Salvatore Bonaccorso pushed to branch master at Debian Security Tracker /
security-tracker
Commits:
80e7fe62 by security tracker role at 2024-12-18T20:12:19+00:00
automatic update
- - - - -
1 changed file:
- data/CVE/list
Changes:
=====================================
data/CVE/list
=====================================
@@ -1,3 +1,151 @@
+CVE-2024-56128 (Incorrect Implementation of Authentication Algorithm in Apache
Kafka's ...)
+ TODO: check
+CVE-2024-56059 (Improperly Controlled Modification of Object Prototype
Attributes ('Pr ...)
+ TODO: check
+CVE-2024-56058 (Deserialization of Untrusted Data vulnerability in Gueststream
VRPConn ...)
+ TODO: check
+CVE-2024-56057 (Unrestricted Upload of File with Dangerous Type vulnerability
in VibeT ...)
+ TODO: check
+CVE-2024-56055 (Path Traversal: '.../...//' vulnerability in VibeThemes WPLMS
allows P ...)
+ TODO: check
+CVE-2024-56054 (Unrestricted Upload of File with Dangerous Type vulnerability
in VibeT ...)
+ TODO: check
+CVE-2024-56053 (Improper Neutralization of Special Elements used in an SQL
Command ('S ...)
+ TODO: check
+CVE-2024-56052 (Unrestricted Upload of File with Dangerous Type vulnerability
in VibeT ...)
+ TODO: check
+CVE-2024-56051 (Improper Control of Generation of Code ('Code Injection')
vulnerabilit ...)
+ TODO: check
+CVE-2024-56050 (Unrestricted Upload of File with Dangerous Type vulnerability
in VibeT ...)
+ TODO: check
+CVE-2024-56049 (Path Traversal: '.../...//' vulnerability in VibeThemes WPLMS
allows P ...)
+ TODO: check
+CVE-2024-56048 (Missing Authorization vulnerability in VibeThemes WPLMS allows
Accessi ...)
+ TODO: check
+CVE-2024-56047 (Improper Neutralization of Special Elements used in an SQL
Command ('S ...)
+ TODO: check
+CVE-2024-56016 (Improper Neutralization of Input During Web Page Generation
('Cross-si ...)
+ TODO: check
+CVE-2024-56010 (Improper Neutralization of Input During Web Page Generation
('Cross-si ...)
+ TODO: check
+CVE-2024-56008 (Missing Authorization vulnerability in spreadr Spreadr
Woocommerce all ...)
+ TODO: check
+CVE-2024-55997 (Missing Authorization vulnerability in Web Chunky Order
Delivery & Pic ...)
+ TODO: check
+CVE-2024-55985 (Improper Neutralization of Special Elements used in an SQL
Command ('S ...)
+ TODO: check
+CVE-2024-55984 (Improper Neutralization of Special Elements used in an SQL
Command ('S ...)
+ TODO: check
+CVE-2024-55983 (Improper Neutralization of Special Elements used in an SQL
Command ('S ...)
+ TODO: check
+CVE-2024-55975 (Improper Neutralization of Special Elements used in an SQL
Command ('S ...)
+ TODO: check
+CVE-2024-55953 (DataEase is an open source business analytics tool.
Authenticated user ...)
+ TODO: check
+CVE-2024-55952 (DataEase is an open source business analytics tool.
Authenticated user ...)
+ TODO: check
+CVE-2024-55492 (Winmail Server 4.4 is vulnerable to
f_user=%22%3E%3Csvg%20onload Cross ...)
+ TODO: check
+CVE-2024-55089 (Rhymix 2.1.19 is vulnerable to Server-Side Request Forgery
(SSRF) in t ...)
+ TODO: check
+CVE-2024-55088 (GetSimple CMS CE 3.3.19 is vulnerable to Server-Side Request
Forgery ( ...)
+ TODO: check
+CVE-2024-55086 (In the GetSimple CMS CE 3.3.19 management page, Server-Side
Request Fo ...)
+ TODO: check
+CVE-2024-54383 (Incorrect Privilege Assignment vulnerability in wpweb
WooCommerce PDF ...)
+ TODO: check
+CVE-2024-54381 (Missing Authorization vulnerability in theDotstore Advance
Menu Manage ...)
+ TODO: check
+CVE-2024-54350 (Improper Neutralization of Input During Web Page Generation
('Cross-si ...)
+ TODO: check
+CVE-2024-54270 (Improper Control of Filename for Include/Require Statement in
PHP Prog ...)
