[Git][security-tracker-team/security-tracker][master] automatic update

2025-01-17 Thread Salvatore Bonaccorso (@carnil)


Salvatore Bonaccorso pushed to branch master at Debian Security Tracker / 
security-tracker


Commits:
2d24727c by security tracker role at 2025-01-17T08:11:49+00:00
automatic update

- - - - -


1 changed file:

- data/CVE/list


Changes:

=
data/CVE/list
=
@@ -1,3 +1,325 @@
+CVE-2025-23965 (Improper Neutralization of Input During Web Page Generation 
('Cross-si ...)
+   TODO: check
+CVE-2025-23963 (Missing Authorization vulnerability in Sven Hofmann & Michael 
Schoenro ...)
+   TODO: check
+CVE-2025-23962 (Missing Authorization vulnerability in Goldstar Goldstar 
allows Exploi ...)
+   TODO: check
+CVE-2025-23961 (Missing Authorization vulnerability in WP Tasker WordPress 
Graphs & Ch ...)
+   TODO: check
+CVE-2025-23957 (Missing Authorization vulnerability in Sur.ly Sur.ly allows 
Exploiting ...)
+   TODO: check
+CVE-2025-23955 (Missing Authorization vulnerability in xola.com Xola allows 
Exploiting ...)
+   TODO: check
+CVE-2025-23954 (Missing Authorization vulnerability in AWcode & KingfisherFox 
Salvador ...)
+   TODO: check
+CVE-2025-23951 (Improper Neutralization of Input During Web Page Generation 
('Cross-si ...)
+   TODO: check
+CVE-2025-23950 (Improper Neutralization of Input During Web Page Generation 
('Cross-si ...)
+   TODO: check
+CVE-2025-23947 (Improper Neutralization of Input During Web Page Generation 
('Cross-si ...)
+   TODO: check
+CVE-2025-23946 (Improper Neutralization of Input During Web Page Generation 
('Cross-si ...)
+   TODO: check
+CVE-2025-23943 (Improper Neutralization of Input During Web Page Generation 
('Cross-si ...)
+   TODO: check
+CVE-2025-23941 (Improper Neutralization of Input During Web Page Generation 
('Cross-si ...)
+   TODO: check
+CVE-2025-23940 (Improper Neutralization of Input During Web Page Generation 
('Cross-si ...)
+   TODO: check
+CVE-2025-23939 (Improper Neutralization of Input During Web Page Generation 
('Cross-si ...)
+   TODO: check
+CVE-2025-23936 (Improper Neutralization of Input During Web Page Generation 
('Cross-si ...)
+   TODO: check
+CVE-2025-23935 (Improper Neutralization of Input During Web Page Generation 
('Cross-si ...)
+   TODO: check
+CVE-2025-23934 (Improper Neutralization of Input During Web Page Generation 
('Cross-si ...)
+   TODO: check
+CVE-2025-23933 (Improper Neutralization of Input During Web Page Generation 
('Cross-si ...)
+   TODO: check
+CVE-2025-23930 (Missing Authorization vulnerability in iTechArt-Group PayPal 
Marketing ...)
+   TODO: check
+CVE-2025-23929 (Missing Authorization vulnerability in wishfulthemes Email 
Capture & L ...)
+   TODO: check
+CVE-2025-23928 (Improper Neutralization of Input During Web Page Generation 
('Cross-si ...)
+   TODO: check
+CVE-2025-23927 (Improper Neutralization of Input During Web Page Generation 
('Cross-si ...)
+   TODO: check
+CVE-2025-23926 (Improper Neutralization of Input During Web Page Generation 
('Cross-si ...)
+   TODO: check
+CVE-2025-23925 (Improper Neutralization of Input During Web Page Generation 
('Cross-si ...)
+   TODO: check
+CVE-2025-23924 (Improper Neutralization of Input During Web Page Generation 
('Cross-si ...)
+   TODO: check
+CVE-2025-23922 (Cross-Site Request Forgery (CSRF) vulnerability in Harsh 
iSpring Embed ...)
+   TODO: check
+CVE-2025-23919 (Improper Neutralization of Script-Related HTML Tags in a Web 
Page (Bas ...)
+   TODO: check
+CVE-2025-23917 (Missing Authorization vulnerability in Chandrika Guntur, 
Morgan Kay Ch ...)
+   TODO: check
+CVE-2025-23916 (Missing Authorization vulnerability in Nuanced Media WP Meetup 
allows  ...)
+   TODO: check
+CVE-2025-23915 (Improper Control of Filename for Include/Require Statement in 
PHP Prog ...)
+   TODO: check
+CVE-2025-23913 (Improper Neutralization of Special Elements used in an SQL 
Command ('S ...)
+   TODO: check
+CVE-2025-23912 (Improper Neutralization of Special Elements used in an SQL 
Command ('S ...)
+   TODO: check
+CVE-2025-23911 (Improper Neutralization of Special Elements used in an SQL 
Command ('S ...)
+   TODO: check
+CVE-2025-23909 (Improper Neutralization of Input During Web Page Generation 
('Cross-si ...)
+   TODO: check
+CVE-2025-23908 (Improper Neutralization of Input During Web Page Generation 
('Cross-si ...)
+   TODO: check
+CVE-2025-23907 (Improper Neutralization of Input During Web Page Generation 
('Cross-si ...)
+   TODO: check
+CVE-2025-23902 (Cross-Site Request Forgery (CSRF) vulnerability in Taras 
Dashkevych Er ...)
+   TODO: check
+CVE-2025-23901 (Cross-Site Request Forgery (CSRF) vulnerability in Oliver 
Schaal Grava ...)
+   TODO: check
+CVE-2025-23900 (Cross-Site Request Forgery (CSRF) vulnerability in Genkisan 
Genki Anno ...)
+   TODO: check
+CVE-2025-23899 (Improper Neutralization of Input During Web Page Generation 
('Cross-si

[Git][security-tracker-team/security-tracker][master] automatic update

2025-01-16 Thread Salvatore Bonaccorso (@carnil)


Salvatore Bonaccorso pushed to branch master at Debian Security Tracker / 
security-tracker


Commits:
67d9d8b1 by security tracker role at 2025-01-16T20:12:09+00:00
automatic update

- - - - -


1 changed file:

- data/CVE/list


Changes:

=
data/CVE/list
=
@@ -1,3 +1,287 @@
+CVE-2025-23783 (Improper Neutralization of Input During Web Page Generation 
('Cross-si ...)
+   TODO: check
+CVE-2025-23767 (Improper Neutralization of Input During Web Page Generation 
('Cross-si ...)
+   TODO: check
+CVE-2025-23749 (Cross-Site Request Forgery (CSRF) vulnerability in Mahdi 
Khaksar mybb  ...)
+   TODO: check
+CVE-2025-23745 (Cross-Site Request Forgery (CSRF) vulnerability in Tussendoor 
internet ...)
+   TODO: check
+CVE-2025-23743 (Cross-Site Request Forgery (CSRF) vulnerability in Martijn 
Scheybeler  ...)
+   TODO: check
+CVE-2025-23720 (Cross-Site Request Forgery (CSRF) vulnerability in Mozilla Web 
Push al ...)
+   TODO: check
+CVE-2025-23717 (Cross-Site Request Forgery (CSRF) vulnerability in ITMOOTI 
Theme My On ...)
+   TODO: check
+CVE-2025-23715 (Cross-Site Request Forgery (CSRF) vulnerability in 
RaymondDesign Post  ...)
+   TODO: check
+CVE-2025-23713 (Cross-Site Request Forgery (CSRF) vulnerability in Artem 
Anikeev Hack  ...)
+   TODO: check
+CVE-2025-23712 (Cross-Site Request Forgery (CSRF) vulnerability in Kapost 
Kapost allow ...)
+   TODO: check
+CVE-2025-23710 (Cross-Site Request Forgery (CSRF) vulnerability in Mayur 
Sojitra Flyin ...)
+   TODO: check
+CVE-2025-23708 (Cross-Site Request Forgery (CSRF) vulnerability in Dominic 
Fallows DF  ...)
+   TODO: check
+CVE-2025-23703 (Cross-Site Request Forgery (CSRF) vulnerability in CS : 
ABS-Hosting.nl ...)
+   TODO: check
+CVE-2025-23702 (Cross-Site Request Forgery (CSRF) vulnerability in Schalk 
Burger Anony ...)
+   TODO: check
+CVE-2025-23699 (Improper Neutralization of Input During Web Page Generation 
('Cross-si ...)
+   TODO: check
+CVE-2025-23698 (Cross-Site Request Forgery (CSRF) vulnerability in Iv\xe1n R. 
Delgado  ...)
+   TODO: check
+CVE-2025-23694 (Cross-Site Request Forgery (CSRF) vulnerability in Shabbos 
Commerce Sh ...)
+   TODO: check
+CVE-2025-23693 (Cross-Site Request Forgery (CSRF) vulnerability in 
Stanis\u0142aw Skon ...)
+   TODO: check
+CVE-2025-23692 (Cross-Site Request Forgery (CSRF) vulnerability in Artem 
Anikeev Slide ...)
+   TODO: check
+CVE-2025-23691 (Cross-Site Request Forgery (CSRF) vulnerability in Braulio 
Aquino Garc ...)
+   TODO: check
+CVE-2025-23690 (Cross-Site Request Forgery (CSRF) vulnerability in ArtkanMedia 
Book a  ...)
+   TODO: check
+CVE-2025-23689 (Improper Neutralization of Input During Web Page Generation 
('Cross-si ...)
+   TODO: check
+CVE-2025-23677 (Cross-Site Request Forgery (CSRF) vulnerability in DSmidgy 
HTTP to HTT ...)
+   TODO: check
+CVE-2025-23675 (Cross-Site Request Forgery (CSRF) vulnerability in SandyIN 
Import User ...)
+   TODO: check
+CVE-2025-23673 (Cross-Site Request Forgery (CSRF) vulnerability in Don Kukral 
Email on ...)
+   TODO: check
+CVE-2025-23665 (Cross-Site Request Forgery (CSRF) vulnerability in Rapid Sort 
RSV GMap ...)
+   TODO: check
+CVE-2025-23664 (Cross-Site Request Forgery (CSRF) vulnerability in Real Seguro 
Viagem  ...)
+   TODO: check
+CVE-2025-23662 (Cross-Site Request Forgery (CSRF) vulnerability in Ryan Sutana 
WP Pano ...)
+   TODO: check
+CVE-2025-23661 (Cross-Site Request Forgery (CSRF) vulnerability in Ryan Sutana 
NV Slid ...)
+   TODO: check
+CVE-2025-23660 (Cross-Site Request Forgery (CSRF) vulnerability in Walter 
Cerrudo MFPl ...)
+   TODO: check
+CVE-2025-23659 (Cross-Site Request Forgery (CSRF) vulnerability in Hernan 
Javier Hegyk ...)
+   TODO: check
+CVE-2025-23654 (Cross-Site Request Forgery (CSRF) vulnerability in Vin\xedcius 
Krolow  ...)
+   TODO: check
+CVE-2025-23649 (Cross-Site Request Forgery (CSRF) vulnerability in Kreg Steppe 
Auphoni ...)
+   TODO: check
+CVE-2025-23644 (Improper Neutralization of Input During Web Page Generation 
('Cross-si ...)
+   TODO: check
+CVE-2025-23642 (Improper Neutralization of Input During Web Page Generation 
('Cross-si ...)
+   TODO: check
+CVE-2025-23641 (Improper Neutralization of Input During Web Page Generation 
('Cross-si ...)
+   TODO: check
+CVE-2025-23640 (Cross-Site Request Forgery (CSRF) vulnerability in Nazmul 
Ahsan Rename ...)
+   TODO: check
+CVE-2025-23639 (Cross-Site Request Forgery (CSRF) vulnerability in Nazmul 
Ahsan MDC Yo ...)
+   TODO: check
+CVE-2025-23627 (Cross-Site Request Forgery (CSRF) vulnerability in Gordon 
French Comme ...)
+   TODO: check
+CVE-2025-23623 (Improper Neutralization of Input During Web Page Generation 
('Cross-si ...)
+   TODO: check
+CVE-2025-23620 (Improper Neutralization of Input During Web Page Generation 
('Cross-si

[Git][security-tracker-team/security-tracker][master] automatic update

2025-01-16 Thread Salvatore Bonaccorso (@carnil)


Salvatore Bonaccorso pushed to branch master at Debian Security Tracker / 
security-tracker


Commits:
bfa0f853 by security tracker role at 2025-01-16T08:11:52+00:00
automatic update

- - - - -


1 changed file:

- data/CVE/list


Changes:

=
data/CVE/list
=
@@ -1,3 +1,85 @@
+CVE-2025-22976 (SQL Injection vulnerability in dingfanzuCMS v.1.0 allows a 
local attac ...)
+   TODO: check
+CVE-2025-22964 (SQL Injection vulnerability in DDSN Net Pty Ltd (DDSN 
Interactive) DDS ...)
+   TODO: check
+CVE-2025-22916 (RE11S v1.11 was discovered to contain a stack overflow via the 
pppUser ...)
+   TODO: check
+CVE-2025-22913 (RE11S v1.11 was discovered to contain a stack overflow via the 
rootAPm ...)
+   TODO: check
+CVE-2025-22912 (RE11S v1.11 was discovered to contain a command injection 
vulnerabilit ...)
+   TODO: check
+CVE-2025-22907 (RE11S v1.11 was discovered to contain a stack overflow via the 
selSSID ...)
+   TODO: check
+CVE-2025-22906 (RE11S v1.11 was discovered to contain a command injection 
vulnerabilit ...)
+   TODO: check
+CVE-2025-22905 (RE11S v1.11 was discovered to contain a command injection 
vulnerabilit ...)
+   TODO: check
+CVE-2025-22904 (RE11S v1.11 was discovered to contain a stack overflow via the 
pptpUse ...)
+   TODO: check
+CVE-2025-0492 (A vulnerability has been found in D-Link DIR-823X 240126/240802 
and cl ...)
+   TODO: check
+CVE-2025-0491 (A vulnerability, which was classified as critical, was found in 
Fanli2 ...)
+   TODO: check
+CVE-2025-0490 (A vulnerability, which was classified as critical, has been 
found in F ...)
+   TODO: check
+CVE-2025-0489 (A vulnerability classified as critical was found in Fanli2012 
native-p ...)
+   TODO: check
+CVE-2025-0488 (A vulnerability classified as critical has been found in 
Fanli2012 nat ...)
+   TODO: check
+CVE-2025-0487 (A vulnerability was found in Fanli2012 native-php-cms 1.0. It 
has been ...)
+   TODO: check
+CVE-2025-0486 (A vulnerability was found in Fanli2012 native-php-cms 1.0. It 
has been ...)
+   TODO: check
+CVE-2025-0476 (Mattermost Mobile Apps versions <=2.22.0 fail to properly 
handle speci ...)
+   TODO: check
+CVE-2025-0457 (The airPASS from NetVision Information has an OS Command 
Injection vul ...)
+   TODO: check
+CVE-2025-0456 (The airPASS from NetVision Information has a Missing 
Authentication vu ...)
+   TODO: check
+CVE-2025-0455 (The airPASS from NetVision Information has a SQL Injection 
vulnerabili ...)
+   TODO: check
+CVE-2025-0215 (The UpdraftPlus: WP Backup & Migration Plugin plugin for 
WordPress is  ...)
+   TODO: check
+CVE-2025-0170 (The DWT - Directory & Listing WordPress Theme is vulnerable to 
Reflect ...)
+   TODO: check
+CVE-2024-57728 (SimpleHelp remote support software v5.5.7 and before allows 
admin user ...)
+   TODO: check
+CVE-2024-57727 (SimpleHelp remote support software v5.5.7 and before is 
vulnerable to  ...)
+   TODO: check
+CVE-2024-57726 (SimpleHelp remote support software v5.5.7 and before has a 
vulnerabili ...)
+   TODO: check
+CVE-2024-55503 (An issue in termius before v.9.9.0 allows a local attacker to 
execute  ...)
+   TODO: check
+CVE-2024-53407 (In Phiewer 4.1.0, a dylib injection leads to Command Execution 
which a ...)
+   TODO: check
+CVE-2024-48126 (HI-SCAN 6040i Hitrax HX-03-19-I was discovered to contain 
hardcoded cr ...)
+   TODO: check
+CVE-2024-48125 (An issue in the AsDB service of HI-SCAN 6040i Hitrax 
HX-03-19-I allows ...)
+   TODO: check
+CVE-2024-48123 (An issue in the USB Autorun function of HI-SCAN 6040i Hitrax 
HX-03-19- ...)
+   TODO: check
+CVE-2024-48122 (Insecure default configurations in HI-SCAN 6040i Hitrax 
HX-03-19-I all ...)
+   TODO: check
+CVE-2024-48121 (The HI-SCAN 6040i Hitrax HX-03-19-I was discovered to transmit 
user cr ...)
+   TODO: check
+CVE-2024-41454 (An arbitrary file upload vulnerability in the UI login page 
logo uploa ...)
+   TODO: check
+CVE-2024-41453 (A cross-site scripting (XSS) vulnerability in Process Maker 
pm4core-do ...)
+   TODO: check
+CVE-2024-39967 (Insecure permissions in Aginode GigaSwitch v5 allows attackers 
to acce ...)
+   TODO: check
+CVE-2024-36751 (An issue in parse-uri v1.0.9 allows attackers to cause a 
Regular expre ...)
+   TODO: check
+CVE-2024-12226 (In affected versions of the Octopus Kubernetes worker or 
agent, sensit ...)
+   TODO: check
+CVE-2024-11452 (The Chamber Dashboard Business Directory plugin for WordPress 
is vulne ...)
+   TODO: check
+CVE-2024-10970 (The The Motors \u2013 Car Dealer, Classifieds & Listing plugin 
for Wor ...)
+   TODO: check
+CVE-2024-10789 (The WP User Profile Avatar plugin for WordPress is vulnerable 
to Cross ...)
+   TODO: check
+CVE-2024-10401
+   REJECTED
 CVE-2025-23040 (GitHub Desktop is an open-source Electron-based GitH

[Git][security-tracker-team/security-tracker][master] automatic update

2025-01-15 Thread Salvatore Bonaccorso (@carnil)


Salvatore Bonaccorso pushed to branch master at Debian Security Tracker / 
security-tracker


Commits:
51ad0425 by security tracker role at 2025-01-15T20:11:52+00:00
automatic update

- - - - -


1 changed file:

- data/CVE/list


Changes:

=
data/CVE/list
=
@@ -1,3 +1,305 @@
+CVE-2025-23040 (GitHub Desktop is an open-source Electron-based GitHub app 
designed fo ...)
+   TODO: check
+CVE-2025-22968 (An issue in D-Link DWR-M972V 1.05SSG allows a remote attacker 
to execu ...)
+   TODO: check
+CVE-2025-22799 (Improper Neutralization of Special Elements used in an SQL 
Command ('S ...)
+   TODO: check
+CVE-2025-22798 (Improper Neutralization of Input During Web Page Generation 
('Cross-si ...)
+   TODO: check
+CVE-2025-22797 (Improper Neutralization of Input During Web Page Generation 
('Cross-si ...)
+   TODO: check
+CVE-2025-22795 (Improper Neutralization of Input During Web Page Generation 
('Cross-si ...)
+   TODO: check
+CVE-2025-22793 (Improper Neutralization of Input During Web Page Generation 
('Cross-si ...)
+   TODO: check
+CVE-2025-22788 (Improper Neutralization of Input During Web Page Generation 
('Cross-si ...)
+   TODO: check
+CVE-2025-22787 (Missing Authorization vulnerability in bPlugins LLC Button 
Block allow ...)
+   TODO: check
+CVE-2025-22786 (Path Traversal vulnerability in ElementInvader ElementInvader 
Addons f ...)
+   TODO: check
+CVE-2025-22785 (Improper Neutralization of Special Elements used in an SQL 
Command ('S ...)
+   TODO: check
+CVE-2025-22784 (Cross-Site Request Forgery (CSRF) vulnerability in Johan 
Str\xf6m Back ...)
+   TODO: check
+CVE-2025-22782 (Unrestricted Upload of File with Dangerous Type vulnerability 
in Web R ...)
+   TODO: check
+CVE-2025-22781 (Improper Neutralization of Input During Web Page Generation 
('Cross-si ...)
+   TODO: check
+CVE-2025-22780 (Improper Neutralization of Input During Web Page Generation 
('Cross-si ...)
+   TODO: check
+CVE-2025-22779 (Missing Authorization vulnerability in Ugur CELIK WP News 
Sliders allo ...)
+   TODO: check
+CVE-2025-22778 (Improper Neutralization of Input During Web Page Generation 
('Cross-si ...)
+   TODO: check
+CVE-2025-22776 (Improper Neutralization of Input During Web Page Generation 
('Cross-si ...)
+   TODO: check
+CVE-2025-22773 (Insertion of Sensitive Information into Externally-Accessible 
File or  ...)
+   TODO: check
+CVE-2025-22769 (Improper Neutralization of Input During Web Page Generation 
('Cross-si ...)
+   TODO: check
+CVE-2025-22766 (Improper Neutralization of Input During Web Page Generation 
('Cross-si ...)
+   TODO: check
+CVE-2025-22765 (Improper Neutralization of Input During Web Page Generation 
('Cross-si ...)
+   TODO: check
+CVE-2025-22764 (Improper Neutralization of Input During Web Page Generation 
('Cross-si ...)
+   TODO: check
+CVE-2025-22762 (Improper Neutralization of Input During Web Page Generation 
('Cross-si ...)
+   TODO: check
+CVE-2025-22761 (Improper Neutralization of Input During Web Page Generation 
('Cross-si ...)
+   TODO: check
+CVE-2025-22760 (Improper Neutralization of Input During Web Page Generation 
('Cross-si ...)
+   TODO: check
+CVE-2025-22759 (Improper Neutralization of Input During Web Page Generation 
('Cross-si ...)
+   TODO: check
+CVE-2025-22758 (Improper Neutralization of Input During Web Page Generation 
('Cross-si ...)
+   TODO: check
+CVE-2025-22755 (Improper Neutralization of Input During Web Page Generation 
('Cross-si ...)
+   TODO: check
+CVE-2025-22754 (Improper Neutralization of Input During Web Page Generation 
('Cross-si ...)
+   TODO: check
+CVE-2025-22753 (Improper Neutralization of Input During Web Page Generation 
('Cross-si ...)
+   TODO: check
+CVE-2025-22752 (Improper Neutralization of Input During Web Page Generation 
('Cross-si ...)
+   TODO: check
+CVE-2025-22751 (Improper Neutralization of Input During Web Page Generation 
('Cross-si ...)
+   TODO: check
+CVE-2025-22750 (Improper Neutralization of Input During Web Page Generation 
('Cross-si ...)
+   TODO: check
+CVE-2025-22749 (Improper Neutralization of Input During Web Page Generation 
('Cross-si ...)
+   TODO: check
+CVE-2025-22748 (Improper Neutralization of Input During Web Page Generation 
('Cross-si ...)
+   TODO: check
+CVE-2025-22747 (Improper Neutralization of Input During Web Page Generation 
('Cross-si ...)
+   TODO: check
+CVE-2025-22746 (Improper Neutralization of Input During Web Page Generation 
('Cross-si ...)
+   TODO: check
+CVE-2025-22745 (Improper Neutralization of Input During Web Page Generation 
('Cross-si ...)
+   TODO: check
+CVE-2025-22744 (Improper Neutralization of Input During Web Page Generation 
('Cross-si ...)
+   TODO: check
+CVE-2025-22743 (Improper Neutralization of Input During Web Page Generation 
('Cross-si

[Git][security-tracker-team/security-tracker][master] automatic update

2025-01-15 Thread Salvatore Bonaccorso (@carnil)


Salvatore Bonaccorso pushed to branch master at Debian Security Tracker / 
security-tracker


Commits:
ee7881f4 by security tracker role at 2025-01-15T08:12:38+00:00
automatic update

- - - - -


1 changed file:

- data/CVE/list


Changes:

=
data/CVE/list
=
@@ -1,3 +1,91 @@
+CVE-2025-23061 (Mongoose before 8.9.5 can improperly use a nested $where 
filter with a ...)
+   TODO: check
+CVE-2025-23013 (In Yubico pam-u2f before 1.3.1, local privilege escalation can 
sometim ...)
+   TODO: check
+CVE-2025-22997 (A stored cross-site scripting (XSS) vulnerability in the 
prf_table_con ...)
+   TODO: check
+CVE-2025-22996 (A stored cross-site scripting (XSS) vulnerability in the 
spf_table_con ...)
+   TODO: check
+CVE-2025-22394 (Dell Display Manager, versions prior to 2.3.2.18, contain a 
Time-of-ch ...)
+   TODO: check
+CVE-2025-21101 (Dell Display Manager, versions prior to 2.3.2.20, contain a 
race condi ...)
+   TODO: check
+CVE-2025-0356 (NEC Corporation Aterm WX1500HP Ver.1.4.2 and earlier and 
WX3600HP Ver. ...)
+   TODO: check
+CVE-2025-0355 (Missing Authentication for Critical Function vulnerability in 
NEC Corp ...)
+   TODO: check
+CVE-2025-0354 (Cross-site scripting vulnerability in NEC Corporation Aterm 
WG2600HS V ...)
+   TODO: check
+CVE-2025-0343 (Swift ASN.1 can be caused to crash when parsing certain BER/DER 
constr ...)
+   TODO: check
+CVE-2024-7322 (A ZigBee coordinator, router, or end device may change their 
node ID w ...)
+   TODO: check
+CVE-2024-57767 (MSFM before v2025.01.01 was discovered to contain a 
Server-Side Reques ...)
+   TODO: check
+CVE-2024-57766 (MSFM before 2025.01.01 was discovered to contain a fastjson 
deserializ ...)
+   TODO: check
+CVE-2024-57765 (MSFM before 2025.01.01 was discovered to contain a SQL 
injection vulne ...)
+   TODO: check
+CVE-2024-57764 (MSFM before 2025.01.01 was discovered to contain a fastjson 
deserializ ...)
+   TODO: check
+CVE-2024-57763 (MSFM before 2025.01.01 was discovered to contain a fastjson 
deserializ ...)
+   TODO: check
+CVE-2024-57762 (MSFM before v2025.01.01 was discovered to contain a 
deserialization vu ...)
+   TODO: check
+CVE-2024-57761 (An arbitrary file upload vulnerability in the parserXML() 
method of Je ...)
+   TODO: check
+CVE-2024-57760 (JeeWMS before v2025.01.01 was discovered to contain a SQL 
injection vu ...)
+   TODO: check
+CVE-2024-57757 (JeeWMS before v2025.01.01 was discovered to contain a 
permission bypas ...)
+   TODO: check
+CVE-2024-57483 (Tenda i24 V2.0.0.5 is vulnerable to Buffer Overflow in the 
addWifiMacF ...)
+   TODO: check
+CVE-2024-57482 (H3C N12 V100R005 contains a buffer overflow vulnerability due 
to the l ...)
+   TODO: check
+CVE-2024-57480 (H3C N12 V100R005 contains a buffer overflow vulnerability due 
to the l ...)
+   TODO: check
+CVE-2024-57479 (H3C N12 V100R005 contains a buffer overflow vulnerability due 
to the l ...)
+   TODO: check
+CVE-2024-57473 (H3C N12 V100R005 contains a buffer overflow vulnerability due 
to the l ...)
+   TODO: check
+CVE-2024-57471 (H3C N12 V100R005 contains a buffer overflow vulnerability due 
to the l ...)
+   TODO: check
+CVE-2024-55577 (Stack-based buffer overflow vulnerability exists in Linux 
Ratfor 1.06  ...)
+   TODO: check
+CVE-2024-54730 (Flatnotes  (see #1061268)



View it on GitLab: 
https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/ee7881f4373f39fcba1dfa2ba5bcd36b3cd69cf0

-- 
View it on GitLab: 
https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/ee7881f4373f39fcba1dfa2ba5bcd36b3cd69cf0
You're receiving this email because of your account on salsa.debian.org.


___
debian-security-tracker-commits mailing list
debian-security-tracker-commits@alioth-lists.debian.net
https://alioth-lists.debian.net/cgi-bin/mailman/listinfo/debian-security-tracker-commits


[Git][security-tracker-team/security-tracker][master] automatic update

2025-01-14 Thread Salvatore Bonaccorso (@carnil)


Salvatore Bonaccorso pushed to branch master at Debian Security Tracker / 
security-tracker


Commits:
0a2b4a09 by security tracker role at 2025-01-14T20:12:20+00:00
automatic update

- - - - -


1 changed file:

- data/CVE/list


Changes:

=
data/CVE/list
=
@@ -1,37 +1,787 @@
-CVE-2024-52006
+CVE-2025-23366 (A flaw was found in the HAL Console in the Wildfly component, 
which do ...)
+   TODO: check
+CVE-2025-23081 (Cross-Site Request Forgery (CSRF), Improper Neutralization of 
Input Du ...)
+   TODO: check
+CVE-2025-23080 (Improper Neutralization of Input During Web Page Generation 
(XSS or 'C ...)
+   TODO: check
+CVE-2025-23074 (Exposure of Sensitive Information to an Unauthorized Actor 
vulnerabili ...)
+   TODO: check
+CVE-2025-23073 (Exposure of Sensitive Information to an Unauthorized Actor 
vulnerabili ...)
+   TODO: check
+CVE-2025-23072 (Improper Neutralization of Input During Web Page Generation 
(XSS or 'C ...)
+   TODO: check
+CVE-2025-23052 (Authenticated command injection vulnerability in the 
commandline inter ...)
+   TODO: check
+CVE-2025-23051 (An authenticated parameter injection vulnerability existsin 
the web-ba ...)
+   TODO: check
+CVE-2025-23042 (Gradio is an open-source Python package that allows quick 
building of  ...)
+   TODO: check
+CVE-2025-23041 (Umbraco.Forms is a web form framework written for the nuget 
ecosystem. ...)
+   TODO: check
+CVE-2025-23025 (XWiki Platform is a generic wiki platform offering runtime 
services fo ...)
+   TODO: check
+CVE-2025-23019 (IPv6-in-IPv4 tunneling (RFC 4213) allows an attacker to spoof 
and rout ...)
+   TODO: check
+CVE-2025-23018 (IPv4-in-IPv6 and IPv6-in-IPv6 tunneling (RFC 2473) do not 
require the  ...)
+   TODO: check
+CVE-2025-22984 (An access control issue in the component 
/api/squareComment/DelectSqua ...)
+   TODO: check
+CVE-2025-22983 (An access control issue in the component 
/square/getAllSquare/circle o ...)
+   TODO: check
+CVE-2025-21607 (Vyper is a Pythonic Smart Contract Language for the EVM. When 
the Vype ...)
+   TODO: check
+CVE-2025-21417 (Windows Telephony Service Remote Code Execution Vulnerability)
+   TODO: check
+CVE-2025-21413 (Windows Telephony Service Remote Code Execution Vulnerability)
+   TODO: check
+CVE-2025-21411 (Windows Telephony Service Remote Code Execution Vulnerability)
+   TODO: check
+CVE-2025-21409 (Windows Telephony Service Remote Code Execution Vulnerability)
+   TODO: check
+CVE-2025-21405 (Visual Studio Elevation of Privilege Vulnerability)
+   TODO: check
+CVE-2025-21403 (On-Premises Data Gateway Information Disclosure Vulnerability)
+   TODO: check
+CVE-2025-21402 (Microsoft Office OneNote Remote Code Execution Vulnerability)
+   TODO: check
+CVE-2025-21395 (Microsoft Access Remote Code Execution Vulnerability)
+   TODO: check
+CVE-2025-21393 (Microsoft SharePoint Server Spoofing Vulnerability)
+   TODO: check
+CVE-2025-21389 (Windows upnphost.dll Denial of Service Vulnerability)
+   TODO: check
+CVE-2025-21382 (Windows Graphics Component Elevation of Privilege 
Vulnerability)
+   TODO: check
+CVE-2025-21378 (Windows CSC Service Elevation of Privilege Vulnerability)
+   TODO: check
+CVE-2025-21374 (Windows CSC Service Information Disclosure Vulnerability)
+   TODO: check
+CVE-2025-21372 (Microsoft Brokering File System Elevation of Privilege 
Vulnerability)
+   TODO: check
+CVE-2025-21370 (Windows Virtualization-Based Security (VBS) Enclave Elevation 
of Privi ...)
+   TODO: check
+CVE-2025-21366 (Microsoft Access Remote Code Execution Vulnerability)
+   TODO: check
+CVE-2025-21365 (Microsoft Office Remote Code Execution Vulnerability)
+   TODO: check
+CVE-2025-21364 (Microsoft Excel Security Feature Bypass Vulnerability)
+   TODO: check
+CVE-2025-21363 (Microsoft Word Remote Code Execution Vulnerability)
+   TODO: check
+CVE-2025-21362 (Microsoft Excel Remote Code Execution Vulnerability)
+   TODO: check
+CVE-2025-21361 (Microsoft Outlook Remote Code Execution Vulnerability)
+   TODO: check
+CVE-2025-21360 (Microsoft AutoUpdate (MAU) Elevation of Privilege 
Vulnerability)
+   TODO: check
+CVE-2025-21357 (Microsoft Outlook Remote Code Execution Vulnerability)
+   TODO: check
+CVE-2025-21356 (Microsoft Office Visio Remote Code Execution Vulnerability)
+   TODO: check
+CVE-2025-21354 (Microsoft Excel Remote Code Execution Vulnerability)
+   TODO: check
+CVE-2025-21348 (Microsoft SharePoint Server Remote Code Execution 
Vulnerability)
+   TODO: check
+CVE-2025-21346 (Microsoft Office Security Feature Bypass Vulnerability)
+   TODO: check
+CVE-2025-21345 (Microsoft Office Visio Remote Code Execution Vulnerability)
+   TODO: check
+CVE-2025-21344 (Microsoft SharePoint Server Remote Code Execution 
Vulnerability)
+   TODO: check
+CVE-2025-

[Git][security-tracker-team/security-tracker][master] automatic update

2025-01-14 Thread Salvatore Bonaccorso (@carnil)


Salvatore Bonaccorso pushed to branch master at Debian Security Tracker / 
security-tracker


Commits:
a0b53c28 by security tracker role at 2025-01-14T08:11:57+00:00
automatic update

- - - - -


1 changed file:

- data/CVE/list


Changes:

=
data/CVE/list
=
@@ -1,3 +1,255 @@
+CVE-2025-23082 (Veeam Backup for Microsoft Azure is vulnerable to Server-Side 
Request  ...)
+   TODO: check
+CVE-2025-23038 (WeGIA is an open source web manager with a focus on the 
Portuguese lan ...)
+   TODO: check
+CVE-2025-23037 (WeGIA is an open source web manager with a focus on the 
Portuguese lan ...)
+   TODO: check
+CVE-2025-23036 (WeGIA is an open source web manager with a focus on the 
Portuguese lan ...)
+   TODO: check
+CVE-2025-23035 (WeGIA is an open source web manager with a focus on the 
Portuguese lan ...)
+   TODO: check
+CVE-2025-23034 (WeGIA is an open source web manager with a focus on the 
Portuguese lan ...)
+   TODO: check
+CVE-2025-23033 (WeGIA is an open source web manager with a focus on the 
Portuguese lan ...)
+   TODO: check
+CVE-2025-23032 (WeGIA is an open source web manager with a focus on the 
Portuguese lan ...)
+   TODO: check
+CVE-2025-23031 (WeGIA is an open source web manager with a focus on the 
Portuguese lan ...)
+   TODO: check
+CVE-2025-23030 (WeGIA is an open source web manager with a focus on the 
Portuguese lan ...)
+   TODO: check
+CVE-2025-22619 (WeGIA is an open source web manager with a focus on the 
Portuguese lan ...)
+   TODO: check
+CVE-2025-22618 (WeGIA is an open source web manager with a focus on the 
Portuguese lan ...)
+   TODO: check
+CVE-2025-22617 (WeGIA is an open source web manager with a focus on the 
Portuguese lan ...)
+   TODO: check
+CVE-2025-22616 (WeGIA is an open source web manager with a focus on the 
Portuguese lan ...)
+   TODO: check
+CVE-2025-22615 (WeGIA is an open source web manager with a focus on the 
Portuguese lan ...)
+   TODO: check
+CVE-2025-22614 (WeGIA is an open source web manager with a focus on the 
Portuguese lan ...)
+   TODO: check
+CVE-2025-22613 (WeGIA is an open source web manager with a focus on the 
Portuguese lan ...)
+   TODO: check
+CVE-2025-22138 (@codidact/qpixel is a Q&A-based community knowledge-sharing 
software.  ...)
+   TODO: check
+CVE-2025-22134 (When switching to other buffers using the :all command and 
visual mode ...)
+   TODO: check
+CVE-2025-0070 (SAP NetWeaver Application Server for ABAP and ABAP Platform 
allows an  ...)
+   TODO: check
+CVE-2025-0069 (Due to DLL injection vulnerability in SAPSetup, an attacker 
with eithe ...)
+   TODO: check
+CVE-2025-0068 (An obsolete functionality in SAP NetWeaver Application Server 
ABAP did ...)
+   TODO: check
+CVE-2025-0067 (Due to a missing authorization check on service endpoints in 
the SAP N ...)
+   TODO: check
+CVE-2025-0066 (Under certain conditions SAP NetWeaver AS for ABAP and ABAP 
Platform ( ...)
+   TODO: check
+CVE-2025-0063 (SAP NetWeaver AS ABAP and ABAP Platform does not check for 
authorizati ...)
+   TODO: check
+CVE-2025-0061 (SAP BusinessObjects Business Intelligence Platform allows an 
unauthent ...)
+   TODO: check
+CVE-2025-0060 (SAP BusinessObjects Business Intelligence Platform allows an 
authentic ...)
+   TODO: check
+CVE-2025-0059 (Applications based on SAP GUI for HTML in SAP NetWeaver 
Application Se ...)
+   TODO: check
+CVE-2025-0058 (In SAP Business Workflow and SAP Flexible Workflow, an 
authenticated a ...)
+   TODO: check
+CVE-2025-0057 (SAP NetWeaver AS JAVA (User Admin Application) is vulnerable to 
stored ...)
+   TODO: check
+CVE-2025-0056 (SAP GUI for Java saves user input on the client PC to improve 
usabilit ...)
+   TODO: check
+CVE-2025-0055 (SAP GUI for Windows stores user input on the client PC to 
improve usab ...)
+   TODO: check
+CVE-2025-0053 (SAP NetWeaver Application Server for ABAP and ABAP Platform 
allows an  ...)
+   TODO: check
+CVE-2024-57811 (In Eaton X303 3.5.16 - X303 3.5.17 Build 712, an attacker with 
network ...)
+   TODO: check
+CVE-2024-57664 (An issue in the sqlg_group_node component of openlink 
virtuoso-opensou ...)
+   TODO: check
+CVE-2024-57663 (An issue in the sqlg_place_dpipes component of openlink 
virtuoso-opens ...)
+   TODO: check
+CVE-2024-57662 (An issue in the sqlg_hash_source component of openlink 
virtuoso-openso ...)
+   TODO: check
+CVE-2024-57661 (An issue in the sqlo_df component of openlink 
virtuoso-opensource v7.2 ...)
+   TODO: check
+CVE-2024-57660 (An issue in the sqlo_expand_jts component of openlink 
virtuoso-opensou ...)
+   TODO: check
+CVE-2024-57659 (An issue in the sqlg_parallel_ts_seq component of openlink 
virtuoso-op ...)
+   TODO: check
+CVE-2024-57658 (An issue in the sql_tree_hash_1 component of openlink 
virtuoso-opensou ...)
+   

[Git][security-tracker-team/security-tracker][master] automatic update

2025-01-13 Thread Salvatore Bonaccorso (@carnil)


Salvatore Bonaccorso pushed to branch master at Debian Security Tracker / 
security-tracker


Commits:
9ae6ca8f by security tracker role at 2025-01-13T20:12:40+00:00
automatic update

- - - - -


1 changed file:

- data/CVE/list


Changes:

=
data/CVE/list
=
@@ -1,3 +1,103 @@
+CVE-2025-23027 (next-forge is a Next.js project boilerplate for modern web 
application ...)
+   TODO: check
+CVE-2025-23026 (jte (Java Template Engine) is a secure and lightweight 
template engine ...)
+   TODO: check
+CVE-2025-22963 (Teedy through 1.11 allows CSRF for account takeover via POST 
/api/user ...)
+   TODO: check
+CVE-2025-22828 (CloudStack users can add and read comments (annotations) on 
resources  ...)
+   TODO: check
+CVE-2025-22800 (Missing Authorization vulnerability in Post SMTP Post SMTP 
allows Expl ...)
+   TODO: check
+CVE-2025-22777 (Deserialization of Untrusted Data vulnerability in GiveWP 
GiveWP allow ...)
+   TODO: check
+CVE-2025-22588 (Improper Neutralization of Input During Web Page Generation 
('Cross-si ...)
+   TODO: check
+CVE-2025-22586 (Improper Neutralization of Input During Web Page Generation 
('Cross-si ...)
+   TODO: check
+CVE-2025-22583 (Improper Neutralization of Input During Web Page Generation 
('Cross-si ...)
+   TODO: check
+CVE-2025-22576 (Improper Neutralization of Input During Web Page Generation 
('Cross-si ...)
+   TODO: check
+CVE-2025-22570 (Improper Neutralization of Input During Web Page Generation 
('Cross-si ...)
+   TODO: check
+CVE-2025-22569 (Improper Neutralization of Input During Web Page Generation 
('Cross-si ...)
+   TODO: check
+CVE-2025-22568 (Improper Neutralization of Input During Web Page Generation 
('Cross-si ...)
+   TODO: check
+CVE-2025-22567 (Improper Neutralization of Input During Web Page Generation 
('Cross-si ...)
+   TODO: check
+CVE-2025-22514 (Improper Neutralization of Input During Web Page Generation 
('Cross-si ...)
+   TODO: check
+CVE-2025-22506 (Improper Neutralization of Input During Web Page Generation 
('Cross-si ...)
+   TODO: check
+CVE-2025-22499 (Improper Neutralization of Input During Web Page Generation 
('Cross-si ...)
+   TODO: check
+CVE-2025-22498 (Improper Neutralization of Input During Web Page Generation 
('Cross-si ...)
+   TODO: check
+CVE-2025-22344 (Improper Neutralization of Input During Web Page Generation 
('Cross-si ...)
+   TODO: check
+CVE-2025-22337 (Improper Neutralization of Input During Web Page Generation 
('Cross-si ...)
+   TODO: check
+CVE-2025-22314 (Improper Neutralization of Input During Web Page Generation 
('Cross-si ...)
+   TODO: check
+CVE-2025-22144 (NamelessMC is a free, easy to use & powerful website software 
for Mine ...)
+   TODO: check
+CVE-2025-22142 (NamelessMC is a free, easy to use & powerful website software 
for Mine ...)
+   TODO: check
+CVE-2024-6352 (A malformed packet can cause a buffer overflow in the APS layer 
of the ...)
+   TODO: check
+CVE-2024-5743 (An attacker could exploit the 'Use of Password Hash With 
Insufficient  ...)
+   TODO: check
+CVE-2024-57488 (Code-Projects Online Car Rental System 1.0 is vulnerable to 
Cross Site ...)
+   TODO: check
+CVE-2024-57487 (In Code-Projects Online Car Rental System 1.0, the file upload 
feature ...)
+   TODO: check
+CVE-2024-56301 (Improper Neutralization of Input During Web Page Generation 
('Cross-si ...)
+   TODO: check
+CVE-2024-56065 (Improper Neutralization of Input During Web Page Generation 
('Cross-si ...)
+   TODO: check
+CVE-2024-54999 (MonicaHQ v4.1.2 was discovered to contain a Client-Side 
Injection vuln ...)
+   TODO: check
+CVE-2024-52938 (Kernel software installed and running inside a Guest VM may 
post impro ...)
+   TODO: check
+CVE-2024-52937 (Kernel software installed and running inside a Guest VM may 
exploit me ...)
+   TODO: check
+CVE-2024-52936 (Kernel software installed and running inside a Guest VM may 
post impro ...)
+   TODO: check
+CVE-2024-52935 (Kernel software installed and running inside a Guest VM may 
exploit me ...)
+   TODO: check
+CVE-2024-52333 (An improper array index validation vulnerability exists in the 
determi ...)
+   TODO: check
+CVE-2024-51728
+   REJECTED
+CVE-2024-48883 (An issue was discovered in Samsung Mobile Processor, Wearable 
Processo ...)
+   TODO: check
+CVE-2024-47897 (Software installed and run as a non-privileged user may 
conduct improp ...)
+   TODO: check
+CVE-2024-47895 (Kernel software installed and running inside a Guest VM may 
post impro ...)
+   TODO: check
+CVE-2024-47894 (Kernel software installed and running inside a Guest VM may 
post impro ...)
+   TODO: check
+CVE-2024-47796 (An improper array index validation vulnerability exists in the 
nowindo ...)
+   TODO: check
+CVE-2024-46921 (An issue was discovered in Samsung Mobil

[Git][security-tracker-team/security-tracker][master] automatic update

2025-01-13 Thread Salvatore Bonaccorso (@carnil)


Salvatore Bonaccorso pushed to branch master at Debian Security Tracker / 
security-tracker


Commits:
53dcbbf6 by security tracker role at 2025-01-13T08:11:46+00:00
automatic update

- - - - -


1 changed file:

- data/CVE/list


Changes:

=
data/CVE/list
=
@@ -1,3 +1,45 @@
+CVE-2025-0412 (Luxion KeyShot Viewer KSP File Parsing Memory Corruption Remote 
Code E ...)
+   TODO: check
+CVE-2025-0410 (A vulnerability classified as critical was found in liujianview 
gymxmj ...)
+   TODO: check
+CVE-2025-0409 (A vulnerability classified as critical has been found in 
liujianview g ...)
+   TODO: check
+CVE-2025-0408 (A vulnerability was found in liujianview gymxmjpa 1.0. It has 
been rat ...)
+   TODO: check
+CVE-2025-0407 (A vulnerability was found in liujianview gymxmjpa 1.0. It has 
been dec ...)
+   TODO: check
+CVE-2025-0406 (A vulnerability was found in liujianview gymxmjpa 1.0. It has 
been cla ...)
+   TODO: check
+CVE-2025-0405 (A vulnerability was found in liujianview gymxmjpa 1.0 and 
classified a ...)
+   TODO: check
+CVE-2025-0404 (A vulnerability has been found in liujianview gymxmjpa 1.0 and 
classif ...)
+   TODO: check
+CVE-2025-0403 (A vulnerability, which was classified as problematic, has been 
found i ...)
+   TODO: check
+CVE-2025-0402 (A vulnerability classified as critical was found in 1902756969 
reggie  ...)
+   TODO: check
+CVE-2025-0401 (A vulnerability classified as critical has been found in 
1902756969 re ...)
+   TODO: check
+CVE-2025-0400 (A vulnerability was found in StarSea99 starsea-mall 1.0. It has 
been r ...)
+   TODO: check
+CVE-2025-0399 (A vulnerability was found in StarSea99 starsea-mall 1.0. It has 
been d ...)
+   TODO: check
+CVE-2024-42181 (HCL MyXalytics is affected by a cleartext transmission of 
sensitive in ...)
+   TODO: check
+CVE-2024-42180 (HCL MyXalytics is affected by a malicious file upload 
vulnerability.   ...)
+   TODO: check
+CVE-2024-42179 (HCL MyXalytics is affected by sensitive information disclosure 
vulnera ...)
+   TODO: check
+CVE-2024-12568 (The Email Subscribers by Icegram Express  WordPress plugin 
before 5.7. ...)
+   TODO: check
+CVE-2024-12567 (The Email Subscribers by Icegram Express  WordPress plugin 
before 5.7. ...)
+   TODO: check
+CVE-2024-12566 (The Email Subscribers by Icegram Express  WordPress plugin 
before 5.7. ...)
+   TODO: check
+CVE-2024-12274 (The Appointment Booking Calendar Plugin and Scheduling Plugin  
WordPre ...)
+   TODO: check
+CVE-2024-11636 (The Email Subscribers by Icegram Express  WordPress plugin 
before 5.7. ...)
+   TODO: check
 CVE-2025-0398 (A vulnerability has been found in longpi1 warehouse 1.0 and 
classified ...)
NOT-FOR-US: longpi1 warehouse
 CVE-2025-0397 (A vulnerability, which was classified as problematic, was found 
in rec ...)



View it on GitLab: 
https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/53dcbbf6ec916761a9ad2017f14c3878d6bfcbfd

-- 
View it on GitLab: 
https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/53dcbbf6ec916761a9ad2017f14c3878d6bfcbfd
You're receiving this email because of your account on salsa.debian.org.


___
debian-security-tracker-commits mailing list
debian-security-tracker-commits@alioth-lists.debian.net
https://alioth-lists.debian.net/cgi-bin/mailman/listinfo/debian-security-tracker-commits


[Git][security-tracker-team/security-tracker][master] automatic update

2025-01-12 Thread Salvatore Bonaccorso (@carnil)


Salvatore Bonaccorso pushed to branch master at Debian Security Tracker / 
security-tracker


Commits:
5c5ae66d by security tracker role at 2025-01-12T20:12:05+00:00
automatic update

- - - - -


1 changed file:

- data/CVE/list


Changes:

=
data/CVE/list
=
@@ -1,3 +1,11 @@
+CVE-2025-0398 (A vulnerability has been found in longpi1 warehouse 1.0 and 
classified ...)
+   TODO: check
+CVE-2025-0397 (A vulnerability, which was classified as problematic, was found 
in rec ...)
+   TODO: check
+CVE-2025-0396 (A vulnerability, which was classified as critical, has been 
found in e ...)
+   TODO: check
+CVE-2024-51456 (IBM Robotic Process Automation 21.0.0 through 21.0.7.19 and 
23.0.0 thr ...)
+   TODO: check
 CVE-2024-49785 (IBM watsonx.ai 1.1 through 2.0.3 and IBM watsonx.ai on Cloud 
Pak for D ...)
NOT-FOR-US: IBM
 CVE-2025-23128
@@ -294851,6 +294859,7 @@ CVE-2021-30186 (CODESYS V2 runtime system SP before 
2.4.7.55 has a Heap-based Bu
 CVE-2021-30185 (CERN Indico before 2.3.4 can use an attacker-supplied Host 
header in a ...)
NOT-FOR-US: CERN Indico
 CVE-2021-30184 (GNU Chess 6.2.7 allows attackers to execute arbitrary code via 
crafted ...)
+   {DLA-4014-1}
- gnuchess 6.2.9-0.1 (bug #986801)
[bookworm] - gnuchess 6.2.7-1+deb12u1
[buster] - gnuchess  (Minor issue)



View it on GitLab: 
https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/5c5ae66d51155da05376eb005a86d9c300eceb23

-- 
View it on GitLab: 
https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/5c5ae66d51155da05376eb005a86d9c300eceb23
You're receiving this email because of your account on salsa.debian.org.


___
debian-security-tracker-commits mailing list
debian-security-tracker-commits@alioth-lists.debian.net
https://alioth-lists.debian.net/cgi-bin/mailman/listinfo/debian-security-tracker-commits


[Git][security-tracker-team/security-tracker][master] automatic update

2025-01-12 Thread Salvatore Bonaccorso (@carnil)


Salvatore Bonaccorso pushed to branch master at Debian Security Tracker / 
security-tracker


Commits:
1f74604e by security tracker role at 2025-01-12T08:11:57+00:00
automatic update

- - - - -


1 changed file:

- data/CVE/list


Changes:

=
data/CVE/list
=
@@ -1,3 +1,5 @@
+CVE-2024-49785 (IBM watsonx.ai 1.1 through 2.0.3 and IBM watsonx.ai on Cloud 
Pak for D ...)
+   TODO: check
 CVE-2025-23128
REJECTED
 CVE-2025-23127
@@ -296232,8 +296234,8 @@ CVE-2021-29671 (IBM Spectrum Scale 5.1.0.1 could 
allow a local attacker to bypas
NOT-FOR-US: IBM
 CVE-2021-29670 (IBM Jazz Foundation and IBM Engineering products are 
vulnerable to cro ...)
NOT-FOR-US: IBM
-CVE-2021-29669
-   RESERVED
+CVE-2021-29669 (IBM Jazz Foundation 6.0.6, 6.0.6.1, 7.0, 7.0.1, and 7.0.2 is 
vulnerabl ...)
+   TODO: check
 CVE-2021-29668 (IBM Jazz Foundation and IBM Engineering products are 
vulnerable to cro ...)
NOT-FOR-US: IBM
 CVE-2021-29667 (IBM Spectrum Scale 5.0.0 through 5.0.5.6 and 5.1.0 through 
5.1.0.2 is  ...)



View it on GitLab: 
https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/1f74604e589bf9a96e4ec22b12ba87b84ec6f10d

-- 
View it on GitLab: 
https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/1f74604e589bf9a96e4ec22b12ba87b84ec6f10d
You're receiving this email because of your account on salsa.debian.org.


___
debian-security-tracker-commits mailing list
debian-security-tracker-commits@alioth-lists.debian.net
https://alioth-lists.debian.net/cgi-bin/mailman/listinfo/debian-security-tracker-commits


[Git][security-tracker-team/security-tracker][master] automatic update

2025-01-11 Thread Salvatore Bonaccorso (@carnil)


Salvatore Bonaccorso pushed to branch master at Debian Security Tracker / 
security-tracker


Commits:
fd1e4336 by security tracker role at 2025-01-11T20:12:30+00:00
automatic update

- - - - -


1 changed file:

- data/CVE/list


Changes:

=
data/CVE/list
=
@@ -1,293 +1,307 @@
-CVE-2024-57881 [mm/page_alloc: don't call pfn_to_page() on possibly 
non-existent PFN in split_large_buddy()]
+CVE-2025-23128
+   REJECTED
+CVE-2025-23127
+   REJECTED
+CVE-2025-23126
+   REJECTED
+CVE-2025-23125
+   REJECTED
+CVE-2025-23124
+   REJECTED
+CVE-2025-0392 (A vulnerability, which was classified as critical, was found in 
Guangz ...)
+   TODO: check
+CVE-2025-0391 (A vulnerability, which was classified as critical, has been 
found in G ...)
+   TODO: check
+CVE-2024-57881 (In the Linux kernel, the following vulnerability has been 
resolved:  m ...)
- linux 6.12.8-1
[bookworm] - linux  (Vulnerable code not present)
[bullseye] - linux  (Vulnerable code not present)
NOTE: 
https://git.kernel.org/linus/faeec8e23c10bd30e8aa759a2eb3018dae00f924 (6.13-rc4)
-CVE-2024-57880 [ASoC: Intel: sof_sdw: Add space for a terminator into DAIs 
array]
+CVE-2024-57880 (In the Linux kernel, the following vulnerability has been 
resolved:  A ...)
- linux 6.12.6-1
[bookworm] - linux  (Vulnerable code not present)
[bullseye] - linux  (Vulnerable code not present)
NOTE: 
https://git.kernel.org/linus/255cc582e6e16191a20d54bcdbca6c91d3e90c5e (6.13-rc3)
-CVE-2024-57879 [Bluetooth: iso: Always release hdev at the end of 
iso_listen_bis]
+CVE-2024-57879 (In the Linux kernel, the following vulnerability has been 
resolved:  B ...)
- linux 6.12.6-1
[bookworm] - linux  (Vulnerable code not present)
[bullseye] - linux  (Vulnerable code not present)
NOTE: 
https://git.kernel.org/linus/9c76fff747a73ba01d1d87ed53dd9c00cb40ba05 (6.13-rc3)
-CVE-2024-57878 [arm64: ptrace: fix partial SETREGSET for NT_ARM_FPMR]
+CVE-2024-57878 (In the Linux kernel, the following vulnerability has been 
resolved:  a ...)
- linux 6.12.5-1
[bookworm] - linux  (Vulnerable code not present)
[bullseye] - linux  (Vulnerable code not present)
NOTE: 
https://git.kernel.org/linus/f5d71291841aecfe5d8435da2dfa7f58ccd18bc8 (6.13-rc2)
-CVE-2024-57877 [arm64: ptrace: fix partial SETREGSET for NT_ARM_POE]
+CVE-2024-57877 (In the Linux kernel, the following vulnerability has been 
resolved:  a ...)
- linux 6.12.5-1
[bookworm] - linux  (Vulnerable code not present)
[bullseye] - linux  (Vulnerable code not present)
NOTE: 
https://git.kernel.org/linus/594bfc4947c4fcabba1318d8384c61a29a6b89fb (6.13-rc2)
-CVE-2024-57876 [drm/dp_mst: Fix resetting msg rx state after topology removal]
+CVE-2024-57876 (In the Linux kernel, the following vulnerability has been 
resolved:  d ...)
- linux 6.12.5-1
[bookworm] - linux 6.1.123-1
NOTE: 
https://git.kernel.org/linus/a6fa67d26de385c3c7a23c1e109a0e23bfda4ec7 (6.13-rc2)
-CVE-2024-57875 [block: RCU protect disk->conv_zones_bitmap]
+CVE-2024-57875 (In the Linux kernel, the following vulnerability has been 
resolved:  b ...)
- linux 6.12.5-1
NOTE: 
https://git.kernel.org/linus/d7cb6d7414ea1b33536fa6d11805cb8dceec1f97 (6.13-rc1)
-CVE-2024-57874 [arm64: ptrace: fix partial SETREGSET for 
NT_ARM_TAGGED_ADDR_CTRL]
+CVE-2024-57874 (In the Linux kernel, the following vulnerability has been 
resolved:  a ...)
- linux 6.12.5-1
[bookworm] - linux 6.1.123-1
NOTE: 
https://git.kernel.org/linus/ca62d90085f4af36de745883faab9f8a7cbb45d3 (6.13-rc2)
-CVE-2024-57872 [scsi: ufs: pltfrm: Dellocate HBA during ufshcd_pltfrm_remove()]
+CVE-2024-57872 (In the Linux kernel, the following vulnerability has been 
resolved:  s ...)
- linux 6.12.5-1
NOTE: 
https://git.kernel.org/linus/897df60c16d54ad515a3d0887edab5c63da06d1f (6.13-rc2)
-CVE-2024-57850 [jffs2: Prevent rtime decompress memory corruption]
+CVE-2024-57850 (In the Linux kernel, the following vulnerability has been 
resolved:  j ...)
- linux 6.12.5-1
[bookworm] - linux 6.1.123-1
NOTE: 
https://git.kernel.org/linus/fe051552f5078fa02d593847529a3884305a6ffe (6.13-rc1)
-CVE-2024-57849 [s390/cpum_sf: Handle CPU hotplug remove during sampling]
+CVE-2024-57849 (In the Linux kernel, the following vulnerability has been 
resolved:  s ...)
- linux 6.12.5-1
[bookworm] - linux 6.1.123-1
NOTE: 
https://git.kernel.org/linus/a0bd7dacbd51c632b8e2c0500b479af564afadf3 (6.13-rc1)
-CVE-2024-57843 [virtio-net: fix overflow inside virtnet_rq_alloc]
+CVE-2024-57843 (In the Linux kernel, the following vulnerability has been 
resolved:  v ...)
- linux 6.12.5-1
NOTE: 
https://git.kernel.org/linus/6aacd1484468361d1d04badfe75f264fa5314864 (6.13-rc1)
-CVE-2024-57

[Git][security-tracker-team/security-tracker][master] automatic update

2025-01-11 Thread Salvatore Bonaccorso (@carnil)


Salvatore Bonaccorso pushed to branch master at Debian Security Tracker / 
security-tracker


Commits:
f17bfe2b by security tracker role at 2025-01-11T08:11:57+00:00
automatic update

- - - - -


1 changed file:

- data/CVE/list


Changes:

=
data/CVE/list
=
@@ -1,3 +1,211 @@
+CVE-2025-23113 (An issue was discovered in REDCap 14.9.6. It has an 
action=myprojects& ...)
+   TODO: check
+CVE-2025-23112 (An issue was discovered in REDCap 14.9.6. A stored cross-site 
scriptin ...)
+   TODO: check
+CVE-2025-23111 (An issue was discovered in REDCap 14.9.6. It allows HTML 
Injection via ...)
+   TODO: check
+CVE-2025-23110 (An issue was discovered in REDCap 14.9.6. A Reflected 
cross-site scrip ...)
+   TODO: check
+CVE-2025-23109 (Long hostnames in URLs could be leveraged to obscure the 
actual host o ...)
+   TODO: check
+CVE-2025-23108 (Opening Javascript links in a new tab via long-press in the 
Firefox iO ...)
+   TODO: check
+CVE-2025-23079 (Improper Neutralization of Input During Web Page Generation 
(XSS or 'C ...)
+   TODO: check
+CVE-2025-23078 (Improper Neutralization of Input During Web Page Generation 
(XSS or 'C ...)
+   TODO: check
+CVE-2025-23022 (FreeType 2.8.1 has a signed integer overflow in cf2_doFlex in 
cff/cf2i ...)
+   TODO: check
+CVE-2025-23016 (FastCGI fcgi2 (aka fcgi) 2.x through 2.4.4 has an integer 
overflow (an ...)
+   TODO: check
+CVE-2025-22949 (Tenda ac9 v1.0 firmware v15.03.05.19 is vulnerable to command 
injectio ...)
+   TODO: check
+CVE-2025-22946 (Tenda ac9 v1.0 firmware v15.03.05.19 contains a stack overflow 
vulnera ...)
+   TODO: check
+CVE-2025-22600 (WeGIA is a web manager for charitable institutions. A 
Reflected Cross- ...)
+   TODO: check
+CVE-2025-22599 (WeGIA is a web manager for charitable institutions. A 
Reflected Cross- ...)
+   TODO: check
+CVE-2025-22598 (WeGIA is a web manager for charitable institutions. A Stored 
Cross-Sit ...)
+   TODO: check
+CVE-2025-22597 (WeGIA is a web manager for charitable institutions. A Stored 
Cross-Sit ...)
+   TODO: check
+CVE-2025-22596 (WeGIA is a web manager for charitable institutions. A 
Reflected Cross- ...)
+   TODO: check
+CVE-2025-22152 (Atheos is a self-hosted browser-based cloud IDE. Prior to 
v600, the $p ...)
+   TODO: check
+CVE-2025-0390 (A vulnerability classified as critical was found in Guangzhou 
Huayi In ...)
+   TODO: check
+CVE-2025-0107 (An OS command injection vulnerability in Palo Alto Networks 
Expedition ...)
+   TODO: check
+CVE-2025-0106 (A wildcard expansion vulnerability in Palo Alto Networks 
Expedition al ...)
+   TODO: check
+CVE-2025-0105 (An arbitrary file deletion vulnerability in Palo Alto Networks 
Expedit ...)
+   TODO: check
+CVE-2025-0104 (A reflected cross-site scripting (XSS) vulnerability in Palo 
Alto Netw ...)
+   TODO: check
+CVE-2025-0103 (An SQL injection vulnerability in Palo Alto Networks Expedition 
enable ...)
+   TODO: check
+CVE-2024-9188 (Specially constructed queries cause cross platform scripting 
leaking a ...)
+   TODO: check
+CVE-2024-9134 (Multiple SQL Injection vulnerabilities exist in the reporting 
applicat ...)
+   TODO: check
+CVE-2024-9133 (A user with administrator privileges is able to retrieve 
authenticatio ...)
+   TODO: check
+CVE-2024-9132 (The administrator is able to configure an insecure captive 
portal scri ...)
+   TODO: check
+CVE-2024-9131 (A user with administrator privileges can perform command 
injection)
+   TODO: check
+CVE-2024-7142 (On Arista CloudVision Appliance (CVA) affected releases running 
on app ...)
+   TODO: check
+CVE-2024-7095 (On affected platforms running Arista EOS with SNMP configured, 
if \u20 ...)
+   TODO: check
+CVE-2024-6880 (During MegaBIP installation process, a user is encouraged to 
change a  ...)
+   TODO: check
+CVE-2024-6662 (Websites managed by MegaBIP in versions below 5.15 are 
vulnerable to C ...)
+   TODO: check
+CVE-2024-6437 (On affected platforms running Arista EOS with one of the 
following fea ...)
+   TODO: check
+CVE-2024-5872 (On affected platforms running Arista EOS, a specially crafted 
packet w ...)
+   TODO: check
+CVE-2024-57823 (In Raptor RDF Syntax Library through 2.0.16, there is an 
integer under ...)
+   TODO: check
+CVE-2024-57822 (In Raptor RDF Syntax Library through 2.0.16, there is a 
heap-based buf ...)
+   TODO: check
+CVE-2024-57687 (An OS Command Injection vulnerability was found in 
/landrecordsys/admi ...)
+   TODO: check
+CVE-2024-57686 (A Cross Site Scripting (XSS) vulnerability was found in 
/landrecordsys ...)
+   TODO: check
+CVE-2024-57228 (Linksys E7350 1.1.00.032 was discovered to contain a command 
injection ...)
+   TODO: check
+CVE-2024-57227 (Linksys E7350 1.1.00.032 was discovered to contain a command 
injection ...)
+   TODO: check

[Git][security-tracker-team/security-tracker][master] automatic update

2025-01-10 Thread Salvatore Bonaccorso (@carnil)


Salvatore Bonaccorso pushed to branch master at Debian Security Tracker / 
security-tracker


Commits:
ec6a5506 by security tracker role at 2025-01-10T08:11:47+00:00
automatic update

- - - - -


1 changed file:

- data/CVE/list


Changes:

=
data/CVE/list
=
@@ -1,3 +1,85 @@
+CVE-2025-21385 (A Server-Side Request Forgery (SSRF) vulnerability in 
Microsoft Purvie ...)
+   TODO: check
+CVE-2025-21380 (Improper access control in Azure SaaS Resources allows an 
authorized a ...)
+   TODO: check
+CVE-2025-0311 (The Orbit Fox by ThemeIsle plugin for WordPress is vulnerable 
to Store ...)
+   TODO: check
+CVE-2024-56377 (A stored cross-site scripting (XSS) vulnerability in survey 
titles of  ...)
+   TODO: check
+CVE-2024-56376 (A stored cross-site scripting (XSS) vulnerability in the 
built-in mess ...)
+   TODO: check
+CVE-2024-55226 (Vaultwarden v1.32.5 was discovered to contain an authenticated 
reflect ...)
+   TODO: check
+CVE-2024-55225 (An issue in the component src/api/identity.rs of Vaultwarden 
prior to  ...)
+   TODO: check
+CVE-2024-55224 (An HTML injection vulnerability in Vaultwarden prior to 
v1.32.5 allows ...)
+   TODO: check
+CVE-2024-51229 (Cross Site Scripting vulnerability in LinZhaoguan pb-cms v.2.0 
allows  ...)
+   TODO: check
+CVE-2024-48806 (Buffer Overflow vulnerability in Neat Board NFC 
v.1.20240620.0015 allo ...)
+   TODO: check
+CVE-2024-46464 (In PRIMX ZED Enterprise up to 2024.3, technical files stored 
in local  ...)
+   TODO: check
+CVE-2024-42898 (A cross-site scripting (XSS) vulnerability in Nagios XI 
2024R1.1.4 all ...)
+   TODO: check
+CVE-2024-13312 (Missing Authorization vulnerability in Drupal Open Social 
allows Force ...)
+   TODO: check
+CVE-2024-13311 (Vulnerability in Drupal Allow All File Extensions for file 
fields.This ...)
+   TODO: check
+CVE-2024-13310 (Vulnerability in Drupal Git Utilities for Drupal.This issue 
affects Gi ...)
+   TODO: check
+CVE-2024-13309 (Improper Authentication vulnerability in Drupal Login Disable 
allows E ...)
+   TODO: check
+CVE-2024-13308 (Improper Neutralization of Input During Web Page Generation 
('Cross-si ...)
+   TODO: check
+CVE-2024-13305 (Improper Neutralization of Input During Web Page Generation 
('Cross-si ...)
+   TODO: check
+CVE-2024-13304 (Cross-Site Request Forgery (CSRF) vulnerability in Drupal 
Minify JS al ...)
+   TODO: check
+CVE-2024-13303 (Missing Authorization vulnerability in Drupal Download All 
Files allow ...)
+   TODO: check
+CVE-2024-13302 (Incorrect Authorization vulnerability in Drupal Pages 
Restriction Acce ...)
+   TODO: check
+CVE-2024-13301 (Improper Neutralization of Input During Web Page Generation 
('Cross-si ...)
+   TODO: check
+CVE-2024-13300 (Vulnerability in Drupal Print Anything.This issue affects 
Print Anythi ...)
+   TODO: check
+CVE-2024-13299 (Vulnerability in Drupal Megamenu Framework.This issue affects 
Megamenu ...)
+   TODO: check
+CVE-2024-13298 (Improper Neutralization of Input During Web Page Generation 
('Cross-si ...)
+   TODO: check
+CVE-2024-13297 (Deserialization of Untrusted Data vulnerability in Drupal 
Eloqua allow ...)
+   TODO: check
+CVE-2024-13296 (Deserialization of Untrusted Data vulnerability in Drupal 
Mailjet allo ...)
+   TODO: check
+CVE-2024-13295 (Deserialization of Untrusted Data vulnerability in Drupal Node 
export  ...)
+   TODO: check
+CVE-2024-13294 (Improper Neutralization of Input During Web Page Generation 
('Cross-si ...)
+   TODO: check
+CVE-2024-13293 (Cross-Site Request Forgery (CSRF) vulnerability in Drupal POST 
File al ...)
+   TODO: check
+CVE-2024-13292 (Improper Neutralization of Input During Web Page Generation 
('Cross-si ...)
+   TODO: check
+CVE-2024-13291 (Incorrect Authorization vulnerability in Drupal Basic HTTP 
Authenticat ...)
+   TODO: check
+CVE-2024-13290 (Incorrect Authorization vulnerability in Drupal OhDear 
Integration all ...)
+   TODO: check
+CVE-2024-13289 (Improper Neutralization of Input During Web Page Generation 
('Cross-si ...)
+   TODO: check
+CVE-2024-13288 (Deserialization of Untrusted Data vulnerability in Drupal 
Monster Menu ...)
+   TODO: check
+CVE-2024-13287 (Improper Neutralization of Input During Web Page Generation 
('Cross-si ...)
+   TODO: check
+CVE-2024-13286 (Improper Neutralization of Input During Web Page Generation 
('Cross-si ...)
+   TODO: check
+CVE-2024-13285 (Vulnerability in Drupal wkhtmltopdf.This issue affects 
wkhtmltopdf: *. ...)
+   TODO: check
+CVE-2024-13183 (The Orbit Fox by ThemeIsle plugin for WordPress is vulnerable 
to Store ...)
+   TODO: check
+CVE-2024-12606 (The AI Scribe \u2013 SEO AI Writer, Content Generator, 
Humanizer, Blog ...)
+   TODO: check
+CVE-2024-12473 (The AI Scribe \u2013 SEO AI Writer, Content Generator, 
Humanizer, Blog .

