[Git][security-tracker-team/security-tracker][master] automatic update
Salvatore Bonaccorso pushed to branch master at Debian Security Tracker / security-tracker Commits: 2d24727c by security tracker role at 2025-01-17T08:11:49+00:00 automatic update - - - - - 1 changed file: - data/CVE/list Changes: = data/CVE/list = @@ -1,3 +1,325 @@ +CVE-2025-23965 (Improper Neutralization of Input During Web Page Generation ('Cross-si ...) + TODO: check +CVE-2025-23963 (Missing Authorization vulnerability in Sven Hofmann & Michael Schoenro ...) + TODO: check +CVE-2025-23962 (Missing Authorization vulnerability in Goldstar Goldstar allows Exploi ...) + TODO: check +CVE-2025-23961 (Missing Authorization vulnerability in WP Tasker WordPress Graphs & Ch ...) + TODO: check +CVE-2025-23957 (Missing Authorization vulnerability in Sur.ly Sur.ly allows Exploiting ...) + TODO: check +CVE-2025-23955 (Missing Authorization vulnerability in xola.com Xola allows Exploiting ...) + TODO: check +CVE-2025-23954 (Missing Authorization vulnerability in AWcode & KingfisherFox Salvador ...) + TODO: check +CVE-2025-23951 (Improper Neutralization of Input During Web Page Generation ('Cross-si ...) + TODO: check +CVE-2025-23950 (Improper Neutralization of Input During Web Page Generation ('Cross-si ...) + TODO: check +CVE-2025-23947 (Improper Neutralization of Input During Web Page Generation ('Cross-si ...) + TODO: check +CVE-2025-23946 (Improper Neutralization of Input During Web Page Generation ('Cross-si ...) + TODO: check +CVE-2025-23943 (Improper Neutralization of Input During Web Page Generation ('Cross-si ...) + TODO: check +CVE-2025-23941 (Improper Neutralization of Input During Web Page Generation ('Cross-si ...) + TODO: check +CVE-2025-23940 (Improper Neutralization of Input During Web Page Generation ('Cross-si ...) + TODO: check +CVE-2025-23939 (Improper Neutralization of Input During Web Page Generation ('Cross-si ...) + TODO: check +CVE-2025-23936 (Improper Neutralization of Input During Web Page Generation ('Cross-si ...) + TODO: check +CVE-2025-23935 (Improper Neutralization of Input During Web Page Generation ('Cross-si ...) + TODO: check +CVE-2025-23934 (Improper Neutralization of Input During Web Page Generation ('Cross-si ...) + TODO: check +CVE-2025-23933 (Improper Neutralization of Input During Web Page Generation ('Cross-si ...) + TODO: check +CVE-2025-23930 (Missing Authorization vulnerability in iTechArt-Group PayPal Marketing ...) + TODO: check +CVE-2025-23929 (Missing Authorization vulnerability in wishfulthemes Email Capture & L ...) + TODO: check +CVE-2025-23928 (Improper Neutralization of Input During Web Page Generation ('Cross-si ...) + TODO: check +CVE-2025-23927 (Improper Neutralization of Input During Web Page Generation ('Cross-si ...) + TODO: check +CVE-2025-23926 (Improper Neutralization of Input During Web Page Generation ('Cross-si ...) + TODO: check +CVE-2025-23925 (Improper Neutralization of Input During Web Page Generation ('Cross-si ...) + TODO: check +CVE-2025-23924 (Improper Neutralization of Input During Web Page Generation ('Cross-si ...) + TODO: check +CVE-2025-23922 (Cross-Site Request Forgery (CSRF) vulnerability in Harsh iSpring Embed ...) + TODO: check +CVE-2025-23919 (Improper Neutralization of Script-Related HTML Tags in a Web Page (Bas ...) + TODO: check +CVE-2025-23917 (Missing Authorization vulnerability in Chandrika Guntur, Morgan Kay Ch ...) + TODO: check +CVE-2025-23916 (Missing Authorization vulnerability in Nuanced Media WP Meetup allows ...) + TODO: check +CVE-2025-23915 (Improper Control of Filename for Include/Require Statement in PHP Prog ...) + TODO: check +CVE-2025-23913 (Improper Neutralization of Special Elements used in an SQL Command ('S ...) + TODO: check +CVE-2025-23912 (Improper Neutralization of Special Elements used in an SQL Command ('S ...) + TODO: check +CVE-2025-23911 (Improper Neutralization of Special Elements used in an SQL Command ('S ...) + TODO: check +CVE-2025-23909 (Improper Neutralization of Input During Web Page Generation ('Cross-si ...) + TODO: check +CVE-2025-23908 (Improper Neutralization of Input During Web Page Generation ('Cross-si ...) + TODO: check +CVE-2025-23907 (Improper Neutralization of Input During Web Page Generation ('Cross-si ...) + TODO: check +CVE-2025-23902 (Cross-Site Request Forgery (CSRF) vulnerability in Taras Dashkevych Er ...) + TODO: check +CVE-2025-23901 (Cross-Site Request Forgery (CSRF) vulnerability in Oliver Schaal Grava ...) + TODO: check +CVE-2025-23900 (Cross-Site Request Forgery (CSRF) vulnerability in Genkisan Genki Anno ...) + TODO: check +CVE-2025-23899 (Improper Neutralization of Input During Web Page Generation ('Cross-si
[Git][security-tracker-team/security-tracker][master] automatic update
Salvatore Bonaccorso pushed to branch master at Debian Security Tracker / security-tracker Commits: 67d9d8b1 by security tracker role at 2025-01-16T20:12:09+00:00 automatic update - - - - - 1 changed file: - data/CVE/list Changes: = data/CVE/list = @@ -1,3 +1,287 @@ +CVE-2025-23783 (Improper Neutralization of Input During Web Page Generation ('Cross-si ...) + TODO: check +CVE-2025-23767 (Improper Neutralization of Input During Web Page Generation ('Cross-si ...) + TODO: check +CVE-2025-23749 (Cross-Site Request Forgery (CSRF) vulnerability in Mahdi Khaksar mybb ...) + TODO: check +CVE-2025-23745 (Cross-Site Request Forgery (CSRF) vulnerability in Tussendoor internet ...) + TODO: check +CVE-2025-23743 (Cross-Site Request Forgery (CSRF) vulnerability in Martijn Scheybeler ...) + TODO: check +CVE-2025-23720 (Cross-Site Request Forgery (CSRF) vulnerability in Mozilla Web Push al ...) + TODO: check +CVE-2025-23717 (Cross-Site Request Forgery (CSRF) vulnerability in ITMOOTI Theme My On ...) + TODO: check +CVE-2025-23715 (Cross-Site Request Forgery (CSRF) vulnerability in RaymondDesign Post ...) + TODO: check +CVE-2025-23713 (Cross-Site Request Forgery (CSRF) vulnerability in Artem Anikeev Hack ...) + TODO: check +CVE-2025-23712 (Cross-Site Request Forgery (CSRF) vulnerability in Kapost Kapost allow ...) + TODO: check +CVE-2025-23710 (Cross-Site Request Forgery (CSRF) vulnerability in Mayur Sojitra Flyin ...) + TODO: check +CVE-2025-23708 (Cross-Site Request Forgery (CSRF) vulnerability in Dominic Fallows DF ...) + TODO: check +CVE-2025-23703 (Cross-Site Request Forgery (CSRF) vulnerability in CS : ABS-Hosting.nl ...) + TODO: check +CVE-2025-23702 (Cross-Site Request Forgery (CSRF) vulnerability in Schalk Burger Anony ...) + TODO: check +CVE-2025-23699 (Improper Neutralization of Input During Web Page Generation ('Cross-si ...) + TODO: check +CVE-2025-23698 (Cross-Site Request Forgery (CSRF) vulnerability in Iv\xe1n R. Delgado ...) + TODO: check +CVE-2025-23694 (Cross-Site Request Forgery (CSRF) vulnerability in Shabbos Commerce Sh ...) + TODO: check +CVE-2025-23693 (Cross-Site Request Forgery (CSRF) vulnerability in Stanis\u0142aw Skon ...) + TODO: check +CVE-2025-23692 (Cross-Site Request Forgery (CSRF) vulnerability in Artem Anikeev Slide ...) + TODO: check +CVE-2025-23691 (Cross-Site Request Forgery (CSRF) vulnerability in Braulio Aquino Garc ...) + TODO: check +CVE-2025-23690 (Cross-Site Request Forgery (CSRF) vulnerability in ArtkanMedia Book a ...) + TODO: check +CVE-2025-23689 (Improper Neutralization of Input During Web Page Generation ('Cross-si ...) + TODO: check +CVE-2025-23677 (Cross-Site Request Forgery (CSRF) vulnerability in DSmidgy HTTP to HTT ...) + TODO: check +CVE-2025-23675 (Cross-Site Request Forgery (CSRF) vulnerability in SandyIN Import User ...) + TODO: check +CVE-2025-23673 (Cross-Site Request Forgery (CSRF) vulnerability in Don Kukral Email on ...) + TODO: check +CVE-2025-23665 (Cross-Site Request Forgery (CSRF) vulnerability in Rapid Sort RSV GMap ...) + TODO: check +CVE-2025-23664 (Cross-Site Request Forgery (CSRF) vulnerability in Real Seguro Viagem ...) + TODO: check +CVE-2025-23662 (Cross-Site Request Forgery (CSRF) vulnerability in Ryan Sutana WP Pano ...) + TODO: check +CVE-2025-23661 (Cross-Site Request Forgery (CSRF) vulnerability in Ryan Sutana NV Slid ...) + TODO: check +CVE-2025-23660 (Cross-Site Request Forgery (CSRF) vulnerability in Walter Cerrudo MFPl ...) + TODO: check +CVE-2025-23659 (Cross-Site Request Forgery (CSRF) vulnerability in Hernan Javier Hegyk ...) + TODO: check +CVE-2025-23654 (Cross-Site Request Forgery (CSRF) vulnerability in Vin\xedcius Krolow ...) + TODO: check +CVE-2025-23649 (Cross-Site Request Forgery (CSRF) vulnerability in Kreg Steppe Auphoni ...) + TODO: check +CVE-2025-23644 (Improper Neutralization of Input During Web Page Generation ('Cross-si ...) + TODO: check +CVE-2025-23642 (Improper Neutralization of Input During Web Page Generation ('Cross-si ...) + TODO: check +CVE-2025-23641 (Improper Neutralization of Input During Web Page Generation ('Cross-si ...) + TODO: check +CVE-2025-23640 (Cross-Site Request Forgery (CSRF) vulnerability in Nazmul Ahsan Rename ...) + TODO: check +CVE-2025-23639 (Cross-Site Request Forgery (CSRF) vulnerability in Nazmul Ahsan MDC Yo ...) + TODO: check +CVE-2025-23627 (Cross-Site Request Forgery (CSRF) vulnerability in Gordon French Comme ...) + TODO: check +CVE-2025-23623 (Improper Neutralization of Input During Web Page Generation ('Cross-si ...) + TODO: check +CVE-2025-23620 (Improper Neutralization of Input During Web Page Generation ('Cross-si
[Git][security-tracker-team/security-tracker][master] automatic update
Salvatore Bonaccorso pushed to branch master at Debian Security Tracker / security-tracker Commits: bfa0f853 by security tracker role at 2025-01-16T08:11:52+00:00 automatic update - - - - - 1 changed file: - data/CVE/list Changes: = data/CVE/list = @@ -1,3 +1,85 @@ +CVE-2025-22976 (SQL Injection vulnerability in dingfanzuCMS v.1.0 allows a local attac ...) + TODO: check +CVE-2025-22964 (SQL Injection vulnerability in DDSN Net Pty Ltd (DDSN Interactive) DDS ...) + TODO: check +CVE-2025-22916 (RE11S v1.11 was discovered to contain a stack overflow via the pppUser ...) + TODO: check +CVE-2025-22913 (RE11S v1.11 was discovered to contain a stack overflow via the rootAPm ...) + TODO: check +CVE-2025-22912 (RE11S v1.11 was discovered to contain a command injection vulnerabilit ...) + TODO: check +CVE-2025-22907 (RE11S v1.11 was discovered to contain a stack overflow via the selSSID ...) + TODO: check +CVE-2025-22906 (RE11S v1.11 was discovered to contain a command injection vulnerabilit ...) + TODO: check +CVE-2025-22905 (RE11S v1.11 was discovered to contain a command injection vulnerabilit ...) + TODO: check +CVE-2025-22904 (RE11S v1.11 was discovered to contain a stack overflow via the pptpUse ...) + TODO: check +CVE-2025-0492 (A vulnerability has been found in D-Link DIR-823X 240126/240802 and cl ...) + TODO: check +CVE-2025-0491 (A vulnerability, which was classified as critical, was found in Fanli2 ...) + TODO: check +CVE-2025-0490 (A vulnerability, which was classified as critical, has been found in F ...) + TODO: check +CVE-2025-0489 (A vulnerability classified as critical was found in Fanli2012 native-p ...) + TODO: check +CVE-2025-0488 (A vulnerability classified as critical has been found in Fanli2012 nat ...) + TODO: check +CVE-2025-0487 (A vulnerability was found in Fanli2012 native-php-cms 1.0. It has been ...) + TODO: check +CVE-2025-0486 (A vulnerability was found in Fanli2012 native-php-cms 1.0. It has been ...) + TODO: check +CVE-2025-0476 (Mattermost Mobile Apps versions <=2.22.0 fail to properly handle speci ...) + TODO: check +CVE-2025-0457 (The airPASS from NetVision Information has an OS Command Injection vul ...) + TODO: check +CVE-2025-0456 (The airPASS from NetVision Information has a Missing Authentication vu ...) + TODO: check +CVE-2025-0455 (The airPASS from NetVision Information has a SQL Injection vulnerabili ...) + TODO: check +CVE-2025-0215 (The UpdraftPlus: WP Backup & Migration Plugin plugin for WordPress is ...) + TODO: check +CVE-2025-0170 (The DWT - Directory & Listing WordPress Theme is vulnerable to Reflect ...) + TODO: check +CVE-2024-57728 (SimpleHelp remote support software v5.5.7 and before allows admin user ...) + TODO: check +CVE-2024-57727 (SimpleHelp remote support software v5.5.7 and before is vulnerable to ...) + TODO: check +CVE-2024-57726 (SimpleHelp remote support software v5.5.7 and before has a vulnerabili ...) + TODO: check +CVE-2024-55503 (An issue in termius before v.9.9.0 allows a local attacker to execute ...) + TODO: check +CVE-2024-53407 (In Phiewer 4.1.0, a dylib injection leads to Command Execution which a ...) + TODO: check +CVE-2024-48126 (HI-SCAN 6040i Hitrax HX-03-19-I was discovered to contain hardcoded cr ...) + TODO: check +CVE-2024-48125 (An issue in the AsDB service of HI-SCAN 6040i Hitrax HX-03-19-I allows ...) + TODO: check +CVE-2024-48123 (An issue in the USB Autorun function of HI-SCAN 6040i Hitrax HX-03-19- ...) + TODO: check +CVE-2024-48122 (Insecure default configurations in HI-SCAN 6040i Hitrax HX-03-19-I all ...) + TODO: check +CVE-2024-48121 (The HI-SCAN 6040i Hitrax HX-03-19-I was discovered to transmit user cr ...) + TODO: check +CVE-2024-41454 (An arbitrary file upload vulnerability in the UI login page logo uploa ...) + TODO: check +CVE-2024-41453 (A cross-site scripting (XSS) vulnerability in Process Maker pm4core-do ...) + TODO: check +CVE-2024-39967 (Insecure permissions in Aginode GigaSwitch v5 allows attackers to acce ...) + TODO: check +CVE-2024-36751 (An issue in parse-uri v1.0.9 allows attackers to cause a Regular expre ...) + TODO: check +CVE-2024-12226 (In affected versions of the Octopus Kubernetes worker or agent, sensit ...) + TODO: check +CVE-2024-11452 (The Chamber Dashboard Business Directory plugin for WordPress is vulne ...) + TODO: check +CVE-2024-10970 (The The Motors \u2013 Car Dealer, Classifieds & Listing plugin for Wor ...) + TODO: check +CVE-2024-10789 (The WP User Profile Avatar plugin for WordPress is vulnerable to Cross ...) + TODO: check +CVE-2024-10401 + REJECTED CVE-2025-23040 (GitHub Desktop is an open-source Electron-based GitH
[Git][security-tracker-team/security-tracker][master] automatic update
Salvatore Bonaccorso pushed to branch master at Debian Security Tracker / security-tracker Commits: 51ad0425 by security tracker role at 2025-01-15T20:11:52+00:00 automatic update - - - - - 1 changed file: - data/CVE/list Changes: = data/CVE/list = @@ -1,3 +1,305 @@ +CVE-2025-23040 (GitHub Desktop is an open-source Electron-based GitHub app designed fo ...) + TODO: check +CVE-2025-22968 (An issue in D-Link DWR-M972V 1.05SSG allows a remote attacker to execu ...) + TODO: check +CVE-2025-22799 (Improper Neutralization of Special Elements used in an SQL Command ('S ...) + TODO: check +CVE-2025-22798 (Improper Neutralization of Input During Web Page Generation ('Cross-si ...) + TODO: check +CVE-2025-22797 (Improper Neutralization of Input During Web Page Generation ('Cross-si ...) + TODO: check +CVE-2025-22795 (Improper Neutralization of Input During Web Page Generation ('Cross-si ...) + TODO: check +CVE-2025-22793 (Improper Neutralization of Input During Web Page Generation ('Cross-si ...) + TODO: check +CVE-2025-22788 (Improper Neutralization of Input During Web Page Generation ('Cross-si ...) + TODO: check +CVE-2025-22787 (Missing Authorization vulnerability in bPlugins LLC Button Block allow ...) + TODO: check +CVE-2025-22786 (Path Traversal vulnerability in ElementInvader ElementInvader Addons f ...) + TODO: check +CVE-2025-22785 (Improper Neutralization of Special Elements used in an SQL Command ('S ...) + TODO: check +CVE-2025-22784 (Cross-Site Request Forgery (CSRF) vulnerability in Johan Str\xf6m Back ...) + TODO: check +CVE-2025-22782 (Unrestricted Upload of File with Dangerous Type vulnerability in Web R ...) + TODO: check +CVE-2025-22781 (Improper Neutralization of Input During Web Page Generation ('Cross-si ...) + TODO: check +CVE-2025-22780 (Improper Neutralization of Input During Web Page Generation ('Cross-si ...) + TODO: check +CVE-2025-22779 (Missing Authorization vulnerability in Ugur CELIK WP News Sliders allo ...) + TODO: check +CVE-2025-22778 (Improper Neutralization of Input During Web Page Generation ('Cross-si ...) + TODO: check +CVE-2025-22776 (Improper Neutralization of Input During Web Page Generation ('Cross-si ...) + TODO: check +CVE-2025-22773 (Insertion of Sensitive Information into Externally-Accessible File or ...) + TODO: check +CVE-2025-22769 (Improper Neutralization of Input During Web Page Generation ('Cross-si ...) + TODO: check +CVE-2025-22766 (Improper Neutralization of Input During Web Page Generation ('Cross-si ...) + TODO: check +CVE-2025-22765 (Improper Neutralization of Input During Web Page Generation ('Cross-si ...) + TODO: check +CVE-2025-22764 (Improper Neutralization of Input During Web Page Generation ('Cross-si ...) + TODO: check +CVE-2025-22762 (Improper Neutralization of Input During Web Page Generation ('Cross-si ...) + TODO: check +CVE-2025-22761 (Improper Neutralization of Input During Web Page Generation ('Cross-si ...) + TODO: check +CVE-2025-22760 (Improper Neutralization of Input During Web Page Generation ('Cross-si ...) + TODO: check +CVE-2025-22759 (Improper Neutralization of Input During Web Page Generation ('Cross-si ...) + TODO: check +CVE-2025-22758 (Improper Neutralization of Input During Web Page Generation ('Cross-si ...) + TODO: check +CVE-2025-22755 (Improper Neutralization of Input During Web Page Generation ('Cross-si ...) + TODO: check +CVE-2025-22754 (Improper Neutralization of Input During Web Page Generation ('Cross-si ...) + TODO: check +CVE-2025-22753 (Improper Neutralization of Input During Web Page Generation ('Cross-si ...) + TODO: check +CVE-2025-22752 (Improper Neutralization of Input During Web Page Generation ('Cross-si ...) + TODO: check +CVE-2025-22751 (Improper Neutralization of Input During Web Page Generation ('Cross-si ...) + TODO: check +CVE-2025-22750 (Improper Neutralization of Input During Web Page Generation ('Cross-si ...) + TODO: check +CVE-2025-22749 (Improper Neutralization of Input During Web Page Generation ('Cross-si ...) + TODO: check +CVE-2025-22748 (Improper Neutralization of Input During Web Page Generation ('Cross-si ...) + TODO: check +CVE-2025-22747 (Improper Neutralization of Input During Web Page Generation ('Cross-si ...) + TODO: check +CVE-2025-22746 (Improper Neutralization of Input During Web Page Generation ('Cross-si ...) + TODO: check +CVE-2025-22745 (Improper Neutralization of Input During Web Page Generation ('Cross-si ...) + TODO: check +CVE-2025-22744 (Improper Neutralization of Input During Web Page Generation ('Cross-si ...) + TODO: check +CVE-2025-22743 (Improper Neutralization of Input During Web Page Generation ('Cross-si
[Git][security-tracker-team/security-tracker][master] automatic update
Salvatore Bonaccorso pushed to branch master at Debian Security Tracker / security-tracker Commits: ee7881f4 by security tracker role at 2025-01-15T08:12:38+00:00 automatic update - - - - - 1 changed file: - data/CVE/list Changes: = data/CVE/list = @@ -1,3 +1,91 @@ +CVE-2025-23061 (Mongoose before 8.9.5 can improperly use a nested $where filter with a ...) + TODO: check +CVE-2025-23013 (In Yubico pam-u2f before 1.3.1, local privilege escalation can sometim ...) + TODO: check +CVE-2025-22997 (A stored cross-site scripting (XSS) vulnerability in the prf_table_con ...) + TODO: check +CVE-2025-22996 (A stored cross-site scripting (XSS) vulnerability in the spf_table_con ...) + TODO: check +CVE-2025-22394 (Dell Display Manager, versions prior to 2.3.2.18, contain a Time-of-ch ...) + TODO: check +CVE-2025-21101 (Dell Display Manager, versions prior to 2.3.2.20, contain a race condi ...) + TODO: check +CVE-2025-0356 (NEC Corporation Aterm WX1500HP Ver.1.4.2 and earlier and WX3600HP Ver. ...) + TODO: check +CVE-2025-0355 (Missing Authentication for Critical Function vulnerability in NEC Corp ...) + TODO: check +CVE-2025-0354 (Cross-site scripting vulnerability in NEC Corporation Aterm WG2600HS V ...) + TODO: check +CVE-2025-0343 (Swift ASN.1 can be caused to crash when parsing certain BER/DER constr ...) + TODO: check +CVE-2024-7322 (A ZigBee coordinator, router, or end device may change their node ID w ...) + TODO: check +CVE-2024-57767 (MSFM before v2025.01.01 was discovered to contain a Server-Side Reques ...) + TODO: check +CVE-2024-57766 (MSFM before 2025.01.01 was discovered to contain a fastjson deserializ ...) + TODO: check +CVE-2024-57765 (MSFM before 2025.01.01 was discovered to contain a SQL injection vulne ...) + TODO: check +CVE-2024-57764 (MSFM before 2025.01.01 was discovered to contain a fastjson deserializ ...) + TODO: check +CVE-2024-57763 (MSFM before 2025.01.01 was discovered to contain a fastjson deserializ ...) + TODO: check +CVE-2024-57762 (MSFM before v2025.01.01 was discovered to contain a deserialization vu ...) + TODO: check +CVE-2024-57761 (An arbitrary file upload vulnerability in the parserXML() method of Je ...) + TODO: check +CVE-2024-57760 (JeeWMS before v2025.01.01 was discovered to contain a SQL injection vu ...) + TODO: check +CVE-2024-57757 (JeeWMS before v2025.01.01 was discovered to contain a permission bypas ...) + TODO: check +CVE-2024-57483 (Tenda i24 V2.0.0.5 is vulnerable to Buffer Overflow in the addWifiMacF ...) + TODO: check +CVE-2024-57482 (H3C N12 V100R005 contains a buffer overflow vulnerability due to the l ...) + TODO: check +CVE-2024-57480 (H3C N12 V100R005 contains a buffer overflow vulnerability due to the l ...) + TODO: check +CVE-2024-57479 (H3C N12 V100R005 contains a buffer overflow vulnerability due to the l ...) + TODO: check +CVE-2024-57473 (H3C N12 V100R005 contains a buffer overflow vulnerability due to the l ...) + TODO: check +CVE-2024-57471 (H3C N12 V100R005 contains a buffer overflow vulnerability due to the l ...) + TODO: check +CVE-2024-55577 (Stack-based buffer overflow vulnerability exists in Linux Ratfor 1.06 ...) + TODO: check +CVE-2024-54730 (Flatnotes (see #1061268) View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/ee7881f4373f39fcba1dfa2ba5bcd36b3cd69cf0 -- View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/ee7881f4373f39fcba1dfa2ba5bcd36b3cd69cf0 You're receiving this email because of your account on salsa.debian.org. ___ debian-security-tracker-commits mailing list debian-security-tracker-commits@alioth-lists.debian.net https://alioth-lists.debian.net/cgi-bin/mailman/listinfo/debian-security-tracker-commits
[Git][security-tracker-team/security-tracker][master] automatic update
