[Git][security-tracker-team/security-tracker][master] automatic update

Salvatore Bonaccorso (@carnil) Wed, 11 Dec 2024 12:22:56 -0800


Salvatore Bonaccorso pushed to branch master at Debian Security Tracker / 
security-tracker



Commits:
6b61fa05 by security tracker role at 2024-12-11T20:12:46+00:00
automatic update

- - - - -


1 changed file:

- data/CVE/list


Changes:

=====================================
data/CVE/list
=====================================
@@ -1,7 +1,143 @@
-CVE-2024-12382
+CVE-2024-9845 (Under specific circumstances, insecure permissions in Ivanti 
Automatio ...)
+       TODO: check
+CVE-2024-8496 (Under specific circumstances, insecure permissions in Ivanti 
Workspace ...)
+       TODO: check
+CVE-2024-55587 (python-libarchive through 4.2.1 allows directory traversal (to 
create  ...)
+       TODO: check
+CVE-2024-54269 (Missing Authorization vulnerability in Ninja Team Notibar 
allows Explo ...)
+       TODO: check
+CVE-2024-53677 (File upload logic is flawed vulnerability in Apache Struts.  
This issu ...)
+       TODO: check
+CVE-2024-51460 (IBM InfoSphere Information Server 11.7 could allow an 
authenticated us ...)
+       TODO: check
+CVE-2024-50585 (Users who click on a malicious link or visit a website under 
the contr ...)
+       TODO: check
+CVE-2024-50339 (GLPI is a free asset and IT management software package. 
Starting in v ...)
+       TODO: check
+CVE-2024-48912 (GLPI is a free asset and IT management software package. 
Starting in v ...)
+       TODO: check
+CVE-2024-47835 (GStreamer is a library for constructing graphs of 
media-handling compo ...)
+       TODO: check
+CVE-2024-47834 (GStreamer is a library for constructing graphs of 
media-handling compo ...)
+       TODO: check
+CVE-2024-47778 (GStreamer is a library for constructing graphs of 
media-handling compo ...)
+       TODO: check
+CVE-2024-47777 (GStreamer is a library for constructing graphs of 
media-handling compo ...)
+       TODO: check
+CVE-2024-47776 (GStreamer is a library for constructing graphs of 
media-handling compo ...)
+       TODO: check
+CVE-2024-47775 (GStreamer is a library for constructing graphs of 
media-handling compo ...)
+       TODO: check
+CVE-2024-47774 (GStreamer is a library for constructing graphs of 
media-handling compo ...)
+       TODO: check
+CVE-2024-47761 (GLPI is a free asset and IT management software package. 
Starting in v ...)
+       TODO: check
+CVE-2024-47760 (GLPI is a free asset and IT management software package. 
Starting in v ...)
+       TODO: check
+CVE-2024-47758 (GLPI is a free asset and IT management software package. 
Starting in v ...)
+       TODO: check
+CVE-2024-47615 (GStreamer is a library for constructing graphs of 
media-handling compo ...)
+       TODO: check
+CVE-2024-47613 (GStreamer is a library for constructing graphs of 
media-handling compo ...)
+       TODO: check
+CVE-2024-47607 (GStreamer is a library for constructing graphs of 
media-handling compo ...)
+       TODO: check
+CVE-2024-47606 (GStreamer is a library for constructing graphs of 
media-handling compo ...)
+       TODO: check
+CVE-2024-47603 (GStreamer is a library for constructing graphs of 
media-handling compo ...)
+       TODO: check
+CVE-2024-47602 (GStreamer is a library for constructing graphs of 
media-handling compo ...)
+       TODO: check
+CVE-2024-47601 (GStreamer is a library for constructing graphs of 
media-handling compo ...)
+       TODO: check
