Salvatore Bonaccorso pushed to branch master at Debian Security Tracker /
security-tracker
Commits:
450caa33 by security tracker role at 2024-11-04T20:12:40+00:00
automatic update
- - - - -
1 changed file:
- data/CVE/list
Changes:
=====================================
data/CVE/list
=====================================
@@ -1,4 +1,190 @@
-CVE-2024-23590
+CVE-2024-9147 (Improper Neutralization of Script-Related HTML Tags in a Web
Page (Bas ...)
+ TODO: check
+CVE-2024-51685 (Improper Neutralization of Input During Web Page Generation
(XSS or 'C ...)
+ TODO: check
+CVE-2024-51683 (Improper Neutralization of Input During Web Page Generation
(XSS or 'C ...)
+ TODO: check
+CVE-2024-51682 (Improper Neutralization of Input During Web Page Generation
(XSS or 'C ...)
+ TODO: check
+CVE-2024-51681 (Improper Neutralization of Input During Web Page Generation
(XSS or 'C ...)
+ TODO: check
+CVE-2024-51680 (Improper Neutralization of Input During Web Page Generation
(XSS or 'C ...)
+ TODO: check
+CVE-2024-51678 (Improper Neutralization of Input During Web Page Generation
(XSS or 'C ...)
+ TODO: check
+CVE-2024-51677 (Improper Neutralization of Input During Web Page Generation
(XSS or 'C ...)
+ TODO: check
+CVE-2024-51672 (Improper Neutralization of Special Elements used in an SQL
Command ('S ...)
+ TODO: check
+CVE-2024-51665 (Server-Side Request Forgery (SSRF) vulnerability in Noor alam
Magical ...)
+ TODO: check
+CVE-2024-51661 (Improper Neutralization of Special Elements used in an OS
Command ('OS ...)
+ TODO: check
+CVE-2024-51626 (Improper Neutralization of Special Elements used in an SQL
Command ('S ...)
+ TODO: check
+CVE-2024-51582 (Path Traversal: '.../...//' vulnerability in ThimPress WP
Hotel Bookin ...)
+ TODO: check
+CVE-2024-51561 (This vulnerability exists in Aero due to improper
implementation of OT ...)
+ TODO: check
+CVE-2024-51560 (This vulnerability exists in the Wave 2.0due to improper
exception han ...)
+ TODO: check
+CVE-2024-51559 (This vulnerability exists in the Wave 2.0dueto missing
authorization c ...)
+ TODO: check
+CVE-2024-51558 (This vulnerability exists in the Wave 2.0due to missing
restrictions f ...)
+ TODO: check
+CVE-2024-51557 (This vulnerability exists in the Wave 2.0 due to missing rate
limiting ...)
+ TODO: check
+CVE-2024-51556 (This vulnerability exists in the Wave 2.0 due to weak
encryption of se ...)
+ TODO: check
+CVE-2024-51408 (AppSmith Community 1.8.3 before 1.46 allows SSRF via New
DataSource fo ...)
+ TODO: check
+CVE-2024-51329 (A Host header injection vulnerability in Agile-Board 1.0
allows attack ...)
+ TODO: check
+CVE-2024-51328 (Cross Site Scripting vulnerability in addcategory.php in
projectworld' ...)
+ TODO: check
+CVE-2024-51327 (SQL Injection in loginform.php in ProjectWorld's Travel
Management Sys ...)
+ TODO: check
+CVE-2024-51326 (SQL Injection vulnerability in projectworlds Travel management
System ...)
+ TODO: check
+CVE-2024-51253 (In Draytek Vigor3900 1.5.1.3, attackers can inject malicious
commands ...)
+ TODO: check
+CVE-2024-51251 (In Draytek Vigor3900 1.5.1.3, attackers can inject malicious
commands ...)
+ TODO: check
+CVE-2024-51249 (In Draytek Vigor3900 1.5.1.3, attackers can inject malicious
commands ...)
+ TODO: check
+CVE-2024-51246 (In Draytek Vigor3900 1.5.1.3, attackers can inject malicious
commands ...)
+ TODO: check
+CVE-2024-51136 (An XML External Entity (XXE) vulnerability in Dmoz2CSV in
openimaj v1. ...)
+ TODO: check
+CVE-2024-51127 (An issue in the createTempFile method of hornetq v2.4.9 allows
attacke ...)
+ TODO: check
+CVE-2024-50531 (Unrestricted Upload of File with Dangerous Type vulnerability
in David ...)
+ TODO: check
+CVE-2024-50530 (Unrestricted Upload of File with Dangerous Type vulnerability
in Myria ...)
+ TODO: check
+CVE-2024-50529 (Unrestricted Upload of File with Dangerous Type vulnerability
in Rudra ...)
