Salvatore Bonaccorso pushed to branch master at Debian Security Tracker /
security-tracker
Commits:
72aa6f0f by security tracker role at 2024-11-06T20:12:40+00:00
automatic update
- - - - -
1 changed file:
- data/CVE/list
Changes:
=====================================
data/CVE/list
=====================================
@@ -1,3 +1,99 @@
+CVE-2024-9902 (A flaw was found in Ansible. The ansible-core `user` module can
allow ...)
+ TODO: check
+CVE-2024-8615 (The JobSearch WP Job Board plugin for WordPress is vulnerable
to arbit ...)
+ TODO: check
+CVE-2024-8614 (The JobSearch WP Job Board plugin for WordPress is vulnerable
to arbit ...)
+ TODO: check
+CVE-2024-8323 (The Pricing Tables WordPress Plugin \u2013 Easy Pricing Tables
plugin ...)
+ TODO: check
+CVE-2024-51988 (RabbitMQ is a feature rich, multi-protocol messaging and
streaming bro ...)
+ TODO: check
+CVE-2024-51757 (happy-dom is a JavaScript implementation of a web browser
without its ...)
+ TODO: check
+CVE-2024-51755 (Twig is a template language for PHP. In a sandbox, and
attacker can ac ...)
+ TODO: check
+CVE-2024-51754 (Twig is a template language for PHP. In a sandbox, an attacker
can cal ...)
+ TODO: check
+CVE-2024-51751 (Gradio is an open-source Python package designed to enable
quick build ...)
+ TODO: check
+CVE-2024-50637 (UnoPim 0.1.3 and below is vulnerable to Cross Site Scripting
(XSS) in ...)
+ TODO: check
+CVE-2024-50315
+ REJECTED
+CVE-2024-35146 (IBM Maximo Application Suite - Monitor Component 8.10.11,
8.11.8, and ...)
+ TODO: check
+CVE-2024-20540 (A vulnerability in the web-based management interface of Cisco
Unified ...)
+ TODO: check
+CVE-2024-20539 (A vulnerability in the web-based management interface of Cisco
ISE cou ...)
+ TODO: check
+CVE-2024-20538 (A vulnerability in the web-based management interface of Cisco
ISE cou ...)
+ TODO: check
+CVE-2024-20537 (A vulnerability in the web-based management interface of Cisco
ISE cou ...)
+ TODO: check
+CVE-2024-20536 (A vulnerability in a REST API endpoint and web-based
management interf ...)
+ TODO: check
+CVE-2024-20534 (A vulnerability in the web UI of Cisco Desk Phone 9800 Series,
Cisco I ...)
+ TODO: check
+CVE-2024-20533 (A vulnerability in the web UI of Cisco Desk Phone 9800 Series,
Cisco I ...)
+ TODO: check
+CVE-2024-20532 (A vulnerability in the API of Cisco ISE could allow an
authenticated, ...)
+ TODO: check
+CVE-2024-20531 (A vulnerability in the API of Cisco ISE could allow an
authenticated, ...)
+ TODO: check
+CVE-2024-20530 (A vulnerability in the web-based management interface of Cisco
ISE cou ...)
+ TODO: check
+CVE-2024-20529 (A vulnerability in the API of Cisco ISE could allow an
authenticated, ...)
+ TODO: check
+CVE-2024-20528 (A vulnerability in the API of Cisco ISE could allow an
authenticated, ...)
+ TODO: check
+CVE-2024-20527 (A vulnerability in the API of Cisco ISE could allow an
authenticated, ...)
+ TODO: check
+CVE-2024-20525 (A vulnerability in the web-based management interface of Cisco
ISE cou ...)
+ TODO: check
+CVE-2024-20514 (A vulnerability in the web-based management interface of Cisco
Evolved ...)
+ TODO: check
+CVE-2024-20511 (A vulnerability in the web-based management interface of Cisco
Unified ...)