[Git][security-tracker-team/security-tracker][master] automatic update

2025-01-09 Thread Salvatore Bonaccorso (@carnil)


Salvatore Bonaccorso pushed to branch master at Debian Security Tracker / 
security-tracker


Commits:
111339b5 by security tracker role at 2025-01-09T20:12:03+00:00
automatic update

- - - - -


1 changed file:

- data/CVE/list


Changes:

=
data/CVE/list
=
@@ -1,3 +1,305 @@
+CVE-2025-22827 (Improper Neutralization of Input During Web Page Generation 
('Cross-si ...)
+   TODO: check
+CVE-2025-22826 (Improper Neutralization of Input During Web Page Generation 
('Cross-si ...)
+   TODO: check
+CVE-2025-22824 (Improper Neutralization of Input During Web Page Generation 
('Cross-si ...)
+   TODO: check
+CVE-2025-22823 (Improper Neutralization of Input During Web Page Generation 
('Cross-si ...)
+   TODO: check
+CVE-2025-22822 (Improper Neutralization of Input During Web Page Generation 
('Cross-si ...)
+   TODO: check
+CVE-2025-22821 (Improper Neutralization of Input During Web Page Generation 
('Cross-si ...)
+   TODO: check
+CVE-2025-22820 (Improper Neutralization of Input During Web Page Generation 
('Cross-si ...)
+   TODO: check
+CVE-2025-22819 (Improper Neutralization of Input During Web Page Generation 
('Cross-si ...)
+   TODO: check
+CVE-2025-22818 (Improper Neutralization of Input During Web Page Generation 
('Cross-si ...)
+   TODO: check
+CVE-2025-22817 (Improper Neutralization of Input During Web Page Generation 
('Cross-si ...)
+   TODO: check
+CVE-2025-22815 (Improper Neutralization of Input During Web Page Generation 
('Cross-si ...)
+   TODO: check
+CVE-2025-22814 (Cross-Site Request Forgery (CSRF) vulnerability in Dylan James 
Zephyr  ...)
+   TODO: check
+CVE-2025-22813 (Improper Neutralization of Input During Web Page Generation 
('Cross-si ...)
+   TODO: check
+CVE-2025-22812 (Improper Neutralization of Input During Web Page Generation 
('Cross-si ...)
+   TODO: check
+CVE-2025-22811 (Improper Neutralization of Input During Web Page Generation 
('Cross-si ...)
+   TODO: check
+CVE-2025-22810 (Improper Neutralization of Input During Web Page Generation 
('Cross-si ...)
+   TODO: check
+CVE-2025-22809 (Improper Neutralization of Input During Web Page Generation 
('Cross-si ...)
+   TODO: check
+CVE-2025-22808 (Improper Neutralization of Input During Web Page Generation 
('Cross-si ...)
+   TODO: check
+CVE-2025-22807 (Improper Neutralization of Input During Web Page Generation 
('Cross-si ...)
+   TODO: check
+CVE-2025-22806 (Improper Neutralization of Input During Web Page Generation 
('Cross-si ...)
+   TODO: check
+CVE-2025-22805 (Improper Neutralization of Input During Web Page Generation 
('Cross-si ...)
+   TODO: check
+CVE-2025-22804 (Improper Neutralization of Input During Web Page Generation 
('Cross-si ...)
+   TODO: check
+CVE-2025-22803 (Improper Neutralization of Input During Web Page Generation 
('Cross-si ...)
+   TODO: check
+CVE-2025-22802 (Improper Neutralization of Input During Web Page Generation 
('Cross-si ...)
+   TODO: check
+CVE-2025-22801 (Improper Neutralization of Input During Web Page Generation 
('Cross-si ...)
+   TODO: check
+CVE-2025-22595 (Improper Neutralization of Input During Web Page Generation 
('Cross-si ...)
+   TODO: check
+CVE-2025-22594 (Improper Neutralization of Input During Web Page Generation 
('Cross-si ...)
+   TODO: check
+CVE-2025-22561 (Missing Authorization vulnerability in Jason Funk Title 
Experiments Fr ...)
+   TODO: check
+CVE-2025-22542 (Improper Neutralization of Special Elements used in an SQL 
Command ('S ...)
+   TODO: check
+CVE-2025-22540 (Improper Neutralization of Special Elements used in an SQL 
Command ('S ...)
+   TODO: check
+CVE-2025-22539 (Improper Neutralization of Input During Web Page Generation 
('Cross-si ...)
+   TODO: check
+CVE-2025-22537 (Improper Neutralization of Special Elements used in an SQL 
Command ('S ...)
+   TODO: check
+CVE-2025-22535 (Improper Neutralization of Special Elements used in an SQL 
Command ('S ...)
+   TODO: check
+CVE-2025-22527 (Improper Neutralization of Special Elements used in an SQL 
Command ('S ...)
+   TODO: check
+CVE-2025-22521 (Improper Neutralization of Input During Web Page Generation 
('Cross-si ...)
+   TODO: check
+CVE-2025-22510 (Deserialization of Untrusted Data vulnerability in Konrad 
Karpieszuk W ...)
+   TODO: check
+CVE-2025-22508 (Improper Control of Filename for Include/Require Statement in 
PHP Prog ...)
+   TODO: check
+CVE-2025-22505 (Improper Neutralization of Special Elements used in an SQL 
Command ('S ...)
+   TODO: check
+CVE-2025-22504 (Unrestricted Upload of File with Dangerous Type vulnerability 
in jumpd ...)
+   TODO: check
+CVE-2025-22361 (Improper Neutralization of Input During Web Page Generation 
('Cross-si ...)
+   TODO: check
+CVE-2025-22345 (Improper Neutralization of Input During Web Page Generation 
('Cross-si

[Git][security-tracker-team/security-tracker][master] automatic update

2025-01-09 Thread Salvatore Bonaccorso (@carnil)


Salvatore Bonaccorso pushed to branch master at Debian Security Tracker / 
security-tracker


Commits:
f9d8a2fe by security tracker role at 2025-01-09T08:12:20+00:00
automatic update

- - - - -


1 changed file:

- data/CVE/list


Changes:

=
data/CVE/list
=
@@ -1,3 +1,157 @@
+CVE-2025-22449 (Mattermost versions 9.11.x <= 9.11.5 fail to enforce invite 
permission ...)
+   TODO: check
+CVE-2025-22445 (Mattermost versions 10.x <= 10.2 fail to accurately reflect 
missing se ...)
+   TODO: check
+CVE-2025-22145 (Carbon is an international PHP extension for DateTime. 
Application pas ...)
+   TODO: check
+CVE-2025-20033 (Mattermost versions 10.2.0, 9.11.x <= 9.11.5, 10.0.x <= 
10.0.3, 10.1.x ...)
+   TODO: check
+CVE-2025-0344 (A vulnerability has been found in leiyuxi cy-fast 1.0 and 
classified a ...)
+   TODO: check
+CVE-2025-0342 (A vulnerability, which was classified as problematic, was found 
in Cam ...)
+   TODO: check
+CVE-2025-0341 (A vulnerability, which was classified as critical, has been 
found in C ...)
+   TODO: check
+CVE-2025-0340 (A vulnerability classified as critical was found in 
code-projects Cine ...)
+   TODO: check
+CVE-2025-0339 (A vulnerability classified as problematic has been found in 
code-proje ...)
+   TODO: check
+CVE-2025-0336 (A vulnerability was found in Codezips Project Management System 
1.0. I ...)
+   TODO: check
+CVE-2025-0335 (A vulnerability was found in code-projects Online Bike Rental 
System 1 ...)
+   TODO: check
+CVE-2025-0334 (A vulnerability has been found in leiyuxi cy-fast 1.0 and 
classified a ...)
+   TODO: check
+CVE-2025-0333 (A vulnerability, which was classified as critical, was found in 
leiyux ...)
+   TODO: check
+CVE-2025-0331 (A vulnerability, which was classified as critical, has been 
found in Y ...)
+   TODO: check
+CVE-2025-0328 (A vulnerability, which was classified as critical, has been 
found in K ...)
+   TODO: check
+CVE-2025-0306 (A vulnerability was found in Ruby. The Ruby interpreter is 
vulnerable  ...)
+   TODO: check
+CVE-2025-0283 (A stack-based buffer overflow in Ivanti Connect Secure before 
version  ...)
+   TODO: check
+CVE-2025-0282 (A stack-based buffer overflow in Ivanti Connect Secure before 
version  ...)
+   TODO: check
+CVE-2024-6324 (An issue was discovered in GitLab CE/EE affecting all versions 
startin ...)
+   TODO: check
+CVE-2024-5610
+   REJECTED
+CVE-2024-54010 (A vulnerability in the firewall component of HPE Aruba 
Networking CX 1 ...)
+   TODO: check
+CVE-2024-53995 (SickChill is an automatic video library manager for TV shows. 
A user-c ...)
+   TODO: check
+CVE-2024-53706 (A vulnerability in the Gen7 SonicOS Cloud platform NSv, allows 
a remot ...)
+   TODO: check
+CVE-2024-53705 (A Server-Side Request Forgery vulnerability in the SonicOS SSH 
managem ...)
+   TODO: check
+CVE-2024-53704 (An Improper Authentication vulnerability in the SSLVPN 
authentication  ...)
+   TODO: check
+CVE-2024-52869 (Certain Teradata account-handling code through 2024-11-04, 
used with S ...)
+   TODO: check
+CVE-2024-43663 (There are many buffer overflow vulnerabilities present in 
several CGI  ...)
+   TODO: check
+CVE-2024-43662 (The .exe or .exe CGI binary can be used to 
upload  ...)
+   TODO: check
+CVE-2024-43661 (The .so library, which is used by , is 
vulnerable  ...)
+   TODO: check
+CVE-2024-43660 (The CGI script .sh can be used to download any file 
on the f ...)
+   TODO: check
+CVE-2024-43659 (After gaining access to the firmware of a charging station, a 
file at  ...)
+   TODO: check
+CVE-2024-43658 (Patch traversal, External Control of File Name or Path 
vulnerability i ...)
+   TODO: check
+CVE-2024-43657 (Improper Neutralization of Special Elements used in a Command 
('Comman ...)
+   TODO: check
+CVE-2024-43656 (Improper Neutralization of Special Elements used in a Command 
('Comman ...)
+   TODO: check
+CVE-2024-43655 (Improper Neutralization of Special Elements used in a Command 
('Comman ...)
+   TODO: check
+CVE-2024-43654 (Improper Neutralization of Special Elements used in a Command 
('Comman ...)
+   TODO: check
+CVE-2024-43653 (Improper Neutralization of Special Elements used in a Command 
('Comman ...)
+   TODO: check
+CVE-2024-43652 (Improper Neutralization of Special Elements used in a Command 
('Comman ...)
+   TODO: check
+CVE-2024-43651 (Improper Neutralization of Special Elements used in a Command 
('Comman ...)
+   TODO: check
+CVE-2024-43650 (Improper Neutralization of Special Elements used in a Command 
('Comman ...)
+   TODO: check
+CVE-2024-43649 (Authenticated command injection in the filename of a 
.exe re ...)
+   TODO: check
+CVE-2024-43648 (Command injection in the  parameter of a 
.exe requ ...)
+   TODO: check
+CVE-2024-40765 (An Integer-based buf

[Git][security-tracker-team/security-tracker][master] automatic update

2025-01-08 Thread Salvatore Bonaccorso (@carnil)


Salvatore Bonaccorso pushed to branch master at Debian Security Tracker / 
security-tracker


Commits:
9cabda19 by security tracker role at 2025-01-08T20:12:27+00:00
automatic update

- - - - -


1 changed file:

- data/CVE/list


Changes:

=
data/CVE/list
=
@@ -1,77 +1,169 @@
-CVE-2024-56787 [soc: imx8m: Probe the SoC driver as platform driver]
+CVE-2025-22143 (WeGIA is a web manager for charitable institutions. A 
Reflected Cross- ...)
+   TODO: check
+CVE-2025-22141 (WeGIA is a web manager for charitable institutions. A SQL 
Injection vu ...)
+   TODO: check
+CVE-2025-22140 (WeGIA is a web manager for charitable institutions. A SQL 
Injection vu ...)
+   TODO: check
+CVE-2025-22139 (WeGIA is a web manager for charitable institutions. A 
Reflected Cross- ...)
+   TODO: check
+CVE-2025-22137 (Pingvin Share is a self-hosted file sharing platform and an 
alternativ ...)
+   TODO: check
+CVE-2025-22136 (Tabby (formerly Terminus) is a highly configurable terminal 
emulator.  ...)
+   TODO: check
+CVE-2025-22130 (Soft Serve is a self-hostable Git server for the command line. 
Prior t ...)
+   TODO: check
+CVE-2025-2 (Dell VxRail, versions 8.0.000 through 8.0.311, contain(s) a 
Plaintext  ...)
+   TODO: check
+CVE-2025-21102 (Dell VxRail, versions 7.0.000 through 7.0.532, contain(s) a 
Plaintext  ...)
+   TODO: check
+CVE-2025-20168 (A vulnerability in the web-based management interface of Cisco 
Common  ...)
+   TODO: check
+CVE-2025-20167 (A vulnerability in the web-based management interface of Cisco 
Common  ...)
+   TODO: check
+CVE-2025-20166 (A vulnerability in the web-based management interface of Cisco 
Common  ...)
+   TODO: check
+CVE-2025-20126 (A vulnerability in certification validation routines of Cisco 
Thousand ...)
+   TODO: check
+CVE-2025-20123 (Multiple vulnerabilities in the web-based management interface 
of Cisc ...)
+   TODO: check
+CVE-2025-0194 (An issue was discovered in GitLab CE/EE affecting all versions 
startin ...)
+   TODO: check
+CVE-2024-9939 (The WordPress File Upload plugin for WordPress is vulnerable to 
Path T ...)
+   TODO: check
+CVE-2024-6350 (A malformed 802.15.4 packet causes a buffer overflow to occur 
leading  ...)
+   TODO: check
+CVE-2024-55656 (RedisBloom adds a set of probabilistic data structures to 
Redis. There ...)
+   TODO: check
+CVE-2024-55517 (An issue was discovered in the Interllect Core Search in 
Polaris FT In ...)
+   TODO: check
+CVE-2024-55459 (An issue in keras 3.7.0 allows attackers to write arbitrary 
files to t ...)
+   TODO: check
+CVE-2024-54818 (SourceCodester Computer Laboratory Management System 1.0 is 
vulnerable ...)
+   TODO: check
+CVE-2024-53526 (composio >=0.5.40 is vulnerable to Command Execution in 
composio_opena ...)
+   TODO: check
+CVE-2024-51737 (RediSearch is a Redis module that provides querying, secondary 
indexin ...)
+   TODO: check
+CVE-2024-51480 (RedisTimeSeries is a time-series database (TSDB) module for 
Redis, by  ...)
+   TODO: check
+CVE-2024-51442 (Command Injection in Minidlna version v1.3.3 and before allows 
an atta ...)
+   TODO: check
+CVE-2024-45345
+   REJECTED
+CVE-2024-45344
+   REJECTED
+CVE-2024-45343
+   REJECTED
+CVE-2024-45342
+   REJECTED
+CVE-2024-45033 (Insufficient Session Expiration vulnerability in Apache 
Airflow Fab Pr ...)
+   TODO: check
+CVE-2024-13189 (A vulnerability classified as critical has been found in 
ZeroWdd myblo ...)
+   TODO: check
+CVE-2024-13188 (A vulnerability was found in MicroWorld eScan Antivirus 7.0.32 
on Linu ...)
+   TODO: check
+CVE-2024-13187 (A vulnerability was found in Kingsoft WPS Office 6.14.0 on 
macOS. It h ...)
+   TODO: check
+CVE-2024-13186 (The MinigameCenter  module has insufficient restrictions on 
loading UR ...)
+   TODO: check
+CVE-2024-13185 (The MinigameCenter  module has insufficient restrictions on 
loading UR ...)
+   TODO: check
+CVE-2024-12855 (The AdForest theme for WordPress is vulnerable to unauthorized 
modific ...)
+   TODO: check
+CVE-2024-12854 (The Garden Gnome Package plugin for WordPress is vulnerable to 
arbitra ...)
+   TODO: check
+CVE-2024-12853 (The Modula Image Gallery plugin for WordPress is vulnerable to 
arbitra ...)
+   TODO: check
+CVE-2024-12712 (The Shopping Cart & eCommerce Store plugin for WordPress is 
vulnerable ...)
+   TODO: check
+CVE-2024-12337 (The Shipping via Planzer for WooCommerce plugin for WordPress 
is vulne ...)
+   TODO: check
+CVE-2024-12328 (The MAS Elementor plugin for WordPress is vulnerable to Stored 
Cross-S ...)
+   TODO: check
+CVE-2024-11939 (The Cost Calculator Builder PRO plugin for WordPress is 
vulnerable to  ...)
+   TODO: check
+CVE-2024-11830 (The PDF Flipbook, 3D Flipbook\u2014DearFlip plugin for 
WordPress is vu ...)
+   TODO: check
+C

[Git][security-tracker-team/security-tracker][master] automatic update

2025-01-08 Thread Salvatore Bonaccorso (@carnil)


Salvatore Bonaccorso pushed to branch master at Debian Security Tracker / 
security-tracker


Commits:
330a8e36 by security tracker role at 2025-01-08T08:11:58+00:00
automatic update

- - - - -


1 changed file:

- data/CVE/list


Changes:

=
data/CVE/list
=
@@ -1,3 +1,125 @@
+CVE-2025-22215 (VMware Aria Automation contains a server-side request forgery 
(SSRF) v ...)
+   TODO: check
+CVE-2025-22133 (WeGIA is a web manager for charitable institutions. Prior to 
3.2.8, a  ...)
+   TODO: check
+CVE-2025-22132 (WeGIA is a web manager for charitable institutions. A 
Cross-Site Scrip ...)
+   TODO: check
+CVE-2025-21603 (Cross-site scripting vulnerability exists in MZK-DP300N 
firmware versi ...)
+   TODO: check
+CVE-2024-9673 (The Piotnet Addons For Elementor plugin for WordPress is 
vulnerable to ...)
+   TODO: check
+CVE-2024-8002 (A vulnerability has been found in VIWIS LMS 9.11 and classified 
as pro ...)
+   TODO: check
+CVE-2024-56456 (Vulnerability of input parameters not being verified during 
glTF model ...)
+   TODO: check
+CVE-2024-56455 (Vulnerability of input parameters not being verified during 
glTF model ...)
+   TODO: check
+CVE-2024-56454 (Vulnerability of input parameters not being verified during 
glTF model ...)
+   TODO: check
+CVE-2024-56453 (Vulnerability of input parameters not being verified during 
glTF model ...)
+   TODO: check
+CVE-2024-56452 (Vulnerability of input parameters not being verified during 
glTF model ...)
+   TODO: check
+CVE-2024-56451 (Integer overflow vulnerability during glTF model loading in 
the 3D eng ...)
+   TODO: check
+CVE-2024-56450 (Buffer overflow vulnerability in the component driver module 
Impact: S ...)
+   TODO: check
+CVE-2024-56449 (Privilege escalation vulnerability in the Account module 
Impact: Succe ...)
+   TODO: check
+CVE-2024-56448 (Vulnerability of improper access control in the home screen 
widget mod ...)
+   TODO: check
+CVE-2024-56447 (Vulnerability of improper permission control in the window 
management  ...)
+   TODO: check
+CVE-2024-56446 (Vulnerability of variables not being initialized in the 
notification m ...)
+   TODO: check
+CVE-2024-56445 (Instruction authentication bypass vulnerability in the 
Findnetwork mod ...)
+   TODO: check
+CVE-2024-56444 (Cross-process screen stack vulnerability in the UIExtension 
module Imp ...)
+   TODO: check
+CVE-2024-56443 (Cross-process screen stack vulnerability in the UIExtension 
module Imp ...)
+   TODO: check
+CVE-2024-56442 (Vulnerability of native APIs not being implemented in the NFC 
service  ...)
+   TODO: check
+CVE-2024-56441 (Race condition vulnerability in the Bastet module Impact: 
Successful e ...)
+   TODO: check
+CVE-2024-56440 (Permission control vulnerability in the Connectivity module 
Impact: Su ...)
+   TODO: check
+CVE-2024-56439 (Access control vulnerability in the identity authentication 
module Imp ...)
+   TODO: check
+CVE-2024-56438 (Vulnerability of improper memory address protection in the 
HUKS module ...)
+   TODO: check
+CVE-2024-56437 (Vulnerability of input parameters not being verified in the 
widget fra ...)
+   TODO: check
+CVE-2024-56436 (Cross-process screen stack vulnerability in the UIExtension 
module Imp ...)
+   TODO: check
+CVE-2024-56435 (Cross-process screen stack vulnerability in the UIExtension 
module Imp ...)
+   TODO: check
+CVE-2024-56434 (UAF vulnerability in the device node access module Impact: 
Successful  ...)
+   TODO: check
+CVE-2024-55356
+   REJECTED
+CVE-2024-55355
+   REJECTED
+CVE-2024-54731 (cpdf through 2.8 allows stack consumption via a crafted PDF 
document.)
+   TODO: check
+CVE-2024-54121 (Startup control vulnerability in the ability module Impact: 
Successful ...)
+   TODO: check
+CVE-2024-54120 (Race condition vulnerability in the distributed notification 
module Im ...)
+   TODO: check
+CVE-2024-50603 (An issue was discovered in Aviatrix Controller before 7.1.4191 
and 7.2 ...)
+   TODO: check
+CVE-2024-47934 (Improper Input Validation vulnerability in Management Program 
in TXOne ...)
+   TODO: check
+CVE-2024-47239 (Dell PowerScale OneFS versions 8.2.2.x through 9.9.0.0 contain 
an unco ...)
+   TODO: check
+CVE-2024-40679 (IBM Db2 for Linux, UNIX and Windows (includes Db2 Connect 
Server) 11.5 ...)
+   TODO: check
+CVE-2024-13173 (The health module has insufficient restrictions on loading 
URLs, which ...)
+   TODO: check
+CVE-2024-12852 (The Happy Addons for Elementor plugin for WordPress is 
vulnerable to S ...)
+   TODO: check
+CVE-2024-12851 (The Element Pack Elementor Addons (Header Footer, Template 
Library, Dy ...)
+   TODO: check
+CVE-2024-12713 (The SureForms \u2013 Drag and Drop Form Builder for WordPress 
plugin f ...)
+   TODO: check
+CVE-2024-12585 (The Property

[Git][security-tracker-team/security-tracker][master] automatic update

2025-01-07 Thread Salvatore Bonaccorso (@carnil)


Salvatore Bonaccorso pushed to branch master at Debian Security Tracker / 
security-tracker


Commits:
005f3b93 by security tracker role at 2025-01-07T20:12:10+00:00
automatic update

- - - - -


1 changed file:

- data/CVE/list


Changes:

=
data/CVE/list
=
@@ -1,48 +1,492 @@
-CVE-2025-0247
+CVE-2025-22621 (In versions 1.0.67 and lower of the Splunk App for SOAR, the 
Splunk do ...)
+   TODO: check
+CVE-2025-22593 (Improper Neutralization of Input During Web Page Generation 
('Cross-si ...)
+   TODO: check
+CVE-2025-22592 (Missing Authorization vulnerability in Lenderd 1003 Mortgage 
Applicati ...)
+   TODO: check
+CVE-2025-22591 (Missing Authorization vulnerability in Lenderd 1003 Mortgage 
Applicati ...)
+   TODO: check
+CVE-2025-22590 (Cross-Site Request Forgery (CSRF) vulnerability in mmrs151 
Prayer Time ...)
+   TODO: check
+CVE-2025-22589 (Cross-Site Request Forgery (CSRF) vulnerability in bozdoz 
Quote Tweet  ...)
+   TODO: check
+CVE-2025-22585 (Improper Neutralization of Input During Web Page Generation 
('Cross-si ...)
+   TODO: check
+CVE-2025-22584 (Improper Neutralization of Input During Web Page Generation 
('Cross-si ...)
+   TODO: check
+CVE-2025-22582 (Cross-Site Request Forgery (CSRF) vulnerability in Scott 
Nell\xe9 Upti ...)
+   TODO: check
+CVE-2025-22581 (Improper Neutralization of Input During Web Page Generation 
('Cross-si ...)
+   TODO: check
+CVE-2025-22580 (Improper Neutralization of Input During Web Page Generation 
('Cross-si ...)
+   TODO: check
+CVE-2025-22579 (Improper Neutralization of Input During Web Page Generation 
('Cross-si ...)
+   TODO: check
+CVE-2025-22578 (Improper Neutralization of Input During Web Page Generation 
('Cross-si ...)
+   TODO: check
+CVE-2025-22577 (Improper Neutralization of Input During Web Page Generation 
('Cross-si ...)
+   TODO: check
+CVE-2025-22574 (Improper Neutralization of Input During Web Page Generation 
('Cross-si ...)
+   TODO: check
+CVE-2025-22573 (Improper Neutralization of Input During Web Page Generation 
('Cross-si ...)
+   TODO: check
+CVE-2025-22572 (Improper Neutralization of Input During Web Page Generation 
('Cross-si ...)
+   TODO: check
+CVE-2025-22571 (Cross-Site Request Forgery (CSRF) vulnerability in Instabot 
Instabot a ...)
+   TODO: check
+CVE-2025-22563 (Cross-Site Request Forgery (CSRF) vulnerability in Faaiq 
Pretty Url al ...)
+   TODO: check
+CVE-2025-22562 (Cross-Site Request Forgery (CSRF) vulnerability in Jason Funk 
Title Ex ...)
+   TODO: check
+CVE-2025-22560 (Missing Authorization vulnerability in Saoshyant.1994 
Saoshyant Page B ...)
+   TODO: check
+CVE-2025-22559 (Cross-Site Request Forgery (CSRF) vulnerability in Mario 
Mansour and G ...)
+   TODO: check
+CVE-2025-22558 (Improper Neutralization of Input During Web Page Generation 
('Cross-si ...)
+   TODO: check
+CVE-2025-22557 (Cross-Site Request Forgery (CSRF) vulnerability in WPMagic 
News Publis ...)
+   TODO: check
+CVE-2025-22556 (Cross-Site Request Forgery (CSRF) vulnerability in Greg 
Whitehead Nors ...)
+   TODO: check
+CVE-2025-22555 (Cross-Site Request Forgery (CSRF) vulnerability in Noel 
Jarencio. Smoo ...)
+   TODO: check
+CVE-2025-22554 (Improper Neutralization of Input During Web Page Generation 
('Cross-si ...)
+   TODO: check
+CVE-2025-22552 (Cross-Site Request Forgery (CSRF) vulnerability in Jason 
Keeley, Bryan ...)
+   TODO: check
+CVE-2025-22551 (Improper Neutralization of Input During Web Page Generation 
('Cross-si ...)
+   TODO: check
+CVE-2025-22550 (Improper Neutralization of Input During Web Page Generation 
('Cross-si ...)
+   TODO: check
+CVE-2025-22549 (Improper Neutralization of Input During Web Page Generation 
('Cross-si ...)
+   TODO: check
+CVE-2025-22548 (Improper Neutralization of Input During Web Page Generation 
('Cross-si ...)
+   TODO: check
+CVE-2025-22547 (Improper Neutralization of Input During Web Page Generation 
('Cross-si ...)
+   TODO: check
+CVE-2025-22546 (Improper Neutralization of Input During Web Page Generation 
('Cross-si ...)
+   TODO: check
+CVE-2025-22545 (Improper Neutralization of Input During Web Page Generation 
('Cross-si ...)
+   TODO: check
+CVE-2025-22544 (Improper Neutralization of Input During Web Page Generation 
('Cross-si ...)
+   TODO: check
+CVE-2025-22543 (Missing Authorization vulnerability in Beautiful Templates ST 
Gallery  ...)
+   TODO: check
+CVE-2025-22541 (Missing Authorization vulnerability in Etruel Developments LLC 
WP Dele ...)
+   TODO: check
+CVE-2025-22538 (Cross-Site Request Forgery (CSRF) vulnerability in Ofek Nakar 
Virtual  ...)
+   TODO: check
+CVE-2025-22536 (Improper Neutralization of Special Elements used in an SQL 
Command ('S ...)
+   TODO: check
+CVE-2025-22534 (Missing Authorization vulnerability in Ella van Durpe S

[Git][security-tracker-team/security-tracker][master] automatic update

2025-01-07 Thread Salvatore Bonaccorso (@carnil)


Salvatore Bonaccorso pushed to branch master at Debian Security Tracker / 
security-tracker


Commits:
4f23a566 by security tracker role at 2025-01-07T08:12:23+00:00
automatic update

- - - - -


1 changed file:

- data/CVE/list


Changes:

=
data/CVE/list
=
@@ -1,3 +1,265 @@
+CVE-2025-22395 (Dell Update Package Framework, versions prior to 22.01.02, 
contain(s)  ...)
+   TODO: check
+CVE-2025-21620 (Deno is a JavaScript, TypeScript, and WebAssembly runtime with 
secure  ...)
+   TODO: check
+CVE-2025-21616 (Plane is an open-source project management tool. A cross-site 
scriptin ...)
+   TODO: check
+CVE-2024-9702 (The Social Rocket \u2013 Social Sharing Plugin plugin for 
WordPress is ...)
+   TODO: check
+CVE-2024-9697 (The Social Rocket \u2013 Social Sharing Plugin plugin for 
WordPress is ...)
+   TODO: check
+CVE-2024-9638 (The Category Posts Widget WordPress plugin before 4.9.18 does 
not sani ...)
+   TODO: check
+CVE-2024-9502 (The Master Addons \u2013 Elementor Addons with White Label, 
Free Widge ...)
+   TODO: check
+CVE-2024-9354 (The Estatik Mortgage Calculator plugin for WordPress is 
vulnerable to  ...)
+   TODO: check
+CVE-2024-9208 (The Enable Accessibility plugin for WordPress is vulnerable to 
Reflect ...)
+   TODO: check
+CVE-2024-8857 (The WordPress Auction Plugin WordPress plugin through 3.7 does 
not san ...)
+   TODO: check
+CVE-2024-8855 (The WordPress Auction Plugin WordPress plugin through 3.7 does 
not san ...)
+   TODO: check
+CVE-2024-7696 (Seth Fogie, member of AXIS Camera Station Pro Bug Bounty 
Program, has  ...)
+   TODO: check
+CVE-2024-3 (In FRRouting (FRR) before 10.3, it is possible for an attacker 
to trig ...)
+   TODO: check
+CVE-2024-55076 (Grocy through 4.3.0 has no CSRF protection, as demonstrated by 
changin ...)
+   TODO: check
+CVE-2024-55075 (Grocy through 4.3.0 allows remote attackers to obtain 
sensitive inform ...)
+   TODO: check
+CVE-2024-55074 (The edit profile function of Grocy through 4.3.0 allows stored 
XSS and ...)
+   TODO: check
+CVE-2024-54767 (An access control issue in the component /juis_boxinfo.xml of 
AVM FRIT ...)
+   TODO: check
+CVE-2024-54764 (An access control issue in the component /login/hostinfo2.cgi 
of ipTIM ...)
+   TODO: check
+CVE-2024-54763 (An access control issue in the component /login/hostinfo.cgi 
of ipTIME ...)
+   TODO: check
+CVE-2024-54030 (in OpenHarmony v4.1.2 and prior versions allow a local 
attacker cause  ...)
+   TODO: check
+CVE-2024-53936 (The com.asianmobile.callcolor (aka Color Phone Call Screen 
App) applic ...)
+   TODO: check
+CVE-2024-53935 (The com.callos14.callscreen.colorphone (aka iCall OS17 - Color 
Phone F ...)
+   TODO: check
+CVE-2024-53934 (The com.windymob.callscreen.ringtone.callcolor.colorphone (aka 
Color P ...)
+   TODO: check
+CVE-2024-53933 (The com.callerscreen.colorphone.themes.callflash (aka Color 
Call Theme ...)
+   TODO: check
+CVE-2024-53932 (The com.remi.colorphone.callscreen.calltheme.callerscreen (aka 
Color P ...)
+   TODO: check
+CVE-2024-53931 (The com.glitter.caller.screen (aka iCaller, Caller Theme & 
Dialer) app ...)
+   TODO: check
+CVE-2024-51741 (Redis is an open source, in-memory database that persists on 
disk. An  ...)
+   TODO: check
+CVE-2024-48457 (An issue in Netis Wifi6 Router NX10 2.0.1.3643 and 2.0.1.3582 
and Neti ...)
+   TODO: check
+CVE-2024-48456 (An issue in Netis Wifi6 Router NX10 2.0.1.3643 and 2.0.1.3582 
and Neti ...)
+   TODO: check
+CVE-2024-48455 (An issue in Netis Wifi6 Router NX10 2.0.1.3643 and 2.0.1.3582 
and Neti ...)
+   TODO: check
+CVE-2024-47398 (in OpenHarmony v4.1.2 and prior versions allow a local 
attacker cause  ...)
+   TODO: check
+CVE-2024-46981 (Redis is an open source, in-memory database that persists on 
disk. An  ...)
+   TODO: check
+CVE-2024-45070 (in OpenHarmony v4.1.2 and prior versions allow a local 
attacker cause  ...)
+   TODO: check
+CVE-2024-12849 (The Error Log Viewer By WP Guru plugin for WordPress is 
vulnerable to  ...)
+   TODO: check
+CVE-2024-12781 (The Aurum - WordPress & WooCommerce Shopping Theme theme for 
WordPress ...)
+   TODO: check
+CVE-2024-12633 (The JoomSport \u2013 for Sports: Team & League, Football, 
Hockey & mor ...)
+   TODO: check
+CVE-2024-12624 (The Sina Extension for Elementor plugin for WordPress is 
vulnerable to ...)
+   TODO: check
+CVE-2024-12592 (The Sellsy plugin for WordPress is vulnerable to Stored 
Cross-Site Scr ...)
+   TODO: check
+CVE-2024-12590 (The WP Youtube Gallery plugin for WordPress is vulnerable to 
Stored Cr ...)
+   TODO: check
+CVE-2024-12559 (The ClickDesigns plugin for WordPress is vulnerable to 
unauthorized mo ...)
+   TODO: check
+CVE-2024-12557 (The Transporters.io plugin for WordPress is vulnerable to 
Cross-Site R ...)
+  

[Git][security-tracker-team/security-tracker][master] automatic update

2025-01-06 Thread Salvatore Bonaccorso (@carnil)


Salvatore Bonaccorso pushed to branch master at Debian Security Tracker / 
security-tracker


Commits:
3d567e01 by security tracker role at 2025-01-06T20:11:56+00:00
automatic update

- - - - -


1 changed file:

- data/CVE/list


Changes:

=
data/CVE/list
=
@@ -1,56 +1,166 @@
-CVE-2024-56769 [media: dvb-frontends: dib3000mb: fix uninit-value in 
dib3000_write_reg]
+CVE-2025-21618 (NiceGUI is an easy-to-use, Python-based UI framework. Prior to 
2.9.1,  ...)
+   TODO: check
+CVE-2025-21617 (Guzzle OAuth Subscriber signs Guzzle requests using OAuth 1.0. 
Prior t ...)
+   TODO: check
+CVE-2025-21615 (AAT (Another Activity Tracker) is a GPS-tracking application 
for track ...)
+   TODO: check
+CVE-2025-21614 (go-git is a highly extensible git implementation library 
written in pu ...)
+   TODO: check
+CVE-2025-21613 (go-git is a highly extensible git implementation library 
written in pu ...)
+   TODO: check
+CVE-2025-21612 (TabberNeue is a MediaWiki extension that allows the wiki to 
create tab ...)
+   TODO: check
+CVE-2025-21611 (tgstation-server is a production scale tool for BYOND server 
managemen ...)
+   TODO: check
+CVE-2025-21604 (LangChain4j-AIDeepin is a Retrieval enhancement generation 
(RAG) proje ...)
+   TODO: check
+CVE-2024-8474 (OpenVPN Connect before version 3.5.0 can contain the 
configuration pro ...)
+   TODO: check
+CVE-2024-56828 (File Upload vulnerability in ChestnutCMS through 1.5.0. Based 
on the c ...)
+   TODO: check
+CVE-2024-55629 (Suricata is a network Intrusion Detection System, Intrusion 
Prevention ...)
+   TODO: check
+CVE-2024-55628 (Suricata is a network Intrusion Detection System, Intrusion 
Prevention ...)
+   TODO: check
+CVE-2024-55627 (Suricata is a network Intrusion Detection System, Intrusion 
Prevention ...)
+   TODO: check
+CVE-2024-55626 (Suricata is a network Intrusion Detection System, Intrusion 
Prevention ...)
+   TODO: check
+CVE-2024-55605 (Suricata is a network Intrusion Detection System, Intrusion 
Prevention ...)
+   TODO: check
+CVE-2024-55529 (Z-BlogPHP 1.7.3 is vulnerable to arbitrary code execution via 
\zb_user ...)
+   TODO: check
+CVE-2024-55408 (An issue in the AsusSAIO.sys component of ASUS System Analysis 
IO v1.0 ...)
+   TODO: check
+CVE-2024-55407 (An issue in the DeviceloControl function of ITE Tech. Inc ITE 
IO Acces ...)
+   TODO: check
+CVE-2024-54880 (SeaCMS V13.1 is vulnerable to Incorrect Access Control. A 
logic flaw c ...)
+   TODO: check
+CVE-2024-54879 (SeaCMS V13.1 is vulnerable to Incorrect Access Control. A 
logic flaw c ...)
+   TODO: check
+CVE-2024-51472 (IBM UrbanCode Deploy (UCD) 7.2 through 7.2.3.13, 7.3 through 
7.3.2.8,  ...)
+   TODO: check
+CVE-2024-51112 (Open Redirect vulnerability in Pnetlab 5.3.11 allows an 
attacker to ma ...)
+   TODO: check
+CVE-2024-5 (Cross-Site Scripting (XSS) vulnerability in Pnetlab 5.3.11 
allows an a ...)
+   TODO: check
+CVE-2024-47475 (Dell PowerScale OneFS 8.2.2.x through 9.8.0.x contains an 
incorrect pe ...)
+   TODO: check
+CVE-2024-46622 (An Escalation of Privilege security vulnerability was found in 
SecureA ...)
+   TODO: check
+CVE-2024-46209 (A stored cross-site scripting (XSS) vulnerability in the 
component /me ...)
+   TODO: check
+CVE-2024-46073 (A reflected Cross-Site Scripting (XSS) vulnerability exists in 
the log ...)
+   TODO: check
+CVE-2024-45559 (Transient DOS can occur when GVM sends a specific message type 
to the  ...)
+   TODO: check
+CVE-2024-45558 (Transient DOS can occur when the driver parses the per STA 
profile IE  ...)
+   TODO: check
+CVE-2024-4 (Memory corruption can occur if an already verified IFS2 image 
is overw ...)
+   TODO: check
+CVE-2024-45553 (Memory corruption can occur when process-specific maps are 
added to th ...)
+   TODO: check
+CVE-2024-45550 (Memory corruption occurs when invoking any IOCTL-calling 
application t ...)
+   TODO: check
+CVE-2024-45548 (Memory corruption while processing FIPS encryption or 
decryption valid ...)
+   TODO: check
+CVE-2024-45547 (Memory corruption while processing IOCTL call invoked from 
user-space  ...)
+   TODO: check
+CVE-2024-45546 (Memory corruption while processing FIPS encryption or 
decryption IOCTL ...)
+   TODO: check
+CVE-2024-45542 (Memory corruption when IOCTL call is invoked from user-space 
to write  ...)
+   TODO: check
+CVE-2024-45541 (Memory corruption when IOCTL call is invoked from user-space 
to read b ...)
+   TODO: check
+CVE-2024-43064 (Uncontrolled resource consumption when a driver, an 
application or a S ...)
+   TODO: check
+CVE-2024-43063 (information disclosure while invoking the mailbox read API.)
+   TODO: check
+CVE-2024-35498 (A cross-site scripting (XSS) vulnerability in Grav v1.7.45 
allows atta ...)
+   TODO: check
+CVE-2024-3306

[Git][security-tracker-team/security-tracker][master] automatic update

2025-01-06 Thread Salvatore Bonaccorso (@carnil)


Salvatore Bonaccorso pushed to branch master at Debian Security Tracker / 
security-tracker


Commits:
c9c49465 by security tracker role at 2025-01-06T08:11:51+00:00
automatic update

- - - - -


1 changed file:

- data/CVE/list


Changes:

=
data/CVE/list
=
@@ -1,3 +1,53 @@
+CVE-2025-0233 (A vulnerability was found in Codezips Project Management System 
1.0. I ...)
+   TODO: check
+CVE-2025-0232 (A vulnerability was found in Codezips Blood Bank Management 
System 1.0 ...)
+   TODO: check
+CVE-2025-0231 (A vulnerability has been found in Codezips Gym Management 
System 1.0 a ...)
+   TODO: check
+CVE-2025-0230 (A vulnerability, which was classified as critical, was found in 
code-p ...)
+   TODO: check
+CVE-2024-20154 (In Modem, there is a possible out of bounds write due to a 
missing bou ...)
+   TODO: check
+CVE-2024-20153 (In wlan STA, there is a possible way to trick a client to 
connect to a ...)
+   TODO: check
+CVE-2024-20152 (In wlan STA driver, there is a possible reachable assertion 
due to imp ...)
+   TODO: check
+CVE-2024-20151 (In Modem, there is a possible out of bounds write due to an 
incorrect  ...)
+   TODO: check
+CVE-2024-20150 (In Modem, there is a possible system crash due to a logic 
error. This  ...)
+   TODO: check
+CVE-2024-20149 (In Modem, there is a possible system crash due to improper 
input valid ...)
+   TODO: check
+CVE-2024-20148 (In wlan STA FW, there is a possible out of bounds write due to 
imprope ...)
+   TODO: check
+CVE-2024-20146 (In wlan STA driver, there is a possible out of bounds write 
due to imp ...)
+   TODO: check
+CVE-2024-20145 (In V6 DA, there is a possible out of bounds write due to a 
missing bou ...)
+   TODO: check
+CVE-2024-20144 (In V6 DA, there is a possible out of bounds write due to a 
missing bou ...)
+   TODO: check
+CVE-2024-20143 (In V6 DA, there is a possible out of bounds write due to a 
missing bou ...)
+   TODO: check
+CVE-2024-20140 (In power, there is a possible out of bounds write due to a 
missing bou ...)
+   TODO: check
+CVE-2024-20105 (In m4u, there is a possible out of bounds write due to a 
missing bound ...)
+   TODO: check
+CVE-2024-13145 (A vulnerability classified as critical was found in zhenfeng13 
My-Blog ...)
+   TODO: check
+CVE-2024-13144 (A vulnerability classified as critical has been found in 
zhenfeng13 My ...)
+   TODO: check
+CVE-2024-13143 (A vulnerability was found in ZeroWdd studentmanager 1.0. It 
has been r ...)
+   TODO: check
+CVE-2024-13142 (A vulnerability was found in ZeroWdd studentmanager 1.0. It 
has been d ...)
+   TODO: check
+CVE-2024-12311 (The Email Subscribers by Icegram Express  WordPress plugin 
before 5.7. ...)
+   TODO: check
+CVE-2024-12302 (The Icegram Engage  WordPress plugin before 3.1.32 does not 
sanitise a ...)
+   TODO: check
+CVE-2024-11849 (The Pods  WordPress plugin before 3.2.8.1 does not sanitise 
and escape ...)
+   TODO: check
+CVE-2024-11356 (The tourmaster WordPress plugin before 5.3.4 does not sanitise 
and esc ...)
+   TODO: check
 CVE-2025-0229 (A vulnerability, which was classified as critical, has been 
found in c ...)
NOT-FOR-US: code-projects Travel Management System
 CVE-2025-0228 (A vulnerability has been found in code-projects Local Storage 
Todo App ...)



View it on GitLab: 
https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/c9c4946559bfa3212bbaa2294e26bf850d813937

-- 
View it on GitLab: 
https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/c9c4946559bfa3212bbaa2294e26bf850d813937
You're receiving this email because of your account on salsa.debian.org.


___
debian-security-tracker-commits mailing list
debian-security-tracker-commits@alioth-lists.debian.net
https://alioth-lists.debian.net/cgi-bin/mailman/listinfo/debian-security-tracker-commits


[Git][security-tracker-team/security-tracker][master] automatic update

2025-01-05 Thread Salvatore Bonaccorso (@carnil)


Salvatore Bonaccorso pushed to branch master at Debian Security Tracker / 
security-tracker


Commits:
c6b5b332 by security tracker role at 2025-01-05T20:11:56+00:00
automatic update

- - - - -


1 changed file:

- data/CVE/list


Changes:

=
data/CVE/list
=
@@ -1,3 +1,37 @@
+CVE-2025-0229 (A vulnerability, which was classified as critical, has been 
found in c ...)
+   TODO: check
+CVE-2025-0228 (A vulnerability has been found in code-projects Local Storage 
Todo App ...)
+   TODO: check
+CVE-2025-0227 (A vulnerability, which was classified as problematic, was found 
in Tsi ...)
+   TODO: check
+CVE-2025-0226 (A vulnerability, which was classified as problematic, has been 
found i ...)
+   TODO: check
+CVE-2025-0225 (A vulnerability classified as problematic was found in Tsinghua 
Unigro ...)
+   TODO: check
+CVE-2025-0224 (A vulnerability was found in Provision-ISR SH-4050A-2, 
SH-4100A-2L(MM) ...)
+   TODO: check
+CVE-2025-0223 (A vulnerability was found in IObit Protected Folder up to 
13.6.0.5. It ...)
+   TODO: check
+CVE-2025-0222 (A vulnerability was found in IObit Protected Folder up to 
13.6.0.5 and ...)
+   TODO: check
+CVE-2025-0221 (A vulnerability has been found in IOBit Protected Folder up to 
1.3.0 a ...)
+   TODO: check
+CVE-2025-0220 (A vulnerability, which was classified as problematic, was found 
in Tri ...)
+   TODO: check
+CVE-2024-13141 (A vulnerability classified as problematic was found in osuuu 
LightPict ...)
+   TODO: check
+CVE-2024-13140 (A vulnerability classified as problematic has been found in 
Emlog Pro  ...)
+   TODO: check
+CVE-2024-13139 (A vulnerability was found in wangl1989 mysiteforme 1.0. It has 
been ra ...)
+   TODO: check
+CVE-2024-13138 (A vulnerability was found in wangl1989 mysiteforme 1.0. It has 
been de ...)
+   TODO: check
+CVE-2024-13137 (A vulnerability was found in wangl1989 mysiteforme 1.0. It has 
been cl ...)
+   TODO: check
+CVE-2024-13136 (A vulnerability was found in wangl1989 mysiteforme 1.0 and 
classified  ...)
+   TODO: check
+CVE-2024-13135 (A vulnerability has been found in Emlog Pro 2.4.3 and 
classified as pr ...)
+   TODO: check
 CVE-2025-0219 (A vulnerability, which was classified as problematic, has been 
found i ...)
NOT-FOR-US: Trimble
 CVE-2024-13134 (A vulnerability, which was classified as critical, was found 
in ZeroWd ...)



View it on GitLab: 
https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/c6b5b332e287aa50da7715d37accf76186efc44f

-- 
View it on GitLab: 
https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/c6b5b332e287aa50da7715d37accf76186efc44f
You're receiving this email because of your account on salsa.debian.org.


___
debian-security-tracker-commits mailing list
debian-security-tracker-commits@alioth-lists.debian.net
https://alioth-lists.debian.net/cgi-bin/mailman/listinfo/debian-security-tracker-commits


[Git][security-tracker-team/security-tracker][master] automatic update

2025-01-05 Thread Salvatore Bonaccorso (@carnil)


Salvatore Bonaccorso pushed to branch master at Debian Security Tracker / 
security-tracker


Commits:
8909f0f0 by security tracker role at 2025-01-05T08:12:26+00:00
automatic update

- - - - -


1 changed file:

- data/CVE/list


Changes:

=
data/CVE/list
=
@@ -1,3 +1,15 @@
+CVE-2025-0219 (A vulnerability, which was classified as problematic, has been 
found i ...)
+   TODO: check
+CVE-2024-13134 (A vulnerability, which was classified as critical, was found 
in ZeroWd ...)
+   TODO: check
+CVE-2024-13133 (A vulnerability, which was classified as critical, has been 
found in Z ...)
+   TODO: check
+CVE-2024-13132 (A vulnerability classified as problematic was found in Emlog 
Pro up to ...)
+   TODO: check
+CVE-2024-13131 (A vulnerability classified as problematic has been found in 
Dahua IPC- ...)
+   TODO: check
+CVE-2024-13130 (A vulnerability was found in Dahua IPC-HFW1200S, 
IPC-HFW2300R-Z, IPC-H ...)
+   TODO: check
 CVE-2025-0214 (A vulnerability was found in TMD Custom Header Menu 4.0.0.1 on 
OpenCar ...)
NOT-FOR-US: TMD Custom Header Menu OpenCart module
 CVE-2025-0213 (A vulnerability was found in Campcodes Project Management 
System 1.0.  ...)



View it on GitLab: 
https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/8909f0f0f2d824b00b7ac84bdc61a321345e47f2

-- 
View it on GitLab: 
https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/8909f0f0f2d824b00b7ac84bdc61a321345e47f2
You're receiving this email because of your account on salsa.debian.org.


___
debian-security-tracker-commits mailing list
debian-security-tracker-commits@alioth-lists.debian.net
https://alioth-lists.debian.net/cgi-bin/mailman/listinfo/debian-security-tracker-commits


[Git][security-tracker-team/security-tracker][master] automatic update

2025-01-04 Thread Salvatore Bonaccorso (@carnil)


Salvatore Bonaccorso pushed to branch master at Debian Security Tracker / 
security-tracker


Commits:
1d2962a4 by security tracker role at 2025-01-04T20:11:58+00:00
automatic update

- - - - -


1 changed file:

- data/CVE/list


Changes:

=
data/CVE/list
=
@@ -1,3 +1,45 @@
+CVE-2025-0214 (A vulnerability was found in TMD Custom Header Menu 4.0.0.1 on 
OpenCar ...)
+   TODO: check
+CVE-2025-0213 (A vulnerability was found in Campcodes Project Management 
System 1.0.  ...)
+   TODO: check
+CVE-2025-0212 (A vulnerability was found in Campcodes Student Grading System 
1.0. It  ...)
+   TODO: check
+CVE-2025-0211 (A vulnerability was found in Campcodes School Faculty 
Scheduling Syste ...)
+   TODO: check
+CVE-2025-0210 (A vulnerability has been found in Campcodes School Faculty 
Scheduling  ...)
+   TODO: check
+CVE-2025-0208 (A vulnerability, which was classified as critical, was found in 
code-p ...)
+   TODO: check
+CVE-2025-0207 (A vulnerability, which was classified as critical, has been 
found in c ...)
+   TODO: check
+CVE-2025-0206 (A vulnerability classified as critical was found in 
code-projects Onli ...)
+   TODO: check
+CVE-2025-0205 (A vulnerability classified as critical has been found in 
code-projects ...)
+   TODO: check
+CVE-2024-41768 (IBM Engineering Lifecycle Optimization - Publishing 7.0.2 and 
7.0.3 co ...)
+   TODO: check
+CVE-2024-41767 (IBM Engineering Lifecycle Optimization - Publishing 7.0.2 and 
7.0.3 is ...)
+   TODO: check
+CVE-2024-41766 (IBM Engineering Lifecycle Optimization - Publishing 7.0.2 and 
7.0.3  c ...)
+   TODO: check
+CVE-2024-41765 (IBM Engineering Lifecycle Optimization - Publishing 7.0.2 and 
7.0.3 co ...)
+   TODO: check
+CVE-2024-41763 (IBM Engineering Lifecycle Optimization - Publishing 7.0.2 and 
7.0.3  u ...)
+   TODO: check
+CVE-2024-12583 (The Dynamics 365 Integration plugin for WordPress is 
vulnerable to Rem ...)
+   TODO: check
+CVE-2024-12475 (The WP Multi Store Locator plugin for WordPress is vulnerable 
to Store ...)
+   TODO: check
+CVE-2024-12279 (The WP Social AutoConnect plugin for WordPress is vulnerable 
to Cross- ...)
+   TODO: check
+CVE-2024-12221 (The Turnkey bbPress by WeaverTheme plugin for WordPress is 
vulnerable  ...)
+   TODO: check
+CVE-2024-12195 (The WP Project Manager \u2013 Task, team, and project 
management plugi ...)
+   TODO: check
+CVE-2024-11930 (The Taskbuilder \u2013 WordPress Project & Task Management 
plugin plug ...)
+   TODO: check
+CVE-2024-10957 (The UpdraftPlus: WP Backup & Migration Plugin plugin for 
WordPress is  ...)
+   TODO: check
 CVE-2025-22390 (An issue was discovered in Optimizely EPiServer.CMS.Core 
before 12.32. ...)
NOT-FOR-US: Optimizely EPiServer.CMS.Core
 CVE-2025-22389 (An issue was discovered in Optimizely EPiServer.CMS.Core 
before 12.32. ...)



View it on GitLab: 
https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/1d2962a437ee7aadbf7829aa92cf4aa7b3d119de

-- 
View it on GitLab: 
https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/1d2962a437ee7aadbf7829aa92cf4aa7b3d119de
You're receiving this email because of your account on salsa.debian.org.


___
debian-security-tracker-commits mailing list
debian-security-tracker-commits@alioth-lists.debian.net
https://alioth-lists.debian.net/cgi-bin/mailman/listinfo/debian-security-tracker-commits


[Git][security-tracker-team/security-tracker][master] automatic update

2025-01-04 Thread Salvatore Bonaccorso (@carnil)


Salvatore Bonaccorso pushed to branch master at Debian Security Tracker / 
security-tracker


Commits:
69defc97 by security tracker role at 2025-01-04T08:11:48+00:00
automatic update

- - - - -


1 changed file:

- data/CVE/list


Changes:

=
data/CVE/list
=
@@ -1,4 +1,56 @@
-CVE-2025-22376 [Default nonce for Net::OAuth package for perl is not 
cryptographically strong]
+CVE-2025-22390 (An issue was discovered in Optimizely EPiServer.CMS.Core 
before 12.32. ...)
+   TODO: check
+CVE-2025-22389 (An issue was discovered in Optimizely EPiServer.CMS.Core 
before 12.32. ...)
+   TODO: check
+CVE-2025-22388 (An issue was discovered in Optimizely EPiServer.CMS.Core 
before 12.22. ...)
+   TODO: check
+CVE-2025-22387 (An issue was discovered in Optimizely Configured Commerce 
before 5.2.2 ...)
+   TODO: check
+CVE-2025-22386 (An issue was discovered in Optimizely Configured Commerce 
before 5.2.2 ...)
+   TODO: check
+CVE-2025-22385 (An issue was discovered in Optimizely Configured Commerce 
before 5.2.2 ...)
+   TODO: check
+CVE-2025-22384 (An issue was discovered in Optimizely Configured Commerce 
before 5.2.2 ...)
+   TODO: check
+CVE-2025-22383 (An issue was discovered in Optimizely Configured Commerce 
before 5.2.2 ...)
+   TODO: check
+CVE-2025-0204 (A vulnerability was found in code-projects Online Shoe Store 
1.0. It h ...)
+   TODO: check
+CVE-2025-0203 (A vulnerability was found in code-projects Student Management 
System 1 ...)
+   TODO: check
+CVE-2025-0202 (A vulnerability was found in TCS BaNCS 10. It has been 
classified as p ...)
+   TODO: check
+CVE-2025-0201 (A vulnerability was found in code-projects Point of Sales and 
Inventor ...)
+   TODO: check
+CVE-2025-0200 (A vulnerability has been found in code-projects Point of Sales 
and Inv ...)
+   TODO: check
+CVE-2025-0199 (A vulnerability, which was classified as critical, was found in 
code-p ...)
+   TODO: check
+CVE-2025-0198 (A vulnerability, which was classified as critical, has been 
found in c ...)
+   TODO: check
+CVE-2024-56332 (Next.js is a React framework for building full-stack web 
applications. ...)
+   TODO: check
+CVE-2024-55897 (IBM PowerHA SystemMirror for i 7.4 and 7.5   does not set the 
secure a ...)
+   TODO: check
+CVE-2024-55896 (IBM PowerHA SystemMirror for i 7.4 and 7.5 contains improper 
restricti ...)
+   TODO: check
+CVE-2024-13129 (A vulnerability was found in Roxy-WI up to 8.1.3. It has been 
declared ...)
+   TODO: check
+CVE-2024-12701 (The WP Smart Import : Import any XML File to WordPress plugin 
for Word ...)
+   TODO: check
+CVE-2024-12545 (The Scratch & Win \u2013 Giveaways and Contests. Boost 
subscribers, tr ...)
+   TODO: check
+CVE-2024-12237 (The Photo Gallery Slideshow & Masonry Tiled Gallery plugin for 
WordPre ...)
+   TODO: check
+CVE-2024-12047 (The WP Compress \u2013 Instant Performance & Speed 
Optimization plugin ...)
+   TODO: check
+CVE-2024-11974 (The Media Library Assistant plugin for WordPress is vulnerable 
to Refl ...)
+   TODO: check
+CVE-2024-11733 (The The WordPress Popular Posts plugin for WordPress is 
vulnerable to  ...)
+   TODO: check
+CVE-2024-10932 (The Backup Migration plugin for WordPress is vulnerable to PHP 
Object  ...)
+   TODO: check
+CVE-2025-22376 (In Net::OAuth::Client in the Net::OAuth package before 0.29 
for Perl,  ...)
- libnet-oauth-perl 
NOTE: Fixed by: 
https://github.com/keeth/Net-OAuth/commit/2aa25e04aadab247ae4063363fcee177161e1f42
 (0.29)
NOTE: Followup (bugfix): 
https://github.com/keeth/Net-OAuth/commit/2276807dbdd5c0cee2d09679e084c7fdfb401704
 (0.30)



View it on GitLab: 
https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/69defc9773f6f7d4bdf970df9f43bdaec6111cd0

-- 
View it on GitLab: 
https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/69defc9773f6f7d4bdf970df9f43bdaec6111cd0
You're receiving this email because of your account on salsa.debian.org.


