Salvatore Bonaccorso pushed to branch master at Debian Security Tracker /
security-tracker
Commits:
ad12ba9d by security tracker role at 2024-12-10T08:12:03+00:00
automatic update
- - - - -
1 changed file:
- data/CVE/list
Changes:
=====================================
data/CVE/list
=====================================
@@ -1,4 +1,80 @@
-CVE-2024-12369
+CVE-2024-9672 (A reflected cross-site scripting (XSS) vulnerability exists in
PaperCu ...)
+ TODO: check
+CVE-2024-55638 (Deserialization of Untrusted Data vulnerability in Drupal Core
allows ...)
+ TODO: check
+CVE-2024-55637 (Deserialization of Untrusted Data vulnerability in Drupal Core
allows ...)
+ TODO: check
+CVE-2024-55636 (Deserialization of Untrusted Data vulnerability in Drupal Core
allows ...)
+ TODO: check
+CVE-2024-55635 (Improper Neutralization of Input During Web Page Generation
(XSS or 'C ...)
+ TODO: check
+CVE-2024-55634 (A vulnerability in Drupal Core allows Privilege
Escalation.This issue ...)
+ TODO: check
+CVE-2024-55601 (Hugo is a static site generator. Starting in version 0.123.0
and prior ...)
+ TODO: check
+CVE-2024-54198 (In certain conditions, SAP NetWeaver Application Server ABAP
allows an ...)
+ TODO: check
+CVE-2024-54197 (SAP NetWeaver Administrator(System Overview) allows an
authenticated a ...)
+ TODO: check
+CVE-2024-54151 (Directus is a real-time API and App dashboard for managing SQL
databas ...)
+ TODO: check
+CVE-2024-54149 (Winter is a free, open-source content management system (CMS)
based on ...)
+ TODO: check
+CVE-2024-53919 (An injection vulnerability in Barco ClickShare CX-30/20,
C-5/10, and C ...)
+ TODO: check
+CVE-2024-53552 (CrushFTP 10 before 10.8.3 and 11 before 11.2.3 mishandles
password res ...)
+ TODO: check
+CVE-2024-50628 (An issue was discovered in the web services of Digi
ConnectPort LTS be ...)
+ TODO: check
+CVE-2024-50627 (An issue was discovered in Digi ConnectPort LTS before 1.4.12.
A Privi ...)
+ TODO: check
+CVE-2024-50626 (An issue was discovered in Digi ConnectPort LTS before 1.4.12.
A Direc ...)
+ TODO: check
+CVE-2024-50625 (An issue was discovered in Digi ConnectPort LTS before 1.4.12.
A vulne ...)
+ TODO: check
+CVE-2024-47946 (If the attacker has access to a valid Poweruser session,
remote code e ...)
+ TODO: check
+CVE-2024-47585 (SAP NetWeaver Application Server for ABAP and ABAP Platform
allows an ...)
+ TODO: check
+CVE-2024-47582 (Due to missing validation of XML input, an unauthenticated
attacker co ...)
+ TODO: check
+CVE-2024-47581 (SAP HCM Approve Timesheets Version 4 application does not
perform nece ...)
+ TODO: check
+CVE-2024-47580 (An attacker authenticated as an administrator can use an
exposed webse ...)
+ TODO: check
+CVE-2024-47579 (An attacker authenticated as an administrator can use an
exposed webse ...)
+ TODO: check
+CVE-2024-47578 (Adobe Document Service allows an attacker with administrator
privilege ...)
+ TODO: check
+CVE-2024-47577 (Webservice API endpoints for Assisted Service Module within
SAP Commer ...)
+ TODO: check
+CVE-2024-47576 (SAP Product Lifecycle Costing Client (versions below 4.7.1)
applicatio ...)
+ TODO: check
+CVE-2024-46455 (unstructured v.0.14.2 and before is vulnerable to XML External
Entity ...)
+ TODO: check
+CVE-2024-37144 (Dell PowerFlex appliance versions prior to IC 46.381.00 and IC
46.376. ...)
+ TODO: check
+CVE-2024-37143 (Dell PowerFlex appliance versions prior to IC 46.381.00 and IC
46.376. ...)
+ TODO: check
+CVE-2024-32732 (Under certain conditions SAP BusinessObjects Business
Intelligence pla ...)
+ TODO: check
+CVE-2024-28138 (An unauthenticated attacker with network access to the
affected device ...)
+ TODO: check
+CVE-2024-21542 (Versions of the package luigi before 3.6.0 are vulnerable to
Arbitrary ...)
+ TODO: check
+CVE-2024-12393 (Improper Neutralization of Input During Web Page Generation
(XSS or 'C ...)
+ TODO: check
+CVE-2024-12174 (An Improper Certificate Validation vulnerability exists in
Tenable Sec ...)
+ TODO: check
+CVE-2024-11205 (The WPForms plugin for WordPress is vulnerable to unauthorized
modific ...)
+ TODO: check
+CVE-2024-11107 (The System Dashboard WordPress plugin before 2.8.15 does not
sanitise ...)
+ TODO: check
+CVE-2024-10708 (The System Dashboard WordPress plugin before 2.8.15 does not
validate ...)
+ TODO: check
+CVE-2023-6947 (The Best WordPress Gallery Plugin \u2013 FooGallery plugin for
WordPre ...)
+ TODO: check
+CVE-2024-12369 (A vulnerability was found in OIDC-Client. When using the RH
SSO OIDC a ...)
NOT-FOR-US: elytron-oidc-client
CVE-2024-8259 (Improper Neutralization of Special Elements used in an SQL
Command ('S ...)
NOT-FOR-US: Eryaz Information Technologies NatraCar B2B Dealer
Management Program
@@ -15284,7 +15360,8 @@ CVE-2023-52917 (In the Linux kernel, the following
vulnerability has been resolv
NOTE:
https://git.kernel.org/linus/e229897d373a87ee09ec5cc4ecd4bb2f895fc16b (6.12-rc1)
CVE-2024-8625 (The TS Poll WordPress plugin before 2.4.0 does not sanitize
and escap ...)
NOT-FOR-US: WordPress plugin
-CVE-2024-49215 (An issue was discovered in Sangoma Asterisk through 18.20.0,
19.x and ...)
+CVE-2024-49215
+ REJECTED
NOTE: seems bogus, reached out to upstream
CVE-2024-43689 (Stack-based buffer overflow vulnerability exists in ELECOM
wireless ac ...)
NOT-FOR-US: ELECOM
View it on GitLab:
https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/ad12ba9dacb7c7f582d2211a361e08c1ecf3c959
--
View it on GitLab:
https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/ad12ba9dacb7c7f582d2211a361e08c1ecf3c959
You're receiving this email because of your account on salsa.debian.org.
_______________________________________________
debian-security-tracker-commits mailing list
[email protected]
https://alioth-lists.debian.net/cgi-bin/mailman/listinfo/debian-security-tracker-commits
