Salvatore Bonaccorso pushed to branch master at Debian Security Tracker /
security-tracker
Commits:
d3975344 by security tracker role at 2024-10-16T20:12:10+00:00
automatic update
- - - - -
1 changed file:
- data/CVE/list
Changes:
=====================================
data/CVE/list
=====================================
@@ -1,3 +1,175 @@
+CVE-2024-9893 (The Nextend Social Login Pro plugin for WordPress is vulnerable
to aut ...)
+ TODO: check
+CVE-2024-9858 (There exists an insecure default user permission in Google
Cloud Migra ...)
+ TODO: check
+CVE-2024-9444 (The ElementsReady Addons for Elementor plugin for WordPress is
vulnera ...)
+ TODO: check
+CVE-2024-9348 (Docker Desktop before v4.34.3 allows RCE via unsanitized GitHub
source ...)
+ TODO: check
+CVE-2024-9143 (Issue summary: Use of the low-level GF(2^m) elliptic curve APIs
with u ...)
+ TODO: check
+CVE-2024-8921 (The Zita Elementor Site Library plugin for WordPress is
vulnerable to ...)
+ TODO: check
+CVE-2024-8040 (An authorization bypass through user-controlled key
vulnerability affe ...)
+ TODO: check
+CVE-2024-6380 (A reflected Cross-site Scripting (XSS) vulnerability affecting
ENOVIA ...)
+ TODO: check
+CVE-2024-4692 (Improper Validation of Specified Quantity in Input
vulnerability in Op ...)
+ TODO: check
+CVE-2024-49271 (: Improper Neutralization of Special Elements Used in a
Template Engin ...)
+ TODO: check
+CVE-2024-49270 (Improper Neutralization of Input During Web Page Generation
(XSS or 'C ...)
+ TODO: check
+CVE-2024-49268 (Improper Neutralization of Input During Web Page Generation
(XSS or 'C ...)
+ TODO: check
+CVE-2024-49267 (Improper Neutralization of Input During Web Page Generation
(XSS or 'C ...)
+ TODO: check
+CVE-2024-49266 (Improper Neutralization of Input During Web Page Generation
(XSS or 'C ...)
+ TODO: check
+CVE-2024-49265 (Improper Neutralization of Input During Web Page Generation
(XSS or 'C ...)
+ TODO: check
+CVE-2024-49260 (Unrestricted Upload of File with Dangerous Type vulnerability
in Limb ...)
+ TODO: check
+CVE-2024-49258 (Path Traversal: '.../...//' vulnerability in Limb WordPress
Gallery Pl ...)
+ TODO: check
+CVE-2024-49257 (Unrestricted Upload of File with Dangerous Type vulnerability
in Denis ...)
+ TODO: check
+CVE-2024-49254 (Improper Control of Generation of Code ('Code Injection')
vulnerabilit ...)
+ TODO: check
+CVE-2024-49253 (Relative Path Traversal vulnerability in James Park Analyse
Uploads al ...)
+ TODO: check
+CVE-2024-49252 (: Exposure of Sensitive System Information to an Unauthorized
Control ...)
+ TODO: check
+CVE-2024-49251 (: Improper Control of Filename for Include/Require Statement
in PHP Pr ...)
+ TODO: check
+CVE-2024-49247 (: Authentication Bypass Using an Alternate Path or Channel
vulnerabili ...)
+ TODO: check
+CVE-2024-49245 (Improper Limitation of a Pathname to a Restricted Directory
('Path Tra ...)
+ TODO: check
+CVE-2024-49242 (Unrestricted Upload of File with Dangerous Type vulnerability
in Shafi ...)
+ TODO: check
+CVE-2024-49227 (Deserialization of Untrusted Data vulnerability in Innovaweb
Sp. Z o.O ...)
+ TODO: check
+CVE-2024-49226 (Deserialization of Untrusted Data vulnerability in TAKETIN
TAKETIN To ...)
+ TODO: check
+CVE-2024-49218 (Deserialization of Untrusted Data vulnerability in Al Imran
Akash Rece ...)
+ TODO: check
+CVE-2024-49216 (Unrestricted Upload of File with Dangerous Type vulnerability
in Joshu ...)
+ TODO: check
+CVE-2024-48744 (A Reflected Cross Site Scripting (XSS) vulnerability was found
in /trm ...)
+ TODO: check
+CVE-2024-48042 (Improper Neutralization of Special Elements Used in a Template
Engine ...)