___
debian-security-tracker-commits mailing list
debian-security-tracker-commits@alioth-lists.debian.net
https://alioth-lists.debian.net/cgi-bin/mailman/listinfo/debian-security-tracker-commits


[Git][security-tracker-team/security-tracker][master] automatic update

2025-01-03 Thread Salvatore Bonaccorso (@carnil)


Salvatore Bonaccorso pushed to branch master at Debian Security Tracker / 
security-tracker


Commits:
f504806d by security tracker role at 2025-01-03T20:12:04+00:00
automatic update

- - - - -


1 changed file:

- data/CVE/list


Changes:

=
data/CVE/list
=
@@ -1,3 +1,59 @@
+CVE-2025-21610 (Trix is a what-you-see-is-what-you-get rich text editor for 
everyday w ...)
+   TODO: check
+CVE-2025-21609 (SiYuan is self-hosted, open source personal knowledge 
management softw ...)
+   TODO: check
+CVE-2025-0197 (A vulnerability classified as critical was found in 
code-projects Poin ...)
+   TODO: check
+CVE-2025-0196 (A vulnerability classified as critical has been found in 
code-projects ...)
+   TODO: check
+CVE-2025-0195 (A vulnerability was found in code-projects Point of Sales and 
Inventor ...)
+   TODO: check
+CVE-2024-9140 (Moxa\u2019s cellular routers, secure routers, and network 
security app ...)
+   TODO: check
+CVE-2024-9138 (Moxa\u2019s cellular routers, secure routers, and network 
security app ...)
+   TODO: check
+CVE-2024-5591 (IBM Jazz Foundation 7.0.2, 7.0.3, and 7.1.0 could allow a 
remote attac ...)
+   TODO: check
+CVE-2024-56514 (Karmada is a Kubernetes management system that allows users to 
run clo ...)
+   TODO: check
+CVE-2024-56513 (Karmada is a Kubernetes management system that allows users to 
run clo ...)
+   TODO: check
+CVE-2024-56412 (PhpSpreadsheet is a PHP library for reading and writing 
spreadsheet fi ...)
+   TODO: check
+CVE-2024-56411 (PhpSpreadsheet is a PHP library for reading and writing 
spreadsheet fi ...)
+   TODO: check
+CVE-2024-56410 (PhpSpreadsheet is a PHP library for reading and writing 
spreadsheet fi ...)
+   TODO: check
+CVE-2024-56409 (PhpSpreadsheet is a PHP library for reading and writing 
spreadsheet fi ...)
+   TODO: check
+CVE-2024-56408 (PhpSpreadsheet is a PHP library for reading and writing 
spreadsheet fi ...)
+   TODO: check
+CVE-2024-56366 (PhpSpreadsheet is a PHP library for reading and writing 
spreadsheet fi ...)
+   TODO: check
+CVE-2024-56365 (PhpSpreadsheet is a PHP library for reading and writing 
spreadsheet fi ...)
+   TODO: check
+CVE-2024-56324 (GoCD is a continuous deliver server. GoCD versions prior to 
24.4.0 can ...)
+   TODO: check
+CVE-2024-56322 (GoCD is a continuous deliver server. GoCD versions 16.7.0 
through 24.4 ...)
+   TODO: check
+CVE-2024-56321 (GoCD is a continuous deliver server. GoCD versions 18.9.0 
through 24.4 ...)
+   TODO: check
+CVE-2024-56320 (GoCD is a continuous deliver server. GoCD versions prior to 
24.5.0 are ...)
+   TODO: check
+CVE-2024-55507 (An issue in CodeAstro Complaint Management System v.1.0 allows 
a remot ...)
+   TODO: check
+CVE-2024-55078 (An arbitrary file upload vulnerability in the component 
/adminUser/upd ...)
+   TODO: check
+CVE-2024-48814 (SQL Injection vulnerability in Silverpeas 6.4.1 allows a 
remote attack ...)
+   TODO: check
+CVE-2024-41780 (IBM Jazz Foundation 7.0.2, 7.0.3, and 7.1.0 could   could 
allow a phys ...)
+   TODO: check
+CVE-2024-36613 (FFmpeg n6.1.1 has a vulnerability in the DXA demuxer of the 
libavforma ...)
+   TODO: check
+CVE-2024-35365 (FFmpeg version n6.1.1 has a double-free vulnerability in the 
fftools/f ...)
+   TODO: check
+CVE-2024-12132 (The WP Job Portal \u2013 A Complete Recruitment System for 
Company or  ...)
+   TODO: check
 CVE-2025-22275 (iTerm2 3.5.6 through 3.5.10 before 3.5.11 sometimes allows 
remote atta ...)
NOT-FOR-US: iTerm2
 CVE-2025-0176 (A vulnerability was found in code-projects Point of Sales and 
Inventor ...)



View it on GitLab: 
https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/f504806d6ab625ddd3fc47cdaf1abc3a2c91190c

-- 
View it on GitLab: 
https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/f504806d6ab625ddd3fc47cdaf1abc3a2c91190c
You're receiving this email because of your account on salsa.debian.org.


___
debian-security-tracker-commits mailing list
debian-security-tracker-commits@alioth-lists.debian.net
https://alioth-lists.debian.net/cgi-bin/mailman/listinfo/debian-security-tracker-commits


[Git][security-tracker-team/security-tracker][master] automatic update

2025-01-03 Thread Salvatore Bonaccorso (@carnil)


Salvatore Bonaccorso pushed to branch master at Debian Security Tracker / 
security-tracker


Commits:
cd27a205 by security tracker role at 2025-01-03T08:11:46+00:00
automatic update

- - - - -


1 changed file:

- data/CVE/list


Changes:

=
data/CVE/list
=
@@ -1,3 +1,49 @@
+CVE-2025-22275 (iTerm2 3.5.6 through 3.5.10 before 3.5.11 sometimes allows 
remote atta ...)
+   TODO: check
+CVE-2025-0176 (A vulnerability was found in code-projects Point of Sales and 
Inventor ...)
+   TODO: check
+CVE-2025-0175 (A vulnerability was found in code-projects Online Shop 1.0. It 
has bee ...)
+   TODO: check
+CVE-2025-0174 (A vulnerability was found in code-projects Point of Sales and 
Inventor ...)
+   TODO: check
+CVE-2024-53842 (In cc_SendCcImsInfoIndMsg of cc_MmConManagement.c, there is a 
possible ...)
+   TODO: check
+CVE-2024-53841 (In startListeningForDeviceStateChanges, there is a possible 
Permission ...)
+   TODO: check
+CVE-2024-53840 (there is a possible biometric bypass due to an unusual root 
cause. Thi ...)
+   TODO: check
+CVE-2024-53839 (In GetCellInfoList() of protocolnetadapter.cpp, there is a 
possible ou ...)
+   TODO: check
+CVE-2024-53838 (In Exynos_parsing_user_data_registered_itu_t_t35 of 
VendorVideoAPI.cpp ...)
+   TODO: check
+CVE-2024-53837 (In prepare_response of lwis_periodic_io.c, there is a possible 
out of  ...)
+   TODO: check
+CVE-2024-53836 (In wbrc_bt_dev_write of wb_regon_coordinator.c, there is a 
possible ou ...)
+   TODO: check
+CVE-2024-53835 (there is a possible biometric bypass due to an unusual root 
cause. Thi ...)
+   TODO: check
+CVE-2024-53834 (In sms_DisplayHexDumpOfPrivacyBuffer of sms_Utilities.c, there 
is a po ...)
+   TODO: check
+CVE-2024-53833 (In prepare_response_locked of  lwis_transaction.c, there is a 
possible ...)
+   TODO: check
+CVE-2024-47032 (In construct_transaction_from_cmd of lwis_ioctl.c, there is a 
possible ...)
+   TODO: check
+CVE-2024-43769 (In isPackageDeviceAdmin of PackageManagerService.java, there 
is a poss ...)
+   TODO: check
+CVE-2024-43768 (In skia_alloc_func of SkDeflate.cpp, there is a possible out 
of bounds ...)
+   TODO: check
+CVE-2024-43767 (In prepare_to_draw_into_mask of SkBlurMaskFilterImpl.cpp, 
there is a p ...)
+   TODO: check
+CVE-2024-43764 (In onPrimaryClipChanged of ClipboardListener.java, there is a 
possible ...)
+   TODO: check
+CVE-2024-43762 (In multiple locations, there is a possible way to avoid 
unbinding of a ...)
+   TODO: check
+CVE-2024-43097 (In resizeToAtLeast of SkRegion.cpp, there is a possible out of 
bounds  ...)
+   TODO: check
+CVE-2024-43077 (In DevmemValidateFlags of devicemem_server.c , there is a 
possible out ...)
+   TODO: check
+CVE-2024-11624 (there is a possible to add apps to bypass VPN due to 
Undeclared Permis ...)
+   TODO: check
 CVE-2025-0173 (A vulnerability was found in SourceCodester Online Eyewear Shop 
1.0 an ...)
NOT-FOR-US: SourceCodester Online Eyewear Shop
 CVE-2025-0172 (A vulnerability has been found in code-projects Chat System 1.0 
and cl ...)
@@ -436,7 +482,7 @@ CVE-2022-49035 (In the Linux kernel, the following 
vulnerability has been resolv
- linux 6.0.8-1
[bullseye] - linux 5.10.158-1
NOTE: 
https://git.kernel.org/linus/93f65ce036863893c164ca410938e0968964b26c (6.1-rc2)
-CVE-2024-8447
+CVE-2024-8447 (A security issue was discovered in the LRA Coordinator 
component of Na ...)
NOT-FOR-US: Narayana
 CVE-2024-56827
- openjpeg2 



View it on GitLab: 
https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/cd27a2056c5a71e7de24d679503313fc371ad3c2

-- 
View it on GitLab: 
https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/cd27a2056c5a71e7de24d679503313fc371ad3c2
You're receiving this email because of your account on salsa.debian.org.


___
debian-security-tracker-commits mailing list
debian-security-tracker-commits@alioth-lists.debian.net
https://alioth-lists.debian.net/cgi-bin/mailman/listinfo/debian-security-tracker-commits


[Git][security-tracker-team/security-tracker][master] automatic update

2025-01-02 Thread Salvatore Bonaccorso (@carnil)


Salvatore Bonaccorso pushed to branch master at Debian Security Tracker / 
security-tracker


Commits:
8bcaae93 by security tracker role at 2025-01-02T20:12:00+00:00
automatic update

- - - - -


1 changed file:

- data/CVE/list


Changes:

=
data/CVE/list
=
@@ -1,4 +1,438 @@
-CVE-2022-49035 [media: s5p_cec: limit msg.len to CEC_MAX_MSG_SIZE]
+CVE-2025-0173 (A vulnerability was found in SourceCodester Online Eyewear Shop 
1.0 an ...)
+   TODO: check
+CVE-2025-0172 (A vulnerability has been found in code-projects Chat System 1.0 
and cl ...)
+   TODO: check
+CVE-2025-0171 (A vulnerability, which was classified as critical, was found in 
code-p ...)
+   TODO: check
+CVE-2024-9950 (A vulnerability in Forescout SecureConnector v11.3.07.0109on 
Windows a ...)
+   TODO: check
+CVE-2024-56414 (Web installer integrity check used weak hash algorithm. The 
following  ...)
+   TODO: check
+CVE-2024-56413 (Missing session invalidation after user deletion. The 
following produc ...)
+   TODO: check
+CVE-2024-56302 (Improper Neutralization of Input During Web Page Generation 
('Cross-si ...)
+   TODO: check
+CVE-2024-56268 (Improper Neutralization of Input During Web Page Generation 
('Cross-si ...)
+   TODO: check
+CVE-2024-56267 (Improper Neutralization of Input During Web Page Generation 
('Cross-si ...)
+   TODO: check
+CVE-2024-56266 (Missing Authorization vulnerability in Sonaar Music MP3 Audio 
Player f ...)
+   TODO: check
+CVE-2024-56264 (Unrestricted Upload of File with Dangerous Type vulnerability 
in Beee  ...)
+   TODO: check
+CVE-2024-56263 (Improper Neutralization of Input During Web Page Generation 
('Cross-si ...)
+   TODO: check
+CVE-2024-56262 (Improper Neutralization of Input During Web Page Generation 
('Cross-si ...)
+   TODO: check
+CVE-2024-56261 (Improper Neutralization of Input During Web Page Generation 
('Cross-si ...)
+   TODO: check
+CVE-2024-56260 (Improper Neutralization of Input During Web Page Generation 
('Cross-si ...)
+   TODO: check
+CVE-2024-56259 (Improper Neutralization of Input During Web Page Generation 
('Cross-si ...)
+   TODO: check
+CVE-2024-56258 (Improper Neutralization of Input During Web Page Generation 
('Cross-si ...)
+   TODO: check
+CVE-2024-56257 (Improper Neutralization of Input During Web Page Generation 
('Cross-si ...)
+   TODO: check
+CVE-2024-56255 (Missing Authorization vulnerability in AyeCode AyeCode Connect 
allows  ...)
+   TODO: check
+CVE-2024-56254 (Improper Neutralization of Input During Web Page Generation 
('Cross-si ...)
+   TODO: check
+CVE-2024-56253 (Missing Authorization vulnerability in supsystic.com Data 
Tables Gener ...)
+   TODO: check
+CVE-2024-56252 (Improper Neutralization of Input During Web Page Generation 
('Cross-si ...)
+   TODO: check
+CVE-2024-56251 (Cross-Site Request Forgery (CSRF) vulnerability in Event 
Espresso Even ...)
+   TODO: check
+CVE-2024-56250 (Improper Neutralization of Special Elements used in an SQL 
Command ('S ...)
+   TODO: check
+CVE-2024-56249 (Unrestricted Upload of File with Dangerous Type vulnerability 
in Webde ...)
+   TODO: check
+CVE-2024-56248 (Improper Limitation of a Pathname to a Restricted Directory 
('Path Tra ...)
+   TODO: check
+CVE-2024-56247 (Improper Neutralization of Special Elements used in an SQL 
Command ('S ...)
+   TODO: check
+CVE-2024-56246 (Improper Neutralization of Input During Web Page Generation 
('Cross-si ...)
+   TODO: check
+CVE-2024-56245 (Improper Neutralization of Input During Web Page Generation 
('Cross-si ...)
+   TODO: check
+CVE-2024-56244 (Missing Authorization vulnerability in WP Royal Ashe Extra 
allows Expl ...)
+   TODO: check
+CVE-2024-56243 (Missing Authorization vulnerability in JS Morisset WPSSO Core 
allows E ...)
+   TODO: check
+CVE-2024-56242 (Improper Neutralization of Input During Web Page Generation 
('Cross-si ...)
+   TODO: check
+CVE-2024-56241 (Improper Neutralization of Input During Web Page Generation 
('Cross-si ...)
+   TODO: check
+CVE-2024-56240 (Improper Neutralization of Input During Web Page Generation 
('Cross-si ...)
+   TODO: check
+CVE-2024-56239 (Improper Neutralization of Input During Web Page Generation 
('Cross-si ...)
+   TODO: check
+CVE-2024-56238 (Missing Authorization vulnerability in QunatumCloud Floating 
Action Bu ...)
+   TODO: check
+CVE-2024-56237 (Improper Neutralization of Input During Web Page Generation 
('Cross-si ...)
+   TODO: check
+CVE-2024-56236 (Missing Authorization vulnerability in Jakob Bouchard Hestia 
Nginx Cac ...)
+   TODO: check
+CVE-2024-56199 (phpMyFAQ is an open source FAQ web application. Starting no 
later than ...)
+   TODO: check
+CVE-2024-56137 (MaxKB, which stands for Max Knowledge Base, is an open source 
knowledg ...)
+   TODO: check
+CVE-2024-56069 (Imprope

[Git][security-tracker-team/security-tracker][master] automatic update

2025-01-02 Thread Salvatore Bonaccorso (@carnil)


Salvatore Bonaccorso pushed to branch master at Debian Security Tracker / 
security-tracker


Commits:
9c7f75cf by security tracker role at 2025-01-02T08:12:12+00:00
automatic update

- - - - -


1 changed file:

- data/CVE/list


Changes:

=
data/CVE/list
=
The diff for this file was not included because it is too large.


View it on GitLab: 
https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/9c7f75cfcce21f6e1d6a49261a1b9bac90a1dab8

-- 
View it on GitLab: 
https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/9c7f75cfcce21f6e1d6a49261a1b9bac90a1dab8
You're receiving this email because of your account on salsa.debian.org.


___
debian-security-tracker-commits mailing list
debian-security-tracker-commits@alioth-lists.debian.net
https://alioth-lists.debian.net/cgi-bin/mailman/listinfo/debian-security-tracker-commits


[Git][security-tracker-team/security-tracker][master] automatic update

2025-01-01 Thread Salvatore Bonaccorso (@carnil)


Salvatore Bonaccorso pushed to branch master at Debian Security Tracker / 
security-tracker


Commits:
1608aaf9 by security tracker role at 2025-01-01T20:12:06+00:00
automatic update

- - - - -


1 changed file:

- data/CVE/list


Changes:

=
data/CVE/list
=
@@ -1,3 +1,5 @@
+CVE-2025-0168 (A vulnerability classified as critical has been found in 
code-projects ...)
+   TODO: check
 CVE-2024-56803 (Ghostty is a cross-platform terminal emulator. Ghostty, as 
allowed by  ...)
- ghostty  (bug #1091469)
 CVE-2024-56802 (Tapir is a private Terraform registry. Tapir versions 0.9.0 
and 0.9.1  ...)



View it on GitLab: 
https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/1608aaf98a89630d269b9b170774ceee22dcb938

-- 
View it on GitLab: 
https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/1608aaf98a89630d269b9b170774ceee22dcb938
You're receiving this email because of your account on salsa.debian.org.


___
debian-security-tracker-commits mailing list
debian-security-tracker-commits@alioth-lists.debian.net
https://alioth-lists.debian.net/cgi-bin/mailman/listinfo/debian-security-tracker-commits


[Git][security-tracker-team/security-tracker][master] automatic update

2025-01-01 Thread Salvatore Bonaccorso (@carnil)


Salvatore Bonaccorso pushed to branch master at Debian Security Tracker / 
security-tracker


Commits:
ee2b4d50 by security tracker role at 2025-01-01T08:12:05+00:00
automatic update

- - - - -


1 changed file:

- data/CVE/list


Changes:

=
data/CVE/list
=
@@ -1,8 +1,360 @@
-CVE-2023-6603 [Null Pointer Dereference in FFmpeg HLS Parsing]
+CVE-2024-56803 (Ghostty is a cross-platform terminal emulator. Ghostty, as 
allowed by  ...)
+   TODO: check
+CVE-2024-56802 (Tapir is a private Terraform registry. Tapir versions 0.9.0 
and 0.9.1  ...)
+   TODO: check
+CVE-2024-56265 (Improper Neutralization of Input During Web Page Generation 
('Cross-si ...)
+   TODO: check
+CVE-2024-56256 (Improper Neutralization of Input During Web Page Generation 
('Cross-si ...)
+   TODO: check
+CVE-2024-56235 (Improper Neutralization of Input During Web Page Generation 
('Cross-si ...)
+   TODO: check
+CVE-2024-56234 (Missing Authorization vulnerability in VW THEMES VW Automobile 
Lite al ...)
+   TODO: check
+CVE-2024-56233 (Improper Neutralization of Input During Web Page Generation 
('Cross-si ...)
+   TODO: check
+CVE-2024-56232 (Cross-Site Request Forgery (CSRF) vulnerability in Alexander 
Volkov WP ...)
+   TODO: check
+CVE-2024-56231 (Improper Neutralization of Input During Web Page Generation 
('Cross-si ...)
+   TODO: check
+CVE-2024-56230 (Improper Control of Filename for Include/Require Statement in 
PHP Prog ...)
+   TODO: check
+CVE-2024-56229 (Cross-Site Request Forgery (CSRF) vulnerability in Searchiq 
SearchIQ.T ...)
+   TODO: check
+CVE-2024-56228 (Improper Neutralization of Input During Web Page Generation 
('Cross-si ...)
+   TODO: check
+CVE-2024-56227 (Missing Authorization vulnerability in WP Royal Royal 
Elementor Addons ...)
+   TODO: check
+CVE-2024-56226 (Improper Neutralization of Input During Web Page Generation 
('Cross-si ...)
+   TODO: check
+CVE-2024-56225 (Missing Authorization vulnerability in Leap13 Premium Addons 
for Eleme ...)
+   TODO: check
+CVE-2024-56224 (Improper Neutralization of Input During Web Page Generation 
('Cross-si ...)
+   TODO: check
+CVE-2024-56223 (Improper Neutralization of Input During Web Page Generation 
('Cross-si ...)
+   TODO: check
+CVE-2024-56222 (Cross-Site Request Forgery (CSRF) vulnerability in Codebard 
CodeBard H ...)
+   TODO: check
+CVE-2024-56221 (Improper Neutralization of Input During Web Page Generation 
('Cross-si ...)
+   TODO: check
+CVE-2024-56220 (Incorrect Privilege Assignment vulnerability in SSL Wireless 
SSL Wirel ...)
+   TODO: check
+CVE-2024-56219 (Missing Authorization vulnerability in MarketingFire Widget 
Options al ...)
+   TODO: check
+CVE-2024-56218 (Cross-Site Request Forgery (CSRF) vulnerability in AuRise 
Creative, Se ...)
+   TODO: check
+CVE-2024-56217 (Missing Authorization vulnerability in W3 Eden, Inc. Download 
Manager  ...)
+   TODO: check
+CVE-2024-56216 (Improper Control of Filename for Include/Require Statement in 
PHP Prog ...)
+   TODO: check
+CVE-2024-56215 (Missing Authorization vulnerability in Stephen Sherrard Member 
Directo ...)
+   TODO: check
+CVE-2024-56214 (Path Traversal: '.../...//' vulnerability in DeluxeThemes 
Userpro allo ...)
+   TODO: check
+CVE-2024-56213 (Path Traversal: '.../...//' vulnerability in Themewinter 
Eventin allow ...)
+   TODO: check
+CVE-2024-56212 (Improper Neutralization of Special Elements used in an SQL 
Command ('S ...)
+   TODO: check
+CVE-2024-56211 (Missing Authorization vulnerability in DeluxeThemes 
Userpro.This issue ...)
+   TODO: check
+CVE-2024-56210 (Improper Neutralization of Input During Web Page Generation 
('Cross-si ...)
+   TODO: check
+CVE-2024-56209 (Improper Neutralization of Input During Web Page Generation 
('Cross-si ...)
+   TODO: check
+CVE-2024-56207 (Cross-Site Request Forgery (CSRF) vulnerability in 
EditionGuard Dev Te ...)
+   TODO: check
+CVE-2024-56206 (Cross-Site Request Forgery (CSRF) vulnerability in Amarjeet 
Amar allow ...)
+   TODO: check
+CVE-2024-56205 (Incorrect Privilege Assignment vulnerability in AI Magic 
allows Privil ...)
+   TODO: check
+CVE-2024-56204 (Cross-Site Request Forgery (CSRF) vulnerability in Yonatan 
Reinberg of ...)
+   TODO: check
+CVE-2024-56203 (Cross-Site Request Forgery (CSRF) vulnerability in George 
Holmes II Wa ...)
+   TODO: check
+CVE-2024-56198 (path-sanitizer is a simple lightweight npm package for 
sanitizing path ...)
+   TODO: check
+CVE-2024-56071 (Incorrect Privilege Assignment vulnerability in Mike 
Leembruggen Simpl ...)
+   TODO: check
+CVE-2024-56070 (Missing Authorization vulnerability in Azzaroco WP SuperBackup 
allows  ...)
+   TODO: check
+CVE-2024-56068 (Deserialization of Untrusted Data vulnerability in Azzaroco WP 
SuperBa ...)
+   TODO: check
+CVE-2024-56067 (Missing

[Git][security-tracker-team/security-tracker][master] automatic update

2024-12-31 Thread Salvatore Bonaccorso (@carnil)


Salvatore Bonaccorso pushed to branch master at Debian Security Tracker / 
security-tracker


Commits:
120a7159 by security tracker role at 2024-12-31T08:12:01+00:00
automatic update

- - - - -


1 changed file:

- data/CVE/list


Changes:

=
data/CVE/list
=
@@ -1,3 +1,45 @@
+CVE-2024-45497 (A flaw was found in the OpenShift build process, where the 
docker-buil ...)
+   TODO: check
+CVE-2024-13058 (An issue exists in SoftIron HyperCloud  where authenticated, 
but non-a ...)
+   TODO: check
+CVE-2024-13051 (Ashlar-Vellum Graphite VC6 File Parsing Heap-based Buffer 
Overflow Rem ...)
+   TODO: check
+CVE-2024-13050 (Ashlar-Vellum Graphite VC6 File Parsing Heap-based Buffer 
Overflow Rem ...)
+   TODO: check
+CVE-2024-13049 (Ashlar-Vellum Cobalt XE File Parsing Type Confusion Remote 
Code Execut ...)
+   TODO: check
+CVE-2024-13048 (Ashlar-Vellum Cobalt XE File Parsing Out-Of-Bounds Write 
Remote Code E ...)
+   TODO: check
+CVE-2024-13047 (Ashlar-Vellum Cobalt CO File Parsing Type Confusion Remote 
Code Execut ...)
+   TODO: check
+CVE-2024-13046 (Ashlar-Vellum Cobalt CO File Parsing Out-Of-Bounds Write 
Remote Code E ...)
+   TODO: check
+CVE-2024-13045 (Ashlar-Vellum Cobalt AR File Parsing Stack-based Buffer 
Overflow Remot ...)
+   TODO: check
+CVE-2024-13044 (Ashlar-Vellum Cobalt AR File Parsing Out-Of-Bounds Write 
Remote Code E ...)
+   TODO: check
+CVE-2024-13043 (Panda Security Dome Link Following Local Privilege Escalation 
Vulnerab ...)
+   TODO: check
+CVE-2024-13042 (A vulnerability was found in Tsinghua Unigroup Electronic 
Archives Man ...)
+   TODO: check
+CVE-2024-13040 (The QOCA aim from Quanta Computer has an Authorization Bypass 
Through  ...)
+   TODO: check
+CVE-2024-12839 (The login mechanism via device authentication of CGFIDO from 
Changing  ...)
+   TODO: check
+CVE-2024-12838 (The passwordless login mechanism in CGFIDO from Changing 
Information T ...)
+   TODO: check
+CVE-2024-12753 (Foxit PDF Reader Link Following Local Privilege Escalation 
Vulnerabili ...)
+   TODO: check
+CVE-2024-12752 (Foxit PDF Reader AcroForm Memory Corruption Remote Code 
Execution Vuln ...)
+   TODO: check
+CVE-2024-12751 (Foxit PDF Reader AcroForm Out-Of-Bounds Read Remote Code 
Execution Vul ...)
+   TODO: check
+CVE-2024-11972 (The Hunk Companion WordPress plugin before 1.9.0 does not 
correctly au ...)
+   TODO: check
+CVE-2024-11946 (iXsystems TrueNAS CORE fetch_plugin_packagesites tar Cleartext 
Transmi ...)
+   TODO: check
+CVE-2024-11944 (iXsystems TrueNAS CORE tarfile.extractall Directory Traversal 
Remote C ...)
+   TODO: check
 CVE-2024-56801 (Tasklists provides plugin tasklists for GLPI. Versions prior 
to 2.0.4  ...)
NOT-FOR-US: Tasklists plugin for GLPI
 CVE-2024-56800 (Firecrawl is a web scraper that allows users to extract the 
content of ...)



View it on GitLab: 
https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/120a71597a0ff1c2910218d5c15e7f155d2e5d48

-- 
View it on GitLab: 
https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/120a71597a0ff1c2910218d5c15e7f155d2e5d48
You're receiving this email because of your account on salsa.debian.org.


___
debian-security-tracker-commits mailing list
debian-security-tracker-commits@alioth-lists.debian.net
https://alioth-lists.debian.net/cgi-bin/mailman/listinfo/debian-security-tracker-commits


[Git][security-tracker-team/security-tracker][master] automatic update

2024-12-30 Thread Salvatore Bonaccorso (@carnil)


Salvatore Bonaccorso pushed to branch master at Debian Security Tracker / 
security-tracker


Commits:
1f4d337a by security tracker role at 2024-12-30T20:12:09+00:00
automatic update

- - - - -


1 changed file:

- data/CVE/list


Changes:

=
data/CVE/list
=
@@ -1,3 +1,65 @@
+CVE-2024-56801 (Tasklists provides plugin tasklists for GLPI. Versions prior 
to 2.0.4  ...)
+   TODO: check
+CVE-2024-56800 (Firecrawl is a web scraper that allows users to extract the 
content of ...)
+   TODO: check
+CVE-2024-56799 (Simofa is a tool to help automate static website building and 
deployme ...)
+   TODO: check
+CVE-2024-56734 (Better Auth is an authentication library for TypeScript. An 
open redir ...)
+   TODO: check
+CVE-2024-56733 (Password Pusher is an open source application to communicate 
sensitive ...)
+   TODO: check
+CVE-2024-56517 (LGSL (Live Game Server List) provides online status lists for 
online v ...)
+   TODO: check
+CVE-2024-56516 (free-one-api allows users to access large language model 
reverse engin ...)
+   TODO: check
+CVE-2024-54181 (IBM WebSphere Automation 1.7.5 could allow a remote privileged 
user, w ...)
+   TODO: check
+CVE-2024-52294 (Khoj is a self-hostable artificial intelligence app. Prior to 
version  ...)
+   TODO: check
+CVE-2024-50703 (TeamPass before 3.1.3.1 does not properly prevent a user from 
acting w ...)
+   TODO: check
+CVE-2024-50702 (TeamPass before 3.1.3.1 does not properly check whether a 
mail_me (aka ...)
+   TODO: check
+CVE-2024-50701 (TeamPass before 3.1.3.1, when retrieving information about 
access righ ...)
+   TODO: check
+CVE-2024-47926 (Tecnick TCExam \u2013 CWE-89: Improper Neutralization of 
Special Eleme ...)
+   TODO: check
+CVE-2024-47925 (Tecnick TCExam \u2013 Multiple CWE-79: Improper Neutralization 
of Inpu ...)
+   TODO: check
+CVE-2024-47924 (Boa web server \u2013 CWE-79: Improper Neutralization of Input 
During  ...)
+   TODO: check
+CVE-2024-47923 (Mashov \u2013 CWE-200: Exposure of Sensitive Information to an 
Unautho ...)
+   TODO: check
+CVE-2024-47922 (Priority \u2013 CWE-200: Exposure of Sensitive Information to 
an Unaut ...)
+   TODO: check
+CVE-2024-47921 (Smadar SPS \u2013 CWE-327: Use of a Broken or Risky 
Cryptographic Algo ...)
+   TODO: check
+CVE-2024-47920 (Tiki Wiki CMS \u2013 CWE-79: Improper Neutralization of Input 
During W ...)
+   TODO: check
+CVE-2024-47919 (Tiki Wiki CMS \u2013 CWE-78: Improper Neutralization of 
Special Elemen ...)
+   TODO: check
+CVE-2024-47918 (Tiki Wiki CMS \u2013 CWE-80: Improper Neutralization of 
Script-Related ...)
+   TODO: check
+CVE-2024-47917 (CWE-79: Improper Neutralization of Input During Web Page 
Generation (' ...)
+   TODO: check
+CVE-2024-46542 (Veritas / Arctera Data Insight before 7.1.1 allows Application 
Adminis ...)
+   TODO: check
+CVE-2024-22063 (The ZENIC ONE R58 products by ZTE Corporation have a command 
injection ...)
+   TODO: check
+CVE-2024-12993 (Infinix devices contain a pre-loaded "com.rlk.weathers" 
application, t ...)
+   TODO: check
+CVE-2024-12836 (Delta Electronics DRASimuCAD STP File Parsing Type Confusion 
Remote Co ...)
+   TODO: check
+CVE-2024-12835 (Delta Electronics DRASimuCAD ICS File Parsing Out-Of-Bounds 
Write Remo ...)
+   TODO: check
+CVE-2024-12834 (Delta Electronics DRASimuCAD STP File Parsing Type Confusion 
Remote Co ...)
+   TODO: check
+CVE-2024-12828 (Webmin CGI Command Injection Remote Code Execution 
Vulnerability. This ...)
+   TODO: check
+CVE-2024-12754 (AnyDesk Link Following Information Disclosure Vulnerability. 
This vuln ...)
+   TODO: check
+CVE-2024-10044 (A Server-Side Request Forgery (SSRF) vulnerability exists in 
the POST  ...)
+   TODO: check
 CVE-2024-13039 (A vulnerability was found in code-projects Simple Chat System 
1.0. It  ...)
NOT-FOR-US: code-projects Simple Chat System
 CVE-2024-13038 (A vulnerability was found in CodeAstro Simple Loan Management 
System 1 ...)



View it on GitLab: 
https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/1f4d337a1afd2db9e92e1145acd77390d9615d26

-- 
View it on GitLab: 
https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/1f4d337a1afd2db9e92e1145acd77390d9615d26
You're receiving this email because of your account on salsa.debian.org.


___
debian-security-tracker-commits mailing list
debian-security-tracker-commits@alioth-lists.debian.net
https://alioth-lists.debian.net/cgi-bin/mailman/listinfo/debian-security-tracker-commits


[Git][security-tracker-team/security-tracker][master] automatic update

2024-12-30 Thread Salvatore Bonaccorso (@carnil)


Salvatore Bonaccorso pushed to branch master at Debian Security Tracker / 
security-tracker


Commits:
a650b5bc by security tracker role at 2024-12-30T08:12:05+00:00
automatic update

- - - - -


1 changed file:

- data/CVE/list


Changes:

=
data/CVE/list
=
@@ -1,3 +1,33 @@
+CVE-2024-13039 (A vulnerability was found in code-projects Simple Chat System 
1.0. It  ...)
+   TODO: check
+CVE-2024-13038 (A vulnerability was found in CodeAstro Simple Loan Management 
System 1 ...)
+   TODO: check
+CVE-2024-13037 (A vulnerability was found in 1000 Projects Attendance Tracking 
Managem ...)
+   TODO: check
+CVE-2024-13036 (A vulnerability was found in code-projects Chat System 1.0 and 
classif ...)
+   TODO: check
+CVE-2024-13035 (A vulnerability has been found in code-projects Chat System 
1.0 and cl ...)
+   TODO: check
+CVE-2024-13034 (A vulnerability, which was classified as problematic, was 
found in cod ...)
+   TODO: check
+CVE-2024-13033 (A vulnerability, which was classified as problematic, has been 
found i ...)
+   TODO: check
+CVE-2024-13032 (A vulnerability classified as problematic was found in Antabot 
White-J ...)
+   TODO: check
+CVE-2024-13031 (A vulnerability classified as problematic has been found in 
Antabot Wh ...)
+   TODO: check
+CVE-2024-13030 (A vulnerability was found in D-Link DIR-823G 
1.0.2B05_20181207. It has ...)
+   TODO: check
+CVE-2024-13029 (A vulnerability, which was classified as problematic, was 
found in Ant ...)
+   TODO: check
+CVE-2024-13028 (A vulnerability, which was classified as problematic, has been 
found i ...)
+   TODO: check
+CVE-2024-13025 (A vulnerability was found in Codezips College Management 
System 1.0. I ...)
+   TODO: check
+CVE-2024-13024 (A vulnerability was found in Codezips Blood Bank Management 
System 1.0 ...)
+   TODO: check
+CVE-2024-13023 (A vulnerability has been found in PHPGurukul Maid Hiring 
Management Sy ...)
+   TODO: check
 CVE-2024-13022 (A vulnerability, which was classified as critical, was found 
in taisan ...)
NOT-FOR-US: taisan tarzan-cms
 CVE-2024-13021 (A vulnerability, which was classified as problematic, has been 
found i ...)



View it on GitLab: 
https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/a650b5bcb694af6a055fcb7ee2838241b05d80af

-- 
View it on GitLab: 
https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/a650b5bcb694af6a055fcb7ee2838241b05d80af
You're receiving this email because of your account on salsa.debian.org.


___
debian-security-tracker-commits mailing list
debian-security-tracker-commits@alioth-lists.debian.net
https://alioth-lists.debian.net/cgi-bin/mailman/listinfo/debian-security-tracker-commits


[Git][security-tracker-team/security-tracker][master] automatic update

2024-12-29 Thread Salvatore Bonaccorso (@carnil)


Salvatore Bonaccorso pushed to branch master at Debian Security Tracker / 
security-tracker


Commits:
a2c426e0 by security tracker role at 2024-12-29T20:12:08+00:00
automatic update

- - - - -


1 changed file:

- data/CVE/list


Changes:

=
data/CVE/list
=
@@ -1,148 +1,174 @@
-CVE-2024-56756 [nvme-pci: fix freeing of the HMB descriptor table]
+CVE-2024-13022 (A vulnerability, which was classified as critical, was found 
in taisan ...)
+   TODO: check
+CVE-2024-13021 (A vulnerability, which was classified as problematic, has been 
found i ...)
+   TODO: check
+CVE-2024-13020 (A vulnerability classified as critical was found in 
code-projects Chat ...)
+   TODO: check
+CVE-2024-13019 (A vulnerability classified as problematic has been found in 
code-proje ...)
+   TODO: check
+CVE-2024-13018 (A vulnerability was found in PHPGurukul Maid Hiring Management 
System  ...)
+   TODO: check
+CVE-2024-13017 (A vulnerability was found in PHPGurukul Maid Hiring Management 
System  ...)
+   TODO: check
+CVE-2024-13016 (A vulnerability was found in PHPGurukul Maid Hiring Management 
System  ...)
+   TODO: check
+CVE-2024-13015 (A vulnerability was found in PHPGurukul Maid Hiring Management 
System  ...)
+   TODO: check
+CVE-2024-13014 (A vulnerability has been found in PHPGurukul Maid Hiring 
Management Sy ...)
+   TODO: check
+CVE-2024-13013 (A vulnerability, which was classified as problematic, was 
found in PHP ...)
+   TODO: check
+CVE-2024-13012 (A vulnerability, which was classified as problematic, has been 
found i ...)
+   TODO: check
+CVE-2024-13008 (A vulnerability has been found in code-projects Responsive 
Hotel Site  ...)
+   TODO: check
+CVE-2024-13007 (A vulnerability, which was classified as critical, was found 
in Codezi ...)
+   TODO: check
+CVE-2024-56756 (In the Linux kernel, the following vulnerability has been 
resolved:  n ...)
- linux 6.12.3-1
NOTE: 
https://git.kernel.org/linus/3c2fb1ca8086eb139b2a551358137525ae8e0d7a (6.13-rc1)
-CVE-2024-56755 [netfs/fscache: Add a memory barrier for 
FSCACHE_VOLUME_CREATING]
+CVE-2024-56755 (In the Linux kernel, the following vulnerability has been 
resolved:  n ...)
- linux 6.12.3-1
[bullseye] - linux  (Vulnerable code not present)
NOTE: 
https://git.kernel.org/linus/22f9400a6f3560629478e0a64247b8fcc811a24d (6.13-rc1)
-CVE-2024-56754 [crypto: caam - Fix the pointer passed to caam_qi_shutdown()]
+CVE-2024-56754 (In the Linux kernel, the following vulnerability has been 
resolved:  c ...)
- linux 6.12.3-1
NOTE: 
https://git.kernel.org/linus/ad980b04f51f7fb503530bd1cb328ba5e75a250e (6.13-rc1)
-CVE-2024-56753 [drm/amdgpu/gfx9: Add Cleaner Shader Deinitialization in 
gfx_v9_0 Module]
+CVE-2024-56753 (In the Linux kernel, the following vulnerability has been 
resolved:  d ...)
- linux  (Vulnerable code not present)
NOTE: 
https://git.kernel.org/linus/e47cb9d2533200d49dd5364d4a148119492f8a3d (6.13-rc1)
-CVE-2024-56752 [drm/nouveau/gr/gf100: Fix missing unlock in 
gf100_gr_chan_new()]
+CVE-2024-56752 (In the Linux kernel, the following vulnerability has been 
resolved:  d ...)
- linux 6.12.3-1
[bookworm] - linux  (Vulnerable code not present)
[bullseye] - linux  (Vulnerable code not present)
NOTE: 
https://git.kernel.org/linus/a2f599046c671d6b46d93aed95b37241ce4504cf (6.13-rc1)
-CVE-2024-56751 [ipv6: release nexthop on device removal]
+CVE-2024-56751 (In the Linux kernel, the following vulnerability has been 
resolved:  i ...)
- linux 6.12.3-1
[bookworm] - linux  (Vulnerable code not present)
[bullseye] - linux  (Vulnerable code not present)
NOTE: 
https://git.kernel.org/linus/eb02688c5c45c3e7af7e71f036a7144f5639cbfe (6.13-rc1)
-CVE-2024-56750 [erofs: fix blksize < PAGE_SIZE for file-backed mounts]
+CVE-2024-56750 (In the Linux kernel, the following vulnerability has been 
resolved:  e ...)
- linux  (Vulnerable code not present)
NOTE: 
https://git.kernel.org/linus/bae0854160939a64a092516ff1b2f221402b843b (6.13-rc1)
-CVE-2024-56749 [dlm: fix dlm_recover_members refcount on error]
+CVE-2024-56749 (In the Linux kernel, the following vulnerability has been 
resolved:  d ...)
- linux 6.12.3-1
[bookworm] - linux  (Vulnerable code not present)
[bullseye] - linux  (Vulnerable code not present)
NOTE: 
https://git.kernel.org/linus/200b977ebbc313a59174ba971006a231b3533dc5 (6.13-rc1)
-CVE-2024-56748 [scsi: qedf: Fix a possible memory leak in 
qedf_alloc_and_init_sb()]
+CVE-2024-56748 (In the Linux kernel, the following vulnerability has been 
resolved:  s ...)
- linux 6.12.3-1
NOTE: 
https://git.kernel.org/linus/c62c30429db3eb4ced35c7fcf6f04a61ce3a01bb (6.13-rc1)
-CVE-2024-56747 [scsi: qedi: Fix a possible memory leak in 
qedi_alloc_and_init_sb()]
+CVE-2024

[Git][security-tracker-team/security-tracker][master] automatic update

2024-12-29 Thread Salvatore Bonaccorso (@carnil)


Salvatore Bonaccorso pushed to branch master at Debian Security Tracker / 
security-tracker


Commits:
035465c4 by security tracker role at 2024-12-29T08:12:42+00:00
automatic update

- - - - -


1 changed file:

- data/CVE/list


Changes:

=
data/CVE/list
=
@@ -1,3 +1,29 @@
+CVE-2024-56738 (GNU GRUB (aka GRUB2) through 2.12 does not use a constant-time 
algorit ...)
+   TODO: check
+CVE-2024-56737 (GNU GRUB (aka GRUB2) through 2.12 has a heap-based buffer 
overflow in  ...)
+   TODO: check
+CVE-2024-13006 (A vulnerability, which was classified as critical, has been 
found in 1 ...)
+   TODO: check
+CVE-2024-13005 (A vulnerability classified as critical was found in 1000 
Projects Atte ...)
+   TODO: check
+CVE-2024-13004 (A vulnerability classified as critical has been found in 
PHPGurukul Co ...)
+   TODO: check
+CVE-2024-13003 (A vulnerability was found in 1000 Projects Portfolio 
Management System ...)
+   TODO: check
+CVE-2024-13002 (A vulnerability was found in 1000 Projects Bookstore 
Management System ...)
+   TODO: check
+CVE-2024-13001 (A vulnerability was found in PHPGurukul Small CRM 1.0. It has 
been cla ...)
+   TODO: check
+CVE-2024-13000 (A vulnerability was found in PHPGurukul Small CRM 1.0 and 
classified a ...)
+   TODO: check
+CVE-2024-12999 (A vulnerability has been found in PHPGurukul Small CRM 1.0 and 
classif ...)
+   TODO: check
+CVE-2024-12998 (A vulnerability, which was classified as problematic, was 
found in cod ...)
+   TODO: check
+CVE-2024-12238 (The The Ninja Forms \u2013 The Contact Form Builder That Grows 
With Yo ...)
+   TODO: check
+CVE-2018-25107 (The Crypt::Random::Source package before 0.13 for Perl has a 
fallback  ...)
+   TODO: check
 CVE-2024-56512 (Apache NiFi 1.10.0 through 2.0.0 are missing fine-grained 
authorizatio ...)
NOT-FOR-US: Apache NiFi
 CVE-2024-12995 (A vulnerability classified as problematic has been found in 
ruifang-te ...)



View it on GitLab: 
https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/035465c46ca80598497249bdbe0f62105156eb2f

-- 
View it on GitLab: 
https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/035465c46ca80598497249bdbe0f62105156eb2f
You're receiving this email because of your account on salsa.debian.org.


___
debian-security-tracker-commits mailing list
debian-security-tracker-commits@alioth-lists.debian.net
https://alioth-lists.debian.net/cgi-bin/mailman/listinfo/debian-security-tracker-commits


[Git][security-tracker-team/security-tracker][master] automatic update

2024-12-28 Thread Salvatore Bonaccorso (@carnil)


Salvatore Bonaccorso pushed to branch master at Debian Security Tracker / 
security-tracker


Commits:
c0550009 by security tracker role at 2024-12-28T20:12:09+00:00
automatic update

- - - - -


1 changed file:

- data/CVE/list


Changes:

=
data/CVE/list
=
@@ -1,128 +1,134 @@
-CVE-2024-56708 [EDAC/igen6: Avoid segmentation fault on module unload]
+CVE-2024-56512 (Apache NiFi 1.10.0 through 2.0.0 are missing fine-grained 
authorizatio ...)
+   TODO: check
+CVE-2024-12995 (A vulnerability classified as problematic has been found in 
ruifang-te ...)
+   TODO: check
+CVE-2024-12994 (A vulnerability was found in running-elephant Datart 
1.0.0-rc3. It has ...)
+   TODO: check
+CVE-2024-56708 (In the Linux kernel, the following vulnerability has been 
resolved:  E ...)
- linux 6.12.3-1
[bullseye] - linux  (Vulnerable code not present)
NOTE: 
https://git.kernel.org/linus/fefaae90398d38a1100ccd73b46ab55ff4610fba (6.13-rc1)
-CVE-2024-56707 [octeontx2-pf: handle otx2_mbox_get_rsp errors in 
otx2_dmac_flt.c]
+CVE-2024-56707 (In the Linux kernel, the following vulnerability has been 
resolved:  o ...)
- linux 6.12.3-1
[bullseye] - linux  (Vulnerable code not present)
NOTE: 
https://git.kernel.org/linus/f5b942e6c54b13246ee49d42dcfb71b7f29e3c64 (6.13-rc1)
-CVE-2024-56706 [s390/cpum_sf: Fix and protect memory allocation of SDBs with 
mutex]
+CVE-2024-56706 (In the Linux kernel, the following vulnerability has been 
resolved:  s ...)
- linux  (Vulnerable code not present)
NOTE: 
https://git.kernel.org/linus/f55bd479d8663a4a4e403b3d308d3d1aa33d92df (6.13-rc1)
-CVE-2024-56705 [media: atomisp: Add check for rgby_data memory allocation 
failure]
+CVE-2024-56705 (In the Linux kernel, the following vulnerability has been 
resolved:  m ...)
- linux 6.12.3-1
NOTE: 
https://git.kernel.org/linus/ed61c59139509f76d3592683c90dc3fdc6e23cd6 (6.13-rc1)
-CVE-2024-56704 [9p/xen: fix release of IRQ]
+CVE-2024-56704 (In the Linux kernel, the following vulnerability has been 
resolved:  9 ...)
- linux 6.12.3-1
NOTE: 
https://git.kernel.org/linus/e43c608f40c065b30964f0a806348062991b802d (6.13-rc1)
-CVE-2024-56703 [ipv6: Fix soft lockups in fib6_select_path under high next hop 
churn]
+CVE-2024-56703 (In the Linux kernel, the following vulnerability has been 
resolved:  i ...)
- linux 6.12.3-1
NOTE: 
https://git.kernel.org/linus/d9ccb18f83ea2bb654289b6ecf014fd267cc988b (6.13-rc1)
-CVE-2024-56702 [bpf: Mark raw_tp arguments with PTR_MAYBE_NULL]
+CVE-2024-56702 (In the Linux kernel, the following vulnerability has been 
resolved:  b ...)
- linux 6.12.3-1
[bookworm] - linux  (Vulnerable code not present)
[bullseye] - linux  (Vulnerable code not present)
NOTE: 
https://git.kernel.org/linus/cb4158ce8ec8a5bb528cc1693356a5eb8058094d (6.13-rc1)
-CVE-2024-56701 [powerpc/pseries: Fix dtl_access_lock to be a rw_semaphore]
+CVE-2024-56701 (In the Linux kernel, the following vulnerability has been 
resolved:  p ...)
- linux 6.12.3-1
[bookworm] - linux  (Vulnerable code not present)
[bullseye] - linux  (Vulnerable code not present)
NOTE: 
https://git.kernel.org/linus/cadae3a45d23aa4f6485938a67cbc4725e38 (6.13-rc1)
-CVE-2024-56700 [media: wl128x: Fix atomicity violation in fmc_send_cmd()]
+CVE-2024-56700 (In the Linux kernel, the following vulnerability has been 
resolved:  m ...)
- linux 6.12.3-1
NOTE: 
https://git.kernel.org/linus/ca59f9956d4519ab18ab2270be47c6b8c6ced091 (6.13-rc1)
-CVE-2024-56699 [s390/pci: Fix potential double remove of hotplug slot]
+CVE-2024-56699 (In the Linux kernel, the following vulnerability has been 
resolved:  s ...)
- linux 6.12.3-1
[bookworm] - linux  (Vulnerable code not present)
[bullseye] - linux  (Vulnerable code not present)
NOTE: 
https://git.kernel.org/linus/c4a585e952ca403a370586d3f16e8331a7564901 (6.13-rc1)
-CVE-2024-56698 [usb: dwc3: gadget: Fix looping of queued SG entries]
+CVE-2024-56698 (In the Linux kernel, the following vulnerability has been 
resolved:  u ...)
- linux 6.12.3-1
NOTE: 
https://git.kernel.org/linus/b7fc65f5141c24785dc8c19249ca4efcf71b3524 (6.13-rc1)
-CVE-2024-56697 [drm/amdgpu: Fix the memory allocation issue in 
amdgpu_discovery_get_nps_info()]
+CVE-2024-56697 (In the Linux kernel, the following vulnerability has been 
resolved:  d ...)
- linux 6.12.3-1
[bookworm] - linux  (Vulnerable code not present)
[bullseye] - linux  (Vulnerable code not present)
NOTE: 
https://git.kernel.org/linus/a1144da794adedb9447437c57d69add56494309d (6.13-rc1)
-CVE-2024-56696 [ALSA: core: Fix possible NULL dereference caused by 
kunit_kzalloc()]
+CVE-2024-56696 (In the Linux kernel, the following vulnerability has been 
resolved:  A ...)
- linux 6.12.3-1

[Git][security-tracker-team/security-tracker][master] automatic update

2024-12-28 Thread Salvatore Bonaccorso (@carnil)


Salvatore Bonaccorso pushed to branch master at Debian Security Tracker / 
security-tracker


Commits:
d0883c68 by security tracker role at 2024-12-28T08:12:01+00:00
automatic update

- - - - -


1 changed file:

- data/CVE/list


Changes:

=
data/CVE/list
=
@@ -1,3 +1,29 @@
+CVE-2024-54775 (Dcat-Admin v2.2.0-beta and v2.2.2-beta contains a Cross-Site 
Scripting ...)
+   TODO: check
+CVE-2024-54774 (Dcat Admin v2.2.0-beta contains a cross-site scripting (XSS) 
vulnerabi ...)
+   TODO: check
+CVE-2024-50717 (SQL injection vulnerability in Smart Agent v.1.1.0 allows a 
remote att ...)
+   TODO: check
+CVE-2024-50716 (SQL injection vulnerability in Smart Agent v.1.1.0 allows a 
remote att ...)
+   TODO: check
+CVE-2024-50715 (An issue in smarts-srl.com Smart Agent v.1.1.0 allows a remote 
attacke ...)
+   TODO: check
+CVE-2024-50714 (A Server-Side Request Forgery (SSRF) in smarts-srl.com Smart 
Agent v.1 ...)
+   TODO: check
+CVE-2024-50713 (SmartAgent v1.1.0 was discovered to contain a SQL injection 
vulnerabil ...)
+   TODO: check
+CVE-2024-46973 (Software installed and run as a non-privileged user may 
conduct improp ...)
+   TODO: check
+CVE-2024-46972 (Software installed and run as a non-privileged user may 
conduct improp ...)
+   TODO: check
+CVE-2024-43705 (Software installed and run as a non-privileged user can 
trigger the GP ...)
+   TODO: check
+CVE-2023-7266 (Some Huawei home routers have a connection hijacking 
vulnerability. Su ...)
+   TODO: check
+CVE-2023-7263 (Some Huawei home music system products have a path traversal 
vulnerabi ...)
+   TODO: check
+CVE-2023-52718 (A connection hijacking vulnerability exists in some Huawei 
home router ...)
+   TODO: check
 CVE-2024-56732 (HarfBuzz is a text shaping engine. Starting with 8.5.0 through 
10.0.1, ...)
- harfbuzz 
NOTE: 
https://github.com/harfbuzz/harfbuzz/security/advisories/GHSA-qmp9-xqm5-jh6m
@@ -46645,7 +46671,7 @@ CVE-2024-38523 (Hush Line is a free and open-source, 
anonymous-tip-line-as-a-ser
NOT-FOR-US: Hush Line
 CVE-2024-38515
REJECTED
-CVE-2024-35260 (An authenticated attacker can exploit an Untrusted Search Path 
vulnera ...)
+CVE-2024-35260 (An authenticated attacker can exploit an untrusted search path 
vulnera ...)
NOT-FOR-US: Microsoft
 CVE-2024-35153 (IBM WebSphere Application Server 8.5 and 9.0 is vulnerable to 
cross-si ...)
NOT-FOR-US: IBM
@@ -135890,8 +135916,8 @@ CVE-2022-48472 (A Huawei printer has a system command 
injection vulnerability. S
NOT-FOR-US: Huawei
 CVE-2022-48471 (There is a misinterpretation of input vulnerability in Huawei 
Printer. ...)
NOT-FOR-US: Huawei
-CVE-2022-48470
-   RESERVED
+CVE-2022-48470 (Huawei HiLink AI Life product has an identity authentication 
bypass vu ...)
+   TODO: check
 CVE-2022-48469 (There is a traffic hijacking vulnerability in Huawei routers. 
Successf ...)
NOT-FOR-US: Huawei
 CVE-2014-125099 (A vulnerability has been found in I Recommend This Plugin up 
to 3.7.2  ...)
@@ -272536,8 +272562,8 @@ CVE-2021-37002 (There is a Memory out-of-bounds 
access vulnerability in Huawei S
NOT-FOR-US: Huawei
 CVE-2021-37001 (There is a Register tampering vulnerability in Huawei 
Smartphone.Succe ...)
NOT-FOR-US: Huawei
-CVE-2021-37000
-   RESERVED
+CVE-2021-37000 (Some Huawei wearables have a permission management 
vulnerability.)
+   TODO: check
 CVE-2021-36999 (There is a Buffer overflow vulnerability in Huawei 
Smartphone.Successf ...)
NOT-FOR-US: Huawei
 CVE-2021-36998 (There is an Improper verification vulnerability in Huawei 
Smartphone.S ...)
@@ -309276,8 +309302,8 @@ CVE-2021-22486 (There is a issue of Unstandardized 
field names in Huawei Smartph
NOT-FOR-US: Huawei
 CVE-2021-22485 (There is a SSID vulnerability with Wi-Fi network connections 
in Huawei ...)
NOT-FOR-US: Huawei
-CVE-2021-22484
-   RESERVED
+CVE-2021-22484 (Some Huawei wearables have a vulnerability of not verifying 
the actual ...)
+   TODO: check
 CVE-2021-22483 (There is a issue of IP address spoofing in Huawei Smartphone. 
Successf ...)
NOT-FOR-US: Huawei
 CVE-2021-22482 (There is an Uninitialized variable vulnerability in Huawei 
Smartphone. ...)
@@ -394523,16 +394549,16 @@ CVE-2020-1826 (Huawei Honor Magic2 mobile phones 
with versions earlier than 10.0
NOT-FOR-US: Huawei
 CVE-2020-1825 (FusionAccess with versions earlier than 6.5.1.SPC002 have a 
Denial of  ...)
NOT-FOR-US: Huawei
-CVE-2020-1824
-   RESERVED
-CVE-2020-1823
-   RESERVED
-CVE-2020-1822
-   RESERVED
-CVE-2020-1821
-   RESERVED
-CVE-2020-1820
-   RESERVED
+CVE-2020-1824 (There are multiple out of bounds (OOB) read vulnerabilities in 
the imp ...)
+   TODO: check
+CVE-2020-1823 (There are multiple out of bounds (OOB) read vulnerabilities in 
th

[Git][security-tracker-team/security-tracker][master] automatic update

2024-12-27 Thread Salvatore Bonaccorso (@carnil)


Salvatore Bonaccorso pushed to branch master at Debian Security Tracker / 
security-tracker


Commits:
9ff32a32 by security tracker role at 2024-12-27T20:12:58+00:00
automatic update

- - - - -


1 changed file:

- data/CVE/list


Changes:

=
data/CVE/list
=
@@ -1,848 +1,894 @@
-CVE-2024-56675 [bpf: Fix UAF via mismatching bpf_prog/attachment RCU flavors]
+CVE-2024-56732 (HarfBuzz is a text shaping engine. Starting with 8.5.0 through 
10.0.1, ...)
+   TODO: check
+CVE-2024-56509 (changedetection.io is a free open source web page change 
detection, we ...)
+   TODO: check
+CVE-2024-56508 (LinkAce is a self-hosted archive to collect links of your 
favorite web ...)
+   TODO: check
+CVE-2024-56507 (LinkAce is a self-hosted archive to collect links of your 
favorite web ...)
+   TODO: check
+CVE-2024-54454 (An issue was discovered in Kurmi Provisioning Suite before 
7.9.0.35, 7 ...)
+   TODO: check
+CVE-2024-54453 (An issue was discovered in Kurmi Provisioning Suite before 
7.9.0.35, 7 ...)
+   TODO: check
+CVE-2024-54452 (An issue was discovered in Kurmi Provisioning Suite before 
7.9.0.35 an ...)
+   TODO: check
+CVE-2024-54451 (A cross-site scripting (XSS) vulnerability in the 
graphicCustomization ...)
+   TODO: check
+CVE-2024-54450 (An issue was discovered in Kurmi Provisioning Suite 7.9.0.33. 
If an X- ...)
+   TODO: check
+CVE-2024-53476 (A race condition vulnerability in SimplCommerce at commit 
230310c8d7a0 ...)
+   TODO: check
+CVE-2024-50945 (An improper access control vulnerability exists in 
SimplCommerce at co ...)
+   TODO: check
+CVE-2024-50944 (Integer overflow vulnerability exists in SimplCommerce at 
commit 23031 ...)
+   TODO: check
+CVE-2024-3393 (A Denial of Service vulnerability in the DNS Security feature 
of Palo  ...)
+   TODO: check
+CVE-2024-39025 (Incorrect access control in the /users endpoint of Cpacker 
MemGPT v0.3 ...)
+   TODO: check
+CVE-2024-12991 (A vulnerability was found in Beijing Longda Jushang Technology 
DBShop\ ...)
+   TODO: check
+CVE-2024-12990 (A vulnerability was found in ruifang-tech Rebuild 3.8.6. It 
has been c ...)
+   TODO: check
+CVE-2024-12989 (A vulnerability was found in WISI Tangram GT31 up to 20241214 
and clas ...)
+   TODO: check
+CVE-2024-12988 (A vulnerability has been found in Netgear R6900P and R7000P 
1.3.3.154  ...)
+   TODO: check
+CVE-2024-12987 (A vulnerability, which was classified as critical, was found 
in DrayTe ...)
+   TODO: check
+CVE-2024-12986 (A vulnerability, which was classified as critical, has been 
found in D ...)
+   TODO: check
+CVE-2024-12985 (A vulnerability classified as critical was found in Overtek 
OT-E801G O ...)
+   TODO: check
+CVE-2024-12984 (A vulnerability classified as problematic has been found in 
Amcrest IP ...)
+   TODO: check
+CVE-2024-12856 (The Four-Faith router models F3x24 and F3x36 are affected by 
an operat ...)
+   TODO: check
+CVE-2024-56675 (In the Linux kernel, the following vulnerability has been 
resolved:  b ...)
- linux 6.12.6-1
[bullseye] - linux  (Vulnerable code not present)
NOTE: 
https://git.kernel.org/linus/ef1b808e3b7c98612feceedf985c2fbbeb28f956 (6.13-rc3)
-CVE-2024-56674 [virtio_net: correct netdev_tx_reset_queue() invocation point]
+CVE-2024-56674 (In the Linux kernel, the following vulnerability has been 
resolved:  v ...)
- linux 6.12.6-1
[bookworm] - linux  (Vulnerable code not present)
[bullseye] - linux  (Vulnerable code not present)
NOTE: 
https://git.kernel.org/linus/3ddccbefebdbe0c4c72a248676e4d39ac66a8e26 (6.13-rc3)
-CVE-2024-56673 [riscv: mm: Do not call pmd dtor on vmemmap page table teardown]
+CVE-2024-56673 (In the Linux kernel, the following vulnerability has been 
resolved:  r ...)
- linux 6.12.6-1
[bookworm] - linux  (Vulnerable code not present)
[bullseye] - linux  (Vulnerable code not present)
NOTE: 
https://git.kernel.org/linus/21f1b85c8912262adf51707e63614a114425eb10 (6.13-rc3)
-CVE-2024-56672 [blk-cgroup: Fix UAF in blkcg_unpin_online()]
+CVE-2024-56672 (In the Linux kernel, the following vulnerability has been 
resolved:  b ...)
- linux 6.12.6-1
NOTE: 
https://git.kernel.org/linus/86e6ca55b83c575ab0f2e105cf08f98e58d3d7af (6.13-rc3)
-CVE-2024-56671 [gpio: graniterapids: Fix vGPIO driver crash]
+CVE-2024-56671 (In the Linux kernel, the following vulnerability has been 
resolved:  g ...)
- linux 6.12.6-1
NOTE: 
https://git.kernel.org/linus/eb9640fd1ce10b77f5997596e9570a36378f (6.13-rc3)
-CVE-2024-56670 [usb: gadget: u_serial: Fix the issue that gs_start_io crashed 
due to accessing null pointer]
+CVE-2024-56670 (In the Linux kernel, the following vulnerability has been 
resolved:  u ...)
- linux 6.12.6-1
NOTE: 
https://git.kernel.org/linus/4cfbca86f6a8b801f3254e0

[Git][security-tracker-team/security-tracker][master] automatic update

2024-12-27 Thread Salvatore Bonaccorso (@carnil)


Salvatore Bonaccorso pushed to branch master at Debian Security Tracker / 
security-tracker