Salvatore Bonaccorso pushed to branch master at Debian Security Tracker / security-tracker Commits: 0a2b4a09 by security tracker role at 2025-01-14T20:12:20+00:00 automatic update - - - - - 1 changed file: - data/CVE/list Changes: = data/CVE/list = @@ -1,37 +1,787 @@ -CVE-2024-52006 +CVE-2025-23366 (A flaw was found in the HAL Console in the Wildfly component, which do ...) + TODO: check +CVE-2025-23081 (Cross-Site Request Forgery (CSRF), Improper Neutralization of Input Du ...) + TODO: check +CVE-2025-23080 (Improper Neutralization of Input During Web Page Generation (XSS or 'C ...) + TODO: check +CVE-2025-23074 (Exposure of Sensitive Information to an Unauthorized Actor vulnerabili ...) + TODO: check +CVE-2025-23073 (Exposure of Sensitive Information to an Unauthorized Actor vulnerabili ...) + TODO: check +CVE-2025-23072 (Improper Neutralization of Input During Web Page Generation (XSS or 'C ...) + TODO: check +CVE-2025-23052 (Authenticated command injection vulnerability in the commandline inter ...) + TODO: check +CVE-2025-23051 (An authenticated parameter injection vulnerability existsin the web-ba ...) + TODO: check +CVE-2025-23042 (Gradio is an open-source Python package that allows quick building of ...) + TODO: check +CVE-2025-23041 (Umbraco.Forms is a web form framework written for the nuget ecosystem. ...) + TODO: check +CVE-2025-23025 (XWiki Platform is a generic wiki platform offering runtime services fo ...) + TODO: check +CVE-2025-23019 (IPv6-in-IPv4 tunneling (RFC 4213) allows an attacker to spoof and rout ...) + TODO: check +CVE-2025-23018 (IPv4-in-IPv6 and IPv6-in-IPv6 tunneling (RFC 2473) do not require the ...) + TODO: check +CVE-2025-22984 (An access control issue in the component /api/squareComment/DelectSqua ...) + TODO: check +CVE-2025-22983 (An access control issue in the component /square/getAllSquare/circle o ...) + TODO: check +CVE-2025-21607 (Vyper is a Pythonic Smart Contract Language for the EVM. When the Vype ...) + TODO: check +CVE-2025-21417 (Windows Telephony Service Remote Code Execution Vulnerability) + TODO: check +CVE-2025-21413 (Windows Telephony Service Remote Code Execution Vulnerability) + TODO: check +CVE-2025-21411 (Windows Telephony Service Remote Code Execution Vulnerability) + TODO: check +CVE-2025-21409 (Windows Telephony Service Remote Code Execution Vulnerability) + TODO: check +CVE-2025-21405 (Visual Studio Elevation of Privilege Vulnerability) + TODO: check +CVE-2025-21403 (On-Premises Data Gateway Information Disclosure Vulnerability) + TODO: check +CVE-2025-21402 (Microsoft Office OneNote Remote Code Execution Vulnerability) + TODO: check +CVE-2025-21395 (Microsoft Access Remote Code Execution Vulnerability) + TODO: check +CVE-2025-21393 (Microsoft SharePoint Server Spoofing Vulnerability) + TODO: check +CVE-2025-21389 (Windows upnphost.dll Denial of Service Vulnerability) + TODO: check +CVE-2025-21382 (Windows Graphics Component Elevation of Privilege Vulnerability) + TODO: check +CVE-2025-21378 (Windows CSC Service Elevation of Privilege Vulnerability) + TODO: check +CVE-2025-21374 (Windows CSC Service Information Disclosure Vulnerability) + TODO: check +CVE-2025-21372 (Microsoft Brokering File System Elevation of Privilege Vulnerability) + TODO: check +CVE-2025-21370 (Windows Virtualization-Based Security (VBS) Enclave Elevation of Privi ...) + TODO: check +CVE-2025-21366 (Microsoft Access Remote Code Execution Vulnerability) + TODO: check +CVE-2025-21365 (Microsoft Office Remote Code Execution Vulnerability) + TODO: check +CVE-2025-21364 (Microsoft Excel Security Feature Bypass Vulnerability) + TODO: check +CVE-2025-21363 (Microsoft Word Remote Code Execution Vulnerability) + TODO: check +CVE-2025-21362 (Microsoft Excel Remote Code Execution Vulnerability) + TODO: check +CVE-2025-21361 (Microsoft Outlook Remote Code Execution Vulnerability) + TODO: check +CVE-2025-21360 (Microsoft AutoUpdate (MAU) Elevation of Privilege Vulnerability) + TODO: check +CVE-2025-21357 (Microsoft Outlook Remote Code Execution Vulnerability) + TODO: check +CVE-2025-21356 (Microsoft Office Visio Remote Code Execution Vulnerability) + TODO: check +CVE-2025-21354 (Microsoft Excel Remote Code Execution Vulnerability) + TODO: check +CVE-2025-21348 (Microsoft SharePoint Server Remote Code Execution Vulnerability) + TODO: check +CVE-2025-21346 (Microsoft Office Security Feature Bypass Vulnerability) + TODO: check +CVE-2025-21345 (Microsoft Office Visio Remote Code Execution Vulnerability) + TODO: check +CVE-2025-21344 (Microsoft SharePoint Server Remote Code Execution Vulnerability) + TODO: check +CVE-2025-
[Git][security-tracker-team/security-tracker][master] automatic update
Salvatore Bonaccorso pushed to branch master at Debian Security Tracker / security-tracker Commits: a0b53c28 by security tracker role at 2025-01-14T08:11:57+00:00 automatic update - - - - - 1 changed file: - data/CVE/list Changes: = data/CVE/list = @@ -1,3 +1,255 @@ +CVE-2025-23082 (Veeam Backup for Microsoft Azure is vulnerable to Server-Side Request ...) + TODO: check +CVE-2025-23038 (WeGIA is an open source web manager with a focus on the Portuguese lan ...) + TODO: check +CVE-2025-23037 (WeGIA is an open source web manager with a focus on the Portuguese lan ...) + TODO: check +CVE-2025-23036 (WeGIA is an open source web manager with a focus on the Portuguese lan ...) + TODO: check +CVE-2025-23035 (WeGIA is an open source web manager with a focus on the Portuguese lan ...) + TODO: check +CVE-2025-23034 (WeGIA is an open source web manager with a focus on the Portuguese lan ...) + TODO: check +CVE-2025-23033 (WeGIA is an open source web manager with a focus on the Portuguese lan ...) + TODO: check +CVE-2025-23032 (WeGIA is an open source web manager with a focus on the Portuguese lan ...) + TODO: check +CVE-2025-23031 (WeGIA is an open source web manager with a focus on the Portuguese lan ...) + TODO: check +CVE-2025-23030 (WeGIA is an open source web manager with a focus on the Portuguese lan ...) + TODO: check +CVE-2025-22619 (WeGIA is an open source web manager with a focus on the Portuguese lan ...) + TODO: check +CVE-2025-22618 (WeGIA is an open source web manager with a focus on the Portuguese lan ...) + TODO: check +CVE-2025-22617 (WeGIA is an open source web manager with a focus on the Portuguese lan ...) + TODO: check +CVE-2025-22616 (WeGIA is an open source web manager with a focus on the Portuguese lan ...) + TODO: check +CVE-2025-22615 (WeGIA is an open source web manager with a focus on the Portuguese lan ...) + TODO: check +CVE-2025-22614 (WeGIA is an open source web manager with a focus on the Portuguese lan ...) + TODO: check +CVE-2025-22613 (WeGIA is an open source web manager with a focus on the Portuguese lan ...) + TODO: check +CVE-2025-22138 (@codidact/qpixel is a Q&A-based community knowledge-sharing software. ...) + TODO: check +CVE-2025-22134 (When switching to other buffers using the :all command and visual mode ...) + TODO: check +CVE-2025-0070 (SAP NetWeaver Application Server for ABAP and ABAP Platform allows an ...) + TODO: check +CVE-2025-0069 (Due to DLL injection vulnerability in SAPSetup, an attacker with eithe ...) + TODO: check +CVE-2025-0068 (An obsolete functionality in SAP NetWeaver Application Server ABAP did ...) + TODO: check +CVE-2025-0067 (Due to a missing authorization check on service endpoints in the SAP N ...) + TODO: check +CVE-2025-0066 (Under certain conditions SAP NetWeaver AS for ABAP and ABAP Platform ( ...) + TODO: check +CVE-2025-0063 (SAP NetWeaver AS ABAP and ABAP Platform does not check for authorizati ...) + TODO: check +CVE-2025-0061 (SAP BusinessObjects Business Intelligence Platform allows an unauthent ...) + TODO: check +CVE-2025-0060 (SAP BusinessObjects Business Intelligence Platform allows an authentic ...) + TODO: check +CVE-2025-0059 (Applications based on SAP GUI for HTML in SAP NetWeaver Application Se ...) + TODO: check +CVE-2025-0058 (In SAP Business Workflow and SAP Flexible Workflow, an authenticated a ...) + TODO: check +CVE-2025-0057 (SAP NetWeaver AS JAVA (User Admin Application) is vulnerable to stored ...) + TODO: check +CVE-2025-0056 (SAP GUI for Java saves user input on the client PC to improve usabilit ...) + TODO: check +CVE-2025-0055 (SAP GUI for Windows stores user input on the client PC to improve usab ...) + TODO: check +CVE-2025-0053 (SAP NetWeaver Application Server for ABAP and ABAP Platform allows an ...) + TODO: check +CVE-2024-57811 (In Eaton X303 3.5.16 - X303 3.5.17 Build 712, an attacker with network ...) + TODO: check +CVE-2024-57664 (An issue in the sqlg_group_node component of openlink virtuoso-opensou ...) + TODO: check +CVE-2024-57663 (An issue in the sqlg_place_dpipes component of openlink virtuoso-opens ...) + TODO: check +CVE-2024-57662 (An issue in the sqlg_hash_source component of openlink virtuoso-openso ...) + TODO: check +CVE-2024-57661 (An issue in the sqlo_df component of openlink virtuoso-opensource v7.2 ...) + TODO: check +CVE-2024-57660 (An issue in the sqlo_expand_jts component of openlink virtuoso-opensou ...) + TODO: check +CVE-2024-57659 (An issue in the sqlg_parallel_ts_seq component of openlink virtuoso-op ...) + TODO: check +CVE-2024-57658 (An issue in the sql_tree_hash_1 component of openlink virtuoso-opensou ...) +
[Git][security-tracker-team/security-tracker][master] automatic update
Salvatore Bonaccorso pushed to branch master at Debian Security Tracker / security-tracker Commits: 9ae6ca8f by security tracker role at 2025-01-13T20:12:40+00:00 automatic update - - - - - 1 changed file: - data/CVE/list Changes: = data/CVE/list = @@ -1,3 +1,103 @@ +CVE-2025-23027 (next-forge is a Next.js project boilerplate for modern web application ...) + TODO: check +CVE-2025-23026 (jte (Java Template Engine) is a secure and lightweight template engine ...) + TODO: check +CVE-2025-22963 (Teedy through 1.11 allows CSRF for account takeover via POST /api/user ...) + TODO: check +CVE-2025-22828 (CloudStack users can add and read comments (annotations) on resources ...) + TODO: check +CVE-2025-22800 (Missing Authorization vulnerability in Post SMTP Post SMTP allows Expl ...) + TODO: check +CVE-2025-22777 (Deserialization of Untrusted Data vulnerability in GiveWP GiveWP allow ...) + TODO: check +CVE-2025-22588 (Improper Neutralization of Input During Web Page Generation ('Cross-si ...) + TODO: check +CVE-2025-22586 (Improper Neutralization of Input During Web Page Generation ('Cross-si ...) + TODO: check +CVE-2025-22583 (Improper Neutralization of Input During Web Page Generation ('Cross-si ...) + TODO: check +CVE-2025-22576 (Improper Neutralization of Input During Web Page Generation ('Cross-si ...) + TODO: check +CVE-2025-22570 (Improper Neutralization of Input During Web Page Generation ('Cross-si ...) + TODO: check +CVE-2025-22569 (Improper Neutralization of Input During Web Page Generation ('Cross-si ...) + TODO: check +CVE-2025-22568 (Improper Neutralization of Input During Web Page Generation ('Cross-si ...) + TODO: check +CVE-2025-22567 (Improper Neutralization of Input During Web Page Generation ('Cross-si ...) + TODO: check +CVE-2025-22514 (Improper Neutralization of Input During Web Page Generation ('Cross-si ...) + TODO: check +CVE-2025-22506 (Improper Neutralization of Input During Web Page Generation ('Cross-si ...) + TODO: check +CVE-2025-22499 (Improper Neutralization of Input During Web Page Generation ('Cross-si ...) + TODO: check +CVE-2025-22498 (Improper Neutralization of Input During Web Page Generation ('Cross-si ...) + TODO: check +CVE-2025-22344 (Improper Neutralization of Input During Web Page Generation ('Cross-si ...) + TODO: check +CVE-2025-22337 (Improper Neutralization of Input During Web Page Generation ('Cross-si ...) + TODO: check +CVE-2025-22314 (Improper Neutralization of Input During Web Page Generation ('Cross-si ...) + TODO: check +CVE-2025-22144 (NamelessMC is a free, easy to use & powerful website software for Mine ...) + TODO: check +CVE-2025-22142 (NamelessMC is a free, easy to use & powerful website software for Mine ...) + TODO: check +CVE-2024-6352 (A malformed packet can cause a buffer overflow in the APS layer of the ...) + TODO: check +CVE-2024-5743 (An attacker could exploit the 'Use of Password Hash With Insufficient ...) + TODO: check +CVE-2024-57488 (Code-Projects Online Car Rental System 1.0 is vulnerable to Cross Site ...) + TODO: check +CVE-2024-57487 (In Code-Projects Online Car Rental System 1.0, the file upload feature ...) + TODO: check +CVE-2024-56301 (Improper Neutralization of Input During Web Page Generation ('Cross-si ...) + TODO: check +CVE-2024-56065 (Improper Neutralization of Input During Web Page Generation ('Cross-si ...) + TODO: check +CVE-2024-54999 (MonicaHQ v4.1.2 was discovered to contain a Client-Side Injection vuln ...) + TODO: check +CVE-2024-52938 (Kernel software installed and running inside a Guest VM may post impro ...) + TODO: check +CVE-2024-52937 (Kernel software installed and running inside a Guest VM may exploit me ...) + TODO: check +CVE-2024-52936 (Kernel software installed and running inside a Guest VM may post impro ...) + TODO: check +CVE-2024-52935 (Kernel software installed and running inside a Guest VM may exploit me ...) + TODO: check +CVE-2024-52333 (An improper array index validation vulnerability exists in the determi ...) + TODO: check +CVE-2024-51728 + REJECTED +CVE-2024-48883 (An issue was discovered in Samsung Mobile Processor, Wearable Processo ...) + TODO: check +CVE-2024-47897 (Software installed and run as a non-privileged user may conduct improp ...) + TODO: check +CVE-2024-47895 (Kernel software installed and running inside a Guest VM may post impro ...) + TODO: check +CVE-2024-47894 (Kernel software installed and running inside a Guest VM may post impro ...) + TODO: check +CVE-2024-47796 (An improper array index validation vulnerability exists in the nowindo ...) + TODO: check +CVE-2024-46921 (An issue was discovered in Samsung Mobil
[Git][security-tracker-team/security-tracker][master] automatic update
Salvatore Bonaccorso pushed to branch master at Debian Security Tracker / security-tracker Commits: 53dcbbf6 by security tracker role at 2025-01-13T08:11:46+00:00 automatic update - - - - - 1 changed file: - data/CVE/list Changes: = data/CVE/list = @@ -1,3 +1,45 @@ +CVE-2025-0412 (Luxion KeyShot Viewer KSP File Parsing Memory Corruption Remote Code E ...) + TODO: check +CVE-2025-0410 (A vulnerability classified as critical was found in liujianview gymxmj ...) + TODO: check +CVE-2025-0409 (A vulnerability classified as critical has been found in liujianview g ...) + TODO: check +CVE-2025-0408 (A vulnerability was found in liujianview gymxmjpa 1.0. It has been rat ...) + TODO: check +CVE-2025-0407 (A vulnerability was found in liujianview gymxmjpa 1.0. It has been dec ...) + TODO: check +CVE-2025-0406 (A vulnerability was found in liujianview gymxmjpa 1.0. It has been cla ...) + TODO: check +CVE-2025-0405 (A vulnerability was found in liujianview gymxmjpa 1.0 and classified a ...) + TODO: check +CVE-2025-0404 (A vulnerability has been found in liujianview gymxmjpa 1.0 and classif ...) + TODO: check +CVE-2025-0403 (A vulnerability, which was classified as problematic, has been found i ...) + TODO: check +CVE-2025-0402 (A vulnerability classified as critical was found in 1902756969 reggie ...) + TODO: check +CVE-2025-0401 (A vulnerability classified as critical has been found in 1902756969 re ...) + TODO: check +CVE-2025-0400 (A vulnerability was found in StarSea99 starsea-mall 1.0. It has been r ...) + TODO: check +CVE-2025-0399 (A vulnerability was found in StarSea99 starsea-mall 1.0. It has been d ...) + TODO: check +CVE-2024-42181 (HCL MyXalytics is affected by a cleartext transmission of sensitive in ...) + TODO: check +CVE-2024-42180 (HCL MyXalytics is affected by a malicious file upload vulnerability. ...) + TODO: check +CVE-2024-42179 (HCL MyXalytics is affected by sensitive information disclosure vulnera ...) + TODO: check +CVE-2024-12568 (The Email Subscribers by Icegram Express WordPress plugin before 5.7. ...) + TODO: check +CVE-2024-12567 (The Email Subscribers by Icegram Express WordPress plugin before 5.7. ...) + TODO: check +CVE-2024-12566 (The Email Subscribers by Icegram Express WordPress plugin before 5.7. ...) + TODO: check +CVE-2024-12274 (The Appointment Booking Calendar Plugin and Scheduling Plugin WordPre ...) + TODO: check +CVE-2024-11636 (The Email Subscribers by Icegram Express WordPress plugin before 5.7. ...) + TODO: check CVE-2025-0398 (A vulnerability has been found in longpi1 warehouse 1.0 and classified ...) NOT-FOR-US: longpi1 warehouse CVE-2025-0397 (A vulnerability, which was classified as problematic, was found in rec ...) View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/53dcbbf6ec916761a9ad2017f14c3878d6bfcbfd -- View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/53dcbbf6ec916761a9ad2017f14c3878d6bfcbfd You're receiving this email because of your account on salsa.debian.org. ___ debian-security-tracker-commits mailing list debian-security-tracker-commits@alioth-lists.debian.net https://alioth-lists.debian.net/cgi-bin/mailman/listinfo/debian-security-tracker-commits
[Git][security-tracker-team/security-tracker][master] automatic update
Salvatore Bonaccorso pushed to branch master at Debian Security Tracker / security-tracker Commits: 5c5ae66d by security tracker role at 2025-01-12T20:12:05+00:00 automatic update - - - - - 1 changed file: - data/CVE/list Changes: = data/CVE/list = @@ -1,3 +1,11 @@ +CVE-2025-0398 (A vulnerability has been found in longpi1 warehouse 1.0 and classified ...) + TODO: check +CVE-2025-0397 (A vulnerability, which was classified as problematic, was found in rec ...) + TODO: check +CVE-2025-0396 (A vulnerability, which was classified as critical, has been found in e ...) + TODO: check +CVE-2024-51456 (IBM Robotic Process Automation 21.0.0 through 21.0.7.19 and 23.0.0 thr ...) + TODO: check CVE-2024-49785 (IBM watsonx.ai 1.1 through 2.0.3 and IBM watsonx.ai on Cloud Pak for D ...) NOT-FOR-US: IBM CVE-2025-23128 @@ -294851,6 +294859,7 @@ CVE-2021-30186 (CODESYS V2 runtime system SP before 2.4.7.55 has a Heap-based Bu CVE-2021-30185 (CERN Indico before 2.3.4 can use an attacker-supplied Host header in a ...) NOT-FOR-US: CERN Indico CVE-2021-30184 (GNU Chess 6.2.7 allows attackers to execute arbitrary code via crafted ...) + {DLA-4014-1} - gnuchess 6.2.9-0.1 (bug #986801) [bookworm] - gnuchess 6.2.7-1+deb12u1 [buster] - gnuchess (Minor issue) View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/5c5ae66d51155da05376eb005a86d9c300eceb23 -- View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/5c5ae66d51155da05376eb005a86d9c300eceb23 You're receiving this email because of your account on salsa.debian.org. ___ debian-security-tracker-commits mailing list debian-security-tracker-commits@alioth-lists.debian.net https://alioth-lists.debian.net/cgi-bin/mailman/listinfo/debian-security-tracker-commits
[Git][security-tracker-team/security-tracker][master] automatic update
Salvatore Bonaccorso pushed to branch master at Debian Security Tracker / security-tracker Commits: 1f74604e by security tracker role at 2025-01-12T08:11:57+00:00 automatic update - - - - - 1 changed file: - data/CVE/list Changes: = data/CVE/list = @@ -1,3 +1,5 @@ +CVE-2024-49785 (IBM watsonx.ai 1.1 through 2.0.3 and IBM watsonx.ai on Cloud Pak for D ...) + TODO: check CVE-2025-23128 REJECTED CVE-2025-23127 @@ -296232,8 +296234,8 @@ CVE-2021-29671 (IBM Spectrum Scale 5.1.0.1 could allow a local attacker to bypas NOT-FOR-US: IBM CVE-2021-29670 (IBM Jazz Foundation and IBM Engineering products are vulnerable to cro ...) NOT-FOR-US: IBM -CVE-2021-29669 - RESERVED +CVE-2021-29669 (IBM Jazz Foundation 6.0.6, 6.0.6.1, 7.0, 7.0.1, and 7.0.2 is vulnerabl ...) + TODO: check CVE-2021-29668 (IBM Jazz Foundation and IBM Engineering products are vulnerable to cro ...) NOT-FOR-US: IBM CVE-2021-29667 (IBM Spectrum Scale 5.0.0 through 5.0.5.6 and 5.1.0 through 5.1.0.2 is ...) View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/1f74604e589bf9a96e4ec22b12ba87b84ec6f10d -- View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/1f74604e589bf9a96e4ec22b12ba87b84ec6f10d You're receiving this email because of your account on salsa.debian.org. ___ debian-security-tracker-commits mailing list debian-security-tracker-commits@alioth-lists.debian.net https://alioth-lists.debian.net/cgi-bin/mailman/listinfo/debian-security-tracker-commits
[Git][security-tracker-team/security-tracker][master] automatic update
Salvatore Bonaccorso pushed to branch master at Debian Security Tracker / security-tracker Commits: fd1e4336 by security tracker role at 2025-01-11T20:12:30+00:00 automatic update - - - - - 1 changed file: - data/CVE/list Changes: = data/CVE/list = @@ -1,293 +1,307 @@ -CVE-2024-57881 [mm/page_alloc: don't call pfn_to_page() on possibly non-existent PFN in split_large_buddy()] +CVE-2025-23128 + REJECTED +CVE-2025-23127 + REJECTED +CVE-2025-23126 + REJECTED +CVE-2025-23125 + REJECTED +CVE-2025-23124 + REJECTED +CVE-2025-0392 (A vulnerability, which was classified as critical, was found in Guangz ...) + TODO: check +CVE-2025-0391 (A vulnerability, which was classified as critical, has been found in G ...) + TODO: check +CVE-2024-57881 (In the Linux kernel, the following vulnerability has been resolved: m ...) - linux 6.12.8-1 [bookworm] - linux (Vulnerable code not present) [bullseye] - linux (Vulnerable code not present) NOTE: https://git.kernel.org/linus/faeec8e23c10bd30e8aa759a2eb3018dae00f924 (6.13-rc4) -CVE-2024-57880 [ASoC: Intel: sof_sdw: Add space for a terminator into DAIs array] +CVE-2024-57880 (In the Linux kernel, the following vulnerability has been resolved: A ...) - linux 6.12.6-1 [bookworm] - linux (Vulnerable code not present) [bullseye] - linux (Vulnerable code not present) NOTE: https://git.kernel.org/linus/255cc582e6e16191a20d54bcdbca6c91d3e90c5e (6.13-rc3) -CVE-2024-57879 [Bluetooth: iso: Always release hdev at the end of iso_listen_bis] +CVE-2024-57879 (In the Linux kernel, the following vulnerability has been resolved: B ...) - linux 6.12.6-1 [bookworm] - linux (Vulnerable code not present) [bullseye] - linux (Vulnerable code not present) NOTE: https://git.kernel.org/linus/9c76fff747a73ba01d1d87ed53dd9c00cb40ba05 (6.13-rc3) -CVE-2024-57878 [arm64: ptrace: fix partial SETREGSET for NT_ARM_FPMR] +CVE-2024-57878 (In the Linux kernel, the following vulnerability has been resolved: a ...) - linux 6.12.5-1 [bookworm] - linux (Vulnerable code not present) [bullseye] - linux (Vulnerable code not present) NOTE: https://git.kernel.org/linus/f5d71291841aecfe5d8435da2dfa7f58ccd18bc8 (6.13-rc2) -CVE-2024-57877 [arm64: ptrace: fix partial SETREGSET for NT_ARM_POE] +CVE-2024-57877 (In the Linux kernel, the following vulnerability has been resolved: a ...) - linux 6.12.5-1 [bookworm] - linux (Vulnerable code not present) [bullseye] - linux (Vulnerable code not present) NOTE: https://git.kernel.org/linus/594bfc4947c4fcabba1318d8384c61a29a6b89fb (6.13-rc2) -CVE-2024-57876 [drm/dp_mst: Fix resetting msg rx state after topology removal] +CVE-2024-57876 (In the Linux kernel, the following vulnerability has been resolved: d ...) - linux 6.12.5-1 [bookworm] - linux 6.1.123-1 NOTE: https://git.kernel.org/linus/a6fa67d26de385c3c7a23c1e109a0e23bfda4ec7 (6.13-rc2) -CVE-2024-57875 [block: RCU protect disk->conv_zones_bitmap] +CVE-2024-57875 (In the Linux kernel, the following vulnerability has been resolved: b ...) - linux 6.12.5-1 NOTE: https://git.kernel.org/linus/d7cb6d7414ea1b33536fa6d11805cb8dceec1f97 (6.13-rc1) -CVE-2024-57874 [arm64: ptrace: fix partial SETREGSET for NT_ARM_TAGGED_ADDR_CTRL] +CVE-2024-57874 (In the Linux kernel, the following vulnerability has been resolved: a ...) - linux 6.12.5-1 [bookworm] - linux 6.1.123-1 NOTE: https://git.kernel.org/linus/ca62d90085f4af36de745883faab9f8a7cbb45d3 (6.13-rc2) -CVE-2024-57872 [scsi: ufs: pltfrm: Dellocate HBA during ufshcd_pltfrm_remove()] +CVE-2024-57872 (In the Linux kernel, the following vulnerability has been resolved: s ...) - linux 6.12.5-1 NOTE: https://git.kernel.org/linus/897df60c16d54ad515a3d0887edab5c63da06d1f (6.13-rc2) -CVE-2024-57850 [jffs2: Prevent rtime decompress memory corruption] +CVE-2024-57850 (In the Linux kernel, the following vulnerability has been resolved: j ...) - linux 6.12.5-1 [bookworm] - linux 6.1.123-1 NOTE: https://git.kernel.org/linus/fe051552f5078fa02d593847529a3884305a6ffe (6.13-rc1) -CVE-2024-57849 [s390/cpum_sf: Handle CPU hotplug remove during sampling] +CVE-2024-57849 (In the Linux kernel, the following vulnerability has been resolved: s ...) - linux 6.12.5-1 [bookworm] - linux 6.1.123-1 NOTE: https://git.kernel.org/linus/a0bd7dacbd51c632b8e2c0500b479af564afadf3 (6.13-rc1) -CVE-2024-57843 [virtio-net: fix overflow inside virtnet_rq_alloc] +CVE-2024-57843 (In the Linux kernel, the following vulnerability has been resolved: v ...) - linux 6.12.5-1 NOTE: https://git.kernel.org/linus/6aacd1484468361d1d04badfe75f264fa5314864 (6.13-rc1) -CVE-2024-57
