[Git][security-tracker-team/security-tracker][master] automatic update

Salvatore Bonaccorso (@carnil) Wed, 04 Dec 2024 00:12:31 -0800


Salvatore Bonaccorso pushed to branch master at Debian Security Tracker / 
security-tracker



Commits:
f34e26d7 by security tracker role at 2024-12-04T08:12:01+00:00
automatic update

- - - - -


1 changed file:

- data/CVE/list


Changes:

=====================================
data/CVE/list
=====================================
@@ -1,3 +1,101 @@
+CVE-2024-9404 (Moxa\u2019s IP Cameras are affected by a medium-severity 
vulnerability ...)
+       TODO: check
+CVE-2024-54664 (An issue was discovered in Veritas NetBackup before 10.5. This 
only ap ...)
+       TODO: check
+CVE-2024-54661 (readline.sh in socat through 1.8.0.1 relies on the 
/tmp/$USER/stderr2  ...)
+       TODO: check
+CVE-2024-54131 (The Kolide Agent (aka: Launcher) is the lightweight agent 
designed to  ...)
+       TODO: check
+CVE-2024-53672 (A vulnerability in the ClearPass Policy Manager web-based 
management i ...)
+       TODO: check
+CVE-2024-53502 (Seecms v4.8 was discovered to contain a SQL injection 
vulnerability in ...)
+       TODO: check
+CVE-2024-51773 (A vulnerability in the HPE Aruba Networking ClearPass Policy 
Manager w ...)
+       TODO: check
+CVE-2024-51772 (An authenticated RCE vulnerability in the ClearPass Policy 
Manager web ...)
+       TODO: check
+CVE-2024-51363 (Insecure deserialization in Hodoku v2.3.0 to v2.3.2 allows 
attackers t ...)
+       TODO: check
+CVE-2024-46625 (An authenticated arbitrary file upload vulnerability in the 
/documentC ...)
+       TODO: check
+CVE-2024-46624 (An issue in InfoDom Performa 365 v4.0.1 allows authenticated 
attackers ...)
+       TODO: check
+CVE-2024-45757 (An issue was discovered in Centreon centreon-bam 24.04, 23.10, 
23.04,  ...)
+       TODO: check
+CVE-2024-45717 (The SolarWinds Platform was susceptible to a XSS vulnerability 
that af ...)
+       TODO: check
+CVE-2024-45207 (DLL injection in Veeam Agent for Windows can occur if the 
system's PAT ...)
+       TODO: check
+CVE-2024-45206 (A vulnerability in Veeam Service Provider Console has been 
identified, ...)
+       TODO: check
+CVE-2024-45205 (An Improper Certificate Validation on the UniFi iOS App 
managing a sta ...)
+       TODO: check
+CVE-2024-45204 (A vulnerability exists where a low-privileged user can exploit 
insuffi ...)
+       TODO: check
+CVE-2024-42457 (A vulnerability in Veeam Backup & Replication allows users 
with certai ...)
+       TODO: check
+CVE-2024-42456 (A vulnerability in Veeam Backup & Replication platform allows 
a low-pr ...)
+       TODO: check
+CVE-2024-42455 (A vulnerability in Veeam Backup & Replication allows a 
low-privileged  ...)
+       TODO: check
+CVE-2024-42453 (A vulnerability Veeam Backup & Replication allows 
low-privileged users ...)
+       TODO: check
+CVE-2024-42452 (A vulnerability in Veeam Backup & Replication allows a 
low-privileged  ...)
+       TODO: check
+CVE-2024-42451 (A vulnerability in Veeam Backup & Replication allows 
low-privileged us ...)
+       TODO: check
+CVE-2024-42449 (From the VSPC management agent machine, under condition that 
the manag ...)
+       TODO: check
+CVE-2024-40717 (A vulnerability in Veeam Backup & Replication allows a 
low-privileged  ...)
+       TODO: check
+CVE-2024-40391
+       REJECTED
+CVE-2024-12123 (A hidden field manipulation vulnerability was identified in 
Issuetrak  ...)
+       TODO: check
+CVE-2024-12099 (The Dollie Hub \u2013 Build Your Own WordPress Cloud Platform 
plugin f ...)
+       TODO: check
+CVE-2024-11985 (An improper input validation vulnerability leads to device 
crashes in  ...)
+       TODO: check
+CVE-2024-11903 (The WP eCards plugin for WordPress is vulnerable to Stored 
Cross-Site  ...)
+       TODO: check
+CVE-2024-11897 (The Contact Form, Survey & Form Builder \u2013 MightyForms 
plugin for  ...)
+       TODO: check
+CVE-2024-11813 (The Pulsating Chat Button plugin for WordPress is vulnerable 
to Cross- ...)
+       TODO: check
+CVE-2024-11807 (The NPS computy plugin for WordPress is vulnerable to 
Reflected Cross- ...)
+       TODO: check
+CVE-2024-11769 (The Flower Delivery by Florist One plugin for WordPress is 
vulnerable  ...)
+       TODO: check
+CVE-2024-11747 (The Responsive Videos plugin for WordPress is vulnerable to 
Stored Cro ...)
+       TODO: check
+CVE-2024-11479 (A HTML Injection vulnerability was identified in Issuetrak 
version 17. ...)
+       TODO: check
+CVE-2024-11466 (The Intro Tour Tutorial DeepPresentation plugin for WordPress 
is vulne ...)
+       TODO: check
+CVE-2024-11398 (Improper limitation of a pathname to a restricted directory 
('Path Tra ...)
+       TODO: check