Commits:
6ccf538f by security tracker role at 2024-12-27T08:12:04+00:00
automatic update

- - - - -


1 changed file:

- data/CVE/list


Changes:

=
data/CVE/list
=
@@ -1,3 +1,61 @@
+CVE-2024-56527 (An issue was discovered in TCPDF before 6.8.0. The Error 
function lack ...)
+   TODO: check
+CVE-2024-56522 (An issue was discovered in TCPDF before 6.8.0. 
unserializeTCPDFtag use ...)
+   TODO: check
+CVE-2024-56521 (An issue was discovered in TCPDF before 6.8.0. If libcurl is 
used, CUR ...)
+   TODO: check
+CVE-2024-56520 (An issue was discovered in tc-lib-pdf-font before 2.6.4, as 
used in TC ...)
+   TODO: check
+CVE-2024-56519 (An issue was discovered in TCPDF before 6.8.0. setSVGStyles 
does not s ...)
+   TODO: check
+CVE-2024-56510 (@marp-team/marp-core is the core for Marp, which is the 
ecosystem to w ...)
+   TODO: check
+CVE-2024-56361 (LGSL (Live Game Server List) provides online status for games. 
Before  ...)
+   TODO: check
+CVE-2024-55950 (Tabby (formerly Terminus) is a highly configurable terminal 
emulator.  ...)
+   TODO: check
+CVE-2024-53850 (The Addressing GLPI plugin enables you to create IP reports 
for visual ...)
+   TODO: check
+CVE-2024-45805 (OpenCTI is an open-source cyber threat intelligence platform. 
Before 6 ...)
+   TODO: check
+CVE-2024-45600 (Fields is a GLPI plugin that allows users to add custom fields 
on GLPI ...)
+   TODO: check
+CVE-2024-12983 (A vulnerability classified as problematic has been found in 
code-proje ...)
+   TODO: check
+CVE-2024-12982 (A vulnerability was found in PHPGurukul Blood Bank & Donor 
Management  ...)
+   TODO: check
+CVE-2024-12981 (A vulnerability was found in CodeAstro Car Rental System 1.0. 
It has b ...)
+   TODO: check
+CVE-2024-12980 (A vulnerability was found in code-projects Job Recruitment 
1.0. It has ...)
+   TODO: check
+CVE-2024-12979 (A vulnerability was found in code-projects Job Recruitment 1.0 
and cla ...)
+   TODO: check
+CVE-2024-12978 (A vulnerability has been found in code-projects Job 
Recruitment 1.0 an ...)
+   TODO: check
+CVE-2024-12977 (A vulnerability, which was classified as critical, was found 
in PHPGur ...)
+   TODO: check
+CVE-2024-12976 (A vulnerability, which was classified as critical, has been 
found in C ...)
+   TODO: check
+CVE-2024-12969 (A vulnerability, which was classified as critical, has been 
found in c ...)
+   TODO: check
+CVE-2024-12968 (A vulnerability classified as critical was found in 
code-projects Job  ...)
+   TODO: check
+CVE-2024-12967 (A vulnerability classified as critical has been found in 
code-projects ...)
+   TODO: check
+CVE-2024-12966 (A vulnerability was found in code-projects Job Recruitment 
1.0. It has ...)
+   TODO: check
+CVE-2024-12965 (A vulnerability was found in 1000 Projects Portfolio 
Management System ...)
+   TODO: check
+CVE-2024-11921 (The GiveWP  WordPress plugin before 3.19.0 does not sanitise 
and escap ...)
+   TODO: check
+CVE-2024-11842 (The DN Shipping by Weight for WooCommerce WordPress plugin 
before 1.2  ...)
+   TODO: check
+CVE-2024-11645 (The float block WordPress plugin through 1.7 does not sanitise 
and esc ...)
+   TODO: check
+CVE-2024-11644 (The WP-SVG WordPress plugin through 0.9 does not validate and 
escape s ...)
+   TODO: check
+CVE-2024-11605 (The wp-publications WordPress plugin through 1.2 does not 
escape filen ...)
+   TODO: check
 CVE-2024-8994 (Some Honor products are affected by information leak 
vulnerability, su ...)
NOT-FOR-US: Honor
 CVE-2024-8993 (Some Honor products are affected by information leak 
vulnerability, su ...)
@@ -4351,6 +4409,7 @@ CVE-2024-55566 (ColPack 1.0.10 through 9a7293a has a 
predictable temporary file
NOTE: https://bugzilla.suse.com/show_bug.cgi?id=1225617
NOTE: Negligible security impact with fs.protected_symlinks=1 being the 
standard in Debian
 CVE-2024-55565 (nanoid (aka Nano ID) before 5.0.9 mishandles non-integer 
values. 3.3.8 ...)
+   {DLA-4003-1}
- node-postcss 8.4.49+~cs9.2.32-1
[bookworm] - node-postcss  (Minor issue)
NOTE: node-postcss bundles nanoid
@@ -19519,7 +19578,7 @@ CVE-2024-10134 (A vulnerability was found in ESAFENET 
CDG 5 and classified as cr
NOT-FOR-US: ESAFENET CDG
 CVE-2024-10133 (A vulnerability has been found in ESAFENET CDG 5 and 
classified as cri ...)
NOT-FOR-US: ESAFENET CDG
-CVE-2024-9774
+CVE-2024-9774 (A vulnerability was found in python-sql where unary operators 
do not e ...)
{DSA-5795-1 DLA-3932-1}
- python-sql 1.5.2-1
NOTE: https://discuss.tryton.org/t/security-release-for-issue-93
@@ -114501,6 +114560,7 @@ CVE-2023-5227 (Unrestricted Upload of File with 
Dangerous Type in GitHub reposit

[Git][security-tracker-team/security-tracker][master] automatic update

2024-12-26 Thread Salvatore Bonaccorso (@carnil)


Salvatore Bonaccorso pushed to branch master at Debian Security Tracker / 
security-tracker


Commits:
c7e3d089 by security tracker role at 2024-12-26T20:12:18+00:00
automatic update

- - - - -


1 changed file:

- data/CVE/list


Changes:

=
data/CVE/list
=
@@ -1,3 +1,79 @@
+CVE-2024-8994 (Some Honor products are affected by information leak 
vulnerability, su ...)
+   TODO: check
+CVE-2024-8993 (Some Honor products are affected by information leak 
vulnerability, su ...)
+   TODO: check
+CVE-2024-8992 (Some Honor products are affected by information leak 
vulnerability, su ...)
+   TODO: check
+CVE-2024-56433 (shadow-utils (aka shadow) 4.4 through 4.17.0 establishes a 
default /et ...)
+   TODO: check
+CVE-2024-54907 (TOTOLINK A3002R V4.0.0-B20230531.1404 is vulnerable to Remote 
Code Exe ...)
+   TODO: check
+CVE-2024-51540 (Dell ECS, versions prior to 3.8.1.3 contains an arithmetic 
overflow vu ...)
+   TODO: check
+CVE-2024-47157 (Some Honor products are affected by incorrect privilege 
assignment vul ...)
+   TODO: check
+CVE-2024-47156 (Some Honor products are affected by information leak 
vulnerability, su ...)
+   TODO: check
+CVE-2024-47155 (Some Honor products are affected by information leak 
vulnerability, su ...)
+   TODO: check
+CVE-2024-47154 (Some Honor products are affected by information leak 
vulnerability, su ...)
+   TODO: check
+CVE-2024-47153 (Some Honor products are affected by information leak 
vulnerability, su ...)
+   TODO: check
+CVE-2024-47151 (Some Honor products are affected by file writing 
vulnerability, succes ...)
+   TODO: check
+CVE-2024-47150 (Some Honor products are affected by information leak 
vulnerability, su ...)
+   TODO: check
+CVE-2024-47149 (Some Honor products are affected by incorrect privilege 
assignment vul ...)
+   TODO: check
+CVE-2024-47148 (Some Honor products are affected by incorrect privilege 
assignment vul ...)
+   TODO: check
+CVE-2024-12964 (A vulnerability was found in 1000 Projects Daily College Class 
Work Re ...)
+   TODO: check
+CVE-2024-12963 (A vulnerability was found in code-projects Job Recruitment 1.0 
and cla ...)
+   TODO: check
+CVE-2024-12962 (A vulnerability has been found in code-projects Job 
Recruitment 1.0 an ...)
+   TODO: check
+CVE-2024-12961 (A vulnerability, which was classified as critical, was found 
in 1000 P ...)
+   TODO: check
+CVE-2024-12960 (A vulnerability, which was classified as critical, has been 
found in 1 ...)
+   TODO: check
+CVE-2024-12959 (A vulnerability classified as critical was found in 1000 
Projects Port ...)
+   TODO: check
+CVE-2024-12958 (A vulnerability classified as critical has been found in 1000 
Projects ...)
+   TODO: check
+CVE-2024-12956 (A vulnerability was found in 1000 Projects Portfolio 
Management System ...)
+   TODO: check
+CVE-2024-12955 (A vulnerability has been found in PHPGurukul Blood Bank & 
Donor Manage ...)
+   TODO: check
+CVE-2024-12954 (A vulnerability, which was classified as critical, was found 
in 1000 P ...)
+   TODO: check
+CVE-2024-12953 (A vulnerability, which was classified as critical, has been 
found in 1 ...)
+   TODO: check
+CVE-2024-12952 (A vulnerability classified as critical was found in melMass 
comfy_mtb  ...)
+   TODO: check
+CVE-2024-12951 (A vulnerability classified as critical has been found in 1000 
Projects ...)
+   TODO: check
+CVE-2024-12950 (A vulnerability was found in code-projects Travel Management 
System 1. ...)
+   TODO: check
+CVE-2024-12949 (A vulnerability was found in code-projects Travel Management 
System 1. ...)
+   TODO: check
+CVE-2024-12948 (A vulnerability was found in code-projects Travel Management 
System 1. ...)
+   TODO: check
+CVE-2024-12947 (A vulnerability was found in Codezips Hospital Management 
System 1.0 a ...)
+   TODO: check
+CVE-2024-12946 (A vulnerability, which was classified as critical, has been 
found in 1 ...)
+   TODO: check
+CVE-2024-12945 (A vulnerability classified as critical was found in 
code-projects Simp ...)
+   TODO: check
+CVE-2024-12944 (A vulnerability was found in CodeAstro House Rental Management 
System  ...)
+   TODO: check
+CVE-2024-12943 (A vulnerability was found in CodeAstro House Rental Management 
System  ...)
+   TODO: check
+CVE-2024-12908 (Delinea addressed a reported case on Secret Server v11.7.31 
(protocol  ...)
+   TODO: check
+CVE-2023-7300 (Huawei Home Music System has a path traversal vulnerability. 
Successfu ...)
+   TODO: check
 CVE-2024-12942 (A vulnerability was found in 1000 Projects Portfolio 
Management System ...)
NOT-FOR-US: 1000 Projects Portfolio Management System
 CVE-2024-12941 (A vulnerability was found in CodeAstro Blood Donor Management 
System 1 ...)
@@ -1678,9 +1754,11 @@ CVE-2024-56082 (ChatBar.tsx in Lumos before 1.0.

[Git][security-tracker-team/security-tracker][master] automatic update

2024-12-26 Thread Salvatore Bonaccorso (@carnil)


Salvatore Bonaccorso pushed to branch master at Debian Security Tracker / 
security-tracker


Commits:
93a01163 by security tracker role at 2024-12-26T08:12:41+00:00
automatic update

- - - - -


1 changed file:

- data/CVE/list


Changes:

=
data/CVE/list
=
@@ -1,3 +1,41 @@
+CVE-2024-12942 (A vulnerability was found in 1000 Projects Portfolio 
Management System ...)
+   TODO: check
+CVE-2024-12941 (A vulnerability was found in CodeAstro Blood Donor Management 
System 1 ...)
+   TODO: check
+CVE-2024-12940 (A vulnerability has been found in 1000 Projects Attendance 
Tracking Ma ...)
+   TODO: check
+CVE-2024-12939 (A vulnerability was found in code-projects Job Recruitment 
1.0. It has ...)
+   TODO: check
+CVE-2024-12938 (A vulnerability has been found in code-projects Simple Admin 
Panel 1.0 ...)
+   TODO: check
+CVE-2024-12937 (A vulnerability, which was classified as critical, was found 
in code-p ...)
+   TODO: check
+CVE-2024-12936 (A vulnerability, which was classified as critical, has been 
found in c ...)
+   TODO: check
+CVE-2024-12935 (A vulnerability classified as critical was found in 
code-projects Simp ...)
+   TODO: check
+CVE-2024-12934 (A vulnerability classified as critical has been found in 
code-projects ...)
+   TODO: check
+CVE-2024-12933 (A vulnerability was found in code-projects Simple Admin Panel 
1.0. It  ...)
+   TODO: check
+CVE-2024-12932 (A vulnerability was found in code-projects Simple Admin Panel 
1.0. It  ...)
+   TODO: check
+CVE-2024-12931 (A vulnerability was found in code-projects Simple Admin Panel 
1.0. It  ...)
+   TODO: check
+CVE-2024-12930 (A vulnerability was found in code-projects Simple Admin Panel 
1.0 and  ...)
+   TODO: check
+CVE-2024-12929 (A vulnerability has been found in code-projects Student 
Management Sys ...)
+   TODO: check
+CVE-2024-12928 (A vulnerability, which was classified as critical, was found 
in code-p ...)
+   TODO: check
+CVE-2024-12927 (A vulnerability, which was classified as critical, has been 
found in 1 ...)
+   TODO: check
+CVE-2024-12652 (A Improper Control of Generation of Code ('Code Injection') 
vulnerabil ...)
+   TODO: check
+CVE-2024-11223 (The WPForms  WordPress plugin before 1.9.2.3 does not sanitise 
and esc ...)
+   TODO: check
+CVE-2024-10903 (The Broken Link Checker WordPress plugin before 2.4.2 does not 
validat ...)
+   TODO: check
 CVE-2024-8950 (Improper Neutralization of Special Elements used in an SQL 
Command ('S ...)
NOT-FOR-US: Arne Informatics Piramit Automation
 CVE-2024-56431 (oc_huff_tree_unpack in huffdec.c in libtheora in Theora 
through 1.0 71 ...)
@@ -2492,6 +2530,7 @@ CVE-2024-54513 (A permissions issue was addressed with 
additional restrictions.
 CVE-2024-54510 (A race condition was addressed with improved locking. This 
issue is fi ...)
NOT-FOR-US: Apple
 CVE-2024-54508 (The issue was addressed with improved memory handling. This 
issue is f ...)
+   {DSA-5835-1}
- webkit2gtk 2.46.5-1
- wpewebkit 2.46.5-1
[bookworm] - wpewebkit  (wpewebkit not covered by security 
support in Bookworm)
@@ -2500,6 +2539,7 @@ CVE-2024-54508 (The issue was addressed with improved 
memory handling. This issu
 CVE-2024-54506 (An out-of-bounds access issue was addressed with improved 
bounds check ...)
NOT-FOR-US: Apple
 CVE-2024-54505 (A type confusion issue was addressed with improved memory 
handling. Th ...)
+   {DSA-5835-1}
- webkit2gtk 2.46.5-1
- wpewebkit 2.46.5-1
[bookworm] - wpewebkit  (wpewebkit not covered by security 
support in Bookworm)
@@ -2510,6 +2550,7 @@ CVE-2024-54504 (A privacy issue was addressed with 
improved private data redacti
 CVE-2024-54503 (An inconsistent user interface issue was addressed with 
improved state ...)
NOT-FOR-US: Apple
 CVE-2024-54502 (The issue was addressed with improved checks. This issue is 
fixed in w ...)
+   {DSA-5835-1}
- webkit2gtk 2.46.5-1
- wpewebkit 2.46.5-1
[bookworm] - wpewebkit  (wpewebkit not covered by security 
support in Bookworm)
@@ -2542,6 +2583,7 @@ CVE-2024-54485 (The issue was addressed by adding 
additional logic. This issue i
 CVE-2024-54484 (The issue was resolved by sanitizing logging. This issue is 
fixed in m ...)
NOT-FOR-US: Apple
 CVE-2024-54479 (The issue was addressed with improved checks. This issue is 
fixed in i ...)
+   {DSA-5835-1}
- webkit2gtk 2.46.5-1
- wpewebkit 2.46.5-1
[bookworm] - wpewebkit  (wpewebkit not covered by security 
support in Bookworm)



View it on GitLab: 
https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/93a01163d22246204bf87c5283873a9d0dedc61e

-- 
View it on GitLab: 
https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/93a01163d22246204bf87c5283873a9d0dedc61e
You're receiving 

[Git][security-tracker-team/security-tracker][master] automatic update

2024-12-25 Thread Salvatore Bonaccorso (@carnil)


Salvatore Bonaccorso pushed to branch master at Debian Security Tracker / 
security-tracker


Commits:
747cf529 by security tracker role at 2024-12-25T20:12:11+00:00
automatic update

- - - - -


1 changed file:

- data/CVE/list


Changes:

=
data/CVE/list
=
@@ -1,3 +1,55 @@
+CVE-2024-8950 (Improper Neutralization of Special Elements used in an SQL 
Command ('S ...)
+   TODO: check
+CVE-2024-56431 (oc_huff_tree_unpack in huffdec.c in libtheora in Theora 
through 1.0 71 ...)
+   TODO: check
+CVE-2024-56430 (OpenFHE through 1.2.3 has a NULL pointer dereference in 
BinFHEContext: ...)
+   TODO: check
+CVE-2024-53291 (Dell NativeEdge, version(s) 2.1.0.0, contain(s) an Exposure of 
Sensiti ...)
+   TODO: check
+CVE-2024-52906 (IBM AIX7.2, 7.3, VIOS 3.1, and 4.1could allow a 
non-privileged loc ...)
+   TODO: check
+CVE-2024-52543 (Dell NativeEdge, version(s) 2.1.0.0, contain(s) a Creation of 
Temporar ...)
+   TODO: check
+CVE-2024-52535 (Dell SupportAssist for Home PCs versions 4.6.1 and prior and 
Dell Supp ...)
+   TODO: check
+CVE-2024-52534 (Dell ECS, version(s) prior to ECS 3.8.1.3, contain(s) an 
Authenticatio ...)
+   TODO: check
+CVE-2024-52046 (The ObjectSerializationDecoder in Apache MINA uses Java\u2019s 
native  ...)
+   TODO: check
+CVE-2024-47978 (Dell NativeEdge, version(s) 2.1.0.0, contain(s) an Execution 
with Unne ...)
+   TODO: check
+CVE-2024-47102 (IBM AIX7.2, 7.3, VIOS 3.1, and 4.1  could allow a 
non-privileged local ...)
+   TODO: check
+CVE-2024-39727 (IBM Engineering Lifecycle Optimization - Engineering Insights 
7.0.2 an ...)
+   TODO: check
+CVE-2024-39725 (IBM Engineering Lifecycle Optimization - Engineering Insights 
7.0.2 an ...)
+   TODO: check
+CVE-2024-1609 (In OPPOStore iOS App, there's a possible escalation of 
privilege due t ...)
+   TODO: check
+CVE-2024-12926 (A vulnerability classified as critical was found in Codezips 
Project M ...)
+   TODO: check
+CVE-2024-12636 (The Privacy Policy Generator, Terms & Conditions Generator 
WordPress P ...)
+   TODO: check
+CVE-2024-12428 (The WP Data Access \u2013 App, Table, Form and Chart Builder 
plugin pl ...)
+   TODO: check
+CVE-2024-12413 (The MarketKing \u2014 Ultimate WooCommerce Multivendor 
Marketplace Sol ...)
+   TODO: check
+CVE-2024-12335 (The Avada (Fusion) Builder plugin for WordPress is vulnerable 
to Infor ...)
+   TODO: check
+CVE-2024-12272 (The WP Travel Engine \u2013 Elementor Widgets | Create Travel 
Booking  ...)
+   TODO: check
+CVE-2024-12190 (The Contact Form by Bit Form: Multi Step Form, Calculation 
Contact For ...)
+   TODO: check
+CVE-2024-12032 (The Tourfic \u2013 Ultimate Hotel Booking, Travel Booking & 
Apartment  ...)
+   TODO: check
+CVE-2024-11281 (The WooCommerce Point of Sale plugin for WordPress is 
vulnerable to pr ...)
+   TODO: check
+CVE-2024-10862 (The NEX-Forms \u2013 Ultimate Form Builder \u2013 Contact 
forms and mu ...)
+   TODO: check
+CVE-2024-10858 (The Jetpack  WordPress plugin before 14.1 does not properly 
checks the ...)
+   TODO: check
+CVE-2023-5117 (An issue was discovered in GitLab CE/EE affecting all versions 
before  ...)
+   TODO: check
 CVE-2024-8721 (The Tracking Code Manager plugin for WordPress is vulnerable to 
Stored ...)
NOT-FOR-US: WordPress plugin
 CVE-2024-53163 (In the Linux kernel, the following vulnerability has been 
resolved:  c ...)
@@ -6020,7 +6072,8 @@ CVE-2024-36611 (In Symfony v7.07, a security 
vulnerability was identified in the
- symfony  (bug #1088817)
NOTE: 
https://github.com/symfony/symfony/commit/a804ca15fcad279d7727b91d12a667fd5b925995
 (v7.1.0-BETA1)
NOTE: Not considered a security issue by upstream: 
https://github.com/symfony/symfony/issues/59077#issuecomment-2513935018
-CVE-2024-36610 (A deserialization vulnerability exists in the Stub class of 
the VarDum ...)
+CVE-2024-36610
+   REJECTED
- symfony 6.4.4+dfsg-3 (unimportant)
NOTE: Fixed by: 
https://github.com/symfony/symfony/commit/3ffd495bb3cc4d2e24e35b2d83c5b909cab7e259
 (v6.4.4)
NOTE: Not considered a security issue by upstream: 
https://github.com/symfony/symfony/issues/59077#issuecomment-2513935018



View it on GitLab: 
https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/747cf5297cf0ee992023ca42dc85ec7090163c79

-- 
View it on GitLab: 
https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/747cf5297cf0ee992023ca42dc85ec7090163c79
You're receiving this email because of your account on salsa.debian.org.


___
debian-security-tracker-commits mailing list
debian-security-tracker-commits@alioth-lists.debian.net
https://alioth-lists.debian.net/cgi-bin/mailman/listinfo/debian-security-tracker-commits


[Git][security-tracker-team/security-tracker][master] automatic update

2024-12-24 Thread Salvatore Bonaccorso (@carnil)


Salvatore Bonaccorso pushed to branch master at Debian Security Tracker / 
security-tracker


Commits:
d8e7d4e5 by security tracker role at 2024-12-24T20:12:03+00:00
automatic update

- - - - -


1 changed file:

- data/CVE/list


Changes:

=
data/CVE/list
=
@@ -1,3 +1,71 @@
+CVE-2024-8721 (The Tracking Code Manager plugin for WordPress is vulnerable to 
Stored ...)
+   TODO: check
+CVE-2024-53163 (In the Linux kernel, the following vulnerability has been 
resolved:  c ...)
+   TODO: check
+CVE-2024-53162 (In the Linux kernel, the following vulnerability has been 
resolved:  c ...)
+   TODO: check
+CVE-2024-53161 (In the Linux kernel, the following vulnerability has been 
resolved:  E ...)
+   TODO: check
+CVE-2024-53160 (In the Linux kernel, the following vulnerability has been 
resolved:  r ...)
+   TODO: check
+CVE-2024-53159 (In the Linux kernel, the following vulnerability has been 
resolved:  h ...)
+   TODO: check
+CVE-2024-53158 (In the Linux kernel, the following vulnerability has been 
resolved:  s ...)
+   TODO: check
+CVE-2024-53157 (In the Linux kernel, the following vulnerability has been 
resolved:  f ...)
+   TODO: check
+CVE-2024-53156 (In the Linux kernel, the following vulnerability has been 
resolved:  w ...)
+   TODO: check
+CVE-2024-53155 (In the Linux kernel, the following vulnerability has been 
resolved:  o ...)
+   TODO: check
+CVE-2024-53154 (In the Linux kernel, the following vulnerability has been 
resolved:  c ...)
+   TODO: check
+CVE-2024-53153 (In the Linux kernel, the following vulnerability has been 
resolved:  P ...)
+   TODO: check
+CVE-2024-53152 (In the Linux kernel, the following vulnerability has been 
resolved:  P ...)
+   TODO: check
+CVE-2024-53151 (In the Linux kernel, the following vulnerability has been 
resolved:  s ...)
+   TODO: check
+CVE-2024-53150 (In the Linux kernel, the following vulnerability has been 
resolved:  A ...)
+   TODO: check
+CVE-2024-53149 (In the Linux kernel, the following vulnerability has been 
resolved:  u ...)
+   TODO: check
+CVE-2024-53148 (In the Linux kernel, the following vulnerability has been 
resolved:  c ...)
+   TODO: check
+CVE-2024-53147 (In the Linux kernel, the following vulnerability has been 
resolved:  e ...)
+   TODO: check
+CVE-2024-53146 (In the Linux kernel, the following vulnerability has been 
resolved:  N ...)
+   TODO: check
+CVE-2024-53145 (In the Linux kernel, the following vulnerability has been 
resolved:  u ...)
+   TODO: check
+CVE-2024-43441 (Authentication Bypass by Assumed-Immutable Data vulnerability 
in Apach ...)
+   TODO: check
+CVE-2024-12881 (The PlugVersions \u2013 Easily rollback to previous versions 
of your p ...)
+   TODO: check
+CVE-2024-12850 (The Database Backup and check Tables Automated With Scheduler 
2024 plu ...)
+   TODO: check
+CVE-2024-12746 (A SQL injection in the Amazon Redshift ODBC Driver v2.1.5.0 
(Windows o ...)
+   TODO: check
+CVE-2024-12745 (A SQL injection in the Amazon Redshift Python Connector v2.1.4 
allows  ...)
+   TODO: check
+CVE-2024-12744 (A SQL injection in the Amazon Redshift JDBC Driver in 
v2.1.0.31 allows ...)
+   TODO: check
+CVE-2024-12468 (The WP Datepicker plugin for WordPress is vulnerable to 
Reflected Cros ...)
+   TODO: check
+CVE-2024-12268 (The Responsive Blocks \u2013 WordPress Gutenberg Blocks plugin 
for Wor ...)
+   TODO: check
+CVE-2024-12103 (The Content No Cache: prevent specific content from being 
cached plugi ...)
+   TODO: check
+CVE-2024-12031 (The Advanced Floating Content plugin for WordPress is 
vulnerable to SQ ...)
+   TODO: check
+CVE-2024-11896 (The Text Prompter \u2013 Unlimited chatgpt text prompts for 
openai tas ...)
+   TODO: check
+CVE-2024-11726 (The Appointment Booking Calendar Plugin and Scheduling Plugin 
\u2013 B ...)
+   TODO: check
+CVE-2024-10856 (The Booking Calendar WpDevArt plugin is vulnerable to 
time-based, blin ...)
+   TODO: check
+CVE-2024-10584 (The DirectoryPress \u2013 Business Directory And Classified Ad 
Listing ...)
+   TODO: check
 CVE-2024-9427 (A vulnerability in Koji was found. An unsanitized input allows 
for an  ...)
TODO: check
 CVE-2024-53961 (ColdFusion versions 2023.11, 2021.17 and earlier are affected 
by an Im ...)
@@ -1007,10 +1075,10 @@ CVE-2024-53144 (In the Linux kernel, the following 
vulnerability has been resolv
- linux 6.11.4-1
[bookworm] - linux 6.1.115-1
NOTE: 
https://git.kernel.org/linus/b25e11f978b63cb7857890edb3a698599cddb10e (6.12-rc2)
-CVE-2024-53241 [Xen hypercall page unsafe against speculative attacks]
+CVE-2024-53241 (In the Linux kernel, the following vulnerability has been 
resolved:  x ...)
- linux 6.12.6-1
NOTE: https://xenbits.xen.org/xsa/advisory-466.html
-CVE-2024-53240 [Backend can crash Linux netfront]
+

[Git][security-tracker-team/security-tracker][master] automatic update

2024-12-24 Thread Salvatore Bonaccorso (@carnil)


Salvatore Bonaccorso pushed to branch master at Debian Security Tracker / 
security-tracker


Commits:
50043887 by security tracker role at 2024-12-24T08:12:33+00:00
automatic update

- - - - -


1 changed file:

- data/CVE/list


Changes:

=
data/CVE/list
=
@@ -1,3 +1,51 @@
+CVE-2024-9427 (A vulnerability in Koji was found. An unsanitized input allows 
for an  ...)
+   TODO: check
+CVE-2024-53961 (ColdFusion versions 2023.11, 2021.17 and earlier are affected 
by an Im ...)
+   TODO: check
+CVE-2024-47515 (A vulnerability was found in Pagure. Support of symbolic links 
during  ...)
+   TODO: check
+CVE-2024-41887 (Team ENVY, a Security Research TEAM has found a flaw that 
allows for a ...)
+   TODO: check
+CVE-2024-41886 (Team ENVY, a Security Research TEAM has found a flaw that 
allows for a ...)
+   TODO: check
+CVE-2024-41885 (Team ENVY, a Security Research TEAM has found a flaw that 
allows for a ...)
+   TODO: check
+CVE-2024-41884 (Team ENVY, a Security Research TEAM has found a flaw that 
allows for a ...)
+   TODO: check
+CVE-2024-41883 (Team ENVY, a Security Research TEAM has found a flaw that 
allows for a ...)
+   TODO: check
+CVE-2024-41882 (Team ENVY, a Security Research TEAM has found a flaw that 
allows for a ...)
+   TODO: check
+CVE-2024-12814 (The Loan Comparison plugin for WordPress is vulnerable to 
Stored Cross ...)
+   TODO: check
+CVE-2024-12710 (The WP-Appbox plugin for WordPress is vulnerable to Reflected 
Cross-Si ...)
+   TODO: check
+CVE-2024-12622 (The WordPress Simple Shopping Cart plugin for WordPress is 
vulnerable  ...)
+   TODO: check
+CVE-2024-12617 (The WC Price History for Omnibus plugin for WordPress is 
vulnerable to ...)
+   TODO: check
+CVE-2024-12594 (The Custom Login Page Styler \u2013 Login Protected Private 
Site , Cha ...)
+   TODO: check
+CVE-2024-12518 (The ShMapper by Teplitsa plugin for WordPress is vulnerable to 
Stored  ...)
+   TODO: check
+CVE-2024-12507 (The Optio Dentistry plugin for WordPress is vulnerable to 
Stored Cross ...)
+   TODO: check
+CVE-2024-12405 (The Export Customers Data plugin for WordPress is vulnerable 
to Reflec ...)
+   TODO: check
+CVE-2024-12266 (The ELEX WooCommerce Dynamic Pricing and Discounts plugin for 
WordPres ...)
+   TODO: check
+CVE-2024-12210 (The Print Invoice & Delivery Notes for WooCommerce plugin for 
WordPres ...)
+   TODO: check
+CVE-2024-12100 (The Bitcoin Lightning Publisher for WordPress plugin for 
WordPress is  ...)
+   TODO: check
+CVE-2024-12096 (The Exhibit to WP Gallery WordPress plugin through 0.0.2 does 
not sani ...)
+   TODO: check
+CVE-2024-12034 (The Advanced Google reCAPTCHA plugin for WordPress is 
vulnerable to IP ...)
+   TODO: check
+CVE-2024-11885 (The NinjaTeam Chat for Telegram plugin for WordPress is 
vulnerable to  ...)
+   TODO: check
+CVE-2018-25106 (A vulnerability, which was classified as critical, has been 
found in w ...)
+   TODO: check
 CVE-2024-56364 (SimpleXLSX is software for parsing and retrieving data from 
Excel XLSx ...)
NOT-FOR-US: SimpleXLSX
 CVE-2024-56363 (APTRS (Automated Penetration Testing Reporting System) is a 
Python and ...)
@@ -141,7 +189,7 @@ CVE-2024-10797 (The Full Screen Menu for Elementor plugin 
for WordPress is vulne
NOT-FOR-US: WordPress plugin
 CVE-2024-10453 (The Elementor Website Builder \u2013 More than Just a Page 
Builder plu ...)
NOT-FOR-US: WordPress plugin
-CVE-2024-12582
+CVE-2024-12582 (A flaw was found in the skupper console,  a read-only 
interface that r ...)
NOT-FOR-US: Skupper
 CVE-2024-56359 (grist-core is a spreadsheet hosting server. A user visiting a 
maliciou ...)
NOT-FOR-US: grist-core
@@ -2251,6 +2299,7 @@ CVE-2024-55657 (SiYuan is a personal knowledge management 
system. Prior to versi
 CVE-2024-55652 (PenDoc is a penetration testing reporting application. Prior 
to commit ...)
NOT-FOR-US: PenDoc
 CVE-2024-54534 (The issue was addressed with improved memory handling. This 
issue is f ...)
+   {DSA-5792-1}
- webkit2gtk 2.46.0-1
- wpewebkit 2.46.0-1
[bookworm] - wpewebkit  (wpewebkit not covered by security 
support in Bookworm)



View it on GitLab: 
https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/500438874558efd096918e4732d5a42710d196bb

-- 
View it on GitLab: 
https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/500438874558efd096918e4732d5a42710d196bb
You're receiving this email because of your account on salsa.debian.org.


___
debian-security-tracker-commits mailing list
debian-security-tracker-commits@alioth-lists.debian.net
https://alioth-lists.debian.net/cgi-bin/mailman/listinfo/debian-security-tracker-commits


[Git][security-tracker-team/security-tracker][master] automatic update

2024-12-23 Thread Salvatore Bonaccorso (@carnil)


Salvatore Bonaccorso pushed to branch master at Debian Security Tracker / 
security-tracker


Commits:
797b5cf7 by security tracker role at 2024-12-23T20:14:28+00:00
automatic update

- - - - -


1 changed file:

- data/CVE/list


Changes:

=
data/CVE/list
=
@@ -1,3 +1,35 @@
+CVE-2024-56364 (SimpleXLSX is software for parsing and retrieving data from 
Excel XLSx ...)
+   TODO: check
+CVE-2024-56363 (APTRS (Automated Penetration Testing Reporting System) is a 
Python and ...)
+   TODO: check
+CVE-2024-56362 (Navidrome is an open source web-based music collection server 
and stre ...)
+   TODO: check
+CVE-2024-56326 (Jinja is an extensible templating engine. Prior to 3.1.5, An 
oversight ...)
+   TODO: check
+CVE-2024-56201 (Jinja is an extensible templating engine. Prior to 3.1.5, a 
bug in the ...)
+   TODO: check
+CVE-2024-55947 (Gogs is an open source self-hosted Git service. A malicious 
user is ab ...)
+   TODO: check
+CVE-2024-55539 (Weak algorithm used to sign RPM package. The following 
products are af ...)
+   TODO: check
+CVE-2024-54148 (Gogs is an open source self-hosted Git service. A malicious 
user is ab ...)
+   TODO: check
+CVE-2024-53276 (Home-Gallery.org is a self-hosted open-source web gallery to 
browse pe ...)
+   TODO: check
+CVE-2024-53275 (Home-Gallery.org is a self-hosted open-source web gallery to 
browse pe ...)
+   TODO: check
+CVE-2024-53256 (Rizin is a UNIX-like reverse engineering framework and 
command-line to ...)
+   TODO: check
+CVE-2024-45387 (An SQL injection vulnerability in Traffic Ops in Apache 
Traffic Contro ...)
+   TODO: check
+CVE-2024-40896 (In libxml2 2.11 before 2.11.9, 2.12 before 2.12.9, and 2.13 
before 2.1 ...)
+   TODO: check
+CVE-2024-23945 (Signing cookies is an application security feature that adds a 
digital ...)
+   TODO: check
+CVE-2024-12903 (Incorrect default permissions vulnerability in Evoko Home, 
affecting v ...)
+   TODO: check
+CVE-2024-12902 (ANCHOR from Global Wisdom Software is an integrated product 
running on ...)
+   TODO: check
 CVE-2024- [RUSTSEC-2024-0428]
- rust-kvm-ioctls 
NOTE: https://rustsec.org/advisories/RUSTSEC-2024-0428.html
@@ -10524,6 +10556,7 @@ CVE-2024-24984 (Improper input validation for some 
Intel(R) Wireless Bluetooth(R
 CVE-2024-23919 (Improper buffer restrictions in some Intel(R) Graphics 
software may al ...)
NOT-FOR-US: Intel
 CVE-2024-23918 (Improper conditions check in some Intel(R) Xeon(R) processor 
memory co ...)
+   {DLA-4002-1}
- intel-microcode 3.20241112.1 (bug #1087532)
[bookworm] - intel-microcode  (Minor issue)
NOTE: 
https://www.intel.com/content/www/us/en/security-center/advisory/intel-sa-01079.html
@@ -10544,6 +10577,7 @@ CVE-2024-23198 (Improper input validation in firmware 
for some Intel(R) PROSet/W
 CVE-2024-22185 (Time-of-check Time-of-use Race Condition in some Intel(R) 
processors w ...)
NOT-FOR-US: Intel
 CVE-2024-21853 (Improper finite state machines (FSMs) in the hardware logic in 
some 4t ...)
+   {DLA-4002-1}
- intel-microcode 3.20241112.1 (bug #1087532)
[bookworm] - intel-microcode  (Minor issue)
NOTE: 
https://www.intel.com/content/www/us/en/security-center/advisory/intel-sa-01101.html
@@ -10551,6 +10585,7 @@ CVE-2024-21853 (Improper finite state machines (FSMs) 
in the hardware logic in s
 CVE-2024-21850 (Sensitive information in resource not removed before reuse in 
some Int ...)
NOT-FOR-US: Intel
 CVE-2024-21820 (Incorrect default permissions in some Intel(R) Xeon(R) 
processor memor ...)
+   {DLA-4002-1}
- intel-microcode 3.20241112.1 (bug #1087532)
[bookworm] - intel-microcode  (Minor issue)
NOTE: 
https://www.intel.com/content/www/us/en/security-center/advisory/intel-sa-01079.html



View it on GitLab: 
https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/797b5cf78c7fbaf74f53028aa2396aeef264bfd9

-- 
View it on GitLab: 
https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/797b5cf78c7fbaf74f53028aa2396aeef264bfd9
You're receiving this email because of your account on salsa.debian.org.


___
debian-security-tracker-commits mailing list
debian-security-tracker-commits@alioth-lists.debian.net
https://alioth-lists.debian.net/cgi-bin/mailman/listinfo/debian-security-tracker-commits


[Git][security-tracker-team/security-tracker][master] automatic update

2024-12-23 Thread Salvatore Bonaccorso (@carnil)


Salvatore Bonaccorso pushed to branch master at Debian Security Tracker / 
security-tracker


Commits:
61681df9 by security tracker role at 2024-12-23T08:12:02+00:00
automatic update

- - - - -


1 changed file:

- data/CVE/list


Changes:

=
data/CVE/list
=
@@ -1,3 +1,41 @@
+CVE-2024-56378 (libpoppler.so in Poppler through 24.12.0 has an out-of-bounds 
read vul ...)
+   TODO: check
+CVE-2024-56375 (An integer underflow was discovered in Fort 1.6.3 and 1.6.4 
before 1.6 ...)
+   TODO: check
+CVE-2024-56314 (A stored cross-site scripting (XSS) vulnerability in the 
Project name  ...)
+   TODO: check
+CVE-2024-56313 (A stored cross-site scripting (XSS) vulnerability in the 
Calendar feat ...)
+   TODO: check
+CVE-2024-56312 (A stored cross-site scripting (XSS) vulnerability in the 
Project Dashb ...)
+   TODO: check
+CVE-2024-56311 (REDCap through 15.0.0 has a security flaw in the Notes section 
of cale ...)
+   TODO: check
+CVE-2024-56310 (REDCap through 15.0.0 has a security flaw in the Project 
Dashboards na ...)
+   TODO: check
+CVE-2024-54082 (home 5G HR02 and Wi-Fi STATION SH-54C contain an OS command 
injection  ...)
+   TODO: check
+CVE-2024-52321 (Multiple SHARP routers contain an improper authentication 
vulnerabilit ...)
+   TODO: check
+CVE-2024-47864 (home 5G HR02, Wi-Fi STATION SH-52B, and Wi-Fi STATION SH-54C 
contain a ...)
+   TODO: check
+CVE-2024-46873 (Multiple SHARP routers leave the hidden debug function 
enabled. An arb ...)
+   TODO: check
+CVE-2024-45721 (home 5G HR02, Wi-Fi STATION SH-52B, and Wi-Fi STATION SH-54C 
contain a ...)
+   TODO: check
+CVE-2024-12901 (A vulnerability classified as critical was found in FoxCMS up 
to 1.2.  ...)
+   TODO: check
+CVE-2024-12900 (A vulnerability classified as critical has been found in 
FoxCMS up to  ...)
+   TODO: check
+CVE-2024-12899 (A vulnerability was found in 1000 Projects Attendance Tracking 
Managem ...)
+   TODO: check
+CVE-2024-12898 (A vulnerability was found in 1000 Projects Attendance Tracking 
Managem ...)
+   TODO: check
+CVE-2024-12897 (A vulnerability was found in Intelbras VIP S3020 G2, VIP S4020 
G2, VIP ...)
+   TODO: check
+CVE-2024-12896 (A vulnerability was found in Intelbras VIP S3020 G2, VIP S4020 
G2, VIP ...)
+   TODO: check
+CVE-2024-11230 (The Elementor Header & Footer Builder plugin for WordPress is 
vulnerab ...)
+   TODO: check
 CVE-2024-12895 (A vulnerability has been found in TreasureHuntGame 
TreasureHunt up to  ...)
TODO: check
 CVE-2024-12894 (A vulnerability, which was classified as critical, was found 
in Treasu ...)



View it on GitLab: 
https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/61681df9b37ff9b4dd46a4ca0a83dfa1f2a80548

-- 
View it on GitLab: 
https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/61681df9b37ff9b4dd46a4ca0a83dfa1f2a80548
You're receiving this email because of your account on salsa.debian.org.


___
debian-security-tracker-commits mailing list
debian-security-tracker-commits@alioth-lists.debian.net
https://alioth-lists.debian.net/cgi-bin/mailman/listinfo/debian-security-tracker-commits


[Git][security-tracker-team/security-tracker][master] automatic update

2024-12-22 Thread Salvatore Bonaccorso (@carnil)


Salvatore Bonaccorso pushed to branch master at Debian Security Tracker / 
security-tracker


Commits:
5dd2a4bc by security tracker role at 2024-12-22T20:12:41+00:00
automatic update

- - - - -


1 changed file:

- data/CVE/list


Changes:

=
data/CVE/list
=
@@ -1,3 +1,7 @@
+CVE-2024-12895 (A vulnerability has been found in TreasureHuntGame 
TreasureHunt up to  ...)
+   TODO: check
+CVE-2024-12894 (A vulnerability, which was classified as critical, was found 
in Treasu ...)
+   TODO: check
 CVE-2024-12893 (A vulnerability, which was classified as problematic, has been 
found i ...)
NOT-FOR-US: Portabilis i-Educar
 CVE-2024-12892 (A vulnerability classified as problematic was found in 
code-projects O ...)



View it on GitLab: 
https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/5dd2a4bcb7ff523bbfd04fd7879beebe660060a8

-- 
View it on GitLab: 
https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/5dd2a4bcb7ff523bbfd04fd7879beebe660060a8
You're receiving this email because of your account on salsa.debian.org.


___
debian-security-tracker-commits mailing list
debian-security-tracker-commits@alioth-lists.debian.net
https://alioth-lists.debian.net/cgi-bin/mailman/listinfo/debian-security-tracker-commits


[Git][security-tracker-team/security-tracker][master] automatic update

2024-12-22 Thread Salvatore Bonaccorso (@carnil)


Salvatore Bonaccorso pushed to branch master at Debian Security Tracker / 
security-tracker


Commits:
e3d8597b by security tracker role at 2024-12-22T08:12:38+00:00
automatic update

- - - - -


1 changed file:

- data/CVE/list


Changes:

=
data/CVE/list
=
@@ -1,3 +1,13 @@
+CVE-2024-12893 (A vulnerability, which was classified as problematic, has been 
found i ...)
+   TODO: check
+CVE-2024-12892 (A vulnerability classified as problematic was found in 
code-projects O ...)
+   TODO: check
+CVE-2024-12891 (A vulnerability classified as critical has been found in 
code-projects ...)
+   TODO: check
+CVE-2024-12890 (A vulnerability was found in code-projects Online Exam 
Mastering Syste ...)
+   TODO: check
+CVE-2024-11852 (The Element Pack Elementor Addons (Header Footer, Template 
Library, Dy ...)
+   TODO: check
 CVE-2024-9545 (The Shortcodes and extra features for Phlox theme plugin for 
WordPress ...)
NOT-FOR-US: WordPress theme
 CVE-2024-51464 (IBM i 7.3, 7.4, and 7.5 is vulnerable to bypassing Navigator 
for i int ...)
@@ -12539,6 +12549,7 @@ CVE-2024-48011 (Dell PowerProtect DD, versions prior to 
7.7.5.50, contains an Ex
 CVE-2024-48010 (Dell PowerProtect DD, versions prior to 8.1.0.0, 7.13.1.10, 
7.10.1.40, ...)
NOT-FOR-US: Dell
 CVE-2024-47072 (XStream is a simple library to serialize objects to XML and 
back again ...)
+   {DLA-4001-1}
- libxstream-java 1.4.21-1 (bug #1087274)
[bookworm] - libxstream-java  (Minor issue)
NOTE: 
https://github.com/x-stream/xstream/security/advisories/GHSA-hfq9-hggm-c56q
@@ -250004,7 +250015,7 @@ CVE-2021-43860 (Flatpak is a Linux application 
sandboxing and distribution frame
NOTE: 
https://github.com/flatpak/flatpak/commit/93357d357119093804df05acc32ff335839c6451
NOTE: 
https://github.com/flatpak/flatpak/commit/65cbfac982cb1c83993a9e19aa424daee8e9f042
 CVE-2021-43859 (XStream is an open source java library to serialize objects to 
XML and ...)
-   {DLA-2924-1}
+   {DLA-4001-1 DLA-2924-1}
- libxstream-java 1.4.19-1
[buster] - libxstream-java  (Minor issue)
NOTE: 
https://github.com/x-stream/xstream/security/advisories/GHSA-rmr5-cpv2-vgjf



View it on GitLab: 
https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/e3d8597b887c8cd12eb3808e14ec7c2481f7058b

-- 
View it on GitLab: 
https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/e3d8597b887c8cd12eb3808e14ec7c2481f7058b
You're receiving this email because of your account on salsa.debian.org.


___
debian-security-tracker-commits mailing list
debian-security-tracker-commits@alioth-lists.debian.net
https://alioth-lists.debian.net/cgi-bin/mailman/listinfo/debian-security-tracker-commits


[Git][security-tracker-team/security-tracker][master] automatic update

2024-12-21 Thread Salvatore Bonaccorso (@carnil)


Salvatore Bonaccorso pushed to branch master at Debian Security Tracker / 
security-tracker


Commits:
2dec98e8 by security tracker role at 2024-12-21T20:12:12+00:00
automatic update

- - - - -


1 changed file:

- data/CVE/list


Changes:

=
data/CVE/list
=
@@ -1,3 +1,33 @@
+CVE-2024-9545 (The Shortcodes and extra features for Phlox theme plugin for 
WordPress ...)
+   TODO: check
+CVE-2024-51464 (IBM i 7.3, 7.4, and 7.5 is vulnerable to bypassing Navigator 
for i int ...)
+   TODO: check
+CVE-2024-51463 (IBM i 7.3, 7.4, and 7.5   is vulnerable to server-side request 
forgery ...)
+   TODO: check
+CVE-2024-12884 (A vulnerability was found in Codezips E-Commerce Website 1.0. 
It has b ...)
+   TODO: check
+CVE-2024-12883 (A vulnerability was found in code-projects Job Recruitment 
1.0. It has ...)
+   TODO: check
+CVE-2024-12875 (The Easy Digital Downloads \u2013 eCommerce Payments and 
Subscriptions ...)
+   TODO: check
+CVE-2024-12591 (The MagicPost plugin for WordPress is vulnerable to Stored 
Cross-Site  ...)
+   TODO: check
+CVE-2024-12588 (The Shortcodes and extra features for Phlox theme plugin for 
WordPress ...)
+   TODO: check
+CVE-2024-12558 (The WP BASE Booking of Appointments, Services and Events 
plugin for Wo ...)
+   TODO: check
+CVE-2024-12408 (The WP on AWS plugin for WordPress is vulnerable to Reflected 
Cross-Si ...)
+   TODO: check
+CVE-2024-11808 (The Pingmeter Uptime Monitoring plugin for WordPress is 
vulnerable to  ...)
+   TODO: check
+CVE-2024-11722 (The Frontend Admin by DynamiApps plugin for WordPress is 
vulnerable to ...)
+   TODO: check
+CVE-2024-11688 (The LaTeX2HTML plugin for WordPress is vulnerable to Reflected 
Cross-S ...)
+   TODO: check
+CVE-2024-10797 (The Full Screen Menu for Elementor plugin for WordPress is 
vulnerable  ...)
+   TODO: check
+CVE-2024-10453 (The Elementor Website Builder \u2013 More than Just a Page 
Builder plu ...)
+   TODO: check
 CVE-2024-12582
NOT-FOR-US: Skupper
 CVE-2024-56359 (grist-core is a spreadsheet hosting server. A user visiting a 
maliciou ...)
@@ -2411,7 +2441,7 @@ CVE-2024-48912 (GLPI is a free asset and IT management 
software package. Startin
- glpi 
NOTE: 
https://github.com/glpi-project/glpi/security/advisories/GHSA-vjmw-j32j-ph4f
 CVE-2024-47835 (GStreamer is a library for constructing graphs of 
media-handling compo ...)
-   {DSA-5831-1}
+   {DSA-5831-1 DLA-3999-1}
- gst-plugins-base1.0 1.24.10-1
- gst-plugins-base0.10 
NOTE: https://securitylab.github.com/advisories/GHSL-2024-263_Gstreamer/
@@ -2481,7 +2511,7 @@ CVE-2024-47758 (GLPI is a free asset and IT management 
software package. Startin
- glpi 
NOTE: 
https://github.com/glpi-project/glpi/security/advisories/GHSA-3r4x-6pmx-phwr
 CVE-2024-47615 (GStreamer is a library for constructing graphs of 
media-handling compo ...)
-   {DSA-5831-1}
+   {DSA-5831-1 DLA-3999-1}
- gst-plugins-base1.0 1.24.10-1
- gst-plugins-base0.10 
NOTE: 
https://securitylab.github.com/advisories/GHSL-2024-115_GHSL-2024-118_Gstreamer/
@@ -2499,7 +2529,7 @@ CVE-2024-47613 (GStreamer is a library for constructing 
graphs of media-handling
NOTE: Fixed by: 
https://gitlab.freedesktop.org/gstreamer/gstreamer/-/commit/1d1c9d63be51d85f9b80f0c227d4b3469fee2534
NOTE: Fixed by: 
https://gitlab.freedesktop.org/gstreamer/gstreamer/-/commit/5106dc94fb9b2d8bd0db547e2c325244b7c1f32c
 (1.24.10)
 CVE-2024-47607 (GStreamer is a library for constructing graphs of 
media-handling compo ...)
-   {DSA-5831-1}
+   {DSA-5831-1 DLA-3999-1}
- gst-plugins-base1.0 1.24.10-1
- gst-plugins-base0.10 
NOTE: 
https://securitylab.github.com/advisories/GHSL-2024-115_GHSL-2024-118_Gstreamer/
@@ -2545,7 +2575,7 @@ CVE-2024-47601 (GStreamer is a library for constructing 
graphs of media-handling
NOTE: Fixed by: 
https://gitlab.freedesktop.org/gstreamer/gstreamer/-/merge_requests/8057
NOTE: Fixed by: 
https://gitlab.freedesktop.org/gstreamer/gstreamer/-/merge_requests/8058 
(1.24.10)
 CVE-2024-47600 (GStreamer is a library for constructing graphs of 
media-handling compo ...)
-   {DSA-5831-1}
+   {DSA-5831-1 DLA-3999-1}
- gst-plugins-base1.0 1.24.10-1
- gst-plugins-base0.10 
NOTE: https://securitylab.github.com/advisories/GHSL-2024-248_Gstreamer/
@@ -2618,6 +2648,7 @@ CVE-2024-47543 (GStreamer is a library for constructing 
graphs of media-handling
NOTE: Fixed by: 
https://gitlab.freedesktop.org/gstreamer/gstreamer/-/merge_requests/8059
NOTE: Fixed by: 
https://gitlab.freedesktop.org/gstreamer/gstreamer/-/merge_requests/8060 
(1.24.10)
 CVE-2024-47542 (GStreamer is a library for constructing graphs of 
media-handling compo ...)
+   {DLA-3999-1}
- gst-plugins-base1.0 1.24.10-1

[Git][security-tracker-team/security-tracker][master] automatic update

2024-12-21 Thread Salvatore Bonaccorso (@carnil)


Salvatore Bonaccorso pushed to branch master at Debian Security Tracker / 
security-tracker


Commits:
4f5bd5a0 by security tracker role at 2024-12-21T08:12:05+00:00
automatic update

- - - - -


1 changed file:

- data/CVE/list


Changes:

=
data/CVE/list
=
@@ -1,3 +1,55 @@
+CVE-2024-56359 (grist-core is a spreadsheet hosting server. A user visiting a 
maliciou ...)
+   TODO: check
+CVE-2024-56358 (grist-core is a spreadsheet hosting server. A user visiting a 
maliciou ...)
+   TODO: check
+CVE-2024-56357 (grist-core is a spreadsheet hosting server. A user visiting a 
maliciou ...)
+   TODO: check
+CVE-2024-56335 (vaultwarden is an unofficial Bitwarden compatible server 
written in Ru ...)
+   TODO: check
+CVE-2024-56334 (systeminformation is a System and OS information library for 
node.js.  ...)
+   TODO: check
+CVE-2024-55509 (SQL injection vulnerability in CodeAstro Complaint Management 
System v ...)
+   TODO: check
+CVE-2024-40875 (There is a cross-site scripting vulnerability in the 
management consol ...)
+   TODO: check
+CVE-2024-12846 (A vulnerability, which was classified as problematic, has been 
found i ...)
+   TODO: check
+CVE-2024-12845 (A vulnerability classified as problematic was found in Emlog 
Pro up to ...)
+   TODO: check
+CVE-2024-12844 (A vulnerability classified as problematic has been found in 
Emlog Pro  ...)
+   TODO: check
+CVE-2024-12843 (A vulnerability was found in Emlog Pro up to 2.4.1. It has 
been rated  ...)
+   TODO: check
+CVE-2024-12771 (The eCommerce Product Catalog Plugin for WordPress plugin for 
WordPres ...)
+   TODO: check
+CVE-2024-12721 (The Custom Product Tabs For WooCommerce plugin for WordPress 
is vulner ...)
+   TODO: check
+CVE-2024-12697 (The real.Kit plugin for WordPress is vulnerable to Stored 
Cross-Site S ...)
+   TODO: check
+CVE-2024-12635 (The WP Docs plugin for WordPress is vulnerable to time-based 
SQL Injec ...)
+   TODO: check
+CVE-2024-12262 (The Ebook Store plugin for WordPress is vulnerable to 
Reflected Cross- ...)
+   TODO: check
+CVE-2024-12066 (The SMSA Shipping(official) plugin for WordPress is vulnerable 
to arbi ...)
+   TODO: check
+CVE-2024-11977 (The The kk Star Ratings \u2013 Rate Post & Collect User 
Feedbacks plug ...)
+   TODO: check
+CVE-2024-11975 (The Reactflow Visitor Recording and Heatmaps plugin for 
WordPress is v ...)
+   TODO: check
+CVE-2024-11938 (The One Click Upsell Funnel for WooCommerce \u2013  Funnel 
Builder for ...)
+   TODO: check
+CVE-2024-11811 (The Feedify \u2013 Web Push Notifications plugin for WordPress 
is vuln ...)
+   TODO: check
+CVE-2024-11682 (The G Web Pro Store Locator plugin for WordPress is vulnerable 
to Refl ...)
+   TODO: check
+CVE-2024-11607 (The GTPayment Donations WordPress plugin through 1.0.0 does 
not have C ...)
+   TODO: check
+CVE-2024-11349 (The AdForest theme for WordPress is vulnerable to 
authentication bypas ...)
+   TODO: check
+CVE-2024-11287 (The Ebook Store plugin for WordPress is vulnerable to 
Reflected Cross- ...)
+   TODO: check
+CVE-2024-11196 (The Multi-column Tag Map plugin for WordPress is vulnerable to 
Stored  ...)
+   TODO: check
 CVE-2024-7726 (There exists an unauthenticated accessible JTAG port on the 
Kioxia PM6 ...)
NOT-FOR-US: Kioxia
 CVE-2024-56356 (In JetBrains TeamCity before 2024.12 insecure XMLParser 
configuration  ...)
@@ -132797,10 +132849,10 @@ CVE-2023-31282
RESERVED
 CVE-2023-31281
RESERVED
-CVE-2023-31280
-   RESERVED
-CVE-2023-31279
-   RESERVED
+CVE-2023-31280 (An AirVantage online Warranty Checker tool vulnerability could 
allow a ...)
+   TODO: check
+CVE-2023-31279 (The AirVantage platform is vulnerable to an unauthorized 
attacker regi ...)
+   TODO: check
 CVE-2023-31245 (Devices using Snap One OvrC cloud are sent to a web address 
when acces ...)
NOT-FOR-US: Snap One
 CVE-2023-31241 (Snap One OvrC cloud servers contain a route an attacker can 
use to byp ...)
@@ -260816,8 +260868,8 @@ CVE-2021-40961 (CMS Made Simple <=2.2.15 is affected 
by SQL injection in modules
NOT-FOR-US: CMS Made Simple
 CVE-2021-40960 (Galera WebTemplate 1.0 is affected by a directory traversal 
vulnerabil ...)
NOT-FOR-US: Galera WebTemplate
-CVE-2021-40959
-   RESERVED
+CVE-2021-40959 (A reflected cross-site scripting vulnerability in MONITORAPP 
Applicati ...)
+   TODO: check
 CVE-2021-40958
RESERVED
 CVE-2021-40957
@@ -359867,8 +359919,8 @@ CVE-2020-13714
REJECTED
 CVE-2020-13713
REJECTED
-CVE-2020-13712
-   RESERVED
+CVE-2020-13712 (A command injection is possible through the user interface, 
allowing a ...)
+   TODO: check
 CVE-2020-13711
RESERVED
 CVE-2020-13710



View it on GitLab: 
https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/4f5bd5a00de

[Git][security-tracker-team/security-tracker][master] automatic update

2024-12-20 Thread Salvatore Bonaccorso (@carnil)


Salvatore Bonaccorso pushed to branch master at Debian Security Tracker / 
security-tracker


Commits:
b05d4319 by security tracker role at 2024-12-20T20:12:49+00:00
automatic update

- - - - -


1 changed file:

- data/CVE/list


Changes:

=
data/CVE/list
=
@@ -1,3 +1,65 @@
+CVE-2024-7726 (There exists an unauthenticated accessible JTAG port on the 
Kioxia PM6 ...)
+   TODO: check
+CVE-2024-56356 (In JetBrains TeamCity before 2024.12 insecure XMLParser 
configuration  ...)
+   TODO: check
+CVE-2024-56355 (In JetBrains TeamCity before 2024.12 missing Content-Type 
header in Re ...)
+   TODO: check
+CVE-2024-56354 (In JetBrains TeamCity before 2024.12 password field value were 
accessi ...)
+   TODO: check
+CVE-2024-56353 (In JetBrains TeamCity before 2024.12 backup file exposed user 
credenti ...)
+   TODO: check
+CVE-2024-56352 (In JetBrains TeamCity before 2024.12 stored XSS was possible 
via image ...)
+   TODO: check
+CVE-2024-56351 (In JetBrains TeamCity before 2024.12 access tokens were not 
revoked af ...)
+   TODO: check
+CVE-2024-56350 (In JetBrains TeamCity before 2024.12 build credentials allowed 
unautho ...)
+   TODO: check
+CVE-2024-56349 (In JetBrains TeamCity before 2024.12 improper access control 
allowed u ...)
+   TODO: check
+CVE-2024-56348 (In JetBrains TeamCity before 2024.12 improper access control 
allowed v ...)
+   TODO: check
+CVE-2024-56337 (Time-of-check Time-of-use (TOCTOU) Race Condition 
vulnerability in Apa ...)
+   TODO: check
+CVE-2024-56333 (Onyxia is a web app that aims at being the glue between 
multiple open  ...)
+   TODO: check
+CVE-2024-56331 (Uptime Kuma is an open source, self-hosted monitoring tool. An 
**Impro ...)
+   TODO: check
+CVE-2024-56330 (Stardust is a platform for streaming isolated desktop 
containers. With ...)
+   TODO: check
+CVE-2024-56329 (Socialstream is a third-party package for Laravel Jetstream. 
It replac ...)
+   TODO: check
+CVE-2024-55471 (Oqtane Framework is vulnerable to Insecure Direct Object 
Reference (ID ...)
+   TODO: check
+CVE-2024-55470 (Oqtane Framework 6.0.0 is vulnerable to Incorrect Access 
Control. By m ...)
+   TODO: check
+CVE-2024-55342 (A file upload functionality in Piranha CMS 11.1 allows 
authenticated r ...)
+   TODO: check
+CVE-2024-55341 (A stored cross-site scripting (XSS) vulnerability in Piranha 
CMS 11.1  ...)
+   TODO: check
+CVE-2024-55186 (An IDOR (Insecure Direct Object Reference) vulnerability 
exists in oqt ...)
+   TODO: check
+CVE-2024-51466 (IBM Cognos Analytics 11.2.0 through 11.2.4 FP4 and   12.0.0 
through 12 ...)
+   TODO: check
+CVE-2024-40695 (IBM Cognos Analytics 11.2.0 through 11.2.4 FP4 and   12.0.0 
through 12 ...)
+   TODO: check
+CVE-2024-37758 (Improper access control in the endpoint 
/RoleMenuMapping/AddRoleMenu o ...)
+   TODO: check
+CVE-2024-28767 (IBM Security Directory Integrator 7.2.0 through 7.2.0.13 and 
10.0.0 th ...)
+   TODO: check
+CVE-2024-12867 (Server-Side Request Forgery in URL Mapper in Arctic Security's 
Arctic  ...)
+   TODO: check
+CVE-2024-12842 (A vulnerability was found in Emlog Pro up to 2.4.1. It has 
been declar ...)
+   TODO: check
+CVE-2024-12841 (A vulnerability was found in Emlog Pro up to 2.4.1. It has 
been classi ...)
+   TODO: check
+CVE-2024-12840 (A server-side request forgery exists in Satellite. When a PUT 
HTTP req ...)
+   TODO: check
+CVE-2024-12677 (Delta Electronics DTM Soft deserializes objects, which could 
allow an  ...)
+   TODO: check
+CVE-2024-12014 (Path Traversal and Insecure Direct Object Reference (IDOR) 
vulnerabili ...)
+   TODO: check
+CVE-2024-10385 (Ticket management system in DirectAdmin Evolution Skin is 
vulnerable t ...)
+   TODO: check
 CVE-2024-9619 (The WP SHAPES plugin for WordPress is vulnerable to Stored 
Cross-Site  ...)
NOT-FOR-US: WordPress plugin
 CVE-2024-9503 (The Maintenance & Coming Soon Redirect Animation plugin for 
WordPress  ...)
@@ -292,7 +354,7 @@ CVE-2024-12692 (Type Confusion in V8 in Google Chrome prior 
to 131.0.6778.204 al
{DSA-5834-1}
- chromium 131.0.6778.204-1
[bullseye] - chromium  (see #1061268)
-CVE-2024-56128
+CVE-2024-56128 (Incorrect Implementation of Authentication Algorithm in Apache 
Kafka's ...)
- kafka  (bug #786460)
 CVE-2024-56059 (Improperly Controlled Modification of Object Prototype 
Attributes ('Pr ...)
NOT-FOR-US: WordPress plugin
@@ -2272,7 +2334,7 @@ CVE-2024-55587 (python-libarchive through 4.2.1 allows 
directory traversal (to c
NOT-FOR-US: python-libarchive (different from src:python-libarchive-c)
 CVE-2024-54269 (Missing Authorization vulnerability in Ninja Team Notibar 
allows Explo ...)
NOT-FOR-US: WordPress plugin
-CVE-2024-53677 (File upload logic is flawed vulnerability in Apache Struts.  
This issu ...)
+CVE-202

[Git][security-tracker-team/security-tracker][master] automatic update

2024-12-20 Thread Salvatore Bonaccorso (@carnil)


Salvatore Bonaccorso pushed to branch master at Debian Security Tracker / 
security-tracker


Commits:
f5d8a865 by security tracker role at 2024-12-20T08:11:59+00:00
automatic update

- - - - -


1 changed file:

- data/CVE/list


Changes:

=
data/CVE/list
=
@@ -1,3 +1,107 @@
+CVE-2024-9619 (The WP SHAPES plugin for WordPress is vulnerable to Stored 
Cross-Site  ...)
+   TODO: check
+CVE-2024-9503 (The Maintenance & Coming Soon Redirect Animation plugin for 
WordPress  ...)
+   TODO: check
+CVE-2024-8968 (The WordPress Button Plugin MaxButtons WordPress plugin before 
9.8.1 d ...)
+   TODO: check
+CVE-2024-5955 (Cross-site scripting vulnerability in Trellix ePolicy 
Orchestrator pri ...)
+   TODO: check
+CVE-2024-56327 (pyrage is a set of Python bindings for the rage file 
encryption librar ...)
+   TODO: check
+CVE-2024-54984 (An issue in Quectel BG96 BG96MAR02A08M1G allows attackers to 
bypass au ...)
+   TODO: check
+CVE-2024-54983 (An issue in Quectel BC95-CNV V100R001C00SPC051 allows 
attackers to byp ...)
+   TODO: check
+CVE-2024-54982 (An issue in Quectel BC25 with firmware version BC25PAR01A06 
allows att ...)
+   TODO: check
+CVE-2024-54663 (An issue was discovered in the Webmail Classic UI in Zimbra 
Collaborat ...)
+   TODO: check
+CVE-2024-54538 (A denial-of-service issue was addressed with improved input 
validation ...)
+   TODO: check
+CVE-2024-54009 (Remote authentication bypass vulnerability in HPE Alletra 
Storage MP B ...)
+   TODO: check
+CVE-2024-44298 (A privacy issue was addressed with improved private data 
redaction for ...)
+   TODO: check
+CVE-2024-44293 (A privacy issue was addressed with improved private data 
redaction for ...)
+   TODO: check
+CVE-2024-44292 (A privacy issue was addressed with improved private data 
redaction for ...)
+   TODO: check
+CVE-2024-44231 (This issue was addressed through improved state management. 
This issue ...)
+   TODO: check
+CVE-2024-44223 (This issue was addressed through improved state management. 
This issue ...)
+   TODO: check
+CVE-2024-44211 (This issue was addressed with improved validation of symlinks. 
This is ...)
+   TODO: check
+CVE-2024-44195 (A logic issue was addressed with improved validation. This 
issue is fi ...)
+   TODO: check
+CVE-2024-21549 (Versions of the package spatie/browsershot before 5.0.3 are 
vulnerable ...)
+   TODO: check
+CVE-2024-12832 (Arista NG Firewall ReportEntry SQL Injection Arbitrary File 
Read and W ...)
+   TODO: check
+CVE-2024-12831 (Arista NG Firewall uvm_login Incorrect Authorization Privilege 
Escalat ...)
+   TODO: check
+CVE-2024-12830 (Arista NG Firewall custom_handler Directory Traversal Remote 
Code Exec ...)
+   TODO: check
+CVE-2024-12829 (Arista NG Firewall ExecManagerImpl Command Injection Remote 
Code Execu ...)
+   TODO: check
+CVE-2024-12729 (A post-auth code injection vulnerability in the User Portal 
allows aut ...)
+   TODO: check
+CVE-2024-12728 (A weak credentials vulnerability potentially allows privileged 
system  ...)
+   TODO: check
+CVE-2024-12727 (A pre-auth SQL injection vulnerability in the email protection 
feature ...)
+   TODO: check
+CVE-2024-12700 (There is an unrestricted file upload vulnerability where it is 
possibl ...)
+   TODO: check
+CVE-2024-12678 (Nomad Community and Nomad Enterprise ("Nomad") allocations are 
vulnera ...)
+   TODO: check
+CVE-2024-12672 (A third-party vulnerability exists in the Rockwell 
AutomationArena\xae ...)
+   TODO: check
+CVE-2024-12571 (The Store Locator for WordPress with Google Maps \u2013 
LotsOfLocales  ...)
+   TODO: check
+CVE-2024-12509 (The Embed Twine plugin for WordPress is vulnerable to Stored 
Cross-Sit ...)
+   TODO: check
+CVE-2024-12506 (The NACC WordPress Plugin plugin for WordPress is vulnerable 
to Stored ...)
+   TODO: check
+CVE-2024-12175 (Another \u201cuse after free\u201dcode execution vulnerability 
exists  ...)
+   TODO: check
+CVE-2024-12111 (In a specific scenario a LDAP user can abuse the 
authentication proces ...)
+   TODO: check
+CVE-2024-11893 (The Spoki \u2013 Chat Buttons and WooCommerce Notifications 
plugin for ...)
+   TODO: check
+CVE-2024-11878 (The Category Post Slider plugin for WordPress is vulnerable to 
Stored  ...)
+   TODO: check
+CVE-2024-11812 (The Wtyczka SeoPilot dla WP plugin for WordPress is vulnerable 
to Cros ...)
+   TODO: check
+CVE-2024-11806 (The PKT1 Centro de envios plugin for WordPress is vulnerable 
to Reflec ...)
+   TODO: check
+CVE-2024-11784 (The Sell Tickets Online \u2013 TicketSource Ticket Shop for 
WordPress  ...)
+   TODO: check
+CVE-2024-11783 (The Financial Calculator plugin for WordPress is vulnerable to 
Stored  ...)
+   TODO: check
+CVE-2024-11776 (The PCRecruiter Extensions plugin for WordPress is vulnerable 
to Store ...

