Salvatore Bonaccorso pushed to branch master at Debian Security Tracker /
security-tracker
Commits:
1493dbfc by security tracker role at 2024-10-28T20:12:37+00:00
automatic update
- - - - -
1 changed file:
- data/CVE/list
Changes:
=====================================
data/CVE/list
=====================================
@@ -1,4 +1,186 @@
-CVE-2024-45802
+CVE-2024-9825 (The Chef Habitat builder-api on-prem-builder package with any
version ...)
+ TODO: check
+CVE-2024-9629 (The Contact Form 7 + Telegram plugin for WordPress is
vulnerable to un ...)
+ TODO: check
+CVE-2024-8013 (A bug in query analysis of certain complex self-referential
$lookup su ...)
+ TODO: check
+CVE-2024-6245 (Use of Default Credentials vulnerability in Maruti Suzuki
SmartPlay on ...)
+ TODO: check
+CVE-2024-5532 (Improper Neutralization of Input During Web Page Generation
(XSS or 'C ...)
+ TODO: check
+CVE-2024-50582 (In JetBrains YouTrack before 2024.3.47707 stored XSS was
possible due ...)
+ TODO: check
+CVE-2024-50581 (In JetBrains YouTrack before 2024.3.47707 improper HTML
sanitization c ...)
+ TODO: check
+CVE-2024-50580 (In JetBrains YouTrack before 2024.3.47707 multiple XSS were
possible d ...)
+ TODO: check
+CVE-2024-50579 (In JetBrains YouTrack before 2024.3.47707 reflected XSS due to
insecur ...)
+ TODO: check
+CVE-2024-50578 (In JetBrains YouTrack before 2024.3.47707 stored XSS was
possible via ...)
+ TODO: check
+CVE-2024-50577 (In JetBrains YouTrack before 2024.3.47707 stored XSS was
possible via ...)
+ TODO: check
+CVE-2024-50576 (In JetBrains YouTrack before 2024.3.47707 stored XSS was
possible via ...)
+ TODO: check
+CVE-2024-50575 (In JetBrains YouTrack before 2024.3.47707 reflected XSS was
possible i ...)
+ TODO: check
+CVE-2024-50574 (In JetBrains YouTrack before 2024.3.47707 potential ReDoS
exploit was ...)
+ TODO: check
+CVE-2024-50573 (In JetBrains Hub before 2024.3.47707 improper access control
allowed u ...)
+ TODO: check
+CVE-2024-50502 (Improper Neutralization of Input During Web Page Generation
(XSS or 'C ...)
+ TODO: check
+CVE-2024-50501 (Improper Neutralization of Input During Web Page Generation
(XSS or 'C ...)
+ TODO: check
+CVE-2024-50498 (Improper Control of Generation of Code ('Code Injection')
vulnerabilit ...)
+ TODO: check
+CVE-2024-50497 (Improper Control of Filename for Include/Require Statement in
PHP Prog ...)
+ TODO: check
+CVE-2024-50492 (Improper Control of Generation of Code ('Code Injection')
vulnerabilit ...)
+ TODO: check
+CVE-2024-50491 (Improper Neutralization of Special Elements used in an SQL
Command ('S ...)
+ TODO: check
+CVE-2024-50489 (Authentication Bypass Using an Alternate Path or Channel
vulnerability ...)
+ TODO: check
+CVE-2024-50488 (Authentication Bypass Using an Alternate Path or Channel
vulnerability ...)
+ TODO: check
+CVE-2024-50487 (Authentication Bypass Using an Alternate Path or Channel
vulnerability ...)
+ TODO: check
+CVE-2024-50486 (Authentication Bypass Using an Alternate Path or Channel
vulnerability ...)
+ TODO: check
+CVE-2024-50483 (Authorization Bypass Through User-Controlled Key vulnerability
in Meet ...)
+ TODO: check
+CVE-2024-50479 (Improper Neutralization of Special Elements used in an SQL
Command ('S ...)
