Salvatore Bonaccorso pushed to branch master at Debian Security Tracker /
security-tracker
Commits:
61f356a0 by security tracker role at 2024-12-05T20:12:04+00:00
automatic update
- - - - -
1 changed file:
- data/CVE/list
Changes:
=====================================
data/CVE/list
=====================================
@@ -1,3 +1,161 @@
+CVE-2024-6784 (Server-Side Request Forgery vulnerabilities were found
providing a pot ...)
+ TODO: check
+CVE-2024-6516 (Cross Site Scripting vulnerabilities where found providing a
potential ...)
+ TODO: check
+CVE-2024-6515 (Web browser interface may manipulate application
username/password in ...)
+ TODO: check
+CVE-2024-54679 (CyberPanel (aka Cyber Panel) before 6778ad1 does not require
the Filem ...)
+ TODO: check
+CVE-2024-54130 (The NASA\u2019s Interplanetary Overlay Network (ION) is an
implementat ...)
+ TODO: check
+CVE-2024-54129 (The NASA\u2019s Interplanetary Overlay Network (ION) is an
implementat ...)
+ TODO: check
+CVE-2024-54128 (Directus is a real-time API and App dashboard for managing SQL
databas ...)
+ TODO: check
+CVE-2024-54127 (This vulnerability exists in the TP-Link Archer C50 due to
presence of ...)
+ TODO: check
+CVE-2024-54126 (This vulnerability exists in the TP-Link Archer C50 due to
improper si ...)
+ TODO: check
+CVE-2024-54001 (Kanboard is project management software that focuses on the
Kanban met ...)
+ TODO: check
+CVE-2024-53857 (rPGP is a pure Rust implementation of OpenPGP. Prior to
0.14.1, rPGP a ...)
+ TODO: check
+CVE-2024-53856 (rPGP is a pure Rust implementation of OpenPGP. Prior to
0.14.1, rPGP a ...)
+ TODO: check
+CVE-2024-53846 (OTP is a set of Erlang libraries, which consists of the Erlang
runtime ...)
+ TODO: check
+CVE-2024-53703 (A vulnerability in the SonicWall SMA100 SSLVPN firmware
10.2.1.13-72sv ...)
+ TODO: check
+CVE-2024-53702 (Use of cryptographically weak pseudo-random number generator
(PRNG) vu ...)
+ TODO: check
+CVE-2024-53490 (Favorites-web 1.3.0 favorites-web has a directory traversal
vulnerabil ...)
+ TODO: check
+CVE-2024-53472 (WeGIA v3.2.0 was discovered to contain a Cross-Site Request
Forgery (C ...)
+ TODO: check
+CVE-2024-53471 (Multiple stored cross-site scripting (XSS) vulnerabilities in
the comp ...)
+ TODO: check
+CVE-2024-53470 (Multiple stored cross-site scripting (XSS) vulnerabilities in
the comp ...)
+ TODO: check
+CVE-2024-53442 (whapa v1.59 is vulnerable to Command Injection via a crafted
filename ...)
+ TODO: check
+CVE-2024-52564 (Inclusion of undocumented features or chicken bits issue
exists in UD- ...)
+ TODO: check
+CVE-2024-52271 (User Interface (UI) Misrepresentation of Critical Information
vulnerab ...)
+ TODO: check
+CVE-2024-52270 (User Interface (UI) Misrepresentation of Critical Information
vulnerab ...)
+ TODO: check
+CVE-2024-51555 (Default Credentail vulnerabilities allows access to an Aspect
device u ...)
+ TODO: check
+CVE-2024-51554 (Default Credentail vulnerabilities in ASPECT on Linux allows
access to ...)
+ TODO: check
+CVE-2024-51551 (Default Credentail vulnerabilities in ASPECT on Linux allows
access to ...)
+ TODO: check
+CVE-2024-51550 (Data Validation / Data Sanitization vulnerabilities in Linux
allows u ...)
+ TODO: check
+CVE-2024-51549 (Absolute File Traversal vulnerabilities allows access and
modificatio ...)
+ TODO: check
+CVE-2024-51548 (Dangerous File Upload vulnerabilities allow upload of
malicious script ...)
+ TODO: check
+CVE-2024-51546 (Credentials Disclosure vulnerabilities allow access to on
board projec ...)
+ TODO: check
+CVE-2024-51545 (Username Enumeration vulnerabilities allow access to
application level ...)
+ TODO: check
+CVE-2024-51544 (Service Control vulnerabilities allow access to service
restart reques ...)
+ TODO: check
+CVE-2024-51543 (Information Disclosure vulnerabilities allow access to
application con ...)
+ TODO: check
+CVE-2024-51542 (Configuration Download vulnerabilities allow access to
dependency conf ...)
+ TODO: check
+CVE-2024-51541 (Local File Inclusion vulnerabilities allow access to sensitive
system ...)
+ TODO: check
+CVE-2024-48847 (MD5 Checksum Bypass vulnerabilities where found exploiting a
weakness ...)