+CVE-2024-47600 (GStreamer is a library for constructing graphs of 
media-handling compo ...)
+       TODO: check
+CVE-2024-47599 (GStreamer is a library for constructing graphs of 
media-handling compo ...)
+       TODO: check
+CVE-2024-47598 (GStreamer is a library for constructing graphs of 
media-handling compo ...)
+       TODO: check
+CVE-2024-47597 (GStreamer is a library for constructing graphs of 
media-handling compo ...)
+       TODO: check
+CVE-2024-47596 (GStreamer is a library for constructing graphs of 
media-handling compo ...)
+       TODO: check
+CVE-2024-47546 (GStreamer is a library for constructing graphs of 
media-handling compo ...)
+       TODO: check
+CVE-2024-47545 (GStreamer is a library for constructing graphs of 
media-handling compo ...)
+       TODO: check
+CVE-2024-47544 (GStreamer is a library for constructing graphs of 
media-handling compo ...)
+       TODO: check
+CVE-2024-47543 (GStreamer is a library for constructing graphs of 
media-handling compo ...)
+       TODO: check
+CVE-2024-47542 (GStreamer is a library for constructing graphs of 
media-handling compo ...)
+       TODO: check
+CVE-2024-47541 (GStreamer is a library for constructing graphs of 
media-handling compo ...)
+       TODO: check
+CVE-2024-47540 (GStreamer is a library for constructing graphs of 
media-handling compo ...)
+       TODO: check
+CVE-2024-47539 (GStreamer is a library for constructing graphs of 
media-handling compo ...)
+       TODO: check
+CVE-2024-47538 (GStreamer is a library for constructing graphs of 
media-handling compo ...)
+       TODO: check
+CVE-2024-47537 (GStreamer is a library for constructing graphs of 
media-handling compo ...)
+       TODO: check
+CVE-2024-45337 (Applications and libraries which misuse the 
ServerConfig.PublicKeyCall ...)
+       TODO: check
+CVE-2024-42448 (From the VSPC management agent machine, under condition that 
the manag ...)
+       TODO: check
+CVE-2024-37401 (An out-of-bounds read in IPsec of Ivanti Connect Secure before 
version ...)
+       TODO: check
+CVE-2024-37377 (A heap-based buffer overflow in IPsec of Ivanti Connect Secure 
before  ...)
+       TODO: check
+CVE-2024-28141 (The web application is not protected against cross-site 
request forger ...)
+       TODO: check
+CVE-2024-28140 (The scanner device boots into a kiosk mode by default and 
opens the Sc ...)
+       TODO: check
+CVE-2024-28139 (The www-data user can elevate its privileges because sudo is 
configure ...)
+       TODO: check
+CVE-2024-12484 (A vulnerability classified as critical was found in Codezips 
Technical ...)
+       TODO: check
+CVE-2024-12483 (A vulnerability classified as problematic has been found in 
Dromara UJ ...)
+       TODO: check
+CVE-2024-12482 (A vulnerability was found in cjbi wetech-cms 1.0/1.1/1.2. It 
has been  ...)
+       TODO: check
+CVE-2024-12481 (A vulnerability was found in cjbi wetech-cms 1.0/1.1/1.2. It 
has been  ...)
+       TODO: check
+CVE-2024-12480 (A vulnerability was found in cjbi wetech-cms 1.0/1.1/1.2. It 
has been  ...)
+       TODO: check
+CVE-2024-12479 (A vulnerability was found in cjbi wetech-cms 1.0/1.1/1.2 and 
classifie ...)
+       TODO: check
+CVE-2024-12363 (Insufficient permissions in the TeamViewer Patch & Asset 
Management co ...)
+       TODO: check
+CVE-2024-12325 (The Waymark plugin for WordPress is vulnerable to Reflected 
Cross-Site ...)
+       TODO: check
+CVE-2024-12294 (The Last Viewed Posts by WPBeginner plugin for WordPress is 