+ TODO: check
+CVE-2024-20507 (A vulnerability in the logging subsystem of Cisco Meeting
Management c ...)
+ TODO: check
+CVE-2024-20504 (A vulnerability in the web-based management interface of Cisco
AsyncOS ...)
+ TODO: check
+CVE-2024-20487 (A vulnerability in the web-based management interface of Cisco
ISE cou ...)
+ TODO: check
+CVE-2024-20484 (A vulnerability in the External Agent Assignment Service
(EAAS) featur ...)
+ TODO: check
+CVE-2024-20476 (A vulnerability in the web-based management interface of Cisco
ISE cou ...)
+ TODO: check
+CVE-2024-20457 (A vulnerability in the logging component of Cisco Unified
Communicatio ...)
+ TODO: check
+CVE-2024-20445 (A vulnerability in the web UI of Cisco Desk Phone 9800 Series,
Cisco I ...)
+ TODO: check
+CVE-2024-20418 (A vulnerability in the web-based management interface of Cisco
Unified ...)
+ TODO: check
+CVE-2024-20371 (A vulnerability in the access control list (ACL) programming
of Cisco ...)
+ TODO: check
+CVE-2024-10920 (A vulnerability was found in mariazevedo88 travels-java-api up
to 5.0. ...)
+ TODO: check
+CVE-2024-10919 (A vulnerability has been found in didi Super-Jacoco 1.0 and
classified ...)
+ TODO: check
+CVE-2024-10916 (A vulnerability classified as problematic has been found in
D-Link DNS ...)
+ TODO: check
+CVE-2024-10915 (A vulnerability was found in D-Link DNS-320, DNS-320LW,
DNS-325 and DN ...)
+ TODO: check
+CVE-2024-10914 (A vulnerability was found in D-Link DNS-320, DNS-320LW,
DNS-325 and DN ...)
+ TODO: check
+CVE-2024-10715 (The MapPress Maps for WordPress plugin for WordPress is
vulnerable to ...)
+ TODO: check
+CVE-2024-10318 (A session fixation issue was discovered in the NGINX OpenID
Connect re ...)
+ TODO: check
+CVE-2024-10186 (The Event post plugin for WordPress is vulnerable to Stored
Cross-Site ...)
+ TODO: check
+CVE-2024-10168 (The Active Products Tables for WooCommerce. Use constructor to
create ...)
+ TODO: check
+CVE-2024-10082 (CodeChecker is an analyzer tooling, defect database and viewer
extensi ...)
+ TODO: check
+CVE-2024-10081 (CodeChecker is an analyzer tooling, defect database and viewer
extensi ...)
+ TODO: check
CVE-2024-9946 (The Social Share, Social Login and Social Comments Plugin
\u2013 Super ...)
NOT-FOR-US: WordPress plugin
CVE-2024-9934 (The Wp-ImageZoom WordPress plugin through 1.1.0 does not
sanitise and ...)
@@ -17,7 +113,7 @@ CVE-2024-7879 (The WP ULike WordPress plugin before 4.7.5
does not sanitise and
NOT-FOR-US: WordPress plugin
CVE-2024-6626 (The EleForms \u2013 All In One Form Integration including DB
for Eleme ...)
NOT-FOR-US: WordPress plugin
-CVE-2024-52043 (Observable Response Discrepancy vulnerability in HumHub GmbH &
Co. KG ...)
+CVE-2024-52043 (Generation of Error Message Containing Sensitive Informationin
HumHub ...)
NOT-FOR-US: HumHub
CVE-2024-51756 (The cap-std project is organized around the eponymous
`cap-std` crate, ...)
TODO: check
@@ -95,10 +191,10 @@ CVE-2024-10028 (The Everest Backup \u2013 WordPress Cloud
Backup, Migration, Res
NOT-FOR-US: WordPress plugin
CVE-2024-10020 (The Heateor Social Login WordPress plugin for WordPress is
vulnerable ...)
