Salvatore Bonaccorso pushed to branch master at Debian Security Tracker /
security-tracker
Commits:
c6b96c31 by security tracker role at 2024-11-26T08:12:06+00:00
automatic update
- - - - -
1 changed file:
- data/CVE/list
Changes:
=====================================
data/CVE/list
=====================================
@@ -1,26 +1,126 @@
-CVE-2024-53102 [nvme: make keep-alive synchronous operation]
+CVE-2024-9504 (The Booking calendar, Appointment Booking System plugin for
WordPress ...)
+ TODO: check
+CVE-2024-8772 (51l3nc3, member of the AXIS OS Bug Bounty Program, has found
that the ...)
+ TODO: check
+CVE-2024-8160 (Erik de Jong, member of the AXIS OS Bug Bounty Program, has
found that ...)
+ TODO: check
+CVE-2024-6831 (Seth Fogie, member of AXIS Camera Station Pro Bug Bounty
Program has f ...)
+ TODO: check
+CVE-2024-6749 (Seth Fogie, member of the AXIS Camera Station Pro Bug Bounty
Program, ...)
+ TODO: check
+CVE-2024-6476 (Gee-netics, member of the AXIS Camera Station Pro Bug Bounty
Program h ...)
+ TODO: check
+CVE-2024-53843 (@dapperduckling/keycloak-connector-server is an opinionated
series of ...)
+ TODO: check
+CVE-2024-53597 (masterstack_imgcap v0.0.1 was discovered to contain a SQL
injection vu ...)
+ TODO: check
+CVE-2024-53556 (An Open Redirect vulnerability in Taiga v6.8.1 allows
attackers to red ...)
+ TODO: check
+CVE-2024-53554 (A Client-Side Template Injection (CSTI) vulnerability in the
component ...)
+ TODO: check
+CVE-2024-53278 (Cross-site scripting vulnerability exists in WP Admin UI
Customize ver ...)
+ TODO: check
+CVE-2024-52899 (IBM Data Virtualization Manager for z/OS 1.1 and 1.2 could
allow an au ...)
+ TODO: check
+CVE-2024-50672 (A NoSQL injection vulnerability in Adapt Learning Adapt
Authoring Tool ...)
+ TODO: check
+CVE-2024-50671 (Incorrect access control in Adapt Learning Adapt Authoring
Tool <= 0.1 ...)
+ TODO: check
+CVE-2024-49597 (Dell Wyse Management Suite, versions WMS 4.4 and prior,
contain an Imp ...)
+ TODO: check
+CVE-2024-49596 (Dell Wyse Management Suite, version WMS 4.4 and prior, contain
a Missi ...)
+ TODO: check
+CVE-2024-49595 (Dell Wyse Management Suite, version WMS 4.4 and before,
contain an Aut ...)
+ TODO: check
+CVE-2024-49353 (IBM Watson Speech Services Cartridge for IBM Cloud Pak for
Data 4.0.0 ...)
+ TODO: check
+CVE-2024-49351 (IBM Workload Scheduler 9.5, 10.1, and 10.2 stores user
credentials in ...)
+ TODO: check
+CVE-2024-47257 (Florent Thi\xe9ry has found that selected Axis devices were
vulnerable ...)
+ TODO: check
+CVE-2024-36254 (Out-of-bounds read vulnerability exists in Sharp Corporation
and Toshi ...)
+ TODO: check
+CVE-2024-36251 (The web interface of the affected devices process some crafted
HTTP re ...)
+ TODO: check
+CVE-2024-36249 (Cross-site scripting vulnerability exists in Sharp Corporation
and Tos ...)
+ TODO: check
+CVE-2024-36248 (API keys for some cloud services are hardcoded in the "main"
binary. A ...)
+ TODO: check
+CVE-2024-35244 (There are several hidden accounts. Some of them are intended
for maint ...)
+ TODO: check
+CVE-2024-34162 (The web interface of the affected devices is designed to hide
the LDAP ...)
+ TODO: check
+CVE-2024-33616 (Admin authentication can be bypassed with some specific
invalid creden ...)
+ TODO: check
+CVE-2024-33610 ("sessionlist.html" and "sys_trayentryreboot.html" are
accessible with ...)
+ TODO: check
+CVE-2024-33605 (Improper processing of some parameters of
installed_emanual_list.html ...)
+ TODO: check
+CVE-2024-32151 (User passwords are decrypted and stored on memory before any
user logg ...)
