Salvatore Bonaccorso pushed to branch master at Debian Security Tracker /
security-tracker
Commits:
311b15cd by security tracker role at 2024-10-25T20:12:46+00:00
automatic update
- - - - -
1 changed file:
- data/CVE/list
Changes:
=====================================
data/CVE/list
=====================================
@@ -1,3 +1,147 @@
+CVE-2024-9991 (This vulnerability exists in Philips lighting devices due to
storage o ...)
+ TODO: check
+CVE-2024-9585 (The Image Map Pro plugin for WordPress is vulnerable to Stored
Cross-S ...)
+ TODO: check
+CVE-2024-9584 (The Image Map Pro plugin for WordPress is vulnerable to
unauthorized m ...)
+ TODO: check
+CVE-2024-8666 (The Shoutcast Icecast HTML5 Radio Player plugin for WordPress
is vulne ...)
+ TODO: check
+CVE-2024-8036 (ABB is aware of privately reported vulnerabilities in the
product vers ...)
+ TODO: check
+CVE-2024-49767 (Werkzeug is a Web Server Gateway Interface web application
library. Ap ...)
+ TODO: check
+CVE-2024-49766 (Werkzeug is a Web Server Gateway Interface web application
library. On ...)
+ TODO: check
+CVE-2024-49757 (The open-source identity infrastructure software Zitadel
allows admini ...)
+ TODO: check
+CVE-2024-49753 (Zitadel is open-source identity infrastructure software.
Versions prio ...)
+ TODO: check
+CVE-2024-49381 (Plenti, a static site generator, has an arbitrary file
deletion vulner ...)
+ TODO: check
+CVE-2024-49380 (Plenti, a static site generator, has an arbitrary file write
vulnerabi ...)
+ TODO: check
+CVE-2024-49378 (smartUp, a web browser mouse gestures extension, has a
universal cross ...)
+ TODO: check
+CVE-2024-49376 (Autolab, a course management service that enables auto-graded
programm ...)
+ TODO: check
+CVE-2024-48743 (Cross Site Scripting vulnerability in Sentry v.6.0.9 allows a
remote a ...)
+ TODO: check
+CVE-2024-48700 (Kliqqi-CMS has a background arbitrary code execution
vulnerability tha ...)
+ TODO: check
+CVE-2024-48655 (An issue in Total.js CMS v.1.0 allows a remote attacker to
execute arb ...)
+ TODO: check
+CVE-2024-48654 (Cross Site Scripting vulnerability in Blood Bank v.1 allows a
remote a ...)
+ TODO: check
+CVE-2024-48581 (File Upload vulnerability in Best courier management system in
php v.1 ...)
+ TODO: check
+CVE-2024-48580 (SQL Injection vulnerability in Best courier management system
in php v ...)
+ TODO: check
+CVE-2024-48579 (SQL Injection vulnerability in Best House rental management
system pro ...)
+ TODO: check
+CVE-2024-48459 (A command execution vulnerability exists in the AX2 Pro home
router pr ...)
+ TODO: check
+CVE-2024-48450 (An arbitrary file upload vulnerability in Huly Platform
v0.6.295 allow ...)
+ TODO: check
+CVE-2024-48448 (An arbitrary file upload vulnerability in Huly Platform
v0.6.295 allow ...)
+ TODO: check
+CVE-2024-48428 (An issue in Olive VLE allows an attacker to obtain sensitive
informati ...)
+ TODO: check
+CVE-2024-48343 (A SQL Injection vulnerability in ESAFENET CDG 5 and earlier
allows an ...)
+ TODO: check
+CVE-2024-48204 (SQL injection vulnerability in Hanzhou Haobo network
management system ...)
+ TODO: check
+CVE-2024-47483 (Dell Data Lakehouse, version(s) 1.0.0.0 and 1.1.0.0,
contain(s) an Imp ...)
+ TODO: check
+CVE-2024-47481 (Dell Data Lakehouse, version(s) 1.0.0.0, 1.1.0., contain(s) an
Imprope ...)
+ TODO: check
+CVE-2024-47041 (In valid_address of syscall.c, there is a possible out of
bounds read ...)
+ TODO: check
+CVE-2024-47035 (In vring_init of
external/headers/include/virtio/virtio_ring.h, there ...)
