[Git][security-tracker-team/security-tracker][master] automatic update

Salvatore Bonaccorso (@carnil) Thu, 12 Dec 2024 12:12:42 -0800


Salvatore Bonaccorso pushed to branch master at Debian Security Tracker / 
security-tracker



Commits:
d2885226 by security tracker role at 2024-12-12T20:12:26+00:00
automatic update

- - - - -


1 changed file:

- data/CVE/list


Changes:

=====================================
data/CVE/list
=====================================
@@ -1,4 +1,144 @@
-CVE-2024-55633
+CVE-2024-9387 (An issue was discovered in GitLab CE/EE affecting all versions 
from 11 ...)
+       TODO: check
+CVE-2024-9367 (An issue was discovered in GitLab CE/EE affecting all versions 
startin ...)
+       TODO: check
+CVE-2024-8647 (An issue was discovered in GitLab affecting all versions 
starting 15.2 ...)
+       TODO: check
+CVE-2024-8233 (An issue has been discovered in GitLab CE/EE affecting all 
versions fr ...)
+       TODO: check
+CVE-2024-8179 (An issue has been discovered in GitLab CE/EE affecting all 
versions fr ...)
+       TODO: check
+CVE-2024-55888 (Hush Line is an open-source whistleblower management system. 
Starting  ...)
+       TODO: check
+CVE-2024-55886 (OpenSearch Data Prepper is a component of the OpenSearch 
project that  ...)
+       TODO: check
+CVE-2024-55885 (beego is an open-source web framework for the Go programming 
language. ...)
+       TODO: check
+CVE-2024-55879 (XWiki Platform is a generic wiki platform. Starting in version 
2.3 and ...)
+       TODO: check
+CVE-2024-55878 (SimpleXLSX is software for parsing and retrieving data from 
Excel XLSx ...)
+       TODO: check
+CVE-2024-55877 (XWiki Platform is a generic wiki platform. Starting in version 
9.7-rc- ...)
+       TODO: check
+CVE-2024-55876 (XWiki Platform is a generic wiki platform. Starting in version 
1.2-mil ...)
+       TODO: check
+CVE-2024-55875 (http4k is a functional toolkit for Kotlin HTTP applications. 
Prior to  ...)
+       TODO: check
+CVE-2024-55663 (XWiki Platform is a generic wiki platform. Starting in version 
11.10.6 ...)
+       TODO: check
+CVE-2024-55662 (XWiki Platform is a generic wiki platform. Starting in version 
3.3-mil ...)
+       TODO: check
+CVE-2024-55099 (A SQL Injection vulnerability was found in /admin/index.php in 
phpguru ...)
+       TODO: check
+CVE-2024-54842 (A SQL injection vulnerability was found in phpgurukul Online 
Nurse Hir ...)
+       TODO: check
+CVE-2024-54811 (A SQL injection vulnerability in /index.php in PHPGurukul Park 
Ticketi ...)
+       TODO: check
+CVE-2024-54810 (A SQL Injection vulnerability was found in 
/preschool/admin/password-r ...)
+       TODO: check
+CVE-2024-54122 (Concurrent variable access vulnerability in the ability module 
Impact: ...)
+       TODO: check
+CVE-2024-54119 (Cross-process screen stack vulnerability in the UIExtension 
module Imp ...)
+       TODO: check
+CVE-2024-54118 (Cross-process screen stack vulnerability in the UIExtension 
module Imp ...)
+       TODO: check
+CVE-2024-54117 (Cross-process screen stack vulnerability in the UIExtension 
module Imp ...)
+       TODO: check
+CVE-2024-54116 (Out-of-bounds read vulnerability in the M3U8 module Impact: 
Successful ...)
+       TODO: check
+CVE-2024-54115 (Out-of-bounds read vulnerability in the DASH module Impact: 
Successful ...)
+       TODO: check
+CVE-2024-54114 (Out-of-bounds access vulnerability in playback in the DASH 
