Salvatore Bonaccorso pushed to branch master at Debian Security Tracker /
security-tracker
Commits:
1243acd6 by security tracker role at 2024-10-31T20:13:03+00:00
automatic update
- - - - -
1 changed file:
- data/CVE/list
Changes:
=====================================
data/CVE/list
=====================================
@@ -1,3 +1,89 @@
+CVE-2024-8934 (A local user with administrative access rights can enter
specialy craf ...)
+ TODO: check
+CVE-2024-8553 (A vulnerability was found in Foreman's loader macros introduced
with r ...)
+ TODO: check
+CVE-2024-8185 (Vault Community and Vault Enterprise (\u201cVault\u201d)
clusters usin ...)
+ TODO: check
+CVE-2024-7883 (When using Arm Cortex-M Security Extensions (CMSE), Secure
stack cont ...)
+ TODO: check
+CVE-2024-51482 (ZoneMinder is a free, open source closed-circuit television
software a ...)
+ TODO: check
+CVE-2024-51481 (Nix is a package manager for Linux and other Unix systems. On
macOS, b ...)
+ TODO: check
+CVE-2024-51478 (YesWiki is a wiki system written in PHP. Prior to 4.4.5, the
use of a ...)
+ TODO: check
+CVE-2024-51430 (Cross Site Scripting vulnerability in online diagnostic lab
management ...)
+ TODO: check
+CVE-2024-51260 (DrayTek Vigor3900 1.5.1.3 allows attackers to inject malicious
command ...)
+ TODO: check
+CVE-2024-51259 (DrayTek Vigor3900 1.5.1.3 allows attackers to inject malicious
command ...)
+ TODO: check
+CVE-2024-51255 (DrayTek Vigor3900 1.5.1.3 allows attackers to inject malicious
command ...)
+ TODO: check
+CVE-2024-51254 (DrayTek Vigor3900 1.5.1.3 allows attackers to inject malicious
command ...)
+ TODO: check
+CVE-2024-51066 (An Insecure Direct Object Reference (IDOR) vulnerability in
appointmen ...)
+ TODO: check
+CVE-2024-51065 (Phpgurukul Beauty Parlour Management System v1.1 is vulnerable
to SQL ...)
+ TODO: check
+CVE-2024-51064 (Phpgurukul Teachers Record Management System v2.1 is
vulnerable to SQL ...)
+ TODO: check
+CVE-2024-51063 (Phpgurukul Teachers Record Management System v2.1 is
vulnerable to SQL ...)
+ TODO: check
+CVE-2024-51060 (Projectworlds Online Admission System v1 is vulnerable to SQL
Injectio ...)
+ TODO: check
+CVE-2024-50802 (A SQL Injection vulnerability was discovered in AbanteCart
1.4.0 in th ...)
+ TODO: check
+CVE-2024-50801 (A SQL Injection vulnerability was discovered in AbanteCart
1.4.0 in th ...)
+ TODO: check
+CVE-2024-50356 (Press, a Frappe custom app that runs Frappe Cloud, manages
infrastruct ...)
+ TODO: check
+CVE-2024-50354 (gnark is a fast zk-SNARK library that offers a high-level API
to desig ...)
+ TODO: check
+CVE-2024-50347 (Laravel Reverb provides a real-time WebSocket communication
backend fo ...)
+ TODO: check
+CVE-2024-49685 (Cross-Site Request Forgery (CSRF) vulnerability in Smash
Balloon Custo ...)
+ TODO: check
+CVE-2024-49674 (Cross-Site Request Forgery (CSRF) vulnerability in Lukas Huser
EKC Tou ...)
+ TODO: check
+CVE-2024-48910 (DOMPurify is a DOM-only, super-fast, uber-tolerant XSS
sanitizer for H ...)
+ TODO: check
+CVE-2024-48360 (Qualitor v8.24 was discovered to contain a Server-Side Request
Forgery ...)
+ TODO: check
+CVE-2024-48359 (Qualitor v8.24 was discovered to contain a remote code
execution (RCE) ...)
+ TODO: check
+CVE-2024-48200 (An issue in MobaXterm v24.2 allows a local attacker to
escalate privil ...)