+ TODO: check
+CVE-2024-48035 (Unrestricted Upload of File with Dangerous Type vulnerability
in Takay ...)
+ TODO: check
+CVE-2024-48034 (Unrestricted Upload of File with Dangerous Type vulnerability
in Flipe ...)
+ TODO: check
+CVE-2024-48030 (Deserialization of Untrusted Data vulnerability in Gabriele
Valenti Te ...)
+ TODO: check
+CVE-2024-48029 (: Improper Control of Filename for Include/Require Statement
in PHP Pr ...)
+ TODO: check
+CVE-2024-48028 (Deserialization of Untrusted Data vulnerability in Boyan
Raichev IP Lo ...)
+ TODO: check
+CVE-2024-48027 (Unrestricted Upload of File with Dangerous Type vulnerability
in xaraa ...)
+ TODO: check
+CVE-2024-48026 (Deserialization of Untrusted Data vulnerability in Grayson
Robbins Dis ...)
+ TODO: check
+CVE-2024-47836 (Admidio is an open-source user management solution. Prior to
version 4 ...)
+ TODO: check
+CVE-2024-47649 (Unrestricted Upload of File with Dangerous Type vulnerability
in THATp ...)
+ TODO: check
+CVE-2024-47645 (Improper Limitation of a Pathname to a Restricted Directory
('Path Tra ...)
+ TODO: check
+CVE-2024-47637 (: Relative Path Traversal vulnerability in LiteSpeed
Technologies Lite ...)
+ TODO: check
+CVE-2024-47522 (Suricata is a network Intrusion Detection System, Intrusion
Prevention ...)
+ TODO: check
+CVE-2024-47351 (Improper Limitation of a Pathname to a Restricted Directory
('Path Tra ...)
+ TODO: check
+CVE-2024-47188 (Suricata is a network Intrusion Detection System, Intrusion
Prevention ...)
+ TODO: check
+CVE-2024-47187 (Suricata is a network Intrusion Detection System, Intrusion
Prevention ...)
+ TODO: check
+CVE-2024-47139 (A stored cross-site scripting (XSS) vulnerability exists in an
undiscl ...)
+ TODO: check
+CVE-2024-46606 (A cross-site scripting (XSS) vulnerability in the component
/admin.php ...)
+ TODO: check
+CVE-2024-46605 (A cross-site scripting (XSS) vulnerability in the component
/admin.php ...)
+ TODO: check
+CVE-2024-45844 (BIG-IP monitor functionality may allow an attacker to bypass
access co ...)
+ TODO: check
+CVE-2024-45797 (LibHTP is a security-aware parser for the HTTP protocol and
the relate ...)
+ TODO: check
+CVE-2024-45796 (Suricata is a network Intrusion Detection System, Intrusion
Prevention ...)
+ TODO: check
+CVE-2024-45795 (Suricata is a network Intrusion Detection System, Intrusion
Prevention ...)
+ TODO: check
+CVE-2024-45072 (IBM WebSphere Application Server 8.5 and 9.0 is vulnerable to
an XML E ...)
+ TODO: check
+CVE-2024-45071 (IBM WebSphere Application Server 8.5 and 9.0 is vulnerable to
stored c ...)
+ TODO: check
+CVE-2024-41128 (Action Pack is a framework for handling and responding to web
requests ...)
+ TODO: check
+CVE-2024-38814 (An authenticated SQL injection vulnerability in VMware HCX was
private ...)
+ TODO: check
+CVE-2024-29155 (On Microchip RN4870 devices, when more than one consecutive
PairReqNoI ...)
+ TODO: check
+CVE-2024-22033 (The OBS service obs-service-download_url was vulnerable to a
command i ...)
+ TODO: check
+CVE-2024-22032 (A vulnerability has been identified in which an RKE1 cluster
keeps co ...)
+ TODO: check
+CVE-2024-22030 (A vulnerability has been identified within Rancher that can be
exploit ...)
+ TODO: check
+CVE-2024-20512 (A vulnerability in the web-based management interface of Cisco
Unified ...)
+ TODO: check
+CVE-2024-20463 (A vulnerability in the web-based management interface of Cisco
ATA 190 ...)
+ TODO: check
+CVE-2024-20462 (A vulnerability in the web-based management interface of Cisco
ATA 190 ...)
+ TODO: check
+CVE-2024-20461 (A vulnerability in the CLI of Cisco ATA 190 Series Analog
Telepho ...)