+ TODO: check
+CVE-2024-29978 (User passwords are decrypted and stored on memory before any
user logg ...)
+ TODO: check
+CVE-2024-29146 (User passwords are decrypted and stored on memory before any
user logg ...)
+ TODO: check
+CVE-2024-28955 (Affected devices create coredump files when crashed, storing
them with ...)
+ TODO: check
+CVE-2024-28038 (The web interface of the affected devices processes a cookie
value imp ...)
+ TODO: check
+CVE-2024-11678 (A vulnerability was found in CodeAstro Hospital Management
System 1.0. ...)
+ TODO: check
+CVE-2024-11677 (A vulnerability was found in CodeAstro Hospital Management
System 1.0. ...)
+ TODO: check
+CVE-2024-11676 (A vulnerability was found in CodeAstro Hospital Management
System 1.0 ...)
+ TODO: check
+CVE-2024-11675 (A vulnerability has been found in CodeAstro Hospital
Management System ...)
+ TODO: check
+CVE-2024-11674 (A vulnerability, which was classified as critical, was found
in CodeAs ...)
+ TODO: check
+CVE-2024-11673 (A vulnerability, which was classified as problematic, has been
found i ...)
+ TODO: check
+CVE-2024-11418 (The Additional Order Filters for WooCommerce plugin for
WordPress is v ...)
+ TODO: check
+CVE-2024-11342 (The Skt NURCaptcha plugin for WordPress is vulnerable to
Cross-Site Re ...)
+ TODO: check
+CVE-2024-11202 (Multiple plugins for WordPress are vulnerable to Reflected
Cross-Site ...)
+ TODO: check
+CVE-2024-11002 (The The InPost Gallery plugin for WordPress is vulnerable to
arbitrary ...)
+ TODO: check
+CVE-2024-10857 (The Product Input Fields for WooCommerce plugin for WordPress
is vulne ...)
+ TODO: check
+CVE-2024-10781 (The Spam protection, Anti-Spam, FireWall by CleanTalk plugin
for WordP ...)
+ TODO: check
+CVE-2024-10729 (The Booking & Appointment Plugin for WooCommerce plugin for
WordPress ...)
+ TODO: check
+CVE-2024-10570 (The Security & Malware scan by CleanTalk plugin for WordPress
is vulne ...)
+ TODO: check
+CVE-2024-10542 (The Spam protection, Anti-Spam, FireWall by CleanTalk plugin
for WordP ...)
+ TODO: check
+CVE-2024-10471 (The Everest Forms WordPress plugin before 3.0.4.2 does not
sanitise a ...)
+ TODO: check
+CVE-2024-53102 (In the Linux kernel, the following vulnerability has been
resolved: n ...)
- linux 6.11.9-1
[bookworm] - linux 6.1.119-1
NOTE:
https://git.kernel.org/linus/d06923670b5a5f609603d4a9fee4dec02d38de9c (6.12-rc4)
-CVE-2024-53101 [fs: Fix uninitialized value issue in from_kuid and from_kgid]
+CVE-2024-53101 (In the Linux kernel, the following vulnerability has been
resolved: f ...)
- linux 6.11.9-1
[bookworm] - linux 6.1.119-1
NOTE:
https://git.kernel.org/linus/15f34347481648a567db67fb473c23befb796af5 (6.12-rc5)
-CVE-2024-53100 [nvme: tcp: avoid race between queue_lock lock and destroy]
+CVE-2024-53100 (In the Linux kernel, the following vulnerability has been
resolved: n ...)
- linux 6.11.9-1
[bookworm] - linux 6.1.119-1
NOTE:
https://git.kernel.org/linus/782373ba27660ba7d330208cf5509ece6feb4545 (6.12-rc4)
-CVE-2024-53099 [bpf: Check validity of link->type in bpf_link_show_fdinfo()]
+CVE-2024-53099 (In the Linux kernel, the following vulnerability has been
resolved: b ...)
- linux 6.11.9-1
NOTE:
https://git.kernel.org/linus/8421d4c8762bd022cb491f2f0f7019ef51b4f0a7 (6.12-rc5)
-CVE-2024-53098 [drm/xe/ufence: Prefetch ufence addr to catch bogus address]
+CVE-2024-53098 (In the Linux kernel, the following vulnerability has been
resolved: d ...)