+ TODO: check
+CVE-2024-43984 (Cross-Site Request Forgery (CSRF) vulnerability in Podlove
Podlove Pod ...)
+ TODO: check
+CVE-2024-43933 (Cross-Site Request Forgery (CSRF) vulnerability in
WPMobile.App allows ...)
+ TODO: check
+CVE-2024-43930 (Cross-Site Request Forgery (CSRF) vulnerability in eyecix
JobSearch al ...)
+ TODO: check
+CVE-2024-43383 (Deserialization of Untrusted Data vulnerability in Apache
Lucene.Net.R ...)
+ TODO: check
+CVE-2024-42835 (langflow v1.0.12 was discovered to contain a remote code
execution (RC ...)
+ TODO: check
+CVE-2024-42515 (Glossarizer through 1.5.2 improperly tries to convert text
into HTML. ...)
+ TODO: check
+CVE-2024-39722 (An issue was discovered in Ollama before 0.1.46. It exposes
which file ...)
+ TODO: check
+CVE-2024-39721 (An issue was discovered in Ollama before 0.1.34. The
CreateModelHandle ...)
+ TODO: check
+CVE-2024-39720 (An issue was discovered in Ollama before 0.1.46. An attacker
can use t ...)
+ TODO: check
+CVE-2024-39719 (An issue was discovered in Ollama through 0.3.14. File
existence discl ...)
+ TODO: check
+CVE-2024-39332 (Webswing 23.2.2 allows remote attackers to modify client-side
JavaScri ...)
+ TODO: check
+CVE-2024-30149 (HCL AppScan Source <= 10.6.0 does not properly validate a
TLS/SSL cert ...)
+ TODO: check
+CVE-2024-10454 (Clickjacking vulnerability in Clibo Manager v1.1.9.12 in the
'/public/ ...)
+ TODO: check
+CVE-2023-52045 (Studio-42 eLfinder 2.1.62 contains a filename restriction
bypass leadi ...)
+ TODO: check
+CVE-2023-52044 (Studio-42 eLfinder 2.1.62 is vulnerable to Remote Code
Execution (RCE) ...)
+ TODO: check
CVE-2024-9708 (The Easy SVG Upload plugin for WordPress is vulnerable to
Stored Cross ...)
NOT-FOR-US: WordPress plugin
CVE-2024-9700 (The Forminator Forms \u2013 Contact Form, Payment Form & Custom
Form B ...)
@@ -164,7 +250,7 @@ CVE-2024-10525 (In Eclipse Mosquitto, from version 1.3.2
through 2.0.18, if a ma
NOTE: https://mosquitto.org/blog/2024/10/version-2-0-19-released/
CVE-2024-10456 (Delta Electronics InfraSuite Device Master versions prior to
1.0.12 ar ...)
TODO: check
-CVE-2024-10573 [buffer overflow involving "Frankenstein streams"]
+CVE-2024-10573 (An out-of-bounds write flaw was found in mpg123 when handling
crafted ...)
- mpg123 1.32.8-1 (bug #1086443)
NOTE: https://www.openwall.com/lists/oss-security/2024/10/30/2
NOTE: https://sourceforge.net/p/mpg123/bugs/322/
@@ -537,7 +623,7 @@ CVE-2024-49634 (Improper Neutralization of Input During Web
Page Generation (XSS
NOT-FOR-US: WordPress plugin
CVE-2024-49632 (Improper Neutralization of Input During Web Page Generation
(XSS or 'C ...)
NOT-FOR-US: WordPress plugin
-CVE-2024-48955 (In NetAdmin 4.0.30319, an attacker can steal a valid session
cookie an ...)
+CVE-2024-48955 (Broken access control in NetAdmin 4.030319 returns data with
functiona ...)
NOT-FOR-US: NetAdmin
CVE-2024-48921 (Kyverno is a policy engine designed for Kubernetes. A kyverno
ClusterP ...)