[Git][security-tracker-team/security-tracker][master] automatic update

2024-12-19 Thread Salvatore Bonaccorso (@carnil)


Salvatore Bonaccorso pushed to branch master at Debian Security Tracker / 
security-tracker


Commits:
58fed669 by security tracker role at 2024-12-19T20:12:16+00:00
automatic update

- - - - -


1 changed file:

- data/CVE/list


Changes:

=
data/CVE/list
=
@@ -1,7 +1,95 @@
-CVE-2024-9102
+CVE-2024-9154 (A code injection vulnerability in HMS Networks Ewon Flexy 205 
allows e ...)
+   TODO: check
+CVE-2024-7139 (Due to an unchecked buffer length, a specially crafted L2CAP 
packet ca ...)
+   TODO: check
+CVE-2024-7138 (An assert may be triggered, causing a temporary denial of 
service when ...)
+   TODO: check
+CVE-2024-7137 (The L2CAP receive data buffer for L2CAP packets is restricted 
to packe ...)
+   TODO: check
+CVE-2024-56200 (Altair is a fork of Misskey v12. Affected versions lack of 
request val ...)
+   TODO: check
+CVE-2024-56159 (Astro is a web framework for content-driven websites. A bug in 
the bui ...)
+   TODO: check
+CVE-2024-55196 (Insufficiently Protected Credentials in the Mail Server 
Configuration  ...)
+   TODO: check
+CVE-2024-55082 (A Server-Side Request Forgery (SSRF) in the endpoint 
http://{your-serv ...)
+   TODO: check
+CVE-2024-55081 (An XML External Entity (XXE) injection vulnerability in the 
component  ...)
+   TODO: check
+CVE-2024-54790 (A SQL Injection vulnerability was found in /index.php in 
PHPGurukul Pr ...)
+   TODO: check
+CVE-2024-54150 (cjwt is a C JSON Web Token (JWT) Implementation. Algorithm 
confusion o ...)
+   TODO: check
+CVE-2024-53991 (Discourse is an open source platform for community discussion. 
This vu ...)
+   TODO: check
+CVE-2024-52897 (IBM MQ Appliance 9.3 LTS, 9.3 CD, and 9.4 LTSweb console could 
allow a ...)
+   TODO: check
+CVE-2024-52896 (IBM MQ Appliance 9.3 LTS, 9.3 CD, 9.4 LTS, and 9.4 CD web 
console coul ...)
+   TODO: check
+CVE-2024-52794 (Discourse is an open source platform for community discussion. 
Users c ...)
+   TODO: check
+CVE-2024-52589 (Discourse is an open source platform for community discussion. 
Moderat ...)
+   TODO: check
+CVE-2024-51471 (IBM MQ Appliance 9.3 LTS, 9.3 CD, and 9.4 LTSweb console could 
allow a ...)
+   TODO: check
+CVE-2024-49765 (Discourse is an open source platform for community discussion. 
Sites t ...)
+   TODO: check
+CVE-2024-49336 (IBM Security Guardium 11.5 is vulnerable to server-side 
request forger ...)
+   TODO: check
+CVE-2024-47093 (Improper neutralization of input in Nagvis before version 
1.9.42 which ...)
+   TODO: check
+CVE-2024-38864 (Incorrect permissions on the Checkmk Windows Agent's data 
directory in ...)
+   TODO: check
+CVE-2024-37962 (Improper Neutralization of Input During Web Page Generation 
('Cross-si ...)
+   TODO: check
+CVE-2024-12801 (Server-Side Request Forgery (SSRF) in SaxEventRecorder by 
QOS.CH logba ...)
+   TODO: check
+CVE-2024-12798 (ACE vulnerability in JaninoEventEvaluator  by QOS.CH 
logback-core  ...)
+   TODO: check
+CVE-2024-12794 (A vulnerability, which was classified as critical, was found 
in Codezi ...)
+   TODO: check
+CVE-2024-12793 (A vulnerability, which was classified as problematic, has been 
found i ...)
+   TODO: check
+CVE-2024-12792 (A vulnerability classified as critical was found in Codezips 
E-Commerc ...)
+   TODO: check
+CVE-2024-12791 (A vulnerability was found in Codezips E-Commerce Site 1.0. It 
has been ...)
+   TODO: check
+CVE-2024-12790 (A vulnerability was found in code-projects Hostel Management 
Site 1.0. ...)
+   TODO: check
+CVE-2024-12789 (A vulnerability was found in PbootCMS up to 3.2.3. It has been 
classif ...)
+   TODO: check
+CVE-2024-12788 (A vulnerability was found in Codezips Technical Discussion 
Forum 1.0 a ...)
+   TODO: check
+CVE-2024-12787 (A vulnerability has been found in 1000 Projects Attendance 
Tracking Ma ...)
+   TODO: check
+CVE-2024-12786 (A vulnerability, which was classified as critical, was found 
in X1a0He ...)
+   TODO: check
+CVE-2024-12785 (A vulnerability was found in itsourcecode Vehicle Management 
System 1. ...)
+   TODO: check
+CVE-2024-12784 (A vulnerability was found in itsourcecode Vehicle Management 
System 1. ...)
+   TODO: check
+CVE-2024-12783 (A vulnerability was found in itsourcecode Vehicle Management 
System 1. ...)
+   TODO: check
+CVE-2024-12782 (A vulnerability has been found in Fujifilm Apeos C3070, Apeos 
C5570 an ...)
+   TODO: check
+CVE-2024-12626 (The AutomatorWP \u2013 Automator plugin for no-code 
automations, webho ...)
+   TODO: check
+CVE-2024-12569 (Disclosure of sensitive information in HikVision camera 
driver's log f ...)
+   TODO: check
+CVE-2024-12331 (The File Manager Pro \u2013 Filester plugin for WordPress is 
vulnerabl ...)
+   TODO: check
+CVE-2024-11616 (Netskope was made aware of a security vulnerability in 
Netsk

[Git][security-tracker-team/security-tracker][master] automatic update

2024-12-19 Thread Salvatore Bonaccorso (@carnil)


Salvatore Bonaccorso pushed to branch master at Debian Security Tracker / 
security-tracker


Commits:
ebf6451a by security tracker role at 2024-12-19T08:11:59+00:00
automatic update

- - - - -


1 changed file:

- data/CVE/list


Changes:

=
data/CVE/list
=
@@ -1,13 +1,85 @@
-CVE-2024-12695
+CVE-2024-56319 (In Matter (aka connectedhomeip or Project CHIP) through 
1.4.0.0 before ...)
+   TODO: check
+CVE-2024-56318 (In raw\TCP.cpp in Matter (aka connectedhomeip or Project CHIP) 
through ...)
+   TODO: check
+CVE-2024-56317 (In Matter (aka connectedhomeip or Project CHIP) through 
1.4.0.0, the W ...)
+   TODO: check
+CVE-2024-56145 (Craft is a flexible, user-friendly CMS for creating custom 
digital exp ...)
+   TODO: check
+CVE-2024-56140 (Astro is a web framework for content-driven websites. In 
affected vers ...)
+   TODO: check
+CVE-2024-56116 (A Cross-Site Request Forgery vulnerability in Amiro.CMS before 
7.8.4 a ...)
+   TODO: check
+CVE-2024-56115 (A vulnerability in Amiro.CMS before 7.8.4 exists due to the 
failure to ...)
+   TODO: check
+CVE-2024-55603 (Kanboard is project management software that focuses on the 
Kanban met ...)
+   TODO: check
+CVE-2024-55506 (An IDOR vulnerability in CodeAstro's Complaint Management 
System v1.0  ...)
+   TODO: check
+CVE-2024-55505 (An issue in CodeAstro Complaint Management System v.1.0 allows 
a remot ...)
+   TODO: check
+CVE-2024-55461 (SeaCMS <=13.0 is vulnerable to command execution in phome.php 
via the  ...)
+   TODO: check
+CVE-2024-55239 (A reflected Cross-Site Scripting vulnerability in the standard 
documen ...)
+   TODO: check
+CVE-2024-55232 (An IDOR vulnerability in the manage-notes.php module in 
PHPGurukul Onl ...)
+   TODO: check
+CVE-2024-55231 (An IDOR vulnerability in the edit-notes.php module of 
PHPGurukul Onlin ...)
+   TODO: check
+CVE-2024-53580 (iperf v3.17.1 was discovered to contain a segmentation 
violation via t ...)
+   TODO: check
+CVE-2024-51532 (Dell PowerStore contains an Improper Neutralization of 
Argument Delimi ...)
+   TODO: check
+CVE-2024-4230 (External Control of File Name or Path vulnerability in 
Edgecross Basic ...)
+   TODO: check
+CVE-2024-4229 (Incorrect Default Permissions vulnerability in Edgecross Basic 
Softwar ...)
+   TODO: check
+CVE-2024-45338 (An attacker can craft an input to the Parse functions that 
would be pr ...)
+   TODO: check
+CVE-2024-43106 (A library injection vulnerability exists in Microsoft Excel 
16.83 for  ...)
+   TODO: check
+CVE-2024-42220 (A library injection vulnerability exists in Microsoft Outlook 
16.83.3  ...)
+   TODO: check
+CVE-2024-42004 (A library injection vulnerability exists in Microsoft Teams 
(work or s ...)
+   TODO: check
+CVE-2024-41165 (A library injection vulnerability exists in Microsoft Word 
16.83 for m ...)
+   TODO: check
+CVE-2024-41159 (A library injection vulnerability exists in Microsoft OneNote 
16.83 fo ...)
+   TODO: check
+CVE-2024-41145 (A library injection vulnerability exists in the WebView.app 
helper app ...)
+   TODO: check
+CVE-2024-41138 (A library injection vulnerability exists in the 
com.microsoft.teams2.m ...)
+   TODO: check
+CVE-2024-39804 (A library injection vulnerability exists in Microsoft 
PowerPoint 16.83 ...)
+   TODO: check
+CVE-2024-37649 (Insecure Permissions vulnerability in SecureSTATION 
v.2.5.5.3116-S50-S ...)
+   TODO: check
+CVE-2024-35141 (IBM Security Verify Access Docker 10.0.0 through 10.0.6 could 
allow a  ...)
+   TODO: check
+CVE-2024-12686 (A vulnerability has been discovered in Privileged Remote 
Access (PRA)  ...)
+   TODO: check
+CVE-2024-12560 (The Button Block \u2013 Get fully customizable & 
multi-functional butt ...)
+   TODO: check
+CVE-2024-12121 (The Broken Link Checker | Finder plugin for WordPress is 
vulnerable to ...)
+   TODO: check
+CVE-2024-11984 (A unrestricted upload of file with dangerous type 
vulnerability in epa ...)
+   TODO: check
+CVE-2024-11768 (The Download Manager plugin for WordPress is vulnerable to 
unauthorize ...)
+   TODO: check
+CVE-2024-11740 (The The Download Manager plugin for WordPress is vulnerable to 
arbitra ...)
+   TODO: check
+CVE-2024-10548 (The WP Project Manager plugin for WordPress is vulnerable to 
Sensitive ...)
+   TODO: check
+CVE-2024-12695 (Out of bounds write in V8 in Google Chrome prior to 
131.0.6778.204 all ...)
- chromium 
[bullseye] - chromium  (see #1061268)
-CVE-2024-12694
+CVE-2024-12694 (Use after free in Compositing in Google Chrome prior to 
131.0.6778.204 ...)
- chromium 
[bullseye] - chromium  (see #1061268)
-CVE-2024-12693
+CVE-2024-12693 (Out of bounds memory access in V8 in Google Chrome prior to 
131.0.6778 ...)
- chromium 
[bullseye] - chromium  (see #1061268)
-CVE-2024-12692
+C

[Git][security-tracker-team/security-tracker][master] automatic update

2024-12-18 Thread Salvatore Bonaccorso (@carnil)


Salvatore Bonaccorso pushed to branch master at Debian Security Tracker / 
security-tracker


Commits:
80e7fe62 by security tracker role at 2024-12-18T20:12:19+00:00
automatic update

- - - - -


1 changed file:

- data/CVE/list


Changes:

=
data/CVE/list
=
@@ -1,3 +1,151 @@
+CVE-2024-56128 (Incorrect Implementation of Authentication Algorithm in Apache 
Kafka's ...)
+   TODO: check
+CVE-2024-56059 (Improperly Controlled Modification of Object Prototype 
Attributes ('Pr ...)
+   TODO: check
+CVE-2024-56058 (Deserialization of Untrusted Data vulnerability in Gueststream 
VRPConn ...)
+   TODO: check
+CVE-2024-56057 (Unrestricted Upload of File with Dangerous Type vulnerability 
in VibeT ...)
+   TODO: check
+CVE-2024-56055 (Path Traversal: '.../...//' vulnerability in VibeThemes WPLMS 
allows P ...)
+   TODO: check
+CVE-2024-56054 (Unrestricted Upload of File with Dangerous Type vulnerability 
in VibeT ...)
+   TODO: check
+CVE-2024-56053 (Improper Neutralization of Special Elements used in an SQL 
Command ('S ...)
+   TODO: check
+CVE-2024-56052 (Unrestricted Upload of File with Dangerous Type vulnerability 
in VibeT ...)
+   TODO: check
+CVE-2024-56051 (Improper Control of Generation of Code ('Code Injection') 
vulnerabilit ...)
+   TODO: check
+CVE-2024-56050 (Unrestricted Upload of File with Dangerous Type vulnerability 
in VibeT ...)
+   TODO: check
+CVE-2024-56049 (Path Traversal: '.../...//' vulnerability in VibeThemes WPLMS 
allows P ...)
+   TODO: check
+CVE-2024-56048 (Missing Authorization vulnerability in VibeThemes WPLMS allows 
Accessi ...)
+   TODO: check
+CVE-2024-56047 (Improper Neutralization of Special Elements used in an SQL 
Command ('S ...)
+   TODO: check
+CVE-2024-56016 (Improper Neutralization of Input During Web Page Generation 
('Cross-si ...)
+   TODO: check
+CVE-2024-56010 (Improper Neutralization of Input During Web Page Generation 
('Cross-si ...)
+   TODO: check
+CVE-2024-56008 (Missing Authorization vulnerability in spreadr Spreadr 
Woocommerce all ...)
+   TODO: check
+CVE-2024-55997 (Missing Authorization vulnerability in Web Chunky Order 
Delivery & Pic ...)
+   TODO: check
+CVE-2024-55985 (Improper Neutralization of Special Elements used in an SQL 
Command ('S ...)
+   TODO: check
+CVE-2024-55984 (Improper Neutralization of Special Elements used in an SQL 
Command ('S ...)
+   TODO: check
+CVE-2024-55983 (Improper Neutralization of Special Elements used in an SQL 
Command ('S ...)
+   TODO: check
+CVE-2024-55975 (Improper Neutralization of Special Elements used in an SQL 
Command ('S ...)
+   TODO: check
+CVE-2024-55953 (DataEase is an open source business analytics tool. 
Authenticated user ...)
+   TODO: check
+CVE-2024-55952 (DataEase is an open source business analytics tool. 
Authenticated user ...)
+   TODO: check
+CVE-2024-55492 (Winmail Server 4.4 is vulnerable to 
f_user=%22%3E%3Csvg%20onload Cross ...)
+   TODO: check
+CVE-2024-55089 (Rhymix 2.1.19 is vulnerable to Server-Side Request Forgery 
(SSRF) in t ...)
+   TODO: check
+CVE-2024-55088 (GetSimple CMS CE 3.3.19 is vulnerable to Server-Side Request 
Forgery ( ...)
+   TODO: check
+CVE-2024-55086 (In the GetSimple CMS CE 3.3.19 management page, Server-Side 
Request Fo ...)
+   TODO: check
+CVE-2024-54383 (Incorrect Privilege Assignment vulnerability in wpweb 
WooCommerce PDF  ...)
+   TODO: check
+CVE-2024-54381 (Missing Authorization vulnerability in theDotstore Advance 
Menu Manage ...)
+   TODO: check
+CVE-2024-54350 (Improper Neutralization of Input During Web Page Generation 
('Cross-si ...)
+   TODO: check
+CVE-2024-54270 (Improper Control of Filename for Include/Require Statement in 
PHP Prog ...)
+   TODO: check
+CVE-2024-53271 (Envoy is a cloud-native high-performance edge/middle/service 
proxy. In ...)
+   TODO: check
+CVE-2024-53270 (Envoy is a cloud-native high-performance edge/middle/service 
proxy. In ...)
+   TODO: check
+CVE-2024-53269 (Envoy is a cloud-native high-performance edge/middle/service 
proxy. Wh ...)
+   TODO: check
+CVE-2024-52593 (Misskey is an open source, federated social media platform.In 
affected ...)
+   TODO: check
+CVE-2024-52592 (Misskey is an open source, federated social media platform. In 
affecte ...)
+   TODO: check
+CVE-2024-52591 (Misskey is an open source, federated social media platform. In 
affecte ...)
+   TODO: check
+CVE-2024-52590 (Misskey is an open source, federated social media platform. In 
affecte ...)
+   TODO: check
+CVE-2024-52579 (Misskey is an open source, federated social media platform. 
Some APIs  ...)
+   TODO: check
+CVE-2024-52485 (Missing Authorization vulnerability in Yudiz Solutions Ltd. WP 
Menu Im ...)
+   TODO: check
+CVE-2024-52361 (IBM Storage Defender - Resiliency Service 2.0.0 through 2.0.9  
   stor

[Git][security-tracker-team/security-tracker][master] automatic update

2024-12-18 Thread Salvatore Bonaccorso (@carnil)


Salvatore Bonaccorso pushed to branch master at Debian Security Tracker / 
security-tracker


Commits:
803cdd57 by security tracker role at 2024-12-18T08:12:06+00:00
automatic update

- - - - -


1 changed file:

- data/CVE/list


Changes:

=
data/CVE/list
=
@@ -1,3 +1,91 @@
+CVE-2024-56175 (In Optimizely Configured Commerce before 5.2.2408, malicious 
payloads  ...)
+   TODO: check
+CVE-2024-56174 (In Optimizely Configured Commerce before 5.2.2408, malicious 
payloads  ...)
+   TODO: check
+CVE-2024-56173 (In Optimizely Configured Commerce before 5.2.2408, malicious 
payloads  ...)
+   TODO: check
+CVE-2024-56170 (A validation integrity issue was discovered in Fort through 
1.6.4 befo ...)
+   TODO: check
+CVE-2024-56169 (A validation integrity issue was discovered in Fort through 
1.6.4 befo ...)
+   TODO: check
+CVE-2024-56142 (pghoard is a PostgreSQL backup daemon and restore tooling that 
stores  ...)
+   TODO: check
+CVE-2024-55059 (A stored HTML Injection vulnerability was identified in 
PHPGurukul Onl ...)
+   TODO: check
+CVE-2024-55058 (An insecure direct object reference (IDOR) vulnerability was 
discovere ...)
+   TODO: check
+CVE-2024-55057 (Phpgurukul Online Birth Certificate System 1.0 suffers from 
insufficie ...)
+   TODO: check
+CVE-2024-55056 (A stored cross-site scripting (XSS) vulnerability was 
identified in Ph ...)
+   TODO: check
+CVE-2024-54457 (Inclusion of undocumented features or chicken bits issue 
exists in AE1 ...)
+   TODO: check
+CVE-2024-53688 (Improper neutralization of special elements used in an OS 
command ('OS ...)
+   TODO: check
+CVE-2024-52792 (LDAP Account Manager (LAM) is a php webfrontend for managing 
entries ( ...)
+   TODO: check
+CVE-2024-51175 (An issue in H3C switch h3c-S1526 allows a remote attacker to 
obtain se ...)
+   TODO: check
+CVE-2024-4464 (Authorization bypass through user-controlled key vulnerability 
in stre ...)
+   TODO: check
+CVE-2024-47480 (Dell Inventory Collector Client, versions prior to 12.7.0, 
contains an ...)
+   TODO: check
+CVE-2024-47397 (Weak authentication issue exists in AE1021 firmware versions 
2.0.10 an ...)
+   TODO: check
+CVE-2024-39703 (In ThreatQuotient ThreatQ before 5.29.3, authenticated users 
are able  ...)
+   TODO: check
+CVE-2024-31668 (rizin before v0.6.3 is vulnerable to Improper Neutralization 
of Specia ...)
+   TODO: check
+CVE-2024-29646 (Buffer Overflow vulnerability in radarorg radare2 v.5.8.8 
allows an at ...)
+   TODO: check
+CVE-2024-21548 (Versions of the package bun before 1.1.30 are vulnerable to 
Prototype  ...)
+   TODO: check
+CVE-2024-21547 (Versions of the package spatie/browsershot before 5.0.2 are 
vulnerable ...)
+   TODO: check
+CVE-2024-21546 (Versions of the package unisharp/laravel-filemanager before 
2.9.1 are  ...)
+   TODO: check
+CVE-2024-1610 (In OPPO Store APP, there's a possible escalation of privilege 
due to i ...)
+   TODO: check
+CVE-2024-12698 (An incomplete fix for ose-olm-catalogd-container was issued 
for the Ra ...)
+   TODO: check
+CVE-2024-12596 (The LifterLMS \u2013 WP LMS for eLearning, Online Courses, & 
Quizzes p ...)
+   TODO: check
+CVE-2024-12539 (An issue was discovered where improper authorization controls 
affected ...)
+   TODO: check
+CVE-2024-12513 (The Contests by Rewards Fuel plugin for WordPress is 
vulnerable to Sto ...)
+   TODO: check
+CVE-2024-12500 (The Philantro \u2013 Donations and Donor Management plugin for 
WordPre ...)
+   TODO: check
+CVE-2024-12449 (The Video Share VOD \u2013 Turnkey Video Site Builder Script 
plugin fo ...)
+   TODO: check
+CVE-2024-12432 (The WPC Shop as a Customer for WooCommerce plugin for 
WordPress is vul ...)
+   TODO: check
+CVE-2024-12287 (The Biagiotti Membership plugin for WordPress is vulnerable to 
authent ...)
+   TODO: check
+CVE-2024-12259 (The CRM WordPress Plugin \u2013 RepairBuddy plugin for 
WordPress is vu ...)
+   TODO: check
+CVE-2024-12250 (The Accept Authorize.NET Payments Using Contact Form 7 plugin 
for Word ...)
+   TODO: check
+CVE-2024-12061 (The Events Addon for Elementor plugin for WordPress is 
vulnerable to I ...)
+   TODO: check
+CVE-2024-12025 (The Collapsing Categories plugin for WordPress is vulnerable 
to SQL In ...)
+   TODO: check
+CVE-2024-11993 (Reflected cross-site scripting (XSS) vulnerability in Liferay 
Portal 7 ...)
+   TODO: check
+CVE-2024-11881 (The Easy Waveform Player plugin for WordPress is vulnerable to 
Stored  ...)
+   TODO: check
+CVE-2024-11748 (The Taeggie Feed plugin for WordPress is vulnerable to Stored 
Cross-Si ...)
+   TODO: check
+CVE-2024-11439 (The ScanCircle plugin for WordPress is vulnerable to Stored 
Cross-Site ...)
+   TODO: check
+CVE-2024-11295 (The Simple Page Access Restriction plugin for WordPress is 
vulnerable  ..

[Git][security-tracker-team/security-tracker][master] automatic update

2024-12-17 Thread Salvatore Bonaccorso (@carnil)


Salvatore Bonaccorso pushed to branch master at Debian Security Tracker / 
security-tracker


Commits:
4c5bbf87 by security tracker role at 2024-12-17T20:12:49+00:00
automatic update

- - - - -


1 changed file:

- data/CVE/list


Changes:

=
data/CVE/list
=
@@ -1,10 +1,116 @@
+CVE-2024-9819 (Authorization Bypass Through User-Controlled Key vulnerability 
in Next ...)
+   TODO: check
+CVE-2024-9654 (The Easy Digital Downloads plugin for WordPress is vulnerable 
to Impro ...)
+   TODO: check
+CVE-2024-8972 (Improper Neutralization of Special Elements used in an SQL 
Command ('S ...)
+   TODO: check
+CVE-2024-8475 (Authentication Bypass by Assumed-Immutable Data vulnerability 
in Digit ...)
+   TODO: check
+CVE-2024-8429 (Improper Restriction of Excessive Authentication Attempts 
vulnerabilit ...)
+   TODO: check
+CVE-2024-8326 (The s2Member \u2013 Excellent for All Kinds of Memberships, 
Content Re ...)
+   TODO: check
+CVE-2024-56139 (pdftools is a high level tools to convert PDF files to ePUB 
formats. I ...)
+   TODO: check
+CVE-2024-55516 (A vulnerability was found in Raisecom MSG1200, MSG2100E, 
MSG2200, and  ...)
+   TODO: check
+CVE-2024-55515 (A vulnerability was found in Raisecom MSG1200, MSG2100E, 
MSG2200, and  ...)
+   TODO: check
+CVE-2024-55514 (A vulnerability was found in Raisecom MSG1200, MSG2100E, 
MSG2200, and  ...)
+   TODO: check
+CVE-2024-55513 (A vulnerability was found in Raisecom MSG1200, MSG2100E, 
MSG2200, and  ...)
+   TODO: check
+CVE-2024-55496 (A vulnerability has been found in the 1000projects Bookstore 
Managemen ...)
+   TODO: check
+CVE-2024-54677 (Uncontrolled Resource Consumption vulnerability in the 
examples web ap ...)
+   TODO: check
+CVE-2024-54662 (Dante 1.4.0 through 1.4.3 (fixed in 1.4.4) has incorrect 
access contro ...)
+   TODO: check
+CVE-2024-52542 (Dell AppSync, version 4.6.0.x, contain a Symbolic Link 
(Symlink) Follo ...)
+   TODO: check
+CVE-2024-51479 (Next.js is a React framework for building full-stack web 
applications. ...)
+   TODO: check
+CVE-2024-50379 (Time-of-check Time-of-use (TOCTOU) Race Condition 
vulnerability during ...)
+   TODO: check
+CVE-2024-49820 (IBM Security Guardium Key Lifecycle Manager 4.1, 4.1.1, 4.2.0, 
and 4.2 ...)
+   TODO: check
+CVE-2024-49819 (IBM Security Guardium Key Lifecycle Manager 4.1, 4.1.1, 4.2.0, 
and 4.2 ...)
+   TODO: check
+CVE-2024-49818 (IBM Security Guardium Key Lifecycle Manager 4.1, 4.1.1, 4.2.0, 
and 4.2 ...)
+   TODO: check
+CVE-2024-49817 (IBM Security Guardium Key Lifecycle Manager 4.1, 4.1.1, 4.2.0, 
and 4.2 ...)
+   TODO: check
+CVE-2024-49816 (IBM Security Guardium Key Lifecycle Manager 4.1, 4.1.1, 4.2.0, 
and 4.2 ...)
+   TODO: check
+CVE-2024-49194 (Databricks JDBC Driver before 2.6.40 could potentially allow 
remote co ...)
+   TODO: check
+CVE-2024-42194 (An improper handling of insufficient permissions or privileges 
affects ...)
+   TODO: check
+CVE-2024-37607 (A Buffer overflow vulnerability in D-Link DAP-2555 
REVA_FIRMWARE_1.20  ...)
+   TODO: check
+CVE-2024-37606 (A Stack overflow vulnerability in D-Link DCS-932L 
REVB_FIRMWARE_2.18.0 ...)
+   TODO: check
+CVE-2024-37605 (A NULL pointer dereference in D-Link DIR-860L 
REVB_FIRMWARE_2.04.B04_i ...)
+   TODO: check
+CVE-2024-36832 (A NULL pointer dereference in D-Link DAP-1513 
REVA_FIRMWARE_1.01 allow ...)
+   TODO: check
+CVE-2024-36831 (A NULL pointer dereference in the 
plugins_call_handle_uri_clean functi ...)
+   TODO: check
+CVE-2024-12671 (A maliciously crafted DWFX file, when parsed through Autodesk 
Naviswor ...)
+   TODO: check
+CVE-2024-12670 (A maliciously crafted DWF file, when parsed through Autodesk 
Naviswork ...)
+   TODO: check
+CVE-2024-12669 (A maliciously crafted DWFX file, when parsed through Autodesk 
Naviswor ...)
+   TODO: check
+CVE-2024-12601 (The Calculated Fields Form plugin for WordPress is vulnerable 
to Denia ...)
+   TODO: check
+CVE-2024-12469 (The WP BASE Booking of Appointments, Services and Events 
plugin for Wo ...)
+   TODO: check
+CVE-2024-12395 (The WooCommerce Additional Fees On Checkout (Free) plugin for 
WordPres ...)
+   TODO: check
+CVE-2024-12293 (The User Role Editor plugin for WordPress is vulnerable to 
Cross-Site  ...)
+   TODO: check
+CVE-2024-12200 (A maliciously crafted DWFX file, when parsed through Autodesk 
Naviswor ...)
+   TODO: check
+CVE-2024-12199 (A maliciously crafted DWFX file, when parsed through Autodesk 
Naviswor ...)
+   TODO: check
+CVE-2024-12198 (A maliciously crafted DWFX file, when parsed through Autodesk 
Naviswor ...)
+   TODO: check
+CVE-2024-12197 (A maliciously crafted DWFX file, when parsed through Autodesk 
Naviswor ...)
+   TODO: check
+CVE-2024-12194 (A maliciously crafted DWFX file, when parsed through Autodesk 
Naviswor ...)

[Git][security-tracker-team/security-tracker][master] automatic update

2024-12-17 Thread Salvatore Bonaccorso (@carnil)


Salvatore Bonaccorso pushed to branch master at Debian Security Tracker / 
security-tracker


Commits:
9b68c6f9 by security tracker role at 2024-12-17T08:12:05+00:00
automatic update

- - - - -


1 changed file:

- data/CVE/list


Changes:

=
data/CVE/list
=
@@ -1,3 +1,67 @@
+CVE-2024-9624 (The WP All Import Pro plugin for WordPress is vulnerable to 
Server-Sid ...)
+   TODO: check
+CVE-2024-56017 (Cross-Site Request Forgery (CSRF) vulnerability in Tom Royal 
Stop Regi ...)
+   TODO: check
+CVE-2024-55951 (Metabase is an open-source data analytics platform. For new 
sandboxing ...)
+   TODO: check
+CVE-2024-55864 (Cross-site scripting vulnerability exists in My WP Customize 
Admin/Fro ...)
+   TODO: check
+CVE-2024-7 (ui/pref/ProxyPrefView.java in weasis-core in Weasis 4.5.1 has 
a hardco ...)
+   TODO: check
+CVE-2024-4 (Intrexx Portal Server before 12.0.2 allows XSS via a 
user-defined port ...)
+   TODO: check
+CVE-2024-55452 (A URL redirection vulnerability exists in UJCMS 9.6.3 due to 
improper  ...)
+   TODO: check
+CVE-2024-55451 (A Stored Cross-Site Scripting (XSS) vulnerability exists in 
authentica ...)
+   TODO: check
+CVE-2024-55104 (Online Nurse Hiring System v1.0 was discovered to contain 
multiple SQL ...)
+   TODO: check
+CVE-2024-55103 (Online Nurse Hiring System v1.0 was discovered to contain a 
SQL inject ...)
+   TODO: check
+CVE-2024-55100 (A stored cross-site scripting (XSS) vulnerability in the 
component /ad ...)
+   TODO: check
+CVE-2024-55085 (GetSimple CMS CE 3.3.19 suffers from arbitrary code execution 
in the t ...)
+   TODO: check
+CVE-2024-54125 (Improper authorization in handler for custom URL scheme issue 
in "Shon ...)
+   TODO: check
+CVE-2024-52949 (iptraf-ng 1.2.1 has a stack-based buffer overflow.)
+   TODO: check
+CVE-2024-38499 (CA Client Automation (ITCM) allows non-admin/non-root users to 
encrypt ...)
+   TODO: check
+CVE-2024-37776 (A cross-site scripting (XSS) vulnerability in Sunbird DCIM 
dcTrack v9. ...)
+   TODO: check
+CVE-2024-37775 (Incorrect access control in Sunbird DCIM dcTrack v9.1.2 allows 
attacke ...)
+   TODO: check
+CVE-2024-37774 (A Cross-Site Request Forgery (CSRF) in Sunbird DCIM dcTrack 
v9.1.2 all ...)
+   TODO: check
+CVE-2024-37773 (An HTML injection vulnerability in Sunbird DCIM dcTrack 9.1.2 
allows a ...)
+   TODO: check
+CVE-2024-35230 (GeoServer is an open source software server written in Java 
that allow ...)
+   TODO: check
+CVE-2024-29671 (Buffer Overflow vulnerability in NEXTU FLATA AX1500 Router 
v.1.0.2 all ...)
+   TODO: check
+CVE-2024-12443 (The CRM Perks \u2013 WordPress HelpDesk Integration \u2013 
Zendesk, Fr ...)
+   TODO: check
+CVE-2024-12356 (A critical vulnerability has been discovered in Privileged 
Remote Acce ...)
+   TODO: check
+CVE-2024-12239 (The PowerPack Lite for Beaver Builder plugin for WordPress is 
vulnerab ...)
+   TODO: check
+CVE-2024-12220 (The SMS for WooCommerce plugin for WordPress is vulnerable to 
Cross-Si ...)
+   TODO: check
+CVE-2024-12219 (The Stop Registration Spam plugin for WordPress is vulnerable 
to Cross ...)
+   TODO: check
+CVE-2024-11999 (CWE-1104: Use of Unmaintained Third-Party Components 
vulnerability exi ...)
+   TODO: check
+CVE-2024-11906 (The TPG Get Posts plugin for WordPress is vulnerable to Stored 
Cross-S ...)
+   TODO: check
+CVE-2024-11905 (The Animated Counters plugin for WordPress is vulnerable to 
Stored Cro ...)
+   TODO: check
+CVE-2024-11902 (The Slope Widgets plugin for WordPress is vulnerable to Stored 
Cross-S ...)
+   TODO: check
+CVE-2024-11900 (The Portfolio \u2013 Filterable Masonry Portfolio Gallery for 
Professi ...)
+   TODO: check
+CVE-2024-10205 (Authentication Bypass vulnerability in Hitachi Ops Center 
Analyzer on  ...)
+   TODO: check
 CVE-2024-8058 (An improper parsing vulnerability was reported in the FileZ 
client tha ...)
NOT-FOR-US: FileZ client
 CVE-2024-6002
@@ -66470,7 +66534,7 @@ CVE-2024-28328 (CSV Injection vulnerability in the Asus 
RT-N12+ router allows ad
NOT-FOR-US: ASUS
 CVE-2024-28327 (Asus RT-N12+ B1 router stores user passwords in plaintext, 
which could ...)
NOT-FOR-US: ASUS
-CVE-2024-28326 (Incorrect Access Control in Asus RT-N12+ B1 routers allows 
local attac ...)
+CVE-2024-28326 (Incorrect Access Control in ASUS RT-N12+ B1 and RT-N12 D1 
routers allo ...)
NOT-FOR-US: ASUS
 CVE-2024-28325 (Asus RT-N12+ B1 router stores credentials in cleartext, which 
could al ...)
NOT-FOR-US: ASUS
@@ -297645,14 +297709,14 @@ CVE-2021-26283
RESERVED
 CVE-2021-26282
RESERVED
-CVE-2021-26281
-   RESERVED
-CVE-2021-26280
-   RESERVED
-CVE-2021-26279
-   RESERVED
-CVE-2021-26278
-   RESERVED
+CVE-2021-26281 (Some parameters of the alarm clock module are improperly 
stor

[Git][security-tracker-team/security-tracker][master] automatic update

2024-12-16 Thread Salvatore Bonaccorso (@carnil)


Salvatore Bonaccorso pushed to branch master at Debian Security Tracker / 
security-tracker


Commits:
7e3d4a34 by security tracker role at 2024-12-16T20:12:12+00:00
automatic update

- - - - -


1 changed file:

- data/CVE/list


Changes:

=
data/CVE/list
=
@@ -1,3 +1,337 @@
+CVE-2024-8058 (An improper parsing vulnerability was reported in the FileZ 
client tha ...)
+   TODO: check
+CVE-2024-6002
+   REJECTED
+CVE-2024-6001 (An improper certificate validation vulnerability was reported 
in LADM  ...)
+   TODO: check
+CVE-2024-56015 (Cross-Site Request Forgery (CSRF) vulnerability in John Godley 
Tidy Up ...)
+   TODO: check
+CVE-2024-56013 (Authentication Bypass Using an Alternate Path or Channel 
vulnerability ...)
+   TODO: check
+CVE-2024-56012 (Cross-Site Request Forgery (CSRF) vulnerability in Pearlbells 
Flash Ne ...)
+   TODO: check
+CVE-2024-56011 (Improper Neutralization of Input During Web Page Generation 
('Cross-si ...)
+   TODO: check
+CVE-2024-56009 (Missing Authorization vulnerability in spreadr Spreadr 
Woocommerce all ...)
+   TODO: check
+CVE-2024-56007 (Missing Authorization vulnerability in Ram Segev Leader allows 
Exploit ...)
+   TODO: check
+CVE-2024-56005 (Cross-Site Request Forgery (CSRF) vulnerability in Posti Posti 
Shippin ...)
+   TODO: check
+CVE-2024-56004 (Missing Authorization vulnerability in Alex W Fowler Easy Site 
Importe ...)
+   TODO: check
+CVE-2024-56003 (Missing Authorization vulnerability in David Cramer Caldera 
SMTP Maile ...)
+   TODO: check
+CVE-2024-56001 (Missing Authorization vulnerability in Ksher Ksher allows 
Exploiting I ...)
+   TODO: check
+CVE-2024-55999 (Missing Authorization vulnerability in Marco Giannini XML 
Multilanguag ...)
+   TODO: check
+CVE-2024-55998 (Missing Authorization vulnerability in dusthazard Popup 
Surveys & Poll ...)
+   TODO: check
+CVE-2024-55996 (Missing Authorization vulnerability in Dreamfox Dreamfox Media 
Payment ...)
+   TODO: check
+CVE-2024-55994 (Missing Authorization vulnerability in 
\u641c\u72d0\u7545\u8a00 \u7545 ...)
+   TODO: check
+CVE-2024-55993 (Missing Authorization vulnerability in PickPlugins Job Board 
Manager a ...)
+   TODO: check
+CVE-2024-55992 (Missing Authorization vulnerability in Open Tools WooCommerce 
Basic Or ...)
+   TODO: check
+CVE-2024-55990 (Improper Neutralization of Special Elements used in an SQL 
Command ('S ...)
+   TODO: check
+CVE-2024-55989 (Improper Neutralization of Special Elements used in an SQL 
Command ('S ...)
+   TODO: check
+CVE-2024-55988 (Improper Neutralization of Special Elements used in an SQL 
Command ('S ...)
+   TODO: check
+CVE-2024-55987 (Improper Neutralization of Special Elements used in an SQL 
Command ('S ...)
+   TODO: check
+CVE-2024-55986 (Improper Neutralization of Special Elements used in an SQL 
Command ('S ...)
+   TODO: check
+CVE-2024-55982 (Improper Neutralization of Special Elements used in an SQL 
Command ('S ...)
+   TODO: check
+CVE-2024-55981 (Improper Neutralization of Special Elements used in an SQL 
Command ('S ...)
+   TODO: check
+CVE-2024-55980 (Improper Neutralization of Special Elements used in an SQL 
Command ('S ...)
+   TODO: check
+CVE-2024-55979 (Improper Neutralization of Special Elements used in an SQL 
Command ('S ...)
+   TODO: check
+CVE-2024-55978 (Improper Neutralization of Special Elements used in an SQL 
Command ('S ...)
+   TODO: check
+CVE-2024-55977 (Improper Neutralization of Special Elements used in an SQL 
Command ('S ...)
+   TODO: check
+CVE-2024-55976 (Improper Neutralization of Special Elements used in an SQL 
Command ('S ...)
+   TODO: check
+CVE-2024-55974 (Improper Neutralization of Special Elements used in an SQL 
Command ('S ...)
+   TODO: check
+CVE-2024-55973 (Improper Neutralization of Special Elements used in an SQL 
Command ('S ...)
+   TODO: check
+CVE-2024-55972 (Improper Neutralization of Special Elements used in an SQL 
Command ('S ...)
+   TODO: check
+CVE-2024-55949 (MinIO is a high-performance, S3 compatible object store, open 
sourced  ...)
+   TODO: check
+CVE-2024-54682 (Mattermost versions 10.1.x <= 10.1.2, 10.0.x <= 10.0.2, 9.11.x 
<= 9.11 ...)
+   TODO: check
+CVE-2024-54443 (Improper Neutralization of Input During Web Page Generation 
('Cross-si ...)
+   TODO: check
+CVE-2024-54442 (Improper Neutralization of Input During Web Page Generation 
('Cross-si ...)
+   TODO: check
+CVE-2024-54441 (Improper Neutralization of Input During Web Page Generation 
('Cross-si ...)
+   TODO: check
+CVE-2024-54440 (Cross-Site Request Forgery (CSRF) vulnerability in blueskyy 
WP-Ban-Use ...)
+   TODO: check
+CVE-2024-54439 (Cross-Site Request Forgery (CSRF) vulnerability in Alok Tiwari 
Amazon  ...)
+   TODO: check
+CVE-2024-54438 (Cross-Site Request Forgery (CSRF) vulnera

[Git][security-tracker-team/security-tracker][master] automatic update

2024-12-16 Thread Salvatore Bonaccorso (@carnil)


Salvatore Bonaccorso pushed to branch master at Debian Security Tracker / 
security-tracker


Commits:
74bdb9ac by security tracker role at 2024-12-16T08:11:57+00:00
automatic update

- - - - -


1 changed file:

- data/CVE/list


Changes:

=
data/CVE/list
=
@@ -1,3 +1,43 @@
+CVE-2024-9679 (A Hardcoded Cryptographic key vulnerability existed in DLP 
Extension 1 ...)
+   TODO: check
+CVE-2024-9678 (An SQL Injection vulnerability existed in DLP Extension 
11.11.1.3.  Th ...)
+   TODO: check
+CVE-2024-8798 (No proper validation of the length of user input in 
olcp_ind_handler i ...)
+   TODO: check
+CVE-2024-8650 (An issue was discovered in GitLab CE/EE affecting all versions 
from 15 ...)
+   TODO: check
+CVE-2024-8116 (An issue has been discovered in GitLab CE/EE affecting all 
versions fr ...)
+   TODO: check
+CVE-2024-5333 (The Events Calendar WordPress plugin before 6.8.2.1 is missing 
access  ...)
+   TODO: check
+CVE-2024-56112 (CyberPanel (aka Cyber Panel) before f0cf648 allows XSS via 
token or us ...)
+   TODO: check
+CVE-2024-56087 (An issue was discovered in Logpoint before 7.5.0. 
Authenticated users  ...)
+   TODO: check
+CVE-2024-56086 (An issue was discovered in Logpoint before 7.5.0. 
Authenticated users  ...)
+   TODO: check
+CVE-2024-56085 (An issue was discovered in Logpoint before 7.5.0. 
Authenticated users  ...)
+   TODO: check
+CVE-2024-56084 (An issue was discovered in Logpoint UniversalNormalizer before 
5.7.0.  ...)
+   TODO: check
+CVE-2024-56083 (Cognition Devin before 2024-12-12 provides write access to 
code by an  ...)
+   TODO: check
+CVE-2024-53376 (CyberPanel before 2.3.8 allows remote authenticated users to 
execute a ...)
+   TODO: check
+CVE-2024-12646 (The topm-client from Chunghwa Telecom has an Arbitrary File 
Delete vul ...)
+   TODO: check
+CVE-2024-12645 (The topm-client from Chunghwa Telecom has an Arbitrary File 
Read vulne ...)
+   TODO: check
+CVE-2024-12644 (The tbm-client from Chunghwa Telecom has an Arbitrary File 
vulnerabili ...)
+   TODO: check
+CVE-2024-12643 (The tbm-client from Chunghwa Telecom has an Arbitrary File 
Delete vuln ...)
+   TODO: check
+CVE-2024-12642 (TenderDocTransfer from Chunghwa Telecom has an Arbitrary File 
Write vu ...)
+   TODO: check
+CVE-2024-12641 (TenderDocTransfer from Chunghwa Telecom has a Reflected 
Cross-site scr ...)
+   TODO: check
+CVE-2024-11841 (The Tithe.ly Giving Button WordPress plugin through 1.1 does 
not valid ...)
+   TODO: check
 CVE-2024-7701 (Use of Password Hash With Insufficient Computational Effort 
vulnerabil ...)
- percona-toolkit 
TODO: check details on upstream reports
@@ -1235,6 +1275,7 @@ CVE-2024-47607 (GStreamer is a library for constructing 
graphs of media-handling
NOTE: Fixed by: 
https://gitlab.freedesktop.org/gstreamer/gstreamer/-/commit/2838374d6ee4a0c9c4c4221ac46d5c1688f26e59
NOTE: Fixed by: 
https://gitlab.freedesktop.org/gstreamer/gstreamer/-/commit/804eca458fb547942ed70b88c021b996be9228a2
 (1.24.10)
 CVE-2024-47606 (GStreamer is a library for constructing graphs of 
media-handling compo ...)
+   {DLA-3994-1}
- gstreamer1.0 1.24.10-1
- gstreamer0.10 
- gst-plugins-good1.0 1.24.10-1



View it on GitLab: 
https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/74bdb9ac8c8075f5abdfaa2e5184ef917b973bd5

-- 
View it on GitLab: 
https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/74bdb9ac8c8075f5abdfaa2e5184ef917b973bd5
You're receiving this email because of your account on salsa.debian.org.


___
debian-security-tracker-commits mailing list
debian-security-tracker-commits@alioth-lists.debian.net
https://alioth-lists.debian.net/cgi-bin/mailman/listinfo/debian-security-tracker-commits


[Git][security-tracker-team/security-tracker][master] automatic update

2024-12-15 Thread Salvatore Bonaccorso (@carnil)


Salvatore Bonaccorso pushed to branch master at Debian Security Tracker / 
security-tracker


Commits:
00e76400 by security tracker role at 2024-12-15T20:12:15+00:00
automatic update

- - - - -


1 changed file:

- data/CVE/list


Changes:

=
data/CVE/list
=
@@ -1,3 +1,7 @@
+CVE-2024-7701 (Use of Password Hash With Insufficient Computational Effort 
vulnerabil ...)
+   TODO: check
+CVE-2024-11858 (A flaw was found in Radare2, which contains a command 
injection vulner ...)
+   TODO: check
 CVE-2024-56082 (ChatBar.tsx in Lumos before 1.0.17 parses raw HTML in Markdown 
because ...)
NOT-FOR-US: ChatBar.tsx in Lumos
 CVE-2024-56074 (gitingest before 9996a06 mishandles symbolic links that point 
outside  ...)



View it on GitLab: 
https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/00e7640034101a8433ea4678424a2f4d3eace751

-- 
View it on GitLab: 
https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/00e7640034101a8433ea4678424a2f4d3eace751
You're receiving this email because of your account on salsa.debian.org.


___
debian-security-tracker-commits mailing list
debian-security-tracker-commits@alioth-lists.debian.net
https://alioth-lists.debian.net/cgi-bin/mailman/listinfo/debian-security-tracker-commits


[Git][security-tracker-team/security-tracker][master] automatic update

2024-12-15 Thread Salvatore Bonaccorso (@carnil)


Salvatore Bonaccorso pushed to branch master at Debian Security Tracker / 
security-tracker


Commits:
6f4d1753 by security tracker role at 2024-12-15T08:11:55+00:00
automatic update

- - - - -


1 changed file:

- data/CVE/list


Changes:

=
data/CVE/list
=
@@ -1,3 +1,15 @@
+CVE-2024-56082 (ChatBar.tsx in Lumos before 1.0.17 parses raw HTML in Markdown 
because ...)
+   TODO: check
+CVE-2024-56074 (gitingest before 9996a06 mishandles symbolic links that point 
outside  ...)
+   TODO: check
+CVE-2024-56073 (An issue was discovered in FastNetMon Community Edition 
through 1.2.7. ...)
+   TODO: check
+CVE-2024-56072 (An issue was discovered in FastNetMon Community Edition 
through 1.2.7. ...)
+   TODO: check
+CVE-2024-55970 (File Manager in Syncfusion Essential Studio for ASP.NET MVC 
before 27. ...)
+   TODO: check
+CVE-2024-55969 (DocIO in Syncfusion Essential Studio for ASP.NET MVC before 
27.1.55 th ...)
+   TODO: check
 CVE-2024-31892 (IBM Storage Scale GUI 5.1.9.0 through 5.1.9.6 and 5.2.0.0 
through 5.2. ...)
NOT-FOR-US: IBM
 CVE-2024-31891 (IBM Storage Scale GUI 5.1.9.0 through 5.1.9.6 and 5.2.0.0 
through 5.2. ...)



View it on GitLab: 
https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/6f4d1753370905d4e4e61a7fed635937afe41598

-- 
View it on GitLab: 
https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/6f4d1753370905d4e4e61a7fed635937afe41598
You're receiving this email because of your account on salsa.debian.org.


___
debian-security-tracker-commits mailing list
debian-security-tracker-commits@alioth-lists.debian.net
https://alioth-lists.debian.net/cgi-bin/mailman/listinfo/debian-security-tracker-commits


[Git][security-tracker-team/security-tracker][master] automatic update

2024-12-14 Thread Salvatore Bonaccorso (@carnil)


Salvatore Bonaccorso pushed to branch master at Debian Security Tracker / 
security-tracker


Commits:
1abe408b by security tracker role at 2024-12-14T20:12:17+00:00
automatic update

- - - - -


1 changed file:

- data/CVE/list


Changes:

=
data/CVE/list
=
@@ -1,3 +1,11 @@
+CVE-2024-31892 (IBM Storage Scale GUI 5.1.9.0 through 5.1.9.6 and 5.2.0.0 
through 5.2. ...)
+   TODO: check
+CVE-2024-31891 (IBM Storage Scale GUI 5.1.9.0 through 5.1.9.6 and 5.2.0.0 
through 5.2. ...)
+   TODO: check
+CVE-2024-11721 (The Frontend Admin by DynamiApps plugin for WordPress is 
vulnerable to ...)
+   TODO: check
+CVE-2024-11720 (The Frontend Admin by DynamiApps plugin for WordPress is 
vulnerable to ...)
+   TODO: check
 CVE-2024-9698 (The Crafthemes Demo Import plugin for WordPress is vulnerable 
to arbit ...)
NOT-FOR-US: WordPress plugin
 CVE-2024-55956 (In Cleo Harmony before 5.8.0.24, VLTrader before 5.8.0.24, and 
LexiCom ...)
@@ -1120,6 +1128,7 @@ CVE-2024-48912 (GLPI is a free asset and IT management 
software package. Startin
- glpi 
NOTE: 
https://github.com/glpi-project/glpi/security/advisories/GHSA-vjmw-j32j-ph4f
 CVE-2024-47835 (GStreamer is a library for constructing graphs of 
media-handling compo ...)
+   {DSA-5831-1}
- gst-plugins-base1.0 1.24.10-1
- gst-plugins-base0.10 
NOTE: https://gstreamer.freedesktop.org/security/sa-2024-0029.html
@@ -1182,6 +1191,7 @@ CVE-2024-47758 (GLPI is a free asset and IT management 
software package. Startin
- glpi 
NOTE: 
https://github.com/glpi-project/glpi/security/advisories/GHSA-3r4x-6pmx-phwr
 CVE-2024-47615 (GStreamer is a library for constructing graphs of 
media-handling compo ...)
+   {DSA-5831-1}
- gst-plugins-base1.0 1.24.10-1
- gst-plugins-base0.10 
NOTE: https://gstreamer.freedesktop.org/security/sa-2024-0026.html
@@ -1197,6 +1207,7 @@ CVE-2024-47613 (GStreamer is a library for constructing 
graphs of media-handling
NOTE: Fixed by: 
https://gitlab.freedesktop.org/gstreamer/gstreamer/-/commit/1d1c9d63be51d85f9b80f0c227d4b3469fee2534
NOTE: Fixed by: 
https://gitlab.freedesktop.org/gstreamer/gstreamer/-/commit/5106dc94fb9b2d8bd0db547e2c325244b7c1f32c
 (1.24.10)
 CVE-2024-47607 (GStreamer is a library for constructing graphs of 
media-handling compo ...)
+   {DSA-5831-1}
- gst-plugins-base1.0 1.24.10-1
- gst-plugins-base0.10 
NOTE: https://gstreamer.freedesktop.org/security/sa-2024-0024.html
@@ -1236,6 +1247,7 @@ CVE-2024-47601 (GStreamer is a library for constructing 
graphs of media-handling
NOTE: Fixed by: 
https://gitlab.freedesktop.org/gstreamer/gstreamer/-/merge_requests/8057
NOTE: Fixed by: 
https://gitlab.freedesktop.org/gstreamer/gstreamer/-/merge_requests/8058 
(1.24.10)
 CVE-2024-47600 (GStreamer is a library for constructing graphs of 
media-handling compo ...)
+   {DSA-5831-1}
- gst-plugins-base1.0 1.24.10-1
- gst-plugins-base0.10 
NOTE: https://gstreamer.freedesktop.org/security/sa-2024-0018.html
@@ -1306,6 +1318,7 @@ CVE-2024-47542 (GStreamer is a library for constructing 
graphs of media-handling
NOTE: Fixed by: 
https://gitlab.freedesktop.org/gstreamer/gstreamer/-/commit/537161868f36048571f400648ac7909f26c73d53
NOTE: Fixed by: 
https://gitlab.freedesktop.org/gstreamer/gstreamer/-/commit/921d8daa00c329932616dd5d197b601a7e271e79
 (1.24.10)
 CVE-2024-47541 (GStreamer is a library for constructing graphs of 
media-handling compo ...)
+   {DSA-5831-1}
- gst-plugins-base1.0 1.24.10-1
- gst-plugins-base0.10 
NOTE: https://gstreamer.freedesktop.org/security/sa-2024-0023.html
@@ -1329,6 +1342,7 @@ CVE-2024-47539 (GStreamer is a library for constructing 
graphs of media-handling
NOTE: Fixed by: 
https://gitlab.freedesktop.org/gstreamer/gstreamer/-/merge_requests/8059
NOTE: Fixed by: 
https://gitlab.freedesktop.org/gstreamer/gstreamer/-/merge_requests/8060 
(1.24.10)
 CVE-2024-47538 (GStreamer is a library for constructing graphs of 
media-handling compo ...)
+   {DSA-5831-1}
- gst-plugins-base1.0 1.24.10-1
- gst-plugins-base0.10 
NOTE: https://gstreamer.freedesktop.org/security/sa-2024-0022.html



View it on GitLab: 
https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/1abe408b7eaf8e858535e9f9dfdd044b2de9740a

-- 
View it on GitLab: 
https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/1abe408b7eaf8e858535e9f9dfdd044b2de9740a
You're receiving this email because of your account on salsa.debian.org.


