Salvatore Bonaccorso pushed to branch master at Debian Security Tracker /
security-tracker
Commits:
83ff3152 by security tracker role at 2024-11-22T20:12:11+00:00
automatic update
- - - - -
1 changed file:
- data/CVE/list
Changes:
=====================================
data/CVE/list
=====================================
@@ -1,3 +1,117 @@
+CVE-2024-7882 (Improper Neutralization of Special Elements used in an SQL
Command ('S ...)
+ TODO: check
+CVE-2024-7837 (Improper Neutralization of Special Elements used in an SQL
Command ('S ...)
+ TODO: check
+CVE-2024-53438 (EventAttendance.php in ChurchCRM 5.7.0 is vulnerable to SQL
injection. ...)
+ TODO: check
+CVE-2024-53253 (Sentry is an error tracking and performance monitoring
platform. Versi ...)
+ TODO: check
+CVE-2024-52998 (Substance3D - Stager versions 3.0.2 and earlier are affected
by an out ...)
+ TODO: check
+CVE-2024-52814 (Argo Helm is a collection of community maintained charts for
`argoproj ...)
+ TODO: check
+CVE-2024-52804 (Tornado is a Python web framework and asynchronous networking
library. ...)
+ TODO: check
+CVE-2024-52802 (RIOT is an operating system for internet of things (IoT)
devices. In v ...)
+ TODO: check
+CVE-2024-52793 (The Deno Standard Library provides APIs for Deno and the Web.
Prior to ...)
+ TODO: check
+CVE-2024-52726 (CRMEB v5.4.0 is vulnerable to Arbitrary file read in the
save_basics f ...)
+ TODO: check
+CVE-2024-52723 (In TOTOLINK X6000R V9.4.0cu.1041_B20240224 in the shttpd file,
the Uci ...)
+ TODO: check
+CVE-2024-51766 (A potential security vulnerability has been identified in the
HPE NonS ...)
+ TODO: check
+CVE-2024-51074 (Incorrect access control in Instrument Cluster KIA Seltos
Software v1. ...)
+ TODO: check
+CVE-2024-51073 (An issue in Instrument Cluster KIA Seltos Software v1.0,
Hardware v1.0 ...)
+ TODO: check
+CVE-2024-51072 (An issue in Instrument Cluster KIA Seltos Software v1.0,
Hardware v1.0 ...)
+ TODO: check
+CVE-2024-50965 (Cross Site Scripting vulnerability in Public Knowledge Project
PKP Pla ...)
+ TODO: check
+CVE-2024-50657 (An issue in Owncloud android apk v.4.3.1 allows a physically
proximate ...)
+ TODO: check
+CVE-2024-50401 (A use of externally-controlled format string vulnerability has
been re ...)
+ TODO: check
+CVE-2024-50400 (A use of externally-controlled format string vulnerability has
been re ...)
+ TODO: check
+CVE-2024-50399 (A use of externally-controlled format string vulnerability has
been re ...)
+ TODO: check
+CVE-2024-50398 (A use of externally-controlled format string vulnerability has
been re ...)
+ TODO: check
+CVE-2024-50397 (A use of externally-controlled format string vulnerability has
been re ...)
+ TODO: check
+CVE-2024-50396 (A use of externally-controlled format string vulnerability has
been re ...)
+ TODO: check
+CVE-2024-50395 (An authorization bypass through user-controlled key
vulnerability has ...)
+ TODO: check
+CVE-2024-49054 (Microsoft Edge (Chromium-based) Spoofing Vulnerability)
+ TODO: check
+CVE-2024-48862 (A link following vulnerability has been reported to affect
QuLog Cente ...)
+ TODO: check
+CVE-2024-48861 (An OS command injection vulnerability has been reported to
affect seve ...)
+ TODO: check
+CVE-2024-48860 (An OS command injection vulnerability has been reported to
affect seve ...)
+ TODO: check
+CVE-2024-47863 (An issue was discovered in Centreon Web through 24.10. A
stored XSS wa ...)
+ TODO: check
+CVE-2024-45719 (Inadequate Encryption Strength vulnerability in Apache Answer.
This i ...)