[Git][security-tracker-team/security-tracker][master] automatic update
Salvatore Bonaccorso pushed to branch master at Debian Security Tracker / security-tracker Commits: f17bfe2b by security tracker role at 2025-01-11T08:11:57+00:00 automatic update - - - - - 1 changed file: - data/CVE/list Changes: = data/CVE/list = @@ -1,3 +1,211 @@ +CVE-2025-23113 (An issue was discovered in REDCap 14.9.6. It has an action=myprojects& ...) + TODO: check +CVE-2025-23112 (An issue was discovered in REDCap 14.9.6. A stored cross-site scriptin ...) + TODO: check +CVE-2025-23111 (An issue was discovered in REDCap 14.9.6. It allows HTML Injection via ...) + TODO: check +CVE-2025-23110 (An issue was discovered in REDCap 14.9.6. A Reflected cross-site scrip ...) + TODO: check +CVE-2025-23109 (Long hostnames in URLs could be leveraged to obscure the actual host o ...) + TODO: check +CVE-2025-23108 (Opening Javascript links in a new tab via long-press in the Firefox iO ...) + TODO: check +CVE-2025-23079 (Improper Neutralization of Input During Web Page Generation (XSS or 'C ...) + TODO: check +CVE-2025-23078 (Improper Neutralization of Input During Web Page Generation (XSS or 'C ...) + TODO: check +CVE-2025-23022 (FreeType 2.8.1 has a signed integer overflow in cf2_doFlex in cff/cf2i ...) + TODO: check +CVE-2025-23016 (FastCGI fcgi2 (aka fcgi) 2.x through 2.4.4 has an integer overflow (an ...) + TODO: check +CVE-2025-22949 (Tenda ac9 v1.0 firmware v15.03.05.19 is vulnerable to command injectio ...) + TODO: check +CVE-2025-22946 (Tenda ac9 v1.0 firmware v15.03.05.19 contains a stack overflow vulnera ...) + TODO: check +CVE-2025-22600 (WeGIA is a web manager for charitable institutions. A Reflected Cross- ...) + TODO: check +CVE-2025-22599 (WeGIA is a web manager for charitable institutions. A Reflected Cross- ...) + TODO: check +CVE-2025-22598 (WeGIA is a web manager for charitable institutions. A Stored Cross-Sit ...) + TODO: check +CVE-2025-22597 (WeGIA is a web manager for charitable institutions. A Stored Cross-Sit ...) + TODO: check +CVE-2025-22596 (WeGIA is a web manager for charitable institutions. A Reflected Cross- ...) + TODO: check +CVE-2025-22152 (Atheos is a self-hosted browser-based cloud IDE. Prior to v600, the $p ...) + TODO: check +CVE-2025-0390 (A vulnerability classified as critical was found in Guangzhou Huayi In ...) + TODO: check +CVE-2025-0107 (An OS command injection vulnerability in Palo Alto Networks Expedition ...) + TODO: check +CVE-2025-0106 (A wildcard expansion vulnerability in Palo Alto Networks Expedition al ...) + TODO: check +CVE-2025-0105 (An arbitrary file deletion vulnerability in Palo Alto Networks Expedit ...) + TODO: check +CVE-2025-0104 (A reflected cross-site scripting (XSS) vulnerability in Palo Alto Netw ...) + TODO: check +CVE-2025-0103 (An SQL injection vulnerability in Palo Alto Networks Expedition enable ...) + TODO: check +CVE-2024-9188 (Specially constructed queries cause cross platform scripting leaking a ...) + TODO: check +CVE-2024-9134 (Multiple SQL Injection vulnerabilities exist in the reporting applicat ...) + TODO: check +CVE-2024-9133 (A user with administrator privileges is able to retrieve authenticatio ...) + TODO: check +CVE-2024-9132 (The administrator is able to configure an insecure captive portal scri ...) + TODO: check +CVE-2024-9131 (A user with administrator privileges can perform command injection) + TODO: check +CVE-2024-7142 (On Arista CloudVision Appliance (CVA) affected releases running on app ...) + TODO: check +CVE-2024-7095 (On affected platforms running Arista EOS with SNMP configured, if \u20 ...) + TODO: check +CVE-2024-6880 (During MegaBIP installation process, a user is encouraged to change a ...) + TODO: check +CVE-2024-6662 (Websites managed by MegaBIP in versions below 5.15 are vulnerable to C ...) + TODO: check +CVE-2024-6437 (On affected platforms running Arista EOS with one of the following fea ...) + TODO: check +CVE-2024-5872 (On affected platforms running Arista EOS, a specially crafted packet w ...) + TODO: check +CVE-2024-57823 (In Raptor RDF Syntax Library through 2.0.16, there is an integer under ...) + TODO: check +CVE-2024-57822 (In Raptor RDF Syntax Library through 2.0.16, there is a heap-based buf ...) + TODO: check +CVE-2024-57687 (An OS Command Injection vulnerability was found in /landrecordsys/admi ...) + TODO: check +CVE-2024-57686 (A Cross Site Scripting (XSS) vulnerability was found in /landrecordsys ...) + TODO: check +CVE-2024-57228 (Linksys E7350 1.1.00.032 was discovered to contain a command injection ...) + TODO: check +CVE-2024-57227 (Linksys E7350 1.1.00.032 was discovered to contain a command injection ...) + TODO: check
[Git][security-tracker-team/security-tracker][master] automatic update
Salvatore Bonaccorso pushed to branch master at Debian Security Tracker / security-tracker Commits: ec6a5506 by security tracker role at 2025-01-10T08:11:47+00:00 automatic update - - - - - 1 changed file: - data/CVE/list Changes: = data/CVE/list = @@ -1,3 +1,85 @@ +CVE-2025-21385 (A Server-Side Request Forgery (SSRF) vulnerability in Microsoft Purvie ...) + TODO: check +CVE-2025-21380 (Improper access control in Azure SaaS Resources allows an authorized a ...) + TODO: check +CVE-2025-0311 (The Orbit Fox by ThemeIsle plugin for WordPress is vulnerable to Store ...) + TODO: check +CVE-2024-56377 (A stored cross-site scripting (XSS) vulnerability in survey titles of ...) + TODO: check +CVE-2024-56376 (A stored cross-site scripting (XSS) vulnerability in the built-in mess ...) + TODO: check +CVE-2024-55226 (Vaultwarden v1.32.5 was discovered to contain an authenticated reflect ...) + TODO: check +CVE-2024-55225 (An issue in the component src/api/identity.rs of Vaultwarden prior to ...) + TODO: check +CVE-2024-55224 (An HTML injection vulnerability in Vaultwarden prior to v1.32.5 allows ...) + TODO: check +CVE-2024-51229 (Cross Site Scripting vulnerability in LinZhaoguan pb-cms v.2.0 allows ...) + TODO: check +CVE-2024-48806 (Buffer Overflow vulnerability in Neat Board NFC v.1.20240620.0015 allo ...) + TODO: check +CVE-2024-46464 (In PRIMX ZED Enterprise up to 2024.3, technical files stored in local ...) + TODO: check +CVE-2024-42898 (A cross-site scripting (XSS) vulnerability in Nagios XI 2024R1.1.4 all ...) + TODO: check +CVE-2024-13312 (Missing Authorization vulnerability in Drupal Open Social allows Force ...) + TODO: check +CVE-2024-13311 (Vulnerability in Drupal Allow All File Extensions for file fields.This ...) + TODO: check +CVE-2024-13310 (Vulnerability in Drupal Git Utilities for Drupal.This issue affects Gi ...) + TODO: check +CVE-2024-13309 (Improper Authentication vulnerability in Drupal Login Disable allows E ...) + TODO: check +CVE-2024-13308 (Improper Neutralization of Input During Web Page Generation ('Cross-si ...) + TODO: check +CVE-2024-13305 (Improper Neutralization of Input During Web Page Generation ('Cross-si ...) + TODO: check +CVE-2024-13304 (Cross-Site Request Forgery (CSRF) vulnerability in Drupal Minify JS al ...) + TODO: check +CVE-2024-13303 (Missing Authorization vulnerability in Drupal Download All Files allow ...) + TODO: check +CVE-2024-13302 (Incorrect Authorization vulnerability in Drupal Pages Restriction Acce ...) + TODO: check +CVE-2024-13301 (Improper Neutralization of Input During Web Page Generation ('Cross-si ...) + TODO: check +CVE-2024-13300 (Vulnerability in Drupal Print Anything.This issue affects Print Anythi ...) + TODO: check +CVE-2024-13299 (Vulnerability in Drupal Megamenu Framework.This issue affects Megamenu ...) + TODO: check +CVE-2024-13298 (Improper Neutralization of Input During Web Page Generation ('Cross-si ...) + TODO: check +CVE-2024-13297 (Deserialization of Untrusted Data vulnerability in Drupal Eloqua allow ...) + TODO: check +CVE-2024-13296 (Deserialization of Untrusted Data vulnerability in Drupal Mailjet allo ...) + TODO: check +CVE-2024-13295 (Deserialization of Untrusted Data vulnerability in Drupal Node export ...) + TODO: check +CVE-2024-13294 (Improper Neutralization of Input During Web Page Generation ('Cross-si ...) + TODO: check +CVE-2024-13293 (Cross-Site Request Forgery (CSRF) vulnerability in Drupal POST File al ...) + TODO: check +CVE-2024-13292 (Improper Neutralization of Input During Web Page Generation ('Cross-si ...) + TODO: check +CVE-2024-13291 (Incorrect Authorization vulnerability in Drupal Basic HTTP Authenticat ...) + TODO: check +CVE-2024-13290 (Incorrect Authorization vulnerability in Drupal OhDear Integration all ...) + TODO: check +CVE-2024-13289 (Improper Neutralization of Input During Web Page Generation ('Cross-si ...) + TODO: check +CVE-2024-13288 (Deserialization of Untrusted Data vulnerability in Drupal Monster Menu ...) + TODO: check +CVE-2024-13287 (Improper Neutralization of Input During Web Page Generation ('Cross-si ...) + TODO: check +CVE-2024-13286 (Improper Neutralization of Input During Web Page Generation ('Cross-si ...) + TODO: check +CVE-2024-13285 (Vulnerability in Drupal wkhtmltopdf.This issue affects wkhtmltopdf: *. ...) + TODO: check +CVE-2024-13183 (The Orbit Fox by ThemeIsle plugin for WordPress is vulnerable to Store ...) + TODO: check +CVE-2024-12606 (The AI Scribe \u2013 SEO AI Writer, Content Generator, Humanizer, Blog ...) + TODO: check +CVE-2024-12473 (The AI Scribe \u2013 SEO AI Writer, Content Generator, Humanizer, Blog .
[Git][security-tracker-team/security-tracker][master] automatic update
Salvatore Bonaccorso pushed to branch master at Debian Security Tracker / security-tracker Commits: 111339b5 by security tracker role at 2025-01-09T20:12:03+00:00 automatic update - - - - - 1 changed file: - data/CVE/list Changes: = data/CVE/list = @@ -1,3 +1,305 @@ +CVE-2025-22827 (Improper Neutralization of Input During Web Page Generation ('Cross-si ...) + TODO: check +CVE-2025-22826 (Improper Neutralization of Input During Web Page Generation ('Cross-si ...) + TODO: check +CVE-2025-22824 (Improper Neutralization of Input During Web Page Generation ('Cross-si ...) + TODO: check +CVE-2025-22823 (Improper Neutralization of Input During Web Page Generation ('Cross-si ...) + TODO: check +CVE-2025-22822 (Improper Neutralization of Input During Web Page Generation ('Cross-si ...) + TODO: check +CVE-2025-22821 (Improper Neutralization of Input During Web Page Generation ('Cross-si ...) + TODO: check +CVE-2025-22820 (Improper Neutralization of Input During Web Page Generation ('Cross-si ...) + TODO: check +CVE-2025-22819 (Improper Neutralization of Input During Web Page Generation ('Cross-si ...) + TODO: check +CVE-2025-22818 (Improper Neutralization of Input During Web Page Generation ('Cross-si ...) + TODO: check +CVE-2025-22817 (Improper Neutralization of Input During Web Page Generation ('Cross-si ...) + TODO: check +CVE-2025-22815 (Improper Neutralization of Input During Web Page Generation ('Cross-si ...) + TODO: check +CVE-2025-22814 (Cross-Site Request Forgery (CSRF) vulnerability in Dylan James Zephyr ...) + TODO: check +CVE-2025-22813 (Improper Neutralization of Input During Web Page Generation ('Cross-si ...) + TODO: check +CVE-2025-22812 (Improper Neutralization of Input During Web Page Generation ('Cross-si ...) + TODO: check +CVE-2025-22811 (Improper Neutralization of Input During Web Page Generation ('Cross-si ...) + TODO: check +CVE-2025-22810 (Improper Neutralization of Input During Web Page Generation ('Cross-si ...) + TODO: check +CVE-2025-22809 (Improper Neutralization of Input During Web Page Generation ('Cross-si ...) + TODO: check +CVE-2025-22808 (Improper Neutralization of Input During Web Page Generation ('Cross-si ...) + TODO: check +CVE-2025-22807 (Improper Neutralization of Input During Web Page Generation ('Cross-si ...) + TODO: check +CVE-2025-22806 (Improper Neutralization of Input During Web Page Generation ('Cross-si ...) + TODO: check +CVE-2025-22805 (Improper Neutralization of Input During Web Page Generation ('Cross-si ...) + TODO: check +CVE-2025-22804 (Improper Neutralization of Input During Web Page Generation ('Cross-si ...) + TODO: check +CVE-2025-22803 (Improper Neutralization of Input During Web Page Generation ('Cross-si ...) + TODO: check +CVE-2025-22802 (Improper Neutralization of Input During Web Page Generation ('Cross-si ...) + TODO: check +CVE-2025-22801 (Improper Neutralization of Input During Web Page Generation ('Cross-si ...) + TODO: check +CVE-2025-22595 (Improper Neutralization of Input During Web Page Generation ('Cross-si ...) + TODO: check +CVE-2025-22594 (Improper Neutralization of Input During Web Page Generation ('Cross-si ...) + TODO: check +CVE-2025-22561 (Missing Authorization vulnerability in Jason Funk Title Experiments Fr ...) + TODO: check +CVE-2025-22542 (Improper Neutralization of Special Elements used in an SQL Command ('S ...) + TODO: check +CVE-2025-22540 (Improper Neutralization of Special Elements used in an SQL Command ('S ...) + TODO: check +CVE-2025-22539 (Improper Neutralization of Input During Web Page Generation ('Cross-si ...) + TODO: check +CVE-2025-22537 (Improper Neutralization of Special Elements used in an SQL Command ('S ...) + TODO: check +CVE-2025-22535 (Improper Neutralization of Special Elements used in an SQL Command ('S ...) + TODO: check +CVE-2025-22527 (Improper Neutralization of Special Elements used in an SQL Command ('S ...) + TODO: check +CVE-2025-22521 (Improper Neutralization of Input During Web Page Generation ('Cross-si ...) + TODO: check +CVE-2025-22510 (Deserialization of Untrusted Data vulnerability in Konrad Karpieszuk W ...) + TODO: check +CVE-2025-22508 (Improper Control of Filename for Include/Require Statement in PHP Prog ...) + TODO: check +CVE-2025-22505 (Improper Neutralization of Special Elements used in an SQL Command ('S ...) + TODO: check +CVE-2025-22504 (Unrestricted Upload of File with Dangerous Type vulnerability in jumpd ...) + TODO: check +CVE-2025-22361 (Improper Neutralization of Input During Web Page Generation ('Cross-si ...) + TODO: check +CVE-2025-22345 (Improper Neutralization of Input During Web Page Generation ('Cross-si
[Git][security-tracker-team/security-tracker][master] automatic update
Salvatore Bonaccorso pushed to branch master at Debian Security Tracker / security-tracker Commits: f9d8a2fe by security tracker role at 2025-01-09T08:12:20+00:00 automatic update - - - - - 1 changed file: - data/CVE/list Changes: = data/CVE/list = @@ -1,3 +1,157 @@ +CVE-2025-22449 (Mattermost versions 9.11.x <= 9.11.5 fail to enforce invite permission ...) + TODO: check +CVE-2025-22445 (Mattermost versions 10.x <= 10.2 fail to accurately reflect missing se ...) + TODO: check +CVE-2025-22145 (Carbon is an international PHP extension for DateTime. Application pas ...) + TODO: check +CVE-2025-20033 (Mattermost versions 10.2.0, 9.11.x <= 9.11.5, 10.0.x <= 10.0.3, 10.1.x ...) + TODO: check +CVE-2025-0344 (A vulnerability has been found in leiyuxi cy-fast 1.0 and classified a ...) + TODO: check +CVE-2025-0342 (A vulnerability, which was classified as problematic, was found in Cam ...) + TODO: check +CVE-2025-0341 (A vulnerability, which was classified as critical, has been found in C ...) + TODO: check +CVE-2025-0340 (A vulnerability classified as critical was found in code-projects Cine ...) + TODO: check +CVE-2025-0339 (A vulnerability classified as problematic has been found in code-proje ...) + TODO: check +CVE-2025-0336 (A vulnerability was found in Codezips Project Management System 1.0. I ...) + TODO: check +CVE-2025-0335 (A vulnerability was found in code-projects Online Bike Rental System 1 ...) + TODO: check +CVE-2025-0334 (A vulnerability has been found in leiyuxi cy-fast 1.0 and classified a ...) + TODO: check +CVE-2025-0333 (A vulnerability, which was classified as critical, was found in leiyux ...) + TODO: check +CVE-2025-0331 (A vulnerability, which was classified as critical, has been found in Y ...) + TODO: check +CVE-2025-0328 (A vulnerability, which was classified as critical, has been found in K ...) + TODO: check +CVE-2025-0306 (A vulnerability was found in Ruby. The Ruby interpreter is vulnerable ...) + TODO: check +CVE-2025-0283 (A stack-based buffer overflow in Ivanti Connect Secure before version ...) + TODO: check +CVE-2025-0282 (A stack-based buffer overflow in Ivanti Connect Secure before version ...) + TODO: check +CVE-2024-6324 (An issue was discovered in GitLab CE/EE affecting all versions startin ...) + TODO: check +CVE-2024-5610 + REJECTED +CVE-2024-54010 (A vulnerability in the firewall component of HPE Aruba Networking CX 1 ...) + TODO: check +CVE-2024-53995 (SickChill is an automatic video library manager for TV shows. A user-c ...) + TODO: check +CVE-2024-53706 (A vulnerability in the Gen7 SonicOS Cloud platform NSv, allows a remot ...) + TODO: check +CVE-2024-53705 (A Server-Side Request Forgery vulnerability in the SonicOS SSH managem ...) + TODO: check +CVE-2024-53704 (An Improper Authentication vulnerability in the SSLVPN authentication ...) + TODO: check +CVE-2024-52869 (Certain Teradata account-handling code through 2024-11-04, used with S ...) + TODO: check +CVE-2024-43663 (There are many buffer overflow vulnerabilities present in several CGI ...) + TODO: check +CVE-2024-43662 (The .exe or .exe CGI binary can be used to upload ...) + TODO: check +CVE-2024-43661 (The .so library, which is used by , is vulnerable ...) + TODO: check +CVE-2024-43660 (The CGI script .sh can be used to download any file on the f ...) + TODO: check +CVE-2024-43659 (After gaining access to the firmware of a charging station, a file at ...) + TODO: check +CVE-2024-43658 (Patch traversal, External Control of File Name or Path vulnerability i ...) + TODO: check +CVE-2024-43657 (Improper Neutralization of Special Elements used in a Command ('Comman ...) + TODO: check +CVE-2024-43656 (Improper Neutralization of Special Elements used in a Command ('Comman ...) + TODO: check +CVE-2024-43655 (Improper Neutralization of Special Elements used in a Command ('Comman ...) + TODO: check +CVE-2024-43654 (Improper Neutralization of Special Elements used in a Command ('Comman ...) + TODO: check +CVE-2024-43653 (Improper Neutralization of Special Elements used in a Command ('Comman ...) + TODO: check +CVE-2024-43652 (Improper Neutralization of Special Elements used in a Command ('Comman ...) + TODO: check +CVE-2024-43651 (Improper Neutralization of Special Elements used in a Command ('Comman ...) + TODO: check +CVE-2024-43650 (Improper Neutralization of Special Elements used in a Command ('Comman ...) + TODO: check +CVE-2024-43649 (Authenticated command injection in the filename of a .exe re ...) + TODO: check +CVE-2024-43648 (Command injection in the parameter of a .exe requ ...) + TODO: check +CVE-2024-40765 (An Integer-based buf
[Git][security-tracker-team/security-tracker][master] automatic update
Salvatore Bonaccorso pushed to branch master at Debian Security Tracker / security-tracker Commits: 9cabda19 by security tracker role at 2025-01-08T20:12:27+00:00 automatic update - - - - - 1 changed file: - data/CVE/list Changes: = data/CVE/list = @@ -1,77 +1,169 @@ -CVE-2024-56787 [soc: imx8m: Probe the SoC driver as platform driver] +CVE-2025-22143 (WeGIA is a web manager for charitable institutions. A Reflected Cross- ...) + TODO: check +CVE-2025-22141 (WeGIA is a web manager for charitable institutions. A SQL Injection vu ...) + TODO: check +CVE-2025-22140 (WeGIA is a web manager for charitable institutions. A SQL Injection vu ...) + TODO: check +CVE-2025-22139 (WeGIA is a web manager for charitable institutions. A Reflected Cross- ...) + TODO: check +CVE-2025-22137 (Pingvin Share is a self-hosted file sharing platform and an alternativ ...) + TODO: check +CVE-2025-22136 (Tabby (formerly Terminus) is a highly configurable terminal emulator. ...) + TODO: check +CVE-2025-22130 (Soft Serve is a self-hostable Git server for the command line. Prior t ...) + TODO: check +CVE-2025-2 (Dell VxRail, versions 8.0.000 through 8.0.311, contain(s) a Plaintext ...) + TODO: check +CVE-2025-21102 (Dell VxRail, versions 7.0.000 through 7.0.532, contain(s) a Plaintext ...) + TODO: check +CVE-2025-20168 (A vulnerability in the web-based management interface of Cisco Common ...) + TODO: check +CVE-2025-20167 (A vulnerability in the web-based management interface of Cisco Common ...) + TODO: check +CVE-2025-20166 (A vulnerability in the web-based management interface of Cisco Common ...) + TODO: check +CVE-2025-20126 (A vulnerability in certification validation routines of Cisco Thousand ...) + TODO: check +CVE-2025-20123 (Multiple vulnerabilities in the web-based management interface of Cisc ...) + TODO: check +CVE-2025-0194 (An issue was discovered in GitLab CE/EE affecting all versions startin ...) + TODO: check +CVE-2024-9939 (The WordPress File Upload plugin for WordPress is vulnerable to Path T ...) + TODO: check +CVE-2024-6350 (A malformed 802.15.4 packet causes a buffer overflow to occur leading ...) + TODO: check +CVE-2024-55656 (RedisBloom adds a set of probabilistic data structures to Redis. There ...) + TODO: check +CVE-2024-55517 (An issue was discovered in the Interllect Core Search in Polaris FT In ...) + TODO: check +CVE-2024-55459 (An issue in keras 3.7.0 allows attackers to write arbitrary files to t ...) + TODO: check +CVE-2024-54818 (SourceCodester Computer Laboratory Management System 1.0 is vulnerable ...) + TODO: check +CVE-2024-53526 (composio >=0.5.40 is vulnerable to Command Execution in composio_opena ...) + TODO: check +CVE-2024-51737 (RediSearch is a Redis module that provides querying, secondary indexin ...) + TODO: check +CVE-2024-51480 (RedisTimeSeries is a time-series database (TSDB) module for Redis, by ...) + TODO: check +CVE-2024-51442 (Command Injection in Minidlna version v1.3.3 and before allows an atta ...) + TODO: check +CVE-2024-45345 + REJECTED +CVE-2024-45344 + REJECTED +CVE-2024-45343 + REJECTED +CVE-2024-45342 + REJECTED +CVE-2024-45033 (Insufficient Session Expiration vulnerability in Apache Airflow Fab Pr ...) + TODO: check +CVE-2024-13189 (A vulnerability classified as critical has been found in ZeroWdd myblo ...) + TODO: check +CVE-2024-13188 (A vulnerability was found in MicroWorld eScan Antivirus 7.0.32 on Linu ...) + TODO: check +CVE-2024-13187 (A vulnerability was found in Kingsoft WPS Office 6.14.0 on macOS. It h ...) + TODO: check +CVE-2024-13186 (The MinigameCenter module has insufficient restrictions on loading UR ...) + TODO: check +CVE-2024-13185 (The MinigameCenter module has insufficient restrictions on loading UR ...) + TODO: check +CVE-2024-12855 (The AdForest theme for WordPress is vulnerable to unauthorized modific ...) + TODO: check +CVE-2024-12854 (The Garden Gnome Package plugin for WordPress is vulnerable to arbitra ...) + TODO: check +CVE-2024-12853 (The Modula Image Gallery plugin for WordPress is vulnerable to arbitra ...) + TODO: check +CVE-2024-12712 (The Shopping Cart & eCommerce Store plugin for WordPress is vulnerable ...) + TODO: check +CVE-2024-12337 (The Shipping via Planzer for WooCommerce plugin for WordPress is vulne ...) + TODO: check +CVE-2024-12328 (The MAS Elementor plugin for WordPress is vulnerable to Stored Cross-S ...) + TODO: check +CVE-2024-11939 (The Cost Calculator Builder PRO plugin for WordPress is vulnerable to ...) + TODO: check +CVE-2024-11830 (The PDF Flipbook, 3D Flipbook\u2014DearFlip plugin for WordPress is vu ...) + TODO: check +C