module Impa ...)
+       TODO: check
+CVE-2024-54113 (Process residence vulnerability in abnormal scenarios in the 
print mod ...)
+       TODO: check
+CVE-2024-54112 (Cross-process screen stack vulnerability in the UIExtension 
module Imp ...)
+       TODO: check
+CVE-2024-54111 (Read/Write vulnerability in the image decoding module Impact: 
Successf ...)
+       TODO: check
+CVE-2024-54110 (Cross-process screen stack vulnerability in the UIExtension 
module Imp ...)
+       TODO: check
+CVE-2024-54109 (Read/Write vulnerability in the image decoding module Impact: 
Successf ...)
+       TODO: check
+CVE-2024-54108 (Read/Write vulnerability in the image decoding module Impact: 
Successf ...)
+       TODO: check
+CVE-2024-54107 (Read/Write vulnerability in the image decoding module Impact: 
Successf ...)
+       TODO: check
+CVE-2024-54106 (Null pointer dereference vulnerability in the image decoding 
module Im ...)
+       TODO: check
+CVE-2024-54105 (Read/Write vulnerability in the image decoding module Impact: 
Successf ...)
+       TODO: check
+CVE-2024-54104 (Cross-process screen stack vulnerability in the UIExtension 
module Imp ...)
+       TODO: check
+CVE-2024-54103 (Vulnerability of improper access control in the album module 
Impact: S ...)
+       TODO: check
+CVE-2024-54102 (Race condition vulnerability in the DDR module Impact: 
Successful expl ...)
+       TODO: check
+CVE-2024-54101 (Denial of service (DoS) vulnerability in the installation 
module Impac ...)
+       TODO: check
+CVE-2024-54100 (Vulnerability of improper access control in the secure input 
module Im ...)
+       TODO: check
+CVE-2024-54099 (File replacement vulnerability on some devices Impact: 
Successful expl ...)
+       TODO: check
+CVE-2024-54098 (Service logic error vulnerability in the system service module 
Impact: ...)
+       TODO: check
+CVE-2024-54097 (Security vulnerability in the HiView module Impact: Successful 
exploit ...)
+       TODO: check
+CVE-2024-54096 (Vulnerability of improper access control in the MTP module 
Impact: Suc ...)
+       TODO: check
+CVE-2024-52901 (IBM InfoSphere Information Server 11.7 could allow an 
authenticated us ...)
+       TODO: check
+CVE-2024-50584 (An authenticated attacker with the user/role "Poweruser" can 
perform a ...)
+       TODO: check
+CVE-2024-4109 (A flaw was found in Undertow. An HTTP request header value from 
a prev ...)
+       TODO: check
+CVE-2024-49147 (Deserialization of untrusted data in Microsoft Update Catalog 
allows a ...)
+       TODO: check
+CVE-2024-49071 (Improper authorization of an index that contains sensitive 
information ...)
+       TODO: check
+CVE-2024-47947 (Due to missing input sanitization, an attacker can perform 
cross-site- ...)
+       TODO: check
+CVE-2024-47238 (Dell Client Platform BIOS contains an Improper Input 
Validation vulner ...)
+       TODO: check
+CVE-2024-36498 (Due to missing input sanitization, an attacker can perform 
cross-site- ...)
+       TODO: check
+CVE-2024-36494 (Due to missing input sanitization, an attacker can perform 
cross-site- ...)
+       TODO: check
+CVE-2024-31670 (rizin before v0.6.3 is vulnerable to Buffer Overflow via 
create_cache_ ...)
+       TODO: check
+CVE-2024-28146 (The application uses several hard-coded credentialsto encrypt 
config f ...)
+       TODO: check
+CVE-2024-28145 (An unauthenticated attacker can perform an SQL injection by 
accessing  ...)