+ TODO: check
+CVE-2024-50528 (Exposure of Sensitive System Information to an Unauthorized
Control Sp ...)
+ TODO: check
+CVE-2024-50527 (Unrestricted Upload of File with Dangerous Type vulnerability
in Stack ...)
+ TODO: check
+CVE-2024-50526 (Unrestricted Upload of File with Dangerous Type vulnerability
in mahla ...)
+ TODO: check
+CVE-2024-50525 (Unrestricted Upload of File with Dangerous Type vulnerability
in Hello ...)
+ TODO: check
+CVE-2024-50523 (Unrestricted Upload of File with Dangerous Type vulnerability
in Rainb ...)
+ TODO: check
+CVE-2024-48878 (Zohocorp ManageEngine ADManager Plus versions 7241 and prior
are vulne ...)
+ TODO: check
+CVE-2024-48809 (An issue in Open Networking Foundations sdran-in-a-box v.1.4.3
and ono ...)
+ TODO: check
+CVE-2024-48336 (The install() function of ProviderInstaller.java in Magisk App
before ...)
+ TODO: check
+CVE-2024-45893 (DrayTek Vigor3900 1.5.1.3 contains a post-authentication
command injec ...)
+ TODO: check
+CVE-2024-45891 (DrayTek Vigor3900 1.5.1.3 contains a post-authentication
command injec ...)
+ TODO: check
+CVE-2024-45890 (DrayTek Vigor3900 1.5.1.3 contains a post-authentication
command injec ...)
+ TODO: check
+CVE-2024-45889 (DrayTek Vigor3900 1.5.1.3 contains a post-authentication
command injec ...)
+ TODO: check
+CVE-2024-45888 (DrayTek Vigor3900 1.5.1.3 contains a command injection
vulnerability. ...)
+ TODO: check
+CVE-2024-45887 (DrayTek Vigor3900 1.5.1.3 contains a post-authentication
command injec ...)
+ TODO: check
+CVE-2024-45885 (DrayTek Vigor3900 1.5.1.3 contains a post-authentication
command injec ...)
+ TODO: check
+CVE-2024-45884 (DrayTek Vigor3900 1.5.1.3 contains a post-authentication
command injec ...)
+ TODO: check
+CVE-2024-45882 (DrayTek Vigor3900 1.5.1.3 contains a command injection
vulnerability. ...)
+ TODO: check
+CVE-2024-45185 (An issue was discovered in Samsung Mobile Processor, Wearable
Processo ...)
+ TODO: check
+CVE-2024-45164 (Akamai SIA (Secure Internet Access Enterprise) ThreatAvert, in
SPS (Se ...)
+ TODO: check
+CVE-2024-45086 (IBM WebSphere Application Server 8.5 and 9.0 is vulnerable to
an XML e ...)
+ TODO: check
+CVE-2024-38424 (Memory corruption during GNSS HAL process initialization.)
+ TODO: check
+CVE-2024-38423 (Memory corruption while processing GPU page table switch.)
+ TODO: check
+CVE-2024-38422 (Memory corruption while processing voice packet with arbitrary
data re ...)
+ TODO: check
+CVE-2024-38421 (Memory corruption while processing GPU commands.)
+ TODO: check
+CVE-2024-38419 (Memory corruption while invoking IOCTL calls from the
use-space for HG ...)
+ TODO: check
+CVE-2024-38415 (Memory corruption while handling session errors from firmware.)
+ TODO: check
+CVE-2024-38410 (Memory corruption while IOCLT is called when device is in
invalid stat ...)
+ TODO: check
+CVE-2024-38409 (Memory corruption while station LL statistic handling.)
+ TODO: check
+CVE-2024-38408 (Cryptographic issue when a controller receives an LMP start
encryption ...)
+ TODO: check
+CVE-2024-38407 (Memory corruption while processing input parameters for any
IOCTL call ...)
+ TODO: check
+CVE-2024-38406 (Memory corruption while handling IOCTL calls in JPEG Encoder
driver.)
+ TODO: check
+CVE-2024-38405 (Transient DOS while processing the CU information from RNR IE.)
+ TODO: check
+CVE-2024-38403 (Transient DOS while parsing BTM ML IE when per STA profile is
not incl ...)
+ TODO: check
+CVE-2024-36485 (Zohocorp ManageEngine ADAudit Plus versions8121 and prior are
vulnerab ...)
+ TODO: check
+CVE-2024-34891 (Insufficiently protected credentials in DAV server settings in
1C-Bitr ...)
+ TODO: check
+CVE-2024-34887 (Insufficiently protected credentials in AD/LDAP server
settings in 1C- ...)
