Salvatore Bonaccorso pushed to branch master at Debian Security Tracker /
security-tracker
Commits:
faf99d47 by security tracker role at 2024-10-04T20:12:37+00:00
automatic update
- - - - -
1 changed file:
- data/CVE/list
Changes:
=====================================
data/CVE/list
=====================================
@@ -1,4 +1,119 @@
+CVE-2024-9515 (A vulnerability was found in D-Link DIR-605L 2.13B01 BETA. It
has been ...)
+ TODO: check
+CVE-2024-9514 (A vulnerability was found in D-Link DIR-605L 2.13B01 BETA. It
has been ...)
+ TODO: check
+CVE-2024-9513 (A vulnerability was found in Netadmin Software NetAdmin IAM up
to 3.5 ...)
+ TODO: check
+CVE-2024-9484 (An null-pointer-derefrence in the engine module in AVG/Avast
Antivirus ...)
+ TODO: check
+CVE-2024-9483 (A null-pointer-dereference in the signature verification module
in AVG ...)
+ TODO: check
+CVE-2024-9482 (An out-of-bounds write in the engine module in AVG/Avast
Antivirus sig ...)
+ TODO: check
+CVE-2024-9481 (An out-of-bounds write in the engine module in AVG/Avast
Antivirus sig ...)
+ TODO: check
+CVE-2024-9410 (Ada.cx's Sentry configuration allowed for blind server-side
request fo ...)
+ TODO: check
+CVE-2024-9271 (The Re:WP plugin for WordPress is vulnerable to Stored
Cross-Site Scri ...)
+ TODO: check
+CVE-2024-9071 (The Easy Demo Importer \u2013 A Modern One-Click Demo Import
Solution ...)
+ TODO: check
+CVE-2024-9054 (Improper Neutralization of Special Elements used in an OS
Command ('OS ...)
+ TODO: check
+CVE-2024-8499 (The Checkout Field Editor (Checkout Manager) for WooCommerce
plugin fo ...)
+ TODO: check
+CVE-2024-8149 (There is a reflected XSS vulnerability in Esri Portal for
ArcGIS versi ...)
+ TODO: check
+CVE-2024-8148 (There is an unvalidated redirect vulnerability in Esri Portal
for ArcG ...)
+ TODO: check
+CVE-2024-7801 (Improper Neutralization of Special Elements used in an SQL
Command ('S ...)
+ TODO: check
+CVE-2024-6400 (Cleartext Storage of Sensitive Information vulnerability in
Finrota Ne ...)
+ TODO: check
+CVE-2024-47790 (** UNSUPPORTED WHEN ASSIGNED ** This vulnerability exists in
D3D Secur ...)
+ TODO: check
+CVE-2024-47789 (** UNSUPPORTED WHEN ASSIGNED ** This vulnerability exists in
D3D Secur ...)
+ TODO: check
+CVE-2024-47769 (IDURAR is open source ERP CRM accounting invoicing software.
The vulne ...)
+ TODO: check
+CVE-2024-47768 (Lif Authentication Server is a server used by Lif to do
various tasks ...)
+ TODO: check
+CVE-2024-47765 (Minecraft MOTD Parser is a PHP library to parse minecraft
server motd. ...)
+ TODO: check
+CVE-2024-47764 (cookie is a basic HTTP cookie parser and serializer for HTTP
servers. ...)
+ TODO: check
+CVE-2024-47657 (This vulnerability exists in the Shilpi Net Back Office due to
imprope ...)
+ TODO: check
+CVE-2024-47656 (This vulnerability exists in Shilpi Client Dashboard due to
missing re ...)
+ TODO: check
+CVE-2024-47655 (This vulnerability exists in the Shilpi Client Dashboard due
to improp ...)
+ TODO: check
+CVE-2024-47654 (This vulnerability exists in Shilpi Client Dashboard due to
lack of ra ...)
+ TODO: check
+CVE-2024-47653 (This vulnerability exists in Shilpi Client Dashboard due to
lack of au ...)
+ TODO: check
+CVE-2024-47652 (This vulnerability exists in Shilpi Client Dashboard due to
implementa ...)
+ TODO: check
+CVE-2024-47651 (This vulnerability exists in Shilpi Client Dashboard due to
improper h ...)
+ TODO: check
+CVE-2024-47211 (In OpenStack Ironic before 21.4.4, 22.x and 23.x before
23.0.3, 23.x a ...)
+ TODO: check
+CVE-2024-47183 (Parse Server is an open source backend that can be deployed to
any inf ...)
+ TODO: check
+CVE-2024-46486 (TP-LINK TL-WDR5620 v2.3 was discovered to contain a remote
code execut ...)
+ TODO: check
+CVE-2024-46409 (A stored cross-site scripting (XSS) vulnerability in SeedDMS
v6.0.28 a ...)