[Git][security-tracker-team/security-tracker][master] automatic update
Salvatore Bonaccorso pushed to branch master at Debian Security Tracker / security-tracker Commits: 330a8e36 by security tracker role at 2025-01-08T08:11:58+00:00 automatic update - - - - - 1 changed file: - data/CVE/list Changes: = data/CVE/list = @@ -1,3 +1,125 @@ +CVE-2025-22215 (VMware Aria Automation contains a server-side request forgery (SSRF) v ...) + TODO: check +CVE-2025-22133 (WeGIA is a web manager for charitable institutions. Prior to 3.2.8, a ...) + TODO: check +CVE-2025-22132 (WeGIA is a web manager for charitable institutions. A Cross-Site Scrip ...) + TODO: check +CVE-2025-21603 (Cross-site scripting vulnerability exists in MZK-DP300N firmware versi ...) + TODO: check +CVE-2024-9673 (The Piotnet Addons For Elementor plugin for WordPress is vulnerable to ...) + TODO: check +CVE-2024-8002 (A vulnerability has been found in VIWIS LMS 9.11 and classified as pro ...) + TODO: check +CVE-2024-56456 (Vulnerability of input parameters not being verified during glTF model ...) + TODO: check +CVE-2024-56455 (Vulnerability of input parameters not being verified during glTF model ...) + TODO: check +CVE-2024-56454 (Vulnerability of input parameters not being verified during glTF model ...) + TODO: check +CVE-2024-56453 (Vulnerability of input parameters not being verified during glTF model ...) + TODO: check +CVE-2024-56452 (Vulnerability of input parameters not being verified during glTF model ...) + TODO: check +CVE-2024-56451 (Integer overflow vulnerability during glTF model loading in the 3D eng ...) + TODO: check +CVE-2024-56450 (Buffer overflow vulnerability in the component driver module Impact: S ...) + TODO: check +CVE-2024-56449 (Privilege escalation vulnerability in the Account module Impact: Succe ...) + TODO: check +CVE-2024-56448 (Vulnerability of improper access control in the home screen widget mod ...) + TODO: check +CVE-2024-56447 (Vulnerability of improper permission control in the window management ...) + TODO: check +CVE-2024-56446 (Vulnerability of variables not being initialized in the notification m ...) + TODO: check +CVE-2024-56445 (Instruction authentication bypass vulnerability in the Findnetwork mod ...) + TODO: check +CVE-2024-56444 (Cross-process screen stack vulnerability in the UIExtension module Imp ...) + TODO: check +CVE-2024-56443 (Cross-process screen stack vulnerability in the UIExtension module Imp ...) + TODO: check +CVE-2024-56442 (Vulnerability of native APIs not being implemented in the NFC service ...) + TODO: check +CVE-2024-56441 (Race condition vulnerability in the Bastet module Impact: Successful e ...) + TODO: check +CVE-2024-56440 (Permission control vulnerability in the Connectivity module Impact: Su ...) + TODO: check +CVE-2024-56439 (Access control vulnerability in the identity authentication module Imp ...) + TODO: check +CVE-2024-56438 (Vulnerability of improper memory address protection in the HUKS module ...) + TODO: check +CVE-2024-56437 (Vulnerability of input parameters not being verified in the widget fra ...) + TODO: check +CVE-2024-56436 (Cross-process screen stack vulnerability in the UIExtension module Imp ...) + TODO: check +CVE-2024-56435 (Cross-process screen stack vulnerability in the UIExtension module Imp ...) + TODO: check +CVE-2024-56434 (UAF vulnerability in the device node access module Impact: Successful ...) + TODO: check +CVE-2024-55356 + REJECTED +CVE-2024-55355 + REJECTED +CVE-2024-54731 (cpdf through 2.8 allows stack consumption via a crafted PDF document.) + TODO: check +CVE-2024-54121 (Startup control vulnerability in the ability module Impact: Successful ...) + TODO: check +CVE-2024-54120 (Race condition vulnerability in the distributed notification module Im ...) + TODO: check +CVE-2024-50603 (An issue was discovered in Aviatrix Controller before 7.1.4191 and 7.2 ...) + TODO: check +CVE-2024-47934 (Improper Input Validation vulnerability in Management Program in TXOne ...) + TODO: check +CVE-2024-47239 (Dell PowerScale OneFS versions 8.2.2.x through 9.9.0.0 contain an unco ...) + TODO: check +CVE-2024-40679 (IBM Db2 for Linux, UNIX and Windows (includes Db2 Connect Server) 11.5 ...) + TODO: check +CVE-2024-13173 (The health module has insufficient restrictions on loading URLs, which ...) + TODO: check +CVE-2024-12852 (The Happy Addons for Elementor plugin for WordPress is vulnerable to S ...) + TODO: check +CVE-2024-12851 (The Element Pack Elementor Addons (Header Footer, Template Library, Dy ...) + TODO: check +CVE-2024-12713 (The SureForms \u2013 Drag and Drop Form Builder for WordPress plugin f ...) + TODO: check +CVE-2024-12585 (The Property
[Git][security-tracker-team/security-tracker][master] automatic update
Salvatore Bonaccorso pushed to branch master at Debian Security Tracker / security-tracker Commits: 005f3b93 by security tracker role at 2025-01-07T20:12:10+00:00 automatic update - - - - - 1 changed file: - data/CVE/list Changes: = data/CVE/list = @@ -1,48 +1,492 @@ -CVE-2025-0247 +CVE-2025-22621 (In versions 1.0.67 and lower of the Splunk App for SOAR, the Splunk do ...) + TODO: check +CVE-2025-22593 (Improper Neutralization of Input During Web Page Generation ('Cross-si ...) + TODO: check +CVE-2025-22592 (Missing Authorization vulnerability in Lenderd 1003 Mortgage Applicati ...) + TODO: check +CVE-2025-22591 (Missing Authorization vulnerability in Lenderd 1003 Mortgage Applicati ...) + TODO: check +CVE-2025-22590 (Cross-Site Request Forgery (CSRF) vulnerability in mmrs151 Prayer Time ...) + TODO: check +CVE-2025-22589 (Cross-Site Request Forgery (CSRF) vulnerability in bozdoz Quote Tweet ...) + TODO: check +CVE-2025-22585 (Improper Neutralization of Input During Web Page Generation ('Cross-si ...) + TODO: check +CVE-2025-22584 (Improper Neutralization of Input During Web Page Generation ('Cross-si ...) + TODO: check +CVE-2025-22582 (Cross-Site Request Forgery (CSRF) vulnerability in Scott Nell\xe9 Upti ...) + TODO: check +CVE-2025-22581 (Improper Neutralization of Input During Web Page Generation ('Cross-si ...) + TODO: check +CVE-2025-22580 (Improper Neutralization of Input During Web Page Generation ('Cross-si ...) + TODO: check +CVE-2025-22579 (Improper Neutralization of Input During Web Page Generation ('Cross-si ...) + TODO: check +CVE-2025-22578 (Improper Neutralization of Input During Web Page Generation ('Cross-si ...) + TODO: check +CVE-2025-22577 (Improper Neutralization of Input During Web Page Generation ('Cross-si ...) + TODO: check +CVE-2025-22574 (Improper Neutralization of Input During Web Page Generation ('Cross-si ...) + TODO: check +CVE-2025-22573 (Improper Neutralization of Input During Web Page Generation ('Cross-si ...) + TODO: check +CVE-2025-22572 (Improper Neutralization of Input During Web Page Generation ('Cross-si ...) + TODO: check +CVE-2025-22571 (Cross-Site Request Forgery (CSRF) vulnerability in Instabot Instabot a ...) + TODO: check +CVE-2025-22563 (Cross-Site Request Forgery (CSRF) vulnerability in Faaiq Pretty Url al ...) + TODO: check +CVE-2025-22562 (Cross-Site Request Forgery (CSRF) vulnerability in Jason Funk Title Ex ...) + TODO: check +CVE-2025-22560 (Missing Authorization vulnerability in Saoshyant.1994 Saoshyant Page B ...) + TODO: check +CVE-2025-22559 (Cross-Site Request Forgery (CSRF) vulnerability in Mario Mansour and G ...) + TODO: check +CVE-2025-22558 (Improper Neutralization of Input During Web Page Generation ('Cross-si ...) + TODO: check +CVE-2025-22557 (Cross-Site Request Forgery (CSRF) vulnerability in WPMagic News Publis ...) + TODO: check +CVE-2025-22556 (Cross-Site Request Forgery (CSRF) vulnerability in Greg Whitehead Nors ...) + TODO: check +CVE-2025-22555 (Cross-Site Request Forgery (CSRF) vulnerability in Noel Jarencio. Smoo ...) + TODO: check +CVE-2025-22554 (Improper Neutralization of Input During Web Page Generation ('Cross-si ...) + TODO: check +CVE-2025-22552 (Cross-Site Request Forgery (CSRF) vulnerability in Jason Keeley, Bryan ...) + TODO: check +CVE-2025-22551 (Improper Neutralization of Input During Web Page Generation ('Cross-si ...) + TODO: check +CVE-2025-22550 (Improper Neutralization of Input During Web Page Generation ('Cross-si ...) + TODO: check +CVE-2025-22549 (Improper Neutralization of Input During Web Page Generation ('Cross-si ...) + TODO: check +CVE-2025-22548 (Improper Neutralization of Input During Web Page Generation ('Cross-si ...) + TODO: check +CVE-2025-22547 (Improper Neutralization of Input During Web Page Generation ('Cross-si ...) + TODO: check +CVE-2025-22546 (Improper Neutralization of Input During Web Page Generation ('Cross-si ...) + TODO: check +CVE-2025-22545 (Improper Neutralization of Input During Web Page Generation ('Cross-si ...) + TODO: check +CVE-2025-22544 (Improper Neutralization of Input During Web Page Generation ('Cross-si ...) + TODO: check +CVE-2025-22543 (Missing Authorization vulnerability in Beautiful Templates ST Gallery ...) + TODO: check +CVE-2025-22541 (Missing Authorization vulnerability in Etruel Developments LLC WP Dele ...) + TODO: check +CVE-2025-22538 (Cross-Site Request Forgery (CSRF) vulnerability in Ofek Nakar Virtual ...) + TODO: check +CVE-2025-22536 (Improper Neutralization of Special Elements used in an SQL Command ('S ...) + TODO: check +CVE-2025-22534 (Missing Authorization vulnerability in Ella van Durpe S
[Git][security-tracker-team/security-tracker][master] automatic update
Salvatore Bonaccorso pushed to branch master at Debian Security Tracker / security-tracker Commits: 4f23a566 by security tracker role at 2025-01-07T08:12:23+00:00 automatic update - - - - - 1 changed file: - data/CVE/list Changes: = data/CVE/list = @@ -1,3 +1,265 @@ +CVE-2025-22395 (Dell Update Package Framework, versions prior to 22.01.02, contain(s) ...) + TODO: check +CVE-2025-21620 (Deno is a JavaScript, TypeScript, and WebAssembly runtime with secure ...) + TODO: check +CVE-2025-21616 (Plane is an open-source project management tool. A cross-site scriptin ...) + TODO: check +CVE-2024-9702 (The Social Rocket \u2013 Social Sharing Plugin plugin for WordPress is ...) + TODO: check +CVE-2024-9697 (The Social Rocket \u2013 Social Sharing Plugin plugin for WordPress is ...) + TODO: check +CVE-2024-9638 (The Category Posts Widget WordPress plugin before 4.9.18 does not sani ...) + TODO: check +CVE-2024-9502 (The Master Addons \u2013 Elementor Addons with White Label, Free Widge ...) + TODO: check +CVE-2024-9354 (The Estatik Mortgage Calculator plugin for WordPress is vulnerable to ...) + TODO: check +CVE-2024-9208 (The Enable Accessibility plugin for WordPress is vulnerable to Reflect ...) + TODO: check +CVE-2024-8857 (The WordPress Auction Plugin WordPress plugin through 3.7 does not san ...) + TODO: check +CVE-2024-8855 (The WordPress Auction Plugin WordPress plugin through 3.7 does not san ...) + TODO: check +CVE-2024-7696 (Seth Fogie, member of AXIS Camera Station Pro Bug Bounty Program, has ...) + TODO: check +CVE-2024-3 (In FRRouting (FRR) before 10.3, it is possible for an attacker to trig ...) + TODO: check +CVE-2024-55076 (Grocy through 4.3.0 has no CSRF protection, as demonstrated by changin ...) + TODO: check +CVE-2024-55075 (Grocy through 4.3.0 allows remote attackers to obtain sensitive inform ...) + TODO: check +CVE-2024-55074 (The edit profile function of Grocy through 4.3.0 allows stored XSS and ...) + TODO: check +CVE-2024-54767 (An access control issue in the component /juis_boxinfo.xml of AVM FRIT ...) + TODO: check +CVE-2024-54764 (An access control issue in the component /login/hostinfo2.cgi of ipTIM ...) + TODO: check +CVE-2024-54763 (An access control issue in the component /login/hostinfo.cgi of ipTIME ...) + TODO: check +CVE-2024-54030 (in OpenHarmony v4.1.2 and prior versions allow a local attacker cause ...) + TODO: check +CVE-2024-53936 (The com.asianmobile.callcolor (aka Color Phone Call Screen App) applic ...) + TODO: check +CVE-2024-53935 (The com.callos14.callscreen.colorphone (aka iCall OS17 - Color Phone F ...) + TODO: check +CVE-2024-53934 (The com.windymob.callscreen.ringtone.callcolor.colorphone (aka Color P ...) + TODO: check +CVE-2024-53933 (The com.callerscreen.colorphone.themes.callflash (aka Color Call Theme ...) + TODO: check +CVE-2024-53932 (The com.remi.colorphone.callscreen.calltheme.callerscreen (aka Color P ...) + TODO: check +CVE-2024-53931 (The com.glitter.caller.screen (aka iCaller, Caller Theme & Dialer) app ...) + TODO: check +CVE-2024-51741 (Redis is an open source, in-memory database that persists on disk. An ...) + TODO: check +CVE-2024-48457 (An issue in Netis Wifi6 Router NX10 2.0.1.3643 and 2.0.1.3582 and Neti ...) + TODO: check +CVE-2024-48456 (An issue in Netis Wifi6 Router NX10 2.0.1.3643 and 2.0.1.3582 and Neti ...) + TODO: check +CVE-2024-48455 (An issue in Netis Wifi6 Router NX10 2.0.1.3643 and 2.0.1.3582 and Neti ...) + TODO: check +CVE-2024-47398 (in OpenHarmony v4.1.2 and prior versions allow a local attacker cause ...) + TODO: check +CVE-2024-46981 (Redis is an open source, in-memory database that persists on disk. An ...) + TODO: check +CVE-2024-45070 (in OpenHarmony v4.1.2 and prior versions allow a local attacker cause ...) + TODO: check +CVE-2024-12849 (The Error Log Viewer By WP Guru plugin for WordPress is vulnerable to ...) + TODO: check +CVE-2024-12781 (The Aurum - WordPress & WooCommerce Shopping Theme theme for WordPress ...) + TODO: check +CVE-2024-12633 (The JoomSport \u2013 for Sports: Team & League, Football, Hockey & mor ...) + TODO: check +CVE-2024-12624 (The Sina Extension for Elementor plugin for WordPress is vulnerable to ...) + TODO: check +CVE-2024-12592 (The Sellsy plugin for WordPress is vulnerable to Stored Cross-Site Scr ...) + TODO: check +CVE-2024-12590 (The WP Youtube Gallery plugin for WordPress is vulnerable to Stored Cr ...) + TODO: check +CVE-2024-12559 (The ClickDesigns plugin for WordPress is vulnerable to unauthorized mo ...) + TODO: check +CVE-2024-12557 (The Transporters.io plugin for WordPress is vulnerable to Cross-Site R ...) +
[Git][security-tracker-team/security-tracker][master] automatic update
Salvatore Bonaccorso pushed to branch master at Debian Security Tracker / security-tracker Commits: 3d567e01 by security tracker role at 2025-01-06T20:11:56+00:00 automatic update - - - - - 1 changed file: - data/CVE/list Changes: = data/CVE/list = @@ -1,56 +1,166 @@ -CVE-2024-56769 [media: dvb-frontends: dib3000mb: fix uninit-value in dib3000_write_reg] +CVE-2025-21618 (NiceGUI is an easy-to-use, Python-based UI framework. Prior to 2.9.1, ...) + TODO: check +CVE-2025-21617 (Guzzle OAuth Subscriber signs Guzzle requests using OAuth 1.0. Prior t ...) + TODO: check +CVE-2025-21615 (AAT (Another Activity Tracker) is a GPS-tracking application for track ...) + TODO: check +CVE-2025-21614 (go-git is a highly extensible git implementation library written in pu ...) + TODO: check +CVE-2025-21613 (go-git is a highly extensible git implementation library written in pu ...) + TODO: check +CVE-2025-21612 (TabberNeue is a MediaWiki extension that allows the wiki to create tab ...) + TODO: check +CVE-2025-21611 (tgstation-server is a production scale tool for BYOND server managemen ...) + TODO: check +CVE-2025-21604 (LangChain4j-AIDeepin is a Retrieval enhancement generation (RAG) proje ...) + TODO: check +CVE-2024-8474 (OpenVPN Connect before version 3.5.0 can contain the configuration pro ...) + TODO: check +CVE-2024-56828 (File Upload vulnerability in ChestnutCMS through 1.5.0. Based on the c ...) + TODO: check +CVE-2024-55629 (Suricata is a network Intrusion Detection System, Intrusion Prevention ...) + TODO: check +CVE-2024-55628 (Suricata is a network Intrusion Detection System, Intrusion Prevention ...) + TODO: check +CVE-2024-55627 (Suricata is a network Intrusion Detection System, Intrusion Prevention ...) + TODO: check +CVE-2024-55626 (Suricata is a network Intrusion Detection System, Intrusion Prevention ...) + TODO: check +CVE-2024-55605 (Suricata is a network Intrusion Detection System, Intrusion Prevention ...) + TODO: check +CVE-2024-55529 (Z-BlogPHP 1.7.3 is vulnerable to arbitrary code execution via \zb_user ...) + TODO: check +CVE-2024-55408 (An issue in the AsusSAIO.sys component of ASUS System Analysis IO v1.0 ...) + TODO: check +CVE-2024-55407 (An issue in the DeviceloControl function of ITE Tech. Inc ITE IO Acces ...) + TODO: check +CVE-2024-54880 (SeaCMS V13.1 is vulnerable to Incorrect Access Control. A logic flaw c ...) + TODO: check +CVE-2024-54879 (SeaCMS V13.1 is vulnerable to Incorrect Access Control. A logic flaw c ...) + TODO: check +CVE-2024-51472 (IBM UrbanCode Deploy (UCD) 7.2 through 7.2.3.13, 7.3 through 7.3.2.8, ...) + TODO: check +CVE-2024-51112 (Open Redirect vulnerability in Pnetlab 5.3.11 allows an attacker to ma ...) + TODO: check +CVE-2024-5 (Cross-Site Scripting (XSS) vulnerability in Pnetlab 5.3.11 allows an a ...) + TODO: check +CVE-2024-47475 (Dell PowerScale OneFS 8.2.2.x through 9.8.0.x contains an incorrect pe ...) + TODO: check +CVE-2024-46622 (An Escalation of Privilege security vulnerability was found in SecureA ...) + TODO: check +CVE-2024-46209 (A stored cross-site scripting (XSS) vulnerability in the component /me ...) + TODO: check +CVE-2024-46073 (A reflected Cross-Site Scripting (XSS) vulnerability exists in the log ...) + TODO: check +CVE-2024-45559 (Transient DOS can occur when GVM sends a specific message type to the ...) + TODO: check +CVE-2024-45558 (Transient DOS can occur when the driver parses the per STA profile IE ...) + TODO: check +CVE-2024-4 (Memory corruption can occur if an already verified IFS2 image is overw ...) + TODO: check +CVE-2024-45553 (Memory corruption can occur when process-specific maps are added to th ...) + TODO: check +CVE-2024-45550 (Memory corruption occurs when invoking any IOCTL-calling application t ...) + TODO: check +CVE-2024-45548 (Memory corruption while processing FIPS encryption or decryption valid ...) + TODO: check +CVE-2024-45547 (Memory corruption while processing IOCTL call invoked from user-space ...) + TODO: check +CVE-2024-45546 (Memory corruption while processing FIPS encryption or decryption IOCTL ...) + TODO: check +CVE-2024-45542 (Memory corruption when IOCTL call is invoked from user-space to write ...) + TODO: check +CVE-2024-45541 (Memory corruption when IOCTL call is invoked from user-space to read b ...) + TODO: check +CVE-2024-43064 (Uncontrolled resource consumption when a driver, an application or a S ...) + TODO: check +CVE-2024-43063 (information disclosure while invoking the mailbox read API.) + TODO: check +CVE-2024-35498 (A cross-site scripting (XSS) vulnerability in Grav v1.7.45 allows atta ...) + TODO: check +CVE-2024-3306
[Git][security-tracker-team/security-tracker][master] automatic update
Salvatore Bonaccorso pushed to branch master at Debian Security Tracker / security-tracker Commits: c9c49465 by security tracker role at 2025-01-06T08:11:51+00:00 automatic update - - - - - 1 changed file: - data/CVE/list Changes: = data/CVE/list = @@ -1,3 +1,53 @@ +CVE-2025-0233 (A vulnerability was found in Codezips Project Management System 1.0. I ...) + TODO: check +CVE-2025-0232 (A vulnerability was found in Codezips Blood Bank Management System 1.0 ...) + TODO: check +CVE-2025-0231 (A vulnerability has been found in Codezips Gym Management System 1.0 a ...) + TODO: check +CVE-2025-0230 (A vulnerability, which was classified as critical, was found in code-p ...) + TODO: check +CVE-2024-20154 (In Modem, there is a possible out of bounds write due to a missing bou ...) + TODO: check +CVE-2024-20153 (In wlan STA, there is a possible way to trick a client to connect to a ...) + TODO: check +CVE-2024-20152 (In wlan STA driver, there is a possible reachable assertion due to imp ...) + TODO: check +CVE-2024-20151 (In Modem, there is a possible out of bounds write due to an incorrect ...) + TODO: check +CVE-2024-20150 (In Modem, there is a possible system crash due to a logic error. This ...) + TODO: check +CVE-2024-20149 (In Modem, there is a possible system crash due to improper input valid ...) + TODO: check +CVE-2024-20148 (In wlan STA FW, there is a possible out of bounds write due to imprope ...) + TODO: check +CVE-2024-20146 (In wlan STA driver, there is a possible out of bounds write due to imp ...) + TODO: check +CVE-2024-20145 (In V6 DA, there is a possible out of bounds write due to a missing bou ...) + TODO: check +CVE-2024-20144 (In V6 DA, there is a possible out of bounds write due to a missing bou ...) + TODO: check +CVE-2024-20143 (In V6 DA, there is a possible out of bounds write due to a missing bou ...) + TODO: check +CVE-2024-20140 (In power, there is a possible out of bounds write due to a missing bou ...) + TODO: check +CVE-2024-20105 (In m4u, there is a possible out of bounds write due to a missing bound ...) + TODO: check +CVE-2024-13145 (A vulnerability classified as critical was found in zhenfeng13 My-Blog ...) + TODO: check +CVE-2024-13144 (A vulnerability classified as critical has been found in zhenfeng13 My ...) + TODO: check +CVE-2024-13143 (A vulnerability was found in ZeroWdd studentmanager 1.0. It has been r ...) + TODO: check +CVE-2024-13142 (A vulnerability was found in ZeroWdd studentmanager 1.0. It has been d ...) + TODO: check +CVE-2024-12311 (The Email Subscribers by Icegram Express WordPress plugin before 5.7. ...) + TODO: check +CVE-2024-12302 (The Icegram Engage WordPress plugin before 3.1.32 does not sanitise a ...) + TODO: check +CVE-2024-11849 (The Pods WordPress plugin before 3.2.8.1 does not sanitise and escape ...) + TODO: check +CVE-2024-11356 (The tourmaster WordPress plugin before 5.3.4 does not sanitise and esc ...) + TODO: check CVE-2025-0229 (A vulnerability, which was classified as critical, has been found in c ...) NOT-FOR-US: code-projects Travel Management System CVE-2025-0228 (A vulnerability has been found in code-projects Local Storage Todo App ...) View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/c9c4946559bfa3212bbaa2294e26bf850d813937 -- View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/c9c4946559bfa3212bbaa2294e26bf850d813937 You're receiving this email because of your account on salsa.debian.org. ___ debian-security-tracker-commits mailing list debian-security-tracker-commits@alioth-lists.debian.net https://alioth-lists.debian.net/cgi-bin/mailman/listinfo/debian-security-tracker-commits
[Git][security-tracker-team/security-tracker][master] automatic update