+ TODO: check
+CVE-2024-47034 (there is a possible out of bounds read due to a missing bounds
check. ...)
+ TODO: check
+CVE-2024-47033 (In lwis_allocator_free of lwis_allocator.c, there is a
possible memory ...)
+ TODO: check
+CVE-2024-47031 (Android before 2024-10-05 on Google Pixel devices allows
privilege esc ...)
+ TODO: check
+CVE-2024-47030 (Android before 2024-10-05 on Google Pixel devices allows
information d ...)
+ TODO: check
+CVE-2024-47029 (In TrustySharedMemoryManager::GetSharedMemory of
ondevice/trusty/trust ...)
+ TODO: check
+CVE-2024-47028 (In ffu_flash_pack of ffu.c, there is a possible out of bounds
read due ...)
+ TODO: check
+CVE-2024-47027 (In sm_mem_compat_get_vmm_obj of lib/sm/shared_mem.c, there is
a possib ...)
+ TODO: check
+CVE-2024-47026 (In gsc_gsa_rescue of gsc_gsa.c, there is a possible out of
bounds read ...)
+ TODO: check
+CVE-2024-47025 (In ppmp_protect_buf of drm_fw.c, there is a possible
information discl ...)
+ TODO: check
+CVE-2024-47024 (In vring_size of
external/headers/include/virtio/virtio_ring.h, there ...)
+ TODO: check
+CVE-2024-47023 (there is a possible man-in-the-middle attack due to a logic
error in t ...)
+ TODO: check
+CVE-2024-47022 (Android before 2024-10-05 on Google Pixel devices allows
information d ...)
+ TODO: check
+CVE-2024-47021 (In sms_ExtractCbLanguage of sms_CellBroadcast.c, there is a
possible o ...)
+ TODO: check
+CVE-2024-47020 (Android before 2024-10-05 on Google Pixel devices allows
information d ...)
+ TODO: check
+CVE-2024-47019 (In ProtocolEmbmsSaiListAdapter::Init() of
protocolembmsadapter.cpp, th ...)
+ TODO: check
+CVE-2024-47018 (In pmucal_rae_handle_seq_int of flexpmu_cal_rae.c, there is a
possible ...)
+ TODO: check
+CVE-2024-47017 (In ufshc_scsi_cmd of ufs.c, there is a possible stack variable
use aft ...)
+ TODO: check
+CVE-2024-47016 (there is a possible privilege escalation due to an insecure
default va ...)
+ TODO: check
+CVE-2024-47015 (In ProtocolMiscHwConfigChangeAdapter::GetData() of
protocolmiscadapter ...)
+ TODO: check
+CVE-2024-47014 (Android before 2024-10-05 on Google Pixel devices allows
privilege esc ...)
+ TODO: check
+CVE-2024-47013 (In pmucal_rae_handle_seq_int of flexpmu_cal_rae.c, there is a
possible ...)
+ TODO: check
+CVE-2024-47012 (In mm_GetMobileIdIndexForNsUpdate of mm_GmmPduCodec.c, there
is a poss ...)
+ TODO: check
+CVE-2024-44101 (there is a possible Null Pointer Dereference (modem crash) due
to impr ...)
+ TODO: check
+CVE-2024-44100 (Android before 2024-10-05 on Google Pixel devices allows
information d ...)
+ TODO: check
+CVE-2024-44099 (There is a possible Local bypass of user interaction due to an
insecur ...)
+ TODO: check
+CVE-2024-44098 (In lwis_device_event_states_clear_locked of lwis_event.c,
there is a p ...)
+ TODO: check
+CVE-2024-37847 (An arbitrary file upload vulnerability in MangoOS before 5.1.4
and Man ...)
+ TODO: check
+CVE-2024-37846 (MangoOS before 5.2.0 was discovered to contain a Client-Side
Template ...)
+ TODO: check
+CVE-2024-37845 (MangoOS before 5.2.0 was discovered to contain an
authenticated remote ...)
+ TODO: check
+CVE-2024-37844 (A stored cross-site scripting (XSS) vulnerability in MangoOS
before 5. ...)
+ TODO: check
+CVE-2024-10387 (CVE-2024-10387 IMPACT A Denial-of-Service vulnerability
exists in t ...)
