Salvatore Bonaccorso pushed to branch master at Debian Security Tracker /
security-tracker
Commits:
803cdd57 by security tracker role at 2024-12-18T08:12:06+00:00
automatic update
- - - - -
1 changed file:
- data/CVE/list
Changes:
=====================================
data/CVE/list
=====================================
@@ -1,3 +1,91 @@
+CVE-2024-56175 (In Optimizely Configured Commerce before 5.2.2408, malicious
payloads ...)
+ TODO: check
+CVE-2024-56174 (In Optimizely Configured Commerce before 5.2.2408, malicious
payloads ...)
+ TODO: check
+CVE-2024-56173 (In Optimizely Configured Commerce before 5.2.2408, malicious
payloads ...)
+ TODO: check
+CVE-2024-56170 (A validation integrity issue was discovered in Fort through
1.6.4 befo ...)
+ TODO: check
+CVE-2024-56169 (A validation integrity issue was discovered in Fort through
1.6.4 befo ...)
+ TODO: check
+CVE-2024-56142 (pghoard is a PostgreSQL backup daemon and restore tooling that
stores ...)
+ TODO: check
+CVE-2024-55059 (A stored HTML Injection vulnerability was identified in
PHPGurukul Onl ...)
+ TODO: check
+CVE-2024-55058 (An insecure direct object reference (IDOR) vulnerability was
discovere ...)
+ TODO: check
+CVE-2024-55057 (Phpgurukul Online Birth Certificate System 1.0 suffers from
insufficie ...)
+ TODO: check
+CVE-2024-55056 (A stored cross-site scripting (XSS) vulnerability was
identified in Ph ...)
+ TODO: check
+CVE-2024-54457 (Inclusion of undocumented features or chicken bits issue
exists in AE1 ...)
+ TODO: check
+CVE-2024-53688 (Improper neutralization of special elements used in an OS
command ('OS ...)
+ TODO: check
+CVE-2024-52792 (LDAP Account Manager (LAM) is a php webfrontend for managing
entries ( ...)
+ TODO: check
+CVE-2024-51175 (An issue in H3C switch h3c-S1526 allows a remote attacker to
obtain se ...)
+ TODO: check
+CVE-2024-4464 (Authorization bypass through user-controlled key vulnerability
in stre ...)
+ TODO: check
+CVE-2024-47480 (Dell Inventory Collector Client, versions prior to 12.7.0,
contains an ...)
+ TODO: check
+CVE-2024-47397 (Weak authentication issue exists in AE1021 firmware versions
2.0.10 an ...)
+ TODO: check
+CVE-2024-39703 (In ThreatQuotient ThreatQ before 5.29.3, authenticated users
are able ...)
+ TODO: check
+CVE-2024-31668 (rizin before v0.6.3 is vulnerable to Improper Neutralization
of Specia ...)
+ TODO: check
+CVE-2024-29646 (Buffer Overflow vulnerability in radarorg radare2 v.5.8.8
allows an at ...)
+ TODO: check
+CVE-2024-21548 (Versions of the package bun before 1.1.30 are vulnerable to
Prototype ...)
+ TODO: check
+CVE-2024-21547 (Versions of the package spatie/browsershot before 5.0.2 are
vulnerable ...)
+ TODO: check
+CVE-2024-21546 (Versions of the package unisharp/laravel-filemanager before
2.9.1 are ...)
+ TODO: check
+CVE-2024-1610 (In OPPO Store APP, there's a possible escalation of privilege
due to i ...)
+ TODO: check
+CVE-2024-12698 (An incomplete fix for ose-olm-catalogd-container was issued
for the Ra ...)
+ TODO: check
+CVE-2024-12596 (The LifterLMS \u2013 WP LMS for eLearning, Online Courses, &
Quizzes p ...)
+ TODO: check
+CVE-2024-12539 (An issue was discovered where improper authorization controls
affected ...)
+ TODO: check
+CVE-2024-12513 (The Contests by Rewards Fuel plugin for WordPress is
vulnerable to Sto ...)
+ TODO: check
+CVE-2024-12500 (The Philantro \u2013 Donations and Donor Management plugin for
WordPre ...)
+ TODO: check
+CVE-2024-12449 (The Video Share VOD \u2013 Turnkey Video Site Builder Script
plugin fo ...)
+ TODO: check
+CVE-2024-12432 (The WPC Shop as a Customer for WooCommerce plugin for
WordPress is vul ...)
+ TODO: check
+CVE-2024-12287 (The Biagiotti Membership plugin for WordPress is vulnerable to
authent ...)
+ TODO: check
+CVE-2024-12259 (The CRM WordPress Plugin \u2013 RepairBuddy plugin for
WordPress is vu ...)
+ TODO: check
+CVE-2024-12250 (The Accept Authorize.NET Payments Using Contact Form 7 plugin
for Word ...)
+ TODO: check
+CVE-2024-12061 (The Events Addon for Elementor plugin for WordPress is
vulnerable to I ...)
+ TODO: check
+CVE-2024-12025 (The Collapsing Categories plugin for WordPress is vulnerable
to SQL In ...)
+ TODO: check
+CVE-2024-11993 (Reflected cross-site scripting (XSS) vulnerability in Liferay
Portal 7 ...)
+ TODO: check
+CVE-2024-11881 (The Easy Waveform Player plugin for WordPress is vulnerable to
Stored ...)