NOT-FOR-US: Kyverno
@@ -592,6 +678,7 @@ CVE-2019-25219 (Asio C++ Library before 1.13.0 lacks a
fallback error code in th
CVE-2017-20195 (A vulnerability was found in LUNAD3v AreaLoad up to
1a1103182ed63a06dd ...)
NOT-FOR-US: LUNAD3v
CVE-2024-10467 (Memory safety bugs present in Firefox 131, Firefox ESR 128.3,
and Thun ...)
+ {DSA-5801-1 DLA-3943-1}
- firefox 132.0-1
- firefox-esr 128.4.0esr-1
- thunderbird 1:128.4.0esr-1
@@ -599,6 +686,7 @@ CVE-2024-10467 (Memory safety bugs present in Firefox 131,
Firefox ESR 128.3, an
NOTE:
https://www.mozilla.org/en-US/security/advisories/mfsa2024-56/#CVE-2024-10467
NOTE:
https://www.mozilla.org/en-US/security/advisories/mfsa2024-58/#CVE-2024-10467
CVE-2024-10466 (By sending a specially crafted push message, a remote server
could hav ...)
+ {DSA-5801-1 DLA-3943-1}
- firefox 132.0-1
- firefox-esr 128.4.0esr-1
- thunderbird 1:128.4.0esr-1
@@ -606,6 +694,7 @@ CVE-2024-10466 (By sending a specially crafted push
message, a remote server cou
NOTE:
https://www.mozilla.org/en-US/security/advisories/mfsa2024-56/#CVE-2024-10466
NOTE:
https://www.mozilla.org/en-US/security/advisories/mfsa2024-58/#CVE-2024-10466
CVE-2024-10465 (A clipboard "paste" button could persist across tabs which
allowed a s ...)
+ {DSA-5801-1 DLA-3943-1}
- firefox 132.0-1
- firefox-esr 128.4.0esr-1
- thunderbird 1:128.4.0esr-1
@@ -613,6 +702,7 @@ CVE-2024-10465 (A clipboard "paste" button could persist
across tabs which allow
NOTE:
https://www.mozilla.org/en-US/security/advisories/mfsa2024-56/#CVE-2024-10465
NOTE:
https://www.mozilla.org/en-US/security/advisories/mfsa2024-58/#CVE-2024-10465
CVE-2024-10464 (Repeated writes to history interface attributes could have
been used t ...)
+ {DSA-5801-1 DLA-3943-1}
- firefox 132.0-1
- firefox-esr 128.4.0esr-1
- thunderbird 1:128.4.0esr-1
@@ -623,6 +713,7 @@ CVE-2024-10468 (Potential race conditions in IndexedDB
could have caused memory
- firefox 132.0-1
NOTE:
https://www.mozilla.org/en-US/security/advisories/mfsa2024-55/#CVE-2024-10468
CVE-2024-10463 (Video frames could have been leaked between origins in some
situations ...)
+ {DSA-5801-1 DLA-3943-1}
- firefox 132.0-1
- firefox-esr 128.4.0esr-1
- thunderbird 1:128.4.0esr-1
@@ -630,6 +721,7 @@ CVE-2024-10463 (Video frames could have been leaked between
origins in some situ
NOTE:
https://www.mozilla.org/en-US/security/advisories/mfsa2024-56/#CVE-2024-10463
NOTE:
https://www.mozilla.org/en-US/security/advisories/mfsa2024-58/#CVE-2024-10463
CVE-2024-10462 (Truncation of a long URL could have allowed origin spoofing in
a permi ...)
+ {DSA-5801-1 DLA-3943-1}
- firefox 132.0-1
- firefox-esr 128.4.0esr-1
- thunderbird 1:128.4.0esr-1
@@ -637,6 +729,7 @@ CVE-2024-10462 (Truncation of a long URL could have allowed
origin spoofing in a
NOTE:
https://www.mozilla.org/en-US/security/advisories/mfsa2024-56/#CVE-2024-10462
NOTE:
https://www.mozilla.org/en-US/security/advisories/mfsa2024-58/#CVE-2024-10462
CVE-2024-10461 (In multipart/x-mixed-replace responses, `Content-Disposition:
attachme ...)