+ TODO: check
+CVE-2024-10386 (CVE-2024-10386 IMPACT An authentication vulnerability
exists in the ...)
+ TODO: check
+CVE-2024-10381 (This vulnerability exists in Matrix Door Controller Cosec Vega
FAXQ du ...)
+ TODO: check
+CVE-2024-10380 (A vulnerability, which was classified as critical, has been
found in S ...)
+ TODO: check
+CVE-2024-10379 (A vulnerability classified as problematic was found in
ESAFENET CDG 5. ...)
+ TODO: check
+CVE-2024-10378 (A vulnerability classified as critical has been found in
ESAFENET CDG ...)
+ TODO: check
+CVE-2024-10377 (A vulnerability was found in ESAFENET CDG 5. It has been rated
as crit ...)
+ TODO: check
+CVE-2024-10376 (A vulnerability was found in ESAFENET CDG 5. It has been
declared as c ...)
+ TODO: check
+CVE-2024-10374 (The WP-Members Membership Plugin plugin for WordPress is
vulnerable to ...)
+ TODO: check
+CVE-2024-10343 (The Beek Widget Extention plugin for WordPress is vulnerable
to Stored ...)
+ TODO: check
+CVE-2024-10112 (The Simple News plugin for WordPress is vulnerable to Stored
Cross-Sit ...)
+ TODO: check
+CVE-2024-10016 (The File Upload Types by WPForms plugin for WordPress is
vulnerable to ...)
+ TODO: check
CVE-2024-9686 (The Order Notification for Telegram plugin for WordPress is
vulnerable ...)
NOT-FOR-US: WordPress plugin
CVE-2024-9630 (The WPS Telegram Chat plugin for WordPress is vulnerable to
authorizat ...)
@@ -2339,7 +2483,7 @@ CVE-2024-47634 (Cross-Site Request Forgery (CSRF)
vulnerability in Streamline.Lv
NOT-FOR-US: WordPress plugin
CVE-2024-47325 (Improper Neutralization of Special Elements used in an SQL
Command ('S ...)
NOT-FOR-US: WordPress plugin
-CVE-2024-44061 (Improper Neutralization of Script-Related HTML Tags in a Web
Page (Bas ...)
+CVE-2024-44061 (: Improper Neutralization of Script-Related HTML Tags in a Web
Page (B ...)
NOT-FOR-US: WordPress plugin
CVE-2024-44000 (Insufficiently Protected Credentials vulnerability in
LiteSpeed Techno ...)
NOT-FOR-US: WordPress plugin
@@ -3304,7 +3448,7 @@ CVE-2024-45085 (IBM WebSphere Application Server 8.5 is
vulnerable to a denial o
CVE-2024-44775 (An issue in kmqtt v0.2.7 allows attackers to cause a Denial of
Service ...)
NOT-FOR-US: kmqtt
CVE-2024-41311 (In Libheif 1.17.6, insufficient checks in
ImageOverlay::parse() decodi ...)
- {DLA-3934-1}
+ {DSA-5796-1 DLA-3934-1}
- libheif 1.18.1-1
NOTE: https://github.com/strukturag/libheif/issues/1226
NOTE: https://github.com/strukturag/libheif/pull/1227
@@ -3953,7 +4097,7 @@ CVE-2024-40616
REJECTED
CVE-2023-50780 (Apache ActiveMQ Artemis allows access to diagnostic
information and co ...)
NOT-FOR-US: Apache ActiveMQ Artemis
-CVE-2023-48082 (Nagios XI before 5.11.3 2024R1 was discovered to improperly
handle API ...)
+CVE-2023-48082 (Nagios XI before 2024R1 was discovered to improperly handle
API keys g ...)
NOT-FOR-US: Nagios XI
CVE-2023-45817
REJECTED
@@ -21033,6 +21177,7 @@ CVE-2024-41817 (ImageMagick is a free and open-source
software suite, used for e
NOTE:
https://github.com/ImageMagick/ImageMagick/security/advisories/GHSA-8rxc-922v-phg8
NOTE:
https://github.com/ImageMagick/ImageMagick/commit/6526a2b28510ead6a3e14de711bb991ad9abff38
CVE-2024-41810 (Twisted is an event-based framework for internet applications,
support ...)
