[Git][security-tracker-team/security-tracker][master] automatic update

Salvatore Bonaccorso (@carnil) Fri, 20 Dec 2024 12:13:12 -0800


Salvatore Bonaccorso pushed to branch master at Debian Security Tracker / 
security-tracker



Commits:
b05d4319 by security tracker role at 2024-12-20T20:12:49+00:00
automatic update

- - - - -


1 changed file:

- data/CVE/list


Changes:

=====================================
data/CVE/list
=====================================
@@ -1,3 +1,65 @@
+CVE-2024-7726 (There exists an unauthenticated accessible JTAG port on the 
Kioxia PM6 ...)
+       TODO: check
+CVE-2024-56356 (In JetBrains TeamCity before 2024.12 insecure XMLParser 
configuration  ...)
+       TODO: check
+CVE-2024-56355 (In JetBrains TeamCity before 2024.12 missing Content-Type 
header in Re ...)
+       TODO: check
+CVE-2024-56354 (In JetBrains TeamCity before 2024.12 password field value were 
accessi ...)
+       TODO: check
+CVE-2024-56353 (In JetBrains TeamCity before 2024.12 backup file exposed user 
credenti ...)
+       TODO: check
+CVE-2024-56352 (In JetBrains TeamCity before 2024.12 stored XSS was possible 
via image ...)
+       TODO: check
+CVE-2024-56351 (In JetBrains TeamCity before 2024.12 access tokens were not 
revoked af ...)
+       TODO: check
+CVE-2024-56350 (In JetBrains TeamCity before 2024.12 build credentials allowed 
unautho ...)
+       TODO: check
+CVE-2024-56349 (In JetBrains TeamCity before 2024.12 improper access control 
allowed u ...)
+       TODO: check
+CVE-2024-56348 (In JetBrains TeamCity before 2024.12 improper access control 
allowed v ...)
+       TODO: check
+CVE-2024-56337 (Time-of-check Time-of-use (TOCTOU) Race Condition 
vulnerability in Apa ...)
+       TODO: check
+CVE-2024-56333 (Onyxia is a web app that aims at being the glue between 
multiple open  ...)
+       TODO: check
+CVE-2024-56331 (Uptime Kuma is an open source, self-hosted monitoring tool. An 
**Impro ...)
+       TODO: check
+CVE-2024-56330 (Stardust is a platform for streaming isolated desktop 
containers. With ...)
+       TODO: check
+CVE-2024-56329 (Socialstream is a third-party package for Laravel Jetstream. 
It replac ...)
+       TODO: check
+CVE-2024-55471 (Oqtane Framework is vulnerable to Insecure Direct Object 
Reference (ID ...)
+       TODO: check
+CVE-2024-55470 (Oqtane Framework 6.0.0 is vulnerable to Incorrect Access 
Control. By m ...)
+       TODO: check
+CVE-2024-55342 (A file upload functionality in Piranha CMS 11.1 allows 
authenticated r ...)
+       TODO: check
+CVE-2024-55341 (A stored cross-site scripting (XSS) vulnerability in Piranha 
CMS 11.1  ...)
+       TODO: check
+CVE-2024-55186 (An IDOR (Insecure Direct Object Reference) vulnerability 
exists in oqt ...)
+       TODO: check
+CVE-2024-51466 (IBM Cognos Analytics 11.2.0 through 11.2.4 FP4 and   12.0.0 
through 12 ...)
+       TODO: check
+CVE-2024-40695 (IBM Cognos Analytics 11.2.0 through 11.2.4 FP4 and   12.0.0 
through 12 ...)
+       TODO: check
+CVE-2024-37758 (Improper access control in the endpoint 
/RoleMenuMapping/AddRoleMenu o ...)
+       TODO: check
+CVE-2024-28767 (IBM Security Directory Integrator 7.2.0 through 7.2.0.13 and 
10.0.0 th ...)
+       TODO: check
+CVE-2024-12867 (Server-Side Request Forgery in URL Mapper in Arctic Security's 
Arctic  ...)
+       TODO: check
+CVE-2024-12842 (A vulnerability was found in Emlog Pro up to 2.4.1. It has 
been declar ...)
+       TODO: check
+CVE-2024-12841 (A vulnerability was found in Emlog Pro up to 2.4.1. It has 
been classi ...)
+       TODO: check
+CVE-2024-12840 (A server-side request forgery exists in Satellite. When a PUT 
HTTP req ...)
+       TODO: check