Salvatore Bonaccorso pushed to branch master at Debian Security Tracker / security-tracker Commits: c6b5b332 by security tracker role at 2025-01-05T20:11:56+00:00 automatic update - - - - - 1 changed file: - data/CVE/list Changes: = data/CVE/list = @@ -1,3 +1,37 @@ +CVE-2025-0229 (A vulnerability, which was classified as critical, has been found in c ...) + TODO: check +CVE-2025-0228 (A vulnerability has been found in code-projects Local Storage Todo App ...) + TODO: check +CVE-2025-0227 (A vulnerability, which was classified as problematic, was found in Tsi ...) + TODO: check +CVE-2025-0226 (A vulnerability, which was classified as problematic, has been found i ...) + TODO: check +CVE-2025-0225 (A vulnerability classified as problematic was found in Tsinghua Unigro ...) + TODO: check +CVE-2025-0224 (A vulnerability was found in Provision-ISR SH-4050A-2, SH-4100A-2L(MM) ...) + TODO: check +CVE-2025-0223 (A vulnerability was found in IObit Protected Folder up to 13.6.0.5. It ...) + TODO: check +CVE-2025-0222 (A vulnerability was found in IObit Protected Folder up to 13.6.0.5 and ...) + TODO: check +CVE-2025-0221 (A vulnerability has been found in IOBit Protected Folder up to 1.3.0 a ...) + TODO: check +CVE-2025-0220 (A vulnerability, which was classified as problematic, was found in Tri ...) + TODO: check +CVE-2024-13141 (A vulnerability classified as problematic was found in osuuu LightPict ...) + TODO: check +CVE-2024-13140 (A vulnerability classified as problematic has been found in Emlog Pro ...) + TODO: check +CVE-2024-13139 (A vulnerability was found in wangl1989 mysiteforme 1.0. It has been ra ...) + TODO: check +CVE-2024-13138 (A vulnerability was found in wangl1989 mysiteforme 1.0. It has been de ...) + TODO: check +CVE-2024-13137 (A vulnerability was found in wangl1989 mysiteforme 1.0. It has been cl ...) + TODO: check +CVE-2024-13136 (A vulnerability was found in wangl1989 mysiteforme 1.0 and classified ...) + TODO: check +CVE-2024-13135 (A vulnerability has been found in Emlog Pro 2.4.3 and classified as pr ...) + TODO: check CVE-2025-0219 (A vulnerability, which was classified as problematic, has been found i ...) NOT-FOR-US: Trimble CVE-2024-13134 (A vulnerability, which was classified as critical, was found in ZeroWd ...) View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/c6b5b332e287aa50da7715d37accf76186efc44f -- View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/c6b5b332e287aa50da7715d37accf76186efc44f You're receiving this email because of your account on salsa.debian.org. ___ debian-security-tracker-commits mailing list debian-security-tracker-commits@alioth-lists.debian.net https://alioth-lists.debian.net/cgi-bin/mailman/listinfo/debian-security-tracker-commits
[Git][security-tracker-team/security-tracker][master] automatic update
Salvatore Bonaccorso pushed to branch master at Debian Security Tracker / security-tracker Commits: 8909f0f0 by security tracker role at 2025-01-05T08:12:26+00:00 automatic update - - - - - 1 changed file: - data/CVE/list Changes: = data/CVE/list = @@ -1,3 +1,15 @@ +CVE-2025-0219 (A vulnerability, which was classified as problematic, has been found i ...) + TODO: check +CVE-2024-13134 (A vulnerability, which was classified as critical, was found in ZeroWd ...) + TODO: check +CVE-2024-13133 (A vulnerability, which was classified as critical, has been found in Z ...) + TODO: check +CVE-2024-13132 (A vulnerability classified as problematic was found in Emlog Pro up to ...) + TODO: check +CVE-2024-13131 (A vulnerability classified as problematic has been found in Dahua IPC- ...) + TODO: check +CVE-2024-13130 (A vulnerability was found in Dahua IPC-HFW1200S, IPC-HFW2300R-Z, IPC-H ...) + TODO: check CVE-2025-0214 (A vulnerability was found in TMD Custom Header Menu 4.0.0.1 on OpenCar ...) NOT-FOR-US: TMD Custom Header Menu OpenCart module CVE-2025-0213 (A vulnerability was found in Campcodes Project Management System 1.0. ...) View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/8909f0f0f2d824b00b7ac84bdc61a321345e47f2 -- View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/8909f0f0f2d824b00b7ac84bdc61a321345e47f2 You're receiving this email because of your account on salsa.debian.org. ___ debian-security-tracker-commits mailing list debian-security-tracker-commits@alioth-lists.debian.net https://alioth-lists.debian.net/cgi-bin/mailman/listinfo/debian-security-tracker-commits
[Git][security-tracker-team/security-tracker][master] automatic update
Salvatore Bonaccorso pushed to branch master at Debian Security Tracker / security-tracker Commits: 1d2962a4 by security tracker role at 2025-01-04T20:11:58+00:00 automatic update - - - - - 1 changed file: - data/CVE/list Changes: = data/CVE/list = @@ -1,3 +1,45 @@ +CVE-2025-0214 (A vulnerability was found in TMD Custom Header Menu 4.0.0.1 on OpenCar ...) + TODO: check +CVE-2025-0213 (A vulnerability was found in Campcodes Project Management System 1.0. ...) + TODO: check +CVE-2025-0212 (A vulnerability was found in Campcodes Student Grading System 1.0. It ...) + TODO: check +CVE-2025-0211 (A vulnerability was found in Campcodes School Faculty Scheduling Syste ...) + TODO: check +CVE-2025-0210 (A vulnerability has been found in Campcodes School Faculty Scheduling ...) + TODO: check +CVE-2025-0208 (A vulnerability, which was classified as critical, was found in code-p ...) + TODO: check +CVE-2025-0207 (A vulnerability, which was classified as critical, has been found in c ...) + TODO: check +CVE-2025-0206 (A vulnerability classified as critical was found in code-projects Onli ...) + TODO: check +CVE-2025-0205 (A vulnerability classified as critical has been found in code-projects ...) + TODO: check +CVE-2024-41768 (IBM Engineering Lifecycle Optimization - Publishing 7.0.2 and 7.0.3 co ...) + TODO: check +CVE-2024-41767 (IBM Engineering Lifecycle Optimization - Publishing 7.0.2 and 7.0.3 is ...) + TODO: check +CVE-2024-41766 (IBM Engineering Lifecycle Optimization - Publishing 7.0.2 and 7.0.3 c ...) + TODO: check +CVE-2024-41765 (IBM Engineering Lifecycle Optimization - Publishing 7.0.2 and 7.0.3 co ...) + TODO: check +CVE-2024-41763 (IBM Engineering Lifecycle Optimization - Publishing 7.0.2 and 7.0.3 u ...) + TODO: check +CVE-2024-12583 (The Dynamics 365 Integration plugin for WordPress is vulnerable to Rem ...) + TODO: check +CVE-2024-12475 (The WP Multi Store Locator plugin for WordPress is vulnerable to Store ...) + TODO: check +CVE-2024-12279 (The WP Social AutoConnect plugin for WordPress is vulnerable to Cross- ...) + TODO: check +CVE-2024-12221 (The Turnkey bbPress by WeaverTheme plugin for WordPress is vulnerable ...) + TODO: check +CVE-2024-12195 (The WP Project Manager \u2013 Task, team, and project management plugi ...) + TODO: check +CVE-2024-11930 (The Taskbuilder \u2013 WordPress Project & Task Management plugin plug ...) + TODO: check +CVE-2024-10957 (The UpdraftPlus: WP Backup & Migration Plugin plugin for WordPress is ...) + TODO: check CVE-2025-22390 (An issue was discovered in Optimizely EPiServer.CMS.Core before 12.32. ...) NOT-FOR-US: Optimizely EPiServer.CMS.Core CVE-2025-22389 (An issue was discovered in Optimizely EPiServer.CMS.Core before 12.32. ...) View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/1d2962a437ee7aadbf7829aa92cf4aa7b3d119de -- View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/1d2962a437ee7aadbf7829aa92cf4aa7b3d119de You're receiving this email because of your account on salsa.debian.org. ___ debian-security-tracker-commits mailing list debian-security-tracker-commits@alioth-lists.debian.net https://alioth-lists.debian.net/cgi-bin/mailman/listinfo/debian-security-tracker-commits
[Git][security-tracker-team/security-tracker][master] automatic update
Salvatore Bonaccorso pushed to branch master at Debian Security Tracker / security-tracker Commits: 69defc97 by security tracker role at 2025-01-04T08:11:48+00:00 automatic update - - - - - 1 changed file: - data/CVE/list Changes: = data/CVE/list = @@ -1,4 +1,56 @@ -CVE-2025-22376 [Default nonce for Net::OAuth package for perl is not cryptographically strong] +CVE-2025-22390 (An issue was discovered in Optimizely EPiServer.CMS.Core before 12.32. ...) + TODO: check +CVE-2025-22389 (An issue was discovered in Optimizely EPiServer.CMS.Core before 12.32. ...) + TODO: check +CVE-2025-22388 (An issue was discovered in Optimizely EPiServer.CMS.Core before 12.22. ...) + TODO: check +CVE-2025-22387 (An issue was discovered in Optimizely Configured Commerce before 5.2.2 ...) + TODO: check +CVE-2025-22386 (An issue was discovered in Optimizely Configured Commerce before 5.2.2 ...) + TODO: check +CVE-2025-22385 (An issue was discovered in Optimizely Configured Commerce before 5.2.2 ...) + TODO: check +CVE-2025-22384 (An issue was discovered in Optimizely Configured Commerce before 5.2.2 ...) + TODO: check +CVE-2025-22383 (An issue was discovered in Optimizely Configured Commerce before 5.2.2 ...) + TODO: check +CVE-2025-0204 (A vulnerability was found in code-projects Online Shoe Store 1.0. It h ...) + TODO: check +CVE-2025-0203 (A vulnerability was found in code-projects Student Management System 1 ...) + TODO: check +CVE-2025-0202 (A vulnerability was found in TCS BaNCS 10. It has been classified as p ...) + TODO: check +CVE-2025-0201 (A vulnerability was found in code-projects Point of Sales and Inventor ...) + TODO: check +CVE-2025-0200 (A vulnerability has been found in code-projects Point of Sales and Inv ...) + TODO: check +CVE-2025-0199 (A vulnerability, which was classified as critical, was found in code-p ...) + TODO: check +CVE-2025-0198 (A vulnerability, which was classified as critical, has been found in c ...) + TODO: check +CVE-2024-56332 (Next.js is a React framework for building full-stack web applications. ...) + TODO: check +CVE-2024-55897 (IBM PowerHA SystemMirror for i 7.4 and 7.5 does not set the secure a ...) + TODO: check +CVE-2024-55896 (IBM PowerHA SystemMirror for i 7.4 and 7.5 contains improper restricti ...) + TODO: check +CVE-2024-13129 (A vulnerability was found in Roxy-WI up to 8.1.3. It has been declared ...) + TODO: check +CVE-2024-12701 (The WP Smart Import : Import any XML File to WordPress plugin for Word ...) + TODO: check +CVE-2024-12545 (The Scratch & Win \u2013 Giveaways and Contests. Boost subscribers, tr ...) + TODO: check +CVE-2024-12237 (The Photo Gallery Slideshow & Masonry Tiled Gallery plugin for WordPre ...) + TODO: check +CVE-2024-12047 (The WP Compress \u2013 Instant Performance & Speed Optimization plugin ...) + TODO: check +CVE-2024-11974 (The Media Library Assistant plugin for WordPress is vulnerable to Refl ...) + TODO: check +CVE-2024-11733 (The The WordPress Popular Posts plugin for WordPress is vulnerable to ...) + TODO: check +CVE-2024-10932 (The Backup Migration plugin for WordPress is vulnerable to PHP Object ...) + TODO: check +CVE-2025-22376 (In Net::OAuth::Client in the Net::OAuth package before 0.29 for Perl, ...) - libnet-oauth-perl NOTE: Fixed by: https://github.com/keeth/Net-OAuth/commit/2aa25e04aadab247ae4063363fcee177161e1f42 (0.29) NOTE: Followup (bugfix): https://github.com/keeth/Net-OAuth/commit/2276807dbdd5c0cee2d09679e084c7fdfb401704 (0.30) View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/69defc9773f6f7d4bdf970df9f43bdaec6111cd0 -- View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/69defc9773f6f7d4bdf970df9f43bdaec6111cd0 You're receiving this email because of your account on salsa.debian.org. ___ debian-security-tracker-commits mailing list debian-security-tracker-commits@alioth-lists.debian.net https://alioth-lists.debian.net/cgi-bin/mailman/listinfo/debian-security-tracker-commits
[Git][security-tracker-team/security-tracker][master] automatic update
Salvatore Bonaccorso pushed to branch master at Debian Security Tracker / security-tracker Commits: f504806d by security tracker role at 2025-01-03T20:12:04+00:00 automatic update - - - - - 1 changed file: - data/CVE/list Changes: = data/CVE/list = @@ -1,3 +1,59 @@ +CVE-2025-21610 (Trix is a what-you-see-is-what-you-get rich text editor for everyday w ...) + TODO: check +CVE-2025-21609 (SiYuan is self-hosted, open source personal knowledge management softw ...) + TODO: check +CVE-2025-0197 (A vulnerability classified as critical was found in code-projects Poin ...) + TODO: check +CVE-2025-0196 (A vulnerability classified as critical has been found in code-projects ...) + TODO: check +CVE-2025-0195 (A vulnerability was found in code-projects Point of Sales and Inventor ...) + TODO: check +CVE-2024-9140 (Moxa\u2019s cellular routers, secure routers, and network security app ...) + TODO: check +CVE-2024-9138 (Moxa\u2019s cellular routers, secure routers, and network security app ...) + TODO: check +CVE-2024-5591 (IBM Jazz Foundation 7.0.2, 7.0.3, and 7.1.0 could allow a remote attac ...) + TODO: check +CVE-2024-56514 (Karmada is a Kubernetes management system that allows users to run clo ...) + TODO: check +CVE-2024-56513 (Karmada is a Kubernetes management system that allows users to run clo ...) + TODO: check +CVE-2024-56412 (PhpSpreadsheet is a PHP library for reading and writing spreadsheet fi ...) + TODO: check +CVE-2024-56411 (PhpSpreadsheet is a PHP library for reading and writing spreadsheet fi ...) + TODO: check +CVE-2024-56410 (PhpSpreadsheet is a PHP library for reading and writing spreadsheet fi ...) + TODO: check +CVE-2024-56409 (PhpSpreadsheet is a PHP library for reading and writing spreadsheet fi ...) + TODO: check +CVE-2024-56408 (PhpSpreadsheet is a PHP library for reading and writing spreadsheet fi ...) + TODO: check +CVE-2024-56366 (PhpSpreadsheet is a PHP library for reading and writing spreadsheet fi ...) + TODO: check +CVE-2024-56365 (PhpSpreadsheet is a PHP library for reading and writing spreadsheet fi ...) + TODO: check +CVE-2024-56324 (GoCD is a continuous deliver server. GoCD versions prior to 24.4.0 can ...) + TODO: check +CVE-2024-56322 (GoCD is a continuous deliver server. GoCD versions 16.7.0 through 24.4 ...) + TODO: check +CVE-2024-56321 (GoCD is a continuous deliver server. GoCD versions 18.9.0 through 24.4 ...) + TODO: check +CVE-2024-56320 (GoCD is a continuous deliver server. GoCD versions prior to 24.5.0 are ...) + TODO: check +CVE-2024-55507 (An issue in CodeAstro Complaint Management System v.1.0 allows a remot ...) + TODO: check +CVE-2024-55078 (An arbitrary file upload vulnerability in the component /adminUser/upd ...) + TODO: check +CVE-2024-48814 (SQL Injection vulnerability in Silverpeas 6.4.1 allows a remote attack ...) + TODO: check +CVE-2024-41780 (IBM Jazz Foundation 7.0.2, 7.0.3, and 7.1.0 could could allow a phys ...) + TODO: check +CVE-2024-36613 (FFmpeg n6.1.1 has a vulnerability in the DXA demuxer of the libavforma ...) + TODO: check +CVE-2024-35365 (FFmpeg version n6.1.1 has a double-free vulnerability in the fftools/f ...) + TODO: check +CVE-2024-12132 (The WP Job Portal \u2013 A Complete Recruitment System for Company or ...) + TODO: check CVE-2025-22275 (iTerm2 3.5.6 through 3.5.10 before 3.5.11 sometimes allows remote atta ...) NOT-FOR-US: iTerm2 CVE-2025-0176 (A vulnerability was found in code-projects Point of Sales and Inventor ...) View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/f504806d6ab625ddd3fc47cdaf1abc3a2c91190c -- View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/f504806d6ab625ddd3fc47cdaf1abc3a2c91190c You're receiving this email because of your account on salsa.debian.org. ___ debian-security-tracker-commits mailing list debian-security-tracker-commits@alioth-lists.debian.net https://alioth-lists.debian.net/cgi-bin/mailman/listinfo/debian-security-tracker-commits
[Git][security-tracker-team/security-tracker][master] automatic update
Salvatore Bonaccorso pushed to branch master at Debian Security Tracker / security-tracker Commits: cd27a205 by security tracker role at 2025-01-03T08:11:46+00:00 automatic update - - - - - 1 changed file: - data/CVE/list Changes: = data/CVE/list = @@ -1,3 +1,49 @@ +CVE-2025-22275 (iTerm2 3.5.6 through 3.5.10 before 3.5.11 sometimes allows remote atta ...) + TODO: check +CVE-2025-0176 (A vulnerability was found in code-projects Point of Sales and Inventor ...) + TODO: check +CVE-2025-0175 (A vulnerability was found in code-projects Online Shop 1.0. It has bee ...) + TODO: check +CVE-2025-0174 (A vulnerability was found in code-projects Point of Sales and Inventor ...) + TODO: check +CVE-2024-53842 (In cc_SendCcImsInfoIndMsg of cc_MmConManagement.c, there is a possible ...) + TODO: check +CVE-2024-53841 (In startListeningForDeviceStateChanges, there is a possible Permission ...) + TODO: check +CVE-2024-53840 (there is a possible biometric bypass due to an unusual root cause. Thi ...) + TODO: check +CVE-2024-53839 (In GetCellInfoList() of protocolnetadapter.cpp, there is a possible ou ...) + TODO: check +CVE-2024-53838 (In Exynos_parsing_user_data_registered_itu_t_t35 of VendorVideoAPI.cpp ...) + TODO: check +CVE-2024-53837 (In prepare_response of lwis_periodic_io.c, there is a possible out of ...) + TODO: check +CVE-2024-53836 (In wbrc_bt_dev_write of wb_regon_coordinator.c, there is a possible ou ...) + TODO: check +CVE-2024-53835 (there is a possible biometric bypass due to an unusual root cause. Thi ...) + TODO: check +CVE-2024-53834 (In sms_DisplayHexDumpOfPrivacyBuffer of sms_Utilities.c, there is a po ...) + TODO: check +CVE-2024-53833 (In prepare_response_locked of lwis_transaction.c, there is a possible ...) + TODO: check +CVE-2024-47032 (In construct_transaction_from_cmd of lwis_ioctl.c, there is a possible ...) + TODO: check +CVE-2024-43769 (In isPackageDeviceAdmin of PackageManagerService.java, there is a poss ...) + TODO: check +CVE-2024-43768 (In skia_alloc_func of SkDeflate.cpp, there is a possible out of bounds ...) + TODO: check +CVE-2024-43767 (In prepare_to_draw_into_mask of SkBlurMaskFilterImpl.cpp, there is a p ...) + TODO: check +CVE-2024-43764 (In onPrimaryClipChanged of ClipboardListener.java, there is a possible ...) + TODO: check +CVE-2024-43762 (In multiple locations, there is a possible way to avoid unbinding of a ...) + TODO: check +CVE-2024-43097 (In resizeToAtLeast of SkRegion.cpp, there is a possible out of bounds ...) + TODO: check +CVE-2024-43077 (In DevmemValidateFlags of devicemem_server.c , there is a possible out ...) + TODO: check +CVE-2024-11624 (there is a possible to add apps to bypass VPN due to Undeclared Permis ...) + TODO: check CVE-2025-0173 (A vulnerability was found in SourceCodester Online Eyewear Shop 1.0 an ...) NOT-FOR-US: SourceCodester Online Eyewear Shop CVE-2025-0172 (A vulnerability has been found in code-projects Chat System 1.0 and cl ...) @@ -436,7 +482,7 @@ CVE-2022-49035 (In the Linux kernel, the following vulnerability has been resolv - linux 6.0.8-1 [bullseye] - linux 5.10.158-1 NOTE: https://git.kernel.org/linus/93f65ce036863893c164ca410938e0968964b26c (6.1-rc2) -CVE-2024-8447 +CVE-2024-8447 (A security issue was discovered in the LRA Coordinator component of Na ...) NOT-FOR-US: Narayana CVE-2024-56827 - openjpeg2 View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/cd27a2056c5a71e7de24d679503313fc371ad3c2 -- View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/cd27a2056c5a71e7de24d679503313fc371ad3c2 You're receiving this email because of your account on salsa.debian.org. ___ debian-security-tracker-commits mailing list debian-security-tracker-commits@alioth-lists.debian.net https://alioth-lists.debian.net/cgi-bin/mailman/listinfo/debian-security-tracker-commits
[Git][security-tracker-team/security-tracker][master] automatic update
Salvatore Bonaccorso pushed to branch master at Debian Security Tracker / security-tracker Commits: 8bcaae93 by security tracker role at 2025-01-02T20:12:00+00:00 automatic update - - - - - 1 changed file: - data/CVE/list Changes: = data/CVE/list = @@ -1,4 +1,438 @@ -CVE-2022-49035 [media: s5p_cec: limit msg.len to CEC_MAX_MSG_SIZE] +CVE-2025-0173 (A vulnerability was found in SourceCodester Online Eyewear Shop 1.0 an ...) + TODO: check +CVE-2025-0172 (A vulnerability has been found in code-projects Chat System 1.0 and cl ...) + TODO: check +CVE-2025-0171 (A vulnerability, which was classified as critical, was found in code-p ...) + TODO: check +CVE-2024-9950 (A vulnerability in Forescout SecureConnector v11.3.07.0109on Windows a ...) + TODO: check +CVE-2024-56414 (Web installer integrity check used weak hash algorithm. The following ...) + TODO: check +CVE-2024-56413 (Missing session invalidation after user deletion. The following produc ...) + TODO: check +CVE-2024-56302 (Improper Neutralization of Input During Web Page Generation ('Cross-si ...) + TODO: check +CVE-2024-56268 (Improper Neutralization of Input During Web Page Generation ('Cross-si ...) + TODO: check +CVE-2024-56267 (Improper Neutralization of Input During Web Page Generation ('Cross-si ...) + TODO: check +CVE-2024-56266 (Missing Authorization vulnerability in Sonaar Music MP3 Audio Player f ...) + TODO: check +CVE-2024-56264 (Unrestricted Upload of File with Dangerous Type vulnerability in Beee ...) + TODO: check +CVE-2024-56263 (Improper Neutralization of Input During Web Page Generation ('Cross-si ...) + TODO: check +CVE-2024-56262 (Improper Neutralization of Input During Web Page Generation ('Cross-si ...) + TODO: check +CVE-2024-56261 (Improper Neutralization of Input During Web Page Generation ('Cross-si ...) + TODO: check +CVE-2024-56260 (Improper Neutralization of Input During Web Page Generation ('Cross-si ...) + TODO: check +CVE-2024-56259 (Improper Neutralization of Input During Web Page Generation ('Cross-si ...) + TODO: check +CVE-2024-56258 (Improper Neutralization of Input During Web Page Generation ('Cross-si ...) + TODO: check +CVE-2024-56257 (Improper Neutralization of Input During Web Page Generation ('Cross-si ...) + TODO: check +CVE-2024-56255 (Missing Authorization vulnerability in AyeCode AyeCode Connect allows ...) + TODO: check +CVE-2024-56254 (Improper Neutralization of Input During Web Page Generation ('Cross-si ...) + TODO: check +CVE-2024-56253 (Missing Authorization vulnerability in supsystic.com Data Tables Gener ...) + TODO: check +CVE-2024-56252 (Improper Neutralization of Input During Web Page Generation ('Cross-si ...) + TODO: check +CVE-2024-56251 (Cross-Site Request Forgery (CSRF) vulnerability in Event Espresso Even ...) + TODO: check +CVE-2024-56250 (Improper Neutralization of Special Elements used in an SQL Command ('S ...) + TODO: check +CVE-2024-56249 (Unrestricted Upload of File with Dangerous Type vulnerability in Webde ...) + TODO: check +CVE-2024-56248 (Improper Limitation of a Pathname to a Restricted Directory ('Path Tra ...) + TODO: check +CVE-2024-56247 (Improper Neutralization of Special Elements used in an SQL Command ('S ...) + TODO: check +CVE-2024-56246 (Improper Neutralization of Input During Web Page Generation ('Cross-si ...) + TODO: check +CVE-2024-56245 (Improper Neutralization of Input During Web Page Generation ('Cross-si ...) + TODO: check +CVE-2024-56244 (Missing Authorization vulnerability in WP Royal Ashe Extra allows Expl ...) + TODO: check +CVE-2024-56243 (Missing Authorization vulnerability in JS Morisset WPSSO Core allows E ...) + TODO: check +CVE-2024-56242 (Improper Neutralization of Input During Web Page Generation ('Cross-si ...) + TODO: check +CVE-2024-56241 (Improper Neutralization of Input During Web Page Generation ('Cross-si ...) + TODO: check +CVE-2024-56240 (Improper Neutralization of Input During Web Page Generation ('Cross-si ...) + TODO: check +CVE-2024-56239 (Improper Neutralization of Input During Web Page Generation ('Cross-si ...) + TODO: check +CVE-2024-56238 (Missing Authorization vulnerability in QunatumCloud Floating Action Bu ...) + TODO: check +CVE-2024-56237 (Improper Neutralization of Input During Web Page Generation ('Cross-si ...) + TODO: check +CVE-2024-56236 (Missing Authorization vulnerability in Jakob Bouchard Hestia Nginx Cac ...) + TODO: check +CVE-2024-56199 (phpMyFAQ is an open source FAQ web application. Starting no later than ...) + TODO: check +CVE-2024-56137 (MaxKB, which stands for Max Knowledge Base, is an open source knowledg ...) + TODO: check +CVE-2024-56069 (Imprope
[Git][security-tracker-team/security-tracker][master] automatic update