+ TODO: check
+CVE-2024-48846 (Cross Site Request Forgery vulnerabilities where found
providing a pot ...)
+ TODO: check
+CVE-2024-48845 (Weak Password Reset Rules vulnerabilities where found
providing a pot ...)
+ TODO: check
+CVE-2024-48844 (Denial of Service vulnerabilities where found providing a
potiential f ...)
+ TODO: check
+CVE-2024-48843 (Denial of Service vulnerabilities where found providing a
potiential f ...)
+ TODO: check
+CVE-2024-48840 (Unauthorized Access vulnerabilities allow Remote Code
Execution. Affec ...)
+ TODO: check
+CVE-2024-48839 (Improper Input Validation vulnerability allows Remote Code
Execution. ...)
+ TODO: check
+CVE-2024-47133 (UD-LT1 firmware Ver.2.1.8 and earlier and UD-LT1/EX firmware
Ver.2.1.8 ...)
+ TODO: check
+CVE-2024-45841 (Incorrect permission assignment for critical resource issue
exists in ...)
+ TODO: check
+CVE-2024-45319 (A vulnerability in the SonicWall SMA100 SSLVPN
firmware10.2.1.13-72s ...)
+ TODO: check
+CVE-2024-45318 (A vulnerability in the SonicWall SMA100 SSLVPN web management
interfac ...)
+ TODO: check
+CVE-2024-41579 (DTStack Taier 1.4.0 allows remote attackers to specify the
jobName par ...)
+ TODO: check
+CVE-2024-40763 (Heap-based buffer overflow vulnerability in the SonicWall
SMA100 SSLVP ...)
+ TODO: check
+CVE-2024-12247 (Mattermost versions 9.7.x <= 9.7.5, 9.8.x <= 9.8.2 and 9.9.x
<= 9.9.2 ...)
+ TODO: check
+CVE-2024-12235 (A vulnerability was found in Shenzhen Dashi Tongzhou
Information Techn ...)
+ TODO: check
+CVE-2024-12234 (A vulnerability was found in 1000 Projects Beauty Parlour
Management S ...)
+ TODO: check
+CVE-2024-12233 (A vulnerability was found in code-projects Online Notice Board
up to 1 ...)
+ TODO: check
+CVE-2024-12232 (A vulnerability has been found in code-projects Simple CRUD
Functional ...)
+ TODO: check
+CVE-2024-12231 (A vulnerability, which was classified as critical, was found
in CodeZi ...)
+ TODO: check
+CVE-2024-12230 (A vulnerability, which was classified as critical, has been
found in P ...)
+ TODO: check
+CVE-2024-12229 (A vulnerability classified as critical was found in PHPGurukul
Complai ...)
+ TODO: check
+CVE-2024-12228 (A vulnerability classified as critical has been found in
PHPGurukul Co ...)
+ TODO: check
+CVE-2024-12227 (A vulnerability, which was classified as problematic, was
found in MSI ...)
+ TODO: check
+CVE-2024-12130 (An \u201cout of bounds read\u201d code execution vulnerability
exists ...)
+ TODO: check
+CVE-2024-12094 (This vulnerability exists in the Tinxy mobile app due to
storage of lo ...)
+ TODO: check
+CVE-2024-11942 (A vulnerability in Drupal Core allows File Manipulation.This
issue aff ...)
+ TODO: check
+CVE-2024-11941 (A vulnerability in Drupal Core allows Excessive
Allocation.This issue ...)
+ TODO: check
+CVE-2024-11779 (The WIP WooCarousel Lite plugin for WordPress is vulnerable to
Stored ...)
+ TODO: check
+CVE-2024-11420 (The Blocksy theme for WordPress is vulnerable to Stored
Cross-Site Scr ...)
+ TODO: check
+CVE-2024-11341 (The Simple Redirection plugin for WordPress is vulnerable to
Cross-Sit ...)
+ TODO: check
+CVE-2024-11324 (The Accounting for WooCommerce plugin for WordPress is
vulnerable to R ...)
+ TODO: check
+CVE-2024-11317 (Session Fixation vulnerabilities allow an attacker to fix a
users sess ...)
+ TODO: check
+CVE-2024-11316 (Fileszie Check vulnerabilities allow a malicious user to
bypass size l ...)
+ TODO: check
+CVE-2024-11158 (An \u201cuninitialized variable\u201d code execution
vulnerability exi ...)
+ TODO: check
+CVE-2024-11156 (An \u201cout of bounds write\u201d code execution
vulnerability exist ...)
+ TODO: check
+CVE-2024-11155 (A \u201cuse after free\u201d code execution vulnerability
exists in t ...)
+ TODO: check
+CVE-2024-11148 (In OpenBSD 7.4 before errata 006 and OpenBSD 7.3 before errata
020, ht ...)
+ TODO: check
+CVE-2024-10937 (The Related Posts, Inline Related Posts, Contextual Related
Posts, Rel ...)