+ TODO: check
+CVE-2024-44786 (Incorrect access control in Meabilis CMS 1.0 allows attackers
to acces ...)
+ TODO: check
+CVE-2024-41781 (IBM PowerVM Platform KeyStore (IBM PowerVM Hypervisor FW950.00
through ...)
+ TODO: check
+CVE-2024-41779 (IBM Engineering Systems Design Rhapsody - Model Manager 7.0.2
and 7.0. ...)
+ TODO: check
+CVE-2024-38647 (An exposure of sensitive information vulnerability has been
reported t ...)
+ TODO: check
+CVE-2024-38646 (An incorrect permission assignment for critical resource
vulnerability ...)
+ TODO: check
+CVE-2024-38645 (A server-side request forgery (SSRF) vulnerability has been
reported t ...)
+ TODO: check
+CVE-2024-38644 (An OS command injection vulnerability has been reported to
affect Note ...)
+ TODO: check
+CVE-2024-38643 (A missing authentication for critical function vulnerability
has been ...)
+ TODO: check
+CVE-2024-37783 (A reflected cross-site scripting (XSS) vulnerability in
Gladinet Centr ...)
+ TODO: check
+CVE-2024-37782 (An LDAP injection vulnerability in the login page of Gladinet
CentreSt ...)
+ TODO: check
+CVE-2024-37050 (A buffer copy without checking size of input vulnerability has
been re ...)
+ TODO: check
+CVE-2024-37049 (A buffer copy without checking size of input vulnerability has
been re ...)
+ TODO: check
+CVE-2024-37048 (A NULL pointer dereference vulnerability has been reported to
affect s ...)
+ TODO: check
+CVE-2024-37047 (A buffer copy without checking size of input vulnerability has
been re ...)
+ TODO: check
+CVE-2024-37046 (A path traversal vulnerability has been reported to affect
several QNA ...)
+ TODO: check
+CVE-2024-37045 (A NULL pointer dereference vulnerability has been reported to
affect s ...)
+ TODO: check
+CVE-2024-37044 (A buffer copy without checking size of input vulnerability has
been re ...)
+ TODO: check
+CVE-2024-37043 (A path traversal vulnerability has been reported to affect
several QNA ...)
+ TODO: check
+CVE-2024-37042 (A NULL pointer dereference vulnerability has been reported to
affect s ...)
+ TODO: check
+CVE-2024-37041 (A buffer copy without checking size of input vulnerability has
been re ...)
+ TODO: check
+CVE-2024-32770 (A cross-site scripting (XSS) vulnerability has been reported
to affect ...)
+ TODO: check
+CVE-2024-32769 (A cross-site scripting (XSS) vulnerability has been reported
to affect ...)
+ TODO: check
+CVE-2024-32768 (A cross-site scripting (XSS) vulnerability has been reported
to affect ...)
+ TODO: check
+CVE-2024-32767 (A cross-site scripting (XSS) vulnerability has been reported
to affect ...)
+ TODO: check
+CVE-2024-11618 (A vulnerability classified as critical was found in IPC Unigy
Manageme ...)
+ TODO: check
+CVE-2024-10863 (: Insufficient Logging vulnerability in OpenText Secure
Content Manage ...)
+ TODO: check
+CVE-2024-10220 (The Kubernetes kubelet component allows arbitrary command
execution vi ...)
+ TODO: check
CVE-2024-9542 (The Sky Addons for Elementor plugin for WordPress is vulnerable
to Sen ...)
NOT-FOR-US: WordPress plugin
CVE-2024-9422 (The GEO my WP WordPress plugin before 4.5, gmw-premium-settings
WordPr ...)
@@ -310,9 +424,9 @@ CVE-2024-51209 (Cross-Site Scripting (XSS) vulnerabilities
in Anuj Kumar's Clien
NOT-FOR-US: Anuj Kumar's Client Management System
CVE-2024-51208 (File Upload vulnerability in change-image.php in Anuj Kumar's
Boat Boo ...)
NOT-FOR-US: Anuj Kumar's Boat Booking System
-CVE-2024-51163 (Local File Inclusion vulnerability in Vegam Solutions Vegam 4i
v.6.3.4 ...)
