Salvatore Bonaccorso pushed to branch master at Debian Security Tracker /
security-tracker
Commits:
3f120fda by security tracker role at 2024-10-11T20:12:44+00:00
automatic update
- - - - -
1 changed file:
- data/CVE/list
Changes:
=====================================
data/CVE/list
=====================================
@@ -1,48 +1,216 @@
+CVE-2024-9869
+ REJECTED
+CVE-2024-9859 (Type confusion in WebAssembly in Google Chrome prior to
126.0.6478.126 ...)
+ TODO: check
+CVE-2024-9856 (A vulnerability was found in 07FLYCMS, 07FLY-CMS and 07FlyCRM
1.3.8. I ...)
+ TODO: check
+CVE-2024-9855 (A vulnerability was found in 07FLYCMS, 07FLY-CMS and 07FlyCRM
1.3.8. I ...)
+ TODO: check
+CVE-2024-9539 (An information disclosure vulnerability was identified in
GitHub Enter ...)
+ TODO: check
+CVE-2024-9538 (The ShopLentor plugin for WordPress is vulnerable to Sensitive
Informa ...)
+ TODO: check
+CVE-2024-9164 (An issue was discovered in GitLab EE affecting all versions
starting f ...)
+ TODO: check
+CVE-2024-9046 (A DLL hijack vulnerability was reported in Lenovo stARstudio
that coul ...)
+ TODO: check
+CVE-2024-9002 (CWE-269: Improper Privilege Management vulnerability exists
that could ...)
+ TODO: check
+CVE-2024-8970 (An issue was discovered in GitLab CE/EE affecting all versions
startin ...)
+ TODO: check
+CVE-2024-8913 (The The Plus Addons for Elementor \u2013 Elementor Addons, Page
Templa ...)
+ TODO: check
+CVE-2024-8912 (An HTTP Request Smuggling vulnerability in Looker allowed an
unauthori ...)
+ TODO: check
+CVE-2024-8755 (Improper Input Validation vulnerability of Authenticated User
in Progr ...)
+ TODO: check
+CVE-2024-8531 (CWE-347: Improper Verification of Cryptographic Signature
vulnerabilit ...)
+ TODO: check
+CVE-2024-8530 (CWE-306: Missing Authentication for Critical Function
vulnerability ex ...)
+ TODO: check
+CVE-2024-8376 (In Eclipse Mosquitto up to version 2.0.18a, an attacker can
achieve me ...)
+ TODO: check
+CVE-2024-7514 (The WordPress Comments Import & Export plugin for WordPress is
vulnera ...)
+ TODO: check
+CVE-2024-6985 (A path traversal vulnerability exists in the api
open_personality_fold ...)
+ TODO: check
+CVE-2024-6971 (A path traversal vulnerability exists in the
parisneo/lollms-webui rep ...)
+ TODO: check
+CVE-2024-6657 (A denial of service may be caused to a single peripheral device
in a B ...)
+ TODO: check
+CVE-2024-5474 (A potential information disclosure vulnerability was reported
in Lenov ...)
+ TODO: check
+CVE-2024-5005 (An issue has been discovered discovered in GitLab EE/CE
affecting all ...)
+ TODO: check
+CVE-2024-4132 (A DLL hijack vulnerability was reported in Lenovo Lock Screen
that cou ...)
+ TODO: check
+CVE-2024-4131 (A DLL hijack vulnerability was reported in Lenovo Emulator that
could ...)
+ TODO: check
+CVE-2024-4130 (A DLL hijack vulnerability was reported in Lenovo App Store
that could ...)
+ TODO: check
+CVE-2024-4089 (A DLL hijack vulnerability was reported in Lenovo Super File
that coul ...)
+ TODO: check
+CVE-2024-48827 (An issue in sbondCo Watcharr v.1.43.0 allows a remote attacker
to exec ...)
+ TODO: check
+CVE-2024-48813 (SQL injection vulnerability in
employee-management-system-php-and-mysq ...)
+ TODO: check
+CVE-2024-48787 (An issue in Revic Optics Revic Ops (us.revic.revicops) 1.12.5
allows a ...)
+ TODO: check
+CVE-2024-48786 (An issue in SWITCHBOT INC SwitchBot
(com.theswitchbot.switchbot) 5.0.4 ...)