+CVE-2024-12677 (Delta Electronics DTM Soft deserializes objects, which could 
allow an  ...)
+       TODO: check
+CVE-2024-12014 (Path Traversal and Insecure Direct Object Reference (IDOR) 
vulnerabili ...)
+       TODO: check
+CVE-2024-10385 (Ticket management system in DirectAdmin Evolution Skin is 
vulnerable t ...)
+       TODO: check
 CVE-2024-9619 (The WP SHAPES plugin for WordPress is vulnerable to Stored 
Cross-Site  ...)
        NOT-FOR-US: WordPress plugin
 CVE-2024-9503 (The Maintenance & Coming Soon Redirect Animation plugin for 
WordPress  ...)
@@ -292,7 +354,7 @@ CVE-2024-12692 (Type Confusion in V8 in Google Chrome prior 
to 131.0.6778.204 al
        {DSA-5834-1}
        - chromium 131.0.6778.204-1
        [bullseye] - chromium <end-of-life> (see #1061268)
-CVE-2024-56128
+CVE-2024-56128 (Incorrect Implementation of Authentication Algorithm in Apache 
Kafka's ...)
        - kafka <itp> (bug #786460)
 CVE-2024-56059 (Improperly Controlled Modification of Object Prototype 
Attributes ('Pr ...)
        NOT-FOR-US: WordPress plugin
@@ -2272,7 +2334,7 @@ CVE-2024-55587 (python-libarchive through 4.2.1 allows 
directory traversal (to c
        NOT-FOR-US: python-libarchive (different from src:python-libarchive-c)
 CVE-2024-54269 (Missing Authorization vulnerability in Ninja Team Notibar 
allows Explo ...)
        NOT-FOR-US: WordPress plugin
-CVE-2024-53677 (File upload logic is flawed vulnerability in Apache Struts.  
This issu ...)
+CVE-2024-53677 (File upload logic in Apache Struts is flawed.An attacker can 
manipulat ...)
        NOT-FOR-US: Struts 2
 CVE-2024-51460 (IBM InfoSphere Information Server 11.7 could allow an 
authenticated us ...)
        NOT-FOR-US: IBM
@@ -3488,7 +3550,7 @@ CVE-2024-45761 (Dell OpenManage Server Administrator, 
versions 11.0.1.0 and prio
        NOT-FOR-US: Dell
 CVE-2024-45760 (Dell OpenManage Server Administrator, versions 11.0.1.0 and 
prior, con ...)
        NOT-FOR-US: Dell
-CVE-2024-43222 (Missing Authorization vulnerability in Envato Security Team 
Sweet Date ...)
+CVE-2024-43222 (Missing Authorization vulnerability in SeventhQueen Sweet 
Date.This is ...)
        NOT-FOR-US: WordPress plugin
 CVE-2024-42426 (Dell PowerScale OneFS Versions 9.5.0.x through 9.8.0.x contain 
an unco ...)
        NOT-FOR-US: Dell
@@ -3906,9 +3968,9 @@ CVE-2024-54747 (WAVLINK WN531P3 202383 was discovered to 
contain a hardcoded pas
        NOT-FOR-US: WAVLINK
 CVE-2024-54745 (WAVLINK WN701AE M01AE_V240305 was discovered to contain a 
hardcoded pa ...)
        NOT-FOR-US: WAVLINK
-CVE-2024-54216 (Path Traversal: '.../...//' vulnerability in Envato Security 
Team ARFo ...)
+CVE-2024-54216 (Path Traversal: '.../...//' vulnerability in Repute 
InfoSystems ARForm ...)
        NOT-FOR-US: WordPress plugin
-CVE-2024-54214 (Unrestricted Upload of File with Dangerous Type vulnerability 
in Envat ...)
+CVE-2024-54214 (Unrestricted Upload of File with Dangerous Type vulnerability 
in Ronin ...)
        NOT-FOR-US: WordPress plugin
 CVE-2024-54213 (Improper Neutralization of Input During Web Page Generation 
('Cross-si ...)
        NOT-FOR-US: WordPress plugin



View it on GitLab: 
https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/b05d4319d55a0641a495e6b7ffd747001573152e

-- 
View it on GitLab: 
https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/b05d4319d55a0641a495e6b7ffd747001573152e
You're receiving this email because of your account on salsa.debian.org.

_______________________________________________
debian-security-tracker-commits mailing list
[email protected]
https://alioth-lists.debian.net/cgi-bin/mailman/listinfo/debian-security-tracker-commits

[Git][security-tracker-team/security-tracker][master] automatic update

Reply via email to