+ TODO: check
+CVE-2024-50478 (Authentication Bypass by Primary Weakness vulnerability in
Swoop 1-Cli ...)
+ TODO: check
+CVE-2024-50477 (Authentication Bypass Using an Alternate Path or Channel
vulnerability ...)
+ TODO: check
+CVE-2024-50472 (Improper Neutralization of Input During Web Page Generation
(XSS or 'C ...)
+ TODO: check
+CVE-2024-50471 (Improper Neutralization of Input During Web Page Generation
(XSS or 'C ...)
+ TODO: check
+CVE-2024-50470 (Improper Neutralization of Input During Web Page Generation
(XSS or 'C ...)
+ TODO: check
+CVE-2024-50469 (Improper Neutralization of Input During Web Page Generation
(XSS or 'C ...)
+ TODO: check
+CVE-2024-50468 (Improper Neutralization of Input During Web Page Generation
(XSS or 'C ...)
+ TODO: check
+CVE-2024-50467 (Improper Neutralization of Input During Web Page Generation
(XSS or 'C ...)
+ TODO: check
+CVE-2024-50465 (Improper Neutralization of Special Elements used in an SQL
Command ('S ...)
+ TODO: check
+CVE-2024-50464 (Improper Neutralization of Input During Web Page Generation
(XSS or 'C ...)
+ TODO: check
+CVE-2024-50463 (URL Redirection to Untrusted Site ('Open Redirect')
vulnerability in W ...)
+ TODO: check
+CVE-2024-50462 (Improper Neutralization of Input During Web Page Generation
(XSS or 'C ...)
+ TODO: check
+CVE-2024-50461 (Improper Neutralization of Input During Web Page Generation
(XSS or 'C ...)
+ TODO: check
+CVE-2024-50460 (Improper Neutralization of Input During Web Page Generation
(XSS or 'C ...)
+ TODO: check
+CVE-2024-50458 (Improper Neutralization of Input During Web Page Generation
(XSS or 'C ...)
+ TODO: check
+CVE-2024-50457 (: Improper Control of Filename for Include/Require Statement
in PHP Pr ...)
+ TODO: check
+CVE-2024-50453 (Relative Path Traversal vulnerability in Webangon The Pack
Elementor a ...)
+ TODO: check
+CVE-2024-50451 (Improper Neutralization of Input During Web Page Generation
(XSS or 'C ...)
+ TODO: check
+CVE-2024-50450 (Improper Control of Generation of Code ('Code Injection')
vulnerabilit ...)
+ TODO: check
+CVE-2024-50449 (Improper Neutralization of Input During Web Page Generation
(XSS or 'C ...)
+ TODO: check
+CVE-2024-50448 (Improper Neutralization of Input During Web Page Generation
(XSS or 'C ...)
+ TODO: check
+CVE-2024-50447 (Improper Neutralization of Input During Web Page Generation
(XSS or 'C ...)
+ TODO: check
+CVE-2024-50446 (Improper Neutralization of Input During Web Page Generation
(XSS or 'C ...)
+ TODO: check
+CVE-2024-50445 (Improper Neutralization of Input During Web Page Generation
(XSS or 'C ...)
+ TODO: check
+CVE-2024-50443 (Improper Neutralization of Input During Web Page Generation
(XSS or 'C ...)
+ TODO: check
+CVE-2024-50442 (Improper Restriction of XML External Entity Reference
vulnerability in ...)
+ TODO: check
+CVE-2024-50441 (Improper Neutralization of Input During Web Page Generation
(XSS or 'C ...)
+ TODO: check
+CVE-2024-50440 (Improper Neutralization of Input During Web Page Generation
(XSS or 'C ...)
+ TODO: check
+CVE-2024-50439 (Improper Neutralization of Input During Web Page Generation
(XSS or 'C ...)
+ TODO: check
+CVE-2024-50438 (Improper Neutralization of Input During Web Page Generation
(XSS or 'C ...)
+ TODO: check
+CVE-2024-50437 (Improper Neutralization of Input During Web Page Generation
(XSS or 'C ...)