+ TODO: check
+CVE-2024-46078 (itsourcecode Sports Management System Project 1.0 is
vulnerable to SQL ...)
+ TODO: check
+CVE-2024-46077 (itsourcecode Online Tours and Travels Management System v1.0
is vulner ...)
+ TODO: check
+CVE-2024-44439 (An issue in Shanghai Zhouma Network Technology CO., Ltd IMS
Intelligen ...)
+ TODO: check
+CVE-2024-43687 (Improper Neutralization of Input During Web Page Generation
(XSS or 'C ...)
+ TODO: check
+CVE-2024-43686 (Improper Neutralization of Input During Web Page Generation
(XSS or 'C ...)
+ TODO: check
+CVE-2024-43685 (Improper Authentication vulnerability in Microchip
TimeProvider 4100 ( ...)
+ TODO: check
+CVE-2024-43684 (Cross-Site Request Forgery (CSRF) vulnerability in Microchip
TimeProvi ...)
+ TODO: check
+CVE-2024-43683 (URL Redirection to Untrusted Site ('Open Redirect')
vulnerability in M ...)
+ TODO: check
+CVE-2024-41516 (A Reflected cross-site scripting (XSS) vulnerability in
"ccHandler.asp ...)
+ TODO: check
+CVE-2024-41515 (A reflected cross-site scripting (XSS) vulnerability in
"ccHandlerReso ...)
+ TODO: check
+CVE-2024-41514 (A reflected cross-site scripting (XSS) vulnerability in
"PrevPgGroup.a ...)
+ TODO: check
+CVE-2024-41513 (A reflected cross-site scripting (XSS) vulnerability in
"Artikel.aspx" ...)
+ TODO: check
+CVE-2024-41512 (A SQL Injection vulnerability in "ccHandler.aspx" in all
versions of C ...)
+ TODO: check
+CVE-2024-41511 (A Path Traversal (Local File Inclusion) vulnerability in
"BinaryFileRe ...)
+ TODO: check
+CVE-2024-38040 (There is a local file inclusion vulnerability in Esri Portal
for ArcGI ...)
+ TODO: check
+CVE-2024-38039 (There is an HTML injection vulnerability in Esri Portal for
ArcGIS ver ...)
+ TODO: check
+CVE-2024-38038 (There is a reflected XSS vulnerability in Esri Portal for
ArcGIS versi ...)
+ TODO: check
+CVE-2024-38037 (There is an unvalidated redirect vulnerability in Esri Portal
for ArcG ...)
+ TODO: check
+CVE-2024-38036 (There is a reflected XSS vulnerability in Esri Portal for
ArcGIS versi ...)
+ TODO: check
+CVE-2024-25707 (There is a reflected cross site scripting in Esri Portal for
ArcGIS 11 ...)
+ TODO: check
+CVE-2024-25702 (There is a stored Cross-site Scripting vulnerability in Esri
Portal fo ...)
+ TODO: check
+CVE-2024-25701 (There is a stored Cross-site Scripting vulnerability in Esri
Portal fo ...)
+ TODO: check
+CVE-2024-25694 (There is a stored Cross-site Scripting vulnerability in Esri
Portal fo ...)
+ TODO: check
+CVE-2024-25691 (There is a reflected XSS vulnerability in Esri Portal for
ArcGIS versi ...)
+ TODO: check
CVE-2024-47191
+ {DSA-5784-1}
- oath-toolkit 2.6.12-1
[bullseye] - oath-toolkit <not-affected> (Vulnerable code not present)
NOTE: https://www.openwall.com/lists/oss-security/2024/10/04/2
@@ -167,7 +282,7 @@ CVE-2024-0123 (NVIDIA CUDA toolkit for Windows and Linux
contains a vulnerabilit
- nvidia-cuda-toolkit <unfixed> (bug #1084054)
[bookworm] - nvidia-cuda-toolkit <no-dsa> (Non-free not supported)
NOTE: https://nvidia.custhelp.com/app/answers/detail/a_id/5577
-CVE-2023-37822 (Eufy HomeBase 2 model T8010X v3.2.8.3h was discovered to use
the depre ...)
+CVE-2023-37822 (The Eufy Homebase 2 before firmware version 3.3.4.1h creates a
dedicat ...)
NOT-FOR-US: Eufy HomeBase 2 model T8010X
CVE-2024-8508 (NLnet Labs Unbound up to and including version 1.21.0 contains
a vulne ...)
- unbound 1.21.1-1 (bug #1083282)
@@ -537,6 +652,7 @@ CVE-2024-9402 (Memory safety bugs present in Firefox 130,
Firefox ESR 128.2, and
NOTE:
https://www.mozilla.org/en-US/security/advisories/mfsa2024-46/#CVE-2024-9402
NOTE:
https://www.mozilla.org/en-US/security/advisories/mfsa2024-49/#CVE-2024-9402
CVE-2024-9401 (Memory safety bugs present in Firefox 130, Firefox ESR 115.15,
Firefox ...)