+       TODO: check
+CVE-2024-28144 (An attacker who can spoof the IP address and the User-Agent of 
a logge ...)
+       TODO: check
+CVE-2024-28143 (The password change function at /cgi/admin.cgi does not 
require the cu ...)
+       TODO: check
+CVE-2024-28142 (Due to missing input sanitization, an attacker can perform 
cross-site- ...)
+       TODO: check
+CVE-2024-21575 (ComfyUI-Impact-Pack is vulnerable to Path Traversal. The issue 
stems f ...)
+       TODO: check
+CVE-2024-21574 (The issue stems from a missing validation of the pip field in 
a POST r ...)
+       TODO: check
+CVE-2024-12570 (An issue has been discovered in GitLab CE/EE affecting all 
versions st ...)
+       TODO: check
+CVE-2024-12401 (A flaw was found in the cert-manager package. This flaw allows 
an atta ...)
+       TODO: check
+CVE-2024-12333 (The Woodmart theme for WordPress is vulnerable to arbitrary 
shortcode  ...)
+       TODO: check
+CVE-2024-12292 (An issue was discovered in GitLab CE/EE affecting all versions 
startin ...)
+       TODO: check
+CVE-2024-12271 (The 360 Javascript Viewer plugin for WordPress is vulnerable 
to Stored ...)
+       TODO: check
+CVE-2024-12160 (The Seraphinite Bulk Discounts for WooCommerce plugin for 
WordPress is ...)
+       TODO: check
+CVE-2024-11760 (The Currency Converter Widget \u26a1 PRO plugin for WordPress 
is vulne ...)
+       TODO: check
+CVE-2024-11274 (An issue was discovered in GitLab CE/EE affecting all versions 
startin ...)
+       TODO: check
+CVE-2024-10043 (An issue has been discovered in GitLab EE affecting all 
versions start ...)
+       TODO: check
+CVE-2024-55633 (Improper Authorization vulnerability in Apache Superset. On 
Postgres a ...)
        NOT-FOR-US: Apache Superset
 CVE-2024-9881 (The LearnPress  WordPress plugin before 4.2.7.2 does not 
sanitise and  ...)
        NOT-FOR-US: WordPress plugin
@@ -612,9 +752,11 @@ CVE-2024-10511 (CWE-287: Improper Authentication 
vulnerability exists that could
 CVE-2024-10251 (Under specific circumstances, insecure permissions in Ivanti 
Security  ...)
        NOT-FOR-US: Ivanti
 CVE-2024-12382 (Use after free in Translate in Google Chrome prior to 
131.0.6778.139 a ...)
+       {DSA-5829-1}
        - chromium 131.0.6778.139-1
        [bullseye] - chromium <end-of-life> (see #1061268)
 CVE-2024-12381 (Type Confusion in V8 in Google Chrome prior to 131.0.6778.139 
allowed  ...)
+       {DSA-5829-1}
        - chromium 131.0.6778.139-1
        [bullseye] - chromium <end-of-life> (see #1061268)
 CVE-2024-55655 (sigstore-python is a Python tool for generating and verifying 
Sigstore ...)
@@ -953,7 +1095,7 @@ CVE-2024-11053 (When asked to both use a `.netrc` file for 
credentials and to fo
        NOTE: https://curl.se/docs/CVE-2024-11053.html
        NOTE: Introduced by: 
https://github.com/curl/curl/commit/ae1912cb0d494b48d514d937826c9fe83ec96c4d 
(curl-6_5)
        NOTE: Fixed by: 
https://github.com/curl/curl/commit/e9b9bbac22c26cf67316fa8e6c6b9e831af31949 
(curl-8_11_1)
-CVE-2024-12397
+CVE-2024-12397 (A flaw was found in Quarkus-HTTP, which incorrectly parses 
cookies wit ...)
        NOT-FOR-US: Quarkus
 CVE-2024-9844 (Insufficient server-side controls in Secure Application Manager 
of Iva ...)
        NOT-FOR-US: Ivanti
@@ -10887,7 +11029,8 @@ CVE-2024-10927 (A vulnerability was found in MonoCMS up 
to 20240528. It has been
        NOT-FOR-US: MonoCMS