+ TODO: check
+CVE-2024-50436 (Improper Control of Filename for Include/Require Statement in
PHP Prog ...)
+ TODO: check
+CVE-2024-50435 (Improper Control of Filename for Include/Require Statement in
PHP Prog ...)
+ TODO: check
+CVE-2024-50434 (Improper Control of Filename for Include/Require Statement in
PHP Prog ...)
+ TODO: check
+CVE-2024-50433 (Improper Neutralization of Input During Web Page Generation
(XSS or 'C ...)
+ TODO: check
+CVE-2024-50432 (Improper Neutralization of Input During Web Page Generation
(XSS or 'C ...)
+ TODO: check
+CVE-2024-50431 (Improper Neutralization of Input During Web Page Generation
(XSS or 'C ...)
+ TODO: check
+CVE-2024-50429 (Improper Neutralization of Input During Web Page Generation
(XSS or 'C ...)
+ TODO: check
+CVE-2024-50416 (Deserialization of Untrusted Data vulnerability in WPClever
WPC Shop a ...)
+ TODO: check
+CVE-2024-50408 (Deserialization of Untrusted Data vulnerability in Kiboko Labs
Namaste ...)
+ TODO: check
+CVE-2024-49771 (MPXJ is an open source library to read and write project plans
from a ...)
+ TODO: check
+CVE-2024-49761 (REXML is an XML toolkit for Ruby. The REXML gem before 3.3.9
has a ReD ...)
+ TODO: check
+CVE-2024-49755 (Duende IdentityServer is an OpenID Connect and OAuth 2.x
framework for ...)
+ TODO: check
+CVE-2024-48826 (Tenda AC7 v.15.03.06.44 ate_iwpriv_set has pre-authentication
command ...)
+ TODO: check
+CVE-2024-48825 (Tenda AC7 v.15.03.06.44 ate_ifconfig_set has
pre-authentication comman ...)
+ TODO: check
+CVE-2024-48465 (The MRBS version 1.5.0 has an SQL injection vulnerability in
the edit_ ...)
+ TODO: check
+CVE-2024-48291 (dingfanzu CMS 1.0 was discovered to contain a Cross-Site
Request Forge ...)
+ TODO: check
+CVE-2024-48196 (An issue in eyouCMS v.1.6.7 allows a remote attacker to obtain
sensiti ...)
+ TODO: check
+CVE-2024-48195 (Cross Site Scripting vulnerability in eyouCMS v.1.6.7 allows a
remote ...)
+ TODO: check
+CVE-2024-48191 (dingfanzu CMS 1.0 was discovered to contain a Cross-Site
Request Forge ...)
+ TODO: check
+CVE-2024-48074 (An authorized RCE vulnerability exists in the DrayTek
Vigor2960 router ...)
+ TODO: check
+CVE-2024-47827 (Argo Workflows is an open source container-native workflow
engine for ...)
+ TODO: check
+CVE-2024-42930 (PbootCMS 3.2.8 is vulnerable to URL Redirect.)
+ TODO: check
+CVE-2024-42028 (A Local privilege escalation vulnerability found in a
Self-Hosted UniF ...)
+ TODO: check
+CVE-2024-39205 (An issue in pyload-ng v0.5.0b3.dev85 running under python3.11
or below ...)
+ TODO: check
+CVE-2024-34537 (TYPO3 before 13.3.1 allows denial of service (interface error)
in the ...)
+ TODO: check
+CVE-2024-10469 (VINCE versions before 3.0.9 is vulnerable to exposure of User
informat ...)
+ TODO: check
+CVE-2024-10455 (Reachable Assertion in BPv7 parser in \xb5D3TN v0.14.0 allows
attacker ...)
+ TODO: check
+CVE-2024-10450 (A vulnerability has been found in SourceCodester Kortex Lite
Advocate ...)
+ TODO: check
+CVE-2024-10449 (A vulnerability, which was classified as critical, was found
in Codezi ...)