+CVE-2024-51163 (A Local File Inclusion vulnerability in Vegam Solutions Vegam
4i versi ...)
NOT-FOR-US: Vegam Solutions Vegam 4i
-CVE-2024-51162 (An issue in Audimex EE v.15.1.20 and before allows a remote
attacker t ...)
+CVE-2024-51162 (An issue in Audimex EE versions 15.1.20 and earlier allowing a
remote ...)
NOT-FOR-US: Audimex EE
CVE-2024-51151 (D-Link DI-8200 16.07.26A1 is vulnerable to remote command
execution in ...)
NOT-FOR-US: D-Link
@@ -3440,7 +3554,7 @@ CVE-2024-47909 (A stack-based buffer overflow in Ivanti
Connect Secure before ve
NOT-FOR-US: Ivanti
CVE-2024-47907 (A stack-based buffer overflow in IPsec of Ivanti Connect
Secure before ...)
NOT-FOR-US: Ivanti
-CVE-2024-47906 (Excessive binary privileges in Ivanti Connect Secure which
affects ver ...)
+CVE-2024-47906 (Excessive binary privileges in Ivanti Connect Secure before
version 22 ...)
NOT-FOR-US: Ivanti
CVE-2024-47905 (A stack-based buffer overflow in Ivanti Connect Secure before
version ...)
NOT-FOR-US: Ivanti
@@ -3708,11 +3822,11 @@ CVE-2024-11122 (A vulnerability, which was classified
as critical, has been foun
NOT-FOR-US: Lingdang CRM
CVE-2024-11121 (A vulnerability classified as critical was found in
\u4e0a\u6d77\u7075 ...)
NOT-FOR-US: Lingdang CRM
-CVE-2024-11007 (Command injection in Ivanti Connect Secure before version
22.7R2.1 and ...)
+CVE-2024-11007 (Command injection in Ivanti Connect Secure before version
22.7R2.1 (No ...)
NOT-FOR-US: Ivanti
-CVE-2024-11006 (Command injection in Ivanti Connect Secure before version
22.7R2.1 and ...)
+CVE-2024-11006 (Command injection in Ivanti Connect Secure before version
22.7R2.1 (No ...)
NOT-FOR-US: Ivanti
-CVE-2024-11005 (Command injection in Ivanti Connect Secure before version
22.7R2.1 and ...)
+CVE-2024-11005 (Command injection in Ivanti Connect Secure before version
22.7R2.1 (No ...)
NOT-FOR-US: Ivanti
CVE-2024-11004 (Reflected XSS in Ivanti Connect Secure before version 22.7R2.1
and Iva ...)
NOT-FOR-US: Ivanti
@@ -6123,13 +6237,13 @@ CVE-2024-51561 (This vulnerability exists in Aero due
to improper implementation
NOT-FOR-US: Aero
CVE-2024-51560 (This vulnerability exists in the Wave 2.0due to improper
exception han ...)
NOT-FOR-US: Wave 2.0
-CVE-2024-51559 (This vulnerability exists in the Wave 2.0dueto missing
authorization c ...)
+CVE-2024-51559 (This vulnerability exists in the Wave 2.0 due to improper
authorizatio ...)
NOT-FOR-US: Wave 2.0
CVE-2024-51558 (This vulnerability exists in the Wave 2.0due to missing
restrictions f ...)
NOT-FOR-US: Wave 2.0
CVE-2024-51557 (This vulnerability exists in the Wave 2.0 due to missing rate
limiting ...)
NOT-FOR-US: Wave 2.0
-CVE-2024-51556 (This vulnerability exists in the Wave 2.0 due to weak
encryption of se ...)
+CVE-2024-51556 (This vulnerability exists in the Wave 2.0 due to insufficient
encrypti ...)
NOT-FOR-US: Wave 2.0
CVE-2024-51408 (AppSmith Community 1.8.3 before 1.46 allows SSRF via New
DataSource fo ...)
NOT-FOR-US: AppSmith Community
@@ -7773,7 +7887,7 @@ CVE-2024-44301 (The issue was addressed with improved
checks. This issue is fixe
CVE-2024-44297 (The issue was addressed with improved bounds checks. This
issue is fix ...)