+ {DSA-5801-1 DLA-3943-1}
- firefox 132.0-1
- firefox-esr 128.4.0esr-1
- thunderbird 1:128.4.0esr-1
@@ -644,6 +737,7 @@ CVE-2024-10461 (In multipart/x-mixed-replace responses,
`Content-Disposition: at
NOTE:
https://www.mozilla.org/en-US/security/advisories/mfsa2024-56/#CVE-2024-10461
NOTE:
https://www.mozilla.org/en-US/security/advisories/mfsa2024-58/#CVE-2024-10461
CVE-2024-10460 (The origin of an external protocol handler prompt could have
been obsc ...)
+ {DSA-5801-1 DLA-3943-1}
- firefox 132.0-1
- firefox-esr 128.4.0esr-1
- thunderbird 1:128.4.0esr-1
@@ -651,6 +745,7 @@ CVE-2024-10460 (The origin of an external protocol handler
prompt could have bee
NOTE:
https://www.mozilla.org/en-US/security/advisories/mfsa2024-56/#CVE-2024-10460
NOTE:
https://www.mozilla.org/en-US/security/advisories/mfsa2024-58/#CVE-2024-10460
CVE-2024-10459 (An attacker could have caused a use-after-free when
accessibility was ...)
+ {DSA-5801-1 DLA-3943-1}
- firefox 132.0-1
- firefox-esr 128.4.0esr-1
- thunderbird 1:128.4.0esr-1
@@ -658,6 +753,7 @@ CVE-2024-10459 (An attacker could have caused a
use-after-free when accessibilit
NOTE:
https://www.mozilla.org/en-US/security/advisories/mfsa2024-56/#CVE-2024-10459
NOTE:
https://www.mozilla.org/en-US/security/advisories/mfsa2024-58/#CVE-2024-10459
CVE-2024-10458 (A permission leak could have occurred from a trusted site to
an untrus ...)
+ {DSA-5801-1 DLA-3943-1}
- firefox 132.0-1
- firefox-esr 128.4.0esr-1
- thunderbird 1:128.4.0esr-1
@@ -1802,6 +1898,7 @@ CVE-2024-44206 (An issue in the handling of URL protocols
was addressed with imp
CVE-2024-44205 (A privacy issue was addressed with improved private data
redaction for ...)
NOT-FOR-US: Apple
CVE-2024-44185 (The issue was addressed with improved checks. This issue is
fixed in t ...)
+ {DSA-5792-1}
- webkit2gtk 2.46.0-1
[buster] - webkit2gtk <end-of-life> (EOL in buster LTS)
- wpewebkit 2.46.1-1
@@ -13120,9 +13217,9 @@ CVE-2024-40710 (A series of related high-severity
vulnerabilities, the most nota
NOT-FOR-US: Veeam
CVE-2024-40709 (A missing authorization vulnerability allows a local
low-privileged us ...)
NOT-FOR-US: Veeam
-CVE-2024-40681 (IBM MQ Operator 2.0.26 and 3.2.4 could allow an authenticated
user in ...)
+CVE-2024-40681 (IBM MQ 9.1 LTS, 9.2 LTS, 9.3 LTS, 9.3 CD, 9.4 LTS, and 9.4 CD
could al ...)
NOT-FOR-US: IBM
-CVE-2024-40680 (IBM MQ Operator 2.0.26 and 3.2.4 could allow a local user to
cause a d ...)
+CVE-2024-40680 (IBM MQ 9.3 CD and 9.4 LTS/CD could allow a local user to cause
a denia ...)
NOT-FOR-US: IBM
CVE-2024-39718 (An improper input validation vulnerability that allows a
low-privilege ...)
NOT-FOR-US: Veeam
View it on GitLab:
https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/1243acd607e45b18b2a6ae4cb4e339e9620bad1f
--
View it on GitLab:
https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/1243acd607e45b18b2a6ae4cb4e339e9620bad1f
You're receiving this email because of your account on salsa.debian.org.
_______________________________________________
debian-security-tracker-commits mailing list
[email protected]
https://alioth-lists.debian.net/cgi-bin/mailman/listinfo/debian-security-tracker-commits