+ TODO: check
+CVE-2024-10848 (The NewsMunch theme for WordPress is vulnerable to Stored
Cross-Site S ...)
+ TODO: check
+CVE-2024-10777 (The AnyWhere Elementor plugin for WordPress is vulnerable to
Informati ...)
+ TODO: check
+CVE-2024-10716 (Pega Platform versions 8.1 to Infinity 24.2.0 are affected by
an XSS i ...)
+ TODO: check
+CVE-2024-10056 (The Contact Form Builder by vcita plugin for WordPress is
vulnerable t ...)
+ TODO: check
+CVE-2023-50913 (Oxide control plane software before 5 allows SSRF.)
+ TODO: check
+CVE-2023-48010 (STMicroelectronics SPC58 is vulnerable to Missing Protection
Mechanism ...)
+ TODO: check
CVE-2024-54675 (app/webroot/js/workflows-editor/workflows-editor.js in MISP
through 2. ...)
NOT-FOR-US: MISP
CVE-2024-54674 (app/View/GalaxyClusters/cluster_export_misp_galaxy.ctp in MISP
through ...)
@@ -78,7 +236,7 @@ CVE-2024-52278
REJECTED
CVE-2024-52277 (User Interface (UI) Misrepresentation of Critical Information
vulnerab ...)
NOT-FOR-US: DocuSeal
-CVE-2024-52276 (** INITIAL LIMITED RELEASE ** User Interface (UI)
Misrepresentation o ...)
+CVE-2024-52276 (User Interface (UI) Misrepresentation of Critical Information
vulnerab ...)
TODO: check
CVE-2024-52275 (Stack-based Buffer Overflow vulnerability in Shenzhen Tenda
Technology ...)
NOT-FOR-US: Tenda
@@ -88,7 +246,7 @@ CVE-2024-52273 (Stack-based Buffer Overflow vulnerability in
Shenzhen Tenda Tech
NOT-FOR-US: Tenda
CVE-2024-52272 (Stack-based Buffer Overflow vulnerability in Shenzhen Tenda
Technology ...)
NOT-FOR-US: Tenda
-CVE-2024-52269 (** INITIAL LIMITED RELEASE ** User Interface (UI)
Misrepresentation o ...)
+CVE-2024-52269 (User Interface (UI) Misrepresentation of Critical Information
vulnerab ...)
TODO: check
CVE-2024-51465 (IBM App Connect Enterprise Certified Container 11.4, 11.5,
11.6, 12.0, ...)
NOT-FOR-US: IBM
@@ -38960,9 +39118,9 @@ CVE-2024-6505 (A flaw was found in the virtio-net
device in QEMU. When enabling
[bookworm] - qemu <no-dsa> (Minor issue)
[bullseye] - qemu <no-dsa> (Minor issue)
NOTE: https://bugzilla.redhat.com/show_bug.cgi?id=2295760
-CVE-2024-6298 (Improper Input Validation vulnerability in ABB
ASPECT-Enterprise on Li ...)
+CVE-2024-6298 (Unauthorized file access in WEB Server in ABB ASPECT -
Enterprise v3.0 ...)
NOT-FOR-US: ABB
-CVE-2024-6209 (Unauthorized file access in WEB Server in ABB ASPECT -
Enterprise v <= ...)
+CVE-2024-6209 (Unauthorized file access in WEB Server in ABB ASPECT -
Enterprise v3.0 ...)
NOT-FOR-US: ABB
CVE-2024-5753 (vanna-ai/vanna version v0.3.4 is vulnerable to SQL injection in
some f ...)
NOT-FOR-US: vanna-ai/vanna
@@ -181364,8 +181522,7 @@ CVE-2022-41139 (MITRE CALDERA 4.1.0 allows stored XSS
via app.contact.gist (aka
CVE-2022-41138 (In Zutty before 0.13, DECRQSS in text written to the terminal
can achi ...)
- zutty 0.13.0.20220910.112547+dfsg1-1
NOTE:
https://github.com/tomszilagyi/zutty/commit/bde7458c60a7bafe08bbeaafbf861eb865edfa38
(0.13)
-CVE-2022-41137
- RESERVED
+CVE-2022-41137 (Apache HiveMetastore (HMS)
usesSerializationUtilities#deserializeObjec ...)
NOT-FOR-US: Apache Hive
CVE-2022-40704 (A XSS vulnerability was found in
phoromatic_r_add_test_details.php in ...)
- phoronix-test-suite <removed>
View it on GitLab:
https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/61f356a0074fe6ed96bd9d6cae0019f728597831
--
View it on GitLab:
https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/61f356a0074fe6ed96bd9d6cae0019f728597831
You're receiving this email because of your account on salsa.debian.org.
_______________________________________________
debian-security-tracker-commits mailing list
[email protected]
https://alioth-lists.debian.net/cgi-bin/mailman/listinfo/debian-security-tracker-commits