___
debian-security-tracker-commits mailing list
debian-security-tracker-commits@alioth-lists.debian.net
https://alioth-lists.debian.net/cgi-bin/mailman/listinfo/debian-security-tracker-commits


[Git][security-tracker-team/security-tracker][master] automatic update

2024-12-14 Thread Salvatore Bonaccorso (@carnil)


Salvatore Bonaccorso pushed to branch master at Debian Security Tracker / 
security-tracker


Commits:
8f5b909d by security tracker role at 2024-12-14T08:12:45+00:00
automatic update

- - - - -


1 changed file:

- data/CVE/list


Changes:

=
data/CVE/list
=
@@ -1,3 +1,103 @@
+CVE-2024-9698 (The Crafthemes Demo Import plugin for WordPress is vulnerable 
to arbit ...)
+   TODO: check
+CVE-2024-55956 (In Cleo Harmony before 5.8.0.24, VLTrader before 5.8.0.24, and 
LexiCom ...)
+   TODO: check
+CVE-2024-55946 (Playloom Engine is an open-source, high-performance game 
development e ...)
+   TODO: check
+CVE-2024-12632
+   REJECTED
+CVE-2024-12628 (The bodi0`s Easy cache plugin for WordPress is vulnerable to 
Stored Cr ...)
+   TODO: check
+CVE-2024-12578 (The Tickera \u2013 WordPress Event Ticketing plugin for 
WordPress is v ...)
+   TODO: check
+CVE-2024-12555 (The SIP Calculator plugin for WordPress is vulnerable to 
Cross-Site Re ...)
+   TODO: check
+CVE-2024-12553 (GeoVision GV-ASManager Missing Authorization Information 
Disclosure Vu ...)
+   TODO: check
+CVE-2024-12552 (Wacom Center WTabletServicePro Link Following Local Privilege 
Escalati ...)
+   TODO: check
+CVE-2024-12523 (The States Map US plugin for WordPress is vulnerable to Stored 
Cross-S ...)
+   TODO: check
+CVE-2024-12517 (The WooCommerce Cart Count Shortcode plugin for WordPress is 
vulnerabl ...)
+   TODO: check
+CVE-2024-12502 (The My IDX Home Search plugin for WordPress is vulnerable to 
Stored Cr ...)
+   TODO: check
+CVE-2024-12501 (The Simple Locator plugin for WordPress is vulnerable to 
Stored Cross- ...)
+   TODO: check
+CVE-2024-12474 (The GeoDataSource Country Region DropDown plugin for WordPress 
is vuln ...)
+   TODO: check
+CVE-2024-12459 (The Ganohrs Toggle Shortcode plugin for WordPress is 
vulnerable to Sto ...)
+   TODO: check
+CVE-2024-12458 (The Smart PopUp Blaster plugin for WordPress is vulnerable to 
Stored C ...)
+   TODO: check
+CVE-2024-12448 (The Posts and Products Views for WooCommerce plugin for 
WordPress is v ...)
+   TODO: check
+CVE-2024-12447 (The Get Post Content Shortcode plugin for WordPress is 
vulnerable to I ...)
+   TODO: check
+CVE-2024-12446 (The Post to Pdf plugin for WordPress is vulnerable to Stored 
Cross-Sit ...)
+   TODO: check
+CVE-2024-12422 (The Import Eventbrite Events plugin for WordPress is 
vulnerable to Ref ...)
+   TODO: check
+CVE-2024-12411 (The WP Ad Guru \u2013 Banner ad, Responsive popup, Popup 
maker, Ad rot ...)
+   TODO: check
+CVE-2024-11894 (The The Permalinker plugin for WordPress is vulnerable to 
Stored Cross ...)
+   TODO: check
+CVE-2024-11889 (The My IDX Home Search plugin for WordPress is vulnerable to 
Stored Cr ...)
+   TODO: check
+CVE-2024-11888 (The IDer Login for WordPress plugin for WordPress is 
vulnerable to Sto ...)
+   TODO: check
+CVE-2024-11884 (The Wp photo text slider 50 plugin for WordPress is vulnerable 
to Stor ...)
+   TODO: check
+CVE-2024-11883 (The Connatix Video Embed plugin for WordPress is vulnerable to 
Stored  ...)
+   TODO: check
+CVE-2024-11879 (The Stripe Donation plugin for WordPress is vulnerable to 
Stored Cross ...)
+   TODO: check
+CVE-2024-11877 (The Cricket Live Score plugin for WordPress is vulnerable to 
Stored Cr ...)
+   TODO: check
+CVE-2024-11876 (The Kredeum NFTs, the easiest way to sell your NFTs directly 
on your W ...)
+   TODO: check
+CVE-2024-11873 (The glomex oEmbed plugin for WordPress is vulnerable to Stored 
Cross-S ...)
+   TODO: check
+CVE-2024-11869 (The Buk for WordPress plugin for WordPress is vulnerable to 
Stored Cro ...)
+   TODO: check
+CVE-2024-11867 (The Companion Portfolio \u2013 Responsive Portfolio Plugin 
plugin for  ...)
+   TODO: check
+CVE-2024-11865 (The Tabs Maker plugin for WordPress is vulnerable to Stored 
Cross-Site ...)
+   TODO: check
+CVE-2024-11855 (The Koalendar \u2013 Events & Appointments Booking Calendar 
plugin for ...)
+   TODO: check
+CVE-2024-11770 (The Post Carousel & Slider plugin for WordPress is vulnerable 
to Store ...)
+   TODO: check
+CVE-2024-11763 (The Plezi plugin for WordPress is vulnerable to Stored 
Cross-Site Scri ...)
+   TODO: check
+CVE-2024-11759 (The Bukza plugin for WordPress is vulnerable to Stored 
Cross-Site Scri ...)
+   TODO: check
+CVE-2024-11755 (The IMS Countdown plugin for WordPress is vulnerable to Stored 
Cross-S ...)
+   TODO: check
+CVE-2024-11752 (The Eveeno plugin for WordPress is vulnerable to Stored 
Cross-Site Scr ...)
+   TODO: check
+CVE-2024-11751 (The TCBD Popover plugin for WordPress is vulnerable to Stored 
Cross-Si ...)
+   TODO: check
+CVE-2024-11715 (The WP Job Portal \u2013 A Complete Recruitment System for 
Company or  ...)
+   TODO: check
+CVE-2024-11714 (The WP Job Portal \u2013 A Complete Rec

[Git][security-tracker-team/security-tracker][master] automatic update

2024-12-13 Thread Salvatore Bonaccorso (@carnil)


Salvatore Bonaccorso pushed to branch master at Debian Security Tracker / 
security-tracker


Commits:
2025b298 by security tracker role at 2024-12-13T20:12:19+00:00
automatic update

- - - - -


1 changed file:

- data/CVE/list


Changes:

=
data/CVE/list
=
@@ -1,3 +1,491 @@
+CVE-2024-9945 (An information-disclosure vulnerability exists in Fortra's 
GoAnywhere  ...)
+   TODO: check
+CVE-2024-9608 (The MyParcel plugin for WordPress is vulnerable to Reflected 
Cross-Sit ...)
+   TODO: check
+CVE-2024-9290 (The Super Backup & Clone - Migrate for WordPress plugin for 
WordPress  ...)
+   TODO: check
+CVE-2024-55890 (D-Tale is a visualizer for pandas data structures. Prior to 
version 3. ...)
+   TODO: check
+CVE-2024-55889 (phpMyFAQ is an open source FAQ web application. Prior to 
version 3.2.1 ...)
+   TODO: check
+CVE-2024-55887 (Ucum-java is a FHIR Java library providing UCUM Services. In 
versions  ...)
+   TODO: check
+CVE-2024-55661 (Laravel Pulse is a real-time application performance 
monitoring tool a ...)
+   TODO: check
+CVE-2024-54351 (Cross-Site Request Forgery (CSRF) vulnerability in Tom Landis 
Fancy Ro ...)
+   TODO: check
+CVE-2024-54349 (Improper Neutralization of Input During Web Page Generation 
('Cross-si ...)
+   TODO: check
+CVE-2024-54347 (Improper Neutralization of Input During Web Page Generation 
('Cross-si ...)
+   TODO: check
+CVE-2024-54346 (Improper Neutralization of Input During Web Page Generation 
('Cross-si ...)
+   TODO: check
+CVE-2024-54345 (Improper Neutralization of Input During Web Page Generation 
('Cross-si ...)
+   TODO: check
+CVE-2024-54344 (Improper Neutralization of Input During Web Page Generation 
('Cross-si ...)
+   TODO: check
+CVE-2024-54343 (Improper Neutralization of Input During Web Page Generation 
('Cross-si ...)
+   TODO: check
+CVE-2024-54342 (Improper Neutralization of Input During Web Page Generation 
('Cross-si ...)
+   TODO: check
+CVE-2024-54341 (Improper Neutralization of Input During Web Page Generation 
('Cross-si ...)
+   TODO: check
+CVE-2024-54340 (Improper Neutralization of Input During Web Page Generation 
('Cross-si ...)
+   TODO: check
+CVE-2024-54339 (Improper Neutralization of Input During Web Page Generation 
('Cross-si ...)
+   TODO: check
+CVE-2024-54338 (Improper Neutralization of Input During Web Page Generation 
('Cross-si ...)
+   TODO: check
+CVE-2024-54337 (Cross-Site Request Forgery (CSRF) vulnerability in DevriX DX 
Dark Site ...)
+   TODO: check
+CVE-2024-54336 (Authentication Bypass Using an Alternate Path or Channel 
vulnerability ...)
+   TODO: check
+CVE-2024-54335 (Improper Neutralization of Input During Web Page Generation 
('Cross-si ...)
+   TODO: check
+CVE-2024-54334 (Improper Neutralization of Input During Web Page Generation 
('Cross-si ...)
+   TODO: check
+CVE-2024-54333 (Improper Neutralization of Input During Web Page Generation 
('Cross-si ...)
+   TODO: check
+CVE-2024-54330 (Server-Side Request Forgery (SSRF) vulnerability in Hep Hep 
Hurra (HHH ...)
+   TODO: check
+CVE-2024-54329 (Improper Neutralization of Input During Web Page Generation 
('Cross-si ...)
+   TODO: check
+CVE-2024-54328 (Improper Neutralization of Input During Web Page Generation 
('Cross-si ...)
+   TODO: check
+CVE-2024-54327 (Improper Neutralization of Input During Web Page Generation 
('Cross-si ...)
+   TODO: check
+CVE-2024-54326 (Missing Authorization vulnerability in Eyal Fitoussi GEO my 
WordPress  ...)
+   TODO: check
+CVE-2024-54325 (Improper Neutralization of Input During Web Page Generation 
('Cross-si ...)
+   TODO: check
+CVE-2024-54324 (Improper Neutralization of Input During Web Page Generation 
('Cross-si ...)
+   TODO: check
+CVE-2024-54323 (Missing Authorization vulnerability in WPExpertsio New User 
Approve al ...)
+   TODO: check
+CVE-2024-54322 (Improper Neutralization of Input During Web Page Generation 
('Cross-si ...)
+   TODO: check
+CVE-2024-54321 (Cross-Site Request Forgery (CSRF) vulnerability in Hive 
Support Hive S ...)
+   TODO: check
+CVE-2024-54320 (Improper Neutralization of Input During Web Page Generation 
('Cross-si ...)
+   TODO: check
+CVE-2024-54319 (Improper Neutralization of Input During Web Page Generation 
('Cross-si ...)
+   TODO: check
+CVE-2024-54318 (Improper Neutralization of Input During Web Page Generation 
('Cross-si ...)
+   TODO: check
+CVE-2024-54317 (Improper Neutralization of Input During Web Page Generation 
('Cross-si ...)
+   TODO: check
+CVE-2024-54316 (Improper Neutralization of Input During Web Page Generation 
('Cross-si ...)
+   TODO: check
+CVE-2024-54315 (Improper Neutralization of Input During Web Page Generation 
('Cross-si ...)
+   TODO: check
+CVE-2024-54314 (Improper Neutralization of Input During Web Page Generation 
('Cross-si ..

[Git][security-tracker-team/security-tracker][master] automatic update

2024-12-13 Thread Salvatore Bonaccorso (@carnil)


Salvatore Bonaccorso pushed to branch master at Debian Security Tracker / 
security-tracker


Commits:
20ed4bca by security tracker role at 2024-12-13T08:12:17+00:00
automatic update

- - - - -


1 changed file:

- data/CVE/list


Changes:

=
data/CVE/list
=
@@ -1,3 +1,51 @@
+CVE-2024-9508 (Horner Automation Cscape contains a memory corruption 
vulnerability, w ...)
+   TODO: check
+CVE-2024-55918 (An issue was discovered in the Graphics::ColorNames package 
before 3.2 ...)
+   TODO: check
+CVE-2024-21544 (Versions of the package spatie/browsershot before 5.0.1 are 
vulnerable ...)
+   TODO: check
+CVE-2024-21543 (Versions of the package djoser before 2.3.0 are vulnerable to 
Authenti ...)
+   TODO: check
+CVE-2024-12603 (A logic vulnerability in the the mobile application 
(com.transsion.app ...)
+   TODO: check
+CVE-2024-12581 (The Gutenberg Blocks with AI by Kadence WP \u2013 Page Builder 
Feature ...)
+   TODO: check
+CVE-2024-12579 (The Minify HTML plugin for WordPress is vulnerable to Regular 
Expressi ...)
+   TODO: check
+CVE-2024-12574 (The SVG Shortcode plugin for WordPress is vulnerable to Stored 
Cross-S ...)
+   TODO: check
+CVE-2024-12572 (The Hello In All Languages plugin for WordPress is vulnerable 
to Cross ...)
+   TODO: check
+CVE-2024-12300 (The AR for WordPress plugin for WordPress is vulnerable to 
unauthorize ...)
+   TODO: check
+CVE-2024-12289 (Boundary Community Edition and Boundary Enterprise 
(\u201cBoundary\u20 ...)
+   TODO: check
+CVE-2024-12212 (The vulnerability occurs in the parsing of CSP files. The 
issues resul ...)
+   TODO: check
+CVE-2024-11839 (Deserialization of Untrusted Data vulnerability in PlexTrac 
(Runbooks  ...)
+   TODO: check
+CVE-2024-11838 (External Control of File Name or Path vulnerability in 
PlexTrac allows ...)
+   TODO: check
+CVE-2024-11837 (Improper Neutralization of Special Elements used in an N1QL 
Command (' ...)
+   TODO: check
+CVE-2024-11836 (Server-Side Request Forgery (SSRF) vulnerability in PlexTrac 
allowing  ...)
+   TODO: check
+CVE-2024-11835 (Uncontrolled Resource Consumption vulnerability in PlexTrac 
allows Web ...)
+   TODO: check
+CVE-2024-11834 (Improper Limitation of a Pathname to a Restricted Directory 
('Path Tra ...)
+   TODO: check
+CVE-2024-11833 (Improper Limitation of a Pathname to a Restricted Directory 
('Path Tra ...)
+   TODO: check
+CVE-2024-11809 (The Primer MyData for Woocommerce plugin for WordPress is 
vulnerable t ...)
+   TODO: check
+CVE-2024-11767 (The NewsmanApp plugin for WordPress is vulnerable to Stored 
Cross-Site ...)
+   TODO: check
+CVE-2024-10939 (The Image Widget WordPress plugin before 4.4.11 does not 
sanitise and  ...)
+   TODO: check
+CVE-2024-10678 (The Ultimate Blocks  WordPress plugin before 3.2.4 does not 
validate a ...)
+   TODO: check
+CVE-2019-25221 (The Responsive Filterable Portfolio plugin for WordPress is 
vulnerable ...)
+   TODO: check
 CVE-2024-12455 [powerpc: getrandom() returns EINVAL as retcode instead of 
errno]
- glibc  (Vulnerable code not present)
NOTE: https://sourceware.org/bugzilla/show_bug.cgi?id=32440
@@ -45,7 +93,8 @@ CVE-2024-54122 (Concurrent variable access vulnerability in 
the ability module I
NOT-FOR-US: Huawei
 CVE-2024-54119 (Cross-process screen stack vulnerability in the UIExtension 
module Imp ...)
NOT-FOR-US: Huawei
-CVE-2024-54118 (Cross-process screen stack vulnerability in the UIExtension 
module Imp ...)
+CVE-2024-54118
+   REJECTED
NOT-FOR-US: Huawei
 CVE-2024-54117 (Cross-process screen stack vulnerability in the UIExtension 
module Imp ...)
NOT-FOR-US: Huawei
@@ -100047,7 +100096,8 @@ CVE-2023-6577 (A vulnerability was found in Byzoro 
PatrolFlow 2530Pro up to 2023
NOT-FOR-US: Beijing Baichuo PatrolFlow 2530Pro
 CVE-2023-6576 (A vulnerability was found in Byzoro S210 up to 20231123. It has 
been d ...)
NOT-FOR-US: Beijing Baichuo S210
-CVE-2023-6061 (Multiple components of Iconics SCADA Suite are prone to a 
Phantom DLL  ...)
+CVE-2023-6061
+   REJECTED
NOT-FOR-US: Iconics SCADA Suite
 CVE-2023-5058 (Improper Input Validation in the processing of user-supplied 
splash sc ...)
NOT-FOR-US: Phoenix



View it on GitLab: 
https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/20ed4bcac5c0b5d44968bc0dff774641fd47bd34

-- 
View it on GitLab: 
https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/20ed4bcac5c0b5d44968bc0dff774641fd47bd34
You're receiving this email because of your account on salsa.debian.org.


___
debian-security-tracker-commits mailing list
debian-security-tracker-commits@alioth-lists.debian.net
https://alioth-lists.debian.net/cgi-bin/mailman/listinfo/debian-security-tracker-commits


[Git][security-tracker-team/security-tracker][master] automatic update

2024-12-12 Thread Salvatore Bonaccorso (@carnil)


Salvatore Bonaccorso pushed to branch master at Debian Security Tracker / 
security-tracker


Commits:
d2885226 by security tracker role at 2024-12-12T20:12:26+00:00
automatic update

- - - - -


1 changed file:

- data/CVE/list


Changes:

=
data/CVE/list
=
@@ -1,4 +1,144 @@
-CVE-2024-55633
+CVE-2024-9387 (An issue was discovered in GitLab CE/EE affecting all versions 
from 11 ...)
+   TODO: check
+CVE-2024-9367 (An issue was discovered in GitLab CE/EE affecting all versions 
startin ...)
+   TODO: check
+CVE-2024-8647 (An issue was discovered in GitLab affecting all versions 
starting 15.2 ...)
+   TODO: check
+CVE-2024-8233 (An issue has been discovered in GitLab CE/EE affecting all 
versions fr ...)
+   TODO: check
+CVE-2024-8179 (An issue has been discovered in GitLab CE/EE affecting all 
versions fr ...)
+   TODO: check
+CVE-2024-55888 (Hush Line is an open-source whistleblower management system. 
Starting  ...)
+   TODO: check
+CVE-2024-55886 (OpenSearch Data Prepper is a component of the OpenSearch 
project that  ...)
+   TODO: check
+CVE-2024-55885 (beego is an open-source web framework for the Go programming 
language. ...)
+   TODO: check
+CVE-2024-55879 (XWiki Platform is a generic wiki platform. Starting in version 
2.3 and ...)
+   TODO: check
+CVE-2024-55878 (SimpleXLSX is software for parsing and retrieving data from 
Excel XLSx ...)
+   TODO: check
+CVE-2024-55877 (XWiki Platform is a generic wiki platform. Starting in version 
9.7-rc- ...)
+   TODO: check
+CVE-2024-55876 (XWiki Platform is a generic wiki platform. Starting in version 
1.2-mil ...)
+   TODO: check
+CVE-2024-55875 (http4k is a functional toolkit for Kotlin HTTP applications. 
Prior to  ...)
+   TODO: check
+CVE-2024-55663 (XWiki Platform is a generic wiki platform. Starting in version 
11.10.6 ...)
+   TODO: check
+CVE-2024-55662 (XWiki Platform is a generic wiki platform. Starting in version 
3.3-mil ...)
+   TODO: check
+CVE-2024-55099 (A SQL Injection vulnerability was found in /admin/index.php in 
phpguru ...)
+   TODO: check
+CVE-2024-54842 (A SQL injection vulnerability was found in phpgurukul Online 
Nurse Hir ...)
+   TODO: check
+CVE-2024-54811 (A SQL injection vulnerability in /index.php in PHPGurukul Park 
Ticketi ...)
+   TODO: check
+CVE-2024-54810 (A SQL Injection vulnerability was found in 
/preschool/admin/password-r ...)
+   TODO: check
+CVE-2024-54122 (Concurrent variable access vulnerability in the ability module 
Impact: ...)
+   TODO: check
+CVE-2024-54119 (Cross-process screen stack vulnerability in the UIExtension 
module Imp ...)
+   TODO: check
+CVE-2024-54118 (Cross-process screen stack vulnerability in the UIExtension 
module Imp ...)
+   TODO: check
+CVE-2024-54117 (Cross-process screen stack vulnerability in the UIExtension 
module Imp ...)
+   TODO: check
+CVE-2024-54116 (Out-of-bounds read vulnerability in the M3U8 module Impact: 
Successful ...)
+   TODO: check
+CVE-2024-54115 (Out-of-bounds read vulnerability in the DASH module Impact: 
Successful ...)
+   TODO: check
+CVE-2024-54114 (Out-of-bounds access vulnerability in playback in the DASH 
module Impa ...)
+   TODO: check
+CVE-2024-54113 (Process residence vulnerability in abnormal scenarios in the 
print mod ...)
+   TODO: check
+CVE-2024-54112 (Cross-process screen stack vulnerability in the UIExtension 
module Imp ...)
+   TODO: check
+CVE-2024-54111 (Read/Write vulnerability in the image decoding module Impact: 
Successf ...)
+   TODO: check
+CVE-2024-54110 (Cross-process screen stack vulnerability in the UIExtension 
module Imp ...)
+   TODO: check
+CVE-2024-54109 (Read/Write vulnerability in the image decoding module Impact: 
Successf ...)
+   TODO: check
+CVE-2024-54108 (Read/Write vulnerability in the image decoding module Impact: 
Successf ...)
+   TODO: check
+CVE-2024-54107 (Read/Write vulnerability in the image decoding module Impact: 
Successf ...)
+   TODO: check
+CVE-2024-54106 (Null pointer dereference vulnerability in the image decoding 
module Im ...)
+   TODO: check
+CVE-2024-54105 (Read/Write vulnerability in the image decoding module Impact: 
Successf ...)
+   TODO: check
+CVE-2024-54104 (Cross-process screen stack vulnerability in the UIExtension 
module Imp ...)
+   TODO: check
+CVE-2024-54103 (Vulnerability of improper access control in the album module 
Impact: S ...)
+   TODO: check
+CVE-2024-54102 (Race condition vulnerability in the DDR module Impact: 
Successful expl ...)
+   TODO: check
+CVE-2024-54101 (Denial of service (DoS) vulnerability in the installation 
module Impac ...)
+   TODO: check
+CVE-2024-54100 (Vulnerability of improper access control in the secure input 
module Im ...)
+   TODO: check
+CVE-2024-54099 (File replacement vulnerability on some devices Impact: 
Succ

[Git][security-tracker-team/security-tracker][master] automatic update

2024-12-12 Thread Salvatore Bonaccorso (@carnil)


Salvatore Bonaccorso pushed to branch master at Debian Security Tracker / 
security-tracker


Commits:
334acbfe by security tracker role at 2024-12-12T08:13:43+00:00
automatic update

- - - - -


1 changed file:

- data/CVE/list


Changes:

=
data/CVE/list
=
@@ -1,3 +1,313 @@
+CVE-2024-9881 (The LearnPress  WordPress plugin before 4.2.7.2 does not 
sanitise and  ...)
+   TODO: check
+CVE-2024-9641 (The LuckyWP Table of Contents WordPress plugin before 2.1.7 
does not s ...)
+   TODO: check
+CVE-2024-9428 (The Popup Builder  WordPress plugin before 4.3.5 does not 
sanitise and ...)
+   TODO: check
+CVE-2024-55884 (In the Mullvad VPN client 2024.6 (Desktop), 2024.8 (iOS), and 
2024.8-b ...)
+   TODO: check
+CVE-2024-55660 (SiYuan is a personal knowledge management system. Prior to 
version 3.1 ...)
+   TODO: check
+CVE-2024-55659 (SiYuan is a personal knowledge management system. Prior to 
version 3.1 ...)
+   TODO: check
+CVE-2024-55658 (SiYuan is a personal knowledge management system. Prior to 
version 3.1 ...)
+   TODO: check
+CVE-2024-55657 (SiYuan is a personal knowledge management system. Prior to 
version 3.1 ...)
+   TODO: check
+CVE-2024-55652 (PenDoc is a penetration testing reporting application. Prior 
to commit ...)
+   TODO: check
+CVE-2024-54534 (The issue was addressed with improved memory handling. This 
issue is f ...)
+   TODO: check
+CVE-2024-54531 (The issue was addressed with improved memory handling. This 
issue is f ...)
+   TODO: check
+CVE-2024-54529 (A logic issue was addressed with improved checks. This issue 
is fixed  ...)
+   TODO: check
+CVE-2024-54528 (A logic issue was addressed with improved restrictions. This 
issue is  ...)
+   TODO: check
+CVE-2024-54527 (This issue was addressed with improved checks. This issue is 
fixed in  ...)
+   TODO: check
+CVE-2024-54526 (The issue was addressed with improved checks. This issue is 
fixed in w ...)
+   TODO: check
+CVE-2024-54524 (A logic issue was addressed with improved file handling. This 
issue is ...)
+   TODO: check
+CVE-2024-54515 (A logic issue was addressed with improved restrictions. This 
issue is  ...)
+   TODO: check
+CVE-2024-54514 (The issue was addressed with improved checks. This issue is 
fixed in w ...)
+   TODO: check
+CVE-2024-54513 (A permissions issue was addressed with additional 
restrictions. This i ...)
+   TODO: check
+CVE-2024-54510 (A race condition was addressed with improved locking. This 
issue is fi ...)
+   TODO: check
+CVE-2024-54508 (The issue was addressed with improved memory handling. This 
issue is f ...)
+   TODO: check
+CVE-2024-54506 (An out-of-bounds access issue was addressed with improved 
bounds check ...)
+   TODO: check
+CVE-2024-54505 (A type confusion issue was addressed with improved memory 
handling. Th ...)
+   TODO: check
+CVE-2024-54504 (A privacy issue was addressed with improved private data 
redaction for ...)
+   TODO: check
+CVE-2024-54503 (An inconsistent user interface issue was addressed with 
improved state ...)
+   TODO: check
+CVE-2024-54502 (The issue was addressed with improved checks. This issue is 
fixed in w ...)
+   TODO: check
+CVE-2024-54501 (The issue was addressed with improved checks. This issue is 
fixed in i ...)
+   TODO: check
+CVE-2024-54500 (The issue was addressed with improved checks. This issue is 
fixed in i ...)
+   TODO: check
+CVE-2024-54498 (A path handling issue was addressed with improved validation. 
This iss ...)
+   TODO: check
+CVE-2024-54495 (The issue was addressed with improved permissions logic. This 
issue is ...)
+   TODO: check
+CVE-2024-54494 (A race condition was addressed with additional validation. 
This issue  ...)
+   TODO: check
+CVE-2024-54493 (This issue was addressed through improved state management. 
This issue ...)
+   TODO: check
+CVE-2024-54492 (This issue was addressed by using HTTPS when sending 
information over  ...)
+   TODO: check
+CVE-2024-54491 (The issue was resolved by sanitizing logging This issue is 
fixed in ma ...)
+   TODO: check
+CVE-2024-54490 (This issue was addressed by enabling hardened runtime. This 
issue is f ...)
+   TODO: check
+CVE-2024-54489 (A path handling issue was addressed with improved validation. 
This iss ...)
+   TODO: check
+CVE-2024-54486 (The issue was addressed with improved checks. This issue is 
fixed in i ...)
+   TODO: check
+CVE-2024-54485 (The issue was addressed by adding additional logic. This issue 
is fixe ...)
+   TODO: check
+CVE-2024-54484 (The issue was resolved by sanitizing logging. This issue is 
fixed in m ...)
+   TODO: check
+CVE-2024-54479 (The issue was addressed with improved checks. This issue is 
fixed in i ...)
+   TODO: check
+CVE-2024-54477 (The issue was addressed with improved checks. This issue is 
fixed in m ..

[Git][security-tracker-team/security-tracker][master] automatic update

2024-12-11 Thread Salvatore Bonaccorso (@carnil)


Salvatore Bonaccorso pushed to branch master at Debian Security Tracker / 
security-tracker


Commits:
6b61fa05 by security tracker role at 2024-12-11T20:12:46+00:00
automatic update

- - - - -


1 changed file:

- data/CVE/list


Changes:

=
data/CVE/list
=
@@ -1,7 +1,143 @@
-CVE-2024-12382
+CVE-2024-9845 (Under specific circumstances, insecure permissions in Ivanti 
Automatio ...)
+   TODO: check
+CVE-2024-8496 (Under specific circumstances, insecure permissions in Ivanti 
Workspace ...)
+   TODO: check
+CVE-2024-55587 (python-libarchive through 4.2.1 allows directory traversal (to 
create  ...)
+   TODO: check
+CVE-2024-54269 (Missing Authorization vulnerability in Ninja Team Notibar 
allows Explo ...)
+   TODO: check
+CVE-2024-53677 (File upload logic is flawed vulnerability in Apache Struts.  
This issu ...)
+   TODO: check
+CVE-2024-51460 (IBM InfoSphere Information Server 11.7 could allow an 
authenticated us ...)
+   TODO: check
+CVE-2024-50585 (Users who click on a malicious link or visit a website under 
the contr ...)
+   TODO: check
+CVE-2024-50339 (GLPI is a free asset and IT management software package. 
Starting in v ...)
+   TODO: check
+CVE-2024-48912 (GLPI is a free asset and IT management software package. 
Starting in v ...)
+   TODO: check
+CVE-2024-47835 (GStreamer is a library for constructing graphs of 
media-handling compo ...)
+   TODO: check
+CVE-2024-47834 (GStreamer is a library for constructing graphs of 
media-handling compo ...)
+   TODO: check
+CVE-2024-47778 (GStreamer is a library for constructing graphs of 
media-handling compo ...)
+   TODO: check
+CVE-2024-4 (GStreamer is a library for constructing graphs of 
media-handling compo ...)
+   TODO: check
+CVE-2024-47776 (GStreamer is a library for constructing graphs of 
media-handling compo ...)
+   TODO: check
+CVE-2024-47775 (GStreamer is a library for constructing graphs of 
media-handling compo ...)
+   TODO: check
+CVE-2024-47774 (GStreamer is a library for constructing graphs of 
media-handling compo ...)
+   TODO: check
+CVE-2024-47761 (GLPI is a free asset and IT management software package. 
Starting in v ...)
+   TODO: check
+CVE-2024-47760 (GLPI is a free asset and IT management software package. 
Starting in v ...)
+   TODO: check
+CVE-2024-47758 (GLPI is a free asset and IT management software package. 
Starting in v ...)
+   TODO: check
+CVE-2024-47615 (GStreamer is a library for constructing graphs of 
media-handling compo ...)
+   TODO: check
+CVE-2024-47613 (GStreamer is a library for constructing graphs of 
media-handling compo ...)
+   TODO: check
+CVE-2024-47607 (GStreamer is a library for constructing graphs of 
media-handling compo ...)
+   TODO: check
+CVE-2024-47606 (GStreamer is a library for constructing graphs of 
media-handling compo ...)
+   TODO: check
+CVE-2024-47603 (GStreamer is a library for constructing graphs of 
media-handling compo ...)
+   TODO: check
+CVE-2024-47602 (GStreamer is a library for constructing graphs of 
media-handling compo ...)
+   TODO: check
+CVE-2024-47601 (GStreamer is a library for constructing graphs of 
media-handling compo ...)
+   TODO: check
+CVE-2024-47600 (GStreamer is a library for constructing graphs of 
media-handling compo ...)
+   TODO: check
+CVE-2024-47599 (GStreamer is a library for constructing graphs of 
media-handling compo ...)
+   TODO: check
+CVE-2024-47598 (GStreamer is a library for constructing graphs of 
media-handling compo ...)
+   TODO: check
+CVE-2024-47597 (GStreamer is a library for constructing graphs of 
media-handling compo ...)
+   TODO: check
+CVE-2024-47596 (GStreamer is a library for constructing graphs of 
media-handling compo ...)
+   TODO: check
+CVE-2024-47546 (GStreamer is a library for constructing graphs of 
media-handling compo ...)
+   TODO: check
+CVE-2024-47545 (GStreamer is a library for constructing graphs of 
media-handling compo ...)
+   TODO: check
+CVE-2024-47544 (GStreamer is a library for constructing graphs of 
media-handling compo ...)
+   TODO: check
+CVE-2024-47543 (GStreamer is a library for constructing graphs of 
media-handling compo ...)
+   TODO: check
+CVE-2024-47542 (GStreamer is a library for constructing graphs of 
media-handling compo ...)
+   TODO: check
+CVE-2024-47541 (GStreamer is a library for constructing graphs of 
media-handling compo ...)
+   TODO: check
+CVE-2024-47540 (GStreamer is a library for constructing graphs of 
media-handling compo ...)
+   TODO: check
+CVE-2024-47539 (GStreamer is a library for constructing graphs of 
media-handling compo ...)
+   TODO: check
+CVE-2024-47538 (GStreamer is a library for constructing graphs of 
media-handling compo ...)
+   TODO: check
+CVE-2024-47537 (GStreamer is a library for constructing graphs of 
media-

[Git][security-tracker-team/security-tracker][master] automatic update

2024-12-11 Thread Salvatore Bonaccorso (@carnil)


Salvatore Bonaccorso pushed to branch master at Debian Security Tracker / 
security-tracker


Commits:
af3abbf7 by security tracker role at 2024-12-11T08:12:39+00:00
automatic update

- - - - -


1 changed file:

- data/CVE/list


Changes:

=
data/CVE/list
=
@@ -1,4 +1,328 @@
-CVE-2024-11053
+CVE-2024-55655 (sigstore-python is a Python tool for generating and verifying 
Sigstore ...)
+   TODO: check
+CVE-2024-55653 (PwnDoc is a penetration test report generator. In versions up 
to and i ...)
+   TODO: check
+CVE-2024-54133 (Action Pack is a framework for handling and responding to web 
requests ...)
+   TODO: check
+CVE-2024-54051 (Adobe Connect versions 12.6, 11.4.7 and earlier are affected 
by a URL  ...)
+   TODO: check
+CVE-2024-54050 (Adobe Connect versions 12.6, 11.4.7 and earlier are affected 
by a URL  ...)
+   TODO: check
+CVE-2024-54049 (Adobe Connect versions 12.6, 11.4.7 and earlier are affected 
by a refl ...)
+   TODO: check
+CVE-2024-54048 (Adobe Connect versions 12.6, 11.4.7 and earlier are affected 
by a refl ...)
+   TODO: check
+CVE-2024-54047 (Adobe Connect versions 12.6, 11.4.7 and earlier are affected 
by a refl ...)
+   TODO: check
+CVE-2024-54046 (Adobe Connect versions 12.6, 11.4.7 and earlier are affected 
by a refl ...)
+   TODO: check
+CVE-2024-54045 (Adobe Connect versions 12.6, 11.4.7 and earlier are affected 
by a refl ...)
+   TODO: check
+CVE-2024-54044 (Adobe Connect versions 12.6, 11.4.7 and earlier are affected 
by a refl ...)
+   TODO: check
+CVE-2024-54043 (Adobe Connect versions 12.6, 11.4.7 and earlier are affected 
by a refl ...)
+   TODO: check
+CVE-2024-54042 (Adobe Connect versions 12.6, 11.4.7 and earlier are affected 
by a refl ...)
+   TODO: check
+CVE-2024-54041 (Adobe Connect versions 12.6, 11.4.7 and earlier are affected 
by a stor ...)
+   TODO: check
+CVE-2024-54040 (Adobe Connect versions 12.6, 11.4.7 and earlier are affected 
by a stor ...)
+   TODO: check
+CVE-2024-54039 (Adobe Connect versions 12.6, 11.4.7 and earlier are affected 
by a stor ...)
+   TODO: check
+CVE-2024-54038 (Adobe Connect versions 12.6, 11.4.7 and earlier are affected 
by an Imp ...)
+   TODO: check
+CVE-2024-54037 (Adobe Connect versions 12.6, 11.4.7 and earlier are affected 
by a DOM- ...)
+   TODO: check
+CVE-2024-54036 (Adobe Connect versions 12.6, 11.4.7 and earlier are affected 
by a stor ...)
+   TODO: check
+CVE-2024-54034 (Adobe Connect versions 12.6, 11.4.7 and earlier are affected 
by a refl ...)
+   TODO: check
+CVE-2024-54032 (Adobe Connect versions 12.6, 11.4.7 and earlier are affected 
by a stor ...)
+   TODO: check
+CVE-2024-53960 (Adobe Experience Manager versions 6.5.21 and earlier are 
affected by a ...)
+   TODO: check
+CVE-2024-53959 (Adobe Framemaker versions 2020.7, 2022.5 and earlier are 
affected by a ...)
+   TODO: check
+CVE-2024-53958 (Substance3D - Painter versions 10.1.1 and earlier are affected 
by an o ...)
+   TODO: check
+CVE-2024-53957 (Substance3D - Painter versions 10.1.1 and earlier are affected 
by a He ...)
+   TODO: check
+CVE-2024-53956 (Premiere Pro versions 25.0, 24.6.3 and earlier are affected by 
a Heap- ...)
+   TODO: check
+CVE-2024-53955 (Bridge versions 14.1.3, 15.0 and earlier are affected by an 
Integer Un ...)
+   TODO: check
+CVE-2024-53954 (Animate versions 23.0.8, 24.0.5 and earlier are affected by an 
Integer ...)
+   TODO: check
+CVE-2024-53953 (Animate versions 23.0.8, 24.0.5 and earlier are affected by a 
Use Afte ...)
+   TODO: check
+CVE-2024-53952 (InDesign Desktop versions ID19.5, ID18.5.4 and earlier are 
affected by ...)
+   TODO: check
+CVE-2024-53951 (InDesign Desktop versions ID19.5, ID18.5.4 and earlier are 
affected by ...)
+   TODO: check
+CVE-2024-53292 (Dell VxVerify, versions prior to x.40.405, contain a 
Plain-text Passwo ...)
+   TODO: check
+CVE-2024-53290 (Dell ThinOS version 2408 contains an Improper Neutralization 
of Specia ...)
+   TODO: check
+CVE-2024-53289 (Dell ThinOS version 2408 contains a Time-of-check Time-of-use 
(TOCTOU) ...)
+   TODO: check
+CVE-2024-53006 (Substance3D - Modeler versions 1.14.1 and earlier are affected 
by a NU ...)
+   TODO: check
+CVE-2024-53005 (Substance3D - Modeler versions 1.14.1 and earlier are affected 
by an o ...)
+   TODO: check
+CVE-2024-53004 (Substance3D - Modeler versions 1.14.1 and earlier are affected 
by an o ...)
+   TODO: check
+CVE-2024-53003 (Substance3D - Modeler versions 1.14.1 and earlier are affected 
by an o ...)
+   TODO: check
+CVE-2024-53002 (Substance3D - Modeler versions 1.14.1 and earlier are affected 
by an o ...)
+   TODO: check
+CVE-2024-53001 (Substance3D - Modeler versions 1.14.1 and earlier are affected 
by an o ...)
+   TODO: check
+CVE-2024-53000 (Substance3D - Modeler versions 1.14.1 and earlier are a

[Git][security-tracker-team/security-tracker][master] automatic update

2024-12-10 Thread Salvatore Bonaccorso (@carnil)


Salvatore Bonaccorso pushed to branch master at Debian Security Tracker / 
security-tracker


Commits:
231f9679 by security tracker role at 2024-12-10T20:12:46+00:00
automatic update

- - - - -


1 changed file:

- data/CVE/list


Changes:

=
data/CVE/list
=
@@ -1,3 +1,315 @@
+CVE-2024-9844 (Insufficient server-side controls in Secure Application Manager 
of Iva ...)
+   TODO: check
+CVE-2024-8540 (Insecure permissions in Ivanti Sentry before versions 9.20.2 
and 10.0. ...)
+   TODO: check
+CVE-2024-8256 (In Teltonika Networks RUTOS devices, running on versions 7.0 to 
7.8 (e ...)
+   TODO: check
+CVE-2024-7572 (Insufficient permissions in Ivanti DSM before version 
2024.3.5740 allo ...)
+   TODO: check
+CVE-2024-5660 (Use of Hardware Page Aggregation (HPA) and Stage-1 and/or 
Stage-2 tran ...)
+   TODO: check
+CVE-2024-55602 (PwnDoc is a penetration test report generator. Prior to commit 
1d4219c ...)
+   TODO: check
+CVE-2024-55586 (Nette Database through 3.2.4 allows SQL injection in certain 
situation ...)
+   TODO: check
+CVE-2024-0 (Mitel MiCollab through 9.8 SP2 could allow an authenticated 
attacker w ...)
+   TODO: check
+CVE-2024-55548 (Improper check of password character lenght in ORing IAP-420 
allows a  ...)
+   TODO: check
+CVE-2024-55547 (SNMP objects in NET-SNMP used in ORing IAP-420 allows Command 
Injectio ...)
+   TODO: check
+CVE-2024-55546 (Missing input validation in the ORing IAP-420 web-interface 
allows sto ...)
+   TODO: check
+CVE-2024-55545 (Missing input validation in the ORing IAP-420 web-interface 
allows Cro ...)
+   TODO: check
+CVE-2024-55544 (Missing input validation in the ORing IAP-420 web-interface 
allows sto ...)
+   TODO: check
+CVE-2024-55500 (Cross-Site Request Forgery (CSRF) in Avenwu Whistle v.2.9.90 
and befor ...)
+   TODO: check
+CVE-2024-54751 (COMFAST CF-WR630AX v2.7.0.2 was discovered to contain a 
hardcoded pass ...)
+   TODO: check
+CVE-2024-54152 (Angular Expressions provides expressions for the Angular.JS 
web framew ...)
+   TODO: check
+CVE-2024-54095 (A vulnerability has been identified in Solid Edge SE2024 (All 
versions ...)
+   TODO: check
+CVE-2024-54094 (A vulnerability has been identified in Solid Edge SE2024 (All 
versions ...)
+   TODO: check
+CVE-2024-54093 (A vulnerability has been identified in Solid Edge SE2024 (All 
versions ...)
+   TODO: check
+CVE-2024-54091 (A vulnerability has been identified in Parasolid V36.1 (All 
versions < ...)
+   TODO: check
+CVE-2024-54008 (An authenticated Remote Code Execution (RCE) vulnerability 
exists in t ...)
+   TODO: check
+CVE-2024-54005 (A vulnerability has been identified in COMOS V10.3 (All 
versions < V10 ...)
+   TODO: check
+CVE-2024-53866 (The package manager pnpm prior to version 9.15.0 seems to 
mishandle ov ...)
+   TODO: check
+CVE-2024-53832 (A vulnerability has been identified in CPCI85 Central 
Processing/Commu ...)
+   TODO: check
+CVE-2024-53481 (A Cross Site Scripting (XSS) vulnerability in the profile.php 
of PHPGu ...)
+   TODO: check
+CVE-2024-53480 (Phpgurukul's Beauty Parlour Management System v1.1 is 
vulnerable to SQ ...)
+   TODO: check
+CVE-2024-53247 (In Splunk Enterprise versions below 9.3.2, 9.2.4, and 9.1.7, 
and versi ...)
+   TODO: check
+CVE-2024-53246 (In Splunk Enterprise versions below 9.3.2, 9.2.4, and 9.1.7 
and Splunk ...)
+   TODO: check
+CVE-2024-53245 (In Splunk Enterprise versions below 9.3.0, 9.2.4, and 9.1.7 
and Splunk ...)
+   TODO: check
+CVE-2024-53244 (In Splunk Enterprise versions below 9.3.2, 9.2.4, and 9.1.7 
and Splunk ...)
+   TODO: check
+CVE-2024-53243 (In Splunk Enterprise versions below 9.3.2, 9.2.4, and 9.1.7 
and versio ...)
+   TODO: check
+CVE-2024-53242 (A vulnerability has been identified in Teamcenter 
Visualization V14.2  ...)
+   TODO: check
+CVE-2024-53041 (A vulnerability has been identified in Teamcenter 
Visualization V14.2  ...)
+   TODO: check
+CVE-2024-52538 (Dell Avamar, version(s) 19.9, contain(s) an Improper 
Neutralization of ...)
+   TODO: check
+CVE-2024-52051 (A vulnerability has been identified in SIMATIC S7-PLCSIM V17 
(All vers ...)
+   TODO: check
+CVE-2024-51165 (SQL injection vulnerability in JEPAAS7.2.8, via 
/je/rbac/rbac/loadLogi ...)
+   TODO: check
+CVE-2024-50931 (Silicon Labs Z-Wave Series 500 v6.84.0 was discovered to 
contain insec ...)
+   TODO: check
+CVE-2024-50930 (An issue in Silicon Labs Z-Wave Series 500 v6.84.0 allows 
attackers to ...)
+   TODO: check
+CVE-2024-50929 (Insecure permissions in Silicon Labs (SiLabs) Z-Wave Series 
700 and 80 ...)
+   TODO: check
+CVE-2024-50928 (Insecure permissions in Silicon Labs (SiLabs) Z-Wave Series 
700 and 80 ...)
+   TODO: check
+CVE-2024-50924 (Insecure permissions in Silicon Labs (SiLabs) Z-Wave Series 
700 and 80 ...)

[Git][security-tracker-team/security-tracker][master] automatic update

2024-12-10 Thread Salvatore Bonaccorso (@carnil)


Salvatore Bonaccorso pushed to branch master at Debian Security Tracker / 
security-tracker


Commits:
ad12ba9d by security tracker role at 2024-12-10T08:12:03+00:00
automatic update

- - - - -


1 changed file:

- data/CVE/list


Changes:

=
data/CVE/list
=
@@ -1,4 +1,80 @@
-CVE-2024-12369
+CVE-2024-9672 (A reflected cross-site scripting (XSS) vulnerability exists in 
PaperCu ...)
+   TODO: check
+CVE-2024-55638 (Deserialization of Untrusted Data vulnerability in Drupal Core 
allows  ...)
+   TODO: check
+CVE-2024-55637 (Deserialization of Untrusted Data vulnerability in Drupal Core 
allows  ...)
+   TODO: check
+CVE-2024-55636 (Deserialization of Untrusted Data vulnerability in Drupal Core 
allows  ...)
+   TODO: check
+CVE-2024-55635 (Improper Neutralization of Input During Web Page Generation 
(XSS or 'C ...)
+   TODO: check
+CVE-2024-55634 (A vulnerability in Drupal Core allows Privilege 
Escalation.This issue  ...)
+   TODO: check
+CVE-2024-55601 (Hugo is a static site generator. Starting in version 0.123.0 
and prior ...)
+   TODO: check
+CVE-2024-54198 (In certain conditions, SAP NetWeaver Application Server ABAP 
allows an ...)
+   TODO: check
+CVE-2024-54197 (SAP NetWeaver Administrator(System Overview) allows an 
authenticated a ...)
+   TODO: check
+CVE-2024-54151 (Directus is a real-time API and App dashboard for managing SQL 
databas ...)
+   TODO: check
+CVE-2024-54149 (Winter is a free, open-source content management system (CMS) 
based on ...)
+   TODO: check
+CVE-2024-53919 (An injection vulnerability in Barco ClickShare CX-30/20, 
C-5/10, and C ...)
+   TODO: check
+CVE-2024-53552 (CrushFTP 10 before 10.8.3 and 11 before 11.2.3 mishandles 
password res ...)
+   TODO: check
+CVE-2024-50628 (An issue was discovered in the web services of Digi 
ConnectPort LTS be ...)
+   TODO: check
+CVE-2024-50627 (An issue was discovered in Digi ConnectPort LTS before 1.4.12. 
A Privi ...)
+   TODO: check
+CVE-2024-50626 (An issue was discovered in Digi ConnectPort LTS before 1.4.12. 
A Direc ...)
+   TODO: check
+CVE-2024-50625 (An issue was discovered in Digi ConnectPort LTS before 1.4.12. 
A vulne ...)
+   TODO: check
+CVE-2024-47946 (If the attacker has access to a valid Poweruser session, 
remote code e ...)
+   TODO: check
+CVE-2024-47585 (SAP NetWeaver Application Server for ABAP and ABAP Platform 
allows an  ...)
+   TODO: check
+CVE-2024-47582 (Due to missing validation of XML input, an unauthenticated 
attacker co ...)
+   TODO: check
+CVE-2024-47581 (SAP HCM Approve Timesheets Version 4 application does not 
perform nece ...)
+   TODO: check
+CVE-2024-47580 (An attacker authenticated as an administrator can use an 
exposed webse ...)
+   TODO: check
+CVE-2024-47579 (An attacker authenticated as an administrator can use an 
exposed webse ...)
+   TODO: check
+CVE-2024-47578 (Adobe Document Service allows an attacker with administrator 
privilege ...)
+   TODO: check
+CVE-2024-47577 (Webservice API endpoints for Assisted Service Module within 
SAP Commer ...)
+   TODO: check
+CVE-2024-47576 (SAP Product Lifecycle Costing Client (versions below 4.7.1) 
applicatio ...)
+   TODO: check
+CVE-2024-46455 (unstructured v.0.14.2 and before is vulnerable to XML External 
Entity  ...)
+   TODO: check
+CVE-2024-37144 (Dell PowerFlex appliance versions prior to IC 46.381.00 and IC 
46.376. ...)
+   TODO: check
+CVE-2024-37143 (Dell PowerFlex appliance versions prior to IC 46.381.00 and IC 
46.376. ...)
+   TODO: check
+CVE-2024-32732 (Under certain conditions SAP BusinessObjects Business 
Intelligence pla ...)
+   TODO: check
+CVE-2024-28138 (An unauthenticated attacker with network access to the 
affected device ...)
+   TODO: check
+CVE-2024-21542 (Versions of the package luigi before 3.6.0 are vulnerable to 
Arbitrary ...)
+   TODO: check
+CVE-2024-12393 (Improper Neutralization of Input During Web Page Generation 
(XSS or 'C ...)
+   TODO: check
+CVE-2024-12174 (An Improper Certificate Validation vulnerability exists in 
Tenable Sec ...)
+   TODO: check
+CVE-2024-11205 (The WPForms plugin for WordPress is vulnerable to unauthorized 
modific ...)
+   TODO: check
+CVE-2024-11107 (The System Dashboard WordPress plugin before 2.8.15 does not 
sanitise  ...)
+   TODO: check
+CVE-2024-10708 (The System Dashboard WordPress plugin before 2.8.15 does not 
validate  ...)
+   TODO: check
+CVE-2023-6947 (The Best WordPress Gallery Plugin \u2013 FooGallery plugin for 
WordPre ...)
+   TODO: check
+CVE-2024-12369 (A vulnerability was found in OIDC-Client. When using the RH 
SSO OIDC a ...)
NOT-FOR-US: elytron-oidc-client
 CVE-2024-8259 (Improper Neutralization of Special Elements used in an SQL 
Command ('S ...)
NOT-FOR-US: Eryaz Information Technologies NatraCar B2B Dealer 
Mana

[Git][security-tracker-team/security-tracker][master] automatic update

2024-12-09 Thread Salvatore Bonaccorso (@carnil)


Salvatore Bonaccorso pushed to branch master at Debian Security Tracker / 
security-tracker


Commits:
c8803cf5 by security tracker role at 2024-12-09T20:13:03+00:00
automatic update

- - - - -


1 changed file:

- data/CVE/list


Changes:

=
data/CVE/list
=
@@ -1,3 +1,345 @@
+CVE-2024-8259 (Improper Neutralization of Special Elements used in an SQL 
Command ('S ...)
+   TODO: check
+CVE-2024-54938 (A Directory Listing issue was found in Kashipara E-Learning 
Management ...)
+   TODO: check
+CVE-2024-54937 (A Directory Listing issue was found in Kashipara E-Learning 
Management ...)
+   TODO: check
+CVE-2024-54936 (A Stored Cross-Site Scripting (XSS) vulnerability was found in 
/send_m ...)
+   TODO: check
+CVE-2024-54935 (A Stored Cross-Site Scripting (XSS) vulnerability was found in 
/send_m ...)
+   TODO: check
+CVE-2024-54934 (Kashipara E-learning Management System v1.0 is vulnerable to 
SQL Injec ...)
+   TODO: check
+CVE-2024-54933 (Kashipara E-learning Management System v1.0 is vulnerable to 
SQL Injec ...)
+   TODO: check
+CVE-2024-54932 (Kashipara E-learning Management System v1.0 is vulnerable to 
SQL Injec ...)
+   TODO: check
+CVE-2024-54931 (A SQL Injection was found in /admin/delete_event.php in 
kashipara E-le ...)
+   TODO: check
+CVE-2024-54930 (Kashipara E-learning Management System v1.0 is vulnerable to 
SQL Injec ...)
+   TODO: check
+CVE-2024-54929 (KASHIPARA E-learning Management System v1.0 is vulnerable to 
SQL Injec ...)
+   TODO: check
+CVE-2024-54928 (kashipara E-learning Management System v1.0 is vulnerable to 
SQL Injec ...)
+   TODO: check
+CVE-2024-54927 (Kashipara E-learning Management System v1.0 is vulnerable to 
SQL Injec ...)
+   TODO: check
+CVE-2024-54926 (A SQL Injection vulnerability was found in /search_class.php 
of kaship ...)
+   TODO: check
+CVE-2024-54925 (A SQL Injection was found in /remove_sent_message.php in 
kashipara E-l ...)
+   TODO: check
+CVE-2024-54924 (A SQL Injection was found in /admin/edit_content.php in 
kashipara E-le ...)
+   TODO: check
+CVE-2024-54923 (A SQL Injection vulnerability was found in 
/admin/edit_teacher.php in  ...)
+   TODO: check
+CVE-2024-54922 (A SQL Injection was found in /admin/edit_user.php of kashipara 
E-learn ...)
+   TODO: check
+CVE-2024-54921 (A SQL Injection was found in /student_signup.php in kashipara 
E-learni ...)
+   TODO: check
+CVE-2024-54920 (A SQL Injection vulnerability was found in /teacher_signup.php 
of kash ...)
+   TODO: check
+CVE-2024-54919 (A Stored Cross Site Scripting (XSS ) was found in 
/teacher_avatar.php  ...)
+   TODO: check
+CVE-2024-54918 (Kashipara E-learning Management System v1.0 is vulnerable to 
Remote Co ...)
+   TODO: check
+CVE-2024-54260 (Improper Neutralization of Input During Web Page Generation 
('Cross-si ...)
+   TODO: check
+CVE-2024-54255 (URL Redirection to Untrusted Site ('Open Redirect') 
vulnerability in a ...)
+   TODO: check
+CVE-2024-54254 (Missing Authorization vulnerability in Kofi Mokome Message 
Filter for  ...)
+   TODO: check
+CVE-2024-54253 (Improper Neutralization of Input During Web Page Generation 
('Cross-si ...)
+   TODO: check
+CVE-2024-54251 (Missing Authorization vulnerability in Prodigy Commerce 
Prodigy Commer ...)
+   TODO: check
+CVE-2024-54247 (Improper Neutralization of Input During Web Page Generation 
('Cross-si ...)
+   TODO: check
+CVE-2024-54232 (Improper Neutralization of Input During Web Page Generation 
('Cross-si ...)
+   TODO: check
+CVE-2024-54230 (Improper Neutralization of Input During Web Page Generation 
('Cross-si ...)
+   TODO: check
+CVE-2024-54228 (Improper Neutralization of Input During Web Page Generation 
('Cross-si ...)
+   TODO: check
+CVE-2024-54227 (Missing Authorization vulnerability in theDotstore Minimum and 
Maximum ...)
+   TODO: check
+CVE-2024-54226 (Cross-Site Request Forgery (CSRF) vulnerability in Karl 
Kiesinger Coun ...)
+   TODO: check
+CVE-2024-54225 (Improper Control of Filename for Include/Require Statement in 
PHP Prog ...)
+   TODO: check
+CVE-2024-54224 (Improper Neutralization of Input During Web Page Generation 
('Cross-si ...)
+   TODO: check
+CVE-2024-54223 (Improper Neutralization of Script-Related HTML Tags in a Web 
Page (Bas ...)
+   TODO: check
+CVE-2024-54220 (Improper Neutralization of Input During Web Page Generation 
('Cross-si ...)
+   TODO: check
+CVE-2024-54219 (Improper Neutralization of Input During Web Page Generation 
('Cross-si ...)
+   TODO: check
+CVE-2024-54218 (Missing Authorization vulnerability in Thehp AIO Contact.This 
issue af ...)
+   TODO: check
+CVE-2024-54217 (Missing Authorization vulnerability in Repute info systems 
ARForms.Thi ...)
+   TODO: check
+CVE-2024-54215 (Improper Neutralization of Special Elements used in an SQL 
Command ('S 

[Git][security-tracker-team/security-tracker][master] automatic update

2024-12-09 Thread Salvatore Bonaccorso (@carnil)


Salvatore Bonaccorso pushed to branch master at Debian Security Tracker / 
security-tracker


Commits:
52ea3b0c by security tracker role at 2024-12-09T08:12:15+00:00
automatic update

- - - - -


1 changed file:

- data/CVE/list


Changes:

=
data/CVE/list
=
@@ -1,3 +1,67 @@
+CVE-2024-9651 (The Fluent Forms  WordPress plugin before 5.2.1 does not 
sanitise and  ...)
+   TODO: check
+CVE-2024-55582 (Oxide before 6 has unencrypted Control Plane datastores.)
+   TODO: check
+CVE-2024-55580 (An issue was discovered in Qlik Sense Enterprise for Windows 
before No ...)
+   TODO: check
+CVE-2024-55579 (An issue was discovered in Qlik Sense Enterprise for Windows 
before No ...)
+   TODO: check
+CVE-2024-55578 (Zammad before 6.4.1 places sensitive data (such as 
auth_microsoft_offi ...)
+   TODO: check
+CVE-2024-55566 (ColPack 1.0.10 through 9a7293a has a predictable temporary 
file (locat ...)
+   TODO: check
+CVE-2024-55565 (nanoid (aka Nano ID) before 5.0.9 mishandles non-integer 
values. 3.3.8 ...)
+   TODO: check
+CVE-2024-55564 (The POSIX::2008 package before 0.24 for Perl has a potential 
_execve50 ...)
+   TODO: check
+CVE-2024-55563 (Bitcoin Core through 27.2 allows transaction-relay jamming via 
an off- ...)
+   TODO: check
+CVE-2024-55560 (MailCleaner before 28d913e has default values of 
ssh_host_dsa_key, ssh ...)
+   TODO: check
+CVE-2024-53285 (Improper neutralization of input during web page generation 
('Cross-si ...)
+   TODO: check
+CVE-2024-53284 (Improper neutralization of input during web page generation 
('Cross-si ...)
+   TODO: check
+CVE-2024-53283 (Improper neutralization of input during web page generation 
('Cross-si ...)
+   TODO: check
+CVE-2024-53282 (Improper neutralization of input during web page generation 
('Cross-si ...)
+   TODO: check
+CVE-2024-53281 (Improper neutralization of input during web page generation 
('Cross-si ...)
+   TODO: check
+CVE-2024-53280 (Improper neutralization of input during web page generation 
('Cross-si ...)
+   TODO: check
+CVE-2024-53279 (Improper neutralization of input during web page generation 
('Cross-si ...)
+   TODO: check
+CVE-2024-12360 (A vulnerability was found in code-projects Online Class and 
Exam Sched ...)
+   TODO: check
+CVE-2024-12359 (A vulnerability was found in code-projects Admin Dashboard 
1.0. It has ...)
+   TODO: check
+CVE-2024-12358 (A vulnerability was found in WeiYe-Jing datax-web 2.1.1. It 
has been c ...)
+   TODO: check
+CVE-2024-12357 (A vulnerability was found in SourceCodester Best House Rental 
Manageme ...)
+   TODO: check
+CVE-2024-12355 (A vulnerability has been found in SourceCodester Phone Contact 
Manager ...)
+   TODO: check
+CVE-2024-12354 (A vulnerability, which was classified as critical, was found 
in Source ...)
+   TODO: check
+CVE-2024-12353 (A vulnerability, which was classified as problematic, has been 
found i ...)
+   TODO: check
+CVE-2024-12352 (A vulnerability classified as problematic was found in 
TOTOLINK EX1800 ...)
+   TODO: check
+CVE-2024-12351 (A vulnerability classified as critical has been found in 
JFinalCMS 1.0 ...)
+   TODO: check
+CVE-2024-12350 (A vulnerability was found in JFinalCMS 1.0. It has been rated 
as criti ...)
+   TODO: check
+CVE-2024-12349 (A vulnerability was found in JFinalCMS 1.0. It has been 
declared as pr ...)
+   TODO: check
+CVE-2024-12348 (A vulnerability was found in Guizhou Xiaoma Technology jpress 
5.1.2. I ...)
+   TODO: check
+CVE-2024-12347 (A vulnerability was found in Guangzhou Huayi Intelligent 
Technology Je ...)
+   TODO: check
+CVE-2024-12346 (A vulnerability has been found in Talentera up to 20241128 and 
classif ...)
+   TODO: check
+CVE-2024-12344 (A vulnerability, which was classified as critical, was found 
in TP-Lin ...)
+   TODO: check
 CVE-2024-12343 (A vulnerability classified as critical has been found in 
TP-Link VN020 ...)
NOT-FOR-US: TP-Link
 CVE-2024-53473 (WeGIA 3.2.0 before 3998672 does not verify permission to 
change a pass ...)
@@ -59023,6 +59087,7 @@ CVE-2024-34069 (Werkzeug is a comprehensive WSGI web 
application library. The de
NOTE: Fixed by: 
https://github.com/pallets/werkzeug/commit/71b69dfb7df3d912e66bab87fbb1f21f83504967
 (3.0.3)
NOTE: Fixed by: 
https://github.com/pallets/werkzeug/commit/890b6b62634fa61224222aee31081c61b054ff01
 (3.0.3)
 CVE-2024-34064 (Jinja is an extensible templating engine. The `xmlattr` filter 
in affe ...)
+   {DLA-3988-1}
- jinja2  (bug #1070712)
[bookworm] - jinja2  (Minor issue)
[buster] - jinja2  (Minor issue)
@@ -91381,7 +91446,7 @@ CVE-2023-4246 (The GiveWP plugin for WordPress is 
vulnerable to Cross-Site Reque
 CVE-2022-4958 (A vulnerability classified as problematic has been found in 
qkmc-rk re ...)
NOT-FOR-US: qkmc-rk redb

[Git][security-tracker-team/security-tracker][master] automatic update

2024-12-08 Thread Salvatore Bonaccorso (@carnil)


Salvatore Bonaccorso pushed to branch master at Debian Security Tracker / 
security-tracker


Commits:
3147975a by security tracker role at 2024-12-08T20:12:45+00:00
automatic update

- - - - -


1 changed file:

- data/CVE/list


Changes:

=
data/CVE/list
=
@@ -1,3 +1,5 @@
+CVE-2024-12343 (A vulnerability classified as critical has been found in 
TP-Link VN020 ...)
+   TODO: check
 CVE-2024-53473 (WeGIA 3.2.0 before 3998672 does not verify permission to 
change a pass ...)
TODO: check
 CVE-2024-12342 (A vulnerability was found in TP-Link VN020 F3v(T) 
TT_V6.2.1021. It has ...)
@@ -4185,26 +4187,26 @@ CVE-2024-11477 (7-Zip Zstandard Decompression Integer 
Underflow Remote Code Exec
- p7zip  (Vulnerable code not present)
NOTE: https://www.zerodayinitiative.com/advisories/ZDI-24-1532/
 CVE-2024-11233 (In PHP versions 8.1.* before 8.1.31, 8.2.* before 8.2.26, 
8.3.* before ...)
-   {DSA-5819-1}
+   {DSA-5819-1 DLA-3986-1}
- php8.2 8.2.26-4 (bug #1088688)
- php7.4 
NOTE: 
https://github.com/php/php-src/security/advisories/GHSA-r977-prxv-hc43
NOTE: 
https://github.com/php/php-src/commit/a6c84cd7efd7eaaaefd4463412508df570d35358 
(php-8.2.26)
 CVE-2024-11234 (In PHP versions 8.1.* before 8.1.31, 8.2.* before 8.2.26, 
8.3.* before ...)
-   {DSA-5819-1}
+   {DSA-5819-1 DLA-3986-1}
- php8.2 8.2.26-4 (bug #1088688)
- php7.4 
NOTE: 
https://github.com/php/php-src/security/advisories/GHSA-c5f2-jwm7-mmq2
NOTE: 
https://github.com/php/php-src/commit/cf6700e86d6357420a7c8386da63d48fec55f633 
(php-8.2.26)
 CVE-2024-11236 (In PHP versions 8.1.* before 8.1.31, 8.2.* before 8.2.26, 
8.3.* before ...)
-   {DSA-5819-1}
+   {DSA-5819-1 DLA-3986-1}
- php8.2 8.2.26-4 (bug #1088688)
- php7.4 
NOTE: 
https://github.com/php/php-src/security/advisories/GHSA-5hqh-c84r-qjcv
NOTE: 
https://github.com/php/php-src/commit/7742f79a8a9c20522dbf40e1dc1d4ccad71d399c 
(php-8.2.26)
NOTE: 
https://github.com/php/php-src/commit/2dbe1425c5768faea2aa7bca26081dd208c94ac8 
(php-8.2.26)
 CVE-2024-8929 (In PHP versions 8.1.* before 8.1.31, 8.2.* before 8.2.26, 8.3.* 
before ...)
-   {DSA-5819-1}
+   {DSA-5819-1 DLA-3986-1}
- php8.2 8.2.26-4 (bug #1088688)
- php7.4 
NOTE: 
https://github.com/php/php-src/security/advisories/GHSA-h35g-vwh6-m678
@@ -4212,7 +4214,7 @@ CVE-2024-8929 (In PHP versions 8.1.* before 8.1.31, 8.2.* 
before 8.2.26, 8.3.* b
NOTE: Follow-up: 
https://github.com/php/php-src/commit/abc6de0ddec93564e9faa8065ac5756a1fbaf763 
(php-8.2.26)
NOTE: Follow-up: 
https://github.com/php/php-src/commit/913031c844737d78a62c4af2aab1c3eeb7dc95bf 
(php-8.2.26)
 CVE-2024-8932 (In PHP versions 8.1.* before 8.1.31, 8.2.* before 8.2.26, 8.3.* 
before ...)
-   {DSA-5819-1}
+   {DSA-5819-1 DLA-3986-1}
- php8.2 8.2.26-4 (bug #1088688)
- php7.4 
NOTE: 
https://github.com/php/php-src/security/advisories/GHSA-g665-fm4p-vhff
@@ -125386,7 +125388,7 @@ CVE-2020-36728 (The Adning Advertising plugin for 
WordPress is vulnerable to fil
 CVE-2020-36705 (The Adning Advertising plugin for WordPress is vulnerable to 
arbitrary ...)
NOT-FOR-US: Adning Advertising plugin for WordPress
 CVE-2023-33865 (RenderDoc before 1.27 allows local privilege escalation via a 
symlink  ...)
-   {DLA-3501-1}
+   {DLA-3987-1 DLA-3501-1}
- renderdoc 1.27+dfsg-1 (bug #1037208)
[bookworm] - renderdoc  (Minor issue)
NOTE: https://www.openwall.com/lists/oss-security/2023/06/06/3
@@ -125396,7 +125398,7 @@ CVE-2023-33865 (RenderDoc before 1.27 allows local 
privilege escalation via a sy
NOTE: 
https://github.com/baldurk/renderdoc/commit/203fc8382a79d53d2035613d9425d966b1d4958e
 (v1.27)
NOTE: 
https://github.com/baldurk/renderdoc/commit/771aa8e769b72e6a36b31d6e2116db9952dcbe9b
 (v1.27)
 CVE-2023-33864 (StreamReader::ReadFromExternal in RenderDoc before 1.27 allows 
an Inte ...)
-   {DLA-3501-1}
+   {DLA-3987-1 DLA-3501-1}
- renderdoc 1.27+dfsg-1 (bug #1037208)
[bookworm] - renderdoc  (Minor issue)
NOTE: https://www.openwall.com/lists/oss-security/2023/06/06/3
@@ -125406,7 +125408,7 @@ CVE-2023-33864 (StreamReader::ReadFromExternal in 
RenderDoc before 1.27 allows a
NOTE: 
https://github.com/baldurk/renderdoc/commit/203fc8382a79d53d2035613d9425d966b1d4958e
 (v1.27)
NOTE: 
https://github.com/baldurk/renderdoc/commit/771aa8e769b72e6a36b31d6e2116db9952dcbe9b
 (v1.27)
 CVE-2023-33863 (SerialiseValue in RenderDoc before 1.27 allows an Integer 
Overflow wit ...)
-   {DLA-3501-1}
+   {DLA-3987-1 DLA-3501-1}
- renderdoc 1.27+dfsg-1 (bug #1037208)
[bookworm] - renderdoc  (Minor issue)
NOTE: https://www.openwall.com/lists/oss-security/2023/06/06/3



View it on GitLab: 
h

[Git][security-tracker-team/security-tracker][master] automatic update

2024-12-08 Thread Salvatore Bonaccorso (@carnil)


Salvatore Bonaccorso pushed to branch master at Debian Security Tracker / 
security-tracker


Commits:
271dfc5f by security tracker role at 2024-12-08T08:11:52+00:00
automatic update

- - - - -


1 changed file:

- data/CVE/list


Changes:

=
data/CVE/list
=
@@ -1,3 +1,9 @@
+CVE-2024-53473 (WeGIA 3.2.0 before 3998672 does not verify permission to 
change a pass ...)
+   TODO: check
+CVE-2024-12342 (A vulnerability was found in TP-Link VN020 F3v(T) 
TT_V6.2.1021. It has ...)
+   TODO: check
+CVE-2024-12209 (The WP Umbrella: Update Backup Restore & Monitoring plugin for 
WordPre ...)
+   TODO: check
 CVE-2024-47115 (IBM AIX 7.2, 7.3 and VIOS 3.1 and 4.1could allow a local user 
to execu ...)
NOT-FOR-US: IBM
 CVE-2024-47107 (IBM QRadar SIEM 7.5 is vulnerable to stored cross-site 
scripting. This ...)



