Salvatore Bonaccorso pushed to branch master at Debian Security Tracker /
security-tracker
Commits:
52ea3b0c by security tracker role at 2024-12-09T08:12:15+00:00
automatic update
- - - - -
1 changed file:
- data/CVE/list
Changes:
=====================================
data/CVE/list
=====================================
@@ -1,3 +1,67 @@
+CVE-2024-9651 (The Fluent Forms WordPress plugin before 5.2.1 does not
sanitise and ...)
+ TODO: check
+CVE-2024-55582 (Oxide before 6 has unencrypted Control Plane datastores.)
+ TODO: check
+CVE-2024-55580 (An issue was discovered in Qlik Sense Enterprise for Windows
before No ...)
+ TODO: check
+CVE-2024-55579 (An issue was discovered in Qlik Sense Enterprise for Windows
before No ...)
+ TODO: check
+CVE-2024-55578 (Zammad before 6.4.1 places sensitive data (such as
auth_microsoft_offi ...)
+ TODO: check
+CVE-2024-55566 (ColPack 1.0.10 through 9a7293a has a predictable temporary
file (locat ...)
+ TODO: check
+CVE-2024-55565 (nanoid (aka Nano ID) before 5.0.9 mishandles non-integer
values. 3.3.8 ...)
+ TODO: check
+CVE-2024-55564 (The POSIX::2008 package before 0.24 for Perl has a potential
_execve50 ...)
+ TODO: check
+CVE-2024-55563 (Bitcoin Core through 27.2 allows transaction-relay jamming via
an off- ...)
+ TODO: check
+CVE-2024-55560 (MailCleaner before 28d913e has default values of
ssh_host_dsa_key, ssh ...)
+ TODO: check
+CVE-2024-53285 (Improper neutralization of input during web page generation
('Cross-si ...)
+ TODO: check
+CVE-2024-53284 (Improper neutralization of input during web page generation
('Cross-si ...)
+ TODO: check
+CVE-2024-53283 (Improper neutralization of input during web page generation
('Cross-si ...)
+ TODO: check
+CVE-2024-53282 (Improper neutralization of input during web page generation
('Cross-si ...)
+ TODO: check
+CVE-2024-53281 (Improper neutralization of input during web page generation
('Cross-si ...)
+ TODO: check
+CVE-2024-53280 (Improper neutralization of input during web page generation
('Cross-si ...)
+ TODO: check
+CVE-2024-53279 (Improper neutralization of input during web page generation
('Cross-si ...)
+ TODO: check
+CVE-2024-12360 (A vulnerability was found in code-projects Online Class and
Exam Sched ...)
+ TODO: check
+CVE-2024-12359 (A vulnerability was found in code-projects Admin Dashboard
1.0. It has ...)
+ TODO: check
+CVE-2024-12358 (A vulnerability was found in WeiYe-Jing datax-web 2.1.1. It
has been c ...)
+ TODO: check
+CVE-2024-12357 (A vulnerability was found in SourceCodester Best House Rental
Manageme ...)
+ TODO: check
+CVE-2024-12355 (A vulnerability has been found in SourceCodester Phone Contact
Manager ...)
+ TODO: check
+CVE-2024-12354 (A vulnerability, which was classified as critical, was found
in Source ...)
+ TODO: check
+CVE-2024-12353 (A vulnerability, which was classified as problematic, has been
found i ...)
+ TODO: check
+CVE-2024-12352 (A vulnerability classified as problematic was found in
TOTOLINK EX1800 ...)
+ TODO: check
+CVE-2024-12351 (A vulnerability classified as critical has been found in
JFinalCMS 1.0 ...)
+ TODO: check
+CVE-2024-12350 (A vulnerability was found in JFinalCMS 1.0. It has been rated
as criti ...)
+ TODO: check
+CVE-2024-12349 (A vulnerability was found in JFinalCMS 1.0. It has been
declared as pr ...)
+ TODO: check
+CVE-2024-12348 (A vulnerability was found in Guizhou Xiaoma Technology jpress
5.1.2. I ...)
+ TODO: check
+CVE-2024-12347 (A vulnerability was found in Guangzhou Huayi Intelligent
Technology Je ...)
+ TODO: check
+CVE-2024-12346 (A vulnerability has been found in Talentera up to 20241128 and
classif ...)
+ TODO: check
+CVE-2024-12344 (A vulnerability, which was classified as critical, was found
in TP-Lin ...)
+ TODO: check
CVE-2024-12343 (A vulnerability classified as critical has been found in
TP-Link VN020 ...)
NOT-FOR-US: TP-Link
CVE-2024-53473 (WeGIA 3.2.0 before 3998672 does not verify permission to
change a pass ...)
@@ -59023,6 +59087,7 @@ CVE-2024-34069 (Werkzeug is a comprehensive WSGI web
application library. The de
NOTE: Fixed by:
https://github.com/pallets/werkzeug/commit/71b69dfb7df3d912e66bab87fbb1f21f83504967
(3.0.3)
NOTE: Fixed by:
https://github.com/pallets/werkzeug/commit/890b6b62634fa61224222aee31081c61b054ff01
(3.0.3)
CVE-2024-34064 (Jinja is an extensible templating engine. The `xmlattr` filter
in affe ...)
+ {DLA-3988-1}
- jinja2 <unfixed> (bug #1070712)
[bookworm] - jinja2 <no-dsa> (Minor issue)
[buster] - jinja2 <postponed> (Minor issue)
@@ -91381,7 +91446,7 @@ CVE-2023-4246 (The GiveWP plugin for WordPress is
vulnerable to Cross-Site Reque
CVE-2022-4958 (A vulnerability classified as problematic has been found in
qkmc-rk re ...)
NOT-FOR-US: qkmc-rk redbbs
CVE-2024-22195 (Jinja is an extensible templating engine. Special placeholders
in the ...)
- {DLA-3715-1}
+ {DLA-3988-1 DLA-3715-1}
- jinja2 3.1.3-1 (bug #1060748)
[bookworm] - jinja2 <no-dsa> (Minor issue)
NOTE:
https://github.com/pallets/jinja/security/advisories/GHSA-h5c8-rqwp-cp95
@@ -125033,7 +125098,7 @@ CVE-2023-34335 (AMI BMC contains a vulnerability in
the IPMI handler, where an u
CVE-2023-34334 (AMI BMC contains a vulnerability in the SPX REST API, where an
attacke ...)
NOT-FOR-US: AMI BMC
CVE-2023-34246 (Doorkeeper is an OAuth 2 provider for Ruby on Rails / Grape.
Prior to ...)
- {DLA-3494-1}
+ {DLA-3989-1 DLA-3494-1}
[experimental] - ruby-doorkeeper 5.6.6-1
- ruby-doorkeeper 5.6.6-2 (bug #1038950)
[bookworm] - ruby-doorkeeper <no-dsa> (Minor issue)
View it on GitLab:
https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/52ea3b0cd8939c75d1678a21f7b3ad7b21273bef
--
View it on GitLab:
https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/52ea3b0cd8939c75d1678a21f7b3ad7b21273bef
You're receiving this email because of your account on salsa.debian.org.
_______________________________________________
debian-security-tracker-commits mailing list
[email protected]
https://alioth-lists.debian.net/cgi-bin/mailman/listinfo/debian-security-tracker-commits