+ TODO: check
+CVE-2024-20460 (A vulnerability in the web-based management interface of Cisco
ATA 190 ...)
+ TODO: check
+CVE-2024-20459 (A vulnerability in the web-based management interface of Cisco
ATA 190 ...)
+ TODO: check
+CVE-2024-20458 (A vulnerability in the web-based management interface of Cisco
ATA 190 ...)
+ TODO: check
+CVE-2024-20421 (A vulnerability in the web-based management interface of Cisco
ATA 190 ...)
+ TODO: check
+CVE-2024-20420 (A vulnerability in the web-based management interface of Cisco
ATA 190 ...)
+ TODO: check
+CVE-2024-20280 (A vulnerability in the backup feature of Cisco UCS Central
Software co ...)
+ TODO: check
+CVE-2024-10033 (A vulnerability was found in aap-gateway. A Cross-site
Scripting (XSS) ...)
+ TODO: check
+CVE-2024-10024 (A vulnerability, which was classified as critical, has been
found in c ...)
+ TODO: check
+CVE-2024-10023 (A vulnerability classified as critical was found in
code-projects Phar ...)
+ TODO: check
+CVE-2024-10022 (A vulnerability classified as critical has been found in
code-projects ...)
+ TODO: check
+CVE-2024-10021 (A vulnerability was found in code-projects Pharmacy Management
System ...)
+ TODO: check
+CVE-2023-32266 (Untrusted Search Path vulnerability in OpenText\u2122
Application Life ...)
+ TODO: check
+CVE-2023-32196 (A vulnerability has been identified whereby privilege
escalation check ...)
+ TODO: check
+CVE-2023-32194 (A vulnerability has been identified when granting a create or
* global ...)
+ TODO: check
+CVE-2023-32193 (A vulnerability has been identified in which unauthenticated
cross-sit ...)
+ TODO: check
+CVE-2023-32192 (A vulnerability has been identified in which unauthenticated
cross-sit ...)
+ TODO: check
+CVE-2023-32191 (When RKE provisions a cluster, it stores the cluster state in
a config ...)
+ TODO: check
+CVE-2023-32190 (mlocate's %post script allows RUN_UPDATEDB_AS user to make
arbitrary f ...)
+ TODO: check
+CVE-2023-32189 (Insecure handling of ssh keys used to bootstrap clients allows
local a ...)
+ TODO: check
+CVE-2023-32188 (A user can reverse engineer the JWT token (JSON Web Token)
used in aut ...)
+ TODO: check
+CVE-2020-36841 (The WooCommerce Smart Coupons plugin for WordPress is
vulnerable to au ...)
+ TODO: check
CVE-2024-9966 (Inappropriate implementation in Navigations in Google Chrome
prior to ...)
- chromium <unfixed>
[bullseye] - chromium <end-of-life> (see #1061268)
@@ -353,7 +525,7 @@ CVE-2024-44337 (The package
`github.com/gomarkdown/markdown` is a Go library for
TODO: check
CVE-2024-41344 (A Cross-Site Request Forgery (CSRF) in Codeigniter 3.1.13
allows attac ...)
TODO: check
-CVE-2024-35584 (SQL injection vulnerability in Ajax.php, ForWindow.php,
ForExport.php, ...)
+CVE-2024-35584 (SQL injection vulnerabilities were discovered in Ajax.php,
ForWindow.p ...)
TODO: check
CVE-2024-21286 (Vulnerability in the PeopleSoft Enterprise ELM Enterprise
Learning Man ...)
NOT-FOR-US: Oracle
@@ -11974,7 +12146,7 @@ CVE-2022-48867 (In the Linux kernel, the following
vulnerability has been resolv
NOTE:
https://git.kernel.org/linus/1beeec45f9ac31eba52478379f70a5fa9c2ad005 (6.2-rc5)
CVE-2024-8007 (A flaw was found in the openstack-tripleo-common component of
the Red ...)
NOT-FOR-US: RHOSP Director / Red Hat OpenStack Platform
-CVE-2024-22034
+CVE-2024-22034 (Attackers could put the special files in .osc into the actual
package ...)
- osc 1.9.0-1
[bookworm] - osc <no-dsa> (Minor issue)
[bullseye] - osc <postponed> (Minor issue)
@@ -34503,13 +34675,13 @@ CVE-2021-47499 (In the Linux kernel, the following
vulnerability has been resolv
NOTE:
https://git.kernel.org/linus/70c9774e180d151abaab358108e3510a8e615215 (5.16-rc5)
CVE-2024-28793 (IBM Engineering Workflow Management 7.0.2 and 7.0.3 is
vulnerable to s ...)