View it on GitLab: 
https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/271dfc5f2d43f495b3d38804798ab66aec5d9894

-- 
View it on GitLab: 
https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/271dfc5f2d43f495b3d38804798ab66aec5d9894
You're receiving this email because of your account on salsa.debian.org.


___
debian-security-tracker-commits mailing list
debian-security-tracker-commits@alioth-lists.debian.net
https://alioth-lists.debian.net/cgi-bin/mailman/listinfo/debian-security-tracker-commits


[Git][security-tracker-team/security-tracker][master] automatic update

2024-12-07 Thread Salvatore Bonaccorso (@carnil)


Salvatore Bonaccorso pushed to branch master at Debian Security Tracker / 
security-tracker


Commits:
96970a5b by security tracker role at 2024-12-07T20:12:07+00:00
automatic update

- - - - -


1 changed file:

- data/CVE/list


Changes:

=
data/CVE/list
=
@@ -1,3 +1,31 @@
+CVE-2024-47115 (IBM AIX 7.2, 7.3 and VIOS 3.1 and 4.1could allow a local user 
to execu ...)
+   TODO: check
+CVE-2024-47107 (IBM QRadar SIEM 7.5 is vulnerable to stored cross-site 
scripting. This ...)
+   TODO: check
+CVE-2024-41762 (IBM Db2 for Linux, UNIX and Windows (includes Db2 Connect 
Server) 10.5 ...)
+   TODO: check
+CVE-2024-37071 (IBM Db2 for Linux, UNIX and Windows (includes Db2 Connect 
Server) 10.5 ...)
+   TODO: check
+CVE-2024-12270 (The Beautiful taxonomy filters plugin for WordPress is 
vulnerable to S ...)
+   TODO: check
+CVE-2024-12253 (The Simple Ecommerce Shopping Cart Plugin- Sell products 
through Paypa ...)
+   TODO: check
+CVE-2024-12128 (The Simple Ecommerce Shopping Cart Plugin- Sell products 
through Paypa ...)
+   TODO: check
+CVE-2024-11501 (The Gallery plugin for WordPress is vulnerable to PHP Object 
Injection ...)
+   TODO: check
+CVE-2024-11464 (The Easy Code Snippets plugin for WordPress is vulnerable to 
Reflected ...)
+   TODO: check
+CVE-2024-11457 (The Feedpress Generator \u2013 External RSS Frontend 
Customizer plugin ...)
+   TODO: check
+CVE-2024-11380 (The Mini Program API plugin for WordPress is vulnerable to 
Stored Cros ...)
+   TODO: check
+CVE-2024-11374 (The TWChat \u2013 Send or receive messages from users plugin 
for WordP ...)
+   TODO: check
+CVE-2024-11367 (The Smoove connector for Elementor forms plugin for WordPress 
is vulne ...)
+   TODO: check
+CVE-2024-11010 (The FileOrganizer \u2013 Manage WordPress and Website Files 
plugin for ...)
+   TODO: check
 CVE-2024-8679 (The Library Management System \u2013 Manage e-Digital Books 
Library pl ...)
NOT-FOR-US: WordPress plugin
 CVE-2024-7894 (The If Menu plugin for WordPress is vulnerable to unauthorized 
modific ...)
@@ -2059,21 +2087,25 @@ CVE-2024-46055 (OpenVidReview 1.0 is vulnerable to 
Cross Site Scripting (XSS) in
 CVE-2024-46054 (OpenVidReview 1.0 is vulnerable to Incorrect Access Control. 
The /uplo ...)
NOT-FOR-US: OpenVidReview
 CVE-2024-42333 (The researcher is showing that it is possible to leak a small 
amount o ...)
+   {DLA-3984-1}
- zabbix 1:7.0.5+dfsg-1 (bug #1088689)
NOTE: https://support.zabbix.com/browse/ZBX-25629
NOTE: Fixed by 
https://github.com/zabbix/zabbix/commit/72d2ce61872fcbace8f8dfdabc0568c99980989d
 (7.0.4rc1)
NOTE: Fixed by (merge commit) 
https://github.com/zabbix/zabbix/commit/c4ea57b823cb6a4c2cb0796f500e862fbb6a46ea
 (6.0.35rc1)
 CVE-2024-42332 (The researcher is showing that due to the way the SNMP trap 
log is par ...)
+   {DLA-3984-1}
- zabbix 1:7.0.5+dfsg-1 (bug #1088689)
NOTE: https://support.zabbix.com/browse/ZBX-25628
NOTE: Fixed by (merge commit): 
https://github.com/zabbix/zabbix/commit/e2982fbe05fe0a232c3fd71f2a3426a0bf400f77
 (7.0.5rc1)
NOTE: Fixed by (merge commit): 
https://github.com/zabbix/zabbix/commit/c539a227623343187d9907186bce7c9c3bc57a52
 (6.0.35rc1)
 CVE-2024-42331 (In the src/libs/zbxembed/browser.c file, the es_browser_ctor 
method re ...)
+   {DLA-3984-1}
- zabbix 1:7.0.5+dfsg-1 (bug #1088689)
NOTE: https://support.zabbix.com/browse/ZBX-25627
NOTE: Fixed by (merge commit): 
https://github.com/zabbix/zabbix/commit/e1bcc14d49a779587b6f31dddaf1ccbba4008d20
 (7.0.4rc1)
NOTE: and additionally 
https://github.com/zabbix/zabbix/commit/e731ed95fda7572ebae5eaffaa70f41e8f897e0d
 (7.0.4rc1)
 CVE-2024-42330 (The HttpRequest object allows to get the HTTP headers from the 
server' ...)
+   {DLA-3984-1}
- zabbix 1:7.0.5+dfsg-1 (bug #1088689)
NOTE: https://support.zabbix.com/browse/ZBX-25626
NOTE: Fixed by (merge commit): 
https://github.com/zabbix/zabbix/commit/e82c5941242edc9f4a96e101caaf27e106f73f47
 (7.0.4rc1)
@@ -2119,6 +2151,7 @@ CVE-2024-36468 (The reported vulnerability is a stack 
buffer overflow in the zbx
NOTE: Fixed by (merge commit): 
https://github.com/zabbix/zabbix/commit/c0dd17ac03c6cc5c7d830d1eee7e5b84243ea673
 (7.0.3rc1)
NOTE: vulnerable function introduced with commit 
https://github.com/zabbix/zabbix/commit/3850cd1cfea328baabafd26e56bc425ddff95eac
 (7.0.0beta1)
 CVE-2024-36464 (When exporting media types, the password is exported in the 
YAML in pl ...)
+   {DLA-3984-1}
- zabbix  (bug #1088689)
NOTE: https://support.zabbix.com/browse/ZBX-25630
NOTE: Despite upstream claiming fixed in 6.0.30rc1, can reproduce with 
6.0.36 (package from upstream)
@@ -2172,6 +2205,7 @@ CVE-2024-50942 (qiwen-file v1.4.0 was discovered to 
contain a SQL injection vu

[Git][security-tracker-team/security-tracker][master] automatic update

2024-12-07 Thread Salvatore Bonaccorso (@carnil)


Salvatore Bonaccorso pushed to branch master at Debian Security Tracker / 
security-tracker


Commits:
d23d411e by security tracker role at 2024-12-07T08:12:22+00:00
automatic update

- - - - -


1 changed file:

- data/CVE/list


Changes:

=
data/CVE/list
=
@@ -1,4 +1,82 @@
-CVE-2024-53143 [fsnotify: Fix ordering of iput() and watched_objects decrement]
+CVE-2024-8679 (The Library Management System \u2013 Manage e-Digital Books 
Library pl ...)
+   TODO: check
+CVE-2024-7894 (The If Menu plugin for WordPress is vulnerable to unauthorized 
modific ...)
+   TODO: check
+CVE-2024-7875 (Tungsten Automation(Kofax) TotalAgility in versions all 
through7.9.0.2 ...)
+   TODO: check
+CVE-2024-7874 (Tungsten Automation (Kofax) TotalAgility in versions all 
through7.9.0. ...)
+   TODO: check
+CVE-2024-54138 (NuGet Gallery is a package repository that powers nuget.org. 
The NuGet ...)
+   TODO: check
+CVE-2024-44856 (Open Robotics Robotic Operating System 2 ROS2 navigation2 
v.humble was ...)
+   TODO: check
+CVE-2024-44855 (Open Robotics Robotic Operating System 2 ROS2 navigation2 
v.humble was ...)
+   TODO: check
+CVE-2024-44854 (Open Robotics Robotic Operating System 2 ROS2 navigation2 
v.humble was ...)
+   TODO: check
+CVE-2024-44853 (Open Robotics Robotic Operating System 2 ROS2 navigation2 
v.humble was ...)
+   TODO: check
+CVE-2024-44852 (Open Robotics Robotic Operating System 2 ROS2 navigation2 
v.humble was ...)
+   TODO: check
+CVE-2024-41650 (Insecure Permissions vulnerability in Open Robotics Robotic 
Operating  ...)
+   TODO: check
+CVE-2024-41649 (Insecure Permissions vulnerability in Open Robotics Robotic 
Operating  ...)
+   TODO: check
+CVE-2024-41648 (Insecure Permissions vulnerability in Open Robotics Robotic 
Operating  ...)
+   TODO: check
+CVE-2024-41647 (Insecure Permissions vulnerability in Open Robotics Robotic 
Operating  ...)
+   TODO: check
+CVE-2024-41646 (Insecure Permissions vulnerability in Open Robotics Robotic 
Operating  ...)
+   TODO: check
+CVE-2024-41645 (Insecure Permissions vulnerability in Open Robotics Robotic 
Operating  ...)
+   TODO: check
+CVE-2024-41644 (Insecure Permissions vulnerability in Open Robotics Robotic 
Operating  ...)
+   TODO: check
+CVE-2024-38927 (Open Robotics Robotic Operating System 2 (ROS2) and Nav2 
humble versio ...)
+   TODO: check
+CVE-2024-38926 (Open Robotics Robotic Operating System 2 (ROS2) and Nav2 
humble versio ...)
+   TODO: check
+CVE-2024-38925 (Open Robotics Robotic Operating System 2 (ROS2) and Nav2 
humble versio ...)
+   TODO: check
+CVE-2024-38924 (Open Robotics Robotic Operating System 2 (ROS2) and Nav2 
humble versio ...)
+   TODO: check
+CVE-2024-38923 (Open Robotics Robotic Operating System 2 (ROS2) and Nav2 
humble versio ...)
+   TODO: check
+CVE-2024-38922 (Open Robotics Robotic Operating System 2 (ROS2) and Nav2 
humble versio ...)
+   TODO: check
+CVE-2024-38921 (Open Robotics Robotic Operating System 2 (ROS2) and Nav2 
humble versio ...)
+   TODO: check
+CVE-2024-12326 (Jirafeau normally prevents browser preview for SVG files due 
to the po ...)
+   TODO: check
+CVE-2024-12257 (The CardGate Payments for WooCommerce plugin for WordPress is 
vulnerab ...)
+   TODO: check
+CVE-2024-12167 (The Shortcodes Blocks Creator Ultimate plugin for WordPress is 
vulnera ...)
+   TODO: check
+CVE-2024-12166 (The Shortcodes Blocks Creator Ultimate plugin for WordPress is 
vulnera ...)
+   TODO: check
+CVE-2024-12165 (The Mollie for Contact Form 7 plugin for WordPress is 
vulnerable to Re ...)
+   TODO: check
+CVE-2024-12115 (The Poll Maker \u2013 Versus Polls, Anonymous Polls, Image 
Polls plugi ...)
+   TODO: check
+CVE-2024-12026 (The Message Filter for Contact Form 7 plugin for WordPress is 
vulnerab ...)
+   TODO: check
+CVE-2024-11943 (The \uc6cc\ub4dc\ud504\ub808\uc2a4 \uacb0\uc81c 
\uc2ec\ud50c\ud398\uc7 ...)
+   TODO: check
+CVE-2024-11904 (The \ucf54\ub4dc\uc5e0\uc0f5 \uc18c\uc15c\ud1a1 plugin for 
WordPress i ...)
+   TODO: check
+CVE-2024-11451 (The Zooom plugin for WordPress is vulnerable to Stored 
Cross-Site Scri ...)
+   TODO: check
+CVE-2024-11436 (The Drag & Drop Builder, Human Face Detector, Pre-built 
Templates, Spa ...)
+   TODO: check
+CVE-2024-11353 (The SMS for Lead Capture Forms plugin for WordPress is 
vulnerable to u ...)
+   TODO: check
+CVE-2024-11329 (The Comfino Payment Gateway plugin for WordPress is vulnerable 
to Refl ...)
+   TODO: check
+CVE-2024-11183 (The Simple Side Tab WordPress plugin before 2.2.0 does not 
sanitise an ...)
+   TODO: check
+CVE-2024-10046 (The \u0627\u0641\u0632\u0648\u0646\u0647 
\u067e\u06cc\u0627\u0645\u06a ...)
+   TODO: check
+CVE-2024-53143 (In the Linux kernel, the following vulnerability has been 
resolved:  f ...)
- linux 
[bookwo

[Git][security-tracker-team/security-tracker][master] automatic update

2024-12-06 Thread Salvatore Bonaccorso (@carnil)


Salvatore Bonaccorso pushed to branch master at Debian Security Tracker / 
security-tracker


Commits:
98b6bbfc by security tracker role at 2024-12-06T20:12:10+00:00
automatic update

- - - - -


1 changed file:

- data/CVE/list


Changes:

=
data/CVE/list
=
@@ -1,3 +1,261 @@
+CVE-2024-9872 (The Online Booking & Scheduling Calendar for WordPress by vcita 
plugin ...)
+   TODO: check
+CVE-2024-9866 (The Event Tickets with Ticket Scanner plugin for WordPress is 
vulnerab ...)
+   TODO: check
+CVE-2024-9706 (The Ultimate Coming Soon & Maintenance plugin for WordPress is 
vulnera ...)
+   TODO: check
+CVE-2024-9705 (The Ultimate Coming Soon & Maintenance plugin for WordPress is 
vulnera ...)
+   TODO: check
+CVE-2024-55268 (A Reflected Cross Site Scripting (XSS) vulnerability was found 
in /cov ...)
+   TODO: check
+CVE-2024-54750 (Ubiquiti U6-LR 6.6.65 was discovered to contain a hardcoded 
password v ...)
+   TODO: check
+CVE-2024-54749 (Ubiquiti U7-Pro 7.0.35 was discovered to contain a hardcoded 
password  ...)
+   TODO: check
+CVE-2024-54747 (WAVLINK WN531P3 202383 was discovered to contain a hardcoded 
password  ...)
+   TODO: check
+CVE-2024-54745 (WAVLINK WN701AE M01AE_V240305 was discovered to contain a 
hardcoded pa ...)
+   TODO: check
+CVE-2024-54216 (Path Traversal vulnerability in NotFound ARForms allows Path 
Traversal ...)
+   TODO: check
+CVE-2024-54214 (Unrestricted Upload of File with Dangerous Type vulnerability 
in NotFo ...)
+   TODO: check
+CVE-2024-54213 (Improper Neutralization of Input During Web Page Generation 
('Cross-si ...)
+   TODO: check
+CVE-2024-54212 (Improper Neutralization of Input During Web Page Generation 
('Cross-si ...)
+   TODO: check
+CVE-2024-54211 (Improper Neutralization of Input During Web Page Generation 
('Cross-si ...)
+   TODO: check
+CVE-2024-54210 (Improper Neutralization of Input During Web Page Generation 
('Cross-si ...)
+   TODO: check
+CVE-2024-54209 (Improper Neutralization of Input During Web Page Generation 
('Cross-si ...)
+   TODO: check
+CVE-2024-54208 (Improper Neutralization of Input During Web Page Generation 
('Cross-si ...)
+   TODO: check
+CVE-2024-54207 (Improper Neutralization of Input During Web Page Generation 
('Cross-si ...)
+   TODO: check
+CVE-2024-54206 (Improper Neutralization of Input During Web Page Generation 
('Cross-si ...)
+   TODO: check
+CVE-2024-54205 (Cross-Site Request Forgery (CSRF) vulnerability in Paloma 
Paloma Widge ...)
+   TODO: check
+CVE-2024-54143 (openwrt/asu is an image on demand server for OpenWrt based 
distributio ...)
+   TODO: check
+CVE-2024-54141 (phpMyFAQ is an open source FAQ web application for PHP 8.1+ 
and MySQL, ...)
+   TODO: check
+CVE-2024-54137 (liboqs is a C-language cryptographic library that provides 
implementat ...)
+   TODO: check
+CVE-2024-54136 (ClipBucket V5 provides open source video hosting with PHP. 
ClipBucket- ...)
+   TODO: check
+CVE-2024-54135 (ClipBucket V5 provides open source video hosting with PHP. 
ClipBucket- ...)
+   TODO: check
+CVE-2024-53826 (Missing Authorization vulnerability in WPSight WPCasa allows 
Accessing ...)
+   TODO: check
+CVE-2024-53825 (Missing Authorization vulnerability in Ninja Team Filebird 
allows Expl ...)
+   TODO: check
+CVE-2024-53824 (Improper Control of Filename for Include/Require Statement in 
PHP Prog ...)
+   TODO: check
+CVE-2024-53823 (Improper Neutralization of Input During Web Page Generation 
('Cross-si ...)
+   TODO: check
+CVE-2024-53821 (Improper Neutralization of Input During Web Page Generation 
('Cross-si ...)
+   TODO: check
+CVE-2024-53820 (Improper Neutralization of Input During Web Page Generation 
('Cross-si ...)
+   TODO: check
+CVE-2024-53817 (Improper Neutralization of Special Elements used in an SQL 
Command ('S ...)
+   TODO: check
+CVE-2024-53815 (Improper Neutralization of Special Elements used in an SQL 
Command ('S ...)
+   TODO: check
+CVE-2024-53813 (Missing Authorization vulnerability in WP Travel WP Travel 
allows Expl ...)
+   TODO: check
+CVE-2024-53812 (Improper Neutralization of Input During Web Page Generation 
('Cross-si ...)
+   TODO: check
+CVE-2024-53811 (Unrestricted Upload of File with Dangerous Type vulnerability 
in POSIM ...)
+   TODO: check
+CVE-2024-53810 (Missing Authorization vulnerability in Najeeb Ahmad Simple 
User Regist ...)
+   TODO: check
+CVE-2024-53809 (Cross-Site Request Forgery (CSRF) vulnerability in Kiboko Labs 
Namaste ...)
+   TODO: check
+CVE-2024-53808 (Improper Neutralization of Special Elements used in an SQL 
Command ('S ...)
+   TODO: check
+CVE-2024-53807 (Improper Neutralization of Special Elements used in an SQL 
Command ('S ...)
+   TODO: check
+CVE-2024-53806 (Missing Authorization vulnerability in WpMaspik Maspik \u2013 
Spam bla ...

[Git][security-tracker-team/security-tracker][master] automatic update

2024-12-06 Thread Salvatore Bonaccorso (@carnil)


Salvatore Bonaccorso pushed to branch master at Debian Security Tracker / 
security-tracker


Commits:
c2f80834 by security tracker role at 2024-12-06T08:12:02+00:00
automatic update

- - - - -


1 changed file:

- data/CVE/list


Changes:

=
data/CVE/list
=
@@ -1,3 +1,65 @@
+CVE-2024-9769 (The Video Gallery \u2013 Best WordPress YouTube Gallery plugin 
for Wor ...)
+   TODO: check
+CVE-2024-6219 (Mark Laing discovered in LXD's PKI mode, until version 5.21.1, 
that a  ...)
+   TODO: check
+CVE-2024-6156 (Mark Laing discovered that LXD's PKI mode, until version 
5.21.2, could ...)
+   TODO: check
+CVE-2024-54140 (sigstore-java is a sigstore java client for interacting with 
sigstore  ...)
+   TODO: check
+CVE-2024-53589 (GNU objdump 2.43 is vulnerable to Buffer Overflow in the BFD 
(Binary F ...)
+   TODO: check
+CVE-2024-53523 (JSFinder commit d70ab9bc5221e016c08cffaf0d9ac79646c90645 is 
vulnerable ...)
+   TODO: check
+CVE-2024-53457 (A stored cross-site scripting (XSS) vulnerability in the 
Device Settin ...)
+   TODO: check
+CVE-2024-52798 (path-to-regexp turns path strings into a regular expressions. 
In certa ...)
+   TODO: check
+CVE-2024-49041 (Microsoft Edge (Chromium-based) Spoofing Vulnerability)
+   TODO: check
+CVE-2024-38920 (Open Robotics Robotic Operating System 2 (ROS2) and Nav2 
humble versio ...)
+   TODO: check
+CVE-2024-38910 (Open Robotics Robotic Operating System 2 (ROS2) and Nav2 
humble versio ...)
+   TODO: check
+CVE-2024-37863 (Open Robotics Robotic Operating System 2 (ROS2) and Nav2 
humble versio ...)
+   TODO: check
+CVE-2024-37862 (Buffer Overflow vulnerability in Open Robotic Robotic 
Operating System ...)
+   TODO: check
+CVE-2024-37861 (Open Robotics Robotic Operating System 2 (ROS2) and Nav2 
humble versio ...)
+   TODO: check
+CVE-2024-37860 (Buffer Overflow vulnerability in Open Robotic Operating System 
2 ROS2  ...)
+   TODO: check
+CVE-2024-30964 (Insecure Permissions vulnerability in Open Robotics Robotic 
Operating  ...)
+   TODO: check
+CVE-2024-30963 (Buffer Overflow vulnerability in Open Robotics Robotic 
Operating Syste ...)
+   TODO: check
+CVE-2024-30962 (Buffer Overflow vulnerability in Open Robotics Robotic 
Operating Syste ...)
+   TODO: check
+CVE-2024-30961 (Insecure Permissions vulnerability in Open Robotics Robotic 
Operating  ...)
+   TODO: check
+CVE-2024-12064
+   REJECTED
+CVE-2024-11585 (The WP Hide & Security Enhancer plugin for WordPress is 
vulnerable to  ...)
+   TODO: check
+CVE-2024-11379 (The Broadcast plugin for WordPress is vulnerable to Reflected 
Cross-Si ...)
+   TODO: check
+CVE-2024-11201 (The myCred \u2013 Loyalty Points and Rewards plugin for 
WordPress and  ...)
+   TODO: check
+CVE-2024-11178 (The Login With OTP plugin for WordPress is vulnerable to 
authenticatio ...)
+   TODO: check
+CVE-2024-11149 (In OpenBSD 7.4 before errata 014, vmm(4) did not restore GDTR 
limits p ...)
+   TODO: check
+CVE-2024-10933 (In OpenBSD 7.5 before errata 009 and OpenBSD 7.4 before errata 
022, ex ...)
+   TODO: check
+CVE-2024-10836 (The Flixita theme for WordPress is vulnerable to Reflected 
Cross-Site  ...)
+   TODO: check
+CVE-2024-10578 (The Pubnews theme for WordPress is vulnerable to unauthorized 
arbitrar ...)
+   TODO: check
+CVE-2024-10551 (The Sticky Social Icons WordPress plugin through 1.2.1 does 
not saniti ...)
+   TODO: check
+CVE-2024-10480 (The 3DPrint Lite WordPress plugin before 2.1 does not have 
CSRF check  ...)
+   TODO: check
+CVE-2024-10247 (The Video Gallery \u2013 Best WordPress YouTube Gallery Plugin 
plugin  ...)
+   TODO: check
 CVE-2024-6784 (Server-Side Request Forgery vulnerabilities were found 
providing a pot ...)
NOT-FOR-US: ABB
 CVE-2024-6516 (Cross Site Scripting vulnerabilities where found providing a 
potential ...)
@@ -318867,7 +318929,7 @@ CVE-2021-0938 (In memzero_explicit of 
compiler-clang.h, there is a possible bypa
NOTE: https://source.android.com/security/bulletin/pixel/2021-10-01
NOTE: 
https://git.kernel.org/linus/3347acc6fcd4ee71ad18a9ff9d9dac176b517329
 CVE-2021-0937
-   RESERVED
+   REJECTED
- linux 5.10.38-1
[buster] - linux 4.19.194-1
[stretch] - linux 4.9.272-1
@@ -476618,18 +476680,18 @@ CVE-2018-9393 (In procfile_write of 
drivers/misc/mediatek/connectivity/wlan/gen2
NOT-FOR-US: Android
 CVE-2018-9392 (In get_binary of 
vendor/mediatek/proprietary/hardware/connectivity/gps ...)
NOT-FOR-US: Android
-CVE-2018-9391
-   RESERVED
-CVE-2018-9390
-   RESERVED
+CVE-2018-9391 (In update_gps_sv and output_vzw_debug of 
vendor/mediatek/proprieta ...)
+   TODO: check
+CVE-2018-9390 (In procfile_write of gl_proc.c, there is a possible out of  
bounds rea ...)
+   TODO: check
 CVE-2018-9389
RESERVED
-CVE-2018-938

[Git][security-tracker-team/security-tracker][master] automatic update

2024-12-05 Thread Salvatore Bonaccorso (@carnil)


Salvatore Bonaccorso pushed to branch master at Debian Security Tracker / 
security-tracker


Commits:
61f356a0 by security tracker role at 2024-12-05T20:12:04+00:00
automatic update

- - - - -


1 changed file:

- data/CVE/list


Changes:

=
data/CVE/list
=
@@ -1,3 +1,161 @@
+CVE-2024-6784 (Server-Side Request Forgery vulnerabilities were found 
providing a pot ...)
+   TODO: check
+CVE-2024-6516 (Cross Site Scripting vulnerabilities where found providing a 
potential ...)
+   TODO: check
+CVE-2024-6515 (Web browser interface may manipulate application 
username/password in  ...)
+   TODO: check
+CVE-2024-54679 (CyberPanel (aka Cyber Panel) before 6778ad1 does not require 
the Filem ...)
+   TODO: check
+CVE-2024-54130 (The NASA\u2019s Interplanetary Overlay Network (ION) is an 
implementat ...)
+   TODO: check
+CVE-2024-54129 (The NASA\u2019s Interplanetary Overlay Network (ION) is an 
implementat ...)
+   TODO: check
+CVE-2024-54128 (Directus is a real-time API and App dashboard for managing SQL 
databas ...)
+   TODO: check
+CVE-2024-54127 (This vulnerability exists in the TP-Link Archer C50 due to 
presence of ...)
+   TODO: check
+CVE-2024-54126 (This vulnerability exists in the TP-Link Archer C50 due to 
improper si ...)
+   TODO: check
+CVE-2024-54001 (Kanboard is project management software that focuses on the 
Kanban met ...)
+   TODO: check
+CVE-2024-53857 (rPGP is a pure Rust implementation of OpenPGP. Prior to 
0.14.1, rPGP a ...)
+   TODO: check
+CVE-2024-53856 (rPGP is a pure Rust implementation of OpenPGP. Prior to 
0.14.1, rPGP a ...)
+   TODO: check
+CVE-2024-53846 (OTP is a set of Erlang libraries, which consists of the Erlang 
runtime ...)
+   TODO: check
+CVE-2024-53703 (A vulnerability in the SonicWall SMA100 SSLVPN firmware 
10.2.1.13-72sv ...)
+   TODO: check
+CVE-2024-53702 (Use of cryptographically weak pseudo-random number generator 
(PRNG) vu ...)
+   TODO: check
+CVE-2024-53490 (Favorites-web 1.3.0 favorites-web has a directory traversal 
vulnerabil ...)
+   TODO: check
+CVE-2024-53472 (WeGIA v3.2.0 was discovered to contain a Cross-Site Request 
Forgery (C ...)
+   TODO: check
+CVE-2024-53471 (Multiple stored cross-site scripting (XSS) vulnerabilities in 
the comp ...)
+   TODO: check
+CVE-2024-53470 (Multiple stored cross-site scripting (XSS) vulnerabilities in 
the comp ...)
+   TODO: check
+CVE-2024-53442 (whapa v1.59 is vulnerable to Command Injection via a crafted 
filename  ...)
+   TODO: check
+CVE-2024-52564 (Inclusion of undocumented features or chicken bits issue 
exists in UD- ...)
+   TODO: check
+CVE-2024-52271 (User Interface (UI) Misrepresentation of Critical Information 
vulnerab ...)
+   TODO: check
+CVE-2024-52270 (User Interface (UI) Misrepresentation of Critical Information 
vulnerab ...)
+   TODO: check
+CVE-2024-51555 (Default Credentail vulnerabilities allows access to an Aspect 
device u ...)
+   TODO: check
+CVE-2024-51554 (Default Credentail vulnerabilities in ASPECT on Linux allows 
access to ...)
+   TODO: check
+CVE-2024-51551 (Default Credentail vulnerabilities in ASPECT on Linux allows 
access to ...)
+   TODO: check
+CVE-2024-51550 (Data Validation / Data Sanitization  vulnerabilities in Linux 
allows u ...)
+   TODO: check
+CVE-2024-51549 (Absolute File Traversal  vulnerabilities allows access and 
modificatio ...)
+   TODO: check
+CVE-2024-51548 (Dangerous File Upload vulnerabilities allow upload of 
malicious script ...)
+   TODO: check
+CVE-2024-51546 (Credentials Disclosure vulnerabilities allow access to on 
board projec ...)
+   TODO: check
+CVE-2024-51545 (Username Enumeration vulnerabilities allow access to 
application level ...)
+   TODO: check
+CVE-2024-51544 (Service Control vulnerabilities allow access to service 
restart reques ...)
+   TODO: check
+CVE-2024-51543 (Information Disclosure vulnerabilities allow access to 
application con ...)
+   TODO: check
+CVE-2024-51542 (Configuration Download vulnerabilities allow access to 
dependency conf ...)
+   TODO: check
+CVE-2024-51541 (Local File Inclusion vulnerabilities allow access to sensitive 
system  ...)
+   TODO: check
+CVE-2024-48847 (MD5 Checksum Bypass vulnerabilities where found exploiting a 
weakness  ...)
+   TODO: check
+CVE-2024-48846 (Cross Site Request Forgery vulnerabilities where found 
providing a pot ...)
+   TODO: check
+CVE-2024-48845 (Weak Password  Reset Rules vulnerabilities where found 
providing a pot ...)
+   TODO: check
+CVE-2024-48844 (Denial of Service vulnerabilities where found providing a 
potiential f ...)
+   TODO: check
+CVE-2024-48843 (Denial of Service vulnerabilities where found providing a 
potiential f ...)
+   TODO: check
+CVE-2024-48840 (Unauthorized Access vulnerabilities allow Remote Code 
Execution. Affec ..

[Git][security-tracker-team/security-tracker][master] automatic update

2024-12-05 Thread Salvatore Bonaccorso (@carnil)


Salvatore Bonaccorso pushed to branch master at Debian Security Tracker / 
security-tracker


Commits:
330e241d by security tracker role at 2024-12-05T08:12:05+00:00
automatic update

- - - - -


1 changed file:

- data/CVE/list


Changes:

=
data/CVE/list
=
@@ -1,3 +1,45 @@
+CVE-2024-54675 (app/webroot/js/workflows-editor/workflows-editor.js in MISP 
through 2. ...)
+   TODO: check
+CVE-2024-54674 (app/View/GalaxyClusters/cluster_export_misp_galaxy.ctp in MISP 
through ...)
+   TODO: check
+CVE-2024-54221 (Improper Neutralization of Special Elements used in an SQL 
Command ('S ...)
+   TODO: check
+CVE-2024-54014 (Improper authorization in handler for custom URL scheme issue 
in 'Skyl ...)
+   TODO: check
+CVE-2024-53982 (ZOO-Project is a C-based WPS (Web Processing Service) 
implementation.  ...)
+   TODO: check
+CVE-2024-51210 (Firepad through 1.5.11 allows remote attackers, who have 
knowledge of  ...)
+   TODO: check
+CVE-2024-50947 (An issue in kmqtt v0.2.7 allows attackers to cause a Denial of 
Service ...)
+   TODO: check
+CVE-2024-42195 (HCL DevOps Deploy / HCL Launch is vulnerable to HTML 
injection. This v ...)
+   TODO: check
+CVE-2024-39219 (An issue in Aginode GigaSwitch V5 before version 7.06G allows 
authenti ...)
+   TODO: check
+CVE-2024-38829 (A vulnerability in VMware Tanzu Spring LDAP allows data 
exposure for c ...)
+   TODO: check
+CVE-2024-12188 (A vulnerability was found in 1000 Projects Library Management 
System 1 ...)
+   TODO: check
+CVE-2024-12187 (A vulnerability was found in 1000 Projects Library Management 
System 1 ...)
+   TODO: check
+CVE-2024-12186 (A vulnerability was found in code-projects Hotel Management 
System 1.0 ...)
+   TODO: check
+CVE-2024-12185 (A vulnerability has been found in code-projects Hotel 
Management Syste ...)
+   TODO: check
+CVE-2024-12183 (A vulnerability, which was classified as problematic, was 
found in Ded ...)
+   TODO: check
+CVE-2024-12182 (A vulnerability, which was classified as problematic, has been 
found i ...)
+   TODO: check
+CVE-2024-12181 (A vulnerability classified as problematic was found in DedeCMS 
5.7.116 ...)
+   TODO: check
+CVE-2024-12180 (A vulnerability classified as problematic has been found in 
DedeCMS 5. ...)
+   TODO: check
+CVE-2024-11429 (The Free Responsive Testimonials, Social Proof Reviews, and 
Customer R ...)
+   TODO: check
+CVE-2024-10881 (The LUNA RADIO PLAYER plugin for WordPress is vulnerable to 
Stored Cro ...)
+   TODO: check
+CVE-2024-10178 (The Gutentor \u2013 Gutenberg Blocks \u2013 Page Builder for 
Gutenberg ...)
+   TODO: check
 CVE-2024-8962 (The WPBITS Addons For Elementor Page Builder plugin for 
WordPress is v ...)
NOT-FOR-US: WordPress plugin
 CVE-2024-8894 (Out-of-bounds Writevulnerability was discovered in Open Design 
Allianc ...)
@@ -23867,10 +23909,12 @@ CVE-2024-32668 (An insufficient boundary validation 
in the USB code could lead t
 CVE-2024-2166 (Improper Neutralization of Input During Web Page Generation 
('Cross-si ...)
NOT-FOR-US: Forcepoint Email Security
 CVE-2024-20506 (A vulnerability in the ClamD service module of Clam AntiVirus 
(ClamAV) ...)
+   {DLA-3983-1}
- clamav 1.4.1+dfsg-1 (bug #1080962)
[bookworm] - clamav 1.0.7+dfsg-1~deb12u1
NOTE: 
https://blog.clamav.net/2024/09/clamav-141-132-107-and-010312-security.html
 CVE-2024-20505 (A vulnerability in the PDF parsing module of Clam AntiVirus 
(ClamAV) v ...)
+   {DLA-3983-1}
- clamav 1.4.1+dfsg-1 (bug #1080962)
[bookworm] - clamav 1.0.7+dfsg-1~deb12u1
NOTE: 
https://blog.clamav.net/2024/09/clamav-141-132-107-and-010312-security.html
@@ -476258,10 +476302,10 @@ CVE-2018-9465 (In task_get_unused_fd_flags of 
binder.c, there is a possible memo
NOTE: 
https://git.kernel.org/linus/7f3dc0088b98533f17128058fac73cd8b2752ef1
 CVE-2018-9464
RESERVED
-CVE-2018-9463
-   RESERVED
-CVE-2018-9462
-   RESERVED
+CVE-2018-9463 (In sw49408_irq_runtime_engine_debug of touch_sw49408.c, there 
is a pos ...)
+   TODO: check
+CVE-2018-9462 (In store_cmd of ftm4_pdc.c, there is a possible out of bounds 
write du ...)
+   TODO: check
 CVE-2018-9461
RESERVED
 CVE-2018-9460
@@ -476306,8 +476350,8 @@ CVE-2018-9441 (In sdp_copy_raw_data of 
sdp_discovery.cc, there is a possible out
NOT-FOR-US: Android
 CVE-2018-9440 (In parse of M3UParser.cpp there is a possible resource 
exhaustion due  ...)
NOT-FOR-US: Android Media Framework
-CVE-2018-9439
-   RESERVED
+CVE-2018-9439 (In __unregister_prot_hook and packet_release of af_packet.c, 
there is  ...)
+   TODO: check
 CVE-2018-9438 (When a device connects only over WiFi VPN, the device may not 
receive  ...)
NOT-FOR-US: Android
 CVE-2018-9437 (In getstring of ID3.cpp there is a possible out-of-bounds read 
du

[Git][security-tracker-team/security-tracker][master] automatic update

2024-12-04 Thread Salvatore Bonaccorso (@carnil)


Salvatore Bonaccorso pushed to branch master at Debian Security Tracker / 
security-tracker


Commits:
20c0b522 by security tracker role at 2024-12-04T20:12:28+00:00
automatic update

- - - - -


1 changed file:

- data/CVE/list


Changes:

=
data/CVE/list
=
@@ -1,3 +1,99 @@
+CVE-2024-8962 (The WPBITS Addons For Elementor Page Builder plugin for 
WordPress is v ...)
+   TODO: check
+CVE-2024-8894 (Out-of-bounds Writevulnerability was discovered in Open Design 
Allianc ...)
+   TODO: check
+CVE-2024-7488 (Improper Input Validation vulnerability in RestApp Inc. Online 
Orderin ...)
+   TODO: check
+CVE-2024-5020 (Multiple plugins for WordPress are vulnerable to Stored 
Cross-Site Scr ...)
+   TODO: check
+CVE-2024-54158 (In JetBrains YouTrack before 2024.3.52635 potential spoofing 
attack wa ...)
+   TODO: check
+CVE-2024-54157 (In JetBrains YouTrack before 2024.3.52635 potential ReDoS was 
possible ...)
+   TODO: check
+CVE-2024-54156 (In JetBrains YouTrack before 2024.3.52635 multiple merge 
functions wer ...)
+   TODO: check
+CVE-2024-54155 (In JetBrains YouTrack before 2024.3.51866 improper access 
control allo ...)
+   TODO: check
+CVE-2024-54154 (In JetBrains YouTrack before 2024.3.51866 system takeover was 
possible ...)
+   TODO: check
+CVE-2024-54153 (In JetBrains YouTrack before 2024.3.51866 unauthenticated 
database bac ...)
+   TODO: check
+CVE-2024-54134 (A publish-access account was compromised for 
`@solana/web3.js`, a Java ...)
+   TODO: check
+CVE-2024-54132 (The GitHub CLI is GitHub\u2019s official command line tool. A 
security ...)
+   TODO: check
+CVE-2024-54002 (Dependency-Track is a Component Analysis platform that allows 
organiza ...)
+   TODO: check
+CVE-2024-53614 (A hardcoded decryption key in Thinkware Cloud APK v4.3.46 
allows attac ...)
+   TODO: check
+CVE-2024-52676 (Itsourcecode Online Discussion Forum Project v.1.0.0 is 
vulnerable to  ...)
+   TODO: check
+CVE-2024-52278
+   REJECTED
+CVE-2024-52277 (User Interface (UI) Misrepresentation of Critical Information 
vulnerab ...)
+   TODO: check
+CVE-2024-52276 (** INITIAL LIMITED RELEASE **  User Interface (UI) 
Misrepresentation o ...)
+   TODO: check
+CVE-2024-52275 (Stack-based Buffer Overflow vulnerability in Shenzhen Tenda 
Technology ...)
+   TODO: check
+CVE-2024-52274 (Stack-based Buffer Overflow vulnerability in Shenzhen Tenda 
Technology ...)
+   TODO: check
+CVE-2024-52273 (Stack-based Buffer Overflow vulnerability in Shenzhen Tenda 
Technology ...)
+   TODO: check
+CVE-2024-52272 (Stack-based Buffer Overflow vulnerability in Shenzhen Tenda 
Technology ...)
+   TODO: check
+CVE-2024-52269 (** INITIAL LIMITED RELEASE **  User Interface (UI) 
Misrepresentation o ...)
+   TODO: check
+CVE-2024-51465 (IBM App Connect Enterprise Certified Container 11.4, 11.5, 
11.6, 12.0, ...)
+   TODO: check
+CVE-2024-48453 (An issue in INOVANCE AM401_CPU1608TPTN allows a remote 
attacker to exe ...)
+   TODO: check
+CVE-2024-40745 (Reflected Cross site scripting vulnerability in Convert Forms 
componen ...)
+   TODO: check
+CVE-2024-40744 (Unrestricted file upload via security bypass in Convert Forms 
componen ...)
+   TODO: check
+CVE-2024-39163 (binux pyspider up to v0.3.10 was discovered to contain a 
Cross-Site Re ...)
+   TODO: check
+CVE-2024-37575 (The Mister org.mistergroup.shouldianswer application 1.4.264 
for Andro ...)
+   TODO: check
+CVE-2024-37574 (The GriceMobile com.grice.call application 4.5.2 for Android 
enables a ...)
+   TODO: check
+CVE-2024-20397 (A vulnerability in the bootloader of Cisco NX-OS Software 
could allow  ...)
+   TODO: check
+CVE-2024-12196 (Incorrect authorization in the permission component in 
Devolutions Ser ...)
+   TODO: check
+CVE-2024-12151 (Incorrect permission assignment in the user migration feature 
in Devol ...)
+   TODO: check
+CVE-2024-12149 (Incorrect permission assignment in temporary access requests 
component ...)
+   TODO: check
+CVE-2024-12148 (Incorrect authorization in permission validation component in 
Devoluti ...)
+   TODO: check
+CVE-2024-12147 (A vulnerability was found in Netgear R6900 1.0.1.26_1.0.20. It 
has bee ...)
+   TODO: check
+CVE-2024-12138 (A vulnerability classified as critical was found in horilla up 
to 1.2. ...)
+   TODO: check
+CVE-2024-12107 (Double-Free Vulnerability in uD3TN BPv7 Caused by Malformed 
Endpoint I ...)
+   TODO: check
+CVE-2024-12056 (The Client secret is not checked when using the OAuth Password 
grant t ...)
+   TODO: check
+CVE-2024-11952 (The Classic Addons \u2013 WPBakery Page Builder plugin for 
WordPress i ...)
+   TODO: check
+CVE-2024-11935 (The Email Address Obfuscation plugin for WordPress is 
vulnerable to St ...)
+   TODO: check
+CVE-2024-11880 (The B Testimonial \u2013 testimonial plugin

[Git][security-tracker-team/security-tracker][master] automatic update

2024-12-04 Thread Salvatore Bonaccorso (@carnil)


Salvatore Bonaccorso pushed to branch master at Debian Security Tracker / 
security-tracker


Commits:
f34e26d7 by security tracker role at 2024-12-04T08:12:01+00:00
automatic update

- - - - -


1 changed file:

- data/CVE/list


Changes:

=
data/CVE/list
=
@@ -1,3 +1,101 @@
+CVE-2024-9404 (Moxa\u2019s IP Cameras are affected by a medium-severity 
vulnerability ...)
+   TODO: check
+CVE-2024-54664 (An issue was discovered in Veritas NetBackup before 10.5. This 
only ap ...)
+   TODO: check
+CVE-2024-54661 (readline.sh in socat through 1.8.0.1 relies on the 
/tmp/$USER/stderr2  ...)
+   TODO: check
+CVE-2024-54131 (The Kolide Agent (aka: Launcher) is the lightweight agent 
designed to  ...)
+   TODO: check
+CVE-2024-53672 (A vulnerability in the ClearPass Policy Manager web-based 
management i ...)
+   TODO: check
+CVE-2024-53502 (Seecms v4.8 was discovered to contain a SQL injection 
vulnerability in ...)
+   TODO: check
+CVE-2024-51773 (A vulnerability in the HPE Aruba Networking ClearPass Policy 
Manager w ...)
+   TODO: check
+CVE-2024-51772 (An authenticated RCE vulnerability in the ClearPass Policy 
Manager web ...)
+   TODO: check
+CVE-2024-51363 (Insecure deserialization in Hodoku v2.3.0 to v2.3.2 allows 
attackers t ...)
+   TODO: check
+CVE-2024-46625 (An authenticated arbitrary file upload vulnerability in the 
/documentC ...)
+   TODO: check
+CVE-2024-46624 (An issue in InfoDom Performa 365 v4.0.1 allows authenticated 
attackers ...)
+   TODO: check
+CVE-2024-45757 (An issue was discovered in Centreon centreon-bam 24.04, 23.10, 
23.04,  ...)
+   TODO: check
+CVE-2024-45717 (The SolarWinds Platform was susceptible to a XSS vulnerability 
that af ...)
+   TODO: check
+CVE-2024-45207 (DLL injection in Veeam Agent for Windows can occur if the 
system's PAT ...)
+   TODO: check
+CVE-2024-45206 (A vulnerability in Veeam Service Provider Console has been 
identified, ...)
+   TODO: check
+CVE-2024-45205 (An Improper Certificate Validation on the UniFi iOS App 
managing a sta ...)
+   TODO: check
+CVE-2024-45204 (A vulnerability exists where a low-privileged user can exploit 
insuffi ...)
+   TODO: check
+CVE-2024-42457 (A vulnerability in Veeam Backup & Replication allows users 
with certai ...)
+   TODO: check
+CVE-2024-42456 (A vulnerability in Veeam Backup & Replication platform allows 
a low-pr ...)
+   TODO: check
+CVE-2024-42455 (A vulnerability in Veeam Backup & Replication allows a 
low-privileged  ...)
+   TODO: check
+CVE-2024-42453 (A vulnerability Veeam Backup & Replication allows 
low-privileged users ...)
+   TODO: check
+CVE-2024-42452 (A vulnerability in Veeam Backup & Replication allows a 
low-privileged  ...)
+   TODO: check
+CVE-2024-42451 (A vulnerability in Veeam Backup & Replication allows 
low-privileged us ...)
+   TODO: check
+CVE-2024-42449 (From the VSPC management agent machine, under condition that 
the manag ...)
+   TODO: check
+CVE-2024-40717 (A vulnerability in Veeam Backup & Replication allows a 
low-privileged  ...)
+   TODO: check
+CVE-2024-40391
+   REJECTED
+CVE-2024-12123 (A hidden field manipulation vulnerability was identified in 
Issuetrak  ...)
+   TODO: check
+CVE-2024-12099 (The Dollie Hub \u2013 Build Your Own WordPress Cloud Platform 
plugin f ...)
+   TODO: check
+CVE-2024-11985 (An improper input validation vulnerability leads to device 
crashes in  ...)
+   TODO: check
+CVE-2024-11903 (The WP eCards plugin for WordPress is vulnerable to Stored 
Cross-Site  ...)
+   TODO: check
+CVE-2024-11897 (The Contact Form, Survey & Form Builder \u2013 MightyForms 
plugin for  ...)
+   TODO: check
+CVE-2024-11813 (The Pulsating Chat Button plugin for WordPress is vulnerable 
to Cross- ...)
+   TODO: check
+CVE-2024-11807 (The NPS computy plugin for WordPress is vulnerable to 
Reflected Cross- ...)
+   TODO: check
+CVE-2024-11769 (The Flower Delivery by Florist One plugin for WordPress is 
vulnerable  ...)
+   TODO: check
+CVE-2024-11747 (The Responsive Videos plugin for WordPress is vulnerable to 
Stored Cro ...)
+   TODO: check
+CVE-2024-11479 (A HTML Injection vulnerability was identified in Issuetrak 
version 17. ...)
+   TODO: check
+CVE-2024-11466 (The Intro Tour Tutorial DeepPresentation plugin for WordPress 
is vulne ...)
+   TODO: check
+CVE-2024-11398 (Improper limitation of a pathname to a restricted directory 
('Path Tra ...)
+   TODO: check
+CVE-2024-11293 (The  Registration Forms \u2013 User Registration Forms, 
Invitation-Bas ...)
+   TODO: check
+CVE-2024-11093 (The SG Helper plugin for WordPress is vulnerable to Stored 
Cross-Site  ...)
+   TODO: check
+CVE-2024-10952 (The The Authors List plugin for WordPress is vulnerable to 
arbitrary s ...)
+   TODO: check
+CVE-2024-10885 (The SearchIQ \u2013 The Search Solution

[Git][security-tracker-team/security-tracker][master] automatic update

2024-12-03 Thread Salvatore Bonaccorso (@carnil)


Salvatore Bonaccorso pushed to branch master at Debian Security Tracker / 
security-tracker


Commits:
5d45f8b5 by security tracker role at 2024-12-03T20:12:27+00:00
automatic update

- - - - -


1 changed file:

- data/CVE/list


Changes:

=
data/CVE/list
=
@@ -1,4 +1,94 @@
-CVE-2024-45106
+CVE-2024-9978 (in OpenHarmony v4.1.1 and prior versions allow a local attacker 
cause  ...)
+   TODO: check
+CVE-2024-54000 (Mobile Security Framework (MobSF) is a pen-testing, malware 
analysis a ...)
+   TODO: check
+CVE-2024-53999 (Mobile Security Framework (MobSF) is a pen-testing, malware 
analysis a ...)
+   TODO: check
+CVE-2024-53921 (An issue was discovered in the installer in Samsung Magician 
8.1.0 on  ...)
+   TODO: check
+CVE-2024-53867 (Synapse is an open-source Matrix homeserver. The Sliding Sync 
feature  ...)
+   TODO: check
+CVE-2024-53863 (Synapse is an open-source Matrix homeserver. In Synapse 
versions befor ...)
+   TODO: check
+CVE-2024-53257 (Vitess is a database clustering system for horizontal scaling 
of MySQL ...)
+   TODO: check
+CVE-2024-52815 (Synapse is an open-source Matrix homeserver. Synapse versions 
before 1 ...)
+   TODO: check
+CVE-2024-52805 (Synapse is an open-source Matrix homeserver. In Synapse before 
1.120.1 ...)
+   TODO: check
+CVE-2024-52548 (An attacker who can execute arbitrary Operating Systems 
commands, can  ...)
+   TODO: check
+CVE-2024-52547 (An authenticated attacker can trigger a stack based buffer 
overflow in ...)
+   TODO: check
+CVE-2024-52546 (An unauthenticated attacker can perform a null pointer 
dereference in  ...)
+   TODO: check
+CVE-2024-52545 (An unauthenticated attacker can perform an out of bounds heap 
read in  ...)
+   TODO: check
+CVE-2024-52544 (An unauthenticated attacker can trigger a stack based buffer 
overflow  ...)
+   TODO: check
+CVE-2024-51771 (A vulnerability in the HPE Aruba Networking ClearPass Policy 
Manager w ...)
+   TODO: check
+CVE-2024-51114 (An issue in Beijing Digital China Yunke Information Technology 
Co.Ltd  ...)
+   TODO: check
+CVE-2024-50948 (An issue in mochiMQTT v2.6.3 allows attackers to cause a 
Denial of Ser ...)
+   TODO: check
+CVE-2024-48080 (An issue in aedes v0.51.2 allows attackers to cause a Denial 
of Servic ...)
+   TODO: check
+CVE-2024-47476 (Dell NetWorker Management Console, version(s) 19.11, 
contain(s) an Imp ...)
+   TODO: check
+CVE-2024-45676 (IBM Cognos Controller 11.0.0 and 11.0.1 could allow an 
authent ...)
+   TODO: check
+CVE-2024-42422 (Dell NetWorker, version(s) 19.10, contain(s) an Authorization 
Bypass T ...)
+   TODO: check
+CVE-2024-41777 (IBM Cognos Controller 11.0.0 and 11.0.1   contains 
hard-coded  ...)
+   TODO: check
+CVE-2024-41776 (IBM Cognos Controller 11.0.0 and 11.0.1 is 
vulnerable to c ...)
+   TODO: check
+CVE-2024-41775 (IBM Cognos Controller 11.0.0 and 11.0.1uses weaker than 
expected crypt ...)
+   TODO: check
+CVE-2024-40691 (IBM Cognos Controller 11.0.0 and 11.0.1   could be vulnerable 
to malic ...)
+   TODO: check
+CVE-2024-37303 (Synapse is an open-source Matrix homeserver. Synapse before 
version 1. ...)
+   TODO: check
+CVE-2024-37302 (Synapse is an open-source Matrix homeserver. Synapse versions 
before 1 ...)
+   TODO: check
+CVE-2024-29404 (An issue in Razer Synapse 3 v.3.9.131.20813 and Synapse 3 App 
v.202402 ...)
+   TODO: check
+CVE-2024-25036 (IBM Cognos Controller 11.0.0 and 11.0.1   could allow an 
authentic ...)
+   TODO: check
+CVE-2024-25035 (IBM Cognos Controller 11.0.0 and 11.0.1 exposes server 
details tha ...)
+   TODO: check
+CVE-2024-25020 (IBM Cognos Controller 11.0.0 and 11.0.1   is 
vulnerable to ...)
+   TODO: check
+CVE-2024-25019 (IBM Cognos Controller 11.0.0 and 11.0.1   could be vulnerable 
to malic ...)
+   TODO: check
+CVE-2024-12101
+   REJECTED
+CVE-2024-12082 (in OpenHarmony v4.0.0 and prior versions allow a local 
attacker cause  ...)
+   TODO: check
+CVE-2024-12062 (The Charity Addon for Elementor plugin for WordPress is 
vulnerable to  ...)
+   TODO: check
+CVE-2024-12053 (Type Confusion in V8 in Google Chrome prior to 131.0.6778.108 
allowed  ...)
+   TODO: check
+CVE-2024-11866 (The BMLT Tabbed Map plugin for WordPress is vulnerable to 
Stored Cross ...)
+   TODO: check
+CVE-2024-11844 (The IdeaPush plugin for WordPress is vulnerable to 
unauthorized modifi ...)
+   TODO: check
+CVE-2024-11782 (The WP Mailster plugin for WordPress is vulnerable to Stored 
Cross-Sit ...)
+   TODO: check
+CVE-2024-11391 (The Advanced File Manager plugin for WordPress is vulnerable 
to arbitr ...)
+   TODO: check
+CVE-2024-11326 (The Campaign Monitor Forms by Optin Cat plugin for WordPress 
is vulner ...)
+   TODO: check
+CVE-2024-11325 (The AWeber Forms by Opti

[Git][security-tracker-team/security-tracker][master] automatic update

2024-12-03 Thread Salvatore Bonaccorso (@carnil)


Salvatore Bonaccorso pushed to branch master at Debian Security Tracker / 
security-tracker


Commits:
c0698e6d by security tracker role at 2024-12-03T08:12:01+00:00
automatic update

- - - - -


1 changed file:

- data/CVE/list


Changes:

=
data/CVE/list
=
@@ -1,3 +1,85 @@
+CVE-2024-9694 (The CMSMasters Elementor Addon plugin for WordPress is 
vulnerable to S ...)
+   TODO: check
+CVE-2024-9200 (A post-authentication command injection vulnerability in the 
"host" pa ...)
+   TODO: check
+CVE-2024-9197 (A post-authentication buffer overflow vulnerability in the 
parameter " ...)
+   TODO: check
+CVE-2024-9058 (The Element Pack Elementor Addons (Header Footer, Template 
Library, Dy ...)
+   TODO: check
+CVE-2024-8748 (A buffer overflow vulnerability in the packet parser of the 
third-part ...)
+   TODO: check
+CVE-2024-53989 (rails-html-sanitizer is responsible for sanitizing HTML 
fragments in R ...)
+   TODO: check
+CVE-2024-53988 (rails-html-sanitizer is responsible for sanitizing HTML 
fragments in R ...)
+   TODO: check
+CVE-2024-53987 (rails-html-sanitizer is responsible for sanitizing HTML 
fragments in R ...)
+   TODO: check
+CVE-2024-53986 (rails-html-sanitizer is responsible for sanitizing HTML 
fragments in R ...)
+   TODO: check
+CVE-2024-53985 (rails-html-sanitizer is responsible for sanitizing HTML 
fragments in R ...)
+   TODO: check
+CVE-2024-53941 (An issue was discovered in Victure RX1800 WiFi 6 Router 
(software EN_V ...)
+   TODO: check
+CVE-2024-53940 (An issue was discovered in Victure RX1800 WiFi 6 Router 
(software EN_V ...)
+   TODO: check
+CVE-2024-53939 (An issue was discovered in Victure RX1800 WiFi 6 Router 
(software EN_V ...)
+   TODO: check
+CVE-2024-53938 (An issue was discovered in Victure RX1800 WiFi 6 Router 
(software EN_V ...)
+   TODO: check
+CVE-2024-53937 (An issue was discovered on Victure RX1800 WiFi 6 Router 
(software EN_V ...)
+   TODO: check
+CVE-2024-53477 (JFinal CMS 5.1.0 is vulnerable to Command Execution via 
unauthorized e ...)
+   TODO: check
+CVE-2024-53375 (Authenticated remote code execution (RCE) vulnerabilities 
affect TP-Li ...)
+   TODO: check
+CVE-2024-49581 (Restricted Views backed objects (OSV1) could be bypassed under 
specifi ...)
+   TODO: check
+CVE-2024-49421 (Path traversal in Quick Share Agent prior to version 3.5.14.47 
in Andr ...)
+   TODO: check
+CVE-2024-49420 (Improper handling of responses in GamingHub prior to version 
6.1.04.6  ...)
+   TODO: check
+CVE-2024-49419 (Insufficient verification of url authenticity in GamingHub 
prior to ve ...)
+   TODO: check
+CVE-2024-49418 (Insufficient verification of url authenticity in GamingHub 
prior to ve ...)
+   TODO: check
+CVE-2024-49417 (Use of implicit intent for sensitive communication in Smart 
Touch Call ...)
+   TODO: check
+CVE-2024-49416 (Use of implicit intent for sensitive communication in 
SmartThings prio ...)
+   TODO: check
+CVE-2024-49415 (Out-of-bound write in libsaped.so prior to SMR Dec-2024 
Release 1 allo ...)
+   TODO: check
+CVE-2024-49414 (Authentication Bypass Using an Alternate Path in Dex Mode 
prior to SMR ...)
+   TODO: check
+CVE-2024-49413 (Improper Verification of Cryptographic Signature in 
SmartSwitch prior  ...)
+   TODO: check
+CVE-2024-49412 (Improper input validation in Settings prior to SMR Dec-2024 
Release 1  ...)
+   TODO: check
+CVE-2024-49411 (Path Traversal in ThemeCenter prior to SMR Dec-2024 Release 1 
allows p ...)
+   TODO: check
+CVE-2024-49410 (Out-of-bounds write in libswmfextractor.so prior to SMR 
Dec-2024 Relea ...)
+   TODO: check
+CVE-2024-45068 (Authentication credentials leakage vulnerability in Hitachi 
Ops Center ...)
+   TODO: check
+CVE-2024-39890 (An issue was discovered in Samsung Mobile Processor, Wearable 
Processo ...)
+   TODO: check
+CVE-2024-11898 (The Scratch & Win \u2013 Giveaways and Contests. Boost 
subscribers, tr ...)
+   TODO: check
+CVE-2024-11853 (The jAlbum Bridge plugin for WordPress is vulnerable to Stored 
Cross-S ...)
+   TODO: check
+CVE-2024-11805 (The Quick License Manager \u2013 WooCommerce Plugin plugin for 
WordPre ...)
+   TODO: check
+CVE-2024-11732 (The BP Profile Shortcodes Extra plugin for WordPress is 
vulnerable to  ...)
+   TODO: check
+CVE-2024-11707 (The My auctions allegro plugin for WordPress is vulnerable to 
Reflecte ...)
+   TODO: check
+CVE-2024-11461 (The Form Data Collector plugin for WordPress is vulnerable to 
Reflecte ...)
+   TODO: check
+CVE-2024-11453 (The WordPress Pinterest Plugin \u2013 Make a Popup, User 
Profile, Maso ...)
+   TODO: check
+CVE-2024-10893 (The WP Booking Calendar WordPress plugin before 10.6.5 does 
not saniti ...)
+   TODO: check
+CVE-2024-10484 (The Spectra \u2013 WordPress Gutenberg Blocks plugin for 
WordPress is  ...)