NOT-FOR-US: Apple
CVE-2024-44296 (The issue was addressed with improved checks. This issue is
fixed in t ...)
- {DSA-5804-1}
+ {DSA-5804-1 DLA-3961-1}
- webkit2gtk 2.46.3-1
[buster] - webkit2gtk <end-of-life> (EOL in buster LTS)
- wpewebkit 2.46.3-1
@@ -7851,7 +7965,7 @@ CVE-2024-44251 (This issue was addressed through improved
state management. This
CVE-2024-44247 (The issue was addressed with improved checks. This issue is
fixed in m ...)
NOT-FOR-US: Apple
CVE-2024-44244 (A memory corruption issue was addressed with improved input
validation ...)
- {DSA-5804-1}
+ {DSA-5804-1 DLA-3961-1}
- webkit2gtk 2.46.3-1
[buster] - webkit2gtk <end-of-life> (EOL in buster LTS)
- wpewebkit 2.46.3-1
@@ -8890,7 +9004,7 @@ CVE-2024-44206 (An issue in the handling of URL protocols
was addressed with imp
CVE-2024-44205 (A privacy issue was addressed with improved private data
redaction for ...)
NOT-FOR-US: Apple
CVE-2024-44185 (The issue was addressed with improved checks. This issue is
fixed in t ...)
- {DSA-5792-1}
+ {DSA-5792-1 DLA-3961-1}
- webkit2gtk 2.46.0-1
[buster] - webkit2gtk <end-of-life> (EOL in buster LTS)
- wpewebkit 2.46.1-1
@@ -18305,7 +18419,7 @@ CVE-2024-44189 (The issue was addressed with improved
checks. This issue is fixe
CVE-2024-44188 (A permissions issue was addressed with additional
restrictions. This i ...)
NOT-FOR-US: Apple
CVE-2024-44187 (A cross-origin issue existed with "iframe" elements. This was
addresse ...)
- {DSA-5792-1}
+ {DSA-5792-1 DLA-3961-1}
- webkit2gtk 2.46.0-1
[buster] - webkit2gtk <end-of-life> (EOL in buster LTS)
- wpewebkit 2.46.1-1
@@ -18397,7 +18511,7 @@ CVE-2024-44125 (The issue was addressed with improved
checks. This issue is fixe
CVE-2024-44124 (This issue was addressed through improved state management.
This issue ...)
NOT-FOR-US: Apple
CVE-2024-40866 (The issue was addressed with improved UI. This issue is fixed
in Safar ...)
- {DSA-5792-1}
+ {DSA-5792-1 DLA-3961-1}
- webkit2gtk 2.46.0-1
[buster] - webkit2gtk <end-of-life> (EOL in buster LTS)
- wpewebkit 2.46.1-1
@@ -146326,10 +146440,10 @@ CVE-2023-24469 (Potential Cross-Site Scripting in
ArcSight Logger versions prior
NOT-FOR-US: ArcSight
CVE-2023-24468 (Broken access control in Advanced Authentication versions
prior to 6.4 ...)
NOT-FOR-US: NetIQ
-CVE-2023-24467
- RESERVED
-CVE-2023-24466
- RESERVED
+CVE-2023-24467 (Possible Command Injection in iManager GET parameter has
been disco ...)
+ TODO: check
+CVE-2023-24466 (Possible XML External Entity Injection in iManager GET
parameter ha ...)
+ TODO: check
CVE-2023-24020 (Snap One Wattbox WB-300-IP-3 versions WB10.9a17 and prior
could bypass ...)
NOT-FOR-US: Snap One Wattbox WB-300-IP-3
CVE-2023-23582 (Snap One Wattbox WB-300-IP-3 versions WB10.9a17 and prior are
vulnerab ...)
@@ -220213,8 +220327,8 @@ CVE-2022-26326 (Potential open redirection
vulnerability when URL is crafted in
NOT-FOR-US: NetIQ Access Manager
CVE-2022-26325 (Reflected Cross Site Scripting (XSS) vulnerability in NetIQ
Access Man ...)
NOT-FOR-US: NetIQ Access Manager
-CVE-2022-26324
- RESERVED
+CVE-2022-26324 (Possible XSS in iManager URL for access Component has been
discovered ...)