vulnerable ...)
+       TODO: check
+CVE-2024-12283 (The WP Pipes plugin for WordPress is vulnerable to Reflected 
Cross-Sit ...)
+       TODO: check
+CVE-2024-12004 (The WPC Order Notes for WooCommerce plugin for WordPress is 
vulnerable ...)
+       TODO: check
+CVE-2024-11840 (The RapidLoad \u2013 Optimize Web Vitals Automatically plugin 
for Word ...)
+       TODO: check
+CVE-2024-11737 (CWE-20: Improper Input Validation vulnerability exists that 
could lead ...)
+       TODO: check
+CVE-2024-11598 (Under specific circumstances, insecure permissions in Ivanti 
Applicati ...)
+       TODO: check
+CVE-2024-11597 (Under specific circumstances, insecure permissions in Ivanti 
Performan ...)
+       TODO: check
+CVE-2024-11401 (Rapid7 Insight Platform versions prior to November 13th 2024, 
suffer f ...)
+       TODO: check
+CVE-2024-11351 (The Restrict \u2013 membership, site, content and user access 
restrict ...)
+       TODO: check
+CVE-2024-11008 (The Members \u2013 Membership & User Role Editor Plugin plugin 
for Wor ...)
+       TODO: check
+CVE-2024-10511 (CWE-287: Improper Authentication vulnerability exists that 
could cause ...)
+       TODO: check
+CVE-2024-10251 (Under specific circumstances, insecure permissions in Ivanti 
Security  ...)
+       TODO: check
+CVE-2024-12382 (Use after free in Translate in Google Chrome prior to 
131.0.6778.139 a ...)
        - chromium <unfixed>
        [bullseye] - chromium <end-of-life> (see #1061268)
-CVE-2024-12381
+CVE-2024-12381 (Type Confusion in V8 in Google Chrome prior to 131.0.6778.139 
allowed  ...)
        - chromium <unfixed>
        [bullseye] - chromium <end-of-life> (see #1061268)
 CVE-2024-55655 (sigstore-python is a Python tool for generating and verifying 
Sigstore ...)
@@ -6155,6 +6291,7 @@ CVE-2024-52340 (Improper Neutralization of Input During 
Web Page Generation (XSS
 CVE-2024-52339 (Improper Neutralization of Input During Web Page Generation 
(XSS or 'C ...)
        NOT-FOR-US: WordPress plugin
 CVE-2024-52304 (aiohttp is an asynchronous HTTP client/server framework for 
asyncio an ...)
+       {DSA-5828-1}
        - python-aiohttp <unfixed> (bug #1088109)
        NOTE: 
https://github.com/aio-libs/aiohttp/security/advisories/GHSA-8495-4g3g-x7pr
        NOTE: 
https://github.com/aio-libs/aiohttp/commit/259edc369075de63e6f3a4eaade058c62af0df71
 (v3.10.11)
@@ -62637,6 +62774,7 @@ CVE-2024-4140 (An excessive memory use issue (CWE-770) 
exists in Email-MIME, bef
 CVE-2024-4029 (A vulnerability was found in Wildfly\u2019s management 
interface. Due  ...)
        - wildfly <itp> (bug #752018)
 CVE-2024-30251 (aiohttp is an asynchronous HTTP client/server framework for 
asyncio an ...)
+       {DSA-5828-1}
        - python-aiohttp 3.9.5-1 (bug #1070364)
        [buster] - python-aiohttp <postponed> (Minor issue)
        NOTE: https://www.openwall.com/lists/oss-security/2024/05/02/4
@@ -88958,6 +89096,7 @@ CVE-2024-23829 (aiohttp is an asynchronous HTTP 
client/server framework for asyn
        NOTE: 
https://github.com/aio-libs/aiohttp/commit/33ccdfb0a12690af5bb49bda2319ec0907fa7827
 (master)
        NOTE: 
https://github.com/aio-libs/aiohttp/commit/d33bc21414e283c9e6fe7f6caf69e2ed60d66c82
 (v3.9.2)
 CVE-2024-23334 (aiohttp is an asynchronous HTTP client/server framework for 
asyncio an ...)
+       {DSA-5828-1}
        - python-aiohttp 3.9.5-1 (bug #1062709)
        [bullseye] - python-aiohttp <no-dsa> (Minor issue)