+ TODO: check
+CVE-2024-48784 (An Incorrect Access Control issue in SAMPMAX
com.sampmax.homemax 2.1.2 ...)
+ TODO: check
+CVE-2024-48778 (An issue in GIANT MANUFACTURING CO., LTD RideLink
(tw.giant.ridelink) ...)
+ TODO: check
+CVE-2024-48777 (LEDVANCE com.ledvance.smartplus.eu 2.1.10 allows a remote
attacker to ...)
+ TODO: check
+CVE-2024-48776 (An issue in Shelly com.home.shelly 1.0.4 allows a remote
attacker to o ...)
+ TODO: check
+CVE-2024-48775 (An issue in Plug n Play Camera com.ezset.delaney 1.2.0 allows
a remote ...)
+ TODO: check
+CVE-2024-48774 (An issue in Fermax Asia Pacific Pte Ltd com.fermax.vida 2.4.6
allows a ...)
+ TODO: check
+CVE-2024-48773 (An issue in WoFit v.7.2.3 allows a remote attacker to obtain
sensitive ...)
+ TODO: check
+CVE-2024-48771 (An issue in almando GmbH Almando Play APP (com.almando.play)
1.8.2 all ...)
+ TODO: check
+CVE-2024-48770 (An issue in Plug n Play Camera com.wisdomcity.zwave 1.1.0
allows a rem ...)
+ TODO: check
+CVE-2024-48769 (An issue in BURG-WCHTER KG de.burgwachter.keyapp.app 4.5.0
allows a re ...)
+ TODO: check
+CVE-2024-48768 (An issue in almaodo GmbH appinventor.ai_google.almando_control
2.3.1 a ...)
+ TODO: check
+CVE-2024-48041 (Improper Neutralization of Input During Web Page Generation
(XSS or 'C ...)
+ TODO: check
+CVE-2024-48040 (Improper Neutralization of Special Elements used in an SQL
Command ('S ...)
+ TODO: check
+CVE-2024-48033 (Deserialization of Untrusted Data vulnerability in Elie
Burstein, Bapt ...)
+ TODO: check
+CVE-2024-48020 (Improper Neutralization of Special Elements used in an SQL
Command ('S ...)
+ TODO: check
+CVE-2024-47884 (foxmarks is a CLI read-only interface for Firefox's bookmarks
and hist ...)
+ TODO: check
+CVE-2024-47877 (Extract is aA Go library to extract archives in zip, tar.gz or
tar.bz2 ...)
+ TODO: check
+CVE-2024-47875 (DOMPurify is a DOM-only, super-fast, uber-tolerant XSS
sanitizer for H ...)
+ TODO: check
+CVE-2024-47830 (Plane is an open-source project management tool. Plane uses
the ** wil ...)
+ TODO: check
+CVE-2024-47509 (An Allocation of Resources Without Limits or
Throttlingvulnerability i ...)
+ TODO: check
+CVE-2024-47508 (An Allocation of Resources Without Limits or
Throttlingvulnerability i ...)
+ TODO: check
+CVE-2024-47505 (An Allocation of Resources Without Limits or
Throttlingvulnerability i ...)
+ TODO: check
+CVE-2024-47353 (URL Redirection to Untrusted Site ('Open Redirect')
vulnerability in Q ...)
+ TODO: check
+CVE-2024-47331 (Improper Neutralization of Special Elements used in an SQL
Command ('S ...)
+ TODO: check
+CVE-2024-47074 (DataEase is an open source data visualization analysis tool.
In Dataea ...)
+ TODO: check
+CVE-2024-46532 (SQL Injection vulnerability in OpenHIS v.1.0 allows an
attacker to exe ...)
+ TODO: check
+CVE-2024-46215 (A vulnerability was discovered in KM08-708H-v1.1, There is a
buffer ov ...)
+ TODO: check
+CVE-2024-46088 (An arbitrary file upload vulnerability in the
ProductAction.entphone i ...)
+ TODO: check
+CVE-2024-45403 (h2o is an HTTP server with support for HTTP/1.x, HTTP/2 and
HTTP/3. Wh ...)
+ TODO: check
+CVE-2024-45402 (Picotls is a TLS protocol library that allows users select
different c ...)