+ TODO: check
CVE-2022-26323
RESERVED
CVE-2022-26322 (Possible Insertion of Sensitive Information into Log File
Vulnerabilit ...)
@@ -260331,10 +260445,10 @@ CVE-2021-38136 (Corero SecureWatch Managed Services
9.7.2.0020 is affected by a
NOT-FOR-US: Corero SecureWatch Managed Services
CVE-2021-3688 (A flaw was found in Red Hat JBoss Core Services HTTP Server in
all ver ...)
NOT-FOR-US: Red Hat JBoss Core Services HTTP Server
-CVE-2021-38135
- RESERVED
-CVE-2021-38134
- RESERVED
+CVE-2021-38135 (Possible External Service Interaction attack in iManager has
been di ...)
+ TODO: check
+CVE-2021-38134 (Possible XSS in iManager URL for access Component has been
discovered ...)
+ TODO: check
CVE-2021-38133 (Possible External Service Interaction attack in eDirectory
has been ...)
NOT-FOR-US: NetIQ
CVE-2021-38132 (Possible External Service Interaction attack in eDirectory
has been ...)
@@ -260363,14 +260477,14 @@ CVE-2021-38121 (Insufficient or weak TLS protocol
version identified in Advance
NOT-FOR-US: NetIQ
CVE-2021-38120 (A vulnerability identified in Advance Authentication that
allows bash ...)
NOT-FOR-US: NetIQ
-CVE-2021-38119
- RESERVED
-CVE-2021-38118
- RESERVED
-CVE-2021-38117
- RESERVED
-CVE-2021-38116
- RESERVED
+CVE-2021-38119 (Possible Reflected Cross-Site Scripting (XSS) Vulnerability
in iManag ...)
+ TODO: check
+CVE-2021-38118 (Possible improper input validation Vulnerability in iManager
has been ...)
+ TODO: check
+CVE-2021-38117 (Possible Command injection Vulnerability in iManager has been
discove ...)
+ TODO: check
+CVE-2021-38116 (Possible Elevation of Privilege Vulnerability in iManager has
been di ...)
+ TODO: check
CVE-2021-38115 (read_header_tga in gd_tga.c in the GD Graphics Library (aka
LibGD) thr ...)
{DLA-3781-1}
- libgd2 2.3.3-1 (bug #991912)
@@ -280554,8 +280668,8 @@ CVE-2021-30301 (Possible denial of service due to out
of memory while processing
NOT-FOR-US: Qualcomm
CVE-2021-30300 (Possible denial of service due to incorrectly decoding hex
data for th ...)
NOT-FOR-US: Qualcomm
-CVE-2021-30299
- RESERVED
+CVE-2021-30299 (Possible out of bound access in audio module due to lack of
validation ...)
+ TODO: check
CVE-2021-30298 (Possible out of bound access due to improper validation of
item size a ...)
NOT-FOR-US: Qualcomm components for Android
CVE-2021-30297 (Possible out of bound read due to improper validation of
packet length ...)
@@ -523269,8 +523383,8 @@ CVE-2017-9713
RESERVED
CVE-2017-9712 (In Android for MSM, Firefox OS for MSM, QRD Android, with all
Android ...)
NOT-FOR-US: Qualcomm components for Android
-CVE-2017-9711
- RESERVED
+CVE-2017-9711 (Certain unprivileged processes are able to perform IOCTL calls.)
+ TODO: check
CVE-2017-9710 (In Android for MSM, Firefox OS for MSM, QRD Android, with all
Android ...)
NOT-FOR-US: Qualcomm components for Android
CVE-2017-9709 (In Android for MSM, Firefox OS for MSM, QRD Android, with all
Android ...)
View it on GitLab:
https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/83ff3152202c786a4b8d1e62fb23fcc1efaf2fbd
--
View it on GitLab:
https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/83ff3152202c786a4b8d1e62fb23fcc1efaf2fbd
You're receiving this email because of your account on salsa.debian.org.
_______________________________________________
debian-security-tracker-commits mailing list
[email protected]
https://alioth-lists.debian.net/cgi-bin/mailman/listinfo/debian-security-tracker-commits
