[Git][security-tracker-team/security-tracker][master] automatic update

Salvatore Bonaccorso (@carnil) Tue, 17 Dec 2024 12:23:16 -0800


Salvatore Bonaccorso pushed to branch master at Debian Security Tracker / 
security-tracker



Commits:
4c5bbf87 by security tracker role at 2024-12-17T20:12:49+00:00
automatic update

- - - - -


1 changed file:

- data/CVE/list


Changes:

=====================================
data/CVE/list
=====================================
@@ -1,10 +1,116 @@
+CVE-2024-9819 (Authorization Bypass Through User-Controlled Key vulnerability 
in Next ...)
+       TODO: check
+CVE-2024-9654 (The Easy Digital Downloads plugin for WordPress is vulnerable 
to Impro ...)
+       TODO: check
+CVE-2024-8972 (Improper Neutralization of Special Elements used in an SQL 
Command ('S ...)
+       TODO: check
+CVE-2024-8475 (Authentication Bypass by Assumed-Immutable Data vulnerability 
in Digit ...)
+       TODO: check
+CVE-2024-8429 (Improper Restriction of Excessive Authentication Attempts 
vulnerabilit ...)
+       TODO: check
+CVE-2024-8326 (The s2Member \u2013 Excellent for All Kinds of Memberships, 
Content Re ...)
+       TODO: check
+CVE-2024-56139 (pdftools is a high level tools to convert PDF files to ePUB 
formats. I ...)
+       TODO: check
+CVE-2024-55516 (A vulnerability was found in Raisecom MSG1200, MSG2100E, 
MSG2200, and  ...)
+       TODO: check
+CVE-2024-55515 (A vulnerability was found in Raisecom MSG1200, MSG2100E, 
MSG2200, and  ...)
+       TODO: check
+CVE-2024-55514 (A vulnerability was found in Raisecom MSG1200, MSG2100E, 
MSG2200, and  ...)
+       TODO: check
+CVE-2024-55513 (A vulnerability was found in Raisecom MSG1200, MSG2100E, 
MSG2200, and  ...)
+       TODO: check
+CVE-2024-55496 (A vulnerability has been found in the 1000projects Bookstore 
Managemen ...)
+       TODO: check
+CVE-2024-54677 (Uncontrolled Resource Consumption vulnerability in the 
examples web ap ...)
+       TODO: check
+CVE-2024-54662 (Dante 1.4.0 through 1.4.3 (fixed in 1.4.4) has incorrect 
access contro ...)
+       TODO: check
+CVE-2024-52542 (Dell AppSync, version 4.6.0.x, contain a Symbolic Link 
(Symlink) Follo ...)
+       TODO: check
+CVE-2024-51479 (Next.js is a React framework for building full-stack web 
applications. ...)
+       TODO: check
+CVE-2024-50379 (Time-of-check Time-of-use (TOCTOU) Race Condition 
vulnerability during ...)
+       TODO: check
+CVE-2024-49820 (IBM Security Guardium Key Lifecycle Manager 4.1, 4.1.1, 4.2.0, 
and 4.2 ...)
+       TODO: check
+CVE-2024-49819 (IBM Security Guardium Key Lifecycle Manager 4.1, 4.1.1, 4.2.0, 
and 4.2 ...)
+       TODO: check
+CVE-2024-49818 (IBM Security Guardium Key Lifecycle Manager 4.1, 4.1.1, 4.2.0, 
and 4.2 ...)
+       TODO: check
+CVE-2024-49817 (IBM Security Guardium Key Lifecycle Manager 4.1, 4.1.1, 4.2.0, 
and 4.2 ...)
+       TODO: check
+CVE-2024-49816 (IBM Security Guardium Key Lifecycle Manager 4.1, 4.1.1, 4.2.0, 
and 4.2 ...)
+       TODO: check
+CVE-2024-49194 (Databricks JDBC Driver before 2.6.40 could potentially allow 
remote co ...)
+       TODO: check
+CVE-2024-42194 (An improper handling of insufficient permissions or privileges 
affects ...)
+       TODO: check
+CVE-2024-37607 (A Buffer overflow vulnerability in D-Link DAP-2555 
REVA_FIRMWARE_1.20  ...)
+       TODO: check
+CVE-2024-37606 (A Stack overflow vulnerability in D-Link DCS-932L 
REVB_FIRMWARE_2.18.0 ...)
+       TODO: check
+CVE-2024-37605 (A NULL pointer dereference in D-Link DIR-860L 
REVB_FIRMWARE_2.04.B04_i ...)
+       TODO: check
+CVE-2024-36832 (A NULL pointer dereference in D-Link DAP-1513 
REVA_FIRMWARE_1.01 allow ...)
+       TODO: check
+CVE-2024-36831 (A NULL pointer dereference in the 
plugins_call_handle_uri_clean functi ...)
+       TODO: check
+CVE-2024-12671 (A maliciously crafted DWFX file, when parsed through Autodesk 
Naviswor ...)
+       TODO: check
+CVE-2024-12670 (A maliciously crafted DWF file, when parsed through Autodesk 
Naviswork ...)
+       TODO: check
+CVE-2024-12669 (A maliciously crafted DWFX file, when parsed through Autodesk 
Naviswor ...)
+       TODO: check
+CVE-2024-12601 (The Calculated Fields Form plugin for WordPress is vulnerable 
to Denia ...)
+       TODO: check
+CVE-2024-12469 (The WP BASE Booking of Appointments, Services and Events 
plugin for Wo ...)
+       TODO: check
+CVE-2024-12395 (The WooCommerce Additional Fees On Checkout (Free) plugin for 
WordPres ...)
+       TODO: check
+CVE-2024-12293 (The User Role Editor plugin for WordPress is vulnerable to 
Cross-Site  ...)