+ TODO: check
+CVE-2024-53271 (Envoy is a cloud-native high-performance edge/middle/service
proxy. In ...)
+ TODO: check
+CVE-2024-53270 (Envoy is a cloud-native high-performance edge/middle/service
proxy. In ...)
+ TODO: check
+CVE-2024-53269 (Envoy is a cloud-native high-performance edge/middle/service
proxy. Wh ...)
+ TODO: check
+CVE-2024-52593 (Misskey is an open source, federated social media platform.In
affected ...)
+ TODO: check
+CVE-2024-52592 (Misskey is an open source, federated social media platform. In
affecte ...)
+ TODO: check
+CVE-2024-52591 (Misskey is an open source, federated social media platform. In
affecte ...)
+ TODO: check
+CVE-2024-52590 (Misskey is an open source, federated social media platform. In
affecte ...)
+ TODO: check
+CVE-2024-52579 (Misskey is an open source, federated social media platform.
Some APIs ...)
+ TODO: check
+CVE-2024-52485 (Missing Authorization vulnerability in Yudiz Solutions Ltd. WP
Menu Im ...)
+ TODO: check
+CVE-2024-52361 (IBM Storage Defender - Resiliency Service 2.0.0 through 2.0.9
stor ...)
+ TODO: check
+CVE-2024-51646 (Improper Neutralization of Input During Web Page Generation
('Cross-si ...)
+ TODO: check
+CVE-2024-51470 (IBM MQ9.1 LTS, 9.2 LTS, 9.3 LTS, 9.3 CD, 9.4 LTS, 9.4 CD, IBM
MQ Appli ...)
+ TODO: check
+CVE-2024-50570 (A Cleartext Storage of Sensitive Information vulnerability
[CWE-312] i ...)
+ TODO: check
+CVE-2024-4996 (Use of a hard-coded password for a database administrator
account crea ...)
+ TODO: check
+CVE-2024-4995 (Wapro ERP Desktop is vulnerable to MS SQL protocol downgrade
request f ...)
+ TODO: check
+CVE-2024-49677 (Improper Neutralization of Input During Web Page Generation
('Cross-si ...)
+ TODO: check
+CVE-2024-49576 (A use-after-free vulnerability exists in the way Foxit Reader
2024.3.0 ...)
+ TODO: check
+CVE-2024-49363 (Misskey is an open source, federated social media platform. In
affecte ...)
+ TODO: check
+CVE-2024-49202 (Keyfactor Command before 12.5.0 has Incorrect Access Control:
access t ...)
+ TODO: check
+CVE-2024-49201 (Keyfactor Remote File Orchestrator (aka
remote-file-orchestrator) 2.8 ...)
+ TODO: check
+CVE-2024-48889 (An Improper Neutralization of Special Elements used in an OS
Command ( ...)
+ TODO: check
+CVE-2024-47810 (A use-after-free vulnerability exists in the way Foxit Reader
2024.3.0 ...)
+ TODO: check
+CVE-2024-47119 (IBM Storage Defender - Resiliency Service 2.0.0 through 2.0.9
does not ...)
+ TODO: check
+CVE-2024-47104 (IBM i 7.4 and 7.5 is vulnerable to an authenticated user
gaining eleva ...)
+ TODO: check
+CVE-2024-47040 (There is a possible UAF due to a logic error in the code.This
could le ...)
+ TODO: check
+CVE-2024-47039 (In isSlotMarkedSuccessful of BootControl.cpp, there is a
possible out ...)
+ TODO: check
+CVE-2024-47038 (In dhd_prot_flowrings_pool_release of dhd_msgbuf.c, there is a
possibl ...)
+ TODO: check
+CVE-2024-45082 (IBM Cognos Analytics11.2.0 through 11.2.4 and 12.0.0 through
12.0.3 ...)
+ TODO: check
+CVE-2024-41752 (IBM Cognos Analytics11.2.0 through 11.2.4 and 12.0.0 through
12.0.3 is ...)
+ TODO: check
+CVE-2024-36694 (OpenCart 4.0.2.3 is vulnerable to Server-Side Template
Injection (SSTI ...)
+ TODO: check
+CVE-2024-25042 (IBM Cognos Analytics11.2.0 through 11.2.4 and 12.0.0 through
12.0.3 ...)
+ TODO: check
+CVE-2024-12741 (A deserialization of untrusted data vulnerability exists in NI
DAQExpr ...)
+ TODO: check
+CVE-2024-12554 (The Peter\u2019s Custom Anti-Spam plugin for WordPress is
vulnerable t ...)