[Git][security-tracker-team/security-tracker][master] automatic update

2024-12-02 Thread Salvatore Bonaccorso (@carnil)


Salvatore Bonaccorso pushed to branch master at Debian Security Tracker / 
security-tracker


Commits:
65cca1f1 by security tracker role at 2024-12-02T20:12:06+00:00
automatic update

- - - - -


1 changed file:

- data/CVE/list


Changes:

=
data/CVE/list
=
@@ -1,89 +1,345 @@
-CVE-2024-53124 [net: fix data-races around sk->sk_forward_alloc]
+CVE-2024-8785 (In WhatsUp Gold versions released before 2024.0.1, aremote 
unauthentic ...)
+   TODO: check
+CVE-2024-5890 (ServiceNow has addressed an HTML injection vulnerability that 
was iden ...)
+   TODO: check
+CVE-2024-53992 (unzip-bot is a Telegram bot to extract various types of 
archives. User ...)
+   TODO: check
+CVE-2024-53990 (The AsyncHttpClient (AHC) library allows Java applications to 
easily e ...)
+   TODO: check
+CVE-2024-53984 (Nanopb is a small code-size Protocol Buffers implementation.  
When the ...)
+   TODO: check
+CVE-2024-53981 (python-multipart is a streaming multipart parser for Python. 
When pars ...)
+   TODO: check
+CVE-2024-53900 (Mongoose before 8.8.3 can improperly use $where in match.)
+   TODO: check
+CVE-2024-53862 (Argo Workflows is an open source container-native workflow 
engine for  ...)
+   TODO: check
+CVE-2024-53793 (Cross-Site Request Forgery (CSRF) vulnerability in eDoc 
Intelligence L ...)
+   TODO: check
+CVE-2024-53792 (Improper Neutralization of Special Elements used in an SQL 
Command ('S ...)
+   TODO: check
+CVE-2024-53789 (Cross-Site Request Forgery (CSRF) vulnerability in Ritesh 
Sanap Advanc ...)
+   TODO: check
+CVE-2024-53784 (Missing Authorization vulnerability in E-goi Smart Marketing 
SMS and N ...)
+   TODO: check
+CVE-2024-53782 (Cross-Site Request Forgery (CSRF) vulnerability in CMSaccount 
Photo Vi ...)
+   TODO: check
+CVE-2024-53781 (Cross-Site Request Forgery (CSRF) vulnerability in Home 
Junction Spati ...)
+   TODO: check
+CVE-2024-53780 (Cross-Site Request Forgery (CSRF) vulnerability in Rajeev 
Chauhan Load ...)
+   TODO: check
+CVE-2024-53779 (Cross-Site Request Forgery (CSRF) vulnerability in Max Engel 
Yahoo! We ...)
+   TODO: check
+CVE-2024-53777 (Cross-Site Request Forgery (CSRF) vulnerability in Alberto 
Reineri Sim ...)
+   TODO: check
+CVE-2024-53776 (Cross-Site Request Forgery (CSRF) vulnerability in Raphael 
Heide Donat ...)
+   TODO: check
+CVE-2024-53775 (Cross-Site Request Forgery (CSRF) vulnerability in 
TannerRitchie Web A ...)
+   TODO: check
+CVE-2024-53770 (Cross-Site Request Forgery (CSRF) vulnerability in Peter 
MacIntyre Rin ...)
+   TODO: check
+CVE-2024-53769 (Cross-Site Request Forgery (CSRF) vulnerability in Ludovic 
RIAUDEL Cus ...)
+   TODO: check
+CVE-2024-53765 (Cross-Site Request Forgery (CSRF) vulnerability in Think201 
Mins To Re ...)
+   TODO: check
+CVE-2024-53762 (Cross-Site Request Forgery (CSRF) vulnerability in Faster 
Themes FastB ...)
+   TODO: check
+CVE-2024-53761 (Cross-Site Request Forgery (CSRF) vulnerability in P. Roy WP 
Revisions ...)
+   TODO: check
+CVE-2024-53759 (Improper Neutralization of Input During Web Page Generation 
('Cross-si ...)
+   TODO: check
+CVE-2024-53755 (Cross-Site Request Forgery (CSRF) vulnerability in Andrea 
Pernici Thir ...)
+   TODO: check
+CVE-2024-53754 (Cross-Site Request Forgery (CSRF) vulnerability in Arrow 
Design Out Of ...)
+   TODO: check
+CVE-2024-53753 (Cross-Site Request Forgery (CSRF) vulnerability in CultBooking 
CultBoo ...)
+   TODO: check
+CVE-2024-53751 (Cross-Site Request Forgery (CSRF) vulnerability in Abdul 
Hakeem Build  ...)
+   TODO: check
+CVE-2024-53741 (Improper Neutralization of Input During Web Page Generation 
('Cross-si ...)
+   TODO: check
+CVE-2024-53740 (Improper Neutralization of Input During Web Page Generation 
('Cross-si ...)
+   TODO: check
+CVE-2024-53730 (Cross-Site Request Forgery (CSRF) vulnerability in Aaron Hodge 
Silver  ...)
+   TODO: check
+CVE-2024-53729 (Cross-Site Request Forgery (CSRF) vulnerability in Plumeria 
Web Design ...)
+   TODO: check
+CVE-2024-53728 (Cross-Site Request Forgery (CSRF) vulnerability in 
SEO-K\xfcche Intern ...)
+   TODO: check
+CVE-2024-53727 (Cross-Site Request Forgery (CSRF) vulnerability in 
LinkLaunder.com Lin ...)
+   TODO: check
+CVE-2024-53726 (Cross-Site Request Forgery (CSRF) vulnerability in Realty 
Candy Realty ...)
+   TODO: check
+CVE-2024-53725 (Cross-Site Request Forgery (CSRF) vulnerability in 
Script-Recipes Post ...)
+   TODO: check
+CVE-2024-53724 (Cross-Site Request Forgery (CSRF) vulnerability in Ronny L. 
Bull IceSt ...)
+   TODO: check
+CVE-2024-53723 (Cross-Site Request Forgery (CSRF) vulnerability in A.Cihangir 
BALTACI  ...)
+   TODO: check
+CVE-2024-53722 (Cross-Site Request Forgery (CSRF) vulnerability in Rockemmusic 
Favicon ...)
+   TODO: check
+CVE-2024-53721 (Improper Neutralization 

[Git][security-tracker-team/security-tracker][master] automatic update

2024-12-02 Thread Salvatore Bonaccorso (@carnil)


Salvatore Bonaccorso pushed to branch master at Debian Security Tracker / 
security-tracker


Commits:
e4f498fa by security tracker role at 2024-12-02T08:12:02+00:00
automatic update

- - - - -


1 changed file:

- data/CVE/list


Changes:

=
data/CVE/list
=
@@ -1,3 +1,65 @@
+CVE-2024-53752 (Improper Neutralization of Input During Web Page Generation 
('Cross-si ...)
+   TODO: check
+CVE-2024-53750 (Cross-Site Request Forgery (CSRF) vulnerability in Maeve 
Lander PayPal ...)
+   TODO: check
+CVE-2024-53749 (Improper Neutralization of Input During Web Page Generation 
('Cross-si ...)
+   TODO: check
+CVE-2024-53748 (Improper Neutralization of Input During Web Page Generation 
('Cross-si ...)
+   TODO: check
+CVE-2024-53747 (Improper Neutralization of Input During Web Page Generation 
('Cross-si ...)
+   TODO: check
+CVE-2024-53746 (Improper Neutralization of Input During Web Page Generation 
('Cross-si ...)
+   TODO: check
+CVE-2024-53745 (Improper Neutralization of Input During Web Page Generation 
('Cross-si ...)
+   TODO: check
+CVE-2024-53744 (Improper Neutralization of Input During Web Page Generation 
('Cross-si ...)
+   TODO: check
+CVE-2024-53743 (Improper Neutralization of Input During Web Page Generation 
('Cross-si ...)
+   TODO: check
+CVE-2024-53742 (Improper Neutralization of Input During Web Page Generation 
('Cross-si ...)
+   TODO: check
+CVE-2024-53605 (Incorrect access control in the component 
content://com.handcent.messa ...)
+   TODO: check
+CVE-2024-53104 (In the Linux kernel, the following vulnerability has been 
resolved:  m ...)
+   TODO: check
+CVE-2024-53103 (In the Linux kernel, the following vulnerability has been 
resolved:  h ...)
+   TODO: check
+CVE-2024-45520 (WithSecure Atlant (formerly F-Secure Atlant) 1.0.35-1 allows a 
remote  ...)
+   TODO: check
+CVE-2024-20139 (In Bluetooth firmware, there is a possible firmware asssert 
due to imp ...)
+   TODO: check
+CVE-2024-20138 (In wlan driver, there is a possible out of bound read due to 
improper  ...)
+   TODO: check
+CVE-2024-20137 (In wlan driver, there is a possible client disconnection due 
to improp ...)
+   TODO: check
+CVE-2024-20136 (In da, there is a possible out of bounds read due to a missing 
bounds  ...)
+   TODO: check
+CVE-2024-20135 (In soundtrigger, there is a possible out of bounds write due 
to a miss ...)
+   TODO: check
+CVE-2024-20134 (In ril, there is a possible out of bounds write due to a 
missing bound ...)
+   TODO: check
+CVE-2024-20133 (In Modem, there is a possible escalation of privilege due to 
an incorr ...)
+   TODO: check
+CVE-2024-20132 (In Modem, there is a possible out of bonds write due to a 
mission boun ...)
+   TODO: check
+CVE-2024-20131 (In Modem, there is a possible escalation of privilege due to 
an incorr ...)
+   TODO: check
+CVE-2024-20130 (In power, there is a possible out of bounds write due to a 
missing bou ...)
+   TODO: check
+CVE-2024-20129 (In Telephony, there is a possible out of bounds read due to a 
missing  ...)
+   TODO: check
+CVE-2024-20128 (In Telephony, there is a possible out of bounds read due to a 
missing  ...)
+   TODO: check
+CVE-2024-20127 (In Telephony, there is a possible out of bounds read due to a 
missing  ...)
+   TODO: check
+CVE-2024-20125 (In vdec, there is a possible out of bounds write due to a 
missing boun ...)
+   TODO: check
+CVE-2024-20116 (In cmdq, there is a possible out of bounds read due to a 
missing bound ...)
+   TODO: check
+CVE-2024-12007 (A vulnerability, which was classified as critical, was found 
in code-p ...)
+   TODO: check
+CVE-2024-11856 (A security vulnerability in HPE IceWall products could be 
exploited re ...)
+   TODO: check
 CVE-2024-52596
- simplesamlphp 
NOTE: https://github.com/simplesamlphp/simplesamlphp/releases/tag/v2.3.4



View it on GitLab: 
https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/e4f498faf01803eb00795aa66f4d68e6ff6f3ba9

-- 
View it on GitLab: 
https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/e4f498faf01803eb00795aa66f4d68e6ff6f3ba9
You're receiving this email because of your account on salsa.debian.org.


___
debian-security-tracker-commits mailing list
debian-security-tracker-commits@alioth-lists.debian.net
https://alioth-lists.debian.net/cgi-bin/mailman/listinfo/debian-security-tracker-commits


[Git][security-tracker-team/security-tracker][master] automatic update

2024-12-01 Thread Salvatore Bonaccorso (@carnil)


Salvatore Bonaccorso pushed to branch master at Debian Security Tracker / 
security-tracker


Commits:
643bcc65 by security tracker role at 2024-12-01T08:12:05+00:00
automatic update

- - - - -


1 changed file:

- data/CVE/list


Changes:

=
data/CVE/list
=
@@ -1,3 +1,43 @@
+CVE-2024-53788 (Improper Neutralization of Input During Web Page Generation 
('Cross-si ...)
+   TODO: check
+CVE-2024-53787 (Improper Neutralization of Input During Web Page Generation 
('Cross-si ...)
+   TODO: check
+CVE-2024-53786 (Improper Neutralization of Input During Web Page Generation 
('Cross-si ...)
+   TODO: check
+CVE-2024-53783 (Improper Neutralization of Special Elements used in an SQL 
Command ('S ...)
+   TODO: check
+CVE-2024-53778 (Cross-Site Request Forgery (CSRF) vulnerability in Essential 
Marketer  ...)
+   TODO: check
+CVE-2024-53774 (Improper Neutralization of Input During Web Page Generation 
('Cross-si ...)
+   TODO: check
+CVE-2024-53773 (Improper Neutralization of Input During Web Page Generation 
('Cross-si ...)
+   TODO: check
+CVE-2024-53772 (Improper Neutralization of Input During Web Page Generation 
('Cross-si ...)
+   TODO: check
+CVE-2024-53771 (Improper Neutralization of Input During Web Page Generation 
('Cross-si ...)
+   TODO: check
+CVE-2024-53768 (Exposure of Sensitive System Information to an Unauthorized 
Control Sp ...)
+   TODO: check
+CVE-2024-53767 (Improper Neutralization of Input During Web Page Generation 
('Cross-si ...)
+   TODO: check
+CVE-2024-53766 (Improper Neutralization of Input During Web Page Generation 
('Cross-si ...)
+   TODO: check
+CVE-2024-53764 (Improper Neutralization of Input During Web Page Generation 
('Cross-si ...)
+   TODO: check
+CVE-2024-53763 (Improper Neutralization of Input During Web Page Generation 
('Cross-si ...)
+   TODO: check
+CVE-2024-53760 (Improper Neutralization of Input During Web Page Generation 
('Cross-si ...)
+   TODO: check
+CVE-2024-53758 (Improper Neutralization of Input During Web Page Generation 
('Cross-si ...)
+   TODO: check
+CVE-2024-53757 (Improper Neutralization of Input During Web Page Generation 
('Cross-si ...)
+   TODO: check
+CVE-2024-53756 (Improper Neutralization of Input During Web Page Generation 
('Cross-si ...)
+   TODO: check
+CVE-2024-53739 (Improper Control of Filename for Include/Require Statement in 
PHP Prog ...)
+   TODO: check
+CVE-2024-53738 (Server-Side Request Forgery (SSRF) vulnerability in Gabe Livan 
Asset C ...)
+   TODO: check
 CVE-2024-12002 (A vulnerability classified as problematic was found in Tenda 
FH451, FH ...)
NOT-FOR-US: Tenda
 CVE-2024-12001 (A vulnerability classified as problematic has been found in 
code-proje ...)



View it on GitLab: 
https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/643bcc65aa90607af64a838c2f33558a1bb6be33

-- 
View it on GitLab: 
https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/643bcc65aa90607af64a838c2f33558a1bb6be33
You're receiving this email because of your account on salsa.debian.org.


___
debian-security-tracker-commits mailing list
debian-security-tracker-commits@alioth-lists.debian.net
https://alioth-lists.debian.net/cgi-bin/mailman/listinfo/debian-security-tracker-commits


[Git][security-tracker-team/security-tracker][master] automatic update

2024-11-30 Thread Salvatore Bonaccorso (@carnil)


Salvatore Bonaccorso pushed to branch master at Debian Security Tracker / 
security-tracker


Commits:
94f12f02 by security tracker role at 2024-11-30T20:12:12+00:00
automatic update

- - - - -


1 changed file:

- data/CVE/list


Changes:

=
data/CVE/list
=
@@ -1,3 +1,11 @@
+CVE-2024-12002 (A vulnerability classified as problematic was found in Tenda 
FH451, FH ...)
+   TODO: check
+CVE-2024-12001 (A vulnerability classified as problematic has been found in 
code-proje ...)
+   TODO: check
+CVE-2024-12000 (A vulnerability was found in code-projects Blood Bank System 
1.0. It h ...)
+   TODO: check
+CVE-2024-11998 (A vulnerability was found in code-projects Farmacia 1.0. It 
has been d ...)
+   TODO: check
 CVE-2024-54159 (stalld through 1.19.7 allows local users to cause a denial of 
service  ...)
NOT-FOR-US: stalld
 CVE-2024-53623 (Incorrect access control in the component l_0_0.xml of TP-Link 
ARCHER- ...)
@@ -478,6 +486,7 @@ CVE-2024-54004 (Jenkins Filesystem List Parameter Plugin 
0.0.14 and earlier does
 CVE-2024-5921 (An insufficient certification validation issue in the Palo Alto 
Networ ...)
NOT-FOR-US: Palo Alto Networks
 CVE-2024-53849 (editorconfig-core-c  is  theEditorConfig core library written 
in C (fo ...)
+   {DLA-3978-1}
- editorconfig-core 0.12.7-0.1
[bookworm] - editorconfig-core  (Minor issue)
NOTE: 
https://github.com/editorconfig/editorconfig-core-c/security/advisories/GHSA-475j-wc37-6274
@@ -3651,11 +3660,13 @@ CVE-2023-49952 (Mastodon 4.1.x before 4.1.17 and 4.2.x 
before 4.2.9 allows a byp
 CVE-2024-5030 (The CM Table Of Contents  WordPress plugin before 1.2.3 does 
not have  ...)
NOT-FOR-US: WordPress plugin
 CVE-2024-52947 (A cross-site scripting (XSS) vulnerability in LemonLDAP::NG 
before 2.2 ...)
+   {DLA-3979-1}
- lemonldap-ng 2.20.1+ds-1
[bookworm] - lemonldap-ng  (Minor issue, will be fixed via spu)
NOTE: https://gitlab.ow2.org/lemonldap-ng/lemonldap-ng/-/issues/3257
NOTE: Fixed by: 
https://gitlab.ow2.org/lemonldap-ng/lemonldap-ng/-/commit/600ba2c0b3d4bb0a4dd2eb9d8b612edcca8805dc
 (v2.20.1)
 CVE-2024-52946 (An issue was discovered in LemonLDAP::NG before 2.20.1. An 
Improper Ch ...)
+   {DLA-3979-1}
- lemonldap-ng 2.20.1+ds-1
[bookworm] - lemonldap-ng  (Minor issue, will be fixed via spu)
NOTE: https://gitlab.ow2.org/lemonldap-ng/lemonldap-ng/-/issues/3255
@@ -15556,6 +15567,7 @@ CVE-2024-48942 (The Syracom Secure Login (2FA) plugin 
for Jira, Confluence, and
 CVE-2024-48941 (The Syracom Secure Login (2FA) plugin for Jira, Confluence, 
and Bitbuc ...)
NOT-FOR-US: Jira plugin
 CVE-2024-48933 (A cross-site scripting (XSS) vulnerability in LemonLDAP::NG 
before 2.1 ...)
+   {DLA-3979-1}
- lemonldap-ng 2.20.0+ds-1 (bug #1084979)
[bookworm] - lemonldap-ng 2.16.1+ds-deb12u3
NOTE: https://gitlab.ow2.org/lemonldap-ng/lemonldap-ng/-/issues/3232
@@ -22676,6 +22688,7 @@ CVE-2024-7349 (The LifterLMS \u2013 WP LMS for 
eLearning, Online Courses, & Quiz
 CVE-2024-6792 (The WP ULike  WordPress plugin before 4.7.2.1 does not properly 
saniti ...)
NOT-FOR-US: WordPress plugin
 CVE-2024-45751 (tgt (aka Linux target framework) before 1.0.93 attempts to 
achieve ent ...)
+   {DLA-3976-1}
- tgt 1:1.0.85-1.3 (bug #1081158)
[bookworm] - tgt 1:1.0.85-1+deb12u1
NOTE: https://github.com/fujita/tgt/pull/67
@@ -24310,6 +24323,7 @@ CVE-2024-45048 (PHPSpreadsheet is a pure PHP library 
for reading and writing spr
 CVE-2024-45046 (PHPSpreadsheet is a pure PHP library for reading and writing 
spreadshe ...)
NOT-FOR-US: PHPSpreadsheet
 CVE-2024-43700 (xfpt versions prior to 1.01 fails to handle appropriately some 
paramet ...)
+   {DLA-3977-1}
- xfpt 1.00-3 (bug #1080219)
[bookworm] - xfpt 0.11-1+deb12u1
NOTE: 
https://github.com/PhilipHazel/xfpt/commit/a690304bbd3fd19e9dfdad50dcc87ad829f744e4
@@ -150450,6 +150464,7 @@ CVE-2023-23699 (Auth. (contributor+) Stored 
Cross-Site Scripting (XSS) vulnerabi
 CVE-2023-0342 (MongoDB Ops Manager Diagnostics Archive may not redact 
sensitive PEM k ...)
NOT-FOR-US: MongoDB Ops Manager Diagnostics Archive
 CVE-2023-0341 (A stack buffer overflow exists in the ec_glob function of 
editorconfig ...)
+   {DLA-3978-1}
- editorconfig-core 0.12.6-0.1
[buster] - editorconfig-core  (Minor issue)
NOTE: https://github.com/editorconfig/editorconfig-core-c/pull/87



View it on GitLab: 
https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/94f12f02030d3b37dc00b8cc5257458915a4bc76

-- 
View it on GitLab: 
https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/94f12f02030d3b37dc00b8cc5257458915a4bc76
You're receiving this email because of your account on salsa.debian.org.



[Git][security-tracker-team/security-tracker][master] automatic update

2024-11-30 Thread Salvatore Bonaccorso (@carnil)


Salvatore Bonaccorso pushed to branch master at Debian Security Tracker / 
security-tracker


Commits:
15d2e145 by security tracker role at 2024-11-30T08:12:35+00:00
automatic update

- - - - -


1 changed file:

- data/CVE/list


Changes:

=
data/CVE/list
=
@@ -1,3 +1,19 @@
+CVE-2024-54159 (stalld through 1.19.7 allows local users to cause a denial of 
service  ...)
+   TODO: check
+CVE-2024-53623 (Incorrect access control in the component l_0_0.xml of TP-Link 
ARCHER- ...)
+   TODO: check
+CVE-2024-43703 (Software installed and run as a non-privileged user may 
conduct improp ...)
+   TODO: check
+CVE-2024-43702 (Software installed and run as a non-privileged user may 
conduct improp ...)
+   TODO: check
+CVE-2024-11997 (A vulnerability was found in code-projects Farmacia 1.0. It 
has been c ...)
+   TODO: check
+CVE-2024-11996 (A vulnerability was found in code-projects Farmacia 1.0 and 
classified ...)
+   TODO: check
+CVE-2024-11995 (A vulnerability has been found in code-projects Farmacia 1.0 
and class ...)
+   TODO: check
+CVE-2024-11252 (The Social Sharing Plugin \u2013 Sassy Social Share plugin for 
WordPre ...)
+   TODO: check
 CVE-2024-53983 (The Backstage Scaffolder plugin Houses types and utilities for 
buildin ...)
NOT-FOR-US: Backstage Scaffolder plugin
 CVE-2024-53980 (RIOT is an open-source microcontroller operating system, 
designed to m ...)



View it on GitLab: 
https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/15d2e14577c1fd65019ca7dd1f2eb319ee167fd0

-- 
View it on GitLab: 
https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/15d2e14577c1fd65019ca7dd1f2eb319ee167fd0
You're receiving this email because of your account on salsa.debian.org.


___
debian-security-tracker-commits mailing list
debian-security-tracker-commits@alioth-lists.debian.net
https://alioth-lists.debian.net/cgi-bin/mailman/listinfo/debian-security-tracker-commits


[Git][security-tracker-team/security-tracker][master] automatic update

2024-11-29 Thread Salvatore Bonaccorso (@carnil)


Salvatore Bonaccorso pushed to branch master at Debian Security Tracker / 
security-tracker


Commits:
fc8e3358 by security tracker role at 2024-11-29T20:12:58+00:00
automatic update

- - - - -


1 changed file:

- data/CVE/list


Changes:

=
data/CVE/list
=
@@ -1,3 +1,111 @@
+CVE-2024-53983 (The Backstage Scaffolder plugin Houses types and utilities for 
buildin ...)
+   TODO: check
+CVE-2024-53980 (RIOT is an open-source microcontroller operating system, 
designed to m ...)
+   TODO: check
+CVE-2024-53979 (ibm.ibm_zhmc is an Ansible collection for the IBM Z HMC. The 
Ansible c ...)
+   TODO: check
+CVE-2024-53865 (zhmcclient is a pure Python client library for the IBM Z HMC 
Web Servi ...)
+   TODO: check
+CVE-2024-53864 (Ibexa Admin UI Bundle is all the necessary parts to run the 
Ibexa DXP  ...)
+   TODO: check
+CVE-2024-53861 (pyjwt is a JSON Web Token implementation in Python. An 
incorrect strin ...)
+   TODO: check
+CVE-2024-53848 (check-jsonschema is a CLI and set of pre-commit hooks for 
jsonschema v ...)
+   TODO: check
+CVE-2024-53507 (A SQL injection vulnerability was discovered in Siyuan 3.1.11 
in /getH ...)
+   TODO: check
+CVE-2024-53506 (A SQL injection vulnerability has been identified in Siyuan 
3.1.11 via ...)
+   TODO: check
+CVE-2024-53505 (A SQL injection vulnerability has been identified in Siyuan 
3.1.11 via ...)
+   TODO: check
+CVE-2024-53504 (A SQL injection vulnerability has been identified in Siyuan 
3.1.11 via ...)
+   TODO: check
+CVE-2024-52810 (@intlify/shared is a shared library for the intlify project. 
The lates ...)
+   TODO: check
+CVE-2024-52809 (vue-i18n  is an internationalization plugin for Vue.js. In 
affected ve ...)
+   TODO: check
+CVE-2024-52801 (sftpgo is a full-featured and highly configurable event-driven 
file tr ...)
+   TODO: check
+CVE-2024-52800 (veraPDF is an open source PDF/A validation library. Executing 
policy c ...)
+   TODO: check
+CVE-2024-52782 (DCME-320 <=7.4.12.90, DCME-520 <=9.25.5.11, DCME-320-L 
<=9.3.5.26, and ...)
+   TODO: check
+CVE-2024-52781 (DCME-320 <=7.4.12.90, DCME-520 <=9.25.5.11, DCME-320-L 
<=9.3.5.26, and ...)
+   TODO: check
+CVE-2024-52780 (DCME-320 <=7.4.12.90, DCME-520 <=9.25.5.11, DCME-320-L 
<=9.3.5.26, and ...)
+   TODO: check
+CVE-2024-52779 (DCME-320 <=7.4.12.90, DCME-520 <=9.25.5.11, DCME-320-L 
<=9.3.5.26, and ...)
+   TODO: check
+CVE-2024-52778 (DCME-320 <=7.4.12.90, DCME-520 <=9.25.5.11, DCME-320-L 
<=9.3.5.26, and ...)
+   TODO: check
+CVE-2024-52777 (DCME-320 <=7.4.12.90, DCME-520 <=9.25.5.11, DCME-320-L, 
<=9.3.5.26, an ...)
+   TODO: check
+CVE-2024-52003 (Traefik (pronounced traffic) is an HTTP reverse proxy and load 
balance ...)
+   TODO: check
+CVE-2024-50357 (FutureNet NXR series routers provided by Century Systems Co., 
Ltd. hav ...)
+   TODO: check
+CVE-2024-49806 (IBM Security Verify Access Appliance 10.0.0 through 10.0.8   
contains  ...)
+   TODO: check
+CVE-2024-49805 (IBM Security Verify Access Appliance 10.0.0 through 10.0.8   
contains  ...)
+   TODO: check
+CVE-2024-49804 (IBM Security Verify Access Appliance 10.0.0 through 10.0.8   
could all ...)
+   TODO: check
+CVE-2024-49803 (IBM Security Verify Access Appliance 10.0.0 through 10.0.8 
could allow ...)
+   TODO: check
+CVE-2024-49360 (Sandboxie is a sandbox-based isolation software for 32-bit and 
64-bit  ...)
+   TODO: check
+CVE-2024-48406 (Buffer Overflow vulnerability in SunBK201 umicat through 
v.0.3.2 and f ...)
+   TODO: check
+CVE-2024-47193 (WithSecure Elements Agent for Mac before 24.3, MDR before 
24.3, and El ...)
+   TODO: check
+CVE-2024-47094 (Insertion of Sensitive Information into Log File in Checkmk 
GmbH's Che ...)
+   TODO: check
+CVE-2024-36671 (nodemcu before v3.0.0-release_20240225 was discovered to 
contain an in ...)
+   TODO: check
+CVE-2024-36626 (In prestashop 8.1.4, a NULL pointer dereference was identified 
in the  ...)
+   TODO: check
+CVE-2024-36625 (Zulip 8.3 is vulnerable to Cross Site Scripting (XSS) via the 
replace_ ...)
+   TODO: check
+CVE-2024-36624 (Zulip 8.3 is vulnerable to Cross Site Scripting (XSS) via the 
construc ...)
+   TODO: check
+CVE-2024-36623 (moby v25.0.3 has a Race Condition vulnerability in the 
streamformatter ...)
+   TODO: check
+CVE-2024-36622 (In RaspAP raspap-webgui 3.0.9 and earlier, a command injection 
vulnera ...)
+   TODO: check
+CVE-2024-36621 (moby v25.0.5 is affected by a Race Condition in 
builder/builder-next/a ...)
+   TODO: check
+CVE-2024-36620 (moby v25.0.0 - v26.0.2 is vulnerable to NULL Pointer 
Dereference via d ...)
+   TODO: check
+CVE-2024-36619 (FFmpeg n6.1.1 has a vulnerability in the WAVARC decoder of the 
libavco ...)
+   TODO: check
+CVE-2024-36618 (FFmpeg n6.1.1 has a vulnerability in the AVI demuxer of the 
libavforma

[Git][security-tracker-team/security-tracker][master] automatic update

2024-11-29 Thread Salvatore Bonaccorso (@carnil)


Salvatore Bonaccorso pushed to branch master at Debian Security Tracker / 
security-tracker


Commits:
9da99758 by security tracker role at 2024-11-29T08:12:33+00:00
automatic update

- - - - -


1 changed file:

- data/CVE/list


Changes:

=
data/CVE/list
=
@@ -1,3 +1,51 @@
+CVE-2024-9852 (Uncontrolled Search Path Element vulnerability in ICONICS 
GENESIS64 al ...)
+   TODO: check
+CVE-2024-9044 (A XML External Entity (XXE) vulnerability has been identified 
in Easy  ...)
+   TODO: check
+CVE-2024-8300 (Dead Code vulnerability in ICONICS GENESIS64 Version 10.97.2, 
10.97.2  ...)
+   TODO: check
+CVE-2024-8299 (Uncontrolled Search Path Element vulnerability in ICONICS 
GENESIS64 al ...)
+   TODO: check
+CVE-2024-54124 (In Click Studios Passwordstate before build 9920, there is a 
potential ...)
+   TODO: check
+CVE-2024-54123 (Backdrop CMS before 1.28.4 and 1.29.x before 1.29.2 allows XSS 
via an  ...)
+   TODO: check
+CVE-2024-53701 (Multiple FCNT Android devices provide the original security 
features s ...)
+   TODO: check
+CVE-2024-45495 (MSA FieldServer Gateway 5.0.0 through 6.5.2 allows 
cross-origin WebSoc ...)
+   TODO: check
+CVE-2024-39162 (pyspider through 0.3.10 allows /update XSS. NOTE: This 
vulnerability o ...)
+   TODO: check
+CVE-2024-35451 (LinkStack 2.7.9 through 4.7.7 allows 
resources\views\components\favico ...)
+   TODO: check
+CVE-2024-11983 (Certain models of routers from Billion Electric has an OS 
Command Inje ...)
+   TODO: check
+CVE-2024-11982 (Certain models of routers from Billion Electric has a 
Plaintext Storag ...)
+   TODO: check
+CVE-2024-11981 (Certain models of routers from Billion Electric has an 
Authentication  ...)
+   TODO: check
+CVE-2024-11980 (Certain modes of routers from Billion Electric have a Missing 
Authenti ...)
+   TODO: check
+CVE-2024-11979 (DreamMaker from Interinfo has a Path Traversal vulnerability 
and does  ...)
+   TODO: check
+CVE-2024-11978 (DreamMaker from Interinfo has a Path Traversal vulnerability, 
allowing ...)
+   TODO: check
+CVE-2024-11971 (A vulnerability classified as problematic was found in Guizhou 
Xiaoma  ...)
+   TODO: check
+CVE-2024-11970 (A vulnerability classified as critical has been found in 
code-projects ...)
+   TODO: check
+CVE-2024-11482 (A vulnerability in ESM 11.6.10 allows unauthenticated access 
to the in ...)
+   TODO: check
+CVE-2024-11481 (A vulnerability in ESM 11.6.10 allows unauthenticated access 
to the in ...)
+   TODO: check
+CVE-2024-11014 (Cross-site request forgery (CSRF) vulnerability in NEC 
Corporation UNI ...)
+   TODO: check
+CVE-2024-11013 (Command Injection vulnerability in NEC Corporation UNIVERGE IX 
from Ve ...)
+   TODO: check
+CVE-2024-10980 (The Element Pack Elementor Addons (Header Footer, Template 
Library, Dy ...)
+   TODO: check
+CVE-2024-10704 (The Photo Gallery by 10Web  WordPress plugin before 1.8.31 
does not sa ...)
+   TODO: check
 CVE-2024-9669 (The File Manager Pro \u2013 Filester plugin for WordPress is 
vulnerabl ...)
NOT-FOR-US: WordPress plugin
 CVE-2024-8672 (The Widget Options \u2013 The #1 WordPress Widget & Block 
Control Plug ...)
@@ -498,7 +546,7 @@ CVE-2024-10308 (The Jeg Elementor Kit plugin for WordPress 
is vulnerable to Stor
NOT-FOR-US: WordPress plugin
 CVE-2024-10240 (An issue has been discovered in GitLab EE affecting all 
versions start ...)
- gitlab  (Vulnerable code introduced later)
-CVE-2024-48651 [Supplemental group inheritance grants unintended access to GID 
0 due to lack of supplemental groups from mod_sql]
+CVE-2024-48651 (In ProFTPD through 1.3.8b before cec01cc, supplemental group 
inheritan ...)
- proftpd-dfsg 1.3.8.b+dfsg-4 (bug #1082326)
NOTE: https://github.com/proftpd/proftpd/issues/1830
NOTE: Fixed by: 
https://github.com/proftpd/proftpd/commit/cec01cc0a2523453e5da5a486bc6d977c3768db1
@@ -16200,6 +16248,7 @@ CVE-2024-31449 (Redis is an open source, in-memory 
database that persists on dis
NOTE: https://github.com/valkey-io/valkey/pull/1114
NOTE: 
https://github.com/valkey-io/valkey/commit/4fbab5740bfef66918d6c2950dd2b3b4e07815a2
 (8.0.1)
 CVE-2024-31228 (Redis is an open source, in-memory database that persists on 
disk. Aut ...)
+   {DLA-3973-1}
- redis 5:7.0.15-2 (bug #1084805)
- redict 7.3.1+ds-1
- valkey 8.0.1+dfsg1-1
@@ -194013,6 +194062,7 @@ CVE-2022-35978 (Minetest is a free open-source voxel 
game engine with easy moddi
NOTE: 
https://github.com/minetest/minetest/security/advisories/GHSA-663q-pcjw-27cc
NOTE: 
https://github.com/minetest/minetest/commit/da71e86633d0b27cd02d7aac9fdac625d141ca13
 (5.6.0)
 CVE-2022-35977 (Redis is an in-memory database that persists on disk. 
Authenticated us ...)
+   {DLA-3973-1}
- redis 5:7.0.8-1
[buster] - r

[Git][security-tracker-team/security-tracker][master] automatic update

2024-11-28 Thread Salvatore Bonaccorso (@carnil)


Salvatore Bonaccorso pushed to branch master at Debian Security Tracker / 
security-tracker


Commits:
a1f1893d by security tracker role at 2024-11-28T20:12:24+00:00
automatic update

- - - - -


1 changed file:

- data/CVE/list


Changes:

=
data/CVE/list
=
@@ -1,4 +1,116 @@
-CVE-2023-52922 [can: bcm: Fix UAF in bcm_proc_show()]
+CVE-2024-9669 (The File Manager Pro \u2013 Filester plugin for WordPress is 
vulnerabl ...)
+   TODO: check
+CVE-2024-8672 (The Widget Options \u2013 The #1 WordPress Widget & Block 
Control Plug ...)
+   TODO: check
+CVE-2024-8308 (A low privileged remote attacker can insert a SQL injection 
inthe web  ...)
+   TODO: check
+CVE-2024-8066 (The File Manager Pro \u2013 Filester plugin for WordPress is 
vulnerabl ...)
+   TODO: check
+CVE-2024-7747 (The Wallet for WooCommerce plugin for WordPress is vulnerable 
to incor ...)
+   TODO: check
+CVE-2024-53737 (Improper Neutralization of Input During Web Page Generation 
('Cross-si ...)
+   TODO: check
+CVE-2024-53736 (Cross-Site Request Forgery (CSRF) vulnerability in Jason Grim 
Custom S ...)
+   TODO: check
+CVE-2024-53734 (Cross-Site Request Forgery (CSRF) vulnerability in Idealien 
Studios Id ...)
+   TODO: check
+CVE-2024-53733 (Improper Neutralization of Input During Web Page Generation 
('Cross-si ...)
+   TODO: check
+CVE-2024-53732 (Cross-Site Request Forgery (CSRF) vulnerability in WP WOX 
Footer Flyou ...)
+   TODO: check
+CVE-2024-53731 (Improper Neutralization of Input During Web Page Generation 
('Cross-si ...)
+   TODO: check
+CVE-2024-52501 (Improper Control of Filename for Include/Require Statement in 
PHP Prog ...)
+   TODO: check
+CVE-2024-52499 (Improper Control of Filename for Include/Require Statement in 
PHP Prog ...)
+   TODO: check
+CVE-2024-52498 (Path Traversal: '.../...//' vulnerability in Softpulse 
Infotech SP Blo ...)
+   TODO: check
+CVE-2024-52497 (Improper Control of Filename for Include/Require Statement in 
PHP Prog ...)
+   TODO: check
+CVE-2024-52496 (Improper Control of Filename for Include/Require Statement in 
PHP Prog ...)
+   TODO: check
+CVE-2024-52495 (Improper Neutralization of Special Elements used in an SQL 
Command ('S ...)
+   TODO: check
+CVE-2024-52490 (Unrestricted Upload of File with Dangerous Type vulnerability 
in Patho ...)
+   TODO: check
+CVE-2024-52481 (Improper Limitation of a Pathname to a Restricted Directory 
('Path Tra ...)
+   TODO: check
+CVE-2024-52475 (Authentication Bypass Using an Alternate Path or Channel 
vulnerability ...)
+   TODO: check
+CVE-2024-52474 (Improper Neutralization of Special Elements used in an SQL 
Command ('S ...)
+   TODO: check
+CVE-2024-52338 (Deserialization of untrusted data in IPC and Parquet readers 
in the Ap ...)
+   TODO: check
+CVE-2024-52283 (Missing sanitation of inputs allowed arbitrary users to 
conduct a stor ...)
+   TODO: check
+CVE-2024-49503 (A Improper Neutralization of Input During Web Page Generation 
(XSS or  ...)
+   TODO: check
+CVE-2024-49502 (A Improper Neutralization of Input During Web Page Generation 
(XSS or  ...)
+   TODO: check
+CVE-2024-22038 (Various problems in obs-scm-bridge allows attackers that 
create specia ...)
+   TODO: check
+CVE-2024-22037 (The uyuni-server-attestation systemd service needs a 
database_password ...)
+   TODO: check
+CVE-2024-11969 (The NetCloud Exchange client for Windows, version 1.110.50, 
contains a ...)
+   TODO: check
+CVE-2024-11968 (A vulnerability was found in code-projects Farmacia up to 1.0. 
It has  ...)
+   TODO: check
+CVE-2024-11967 (A vulnerability was found in PHPGurukul Complaint Management 
system 1. ...)
+   TODO: check
+CVE-2024-11966 (A vulnerability was found in PHPGurukul Complaint Management 
system 1. ...)
+   TODO: check
+CVE-2024-11965 (A vulnerability has been found in PHPGurukul Complaint 
Management syst ...)
+   TODO: check
+CVE-2024-11964 (A vulnerability, which was classified as critical, was found 
in PHPGur ...)
+   TODO: check
+CVE-2024-11963 (A vulnerability, which was classified as critical, has been 
found in c ...)
+   TODO: check
+CVE-2024-11962 (A vulnerability classified as critical was found in 
code-projects Simp ...)
+   TODO: check
+CVE-2024-11961 (A vulnerability was found in Guangzhou Huayi Intelligent 
Technology Je ...)
+   TODO: check
+CVE-2024-11960 (A vulnerability was found in D-Link DIR-605L 2.13B01. It has 
been decl ...)
+   TODO: check
+CVE-2024-11959 (A vulnerability was found in D-Link DIR-605L 2.13B01. It has 
been clas ...)
+   TODO: check
+CVE-2024-11788 (The StreamWeasels YouTube Integration plugin for WordPress is 
vulnerab ...)
+   TODO: check
+CVE-2024-11786 (The Login with Vipps and MobilePay plugin for WordPress is 
vulnerable  ...)
+   TODO: check
+CVE-2024-11761 (The LegalWeb Cloud pl

[Git][security-tracker-team/security-tracker][master] automatic update

2024-11-28 Thread Salvatore Bonaccorso (@carnil)


Salvatore Bonaccorso pushed to branch master at Debian Security Tracker / 
security-tracker


Commits:
9f5f27fe by security tracker role at 2024-11-28T08:12:06+00:00
automatic update

- - - - -


1 changed file:

- data/CVE/list


Changes:

=
data/CVE/list
=
@@ -1,3 +1,69 @@
+CVE-2024-53860 (sp-php-email-handler is a PHP package for handling contact 
form submis ...)
+   TODO: check
+CVE-2024-53859 (go-gh is a Go module for interacting with the `gh` utility and 
the Git ...)
+   TODO: check
+CVE-2024-53858 (The gh cli is GitHub\u2019s official command line tool. A 
security vul ...)
+   TODO: check
+CVE-2024-53260 (Autolab is a course management service that enables 
auto-graded progra ...)
+   TODO: check
+CVE-2024-53008 (Inconsistent interpretation of HTTP requests ('HTTP 
Request/Response S ...)
+   TODO: check
+CVE-2024-46939 (The game extension engine of versions 1.2.7.0 and earlier 
exposes some ...)
+   TODO: check
+CVE-2024-38658 (There is an Out-of-bounds read vulnerability in V-Server 
(v4.0.19.0 an ...)
+   TODO: check
+CVE-2024-38389 (There is an Out-of-bounds read vulnerability in TELLUS 
(v4.0.19.0 and  ...)
+   TODO: check
+CVE-2024-38309 (There are multiple stack-based buffer overflow vulnerabilities 
in V-SF ...)
+   TODO: check
+CVE-2024-36466 (A bug in the code allows an attacker to sign a forged 
zbx_session cook ...)
+   TODO: check
+CVE-2024-11933 (Fuji Electric Monitouch V-SFT X1 File Parsing Heap-based 
Buffer Overfl ...)
+   TODO: check
+CVE-2024-11925 (The JobSearch WP Job Board plugin for WordPress is vulnerable 
to privi ...)
+   TODO: check
+CVE-2024-11918 (The Image Alt Text plugin for WordPress is vulnerable to 
unauthorized  ...)
+   TODO: check
+CVE-2024-11803 (Fuji Electric Tellus Lite V-Simulator 5 V8 File Parsing 
Out-Of-Bounds  ...)
+   TODO: check
+CVE-2024-11802 (Fuji Electric Tellus Lite V-Simulator 5 V8 File Parsing 
Stack-Based Bu ...)
+   TODO: check
+CVE-2024-11801 (Fuji Electric Tellus Lite V-Simulator 5 V8 File Parsing 
Out-Of-Bounds  ...)
+   TODO: check
+CVE-2024-11800 (Fuji Electric Tellus Lite V-Simulator 5 V8 File Parsing 
Stack-based Bu ...)
+   TODO: check
+CVE-2024-11799 (Fuji Electric Tellus Lite V-Simulator 5 V8 File Parsing 
Stack-based Bu ...)
+   TODO: check
+CVE-2024-11798 (Fuji Electric Monitouch V-SFT X1 File Parsing Out-Of-Bounds 
Write Remo ...)
+   TODO: check
+CVE-2024-11797 (Fuji Electric Monitouch V-SFT V8 File Parsing Out-Of-Bounds 
Write Remo ...)
+   TODO: check
+CVE-2024-11796 (Fuji Electric Monitouch V-SFT V9C File Parsing Out-Of-Bounds 
Write Rem ...)
+   TODO: check
+CVE-2024-11795 (Fuji Electric Monitouch V-SFT V8 File Parsing Stack-based 
Buffer Overf ...)
+   TODO: check
+CVE-2024-11794 (Fuji Electric Monitouch V-SFT V10 File Parsing Out-Of-Bounds 
Write Rem ...)
+   TODO: check
+CVE-2024-11793 (Fuji Electric Monitouch V-SFT V9C File Parsing Out-Of-Bounds 
Write Rem ...)
+   TODO: check
+CVE-2024-11792 (Fuji Electric Monitouch V-SFT V8 File Parsing Stack-based 
Buffer Overf ...)
+   TODO: check
+CVE-2024-11791 (Fuji Electric Monitouch V-SFT V8C File Parsing Stack-based 
Buffer Over ...)
+   TODO: check
+CVE-2024-11790 (Fuji Electric Monitouch V-SFT V10 File Parsing Stack-based 
Buffer Over ...)
+   TODO: check
+CVE-2024-11789 (Fuji Electric Monitouch V-SFT V10 File Parsing Stack-based 
Buffer Over ...)
+   TODO: check
+CVE-2024-11787 (Fuji Electric Monitouch V-SFT V10 File Parsing Stack-based 
Buffer Over ...)
+   TODO: check
+CVE-2024-10896 (The Logo Slider  WordPress plugin before 4.5.0 does not 
sanitise and e ...)
+   TODO: check
+CVE-2024-10510 (The adBuddy+ (AdBlocker Detection) by NetfunkDesign WordPress 
plugin t ...)
+   TODO: check
+CVE-2024-10493 (The Element Pack Elementor Addons (Header Footer, Template 
Library, Dy ...)
+   TODO: check
+CVE-2024-10473 (The Logo Slider  WordPress plugin before 4.5.0 does not 
sanitise and e ...)
+   TODO: check
 CVE-2024-11738
- rust-rustls  (Vulnerable code introduced later)
NOTE: https://rustsec.org/advisories/RUSTSEC-2024-0399.html
@@ -42178,16 +42244,19 @@ CVE-2024-38448 (htags in GNU Global through 6.6.12 
allows code execution in situ
 CVE-2024-38443 (C/sorting/binary_insertion_sort.c in The Algorithms - C 
through e5dad3 ...)
NOT-FOR-US: The Algorithms - C
 CVE-2024-38441 (Netatalk before 3.2.1 has an off-by-one error and resultant 
heap-based ...)
+   {DLA-3968-1}
- netatalk 3.1.18~ds-2 (bug #1074475)
NOTE: https://github.com/Netatalk/netatalk/issues/1098
NOTE: https://netatalk.io/security/CVE-2024-38441
NOTE: 
https://github.com/Netatalk/netatalk/commit/77b5d99007cfef4d73d76fd6f0c26584891608e5
 (netatalk-3-2-1)
 CVE-2024-38440 (Netatalk before 3.2.1 has an off-by-one error, and resultant 
heap-base ...)
+   {D

[Git][security-tracker-team/security-tracker][master] automatic update

2024-11-27 Thread Salvatore Bonaccorso (@carnil)


Salvatore Bonaccorso pushed to branch master at Debian Security Tracker / 
security-tracker


Commits:
a0cc68ef by security tracker role at 2024-11-27T20:12:17+00:00
automatic update

- - - - -


1 changed file:

- data/CVE/list


Changes:

=
data/CVE/list
=
@@ -1,6 +1,76 @@
-CVE-2024-54003
+CVE-2024-53920 (In elisp-mode.el in GNU Emacs through 30.0.92, a user who 
chooses to i ...)
+   TODO: check
+CVE-2024-53855 (Centurion ERP (Enterprise Rescource Planning) is a simple 
application  ...)
+   TODO: check
+CVE-2024-53635 (A Reflected Cross Site Scripting (XSS) vulnerability was found 
in /cov ...)
+   TODO: check
+CVE-2024-53604 (A SQL Injection vulnerability was found in 
/covid-tms/check_availabili ...)
+   TODO: check
+CVE-2024-53603 (A SQL Injection vulnerability was found in 
/covid-tms/password-recover ...)
+   TODO: check
+CVE-2024-53264 (bunkerweb is an Open-source and next-generation Web 
Application Firewa ...)
+   TODO: check
+CVE-2024-53254
+   REJECTED
+CVE-2024-52951 (Stored Cross-Site Scripting in the Access Request History in 
Omada Ide ...)
+   TODO: check
+CVE-2024-52323 (ZohocorpManageEngine Analytics Plus versions below 6100 are 
vulnerable ...)
+   TODO: check
+CVE-2024-51228 (An issue in TOTOLINK-CX-A3002RU V1.0.4-B20171106.1512 and 
TOTOLINK-CX- ...)
+   TODO: check
+CVE-2024-47181 (Contiki-NG is an open-source, cross-platform operating system 
for IoT  ...)
+   TODO: check
+CVE-2024-46055 (OpenVidReview 1.0 is vulnerable to Cross Site Scripting (XSS) 
in revie ...)
+   TODO: check
+CVE-2024-46054 (OpenVidReview 1.0 is vulnerable to Incorrect Access Control. 
The /uplo ...)
+   TODO: check
+CVE-2024-42333 (The researcher is showing that it is possible to leak a small 
amount o ...)
+   TODO: check
+CVE-2024-42332 (The researcher is showing that due to the way the SNMP trap 
log is par ...)
+   TODO: check
+CVE-2024-42331 (In the src/libs/zbxembed/browser.c file, the es_browser_ctor 
method re ...)
+   TODO: check
+CVE-2024-42330 (The HttpRequest object allows to get the HTTP headers from the 
server' ...)
+   TODO: check
+CVE-2024-42329 (The webdriver for the Browser object expects an error object 
to be ini ...)
+   TODO: check
+CVE-2024-42328 (When the webdriver for the Browser object downloads data from 
a HTTP s ...)
+   TODO: check
+CVE-2024-42327 (A non-admin user account on the Zabbix frontend with the 
default User  ...)
+   TODO: check
+CVE-2024-42326 (There was discovered a use after free bug in browser.c in the 
es_brows ...)
+   TODO: check
+CVE-2024-41126 (Contiki-NG is an open-source, cross-platform operating system 
for IoT  ...)
+   TODO: check
+CVE-2024-41125 (Contiki-NG is an open-source, cross-platform operating system 
for IoT  ...)
+   TODO: check
+CVE-2024-37816 (Quectel EC25-EUX EC25EUXGAR08A05M1G was discovered to contain 
a stack  ...)
+   TODO: check
+CVE-2024-36468 (The reported vulnerability is a stack buffer overflow in the 
zbx_snmp_ ...)
+   TODO: check
+CVE-2024-36464 (When exporting media types, the password is exported in the 
YAML in pl ...)
+   TODO: check
+CVE-2024-31976 (EnGenius EWS356-FIR 1.1.30 and earlier devices allow a remote 
attacker ...)
+   TODO: check
+CVE-2024-21703 (This Medium severity Security Misconfiguration vulnerability 
was intro ...)
+   TODO: check
+CVE-2024-11862 (Non constant time cryptographic operation in 
Devolutions.XTS.NET 2024. ...)
+   TODO: check
+CVE-2024-11860 (A vulnerability classified as critical has been found in 
SourceCodeste ...)
+   TODO: check
+CVE-2024-11667 (A directory traversal vulnerability in the web management 
interface of ...)
+   TODO: check
+CVE-2024-11160
+   REJECTED
+CVE-2024-11025 (An authenticated attacker with low privileges may use a SQL 
Injection  ...)
+   TODO: check
+CVE-2024-11009 (The Internal Linking for SEO traffic & Ranking \u2013 Auto 
internal li ...)
+   TODO: check
+CVE-2024-10521 (The WordPress Contact Forms by Cimatti plugin for WordPress is 
vulnera ...)
+   TODO: check
+CVE-2024-54003 (Jenkins Simple Queue Plugin 1.4.4 and earlier does not escape 
the view ...)
NOT-FOR-US: Jenkins plugin
-CVE-2024-54004
+CVE-2024-54004 (Jenkins Filesystem List Parameter Plugin 0.0.14 and earlier 
does not r ...)
NOT-FOR-US: Jenkins plugin
 CVE-2024-5921 (An insufficient certification validation issue in the Palo Alto 
Networ ...)
NOT-FOR-US: Palo Alto Networks
@@ -17,7 +87,7 @@ CVE-2024-53675 (An XML external entity injection (XXE) 
vulnerability in HPE Insi
NOT-FOR-US: HPE
 CVE-2024-53674 (An XML external entity injection (XXE) vulnerability in HPE 
Insight Re ...)
NOT-FOR-US: HPE
-CVE-2024-53673 (A java deserialization vulnerability in HPE Remote Insight 
Support all ...)
+CVE-2024-53673 (A java deserialization vulnerability in HPE Re

[Git][security-tracker-team/security-tracker][master] automatic update

2024-11-27 Thread Salvatore Bonaccorso (@carnil)


Salvatore Bonaccorso pushed to branch master at Debian Security Tracker / 
security-tracker


Commits:
431abe7c by security tracker role at 2024-11-27T08:12:14+00:00
automatic update

- - - - -


1 changed file:

- data/CVE/list


Changes:

=
data/CVE/list
=
@@ -1,3 +1,49 @@
+CVE-2024-5921 (An insufficient certification validation issue in the Palo Alto 
Networ ...)
+   TODO: check
+CVE-2024-53849 (editorconfig-core-c  is  theEditorConfig core library written 
in C (fo ...)
+   TODO: check
+CVE-2024-53676 (A directory traversal vulnerability in Hewlett Packard 
Enterprise Insi ...)
+   TODO: check
+CVE-2024-53675 (An XML external entity injection (XXE) vulnerability in HPE 
Insight Re ...)
+   TODO: check
+CVE-2024-53674 (An XML external entity injection (XXE) vulnerability in HPE 
Insight Re ...)
+   TODO: check
+CVE-2024-53673 (A java deserialization vulnerability in HPE Remote Insight 
Support all ...)
+   TODO: check
+CVE-2024-52959 (A Improper Control of Generation of Code ('Code Injection') 
vulnerabil ...)
+   TODO: check
+CVE-2024-52958 (A improper verification of cryptographic signature 
vulnerability in pl ...)
+   TODO: check
+CVE-2024-50942 (qiwen-file v1.4.0 was discovered to contain a SQL injection 
vulnerabil ...)
+   TODO: check
+CVE-2024-43784 (lakeFS is an open-source tool that transforms object storage 
into a Gi ...)
+   TODO: check
+CVE-2024-36467 (An authenticated user with API access (e.g.: user with default 
User ro ...)
+   TODO: check
+CVE-2024-11820 (A vulnerability, which was classified as problematic, has been 
found i ...)
+   TODO: check
+CVE-2024-11819 (A vulnerability classified as critical was found in 1000 
Projects Port ...)
+   TODO: check
+CVE-2024-11818 (A vulnerability classified as critical has been found in 
PHPGurukul Us ...)
+   TODO: check
+CVE-2024-11817 (A vulnerability was found in PHPGurukul User Registration & 
Login and  ...)
+   TODO: check
+CVE-2024-11745 (A vulnerability was found in Tenda AC8 16.03.34.09 and 
classified as c ...)
+   TODO: check
+CVE-2024-11744 (A vulnerability has been found in 1000 Projects Portfolio 
Management S ...)
+   TODO: check
+CVE-2024-11622 (An XML external entity injection (XXE) vulnerability in HPE 
Insight Re ...)
+   TODO: check
+CVE-2024-11219 (The Otter Blocks \u2013 Gutenberg Blocks, Page Builder for 
Gutenberg E ...)
+   TODO: check
+CVE-2024-11083 (The ProfilePress plugin for WordPress is vulnerable to 
Sensitive Infor ...)
+   TODO: check
+CVE-2024-10895 (The Counter Up \u2013 Animated Number Counter & Milestone 
Showcase plu ...)
+   TODO: check
+CVE-2024-10580 (The Hustle \u2013 Email Marketing, Lead Generation, Optins, 
Popups plu ...)
+   TODO: check
+CVE-2024-10175 (The Pricing Tables For WPBakery Page Builder (formerly Visual 
Composer ...)
+   TODO: check
 CVE-2024-9929 (A vulnerability exists in NSD570 that allows any authenticated 
user to ...)
NOT-FOR-US: Hitachi Energy
 CVE-2024-9928 (A vulnerability exists in NSD570 login panel that does not 
restrict ex ...)
@@ -8632,7 +8678,7 @@ CVE-2024-10525 (In Eclipse Mosquitto, from version 1.3.2 
through 2.0.18, if a ma
 CVE-2024-10456 (Delta Electronics InfraSuite Device Master versions prior to 
1.0.12 ar ...)
NOT-FOR-US: Delta Electronics
 CVE-2024-10573 (An out-of-bounds write flaw was found in mpg123 when handling 
crafted  ...)
-   {DSA-5811-1}
+   {DSA-5811-1 DLA-3967-1}
- mpg123 1.32.8-1 (bug #1086443)
NOTE: https://www.openwall.com/lists/oss-security/2024/10/30/2
NOTE: https://sourceforge.net/p/mpg123/bugs/322/
@@ -13258,7 +13304,7 @@ CVE-2024-9444 (The ElementsReady Addons for Elementor 
plugin for WordPress is vu
 CVE-2024-9348 (Docker Desktop before v4.34.3 allows RCE via unsanitized GitHub 
source ...)
NOT-FOR-US: Docker Desktop
 CVE-2024-9143 (Issue summary: Use of the low-level GF(2^m) elliptic curve APIs 
with u ...)
-   {DLA-3942-1}
+   {DLA-3942-2 DLA-3942-1}
[experimental] - openssl 3.4.0-1
- openssl 3.3.2-2 (bug #1085378)
[bookworm] - openssl 3.0.15-1~deb12u1
@@ -3,7 +38934,7 @@ CVE-2024-37370 (In MIT Kerberos 5 (aka krb5) before 
1.21.3, an attacker can modi
- krb5 1.21.3-1
NOTE: 
https://github.com/krb5/krb5/commit/55fbf435edbe2e92dd8101669b1ce7144bc96fef 
(krb5-1.21.3-final)
 CVE-2024-5535 (Issue summary: Calling the OpenSSL API function 
SSL_select_next_proto  ...)
-   {DLA-3942-1}
+   {DLA-3942-2 DLA-3942-1}
- openssl 3.3.2-1 (bug #1074487)
[bookworm] - openssl 3.0.15-1~deb12u1
NOTE: https://www.openssl.org/news/secadv/20240627.txt
@@ -47440,7 +47486,7 @@ CVE-2023-35949 (Multiple stack-based buffer overflow 
vulnerabilities exist in th
NOTE: 
https://talosintelligence.com/vulnerability_reports/TALOS-2023-1784
NOTE: https

[Git][security-tracker-team/security-tracker][master] automatic update

2024-11-26 Thread Salvatore Bonaccorso (@carnil)


Salvatore Bonaccorso pushed to branch master at Debian Security Tracker / 
security-tracker


Commits:
e1f5a10c by security tracker role at 2024-11-26T20:12:52+00:00
automatic update

- - - - -


1 changed file:

- data/CVE/list


Changes:

=
data/CVE/list
=
@@ -1,101 +1,245 @@
+CVE-2024-9929 (A vulnerability exists in NSD570 that allows any authenticated 
user to ...)
+   TODO: check
+CVE-2024-9928 (A vulnerability exists in NSD570 login panel that does not 
restrict ex ...)
+   TODO: check
+CVE-2024-9461 (The Total Upkeep \u2013 WordPress Backup Plugin plus Restore & 
Migrate ...)
+   TODO: check
+CVE-2024-9170 (The Booster for WooCommerce plugin for WordPress is vulnerable 
to Stor ...)
+   TODO: check
+CVE-2024-8899 (The Jeg Elementor Kit plugin for WordPress is vulnerable to 
Sensitive  ...)
+   TODO: check
+CVE-2024-8676 (A vulnerability was found in CRI-O, where it can be requested 
to take  ...)
+   TODO: check
+CVE-2024-8237 (A Denial of Service (DoS) issue has been discovered in GitLab 
CE/EE af ...)
+   TODO: check
+CVE-2024-8236 (The Elementor Website Builder \u2013 More than Just a Page 
Builder plu ...)
+   TODO: check
+CVE-2024-8177 (An issue was discovered in GitLab CE/EE affecting all versions 
startin ...)
+   TODO: check
+CVE-2024-8114 (An issue has been discovered in GitLab CE/EE affecting all 
versions fr ...)
+   TODO: check
+CVE-2024-53976 (Under certain circumstances, navigating to a webpage would 
result in t ...)
+   TODO: check
+CVE-2024-53975 (Accessing a non-secure HTTP site that uses a non-existent port 
may cau ...)
+   TODO: check
+CVE-2024-53844 (E.D.D.I (Enhanced Dialog Driven Interface) is a middleware to 
connect  ...)
+   TODO: check
+CVE-2024-53620 (A cross-site scripting (XSS) vulnerability in the Article 
module of SP ...)
+   TODO: check
+CVE-2024-53619 (An authenticated arbitrary file upload vulnerability in the 
Documents  ...)
+   TODO: check
+CVE-2024-53555 (A CSV injection vulnerability in Taiga v6.8.1 allows attackers 
to exec ...)
+   TODO: check
+CVE-2024-53365 (A stored cross-site scripting (XSS) vulnerability was 
identified in PH ...)
+   TODO: check
+CVE-2024-53267 (sigstore-java is a sigstore java client for interacting with 
sigstore  ...)
+   TODO: check
+CVE-2024-52337 (A log spoofing flaw was found in the Tuned package due to 
improper san ...)
+   TODO: check
+CVE-2024-52336 (A script injection vulnerability was identified in the Tuned 
package.  ...)
+   TODO: check
+CVE-2024-52008 (Fides is an open-source privacy engineering platform. The user 
invite  ...)
+   TODO: check
+CVE-2024-51058 (Local File Inclusion (LFI) vulnerability has been discovered 
in TCPDF  ...)
+   TODO: check
+CVE-2024-50377 (A CWE-798 "Use of Hard-coded Credentials" was discovered 
affecting the ...)
+   TODO: check
+CVE-2024-50376 (A CWE-79 "Improper Neutralization of Input During Web Page 
Generation  ...)
+   TODO: check
+CVE-2024-50375 (A CWE-306 "Missing Authentication for Critical Function" was 
discovere ...)
+   TODO: check
+CVE-2024-50374 (A CWE-78 "Improper Neutralization of Special Elements used in 
an OS Co ...)
+   TODO: check
+CVE-2024-50373 (A CWE-78 "Improper Neutralization of Special Elements used in 
an OS Co ...)
+   TODO: check
+CVE-2024-50372 (A CWE-78 "Improper Neutralization of Special Elements used in 
an OS Co ...)
+   TODO: check
+CVE-2024-50371 (A CWE-78 "Improper Neutralization of Special Elements used in 
an OS Co ...)
+   TODO: check
+CVE-2024-50370 (A CWE-78 "Improper Neutralization of Special Elements used in 
an OS Co ...)
+   TODO: check
+CVE-2024-50369 (A CWE-78 "Improper Neutralization of Special Elements used in 
an OS Co ...)
+   TODO: check
+CVE-2024-50368 (A CWE-78 "Improper Neutralization of Special Elements used in 
an OS Co ...)
+   TODO: check
+CVE-2024-50367 (A CWE-78 "Improper Neutralization of Special Elements used in 
an OS Co ...)
+   TODO: check
+CVE-2024-50366 (A CWE-78 "Improper Neutralization of Special Elements used in 
an OS Co ...)
+   TODO: check
+CVE-2024-50365 (A CWE-78 "Improper Neutralization of Special Elements used in 
an OS Co ...)
+   TODO: check
+CVE-2024-50364 (A CWE-78 "Improper Neutralization of Special Elements used in 
an OS Co ...)
+   TODO: check
+CVE-2024-50363 (A CWE-78 "Improper Neutralization of Special Elements used in 
an OS Co ...)
+   TODO: check
+CVE-2024-50362 (A CWE-78 "Improper Neutralization of Special Elements used in 
an OS Co ...)
+   TODO: check
+CVE-2024-50361 (A CWE-78 "Improper Neutralization of Special Elements used in 
an OS Co ...)
+   TODO: check
+CVE-2024-50360 (A CWE-78 "Improper Neutralization of Special Elements used in 
an OS Co ...)
+   TODO: check
+CVE-2024-50359 (A CWE-78 "Improper Neutralization of Special Elements used in 
an OS Co ...)
+ 

  1   2   3   4   5   6   7   8   9   10   >