+ TODO: check
+CVE-2024-45397 (h2o is an HTTP server with support for HTTP/1.x, HTTP/2 and
HTTP/3. Wh ...)
+ TODO: check
+CVE-2024-45396 (Quicly is an IETF QUIC protocol implementation. Quicly up to
commtit d ...)
+ TODO: check
+CVE-2024-45317 (A Server-Side Request Forgery (SSRF) vulnerability in SMA1000
applianc ...)
+ TODO: check
+CVE-2024-45316 (The Improper link resolution before file access ('Link
Following') vul ...)
+ TODO: check
+CVE-2024-45315 (The Improper link resolution before file access ('Link
Following') vul ...)
+ TODO: check
+CVE-2024-44807 (A directory listing issue in the baserCMS plugin in D-ZERO
CO., LTD. B ...)
+ TODO: check
+CVE-2024-44734 (Incorrect access control in Mirotalk before commit 9de226
allows attac ...)
+ TODO: check
+CVE-2024-44731 (Mirotalk before commit 9de226 was discovered to contain a
DOM-based cr ...)
+ TODO: check
+CVE-2024-44730 (Incorrect access control in the function
handleDataChannelChat(dataMes ...)
+ TODO: check
+CVE-2024-44729 (Incorrect access control in the component app/src/server.js of
Mirotal ...)
+ TODO: check
+CVE-2024-44415 (A vulnerability was discovered in DI_8200-16.07.26A1, There is
a buffe ...)
+ TODO: check
+CVE-2024-44414 (A vulnerability was discovered in FBM_292W-21.03.10V, which
has been c ...)
+ TODO: check
+CVE-2024-44413 (A vulnerability was discovered in DI_8200-16.07.26A1, which
has been c ...)
+ TODO: check
+CVE-2024-44157 (A stack buffer overflow was addressed through improved input
validatio ...)
+ TODO: check
+CVE-2024-42640 (angular-base64-upload prior to v0.1.21 is vulnerable to
unauthenticate ...)
+ TODO: check
+CVE-2024-42018 (An issue was discovered in Atos Eviden SMC xScale before
1.6.6. During ...)
+ TODO: check
+CVE-2024-38365 (btcd is an alternative full node bitcoin implementation
written in Go ...)
+ TODO: check
+CVE-2024-33582 (A DLL hijack vulnerability was reported in Lenovo Service
Framework th ...)
+ TODO: check
+CVE-2024-33581 (A DLL hijack vulnerability was reported in Lenovo PC Manager
AI intell ...)
+ TODO: check
+CVE-2024-33580 (A DLL hijack vulnerability was reported in Lenovo Personal
Cloud that ...)
+ TODO: check
+CVE-2024-33579 (A DLL hijack vulnerability was reported in Lenovo Baiying that
could a ...)
+ TODO: check
+CVE-2024-33578 (A DLL hijack vulnerability was reported in Lenovo Leyun that
could all ...)
+ TODO: check
+CVE-2024-25622 (h2o is an HTTP server with support for HTTP/1.x, HTTP/2 and
HTTP/3. Th ...)
+ TODO: check
+CVE-2023-42133 (PAX Android based POS devices allow for escalation of
privilege via im ...)
+ TODO: check
CVE-2024-9779
NOT-FOR-US: Open Cluster Management (OCM)
-CVE-2024-47499
+CVE-2024-47499 (An Improper Check for Unusual or Exceptional Conditions
vulnerability ...)
NOT-FOR-US: Juniper
-CVE-2024-47506
+CVE-2024-47506 (A Deadlock vulnerability in the packet forwarding engine (PFE)
of Juni ...)
NOT-FOR-US: Juniper
-CVE-2024-39544
+CVE-2024-39544 (AnIncorrect Default Permissions vulnerability in the command
line inte ...)
NOT-FOR-US: Juniper
-CVE-2024-47494
+CVE-2024-47494 (A Time-of-check Time-of-use (TOCTOU) Race Condition
vulnerability in t ...)
NOT-FOR-US: Juniper
-CVE-2024-47493
+CVE-2024-47493 (A Missing Release of Memory after Effective Lifetime
vulnerability in ...)
NOT-FOR-US: Juniper
-CVE-2024-47495
+CVE-2024-47495 (An Authorization Bypass Through User-Controlled Key
vulnerability allo ...)