+ TODO: check
+CVE-2024-12454 (The Affiliate Program Suite \u2014 SliceWP Affiliates plugin
for WordP ...)
+ TODO: check
+CVE-2024-12373 (A denial-of-service vulnerability exists in the Rockwell
Automation Po ...)
+ TODO: check
+CVE-2024-12372 (A denial-of-service and possible remote code execution
vulnerability e ...)
+ TODO: check
+CVE-2024-12371 (A device takeover vulnerability exists in the Rockwell
Automation Powe ...)
+ TODO: check
+CVE-2024-12340 (The Animation Addons for Elementor plugin for WordPress is
vulnerable ...)
+ TODO: check
+CVE-2024-11926 (The Travel Booking WordPress Theme theme for WordPress is
vulnerable t ...)
+ TODO: check
+CVE-2024-11912 (The Travel Booking WordPress Theme theme for WordPress is
vulnerable t ...)
+ TODO: check
+CVE-2024-11291 (The Paid Membership Subscriptions \u2013 Effortless
Memberships, Recur ...)
+ TODO: check
+CVE-2023-50956 (IBM Storage Defender - Resiliency Service 2.0.0 through 2.0.9
could ...)
+ TODO: check
+CVE-2023-34990 (A relative path traversal in Fortinet FortiWLM version 8.6.0
through 8 ...)
+ TODO: check
CVE-2024-56175 (In Optimizely Configured Commerce before 5.2.2408, malicious
payloads ...)
NOT-FOR-US: Optimizely Configured Commerce
CVE-2024-56174 (In Optimizely Configured Commerce before 5.2.2408, malicious
payloads ...)
@@ -224,7 +372,7 @@ CVE-2024-10476 (Default credentials are used in the above
listed BD Diagnostic S
NOT-FOR-US: BD Diagnostic Solutions
CVE-2024-10356 (The ElementsReady Addons for Elementor plugin for WordPress is
vulnera ...)
NOT-FOR-US: WordPress plugin
-CVE-2024-11614
+CVE-2024-11614 (An out-of-bounds read vulnerability was found in DPDK's Vhost
library ...)
{DSA-5833-1}
- dpdk 24.11.1-1
NOTE: Introduced by:
https://git.dpdk.org/dpdk/commit/?id=ca7036b4af3a82d258cca914e71171434b3d0320
(main, v21.05-rc2)
@@ -22256,9 +22404,9 @@ CVE-2024-41584 (DrayTek Vigor3910 devices through
4.3.2.6 are vulnerable to refl
NOT-FOR-US: DrayTek Vigor310 devices
CVE-2024-41583 (DrayTek Vigor3910 devices through 4.3.2.6 are vulnerable to
stored Cro ...)
NOT-FOR-US: DrayTek Vigor310 devices
-CVE-2024-41163 (A directory traversal vulnerability exists in the archive
download fun ...)
+CVE-2024-41163 (A directory traversal vulnerability exists in the archive
functionalit ...)
NOT-FOR-US: Veertu Anka
-CVE-2024-39755 (A privilege escalation vulnerability exists in the Veertu Anka
Build 1 ...)
+CVE-2024-39755 (A privilege escalation vulnerability exists in the node update
functio ...)
NOT-FOR-US: Veertu Anka
CVE-2024-36474 (An integer overflow vulnerability exists in the Compound
Document Bina ...)
{DSA-5786-1 DLA-3911-1}
@@ -39342,7 +39490,8 @@ CVE-2024-40633 (Sylius is an Open Source eCommerce
Framework on Symfony. A secur
NOT-FOR-US: Sylius
CVE-2024-40617 (Path traversal vulnerability exists in FUJITSU Network Edgiot
GW1500 ( ...)
NOT-FOR-US: FUJITSU Network Edgiot GW1500
-CVE-2024-40420 (A Server-Side Template Injection (SSTI) vulnerability in the
edit them ...)
+CVE-2024-40420
+ REJECTED
NOT-FOR-US: openCart
CVE-2024-40402 (A SQL injection vulnerability was found in 'ajax.php' of
Sourcecodeste ...)
NOT-FOR-US: Sourcecodester Simple Library Management System
View it on GitLab:
https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/80e7fe624a5f5c12abca7c2e1bc84b71507e77c3
--
View it on GitLab:
https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/80e7fe624a5f5c12abca7c2e1bc84b71507e77c3
You're receiving this email because of your account on salsa.debian.org.
_______________________________________________
debian-security-tracker-commits mailing list
[email protected]
https://alioth-lists.debian.net/cgi-bin/mailman/listinfo/debian-security-tracker-commits