Salvatore Bonaccorso pushed to branch master at Debian Security Tracker / security-tracker Commits: 9c7f75cf by security tracker role at 2025-01-02T08:12:12+00:00 automatic update - - - - - 1 changed file: - data/CVE/list Changes: = data/CVE/list = The diff for this file was not included because it is too large. View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/9c7f75cfcce21f6e1d6a49261a1b9bac90a1dab8 -- View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/9c7f75cfcce21f6e1d6a49261a1b9bac90a1dab8 You're receiving this email because of your account on salsa.debian.org. ___ debian-security-tracker-commits mailing list debian-security-tracker-commits@alioth-lists.debian.net https://alioth-lists.debian.net/cgi-bin/mailman/listinfo/debian-security-tracker-commits
[Git][security-tracker-team/security-tracker][master] automatic update
Salvatore Bonaccorso pushed to branch master at Debian Security Tracker / security-tracker Commits: 1608aaf9 by security tracker role at 2025-01-01T20:12:06+00:00 automatic update - - - - - 1 changed file: - data/CVE/list Changes: = data/CVE/list = @@ -1,3 +1,5 @@ +CVE-2025-0168 (A vulnerability classified as critical has been found in code-projects ...) + TODO: check CVE-2024-56803 (Ghostty is a cross-platform terminal emulator. Ghostty, as allowed by ...) - ghostty (bug #1091469) CVE-2024-56802 (Tapir is a private Terraform registry. Tapir versions 0.9.0 and 0.9.1 ...) View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/1608aaf98a89630d269b9b170774ceee22dcb938 -- View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/1608aaf98a89630d269b9b170774ceee22dcb938 You're receiving this email because of your account on salsa.debian.org. ___ debian-security-tracker-commits mailing list debian-security-tracker-commits@alioth-lists.debian.net https://alioth-lists.debian.net/cgi-bin/mailman/listinfo/debian-security-tracker-commits
[Git][security-tracker-team/security-tracker][master] automatic update
Salvatore Bonaccorso pushed to branch master at Debian Security Tracker / security-tracker Commits: ee2b4d50 by security tracker role at 2025-01-01T08:12:05+00:00 automatic update - - - - - 1 changed file: - data/CVE/list Changes: = data/CVE/list = @@ -1,8 +1,360 @@ -CVE-2023-6603 [Null Pointer Dereference in FFmpeg HLS Parsing] +CVE-2024-56803 (Ghostty is a cross-platform terminal emulator. Ghostty, as allowed by ...) + TODO: check +CVE-2024-56802 (Tapir is a private Terraform registry. Tapir versions 0.9.0 and 0.9.1 ...) + TODO: check +CVE-2024-56265 (Improper Neutralization of Input During Web Page Generation ('Cross-si ...) + TODO: check +CVE-2024-56256 (Improper Neutralization of Input During Web Page Generation ('Cross-si ...) + TODO: check +CVE-2024-56235 (Improper Neutralization of Input During Web Page Generation ('Cross-si ...) + TODO: check +CVE-2024-56234 (Missing Authorization vulnerability in VW THEMES VW Automobile Lite al ...) + TODO: check +CVE-2024-56233 (Improper Neutralization of Input During Web Page Generation ('Cross-si ...) + TODO: check +CVE-2024-56232 (Cross-Site Request Forgery (CSRF) vulnerability in Alexander Volkov WP ...) + TODO: check +CVE-2024-56231 (Improper Neutralization of Input During Web Page Generation ('Cross-si ...) + TODO: check +CVE-2024-56230 (Improper Control of Filename for Include/Require Statement in PHP Prog ...) + TODO: check +CVE-2024-56229 (Cross-Site Request Forgery (CSRF) vulnerability in Searchiq SearchIQ.T ...) + TODO: check +CVE-2024-56228 (Improper Neutralization of Input During Web Page Generation ('Cross-si ...) + TODO: check +CVE-2024-56227 (Missing Authorization vulnerability in WP Royal Royal Elementor Addons ...) + TODO: check +CVE-2024-56226 (Improper Neutralization of Input During Web Page Generation ('Cross-si ...) + TODO: check +CVE-2024-56225 (Missing Authorization vulnerability in Leap13 Premium Addons for Eleme ...) + TODO: check +CVE-2024-56224 (Improper Neutralization of Input During Web Page Generation ('Cross-si ...) + TODO: check +CVE-2024-56223 (Improper Neutralization of Input During Web Page Generation ('Cross-si ...) + TODO: check +CVE-2024-56222 (Cross-Site Request Forgery (CSRF) vulnerability in Codebard CodeBard H ...) + TODO: check +CVE-2024-56221 (Improper Neutralization of Input During Web Page Generation ('Cross-si ...) + TODO: check +CVE-2024-56220 (Incorrect Privilege Assignment vulnerability in SSL Wireless SSL Wirel ...) + TODO: check +CVE-2024-56219 (Missing Authorization vulnerability in MarketingFire Widget Options al ...) + TODO: check +CVE-2024-56218 (Cross-Site Request Forgery (CSRF) vulnerability in AuRise Creative, Se ...) + TODO: check +CVE-2024-56217 (Missing Authorization vulnerability in W3 Eden, Inc. Download Manager ...) + TODO: check +CVE-2024-56216 (Improper Control of Filename for Include/Require Statement in PHP Prog ...) + TODO: check +CVE-2024-56215 (Missing Authorization vulnerability in Stephen Sherrard Member Directo ...) + TODO: check +CVE-2024-56214 (Path Traversal: '.../...//' vulnerability in DeluxeThemes Userpro allo ...) + TODO: check +CVE-2024-56213 (Path Traversal: '.../...//' vulnerability in Themewinter Eventin allow ...) + TODO: check +CVE-2024-56212 (Improper Neutralization of Special Elements used in an SQL Command ('S ...) + TODO: check +CVE-2024-56211 (Missing Authorization vulnerability in DeluxeThemes Userpro.This issue ...) + TODO: check +CVE-2024-56210 (Improper Neutralization of Input During Web Page Generation ('Cross-si ...) + TODO: check +CVE-2024-56209 (Improper Neutralization of Input During Web Page Generation ('Cross-si ...) + TODO: check +CVE-2024-56207 (Cross-Site Request Forgery (CSRF) vulnerability in EditionGuard Dev Te ...) + TODO: check +CVE-2024-56206 (Cross-Site Request Forgery (CSRF) vulnerability in Amarjeet Amar allow ...) + TODO: check +CVE-2024-56205 (Incorrect Privilege Assignment vulnerability in AI Magic allows Privil ...) + TODO: check +CVE-2024-56204 (Cross-Site Request Forgery (CSRF) vulnerability in Yonatan Reinberg of ...) + TODO: check +CVE-2024-56203 (Cross-Site Request Forgery (CSRF) vulnerability in George Holmes II Wa ...) + TODO: check +CVE-2024-56198 (path-sanitizer is a simple lightweight npm package for sanitizing path ...) + TODO: check +CVE-2024-56071 (Incorrect Privilege Assignment vulnerability in Mike Leembruggen Simpl ...) + TODO: check +CVE-2024-56070 (Missing Authorization vulnerability in Azzaroco WP SuperBackup allows ...) + TODO: check +CVE-2024-56068 (Deserialization of Untrusted Data vulnerability in Azzaroco WP SuperBa ...) + TODO: check +CVE-2024-56067 (Missing
[Git][security-tracker-team/security-tracker][master] automatic update
Salvatore Bonaccorso pushed to branch master at Debian Security Tracker / security-tracker Commits: 120a7159 by security tracker role at 2024-12-31T08:12:01+00:00 automatic update - - - - - 1 changed file: - data/CVE/list Changes: = data/CVE/list = @@ -1,3 +1,45 @@ +CVE-2024-45497 (A flaw was found in the OpenShift build process, where the docker-buil ...) + TODO: check +CVE-2024-13058 (An issue exists in SoftIron HyperCloud where authenticated, but non-a ...) + TODO: check +CVE-2024-13051 (Ashlar-Vellum Graphite VC6 File Parsing Heap-based Buffer Overflow Rem ...) + TODO: check +CVE-2024-13050 (Ashlar-Vellum Graphite VC6 File Parsing Heap-based Buffer Overflow Rem ...) + TODO: check +CVE-2024-13049 (Ashlar-Vellum Cobalt XE File Parsing Type Confusion Remote Code Execut ...) + TODO: check +CVE-2024-13048 (Ashlar-Vellum Cobalt XE File Parsing Out-Of-Bounds Write Remote Code E ...) + TODO: check +CVE-2024-13047 (Ashlar-Vellum Cobalt CO File Parsing Type Confusion Remote Code Execut ...) + TODO: check +CVE-2024-13046 (Ashlar-Vellum Cobalt CO File Parsing Out-Of-Bounds Write Remote Code E ...) + TODO: check +CVE-2024-13045 (Ashlar-Vellum Cobalt AR File Parsing Stack-based Buffer Overflow Remot ...) + TODO: check +CVE-2024-13044 (Ashlar-Vellum Cobalt AR File Parsing Out-Of-Bounds Write Remote Code E ...) + TODO: check +CVE-2024-13043 (Panda Security Dome Link Following Local Privilege Escalation Vulnerab ...) + TODO: check +CVE-2024-13042 (A vulnerability was found in Tsinghua Unigroup Electronic Archives Man ...) + TODO: check +CVE-2024-13040 (The QOCA aim from Quanta Computer has an Authorization Bypass Through ...) + TODO: check +CVE-2024-12839 (The login mechanism via device authentication of CGFIDO from Changing ...) + TODO: check +CVE-2024-12838 (The passwordless login mechanism in CGFIDO from Changing Information T ...) + TODO: check +CVE-2024-12753 (Foxit PDF Reader Link Following Local Privilege Escalation Vulnerabili ...) + TODO: check +CVE-2024-12752 (Foxit PDF Reader AcroForm Memory Corruption Remote Code Execution Vuln ...) + TODO: check +CVE-2024-12751 (Foxit PDF Reader AcroForm Out-Of-Bounds Read Remote Code Execution Vul ...) + TODO: check +CVE-2024-11972 (The Hunk Companion WordPress plugin before 1.9.0 does not correctly au ...) + TODO: check +CVE-2024-11946 (iXsystems TrueNAS CORE fetch_plugin_packagesites tar Cleartext Transmi ...) + TODO: check +CVE-2024-11944 (iXsystems TrueNAS CORE tarfile.extractall Directory Traversal Remote C ...) + TODO: check CVE-2024-56801 (Tasklists provides plugin tasklists for GLPI. Versions prior to 2.0.4 ...) NOT-FOR-US: Tasklists plugin for GLPI CVE-2024-56800 (Firecrawl is a web scraper that allows users to extract the content of ...) View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/120a71597a0ff1c2910218d5c15e7f155d2e5d48 -- View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/120a71597a0ff1c2910218d5c15e7f155d2e5d48 You're receiving this email because of your account on salsa.debian.org. ___ debian-security-tracker-commits mailing list debian-security-tracker-commits@alioth-lists.debian.net https://alioth-lists.debian.net/cgi-bin/mailman/listinfo/debian-security-tracker-commits
[Git][security-tracker-team/security-tracker][master] automatic update
Salvatore Bonaccorso pushed to branch master at Debian Security Tracker / security-tracker Commits: 1f4d337a by security tracker role at 2024-12-30T20:12:09+00:00 automatic update - - - - - 1 changed file: - data/CVE/list Changes: = data/CVE/list = @@ -1,3 +1,65 @@ +CVE-2024-56801 (Tasklists provides plugin tasklists for GLPI. Versions prior to 2.0.4 ...) + TODO: check +CVE-2024-56800 (Firecrawl is a web scraper that allows users to extract the content of ...) + TODO: check +CVE-2024-56799 (Simofa is a tool to help automate static website building and deployme ...) + TODO: check +CVE-2024-56734 (Better Auth is an authentication library for TypeScript. An open redir ...) + TODO: check +CVE-2024-56733 (Password Pusher is an open source application to communicate sensitive ...) + TODO: check +CVE-2024-56517 (LGSL (Live Game Server List) provides online status lists for online v ...) + TODO: check +CVE-2024-56516 (free-one-api allows users to access large language model reverse engin ...) + TODO: check +CVE-2024-54181 (IBM WebSphere Automation 1.7.5 could allow a remote privileged user, w ...) + TODO: check +CVE-2024-52294 (Khoj is a self-hostable artificial intelligence app. Prior to version ...) + TODO: check +CVE-2024-50703 (TeamPass before 3.1.3.1 does not properly prevent a user from acting w ...) + TODO: check +CVE-2024-50702 (TeamPass before 3.1.3.1 does not properly check whether a mail_me (aka ...) + TODO: check +CVE-2024-50701 (TeamPass before 3.1.3.1, when retrieving information about access righ ...) + TODO: check +CVE-2024-47926 (Tecnick TCExam \u2013 CWE-89: Improper Neutralization of Special Eleme ...) + TODO: check +CVE-2024-47925 (Tecnick TCExam \u2013 Multiple CWE-79: Improper Neutralization of Inpu ...) + TODO: check +CVE-2024-47924 (Boa web server \u2013 CWE-79: Improper Neutralization of Input During ...) + TODO: check +CVE-2024-47923 (Mashov \u2013 CWE-200: Exposure of Sensitive Information to an Unautho ...) + TODO: check +CVE-2024-47922 (Priority \u2013 CWE-200: Exposure of Sensitive Information to an Unaut ...) + TODO: check +CVE-2024-47921 (Smadar SPS \u2013 CWE-327: Use of a Broken or Risky Cryptographic Algo ...) + TODO: check +CVE-2024-47920 (Tiki Wiki CMS \u2013 CWE-79: Improper Neutralization of Input During W ...) + TODO: check +CVE-2024-47919 (Tiki Wiki CMS \u2013 CWE-78: Improper Neutralization of Special Elemen ...) + TODO: check +CVE-2024-47918 (Tiki Wiki CMS \u2013 CWE-80: Improper Neutralization of Script-Related ...) + TODO: check +CVE-2024-47917 (CWE-79: Improper Neutralization of Input During Web Page Generation (' ...) + TODO: check +CVE-2024-46542 (Veritas / Arctera Data Insight before 7.1.1 allows Application Adminis ...) + TODO: check +CVE-2024-22063 (The ZENIC ONE R58 products by ZTE Corporation have a command injection ...) + TODO: check +CVE-2024-12993 (Infinix devices contain a pre-loaded "com.rlk.weathers" application, t ...) + TODO: check +CVE-2024-12836 (Delta Electronics DRASimuCAD STP File Parsing Type Confusion Remote Co ...) + TODO: check +CVE-2024-12835 (Delta Electronics DRASimuCAD ICS File Parsing Out-Of-Bounds Write Remo ...) + TODO: check +CVE-2024-12834 (Delta Electronics DRASimuCAD STP File Parsing Type Confusion Remote Co ...) + TODO: check +CVE-2024-12828 (Webmin CGI Command Injection Remote Code Execution Vulnerability. This ...) + TODO: check +CVE-2024-12754 (AnyDesk Link Following Information Disclosure Vulnerability. This vuln ...) + TODO: check +CVE-2024-10044 (A Server-Side Request Forgery (SSRF) vulnerability exists in the POST ...) + TODO: check CVE-2024-13039 (A vulnerability was found in code-projects Simple Chat System 1.0. It ...) NOT-FOR-US: code-projects Simple Chat System CVE-2024-13038 (A vulnerability was found in CodeAstro Simple Loan Management System 1 ...) View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/1f4d337a1afd2db9e92e1145acd77390d9615d26 -- View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/1f4d337a1afd2db9e92e1145acd77390d9615d26 You're receiving this email because of your account on salsa.debian.org. ___ debian-security-tracker-commits mailing list debian-security-tracker-commits@alioth-lists.debian.net https://alioth-lists.debian.net/cgi-bin/mailman/listinfo/debian-security-tracker-commits
[Git][security-tracker-team/security-tracker][master] automatic update
Salvatore Bonaccorso pushed to branch master at Debian Security Tracker / security-tracker Commits: a650b5bc by security tracker role at 2024-12-30T08:12:05+00:00 automatic update - - - - - 1 changed file: - data/CVE/list Changes: = data/CVE/list = @@ -1,3 +1,33 @@ +CVE-2024-13039 (A vulnerability was found in code-projects Simple Chat System 1.0. It ...) + TODO: check +CVE-2024-13038 (A vulnerability was found in CodeAstro Simple Loan Management System 1 ...) + TODO: check +CVE-2024-13037 (A vulnerability was found in 1000 Projects Attendance Tracking Managem ...) + TODO: check +CVE-2024-13036 (A vulnerability was found in code-projects Chat System 1.0 and classif ...) + TODO: check +CVE-2024-13035 (A vulnerability has been found in code-projects Chat System 1.0 and cl ...) + TODO: check +CVE-2024-13034 (A vulnerability, which was classified as problematic, was found in cod ...) + TODO: check +CVE-2024-13033 (A vulnerability, which was classified as problematic, has been found i ...) + TODO: check +CVE-2024-13032 (A vulnerability classified as problematic was found in Antabot White-J ...) + TODO: check +CVE-2024-13031 (A vulnerability classified as problematic has been found in Antabot Wh ...) + TODO: check +CVE-2024-13030 (A vulnerability was found in D-Link DIR-823G 1.0.2B05_20181207. It has ...) + TODO: check +CVE-2024-13029 (A vulnerability, which was classified as problematic, was found in Ant ...) + TODO: check +CVE-2024-13028 (A vulnerability, which was classified as problematic, has been found i ...) + TODO: check +CVE-2024-13025 (A vulnerability was found in Codezips College Management System 1.0. I ...) + TODO: check +CVE-2024-13024 (A vulnerability was found in Codezips Blood Bank Management System 1.0 ...) + TODO: check +CVE-2024-13023 (A vulnerability has been found in PHPGurukul Maid Hiring Management Sy ...) + TODO: check CVE-2024-13022 (A vulnerability, which was classified as critical, was found in taisan ...) NOT-FOR-US: taisan tarzan-cms CVE-2024-13021 (A vulnerability, which was classified as problematic, has been found i ...) View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/a650b5bcb694af6a055fcb7ee2838241b05d80af -- View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/a650b5bcb694af6a055fcb7ee2838241b05d80af You're receiving this email because of your account on salsa.debian.org. ___ debian-security-tracker-commits mailing list debian-security-tracker-commits@alioth-lists.debian.net https://alioth-lists.debian.net/cgi-bin/mailman/listinfo/debian-security-tracker-commits
[Git][security-tracker-team/security-tracker][master] automatic update
Salvatore Bonaccorso pushed to branch master at Debian Security Tracker / security-tracker Commits: a2c426e0 by security tracker role at 2024-12-29T20:12:08+00:00 automatic update - - - - - 1 changed file: - data/CVE/list Changes: = data/CVE/list = @@ -1,148 +1,174 @@ -CVE-2024-56756 [nvme-pci: fix freeing of the HMB descriptor table] +CVE-2024-13022 (A vulnerability, which was classified as critical, was found in taisan ...) + TODO: check +CVE-2024-13021 (A vulnerability, which was classified as problematic, has been found i ...) + TODO: check +CVE-2024-13020 (A vulnerability classified as critical was found in code-projects Chat ...) + TODO: check +CVE-2024-13019 (A vulnerability classified as problematic has been found in code-proje ...) + TODO: check +CVE-2024-13018 (A vulnerability was found in PHPGurukul Maid Hiring Management System ...) + TODO: check +CVE-2024-13017 (A vulnerability was found in PHPGurukul Maid Hiring Management System ...) + TODO: check +CVE-2024-13016 (A vulnerability was found in PHPGurukul Maid Hiring Management System ...) + TODO: check +CVE-2024-13015 (A vulnerability was found in PHPGurukul Maid Hiring Management System ...) + TODO: check +CVE-2024-13014 (A vulnerability has been found in PHPGurukul Maid Hiring Management Sy ...) + TODO: check +CVE-2024-13013 (A vulnerability, which was classified as problematic, was found in PHP ...) + TODO: check +CVE-2024-13012 (A vulnerability, which was classified as problematic, has been found i ...) + TODO: check +CVE-2024-13008 (A vulnerability has been found in code-projects Responsive Hotel Site ...) + TODO: check +CVE-2024-13007 (A vulnerability, which was classified as critical, was found in Codezi ...) + TODO: check +CVE-2024-56756 (In the Linux kernel, the following vulnerability has been resolved: n ...) - linux 6.12.3-1 NOTE: https://git.kernel.org/linus/3c2fb1ca8086eb139b2a551358137525ae8e0d7a (6.13-rc1) -CVE-2024-56755 [netfs/fscache: Add a memory barrier for FSCACHE_VOLUME_CREATING] +CVE-2024-56755 (In the Linux kernel, the following vulnerability has been resolved: n ...) - linux 6.12.3-1 [bullseye] - linux (Vulnerable code not present) NOTE: https://git.kernel.org/linus/22f9400a6f3560629478e0a64247b8fcc811a24d (6.13-rc1) -CVE-2024-56754 [crypto: caam - Fix the pointer passed to caam_qi_shutdown()] +CVE-2024-56754 (In the Linux kernel, the following vulnerability has been resolved: c ...) - linux 6.12.3-1 NOTE: https://git.kernel.org/linus/ad980b04f51f7fb503530bd1cb328ba5e75a250e (6.13-rc1) -CVE-2024-56753 [drm/amdgpu/gfx9: Add Cleaner Shader Deinitialization in gfx_v9_0 Module] +CVE-2024-56753 (In the Linux kernel, the following vulnerability has been resolved: d ...) - linux (Vulnerable code not present) NOTE: https://git.kernel.org/linus/e47cb9d2533200d49dd5364d4a148119492f8a3d (6.13-rc1) -CVE-2024-56752 [drm/nouveau/gr/gf100: Fix missing unlock in gf100_gr_chan_new()] +CVE-2024-56752 (In the Linux kernel, the following vulnerability has been resolved: d ...) - linux 6.12.3-1 [bookworm] - linux (Vulnerable code not present) [bullseye] - linux (Vulnerable code not present) NOTE: https://git.kernel.org/linus/a2f599046c671d6b46d93aed95b37241ce4504cf (6.13-rc1) -CVE-2024-56751 [ipv6: release nexthop on device removal] +CVE-2024-56751 (In the Linux kernel, the following vulnerability has been resolved: i ...) - linux 6.12.3-1 [bookworm] - linux (Vulnerable code not present) [bullseye] - linux (Vulnerable code not present) NOTE: https://git.kernel.org/linus/eb02688c5c45c3e7af7e71f036a7144f5639cbfe (6.13-rc1) -CVE-2024-56750 [erofs: fix blksize < PAGE_SIZE for file-backed mounts] +CVE-2024-56750 (In the Linux kernel, the following vulnerability has been resolved: e ...) - linux (Vulnerable code not present) NOTE: https://git.kernel.org/linus/bae0854160939a64a092516ff1b2f221402b843b (6.13-rc1) -CVE-2024-56749 [dlm: fix dlm_recover_members refcount on error] +CVE-2024-56749 (In the Linux kernel, the following vulnerability has been resolved: d ...) - linux 6.12.3-1 [bookworm] - linux (Vulnerable code not present) [bullseye] - linux (Vulnerable code not present) NOTE: https://git.kernel.org/linus/200b977ebbc313a59174ba971006a231b3533dc5 (6.13-rc1) -CVE-2024-56748 [scsi: qedf: Fix a possible memory leak in qedf_alloc_and_init_sb()] +CVE-2024-56748 (In the Linux kernel, the following vulnerability has been resolved: s ...) - linux 6.12.3-1 NOTE: https://git.kernel.org/linus/c62c30429db3eb4ced35c7fcf6f04a61ce3a01bb (6.13-rc1) -CVE-2024-56747 [scsi: qedi: Fix a possible memory leak in qedi_alloc_and_init_sb()] +CVE-2024
[Git][security-tracker-team/security-tracker][master] automatic update
Salvatore Bonaccorso pushed to branch master at Debian Security Tracker / security-tracker Commits: 035465c4 by security tracker role at 2024-12-29T08:12:42+00:00 automatic update - - - - - 1 changed file: - data/CVE/list Changes: = data/CVE/list = @@ -1,3 +1,29 @@ +CVE-2024-56738 (GNU GRUB (aka GRUB2) through 2.12 does not use a constant-time algorit ...) + TODO: check +CVE-2024-56737 (GNU GRUB (aka GRUB2) through 2.12 has a heap-based buffer overflow in ...) + TODO: check +CVE-2024-13006 (A vulnerability, which was classified as critical, has been found in 1 ...) + TODO: check +CVE-2024-13005 (A vulnerability classified as critical was found in 1000 Projects Atte ...) + TODO: check +CVE-2024-13004 (A vulnerability classified as critical has been found in PHPGurukul Co ...) + TODO: check +CVE-2024-13003 (A vulnerability was found in 1000 Projects Portfolio Management System ...) + TODO: check +CVE-2024-13002 (A vulnerability was found in 1000 Projects Bookstore Management System ...) + TODO: check +CVE-2024-13001 (A vulnerability was found in PHPGurukul Small CRM 1.0. It has been cla ...) + TODO: check +CVE-2024-13000 (A vulnerability was found in PHPGurukul Small CRM 1.0 and classified a ...) + TODO: check +CVE-2024-12999 (A vulnerability has been found in PHPGurukul Small CRM 1.0 and classif ...) + TODO: check +CVE-2024-12998 (A vulnerability, which was classified as problematic, was found in cod ...) + TODO: check +CVE-2024-12238 (The The Ninja Forms \u2013 The Contact Form Builder That Grows With Yo ...) + TODO: check +CVE-2018-25107 (The Crypt::Random::Source package before 0.13 for Perl has a fallback ...) + TODO: check CVE-2024-56512 (Apache NiFi 1.10.0 through 2.0.0 are missing fine-grained authorizatio ...) NOT-FOR-US: Apache NiFi CVE-2024-12995 (A vulnerability classified as problematic has been found in ruifang-te ...) View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/035465c46ca80598497249bdbe0f62105156eb2f -- View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/035465c46ca80598497249bdbe0f62105156eb2f You're receiving this email because of your account on salsa.debian.org. ___ debian-security-tracker-commits mailing list debian-security-tracker-commits@alioth-lists.debian.net https://alioth-lists.debian.net/cgi-bin/mailman/listinfo/debian-security-tracker-commits