+ TODO: check
+CVE-2024-10448 (A vulnerability, which was classified as problematic, has been
found i ...)
+ TODO: check
+CVE-2024-10447 (A vulnerability classified as critical was found in Project
Worlds Onl ...)
+ TODO: check
+CVE-2024-10446 (A vulnerability classified as critical has been found in
Project World ...)
+ TODO: check
+CVE-2024-10214 (Mattermost versions 9.11.X <= 9.11.1, 9.5.x <= 9.5.9
icorrectly issues ...)
+ TODO: check
+CVE-2024-45802 (Squid is an open source caching proxy for the Web supporting
HTTP, HTT ...)
- squid 6.12-1
NOTE:
https://github.com/squid-cache/squid/security/advisories/GHSA-f975-v7qw-q7hj
NOTE: Not a code fix, this merely disables ESI by default (and thus in
the Debian build)
@@ -98003,6 +98185,7 @@ CVE-2023-38871 (The commit 3730880 (April 2023) and
v.0.9-beta1 of gugoan Econom
CVE-2023-38870 (A SQL injection vulnerability exists in gugoan Economizzer
commit 3730 ...)
NOT-FOR-US: gugoan's Economizzer
CVE-2023-42119 (Exim dnsdb Out-Of-Bounds Read Information Disclosure
Vulnerability. Th ...)
+ {DLA-3938-1}
- exim4 4.97~RC2-2
[bookworm] - exim4 4.96-15+deb12u3
[buster] - exim4 <no-dsa> (Minor issue; use Exim4 with a trustworthy
DNS resolver able to validate the data according to the DNS record types)
@@ -98029,6 +98212,7 @@ CVE-2023-42118 (Exim libspf2 Integer Underflow Remote
Code Execution Vulnerabili
NOTE: finder clarifies as "ut I haven't been able to get it to do
anything after that because
NOTE: another buffer fills up." and 2. that this is the same issue as
CVE-2023-42118 .
CVE-2023-42117 (Exim Improper Neutralization of Special Elements Remote Code
Execution ...)
+ {DLA-3938-1}
- exim4 4.97~RC2-2
[bookworm] - exim4 4.96-15+deb12u3
[buster] - exim4 <no-dsa> (Only an issue if Exim4 run behind an
untrusted proxy-protocol proxy)
@@ -164331,6 +164515,7 @@ CVE-2022-3560 (A flaw was found in pesign. The pesign
package provides a systemd
NOTE: https://www.openwall.com/lists/oss-security/2023/02/01/2
NOTE:
https://github.com/rhboot/pesign/commit/d8a8c259994d0278c59b30b41758a8dd0abff998
(116)
CVE-2022-3559 (A vulnerability was found in Exim and classified as
problematic. This ...)
+ {DLA-3938-1}
- exim4 4.96-4
[buster] - exim4 <no-dsa> (Minor issue)
NOTE: https://bugs.exim.org/show_bug.cgi?id=2915
@@ -251108,6 +251293,7 @@ CVE-2021-38373 (In KDE KMail 19.12.3 (aka 5.13.3),
the SMTP STARTTLS option is n
CVE-2021-38372 (In KDE Trojita 0.7, man-in-the-middle attackers can create new
folders ...)
- trojita <itp> (bug #795701)
CVE-2021-38371 (The STARTTLS feature in Exim through 4.94.2 allows response
injection ...)
+ {DLA-3938-1}
- exim4 4.95~RC2-1 (bug #992172)
[buster] - exim4 <no-dsa> (Minor issue)
[stretch] - exim4 <postponed> (Minor issue, revisit when fixed upstream)
View it on GitLab:
https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/1493dbfca4c80a42de40988d94d2fb79c71b561b
--
View it on GitLab:
https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/1493dbfca4c80a42de40988d94d2fb79c71b561b
You're receiving this email because of your account on salsa.debian.org.
_______________________________________________
debian-security-tracker-commits mailing list
[email protected]
https://alioth-lists.debian.net/cgi-bin/mailman/listinfo/debian-security-tracker-commits