 CVE-2024-10926 (A vulnerability was found in IBPhoenix ibWebAdmin up to 1.0.2 
and clas ...)
        NOT-FOR-US: IBPhoenix ibWebAdmin
-CVE-2024-10922 (The Featured Posts Scroll plugin for WordPress is vulnerable 
to Cross- ...)
+CVE-2024-10922
+       REJECTED
        NOT-FOR-US: WordPress plugin
 CVE-2024-10027 (The WP Booking Calendar WordPress plugin before 10.6.3 does 
not saniti ...)
        NOT-FOR-US: WordPress plugin
@@ -18939,7 +19082,7 @@ CVE-2024-45121 (Adobe Commerce versions 2.4.7-p2, 
2.4.6-p7, 2.4.5-p9, 2.4.4-p10
        NOT-FOR-US: Adobe
 CVE-2024-45120 (Adobe Commerce versions 2.4.7-p2, 2.4.6-p7, 2.4.5-p9, 
2.4.4-p10 and ea ...)
        NOT-FOR-US: Adobe
-CVE-2024-45119 (Adobe Commerce versions 2.4.7-p2, 2.4.6-p7, 2.4.5-p9, 
2.4.4-p10 and ea ...)
+CVE-2024-45119 (Adobe Commerce versions 2.4.7-p2, 2.4.6-p7, 2.4.5-p9, 
2.4.4-p10 (and e ...)
        NOT-FOR-US: Adobe
 CVE-2024-45118 (Adobe Commerce versions 2.4.7-p2, 2.4.6-p7, 2.4.5-p9, 
2.4.4-p10 and ea ...)
        NOT-FOR-US: Adobe
@@ -24901,6 +25044,7 @@ CVE-2024-45824 (CVE-2024-45824 IMPACT    A remote code 
vulnerability exists in t
 CVE-2024-45823 (CVE-2024-45823 IMPACT    An authentication bypass 
vulnerability exists ...)
        NOT-FOR-US: Rockwell Automation
 CVE-2024-45624 (Exposure of sensitive information due to incompatible policies 
issue e ...)
+       {DLA-3993-1}
        - pgpool2 4.5.4-1 (bug #1081659)
        NOTE: 
https://www.pgpool.net/mediawiki/index.php/Main_Page#Pgpool-II_4.5.4.2C_4.4.9.2C_4.3.12.2C_4.2.19_and_4.1.22_officially_released_.282024.2F09.2F09.29
        NOTE: 
https://github.com/pgpool/pgpool2/commit/6b7d585eb1c693e4ffb5b8e6ed9aa0f067fa1b89
 (master)
@@ -51294,7 +51438,7 @@ CVE-2024-35240 (Umbraco Commerce is an open source 
dotnet ecommerce solution. In
 CVE-2024-35239 (Umbraco Commerce is an open source dotnet web forms solution. 
In affec ...)
        NOT-FOR-US: Umbraco Commerce
 CVE-2024-35226 (Smarty is a template engine for PHP, facilitating the 
separation of pr ...)
-       {DSA-5826-1 DLA-3956-1}
+       {DSA-5830-1 DSA-5826-1 DLA-3956-1}
        - smarty3 3.1.48-2 (bug #1072530)
        - smarty4 4.5.4-1 (bug #1072529)
        NOTE: 
https://github.com/smarty-php/smarty/security/advisories/GHSA-4rmg-292m-wg3w
@@ -159279,6 +159423,7 @@ CVE-2023-22335 (Improper access control vulnerability 
in SS1 Ver.13.0.0.40 and e
 CVE-2023-22333 (Cross-site scripting vulnerability in EasyMail 2.00.130 and 
earlier al ...)
        NOT-FOR-US: EasyMail
 CVE-2023-22332 (Information disclosure vulnerability exists in Pgpool-II 4.4.0 
to 4.4. ...)
+       {DLA-3993-1}
        - pgpool2 4.3.5-1 (bug #1030048)
        [buster] - pgpool2 <postponed> (Minor issue, restricted system account 
password hash leak to authentified users)
        NOTE: https://www.pgpool.net/mediawiki/index.php/Main_Page#News



View it on GitLab: 
https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/d2885226ea1898db334bb428c2355a5936b2da5a

-- 
View it on GitLab: 
https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/d2885226ea1898db334bb428c2355a5936b2da5a
You're receiving this email because of your account on salsa.debian.org.

_______________________________________________
debian-security-tracker-commits mailing list
[email protected]
https://alioth-lists.debian.net/cgi-bin/mailman/listinfo/debian-security-tracker-commits

[Git][security-tracker-team/security-tracker][master] automatic update

Reply via email to