NOT-FOR-US: WordPress plugin
-CVE-2024-10826
+CVE-2024-10826 (Use after free in Family Experiences in Google Chrome on
Android prior ...)
- chromium <unfixed>
[bullseye] - chromium <end-of-life> (see #1061268)
-CVE-2024-10827
+CVE-2024-10827 (Use after free in Serial in Google Chrome prior to
130.0.6723.116 allo ...)
- chromium <unfixed>
[bullseye] - chromium <end-of-life> (see #1061268)
CVE-2024-9878 (The Photo Gallery by 10Web \u2013 Mobile-Friendly Image Gallery
plugin ...)
@@ -7925,7 +8021,7 @@ CVE-2024-46870 (In the Linux kernel, the following
vulnerability has been resolv
NOTE:
https://git.kernel.org/linus/7c70e60fbf4bff1123f0e8d5cb1ae71df6164d7f (6.11-rc1)
CVE-2024-9683 (A vulnerability was found in Quay, which allows successful
authenticat ...)
NOT-FOR-US: Quay
-CVE-2024-6861
+CVE-2024-6861 (A disclosure of sensitive information flaw was found in foreman
via th ...)
- foreman <itp> (bug #663101)
CVE-2023-33426
NOT-FOR-US: Apache RocketMQ
@@ -11813,6 +11909,7 @@ CVE-2024-45752 (logiops through 0.3.4, in its default
configuration, allows any
NOTE: https://github.com/PixlOne/logiops/pull/476
NOTE:
https://github.com/PixlOne/logiops/commit/628ab937a25724c1f21e7edf25c8e5aaff82c691
(v0.3.5)
CVE-2024-45614 (Puma is a Ruby/Rack web server built for parallelism. In
affected vers ...)
+ {DLA-3947-1}
- puma <unfixed> (bug #1082379)
NOTE:
https://github.com/puma/puma/security/advisories/GHSA-9hf4-67fc-4vf4
NOTE: Fixed by:
https://github.com/puma/puma/commit/cac3fd18cf29ed43719ff5d52d9cfec215f0a043
(v6.4.3)
@@ -82799,6 +82896,7 @@ CVE-2024-21744 (Improper Neutralization of Input During
Web Page Generation ('Cr
CVE-2024-21650 (XWiki Platform is a generic wiki platform offering runtime
services fo ...)
NOT-FOR-US: XWiki
CVE-2024-21647 (Puma is a web server for Ruby/Rack applications built for
parallelism. ...)
+ {DLA-3947-1}
- puma 6.4.2-1 (bug #1060345)
[bookworm] - puma <no-dsa> (Minor issue)
[buster] - puma <no-dsa> (Minor issue)
@@ -352062,8 +352160,8 @@ CVE-2020-11861 (Unauthorized escalation of local
privileges vulnerability on Mic
NOT-FOR-US: Micro Focus
CVE-2020-11860 (Cross-Site Scripting vulnerability on Micro Focus ArcSight
Logger prod ...)
NOT-FOR-US: Micro Focus
-CVE-2020-11859
- RESERVED
+CVE-2020-11859 (Improper Input Validation vulnerability in OpenText iManager
allows Cr ...)
+ TODO: check
CVE-2020-11858 (Code execution with escalated privileges vulnerability in
Micro Focus ...)
NOT-FOR-US: Micro Focus
CVE-2020-11857 (An Authorization Bypass vulnerability on Micro Focus Operation
Bridge ...)
View it on GitLab:
https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/72aa6f0f979a5725d7693974648e808abff8f59f
--
View it on GitLab:
https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/72aa6f0f979a5725d7693974648e808abff8f59f
You're receiving this email because of your account on salsa.debian.org.
_______________________________________________
debian-security-tracker-commits mailing list
[email protected]
https://alioth-lists.debian.net/cgi-bin/mailman/listinfo/debian-security-tracker-commits