+       TODO: check
+CVE-2024-12200 (A maliciously crafted DWFX file, when parsed through Autodesk 
Naviswor ...)
+       TODO: check
+CVE-2024-12199 (A maliciously crafted DWFX file, when parsed through Autodesk 
Naviswor ...)
+       TODO: check
+CVE-2024-12198 (A maliciously crafted DWFX file, when parsed through Autodesk 
Naviswor ...)
+       TODO: check
+CVE-2024-12197 (A maliciously crafted DWFX file, when parsed through Autodesk 
Naviswor ...)
+       TODO: check
+CVE-2024-12194 (A maliciously crafted DWFX file, when parsed through Autodesk 
Naviswor ...)
+       TODO: check
+CVE-2024-12193 (A maliciously crafted DWFX file, when parsed through Autodesk 
Naviswor ...)
+       TODO: check
+CVE-2024-12192 (A maliciously crafted DWF file, when parsed through Autodesk 
Naviswork ...)
+       TODO: check
+CVE-2024-12191 (A maliciously crafted DWFX file, when parsed through Autodesk 
Naviswor ...)
+       TODO: check
+CVE-2024-12179 (A maliciously crafted DWFX file, when parsed through Autodesk 
Naviswor ...)
+       TODO: check
+CVE-2024-12178 (A maliciously crafted DWFX file, when parsed through Autodesk 
Naviswor ...)
+       TODO: check
+CVE-2024-12127 (The Learning Management System, eLearning, Course Builder, 
WordPress L ...)
+       TODO: check
+CVE-2024-12024 (The EventPrime \u2013 Events Calendar, Bookings and Tickets 
plugin for ...)
+       TODO: check
+CVE-2024-11422 (A maliciously crafted DWFX file, when parsed through Autodesk 
Naviswor ...)
+       TODO: check
+CVE-2024-11294 (The Memberful plugin for WordPress is vulnerable to Sensitive 
Informat ...)
+       TODO: check
+CVE-2024-11280 (The PPWP \u2013 Password Protect Pages plugin for WordPress is 
vulnera ...)
+       TODO: check
+CVE-2024-10476 (Default credentials are used in the above listed BD Diagnostic 
Solutio ...)
+       TODO: check
+CVE-2024-10356 (The ElementsReady Addons for Elementor plugin for WordPress is 
vulnera ...)
+       TODO: check
 CVE-2024-11614
        - dpdk 24.11.1-1
        NOTE: Introduced by: 
https://git.dpdk.org/dpdk/commit/?id=ca7036b4af3a82d258cca914e71171434b3d0320 
(main, v21.05-rc2)
        NOTE: Fixed by: 
https://git.dpdk.org/dpdk/commit/?id=4dc4e33ffa108e945fc8a1e2bbc7819791faa61e 
(main)
        NOTE: Fixed by: 
https://git.dpdk.org/dpdk-stable/commit/?id=fdf13ea6fede07538fbe5e2a46fa6d4b2368fa81
 (v24.11.1)
        NOTE: Fixed by: 
https://git.dpdk.org/dpdk-stable/commit/?id=1570aef08bfde179449a9501bd54888a7d5f2cd6
 (v22.11.7)
-CVE-2024-53144 [Bluetooth: hci_event: Align BR/EDR JUST_WORKS paring with LE]
+CVE-2024-53144 (In the Linux kernel, the following vulnerability has been 
resolved:  B ...)
        - linux 6.11.4-1
        [bookworm] - linux 6.1.115-1
        NOTE: 
https://git.kernel.org/linus/b25e11f978b63cb7857890edb3a698599cddb10e (6.12-rc3)
@@ -2514,9 +2620,9 @@ CVE-2024-46340 (TP-Link TL-WR845N(UN)_V4_200909 and 
TL-WR845N(UN)_V4_190219 was
        NOT-FOR-US: TP-Link
 CVE-2024-45709 (SolarWinds Web Help Desk was susceptible to a local file read 
vulnerab ...)
        NOT-FOR-US: SolarWinds
-CVE-2024-45494 (An issue was discovered in MSA Safety FieldServer Gateways and 
Embedde ...)
+CVE-2024-45494 (An issue was discovered in MSA FieldServer Gateway 5.0.0 
through 6.5.2 ...)
        NOT-FOR-US: Nette DatabaseSolarWinds
-CVE-2024-45493 (An issue was discovered in MSA Safety FieldServer Gateways and 
Embedde ...)
+CVE-2024-45493 (An issue was discovered in MSA FieldServer Gateway 5.0.0 
through 6.5.2 ...)
        NOT-FOR-US: SolarWinds
 CVE-2024-43600 (Microsoft Office Elevation of Privilege Vulnerability)
        NOT-FOR-US: Microsoft
@@ -402325,7 +402431,7 @@ CVE-2019-17084
        RESERVED
 CVE-2019-17083
        RESERVED
-CVE-2019-17082 (Missing Authentication for Critical Function vulnerability in 
OpenText ...)
+CVE-2019-17082 (Insufficiently Protected Credentials vulnerability in 
OpenText\u2122 A ...)
        NOT-FOR-US: OpenText
 CVE-2019-17081
        RESERVED



View it on GitLab: 
https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/4c5bbf878d61524b173fff90128995e967b321a7

-- 
View it on GitLab: 
https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/4c5bbf878d61524b173fff90128995e967b321a7
You're receiving this email because of your account on salsa.debian.org.

_______________________________________________
debian-security-tracker-commits mailing list
[email protected]
https://alioth-lists.debian.net/cgi-bin/mailman/listinfo/debian-security-tracker-commits

[Git][security-tracker-team/security-tracker][master] automatic update

Reply via email to