+ TODO: check
+CVE-2024-11748 (The Taeggie Feed plugin for WordPress is vulnerable to Stored
Cross-Si ...)
+ TODO: check
+CVE-2024-11439 (The ScanCircle plugin for WordPress is vulnerable to Stored
Cross-Site ...)
+ TODO: check
+CVE-2024-11295 (The Simple Page Access Restriction plugin for WordPress is
vulnerable ...)
+ TODO: check
+CVE-2024-11254 (The AMP for WP \u2013 Accelerated Mobile Pages plugin for
WordPress is ...)
+ TODO: check
+CVE-2024-10892 (The Cost Calculator Builder WordPress plugin before 3.2.43
does not ha ...)
+ TODO: check
+CVE-2023-37940 (Cross-site scripting (XSS) vulnerability in the edit Service
Access Po ...)
+ TODO: check
CVE-2024-9819 (Authorization Bypass Through User-Controlled Key vulnerability
in Next ...)
NOT-FOR-US: NextGeography NG Analyser
CVE-2024-9654 (The Easy Digital Downloads plugin for WordPress is vulnerable
to Impro ...)
@@ -134,6 +222,7 @@ CVE-2024-10476 (Default credentials are used in the above
listed BD Diagnostic S
CVE-2024-10356 (The ElementsReady Addons for Elementor plugin for WordPress is
vulnera ...)
NOT-FOR-US: WordPress plugin
CVE-2024-11614
+ {DSA-5833-1}
- dpdk 24.11.1-1
NOTE: Introduced by:
https://git.dpdk.org/dpdk/commit/?id=ca7036b4af3a82d258cca914e71171434b3d0320
(main, v21.05-rc2)
NOTE: Fixed by:
https://git.dpdk.org/dpdk/commit/?id=4dc4e33ffa108e945fc8a1e2bbc7819791faa61e
(main)
@@ -3804,7 +3893,7 @@ CVE-2024-48840 (Unauthorized Access vulnerabilities allow
Remote Code Execution.
NOT-FOR-US: ABB
CVE-2024-48839 (Improper Input Validation vulnerability allows Remote Code
Execution. ...)
NOT-FOR-US: ABB
-CVE-2024-47133 (UD-LT1 firmware Ver.2.1.8 and earlier and UD-LT1/EX firmware
Ver.2.1.8 ...)
+CVE-2024-47133 (UD-LT1 firmware Ver.2.1.9 and earlier and UD-LT1/EX firmware
Ver.2.1.9 ...)
NOT-FOR-US: UD-LT1
CVE-2024-45841 (Incorrect permission assignment for critical resource issue
exists in ...)
NOT-FOR-US: UD-LT1
@@ -4350,7 +4439,7 @@ CVE-2024-53937 (An issue was discovered on Victure RX1800
WiFi 6 Router (softwar
NOT-FOR-US: Victure RX1800 WiFi 6 Route
CVE-2024-53477 (JFinal CMS 5.1.0 is vulnerable to Command Execution via
unauthorized e ...)
NOT-FOR-US: JFinal CMS
-CVE-2024-53375 (Authenticated remote code execution (RCE) vulnerabilities
affect TP-Li ...)
+CVE-2024-53375 (An Authenticated Remote Code Execution (RCE) vulnerability
affects the ...)
NOT-FOR-US: TP-Link
CVE-2024-49581 (Restricted Views backed objects (OSV1) could be bypassed under
specifi ...)
NOT-FOR-US: Palantir
@@ -11747,7 +11836,7 @@ CVE-2024-10285 (The CE21 Suite plugin for WordPress is
vulnerable to sensitive i
NOT-FOR-US: WordPress plugin
CVE-2024-10284 (The CE21 Suite plugin for WordPress is vulnerable to
authentication by ...)
NOT-FOR-US: WordPress plugin
-CVE-2024-10973
+CVE-2024-10973 (A vulnerability was found in Keycloak. The environment option
`KC_CACH ...)
NOT-FOR-US: Keycloak
CVE-2024-9841 (A Reflected Cross-Site Scripting (XSS) vulnerability has been
identifi ...)
NOT-FOR-US: OpenText
@@ -20171,7 +20260,7 @@ CVE-2024-25622 (h2o is an HTTP server with support for
HTTP/1.x, HTTP/2 and HTTP
NOTE:
https://github.com/h2o/h2o/commit/123f5e2b65dcdba8f7ef659a00d24bd1249141be
CVE-2023-42133 (PAX Android based POS devices allow for escalation of
privilege via im ...)
NOT-FOR-US: PAX Android based POS devices
-CVE-2024-9779
+CVE-2024-9779 (A flaw was found in Open Cluster Management (OCM) when a user
has acce ...)
NOT-FOR-US: Open Cluster Management (OCM)
CVE-2024-47499 (An Improper Check for Unusual or Exceptional Conditions
vulnerability ...)
NOT-FOR-US: Juniper
View it on GitLab:
https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/803cdd57ec03e8841d39fd747b940abd91ef9f54
--
View it on GitLab:
https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/803cdd57ec03e8841d39fd747b940abd91ef9f54
You're receiving this email because of your account on salsa.debian.org.
_______________________________________________
debian-security-tracker-commits mailing list
[email protected]
https://alioth-lists.debian.net/cgi-bin/mailman/listinfo/debian-security-tracker-commits