- linux 6.11.9-1
NOTE:
https://git.kernel.org/linus/9c1813b3253480b30604c680026c7dc721ce86d1 (6.12-rc5)
-CVE-2024-53097 [mm: krealloc: Fix MTE false alarm in __do_krealloc]
+CVE-2024-53097 (In the Linux kernel, the following vulnerability has been
resolved: m ...)
- linux 6.11.9-1
[bookworm] - linux 6.1.119-1
NOTE:
https://git.kernel.org/linus/704573851b51808b45dae2d62059d1d8189138a2 (6.12-rc6)
-CVE-2024-53096 [mm: resolve faulty mmap_region() error path behaviour]
+CVE-2024-53096 (In the Linux kernel, the following vulnerability has been
resolved: m ...)
- linux <unfixed>
[bookworm] - linux 6.1.119-1
NOTE:
https://git.kernel.org/linus/5de195060b2e251a835f622759550e6202167641 (6.12-rc7)
@@ -12168,7 +12268,7 @@ CVE-2024-8625 (The TS Poll WordPress plugin before
2.4.0 does not sanitize and
NOT-FOR-US: WordPress plugin
CVE-2024-49215 (An issue was discovered in Sangoma Asterisk through 18.20.0,
19.x and ...)
NOTE: seems bogus, reached out to upstream
-CVE-2024-43689 (Stack-based buffer overflow vulnerability exists in
WAB-I1750-PS and W ...)
+CVE-2024-43689 (Stack-based buffer overflow vulnerability exists in ELECOM
wireless ac ...)
NOT-FOR-US: ELECOM
CVE-2024-10202 (Administrative Management System from Wellchoose has an OS
Command Inj ...)
NOT-FOR-US: Wellchoose Administrative Management System
@@ -23048,7 +23148,7 @@ CVE-2024-44944 (In the Linux kernel, the following
vulnerability has been resolv
- linux 6.10.3-1
[bookworm] - linux 6.1.106-1
NOTE:
https://git.kernel.org/linus/782161895eb4ac45cf7cfa8db375bd4766cb8299 (6.11-rc1)
-CVE-2024-42412 (Cross-site scripting vulnerability exists in WAB-I1750-PS and
WAB-S116 ...)
+CVE-2024-42412 (Cross-site scripting vulnerability exists in ELECOM wireless
access po ...)
NOT-FOR-US: WAB-I1750-PS and WAB-S1167-PS
CVE-2024-41349 (unmark 1.9.2 is vulnerable to Cross Site Scripting (XSS) via
applicati ...)
NOT-FOR-US: unmark
@@ -199499,7 +199599,7 @@ CVE-2022-33862 (IPP software prior to v1.71 is
vulnerable to default credential
CVE-2022-33861 (IPP software versions prior to v1.71 do not sufficiently
verify the au ...)
TODO: check
CVE-2022-33860
- RESERVED
+ REJECTED
CVE-2022-33859 (A security vulnerability was discovered in the Eaton Foreseer
EPMS sof ...)
NOT-FOR-US: Eaton Foreseer EPMS
CVE-2022-33858
@@ -360661,7 +360761,8 @@ CVE-2020-11313
REJECTED
CVE-2020-11312
REJECTED
-CVE-2020-11311 (This record is rejected as duplicate. All references should
point to C ...)
+CVE-2020-11311
+ REJECTED
TODO: check
CVE-2020-11310
REJECTED
@@ -467690,7 +467791,7 @@ CVE-2018-11883 (In all android releases (Android for
MSM, Firefox OS for MSM, QR
CVE-2018-11882 (Incorrect bound check can lead to potential buffer overwrite
in WLAN c ...)
NOT-FOR-US: Qualcomm components for Android
CVE-2018-11881
- RESERVED
+ REJECTED
CVE-2018-11880 (Incorrect bound check can lead to potential buffer overwrite
in WLAN f ...)
NOT-FOR-US: Qualcomm components for Android
CVE-2018-11879 (When the buffer length passed is very large, bounds check
could be byp ...)
View it on GitLab:
https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/c6b96c31436757d0f7f5eafd32048b3a47d94b22
--
View it on GitLab:
https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/c6b96c31436757d0f7f5eafd32048b3a47d94b22
You're receiving this email because of your account on salsa.debian.org.
_______________________________________________
debian-security-tracker-commits mailing list
[email protected]
https://alioth-lists.debian.net/cgi-bin/mailman/listinfo/debian-security-tracker-commits