+ {DSA-5797-1}
- twisted 24.7.0-1 (bug #1077680)
NOTE:
https://github.com/twisted/twisted/security/advisories/GHSA-cf56-g6w6-pqq2
NOTE: Merge commit:
https://github.com/twisted/twisted/commit/046a164f89a0f08d3239ecebd750360f8914df33
(twisted-24.7.0rc1)
@@ -21043,6 +21188,7 @@ CVE-2024-41726 (Path traversal vulnerability exists in
SKYSEA Client View Ver.3.
CVE-2024-41676 (Magento-lts is a long-term support alternative to Magento
Community Ed ...)
NOT-FOR-US: Magento LTS (alternative to Magento Community Edition)
CVE-2024-41671 (Twisted is an event-based framework for internet applications,
support ...)
+ {DSA-5797-1}
- twisted 24.7.0-1 (bug #1077679)
NOTE:
https://github.com/twisted/twisted/security/advisories/GHSA-c8m8-j448-xjx7
NOTE:
https://github.com/twisted/twisted/commit/4a930de12fb67e88fefcb8822104152f42b27abc
(twisted-24.7.0rc1)
@@ -85437,6 +85583,7 @@ CVE-2023-49463 (libheif v1.17.5 was discovered to
contain a segmentation violati
NOTE:
https://github.com/strukturag/libheif/commit/26ec3953d46bb5756b97955661565bcbc6647abf
(v1.17.6)
NOTE: Crash in CLI tool, no security impact (only affects example tool
shipped in libheif-examples)
CVE-2023-49462 (libheif v1.17.5 was discovered to contain a segmentation
violation via ...)
+ {DSA-5796-1}
- libheif 1.17.6-1 (bug #1059151)
[bullseye] - libheif <no-dsa> (Minor issue)
[buster] - libheif <not-affected> (Vulnerable code not present)
@@ -92082,7 +92229,7 @@ CVE-2023-46852 (In Memcached before 1.6.22, a buffer
overflow exists when proces
[buster] - memcached <not-affected> (The vulnerable code was introduced
later)
NOTE:
https://github.com/memcached/memcached/commit/76a6c363c18cfe7b6a1524ae64202ac9db330767
(1.6.22)
CVE-2023-46604 (The Java OpenWire protocol marshaller is vulnerable to Remote
Code Ex ...)
- {DLA-3657-1}
+ {DLA-3936-1 DLA-3657-1}
- activemq 5.17.6+dfsg-1 (bug #1054909)
NOTE:
https://activemq.apache.org/security-advisories.data/CVE-2023-46604-announcement.txt
NOTE: http://www.openwall.com/lists/oss-security/2023/10/27/5
@@ -92372,6 +92519,7 @@ CVE-2023-46233 (crypto-js is a JavaScript library of
crypto standards. Prior to
CVE-2023-46232 (era-compiler-vyper is the EraVM Vyper compiler for zkSync Era,
a layer ...)
NOT-FOR-US: era-compiler-vyper
CVE-2023-46137 (Twisted is an event-based framework for internet applications.
Prior t ...)
+ {DSA-5797-1}
- twisted 23.10.0-1 (bug #1054913)
[bullseye] - twisted <no-dsa> (Minor issue)
[buster] - twisted <no-dsa> (Minor issue)
@@ -92486,7 +92634,7 @@ CVE-2023-46525 (TP-LINK TL-WR886N
V7.0_3.0.14_Build_221115_Rel.56908n.bin was di
NOT-FOR-US: TP-LINK
CVE-2023-46523 (TP-LINK TL-WR886N V7.0_3.0.14_Build_221115_Rel.56908n.bin was
discover ...)
NOT-FOR-US: TP-LINK
-CVE-2023-46522 (TP-LINK TL-WR886N V7.0_3.0.14_Build_221115_Rel.56908n.bin was
discover ...)
+CVE-2023-46522 (TP-LINK device TL-WR886N
V7.0_3.0.14_Build_221115_Rel.56908n.bin and T ...)
NOT-FOR-US: TP-LINK
CVE-2023-46521 (TP-LINK TL-WR886N V7.0_3.0.14_Build_221115_Rel.56908n.bin was
discover ...)