+CVE-2024-11293 (The  Registration Forms \u2013 User Registration Forms, 
Invitation-Bas ...)
+       TODO: check
+CVE-2024-11093 (The SG Helper plugin for WordPress is vulnerable to Stored 
Cross-Site  ...)
+       TODO: check
+CVE-2024-10952 (The The Authors List plugin for WordPress is vulnerable to 
arbitrary s ...)
+       TODO: check
+CVE-2024-10885 (The SearchIQ \u2013 The Search Solution plugin for WordPress 
is vulner ...)
+       TODO: check
+CVE-2024-10832 (The Posti Shipping plugin for WordPress is vulnerable to 
Cross-Site Re ...)
+       TODO: check
+CVE-2024-10664 (The Knowledge Base documentation & wiki plugin \u2013 
BasePress Docs p ...)
+       TODO: check
+CVE-2024-10663 (The Eleblog \u2013 Elementor Blog And Magazine Addons plugin 
for WordP ...)
+       TODO: check
+CVE-2024-10587 (The Interactive Contact Form and Multi Step Form Builder with 
Drag & D ...)
+       TODO: check
+CVE-2023-6978 (The WP Job Manager \u2013 Company Profiles plugin for WordPress 
is vul ...)
+       TODO: check
+CVE-2023-52944 (Incorrect authorization vulnerability in ActionRule webapi 
component i ...)
+       TODO: check
+CVE-2023-52943 (Incorrect authorization vulnerability in Alert.Setting webapi 
componen ...)
+       TODO: check
 CVE-2024-9978 (in OpenHarmony v4.1.1 and prior versions allow a local attacker 
cause  ...)
        NOT-FOR-US: OpenHarmony
 CVE-2024-54000 (Mobile Security Framework (MobSF) is a pen-testing, malware 
analysis a ...)
@@ -213,7 +311,7 @@ CVE-2024-53981 (python-multipart is a streaming multipart 
parser for Python. Whe
        NOTE: 
https://github.com/Kludex/python-multipart/security/advisories/GHSA-59g5-xgcq-4qw3
        NOTE: Fixed by: 
https://github.com/Kludex/python-multipart/commit/9205a0ec8c646b9f705430a6bfb52bd957b76c19
 (0.0.18)
        NOTE: Fixed by: 
https://github.com/Kludex/python-multipart/commit/c4fe4d3cebc08c660e57dd709af1ffa7059b3177
 (0.0.19)
-CVE-2024-53900 (Mongoose before 8.8.3 can improperly use $where in match.)
+CVE-2024-53900 (Mongoose before 8.8.3 can improperly use $where in match, 
leading to s ...)
        TODO: check
 CVE-2024-53862 (Argo Workflows is an open source container-native workflow 
engine for  ...)
        NOT-FOR-US: Argo Workflows
@@ -315,7 +413,7 @@ CVE-2024-53617 (A Cross Site Scripting vulnerability in 
LibrePhotos before commi
        NOT-FOR-US: LibrePhotos
 CVE-2024-53566 (An issue in the action_listcategories() function of Sangoma 
Asterisk v ...)
        TODO: check
-CVE-2024-53564 (An authenticated arbitrary file upload vulnerability in the 
component  ...)
+CVE-2024-53564 (A serious vulnerability was discovered in FreePBX 17.0.19.17. 
FreePBX  ...)
        NOT-FOR-US: FreePBX
 CVE-2024-53484 (Ever Traduora 0.20.0 and below is vulnerable to Privilege 
Escalation d ...)
        NOT-FOR-US: Ever Traduora
@@ -1646,7 +1744,7 @@ CVE-2024-6393 (The Photo Gallery, Sliders, Proofing and   
WordPress plugin befor
        NOT-FOR-US: WordPress plugin
 CVE-2024-53930 (WikiDocs before 1.0.65 allows stored XSS by authenticated 
users via da ...)
        NOT-FOR-US: WikiDocs
-CVE-2024-53916 (In OpenStack Neutron through 25.0.0, 
neutron/extensions/tagging.py can ...)
+CVE-2024-53916 (In OpenStack Neutron before 25.0.1, 
neutron/extensions/tagging.py can  ...)
        - neutron 2:25.0.0-2 (bug #1088802)
        [bookworm] - neutron <not-affected> (Vulnerable code not present)
        [bullseye] - neutron <not-affected> (Vulnerable code not present)
@@ -3002,7 +3100,7 @@ CVE-2024-44306 (A buffer overflow issue was addressed 
with improved memory handl
        NOT-FOR-US: Apple
 CVE-2024-33439 (An issue in Kasda LinkSmart Router KW5515 v1.7 and before 
allows an au ...)
        NOT-FOR-US: Kasda LinkSmart Router KW5515
-CVE-2024-30896 (InfluxDB through 2.7.10 allows allAccess administrators to 
retrieve al ...)
+CVE-2024-30896 (InfluxDB OSS 2.x through 2.7.11 stores the administrative 
operator tok ...)
        - influxdb <not-affected> (influxdb 1.x doesn't have multi tenancy yet)
        NOTE: https://github.com/influxdata/influxdb/issues/24797
        NOTE: https://github.com/XenoM0rph97/CVE-2024-30896



View it on GitLab: 
https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/f34e26d7ac1a5f89a7d3605316e33c454430fd5f

-- 
View it on GitLab: 
https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/f34e26d7ac1a5f89a7d3605316e33c454430fd5f
You're receiving this email because of your account on salsa.debian.org.

_______________________________________________
debian-security-tracker-commits mailing list
[email protected]
https://alioth-lists.debian.net/cgi-bin/mailman/listinfo/debian-security-tracker-commits

[Git][security-tracker-team/security-tracker][master] automatic update

Reply via email to