[Git][security-tracker-team/security-tracker][master] automatic update
Salvatore Bonaccorso pushed to branch master at Debian Security Tracker / security-tracker Commits: c0550009 by security tracker role at 2024-12-28T20:12:09+00:00 automatic update - - - - - 1 changed file: - data/CVE/list Changes: = data/CVE/list = @@ -1,128 +1,134 @@ -CVE-2024-56708 [EDAC/igen6: Avoid segmentation fault on module unload] +CVE-2024-56512 (Apache NiFi 1.10.0 through 2.0.0 are missing fine-grained authorizatio ...) + TODO: check +CVE-2024-12995 (A vulnerability classified as problematic has been found in ruifang-te ...) + TODO: check +CVE-2024-12994 (A vulnerability was found in running-elephant Datart 1.0.0-rc3. It has ...) + TODO: check +CVE-2024-56708 (In the Linux kernel, the following vulnerability has been resolved: E ...) - linux 6.12.3-1 [bullseye] - linux (Vulnerable code not present) NOTE: https://git.kernel.org/linus/fefaae90398d38a1100ccd73b46ab55ff4610fba (6.13-rc1) -CVE-2024-56707 [octeontx2-pf: handle otx2_mbox_get_rsp errors in otx2_dmac_flt.c] +CVE-2024-56707 (In the Linux kernel, the following vulnerability has been resolved: o ...) - linux 6.12.3-1 [bullseye] - linux (Vulnerable code not present) NOTE: https://git.kernel.org/linus/f5b942e6c54b13246ee49d42dcfb71b7f29e3c64 (6.13-rc1) -CVE-2024-56706 [s390/cpum_sf: Fix and protect memory allocation of SDBs with mutex] +CVE-2024-56706 (In the Linux kernel, the following vulnerability has been resolved: s ...) - linux (Vulnerable code not present) NOTE: https://git.kernel.org/linus/f55bd479d8663a4a4e403b3d308d3d1aa33d92df (6.13-rc1) -CVE-2024-56705 [media: atomisp: Add check for rgby_data memory allocation failure] +CVE-2024-56705 (In the Linux kernel, the following vulnerability has been resolved: m ...) - linux 6.12.3-1 NOTE: https://git.kernel.org/linus/ed61c59139509f76d3592683c90dc3fdc6e23cd6 (6.13-rc1) -CVE-2024-56704 [9p/xen: fix release of IRQ] +CVE-2024-56704 (In the Linux kernel, the following vulnerability has been resolved: 9 ...) - linux 6.12.3-1 NOTE: https://git.kernel.org/linus/e43c608f40c065b30964f0a806348062991b802d (6.13-rc1) -CVE-2024-56703 [ipv6: Fix soft lockups in fib6_select_path under high next hop churn] +CVE-2024-56703 (In the Linux kernel, the following vulnerability has been resolved: i ...) - linux 6.12.3-1 NOTE: https://git.kernel.org/linus/d9ccb18f83ea2bb654289b6ecf014fd267cc988b (6.13-rc1) -CVE-2024-56702 [bpf: Mark raw_tp arguments with PTR_MAYBE_NULL] +CVE-2024-56702 (In the Linux kernel, the following vulnerability has been resolved: b ...) - linux 6.12.3-1 [bookworm] - linux (Vulnerable code not present) [bullseye] - linux (Vulnerable code not present) NOTE: https://git.kernel.org/linus/cb4158ce8ec8a5bb528cc1693356a5eb8058094d (6.13-rc1) -CVE-2024-56701 [powerpc/pseries: Fix dtl_access_lock to be a rw_semaphore] +CVE-2024-56701 (In the Linux kernel, the following vulnerability has been resolved: p ...) - linux 6.12.3-1 [bookworm] - linux (Vulnerable code not present) [bullseye] - linux (Vulnerable code not present) NOTE: https://git.kernel.org/linus/cadae3a45d23aa4f6485938a67cbc4725e38 (6.13-rc1) -CVE-2024-56700 [media: wl128x: Fix atomicity violation in fmc_send_cmd()] +CVE-2024-56700 (In the Linux kernel, the following vulnerability has been resolved: m ...) - linux 6.12.3-1 NOTE: https://git.kernel.org/linus/ca59f9956d4519ab18ab2270be47c6b8c6ced091 (6.13-rc1) -CVE-2024-56699 [s390/pci: Fix potential double remove of hotplug slot] +CVE-2024-56699 (In the Linux kernel, the following vulnerability has been resolved: s ...) - linux 6.12.3-1 [bookworm] - linux (Vulnerable code not present) [bullseye] - linux (Vulnerable code not present) NOTE: https://git.kernel.org/linus/c4a585e952ca403a370586d3f16e8331a7564901 (6.13-rc1) -CVE-2024-56698 [usb: dwc3: gadget: Fix looping of queued SG entries] +CVE-2024-56698 (In the Linux kernel, the following vulnerability has been resolved: u ...) - linux 6.12.3-1 NOTE: https://git.kernel.org/linus/b7fc65f5141c24785dc8c19249ca4efcf71b3524 (6.13-rc1) -CVE-2024-56697 [drm/amdgpu: Fix the memory allocation issue in amdgpu_discovery_get_nps_info()] +CVE-2024-56697 (In the Linux kernel, the following vulnerability has been resolved: d ...) - linux 6.12.3-1 [bookworm] - linux (Vulnerable code not present) [bullseye] - linux (Vulnerable code not present) NOTE: https://git.kernel.org/linus/a1144da794adedb9447437c57d69add56494309d (6.13-rc1) -CVE-2024-56696 [ALSA: core: Fix possible NULL dereference caused by kunit_kzalloc()] +CVE-2024-56696 (In the Linux kernel, the following vulnerability has been resolved: A ...) - linux 6.12.3-1
[Git][security-tracker-team/security-tracker][master] automatic update
Salvatore Bonaccorso pushed to branch master at Debian Security Tracker / security-tracker Commits: d0883c68 by security tracker role at 2024-12-28T08:12:01+00:00 automatic update - - - - - 1 changed file: - data/CVE/list Changes: = data/CVE/list = @@ -1,3 +1,29 @@ +CVE-2024-54775 (Dcat-Admin v2.2.0-beta and v2.2.2-beta contains a Cross-Site Scripting ...) + TODO: check +CVE-2024-54774 (Dcat Admin v2.2.0-beta contains a cross-site scripting (XSS) vulnerabi ...) + TODO: check +CVE-2024-50717 (SQL injection vulnerability in Smart Agent v.1.1.0 allows a remote att ...) + TODO: check +CVE-2024-50716 (SQL injection vulnerability in Smart Agent v.1.1.0 allows a remote att ...) + TODO: check +CVE-2024-50715 (An issue in smarts-srl.com Smart Agent v.1.1.0 allows a remote attacke ...) + TODO: check +CVE-2024-50714 (A Server-Side Request Forgery (SSRF) in smarts-srl.com Smart Agent v.1 ...) + TODO: check +CVE-2024-50713 (SmartAgent v1.1.0 was discovered to contain a SQL injection vulnerabil ...) + TODO: check +CVE-2024-46973 (Software installed and run as a non-privileged user may conduct improp ...) + TODO: check +CVE-2024-46972 (Software installed and run as a non-privileged user may conduct improp ...) + TODO: check +CVE-2024-43705 (Software installed and run as a non-privileged user can trigger the GP ...) + TODO: check +CVE-2023-7266 (Some Huawei home routers have a connection hijacking vulnerability. Su ...) + TODO: check +CVE-2023-7263 (Some Huawei home music system products have a path traversal vulnerabi ...) + TODO: check +CVE-2023-52718 (A connection hijacking vulnerability exists in some Huawei home router ...) + TODO: check CVE-2024-56732 (HarfBuzz is a text shaping engine. Starting with 8.5.0 through 10.0.1, ...) - harfbuzz NOTE: https://github.com/harfbuzz/harfbuzz/security/advisories/GHSA-qmp9-xqm5-jh6m @@ -46645,7 +46671,7 @@ CVE-2024-38523 (Hush Line is a free and open-source, anonymous-tip-line-as-a-ser NOT-FOR-US: Hush Line CVE-2024-38515 REJECTED -CVE-2024-35260 (An authenticated attacker can exploit an Untrusted Search Path vulnera ...) +CVE-2024-35260 (An authenticated attacker can exploit an untrusted search path vulnera ...) NOT-FOR-US: Microsoft CVE-2024-35153 (IBM WebSphere Application Server 8.5 and 9.0 is vulnerable to cross-si ...) NOT-FOR-US: IBM @@ -135890,8 +135916,8 @@ CVE-2022-48472 (A Huawei printer has a system command injection vulnerability. S NOT-FOR-US: Huawei CVE-2022-48471 (There is a misinterpretation of input vulnerability in Huawei Printer. ...) NOT-FOR-US: Huawei -CVE-2022-48470 - RESERVED +CVE-2022-48470 (Huawei HiLink AI Life product has an identity authentication bypass vu ...) + TODO: check CVE-2022-48469 (There is a traffic hijacking vulnerability in Huawei routers. Successf ...) NOT-FOR-US: Huawei CVE-2014-125099 (A vulnerability has been found in I Recommend This Plugin up to 3.7.2 ...) @@ -272536,8 +272562,8 @@ CVE-2021-37002 (There is a Memory out-of-bounds access vulnerability in Huawei S NOT-FOR-US: Huawei CVE-2021-37001 (There is a Register tampering vulnerability in Huawei Smartphone.Succe ...) NOT-FOR-US: Huawei -CVE-2021-37000 - RESERVED +CVE-2021-37000 (Some Huawei wearables have a permission management vulnerability.) + TODO: check CVE-2021-36999 (There is a Buffer overflow vulnerability in Huawei Smartphone.Successf ...) NOT-FOR-US: Huawei CVE-2021-36998 (There is an Improper verification vulnerability in Huawei Smartphone.S ...) @@ -309276,8 +309302,8 @@ CVE-2021-22486 (There is a issue of Unstandardized field names in Huawei Smartph NOT-FOR-US: Huawei CVE-2021-22485 (There is a SSID vulnerability with Wi-Fi network connections in Huawei ...) NOT-FOR-US: Huawei -CVE-2021-22484 - RESERVED +CVE-2021-22484 (Some Huawei wearables have a vulnerability of not verifying the actual ...) + TODO: check CVE-2021-22483 (There is a issue of IP address spoofing in Huawei Smartphone. Successf ...) NOT-FOR-US: Huawei CVE-2021-22482 (There is an Uninitialized variable vulnerability in Huawei Smartphone. ...) @@ -394523,16 +394549,16 @@ CVE-2020-1826 (Huawei Honor Magic2 mobile phones with versions earlier than 10.0 NOT-FOR-US: Huawei CVE-2020-1825 (FusionAccess with versions earlier than 6.5.1.SPC002 have a Denial of ...) NOT-FOR-US: Huawei -CVE-2020-1824 - RESERVED -CVE-2020-1823 - RESERVED -CVE-2020-1822 - RESERVED -CVE-2020-1821 - RESERVED -CVE-2020-1820 - RESERVED +CVE-2020-1824 (There are multiple out of bounds (OOB) read vulnerabilities in the imp ...) + TODO: check +CVE-2020-1823 (There are multiple out of bounds (OOB) read vulnerabilities in th
[Git][security-tracker-team/security-tracker][master] automatic update
Salvatore Bonaccorso pushed to branch master at Debian Security Tracker / security-tracker Commits: 9ff32a32 by security tracker role at 2024-12-27T20:12:58+00:00 automatic update - - - - - 1 changed file: - data/CVE/list Changes: = data/CVE/list = @@ -1,848 +1,894 @@ -CVE-2024-56675 [bpf: Fix UAF via mismatching bpf_prog/attachment RCU flavors] +CVE-2024-56732 (HarfBuzz is a text shaping engine. Starting with 8.5.0 through 10.0.1, ...) + TODO: check +CVE-2024-56509 (changedetection.io is a free open source web page change detection, we ...) + TODO: check +CVE-2024-56508 (LinkAce is a self-hosted archive to collect links of your favorite web ...) + TODO: check +CVE-2024-56507 (LinkAce is a self-hosted archive to collect links of your favorite web ...) + TODO: check +CVE-2024-54454 (An issue was discovered in Kurmi Provisioning Suite before 7.9.0.35, 7 ...) + TODO: check +CVE-2024-54453 (An issue was discovered in Kurmi Provisioning Suite before 7.9.0.35, 7 ...) + TODO: check +CVE-2024-54452 (An issue was discovered in Kurmi Provisioning Suite before 7.9.0.35 an ...) + TODO: check +CVE-2024-54451 (A cross-site scripting (XSS) vulnerability in the graphicCustomization ...) + TODO: check +CVE-2024-54450 (An issue was discovered in Kurmi Provisioning Suite 7.9.0.33. If an X- ...) + TODO: check +CVE-2024-53476 (A race condition vulnerability in SimplCommerce at commit 230310c8d7a0 ...) + TODO: check +CVE-2024-50945 (An improper access control vulnerability exists in SimplCommerce at co ...) + TODO: check +CVE-2024-50944 (Integer overflow vulnerability exists in SimplCommerce at commit 23031 ...) + TODO: check +CVE-2024-3393 (A Denial of Service vulnerability in the DNS Security feature of Palo ...) + TODO: check +CVE-2024-39025 (Incorrect access control in the /users endpoint of Cpacker MemGPT v0.3 ...) + TODO: check +CVE-2024-12991 (A vulnerability was found in Beijing Longda Jushang Technology DBShop\ ...) + TODO: check +CVE-2024-12990 (A vulnerability was found in ruifang-tech Rebuild 3.8.6. It has been c ...) + TODO: check +CVE-2024-12989 (A vulnerability was found in WISI Tangram GT31 up to 20241214 and clas ...) + TODO: check +CVE-2024-12988 (A vulnerability has been found in Netgear R6900P and R7000P 1.3.3.154 ...) + TODO: check +CVE-2024-12987 (A vulnerability, which was classified as critical, was found in DrayTe ...) + TODO: check +CVE-2024-12986 (A vulnerability, which was classified as critical, has been found in D ...) + TODO: check +CVE-2024-12985 (A vulnerability classified as critical was found in Overtek OT-E801G O ...) + TODO: check +CVE-2024-12984 (A vulnerability classified as problematic has been found in Amcrest IP ...) + TODO: check +CVE-2024-12856 (The Four-Faith router models F3x24 and F3x36 are affected by an operat ...) + TODO: check +CVE-2024-56675 (In the Linux kernel, the following vulnerability has been resolved: b ...) - linux 6.12.6-1 [bullseye] - linux (Vulnerable code not present) NOTE: https://git.kernel.org/linus/ef1b808e3b7c98612feceedf985c2fbbeb28f956 (6.13-rc3) -CVE-2024-56674 [virtio_net: correct netdev_tx_reset_queue() invocation point] +CVE-2024-56674 (In the Linux kernel, the following vulnerability has been resolved: v ...) - linux 6.12.6-1 [bookworm] - linux (Vulnerable code not present) [bullseye] - linux (Vulnerable code not present) NOTE: https://git.kernel.org/linus/3ddccbefebdbe0c4c72a248676e4d39ac66a8e26 (6.13-rc3) -CVE-2024-56673 [riscv: mm: Do not call pmd dtor on vmemmap page table teardown] +CVE-2024-56673 (In the Linux kernel, the following vulnerability has been resolved: r ...) - linux 6.12.6-1 [bookworm] - linux (Vulnerable code not present) [bullseye] - linux (Vulnerable code not present) NOTE: https://git.kernel.org/linus/21f1b85c8912262adf51707e63614a114425eb10 (6.13-rc3) -CVE-2024-56672 [blk-cgroup: Fix UAF in blkcg_unpin_online()] +CVE-2024-56672 (In the Linux kernel, the following vulnerability has been resolved: b ...) - linux 6.12.6-1 NOTE: https://git.kernel.org/linus/86e6ca55b83c575ab0f2e105cf08f98e58d3d7af (6.13-rc3) -CVE-2024-56671 [gpio: graniterapids: Fix vGPIO driver crash] +CVE-2024-56671 (In the Linux kernel, the following vulnerability has been resolved: g ...) - linux 6.12.6-1 NOTE: https://git.kernel.org/linus/eb9640fd1ce10b77f5997596e9570a36378f (6.13-rc3) -CVE-2024-56670 [usb: gadget: u_serial: Fix the issue that gs_start_io crashed due to accessing null pointer] +CVE-2024-56670 (In the Linux kernel, the following vulnerability has been resolved: u ...) - linux 6.12.6-1 NOTE: https://git.kernel.org/linus/4cfbca86f6a8b801f3254e0
[Git][security-tracker-team/security-tracker][master] automatic update
Salvatore Bonaccorso pushed to branch master at Debian Security Tracker / security-tracker Commits: 6ccf538f by security tracker role at 2024-12-27T08:12:04+00:00 automatic update - - - - - 1 changed file: - data/CVE/list Changes: = data/CVE/list = @@ -1,3 +1,61 @@ +CVE-2024-56527 (An issue was discovered in TCPDF before 6.8.0. The Error function lack ...) + TODO: check +CVE-2024-56522 (An issue was discovered in TCPDF before 6.8.0. unserializeTCPDFtag use ...) + TODO: check +CVE-2024-56521 (An issue was discovered in TCPDF before 6.8.0. If libcurl is used, CUR ...) + TODO: check +CVE-2024-56520 (An issue was discovered in tc-lib-pdf-font before 2.6.4, as used in TC ...) + TODO: check +CVE-2024-56519 (An issue was discovered in TCPDF before 6.8.0. setSVGStyles does not s ...) + TODO: check +CVE-2024-56510 (@marp-team/marp-core is the core for Marp, which is the ecosystem to w ...) + TODO: check +CVE-2024-56361 (LGSL (Live Game Server List) provides online status for games. Before ...) + TODO: check +CVE-2024-55950 (Tabby (formerly Terminus) is a highly configurable terminal emulator. ...) + TODO: check +CVE-2024-53850 (The Addressing GLPI plugin enables you to create IP reports for visual ...) + TODO: check +CVE-2024-45805 (OpenCTI is an open-source cyber threat intelligence platform. Before 6 ...) + TODO: check +CVE-2024-45600 (Fields is a GLPI plugin that allows users to add custom fields on GLPI ...) + TODO: check +CVE-2024-12983 (A vulnerability classified as problematic has been found in code-proje ...) + TODO: check +CVE-2024-12982 (A vulnerability was found in PHPGurukul Blood Bank & Donor Management ...) + TODO: check +CVE-2024-12981 (A vulnerability was found in CodeAstro Car Rental System 1.0. It has b ...) + TODO: check +CVE-2024-12980 (A vulnerability was found in code-projects Job Recruitment 1.0. It has ...) + TODO: check +CVE-2024-12979 (A vulnerability was found in code-projects Job Recruitment 1.0 and cla ...) + TODO: check +CVE-2024-12978 (A vulnerability has been found in code-projects Job Recruitment 1.0 an ...) + TODO: check +CVE-2024-12977 (A vulnerability, which was classified as critical, was found in PHPGur ...) + TODO: check +CVE-2024-12976 (A vulnerability, which was classified as critical, has been found in C ...) + TODO: check +CVE-2024-12969 (A vulnerability, which was classified as critical, has been found in c ...) + TODO: check +CVE-2024-12968 (A vulnerability classified as critical was found in code-projects Job ...) + TODO: check +CVE-2024-12967 (A vulnerability classified as critical has been found in code-projects ...) + TODO: check +CVE-2024-12966 (A vulnerability was found in code-projects Job Recruitment 1.0. It has ...) + TODO: check +CVE-2024-12965 (A vulnerability was found in 1000 Projects Portfolio Management System ...) + TODO: check +CVE-2024-11921 (The GiveWP WordPress plugin before 3.19.0 does not sanitise and escap ...) + TODO: check +CVE-2024-11842 (The DN Shipping by Weight for WooCommerce WordPress plugin before 1.2 ...) + TODO: check +CVE-2024-11645 (The float block WordPress plugin through 1.7 does not sanitise and esc ...) + TODO: check +CVE-2024-11644 (The WP-SVG WordPress plugin through 0.9 does not validate and escape s ...) + TODO: check +CVE-2024-11605 (The wp-publications WordPress plugin through 1.2 does not escape filen ...) + TODO: check CVE-2024-8994 (Some Honor products are affected by information leak vulnerability, su ...) NOT-FOR-US: Honor CVE-2024-8993 (Some Honor products are affected by information leak vulnerability, su ...) @@ -4351,6 +4409,7 @@ CVE-2024-55566 (ColPack 1.0.10 through 9a7293a has a predictable temporary file NOTE: https://bugzilla.suse.com/show_bug.cgi?id=1225617 NOTE: Negligible security impact with fs.protected_symlinks=1 being the standard in Debian CVE-2024-55565 (nanoid (aka Nano ID) before 5.0.9 mishandles non-integer values. 3.3.8 ...) + {DLA-4003-1} - node-postcss 8.4.49+~cs9.2.32-1 [bookworm] - node-postcss (Minor issue) NOTE: node-postcss bundles nanoid @@ -19519,7 +19578,7 @@ CVE-2024-10134 (A vulnerability was found in ESAFENET CDG 5 and classified as cr NOT-FOR-US: ESAFENET CDG CVE-2024-10133 (A vulnerability has been found in ESAFENET CDG 5 and classified as cri ...) NOT-FOR-US: ESAFENET CDG -CVE-2024-9774 +CVE-2024-9774 (A vulnerability was found in python-sql where unary operators do not e ...) {DSA-5795-1 DLA-3932-1} - python-sql 1.5.2-1 NOTE: https://discuss.tryton.org/t/security-release-for-issue-93 @@ -114501,6 +114560,7 @@ CVE-2023-5227 (Unrestricted Upload of File with Dangerous Type in GitHub reposit
[Git][security-tracker-team/security-tracker][master] automatic update
Salvatore Bonaccorso pushed to branch master at Debian Security Tracker / security-tracker Commits: c7e3d089 by security tracker role at 2024-12-26T20:12:18+00:00 automatic update - - - - - 1 changed file: - data/CVE/list Changes: = data/CVE/list = @@ -1,3 +1,79 @@ +CVE-2024-8994 (Some Honor products are affected by information leak vulnerability, su ...) + TODO: check +CVE-2024-8993 (Some Honor products are affected by information leak vulnerability, su ...) + TODO: check +CVE-2024-8992 (Some Honor products are affected by information leak vulnerability, su ...) + TODO: check +CVE-2024-56433 (shadow-utils (aka shadow) 4.4 through 4.17.0 establishes a default /et ...) + TODO: check +CVE-2024-54907 (TOTOLINK A3002R V4.0.0-B20230531.1404 is vulnerable to Remote Code Exe ...) + TODO: check +CVE-2024-51540 (Dell ECS, versions prior to 3.8.1.3 contains an arithmetic overflow vu ...) + TODO: check +CVE-2024-47157 (Some Honor products are affected by incorrect privilege assignment vul ...) + TODO: check +CVE-2024-47156 (Some Honor products are affected by information leak vulnerability, su ...) + TODO: check +CVE-2024-47155 (Some Honor products are affected by information leak vulnerability, su ...) + TODO: check +CVE-2024-47154 (Some Honor products are affected by information leak vulnerability, su ...) + TODO: check +CVE-2024-47153 (Some Honor products are affected by information leak vulnerability, su ...) + TODO: check +CVE-2024-47151 (Some Honor products are affected by file writing vulnerability, succes ...) + TODO: check +CVE-2024-47150 (Some Honor products are affected by information leak vulnerability, su ...) + TODO: check +CVE-2024-47149 (Some Honor products are affected by incorrect privilege assignment vul ...) + TODO: check +CVE-2024-47148 (Some Honor products are affected by incorrect privilege assignment vul ...) + TODO: check +CVE-2024-12964 (A vulnerability was found in 1000 Projects Daily College Class Work Re ...) + TODO: check +CVE-2024-12963 (A vulnerability was found in code-projects Job Recruitment 1.0 and cla ...) + TODO: check +CVE-2024-12962 (A vulnerability has been found in code-projects Job Recruitment 1.0 an ...) + TODO: check +CVE-2024-12961 (A vulnerability, which was classified as critical, was found in 1000 P ...) + TODO: check +CVE-2024-12960 (A vulnerability, which was classified as critical, has been found in 1 ...) + TODO: check +CVE-2024-12959 (A vulnerability classified as critical was found in 1000 Projects Port ...) + TODO: check +CVE-2024-12958 (A vulnerability classified as critical has been found in 1000 Projects ...) + TODO: check +CVE-2024-12956 (A vulnerability was found in 1000 Projects Portfolio Management System ...) + TODO: check +CVE-2024-12955 (A vulnerability has been found in PHPGurukul Blood Bank & Donor Manage ...) + TODO: check +CVE-2024-12954 (A vulnerability, which was classified as critical, was found in 1000 P ...) + TODO: check +CVE-2024-12953 (A vulnerability, which was classified as critical, has been found in 1 ...) + TODO: check +CVE-2024-12952 (A vulnerability classified as critical was found in melMass comfy_mtb ...) + TODO: check +CVE-2024-12951 (A vulnerability classified as critical has been found in 1000 Projects ...) + TODO: check +CVE-2024-12950 (A vulnerability was found in code-projects Travel Management System 1. ...) + TODO: check +CVE-2024-12949 (A vulnerability was found in code-projects Travel Management System 1. ...) + TODO: check +CVE-2024-12948 (A vulnerability was found in code-projects Travel Management System 1. ...) + TODO: check +CVE-2024-12947 (A vulnerability was found in Codezips Hospital Management System 1.0 a ...) + TODO: check +CVE-2024-12946 (A vulnerability, which was classified as critical, has been found in 1 ...) + TODO: check +CVE-2024-12945 (A vulnerability classified as critical was found in code-projects Simp ...) + TODO: check +CVE-2024-12944 (A vulnerability was found in CodeAstro House Rental Management System ...) + TODO: check +CVE-2024-12943 (A vulnerability was found in CodeAstro House Rental Management System ...) + TODO: check +CVE-2024-12908 (Delinea addressed a reported case on Secret Server v11.7.31 (protocol ...) + TODO: check +CVE-2023-7300 (Huawei Home Music System has a path traversal vulnerability. Successfu ...) + TODO: check CVE-2024-12942 (A vulnerability was found in 1000 Projects Portfolio Management System ...) NOT-FOR-US: 1000 Projects Portfolio Management System CVE-2024-12941 (A vulnerability was found in CodeAstro Blood Donor Management System 1 ...) @@ -1678,9 +1754,11 @@ CVE-2024-56082 (ChatBar.tsx in Lumos before 1.0.