NOT-FOR-US: Juniper
-CVE-2024-39526
+CVE-2024-39526 (An Improper Handling of Exceptional Conditions vulnerability
in packet ...)
NOT-FOR-US: Juniper
-CVE-2024-47497
+CVE-2024-47497 (An Uncontrolled Resource Consumption vulnerability in the http
daemon ...)
NOT-FOR-US: Juniper
-CVE-2024-47507
+CVE-2024-47507 (An Improper Check for Unusual or Exceptional Conditions
vulnerability ...)
NOT-FOR-US: Juniper
-CVE-2024-47503
+CVE-2024-47503 (An Improper Check for Unusual or Exceptional Conditions
vulnerability ...)
NOT-FOR-US: Juniper
-CVE-2024-47504
+CVE-2024-47504 (An Improper Validation of Specified Type of Input
vulnerability in the ...)
NOT-FOR-US: Juniper
-CVE-2024-47489
+CVE-2024-47489 (An Improper Handling of Exceptional Conditions vulnerability
in the Pa ...)
NOT-FOR-US: Juniper
-CVE-2024-47501
+CVE-2024-47501 (A NULL Pointer Dereference vulnerability in the packet
forwarding en ...)
NOT-FOR-US: Juniper
-CVE-2024-39534
+CVE-2024-39534 (AnIncorrect Comparison vulnerability in the local address
verification ...)
NOT-FOR-US: Juniper
-CVE-2024-39547
+CVE-2024-39547 (AnImproper Handling of Exceptional Conditions vulnerability in
the rpd ...)
NOT-FOR-US: Juniper
-CVE-2024-47502
+CVE-2024-47502 (An Allocation of Resources Without Limits or Throttling
vulnerability ...)
NOT-FOR-US: Juniper
-CVE-2024-39563
+CVE-2024-39563 (A Command Injectionvulnerability in Juniper Networks Junos
Space allow ...)
NOT-FOR-US: Juniper
-CVE-2024-47491
+CVE-2024-47491 (An Improper Handling of Exceptional Conditions vulnerability
in the Ro ...)
NOT-FOR-US: Juniper
-CVE-2024-47490
+CVE-2024-47490 (An Improper Restriction of Communication Channel to Intended
Endpoints ...)
NOT-FOR-US: Juniper
-CVE-2024-47496
+CVE-2024-47496 (ANULL Pointer Dereference vulnerability in the Packet
Forwarding Engin ...)
NOT-FOR-US: Juniper
-CVE-2024-39527
+CVE-2024-39527 (AnExposure of Sensitive Information to an Unauthorized Actor
vulnerabi ...)
NOT-FOR-US: Juniper
-CVE-2024-47498
+CVE-2024-47498 (An Unimplemented or Unsupported Feature in UI vulnerability in
the CLI ...)
NOT-FOR-US: Juniper
CVE-2024-9822 (The Pedalo Connector plugin for WordPress is vulnerable to
authenticat ...)
NOT-FOR-US: WordPress plugin
@@ -8042,7 +8210,7 @@ CVE-2024-44809 (A remote code execution (RCE)
vulnerability exists in the Pi Cam
NOT-FOR-US: Pi Camera
CVE-2024-44808 (An issue in Vypor Attack API System v.1.0 allows a remote
attacker to ...)
NOT-FOR-US: Vypor Attack API System
-CVE-2024-44400 (D-Link DI-8400 16.07.26A1 is vulnerable to Command Injection
via upgra ...)
+CVE-2024-44400 (A vulnerability was discovered in DI_8400-16.07.26A1, which
has been c ...)
NOT-FOR-US: D-Link
CVE-2024-44383 (WAYOS FBM-291W v19.09.11 is vulnerable to Command Execution
via msp_in ...)
NOT-FOR-US: WAYOS
View it on GitLab:
https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/3f120fda729c5524a4469500a347f9bab8d35fd8
--
View it on GitLab:
https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/3f120fda729c5524a4469500a347f9bab8d35fd8
You're receiving this email because of your account on salsa.debian.org.
_______________________________________________
debian-security-tracker-commits mailing list
[email protected]
https://alioth-lists.debian.net/cgi-bin/mailman/listinfo/debian-security-tracker-commits
