 (6.7-rc5)
-CVE-2023-6190 (Improper Input Validation vulnerability in \u0130zmir Katip
\xc7elebi ...)
+CVE-2023-6190 (Improper Limitation of a Pathname to a Restricted Directory
('Path Tra ...)
NOT-FOR-US: Izmir Katip Celebi University University Information
Management System
CVE-2023-52077 (Nexkey is a lightweight fork of Misskey v12 optimized for
small to med ...)
NOT-FOR-US: Nexkey
@@ -74028,7 +74202,7 @@ CVE-2023-51708 (Bentley eB System Management Console
applications within Assetwi
CVE-2023-51707 (MotionPro in Array ArrayOS AG before 9.4.0.505 on AG and vxAG
allows r ...)
NOT-FOR-US: MotionPro
CVE-2023-51704 (An issue was discovered in MediaWiki before 1.35.14, 1.36.x
through 1. ...)
- {DLA-3796-1}
+ {DLA-3896-1 DLA-3796-1}
- mediawiki 1:1.39.6-1
[bookworm] - mediawiki 1:1.39.7-1~deb12u1
NOTE:
https://lists.wikimedia.org/hyperkitty/list/[email protected]/thread/TDBUBCCOQJUT4SCHJNPHKQNPBUUETY52/
@@ -79281,9 +79455,9 @@ CVE-2023-6239 (Under rare conditions, the effective
permissions of an object mig
NOT-FOR-US: M-Files
CVE-2023-6201 (Improper Neutralization of Special Elements used in an OS
Command ('OS ...)
NOT-FOR-US: Univera Computer System Panorama
-CVE-2023-6151 (Improper Privilege Management vulnerability in ESKOM Computer
e-munici ...)
+CVE-2023-6151 (Incorrect Use of Privileged APIs vulnerability in ESKOM
Computer e-mun ...)
NOT-FOR-US: ESKOM Computer e-municipality module
-CVE-2023-6150 (Improper Privilege Management vulnerability in ESKOM Computer
e-munici ...)
+CVE-2023-6150 (Incorrect Use of Privileged APIs vulnerability in ESKOM
Computer e-mun ...)
NOT-FOR-US: ESKOM Computer e-municipality module
CVE-2023-49314 (Asana Desktop 2.1.0 on macOS allows code injection because of
specific ...)
NOT-FOR-US: Asana Desktop
@@ -79900,7 +80074,7 @@ CVE-2023-6004 (A flaw was found in libssh. By utilizing
the ProxyCommand or Prox
NOTE:
https://gitlab.com/libssh/libssh-mirror/-/commit/2c492ee179d5caa2718c5e768bab6e0b2b64a8b0
(libssh-0.10.6)
NOTE: Original patchset introduces a regression (with IPv6 parsing in
ssh_options_set API):
NOTE: https://gitlab.com/libssh/libssh-mirror/-/issues/227
-CVE-2023-5983 (Exposure of Sensitive Information to an Unauthorized Actor
vulnerabili ...)
+CVE-2023-5983 (Exposure of Private Personal Information to an Unauthorized
Actor vuln ...)
NOT-FOR-US: Botanik Software Pharmacy Automation
CVE-2023-5921 (Improper Enforcement of Behavioral Workflow vulnerability in
DECE Soft ...)
NOT-FOR-US: DECE Software Geodi
@@ -139739,8 +139913,8 @@ CVE-2023-0012 (In SAP Host Agent (Windows) - versions
7.21, 7.22, an attacker wh
NOT-FOR-US: SAP
CVE-2022-4542 (The Compact WP Audio Player WordPress plugin before 1.9.8 does
not val ...)
NOT-FOR-US: WordPress plugin
-CVE-2022-4541
- RESERVED
+CVE-2022-4541 (The WordPress Visitors plugin for WordPress is vulnerable to
Stored Cr ...)
+ TODO: check
CVE-2022-4540
REJECTED
CVE-2022-4539 (The Web Application Firewall plugin for WordPress is vulnerable
to IP ...)
View it on GitLab:
https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/a39b675fe42d11bbd390260e74f73d8d47df59ee
--
View it on GitLab:
https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/a39b675fe42d11bbd390260e74f73d8d47df59ee
You're receiving this email because of your account on salsa.debian.org.
_______________________________________________
debian-security-tracker-commits mailing list
[email protected]
https://alioth-lists.debian.net/cgi-bin/mailman/listinfo/debian-security-tracker-commits