+ TODO: check
+CVE-2024-34885 (Insufficiently protected credentials in SMTP server settings
in 1C-Bit ...)
+ TODO: check
+CVE-2024-34883 (Insufficiently protected credentials in DAV server settings in
1C-Bitr ...)
+ TODO: check
+CVE-2024-34882 (Insufficiently protected credentials in SMTP server settings
in 1C-Bit ...)
+ TODO: check
+CVE-2024-33068 (Transient DOS while parsing fragments of MBSSID IE from beacon
frame.)
+ TODO: check
+CVE-2024-33033 (Memory corruption while processing IOCTL calls to unmap the
buffers.)
+ TODO: check
+CVE-2024-33032 (Memory corruption when the user application modifies the same
shared m ...)
+ TODO: check
+CVE-2024-33031 (Memory corruption while processing the update SIM PB records
request.)
+ TODO: check
+CVE-2024-33030 (Memory corruption while parsing IPC frequency table parameters
for LPL ...)
+ TODO: check
+CVE-2024-33029 (Memory corruption while handling the PDR in driver for getting
the rem ...)
+ TODO: check
+CVE-2024-30619 (Chamilo LMS Version 1.11.26 is vulnerable to Incorrect Access
Control. ...)
+ TODO: check
+CVE-2024-30618 (A Stored Cross-Site Scripting (XSS) Vulnerability in Chamilo
LMS 1.11. ...)
+ TODO: check
+CVE-2024-30617 (A Cross-Site Request Forgery (CSRF) vulnerability in Chamilo
LMS 1.11. ...)
+ TODO: check
+CVE-2024-30616 (Chamilo LMS 1.11.26 is vulnerable to Incorrect Access Control
via main ...)
+ TODO: check
+CVE-2024-23386 (memory corruption when WiFi display APIs are invoked with
large random ...)
+ TODO: check
+CVE-2024-23385 (Transient DOS as modem reset occurs when an unexpected MAC RAR
(with i ...)
+ TODO: check
+CVE-2024-23377 (Memory corruption while invoking IOCTL command from
user-space, when a ...)
+ TODO: check
+CVE-2024-10791 (A vulnerability, which was classified as critical, has been
found in C ...)
+ TODO: check
+CVE-2024-10768 (A vulnerability classified as problematic was found in
PHPGurukul Onli ...)
+ TODO: check
+CVE-2024-10766 (A vulnerability, which was classified as critical, has been
found in C ...)
+ TODO: check
+CVE-2024-10765 (A vulnerability classified as critical was found in Codezips
Online In ...)
+ TODO: check
+CVE-2024-10764 (A vulnerability classified as critical has been found in
Codezips Onli ...)
+ TODO: check
+CVE-2024-10523 (This vulnerability exists in TP-Link IoT Smart Hub due to
storage of W ...)
+ TODO: check
+CVE-2024-10389 (There exists a Path Traversal vulnerability in Safearchive on
Platform ...)
+ TODO: check
+CVE-2024-10035 (Improper Control of Generation of Code ('Code Injection')
vulnerabilit ...)
+ TODO: check
+CVE-2024-23590 (Session Fixation vulnerability in Apache Kylin. This issue
affects Ap ...)
NOT-FOR-US: Apache Kylin (different from Kylin desktop environment)
CVE-2024-48342
REJECTED
@@ -874,7 +1060,7 @@ CVE-2024-33603 (The LevelOne WBR-6012 router has an
information disclosure vulne
NOT-FOR-US: LevelOne WBR-6012 router
CVE-2024-32946 (A vulnerability in the LevelOne WBR-6012 router's firmware
version R0. ...)
NOT-FOR-US: LevelOne WBR-6012 router
-CVE-2024-31975 (EnGenius ESR580 devices through 1.1.30 allow a remote attacker
to cond ...)
+CVE-2024-31975 (EnGenius EWS356-Fit devices through 1.1.30 allow a remote
attacker to ...)
NOT-FOR-US: EnGenius ESR580 devices
CVE-2024-31973 (Hitron CODA-4582 2AHKM-CODA4589 7.2.4.5.1b8 devices allow a
remote att ...)
NOT-FOR-US: Hitron CODA-4582 2AHKM-CODA4589
View it on GitLab:
https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/450caa3315e718c7b8bd1e2657eea16d4ebafc1e
--
View it on GitLab:
https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/450caa3315e718c7b8bd1e2657eea16d4ebafc1e
You're receiving this email because of your account on salsa.debian.org.
_______________________________________________
debian-security-tracker-commits mailing list
[email protected]
https://alioth-lists.debian.net/cgi-bin/mailman/listinfo/debian-security-tracker-commits