+ {DSA-5783-1}
- firefox 131.0-1
- firefox-esr 128.3.0esr-1
- thunderbird <unfixed>
@@ -572,6 +688,7 @@ CVE-2024-9395 (A specially crafted filename containing a
large number of spaces
- firefox <not-affected> (Only affects Firefox on Android)
NOTE:
https://www.mozilla.org/en-US/security/advisories/mfsa2024-46/#CVE-2024-9395
CVE-2024-9394 (An attacker could, via a specially crafted multipart response,
execute ...)
+ {DSA-5783-1}
- firefox 131.0-1
- firefox-esr 128.3.0esr-1
- thunderbird <unfixed>
@@ -579,6 +696,7 @@ CVE-2024-9394 (An attacker could, via a specially crafted
multipart response, ex
NOTE:
https://www.mozilla.org/en-US/security/advisories/mfsa2024-48/#CVE-2024-9394
NOTE:
https://www.mozilla.org/en-US/security/advisories/mfsa2024-49/#CVE-2024-9394
CVE-2024-9393 (An attacker could, via a specially crafted multipart response,
execute ...)
+ {DSA-5783-1}
- firefox 131.0-1
- firefox-esr 128.3.0esr-1
- thunderbird <unfixed>
@@ -586,6 +704,7 @@ CVE-2024-9393 (An attacker could, via a specially crafted
multipart response, ex
NOTE:
https://www.mozilla.org/en-US/security/advisories/mfsa2024-48/#CVE-2024-9393
NOTE:
https://www.mozilla.org/en-US/security/advisories/mfsa2024-49/#CVE-2024-9393
CVE-2024-9392 (A compromised content process could have allowed for the
arbitrary loa ...)
+ {DSA-5783-1}
- firefox 131.0-1
- firefox-esr 128.3.0esr-1
- thunderbird <unfixed>
@@ -7436,7 +7555,8 @@ CVE-2024-8200 (The Reviews Feed \u2013 Add Testimonials
and Customer Reviews Fro
NOT-FOR-US: WordPress plugin
CVE-2024-8199 (The Reviews Feed \u2013 Add Testimonials and Customer Reviews
From Goo ...)
NOT-FOR-US: WordPress plugin
-CVE-2024-8197 (The Visual Sound plugin for WordPress is vulnerable to
Cross-Site Requ ...)
+CVE-2024-8197
+ REJECTED
NOT-FOR-US: WordPress plugin
CVE-2024-8182 (An Unauthenticated Denial of Service (DoS) vulnerability exists
in Flo ...)
NOT-FOR-US: Flowise
@@ -123911,10 +124031,10 @@ CVE-2023-26773 (Cross Site Scripting vulnerability
found in Sales Tracker Manage
NOT-FOR-US: Sales Tracker Management System
CVE-2023-26772
RESERVED
-CVE-2023-26771
- RESERVED
-CVE-2023-26770
- RESERVED
+CVE-2023-26771 (Taskcafe 0.3.2 is vulnerable to Cross Site Scripting (XSS).
There is a ...)
+ TODO: check
+CVE-2023-26770 (TaskCafe 0.3.2 lacks validation in the Cookie value. Any
unauthenticat ...)
+ TODO: check
CVE-2023-26769 (Buffer Overflow vulnerability found in Liblouis Lou_Trace
v.3.24.0 all ...)
- liblouis 3.24.0-2 (bug #1033202; unimportant)
NOTE: https://github.com/liblouis/liblouis/pull/1300
@@ -196998,6 +197118,7 @@ CVE-2022-1305 (Use after free in storage in Google
Chrome prior to 100.0.4896.88
[buster] - chromium <end-of-life> (see DSA 5046)
[stretch] - chromium <end-of-life> (see DSA 4562)
CVE-2022-1304 (An out-of-bounds read/write vulnerability was found in
e2fsprogs 1.46. ...)
+ {DLA-3910-1}
- e2fsprogs 1.46.6~rc1-1 (bug #1010263)
[buster] - e2fsprogs <no-dsa> (Minor issue)
[stretch] - e2fsprogs <no-dsa> (Minor issue)
View it on GitLab:
https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/faf99d47fd96ffc144880c9b96036d11c074ce27
--
View it on GitLab:
https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/faf99d47fd96ffc144880c9b96036d11c074ce27
You're receiving this email because of your account on salsa.debian.org.
_______________________________________________
debian-security-tracker-commits mailing list
[email protected]
https://alioth-lists.debian.net/cgi-bin/mailman/listinfo/debian-security-tracker-commits