NOT-FOR-US: TP-LINK
@@ -120679,6 +120827,7 @@ CVE-2023-29661
CVE-2023-29660
RESERVED
CVE-2023-29659 (A Segmentation fault caused by a floating point exception
exists in li ...)
+ {DSA-5796-1}
- libheif 1.16.2-1 (bug #1035607)
[bullseye] - libheif <no-dsa> (Minor issue)
[buster] - libheif <no-dsa> (Minor issue)
@@ -131612,8 +131761,8 @@ CVE-2023-26249 (Knot Resolver before 5.6.0 enables
attackers to consume its reso
[bullseye] - knot-resolver <no-dsa> (Minor issue)
[buster] - knot-resolver <no-dsa> (Minor issue)
NOTE: https://www.knot-resolver.cz/2023-01-26-knot-resolver-5.6.0.html
-CVE-2023-26248
- RESERVED
+CVE-2023-26248 (The Kademlia DHT (go-libp2p-kad-dht 0.20.0 and earlier) used
in IPFS ( ...)
+ TODO: check
CVE-2023-26247
RESERVED
CVE-2023-26246 (An issue was discovered in the Hyundai Gen5W_L in-vehicle
infotainment ...)
@@ -167773,6 +167922,7 @@ CVE-2022-41680 (Forma LMS on its 3.1.0 version and
earlier is vulnerable to a SQ
CVE-2022-41679 (Forma LMS version 3.1.0 and earlier are affected by an
Cross-Site scri ...)
NOT-FOR-US: Forma LMS
CVE-2022-41678 (Once an user is authenticated on Jolokia, he can potentially
trigger a ...)
+ {DLA-3936-1}
- activemq 5.17.6+dfsg-1 (unimportant)
NOTE: https://lists.apache.org/thread/7g17kwbtjl011mm4tr8bn1vnoq9wh4sl
NOTE:
https://activemq.apache.org/security-advisories.data/CVE-2022-41678-announcement.txt
@@ -199165,22 +199315,22 @@ CVE-2022-30363
RESERVED
CVE-2022-30362
RESERVED
-CVE-2022-30361
- RESERVED
-CVE-2022-30360
- RESERVED
-CVE-2022-30359
- RESERVED
-CVE-2022-30358
- RESERVED
-CVE-2022-30357
- RESERVED
-CVE-2022-30356
- RESERVED
-CVE-2022-30355
- RESERVED
-CVE-2022-30354
- RESERVED
+CVE-2022-30361 (OvalEdge 5.2.8.0 and earlier is affected by a Sensitive Data
Exposure ...)
+ TODO: check
+CVE-2022-30360 (OvalEdge 5.2.8.0 and earlier is affected by multiple Stored
XSS (AKA P ...)
+ TODO: check
+CVE-2022-30359 (OvalEdge 5.2.8.0 and earlier is affected by a Sensitive Data
Exposure ...)
+ TODO: check
+CVE-2022-30358 (OvalEdge 5.2.8.0 and earlier is affected by an Account
Takeover vulner ...)
+ TODO: check
+CVE-2022-30357 (OvalEdge 5.2.8.0 and earlier is affected by an Account
Takeover vulner ...)
+ TODO: check
+CVE-2022-30356 (OvalEdge 5.2.8.0 and earlier is affected by a Privilege
Escalation vul ...)
+ TODO: check
+CVE-2022-30355 (OvalEdge 5.2.8.0 and earlier is affected by an Account
Takeover vulner ...)
+ TODO: check
+CVE-2022-30354 (OvalEdge 5.2.8.0 and earlier is affected by a Sensitive Data
Exposure ...)
+ TODO: check
CVE-2022-30353
RESERVED
CVE-2022-30352 (phpABook 0.9i is vulnerable to SQL Injection due to
insufficient sanit ...)
View it on GitLab:
https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/311b15cd6351b388e81338a1dc5c7cc69745e44e
--
View it on GitLab:
https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/311b15cd6351b388e81338a1dc5c7cc69745e44e
You're receiving this email because of your account on salsa.debian.org.
_______________________________________________
debian-security-tracker-commits mailing list
[email protected]
https://alioth-lists.debian.net/cgi-bin/mailman/listinfo/debian-security-tracker-commits