NOT-FOR-US: Jenkins plugin
-CVE-2024-4189
+CVE-2024-4189 (Improper Restriction of XML External Entity Reference
vulnerability in ...)
NOT-FOR-US: Jenkins plugin
-CVE-2024-4184
+CVE-2024-4184 (Improper Restriction of XML External Entity Reference
vulnerability in ...)
NOT-FOR-US: Jenkins plugin
-CVE-2024-4690
+CVE-2024-4690 (Improper Restriction of XML External Entity Reference
vulnerability in ...)
NOT-FOR-US: Jenkins plugin
-CVE-2024-4211
+CVE-2024-4211 (Improper Validation of Specified Quantity in Input
vulnerability in Op ...)
NOT-FOR-US: Jenkins plugin
CVE-2024-4691
NOT-FOR-US: Jenkins plugin
@@ -57539,7 +57711,7 @@ CVE-2023-31634 (In TeslaMate before 1.27.2, there is
unauthorized access to port
NOT-FOR-US: TeslaMate
CVE-2017-20190 (Some Microsoft technologies as used in Windows 8 through 11
allow a te ...)
NOT-FOR-US: Microsoft
-CVE-2024-22029
+CVE-2024-22029 (Insecure permissions in the packaging of tomcat allow local
users that ...)
- tomcat10 <not-affected> (SUSE specfic packaging issue on
/usr/share/tomcat/tomcat-webapps permissions)
- tomcat9 <not-affected> (SUSE specfic packaging issue on
/usr/share/tomcat/tomcat-webapps permissions)
NOTE: https://bugzilla.suse.com/show_bug.cgi?id=1219208#c12
@@ -129329,15 +129501,15 @@ CVE-2023-25917
RESERVED
CVE-2023-25916
RESERVED
-CVE-2023-25915 (Due to improper input validation, a remote attacker could
execute arbi ...)
+CVE-2023-25915 (Due to improper input validation, an authenticated remote
attacker cou ...)
NOT-FOR-US: Danfoss AK-SM80A
-CVE-2023-25914 (Due to improper restriction, attackers could retrieve and read
system ...)
+CVE-2023-25914 (Due to improper restriction, authenticated attackers could
retrieve an ...)
NOT-FOR-US: Danfoss AK-SM80A
CVE-2023-25913 (Because of an authentication flaw an attacker would be capable
of gene ...)
NOT-FOR-US: Danfoss AK-SM80A
CVE-2023-25912 (The webreport generation feature in the Danfoss AK-EM100
allows an una ...)
NOT-FOR-US: Danfoss AK-EM100
-CVE-2023-25911 (The Danfoss AK-EM100 web applications allow for OS command
injection t ...)
+CVE-2023-25911 (The Danfoss AK-EM100 web applications allow for an
authenticated user ...)
NOT-FOR-US: Danfoss AK-EM100
CVE-2023-25910 (A vulnerability has been identified in SIMATIC PCS 7 (All
versions < V ...)
NOT-FOR-US: Siemens
@@ -139780,8 +139952,8 @@ CVE-2023-22652 (A Buffer Copy without Checking Size
of Input ('Classic Buffer Ov
NOTE:
https://github.com/openSUSE/libeconf/commit/8d086dfc69d4299e55e4844e3573b3a4cf420f19
(v0.5.2)
CVE-2023-22651 (Improper Privilege Management vulnerability in SUSE Rancher
allows Pri ...)
NOT-FOR-US: Rancher
-CVE-2023-22650
- RESERVED
+CVE-2023-22650 (A vulnerability has been identified in which Rancher does not
automati ...)
+ TODO: check
CVE-2023-22649 (A vulnerability has been identified which may lead to
sensitive data b ...)
TODO: check
CVE-2023-22648 (A Improper Privilege Management vulnerability in SUSE Rancher
causes p ...)
View it on GitLab:
https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/d39753448352c42f73283ed8b26f516ed1a19700
--
View it on GitLab:
https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/d39753448352c42f73283ed8b26f516ed1a19700
You're receiving this email because of your account on salsa.debian.org.
_______________________________________________
debian-security-tracker-commits mailing list
[email protected]
https://alioth-lists.debian.net/cgi-bin/mailman/listinfo/debian-security-tracker-commits