        [buster] - python-aiohttp <no-dsa> (Minor issue)
@@ -100979,6 +101118,7 @@ CVE-2023-49094 (Symbolicator is a symbolication 
service for native stacktraces a
 CVE-2023-49087 (xml-security is a library that implements XML signatures and 
encryptio ...)
        NOT-FOR-US: xml-security (SimpleSAMLphp library for XML Security)
 CVE-2023-49082 (aiohttp is an asynchronous HTTP client/server framework for 
asyncio an ...)
+       {DSA-5828-1}
        - python-aiohttp 3.9.1-1 (bug #1057164)
        [bullseye] - python-aiohttp <no-dsa> (Minor issue)
        [buster] - python-aiohttp <postponed> (Minor issue, limited request 
smuggling)
@@ -100986,6 +101126,7 @@ CVE-2023-49082 (aiohttp is an asynchronous HTTP 
client/server framework for asyn
        NOTE: 
https://github.com/aio-libs/aiohttp/commit/493f06797654c383242f0e8007f6e06b818a1fbc
 (master)
        NOTE: 
https://github.com/aio-libs/aiohttp/commit/4075c653fb67a29740bf9ac050bb02d10a57343a
 (v3.9.0b1)
 CVE-2023-49081 (aiohttp is an asynchronous HTTP client/server framework for 
asyncio an ...)
+       {DSA-5828-1}
        - python-aiohttp 3.9.1-1 (bug #1057163)
        [bullseye] - python-aiohttp <no-dsa> (Minor issue)
        [buster] - python-aiohttp <postponed> (Minor issue, limited request 
smuggling)
@@ -103008,6 +103149,7 @@ CVE-2023-47631 (vantage6 is a framework to manage and 
deploy privacy enhancing t
 CVE-2023-47630 (Kyverno is a policy engine designed for Kubernetes. An issue 
was found ...)
        NOT-FOR-US: Kyverno
 CVE-2023-47627 (aiohttp is an asynchronous HTTP client/server framework for 
asyncio an ...)
+       {DSA-5828-1}
        - python-aiohttp 3.8.6-1
        [bullseye] - python-aiohttp <no-dsa> (Minor issue)
        [buster] - python-aiohttp <no-dsa> (Minor issue)
@@ -154271,8 +154413,8 @@ CVE-2023-23474 (IBM Cognos Controller 10.4.1, 10.4.2, 
and 11.0.0 could allow a r
        NOT-FOR-US: IBM
 CVE-2023-23473 (IBM InfoSphere Information Server 11.7 is vulnerable to 
cross-site req ...)
        NOT-FOR-US: IBM
-CVE-2023-23472
-       RESERVED
+CVE-2023-23472 (IBM InfoSphere DataStage Flow Designer (InfoSphere Information 
Server  ...)
+       TODO: check
 CVE-2023-23471
        RESERVED
 CVE-2023-23470 (IBM i 7.2, 7.3, 7.4, and 7.5 could allow an authenticated 
privileged a ...)
@@ -154307,6 +154449,7 @@ CVE-2023-23457 (A Segmentation fault was found in UPX 
in PackLinuxElf64::invert_
        NOTE: 
https://github.com/upx/upx/commit/779b648c5f6aa9b33f4728f79dd4d0efec0bf860 
(v4.0.2)
        NOTE: https://github.com/upx/upx/issues/631
 CVE-2023-23456 (A heap-based buffer overflow issue was discovered in UPX in 
PackTmt::p ...)
+       {DLA-3991-1}
        - upx-ucl 4.2.2-1 (bug #1033258)
        [buster] - upx-ucl <no-dsa> (Minor issue)
        NOTE: https://bugzilla.redhat.com/show_bug.cgi?id=2160381



View it on GitLab: 
https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/6b61fa05ec55d70ca962d897eef920f03990d4fd

-- 
View it on GitLab: 
https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/6b61fa05ec55d70ca962d897eef920f03990d4fd
You're receiving this email because of your account on salsa.debian.org.

_______________________________________________
debian-security-tracker-commits mailing list
[email protected]
https://alioth-lists.debian.net/cgi-bin/mailman/listinfo/debian-security-tracker-commits

[Git][security-tracker-team/security-tracker][master] automatic update

Reply via email to