[Git][security-tracker-team/security-tracker][master] automatic update
Salvatore Bonaccorso pushed to branch master at Debian Security Tracker / security-tracker Commits: 93a01163 by security tracker role at 2024-12-26T08:12:41+00:00 automatic update - - - - - 1 changed file: - data/CVE/list Changes: = data/CVE/list = @@ -1,3 +1,41 @@ +CVE-2024-12942 (A vulnerability was found in 1000 Projects Portfolio Management System ...) + TODO: check +CVE-2024-12941 (A vulnerability was found in CodeAstro Blood Donor Management System 1 ...) + TODO: check +CVE-2024-12940 (A vulnerability has been found in 1000 Projects Attendance Tracking Ma ...) + TODO: check +CVE-2024-12939 (A vulnerability was found in code-projects Job Recruitment 1.0. It has ...) + TODO: check +CVE-2024-12938 (A vulnerability has been found in code-projects Simple Admin Panel 1.0 ...) + TODO: check +CVE-2024-12937 (A vulnerability, which was classified as critical, was found in code-p ...) + TODO: check +CVE-2024-12936 (A vulnerability, which was classified as critical, has been found in c ...) + TODO: check +CVE-2024-12935 (A vulnerability classified as critical was found in code-projects Simp ...) + TODO: check +CVE-2024-12934 (A vulnerability classified as critical has been found in code-projects ...) + TODO: check +CVE-2024-12933 (A vulnerability was found in code-projects Simple Admin Panel 1.0. It ...) + TODO: check +CVE-2024-12932 (A vulnerability was found in code-projects Simple Admin Panel 1.0. It ...) + TODO: check +CVE-2024-12931 (A vulnerability was found in code-projects Simple Admin Panel 1.0. It ...) + TODO: check +CVE-2024-12930 (A vulnerability was found in code-projects Simple Admin Panel 1.0 and ...) + TODO: check +CVE-2024-12929 (A vulnerability has been found in code-projects Student Management Sys ...) + TODO: check +CVE-2024-12928 (A vulnerability, which was classified as critical, was found in code-p ...) + TODO: check +CVE-2024-12927 (A vulnerability, which was classified as critical, has been found in 1 ...) + TODO: check +CVE-2024-12652 (A Improper Control of Generation of Code ('Code Injection') vulnerabil ...) + TODO: check +CVE-2024-11223 (The WPForms WordPress plugin before 1.9.2.3 does not sanitise and esc ...) + TODO: check +CVE-2024-10903 (The Broken Link Checker WordPress plugin before 2.4.2 does not validat ...) + TODO: check CVE-2024-8950 (Improper Neutralization of Special Elements used in an SQL Command ('S ...) NOT-FOR-US: Arne Informatics Piramit Automation CVE-2024-56431 (oc_huff_tree_unpack in huffdec.c in libtheora in Theora through 1.0 71 ...) @@ -2492,6 +2530,7 @@ CVE-2024-54513 (A permissions issue was addressed with additional restrictions. CVE-2024-54510 (A race condition was addressed with improved locking. This issue is fi ...) NOT-FOR-US: Apple CVE-2024-54508 (The issue was addressed with improved memory handling. This issue is f ...) + {DSA-5835-1} - webkit2gtk 2.46.5-1 - wpewebkit 2.46.5-1 [bookworm] - wpewebkit (wpewebkit not covered by security support in Bookworm) @@ -2500,6 +2539,7 @@ CVE-2024-54508 (The issue was addressed with improved memory handling. This issu CVE-2024-54506 (An out-of-bounds access issue was addressed with improved bounds check ...) NOT-FOR-US: Apple CVE-2024-54505 (A type confusion issue was addressed with improved memory handling. Th ...) + {DSA-5835-1} - webkit2gtk 2.46.5-1 - wpewebkit 2.46.5-1 [bookworm] - wpewebkit (wpewebkit not covered by security support in Bookworm) @@ -2510,6 +2550,7 @@ CVE-2024-54504 (A privacy issue was addressed with improved private data redacti CVE-2024-54503 (An inconsistent user interface issue was addressed with improved state ...) NOT-FOR-US: Apple CVE-2024-54502 (The issue was addressed with improved checks. This issue is fixed in w ...) + {DSA-5835-1} - webkit2gtk 2.46.5-1 - wpewebkit 2.46.5-1 [bookworm] - wpewebkit (wpewebkit not covered by security support in Bookworm) @@ -2542,6 +2583,7 @@ CVE-2024-54485 (The issue was addressed by adding additional logic. This issue i CVE-2024-54484 (The issue was resolved by sanitizing logging. This issue is fixed in m ...) NOT-FOR-US: Apple CVE-2024-54479 (The issue was addressed with improved checks. This issue is fixed in i ...) + {DSA-5835-1} - webkit2gtk 2.46.5-1 - wpewebkit 2.46.5-1 [bookworm] - wpewebkit (wpewebkit not covered by security support in Bookworm) View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/93a01163d22246204bf87c5283873a9d0dedc61e -- View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/93a01163d22246204bf87c5283873a9d0dedc61e You're receiving
[Git][security-tracker-team/security-tracker][master] automatic update
Salvatore Bonaccorso pushed to branch master at Debian Security Tracker / security-tracker Commits: 747cf529 by security tracker role at 2024-12-25T20:12:11+00:00 automatic update - - - - - 1 changed file: - data/CVE/list Changes: = data/CVE/list = @@ -1,3 +1,55 @@ +CVE-2024-8950 (Improper Neutralization of Special Elements used in an SQL Command ('S ...) + TODO: check +CVE-2024-56431 (oc_huff_tree_unpack in huffdec.c in libtheora in Theora through 1.0 71 ...) + TODO: check +CVE-2024-56430 (OpenFHE through 1.2.3 has a NULL pointer dereference in BinFHEContext: ...) + TODO: check +CVE-2024-53291 (Dell NativeEdge, version(s) 2.1.0.0, contain(s) an Exposure of Sensiti ...) + TODO: check +CVE-2024-52906 (IBM AIX7.2, 7.3, VIOS 3.1, and 4.1could allow a non-privileged loc ...) + TODO: check +CVE-2024-52543 (Dell NativeEdge, version(s) 2.1.0.0, contain(s) a Creation of Temporar ...) + TODO: check +CVE-2024-52535 (Dell SupportAssist for Home PCs versions 4.6.1 and prior and Dell Supp ...) + TODO: check +CVE-2024-52534 (Dell ECS, version(s) prior to ECS 3.8.1.3, contain(s) an Authenticatio ...) + TODO: check +CVE-2024-52046 (The ObjectSerializationDecoder in Apache MINA uses Java\u2019s native ...) + TODO: check +CVE-2024-47978 (Dell NativeEdge, version(s) 2.1.0.0, contain(s) an Execution with Unne ...) + TODO: check +CVE-2024-47102 (IBM AIX7.2, 7.3, VIOS 3.1, and 4.1 could allow a non-privileged local ...) + TODO: check +CVE-2024-39727 (IBM Engineering Lifecycle Optimization - Engineering Insights 7.0.2 an ...) + TODO: check +CVE-2024-39725 (IBM Engineering Lifecycle Optimization - Engineering Insights 7.0.2 an ...) + TODO: check +CVE-2024-1609 (In OPPOStore iOS App, there's a possible escalation of privilege due t ...) + TODO: check +CVE-2024-12926 (A vulnerability classified as critical was found in Codezips Project M ...) + TODO: check +CVE-2024-12636 (The Privacy Policy Generator, Terms & Conditions Generator WordPress P ...) + TODO: check +CVE-2024-12428 (The WP Data Access \u2013 App, Table, Form and Chart Builder plugin pl ...) + TODO: check +CVE-2024-12413 (The MarketKing \u2014 Ultimate WooCommerce Multivendor Marketplace Sol ...) + TODO: check +CVE-2024-12335 (The Avada (Fusion) Builder plugin for WordPress is vulnerable to Infor ...) + TODO: check +CVE-2024-12272 (The WP Travel Engine \u2013 Elementor Widgets | Create Travel Booking ...) + TODO: check +CVE-2024-12190 (The Contact Form by Bit Form: Multi Step Form, Calculation Contact For ...) + TODO: check +CVE-2024-12032 (The Tourfic \u2013 Ultimate Hotel Booking, Travel Booking & Apartment ...) + TODO: check +CVE-2024-11281 (The WooCommerce Point of Sale plugin for WordPress is vulnerable to pr ...) + TODO: check +CVE-2024-10862 (The NEX-Forms \u2013 Ultimate Form Builder \u2013 Contact forms and mu ...) + TODO: check +CVE-2024-10858 (The Jetpack WordPress plugin before 14.1 does not properly checks the ...) + TODO: check +CVE-2023-5117 (An issue was discovered in GitLab CE/EE affecting all versions before ...) + TODO: check CVE-2024-8721 (The Tracking Code Manager plugin for WordPress is vulnerable to Stored ...) NOT-FOR-US: WordPress plugin CVE-2024-53163 (In the Linux kernel, the following vulnerability has been resolved: c ...) @@ -6020,7 +6072,8 @@ CVE-2024-36611 (In Symfony v7.07, a security vulnerability was identified in the - symfony (bug #1088817) NOTE: https://github.com/symfony/symfony/commit/a804ca15fcad279d7727b91d12a667fd5b925995 (v7.1.0-BETA1) NOTE: Not considered a security issue by upstream: https://github.com/symfony/symfony/issues/59077#issuecomment-2513935018 -CVE-2024-36610 (A deserialization vulnerability exists in the Stub class of the VarDum ...) +CVE-2024-36610 + REJECTED - symfony 6.4.4+dfsg-3 (unimportant) NOTE: Fixed by: https://github.com/symfony/symfony/commit/3ffd495bb3cc4d2e24e35b2d83c5b909cab7e259 (v6.4.4) NOTE: Not considered a security issue by upstream: https://github.com/symfony/symfony/issues/59077#issuecomment-2513935018 View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/747cf5297cf0ee992023ca42dc85ec7090163c79 -- View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/747cf5297cf0ee992023ca42dc85ec7090163c79 You're receiving this email because of your account on salsa.debian.org. ___ debian-security-tracker-commits mailing list debian-security-tracker-commits@alioth-lists.debian.net https://alioth-lists.debian.net/cgi-bin/mailman/listinfo/debian-security-tracker-commits
[Git][security-tracker-team/security-tracker][master] automatic update
Salvatore Bonaccorso pushed to branch master at Debian Security Tracker / security-tracker Commits: d8e7d4e5 by security tracker role at 2024-12-24T20:12:03+00:00 automatic update - - - - - 1 changed file: - data/CVE/list Changes: = data/CVE/list = @@ -1,3 +1,71 @@ +CVE-2024-8721 (The Tracking Code Manager plugin for WordPress is vulnerable to Stored ...) + TODO: check +CVE-2024-53163 (In the Linux kernel, the following vulnerability has been resolved: c ...) + TODO: check +CVE-2024-53162 (In the Linux kernel, the following vulnerability has been resolved: c ...) + TODO: check +CVE-2024-53161 (In the Linux kernel, the following vulnerability has been resolved: E ...) + TODO: check +CVE-2024-53160 (In the Linux kernel, the following vulnerability has been resolved: r ...) + TODO: check +CVE-2024-53159 (In the Linux kernel, the following vulnerability has been resolved: h ...) + TODO: check +CVE-2024-53158 (In the Linux kernel, the following vulnerability has been resolved: s ...) + TODO: check +CVE-2024-53157 (In the Linux kernel, the following vulnerability has been resolved: f ...) + TODO: check +CVE-2024-53156 (In the Linux kernel, the following vulnerability has been resolved: w ...) + TODO: check +CVE-2024-53155 (In the Linux kernel, the following vulnerability has been resolved: o ...) + TODO: check +CVE-2024-53154 (In the Linux kernel, the following vulnerability has been resolved: c ...) + TODO: check +CVE-2024-53153 (In the Linux kernel, the following vulnerability has been resolved: P ...) + TODO: check +CVE-2024-53152 (In the Linux kernel, the following vulnerability has been resolved: P ...) + TODO: check +CVE-2024-53151 (In the Linux kernel, the following vulnerability has been resolved: s ...) + TODO: check +CVE-2024-53150 (In the Linux kernel, the following vulnerability has been resolved: A ...) + TODO: check +CVE-2024-53149 (In the Linux kernel, the following vulnerability has been resolved: u ...) + TODO: check +CVE-2024-53148 (In the Linux kernel, the following vulnerability has been resolved: c ...) + TODO: check +CVE-2024-53147 (In the Linux kernel, the following vulnerability has been resolved: e ...) + TODO: check +CVE-2024-53146 (In the Linux kernel, the following vulnerability has been resolved: N ...) + TODO: check +CVE-2024-53145 (In the Linux kernel, the following vulnerability has been resolved: u ...) + TODO: check +CVE-2024-43441 (Authentication Bypass by Assumed-Immutable Data vulnerability in Apach ...) + TODO: check +CVE-2024-12881 (The PlugVersions \u2013 Easily rollback to previous versions of your p ...) + TODO: check +CVE-2024-12850 (The Database Backup and check Tables Automated With Scheduler 2024 plu ...) + TODO: check +CVE-2024-12746 (A SQL injection in the Amazon Redshift ODBC Driver v2.1.5.0 (Windows o ...) + TODO: check +CVE-2024-12745 (A SQL injection in the Amazon Redshift Python Connector v2.1.4 allows ...) + TODO: check +CVE-2024-12744 (A SQL injection in the Amazon Redshift JDBC Driver in v2.1.0.31 allows ...) + TODO: check +CVE-2024-12468 (The WP Datepicker plugin for WordPress is vulnerable to Reflected Cros ...) + TODO: check +CVE-2024-12268 (The Responsive Blocks \u2013 WordPress Gutenberg Blocks plugin for Wor ...) + TODO: check +CVE-2024-12103 (The Content No Cache: prevent specific content from being cached plugi ...) + TODO: check +CVE-2024-12031 (The Advanced Floating Content plugin for WordPress is vulnerable to SQ ...) + TODO: check +CVE-2024-11896 (The Text Prompter \u2013 Unlimited chatgpt text prompts for openai tas ...) + TODO: check +CVE-2024-11726 (The Appointment Booking Calendar Plugin and Scheduling Plugin \u2013 B ...) + TODO: check +CVE-2024-10856 (The Booking Calendar WpDevArt plugin is vulnerable to time-based, blin ...) + TODO: check +CVE-2024-10584 (The DirectoryPress \u2013 Business Directory And Classified Ad Listing ...) + TODO: check CVE-2024-9427 (A vulnerability in Koji was found. An unsanitized input allows for an ...) TODO: check CVE-2024-53961 (ColdFusion versions 2023.11, 2021.17 and earlier are affected by an Im ...) @@ -1007,10 +1075,10 @@ CVE-2024-53144 (In the Linux kernel, the following vulnerability has been resolv - linux 6.11.4-1 [bookworm] - linux 6.1.115-1 NOTE: https://git.kernel.org/linus/b25e11f978b63cb7857890edb3a698599cddb10e (6.12-rc2) -CVE-2024-53241 [Xen hypercall page unsafe against speculative attacks] +CVE-2024-53241 (In the Linux kernel, the following vulnerability has been resolved: x ...) - linux 6.12.6-1 NOTE: https://xenbits.xen.org/xsa/advisory-466.html -CVE-2024-53240 [Backend can crash Linux netfront] +
[Git][security-tracker-team/security-tracker][master] automatic update
Salvatore Bonaccorso pushed to branch master at Debian Security Tracker / security-tracker Commits: 50043887 by security tracker role at 2024-12-24T08:12:33+00:00 automatic update - - - - - 1 changed file: - data/CVE/list Changes: = data/CVE/list = @@ -1,3 +1,51 @@ +CVE-2024-9427 (A vulnerability in Koji was found. An unsanitized input allows for an ...) + TODO: check +CVE-2024-53961 (ColdFusion versions 2023.11, 2021.17 and earlier are affected by an Im ...) + TODO: check +CVE-2024-47515 (A vulnerability was found in Pagure. Support of symbolic links during ...) + TODO: check +CVE-2024-41887 (Team ENVY, a Security Research TEAM has found a flaw that allows for a ...) + TODO: check +CVE-2024-41886 (Team ENVY, a Security Research TEAM has found a flaw that allows for a ...) + TODO: check +CVE-2024-41885 (Team ENVY, a Security Research TEAM has found a flaw that allows for a ...) + TODO: check +CVE-2024-41884 (Team ENVY, a Security Research TEAM has found a flaw that allows for a ...) + TODO: check +CVE-2024-41883 (Team ENVY, a Security Research TEAM has found a flaw that allows for a ...) + TODO: check +CVE-2024-41882 (Team ENVY, a Security Research TEAM has found a flaw that allows for a ...) + TODO: check +CVE-2024-12814 (The Loan Comparison plugin for WordPress is vulnerable to Stored Cross ...) + TODO: check +CVE-2024-12710 (The WP-Appbox plugin for WordPress is vulnerable to Reflected Cross-Si ...) + TODO: check +CVE-2024-12622 (The WordPress Simple Shopping Cart plugin for WordPress is vulnerable ...) + TODO: check +CVE-2024-12617 (The WC Price History for Omnibus plugin for WordPress is vulnerable to ...) + TODO: check +CVE-2024-12594 (The Custom Login Page Styler \u2013 Login Protected Private Site , Cha ...) + TODO: check +CVE-2024-12518 (The ShMapper by Teplitsa plugin for WordPress is vulnerable to Stored ...) + TODO: check +CVE-2024-12507 (The Optio Dentistry plugin for WordPress is vulnerable to Stored Cross ...) + TODO: check +CVE-2024-12405 (The Export Customers Data plugin for WordPress is vulnerable to Reflec ...) + TODO: check +CVE-2024-12266 (The ELEX WooCommerce Dynamic Pricing and Discounts plugin for WordPres ...) + TODO: check +CVE-2024-12210 (The Print Invoice & Delivery Notes for WooCommerce plugin for WordPres ...) + TODO: check +CVE-2024-12100 (The Bitcoin Lightning Publisher for WordPress plugin for WordPress is ...) + TODO: check +CVE-2024-12096 (The Exhibit to WP Gallery WordPress plugin through 0.0.2 does not sani ...) + TODO: check +CVE-2024-12034 (The Advanced Google reCAPTCHA plugin for WordPress is vulnerable to IP ...) + TODO: check +CVE-2024-11885 (The NinjaTeam Chat for Telegram plugin for WordPress is vulnerable to ...) + TODO: check +CVE-2018-25106 (A vulnerability, which was classified as critical, has been found in w ...) + TODO: check CVE-2024-56364 (SimpleXLSX is software for parsing and retrieving data from Excel XLSx ...) NOT-FOR-US: SimpleXLSX CVE-2024-56363 (APTRS (Automated Penetration Testing Reporting System) is a Python and ...) @@ -141,7 +189,7 @@ CVE-2024-10797 (The Full Screen Menu for Elementor plugin for WordPress is vulne NOT-FOR-US: WordPress plugin CVE-2024-10453 (The Elementor Website Builder \u2013 More than Just a Page Builder plu ...) NOT-FOR-US: WordPress plugin -CVE-2024-12582 +CVE-2024-12582 (A flaw was found in the skupper console, a read-only interface that r ...) NOT-FOR-US: Skupper CVE-2024-56359 (grist-core is a spreadsheet hosting server. A user visiting a maliciou ...) NOT-FOR-US: grist-core @@ -2251,6 +2299,7 @@ CVE-2024-55657 (SiYuan is a personal knowledge management system. Prior to versi CVE-2024-55652 (PenDoc is a penetration testing reporting application. Prior to commit ...) NOT-FOR-US: PenDoc CVE-2024-54534 (The issue was addressed with improved memory handling. This issue is f ...) + {DSA-5792-1} - webkit2gtk 2.46.0-1 - wpewebkit 2.46.0-1 [bookworm] - wpewebkit (wpewebkit not covered by security support in Bookworm) View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/500438874558efd096918e4732d5a42710d196bb -- View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/500438874558efd096918e4732d5a42710d196bb You're receiving this email because of your account on salsa.debian.org. ___ debian-security-tracker-commits mailing list debian-security-tracker-commits@alioth-lists.debian.net https://alioth-lists.debian.net/cgi-bin/mailman/listinfo/debian-security-tracker-commits
[Git][security-tracker-team/security-tracker][master] automatic update
Salvatore Bonaccorso pushed to branch master at Debian Security Tracker / security-tracker Commits: 797b5cf7 by security tracker role at 2024-12-23T20:14:28+00:00 automatic update - - - - - 1 changed file: - data/CVE/list Changes: = data/CVE/list = @@ -1,3 +1,35 @@ +CVE-2024-56364 (SimpleXLSX is software for parsing and retrieving data from Excel XLSx ...) + TODO: check +CVE-2024-56363 (APTRS (Automated Penetration Testing Reporting System) is a Python and ...) + TODO: check +CVE-2024-56362 (Navidrome is an open source web-based music collection server and stre ...) + TODO: check +CVE-2024-56326 (Jinja is an extensible templating engine. Prior to 3.1.5, An oversight ...) + TODO: check +CVE-2024-56201 (Jinja is an extensible templating engine. Prior to 3.1.5, a bug in the ...) + TODO: check +CVE-2024-55947 (Gogs is an open source self-hosted Git service. A malicious user is ab ...) + TODO: check +CVE-2024-55539 (Weak algorithm used to sign RPM package. The following products are af ...) + TODO: check +CVE-2024-54148 (Gogs is an open source self-hosted Git service. A malicious user is ab ...) + TODO: check +CVE-2024-53276 (Home-Gallery.org is a self-hosted open-source web gallery to browse pe ...) + TODO: check +CVE-2024-53275 (Home-Gallery.org is a self-hosted open-source web gallery to browse pe ...) + TODO: check +CVE-2024-53256 (Rizin is a UNIX-like reverse engineering framework and command-line to ...) + TODO: check +CVE-2024-45387 (An SQL injection vulnerability in Traffic Ops in Apache Traffic Contro ...) + TODO: check +CVE-2024-40896 (In libxml2 2.11 before 2.11.9, 2.12 before 2.12.9, and 2.13 before 2.1 ...) + TODO: check +CVE-2024-23945 (Signing cookies is an application security feature that adds a digital ...) + TODO: check +CVE-2024-12903 (Incorrect default permissions vulnerability in Evoko Home, affecting v ...) + TODO: check +CVE-2024-12902 (ANCHOR from Global Wisdom Software is an integrated product running on ...) + TODO: check CVE-2024- [RUSTSEC-2024-0428] - rust-kvm-ioctls NOTE: https://rustsec.org/advisories/RUSTSEC-2024-0428.html @@ -10524,6 +10556,7 @@ CVE-2024-24984 (Improper input validation for some Intel(R) Wireless Bluetooth(R CVE-2024-23919 (Improper buffer restrictions in some Intel(R) Graphics software may al ...) NOT-FOR-US: Intel CVE-2024-23918 (Improper conditions check in some Intel(R) Xeon(R) processor memory co ...) + {DLA-4002-1} - intel-microcode 3.20241112.1 (bug #1087532) [bookworm] - intel-microcode (Minor issue) NOTE: https://www.intel.com/content/www/us/en/security-center/advisory/intel-sa-01079.html @@ -10544,6 +10577,7 @@ CVE-2024-23198 (Improper input validation in firmware for some Intel(R) PROSet/W CVE-2024-22185 (Time-of-check Time-of-use Race Condition in some Intel(R) processors w ...) NOT-FOR-US: Intel CVE-2024-21853 (Improper finite state machines (FSMs) in the hardware logic in some 4t ...) + {DLA-4002-1} - intel-microcode 3.20241112.1 (bug #1087532) [bookworm] - intel-microcode (Minor issue) NOTE: https://www.intel.com/content/www/us/en/security-center/advisory/intel-sa-01101.html @@ -10551,6 +10585,7 @@ CVE-2024-21853 (Improper finite state machines (FSMs) in the hardware logic in s CVE-2024-21850 (Sensitive information in resource not removed before reuse in some Int ...) NOT-FOR-US: Intel CVE-2024-21820 (Incorrect default permissions in some Intel(R) Xeon(R) processor memor ...) + {DLA-4002-1} - intel-microcode 3.20241112.1 (bug #1087532) [bookworm] - intel-microcode (Minor issue) NOTE: https://www.intel.com/content/www/us/en/security-center/advisory/intel-sa-01079.html View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/797b5cf78c7fbaf74f53028aa2396aeef264bfd9 -- View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/797b5cf78c7fbaf74f53028aa2396aeef264bfd9 You're receiving this email because of your account on salsa.debian.org. ___ debian-security-tracker-commits mailing list debian-security-tracker-commits@alioth-lists.debian.net https://alioth-lists.debian.net/cgi-bin/mailman/listinfo/debian-security-tracker-commits
[Git][security-tracker-team/security-tracker][master] automatic update
Salvatore Bonaccorso pushed to branch master at Debian Security Tracker / security-tracker Commits: 61681df9 by security tracker role at 2024-12-23T08:12:02+00:00 automatic update - - - - - 1 changed file: - data/CVE/list Changes: = data/CVE/list = @@ -1,3 +1,41 @@ +CVE-2024-56378 (libpoppler.so in Poppler through 24.12.0 has an out-of-bounds read vul ...) + TODO: check +CVE-2024-56375 (An integer underflow was discovered in Fort 1.6.3 and 1.6.4 before 1.6 ...) + TODO: check +CVE-2024-56314 (A stored cross-site scripting (XSS) vulnerability in the Project name ...) + TODO: check +CVE-2024-56313 (A stored cross-site scripting (XSS) vulnerability in the Calendar feat ...) + TODO: check +CVE-2024-56312 (A stored cross-site scripting (XSS) vulnerability in the Project Dashb ...) + TODO: check +CVE-2024-56311 (REDCap through 15.0.0 has a security flaw in the Notes section of cale ...) + TODO: check +CVE-2024-56310 (REDCap through 15.0.0 has a security flaw in the Project Dashboards na ...) + TODO: check +CVE-2024-54082 (home 5G HR02 and Wi-Fi STATION SH-54C contain an OS command injection ...) + TODO: check +CVE-2024-52321 (Multiple SHARP routers contain an improper authentication vulnerabilit ...) + TODO: check +CVE-2024-47864 (home 5G HR02, Wi-Fi STATION SH-52B, and Wi-Fi STATION SH-54C contain a ...) + TODO: check +CVE-2024-46873 (Multiple SHARP routers leave the hidden debug function enabled. An arb ...) + TODO: check +CVE-2024-45721 (home 5G HR02, Wi-Fi STATION SH-52B, and Wi-Fi STATION SH-54C contain a ...) + TODO: check +CVE-2024-12901 (A vulnerability classified as critical was found in FoxCMS up to 1.2. ...) + TODO: check +CVE-2024-12900 (A vulnerability classified as critical has been found in FoxCMS up to ...) + TODO: check +CVE-2024-12899 (A vulnerability was found in 1000 Projects Attendance Tracking Managem ...) + TODO: check +CVE-2024-12898 (A vulnerability was found in 1000 Projects Attendance Tracking Managem ...) + TODO: check +CVE-2024-12897 (A vulnerability was found in Intelbras VIP S3020 G2, VIP S4020 G2, VIP ...) + TODO: check +CVE-2024-12896 (A vulnerability was found in Intelbras VIP S3020 G2, VIP S4020 G2, VIP ...) + TODO: check +CVE-2024-11230 (The Elementor Header & Footer Builder plugin for WordPress is vulnerab ...) + TODO: check CVE-2024-12895 (A vulnerability has been found in TreasureHuntGame TreasureHunt up to ...) TODO: check CVE-2024-12894 (A vulnerability, which was classified as critical, was found in Treasu ...) View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/61681df9b37ff9b4dd46a4ca0a83dfa1f2a80548 -- View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/61681df9b37ff9b4dd46a4ca0a83dfa1f2a80548 You're receiving this email because of your account on salsa.debian.org. ___ debian-security-tracker-commits mailing list debian-security-tracker-commits@alioth-lists.debian.net https://alioth-lists.debian.net/cgi-bin/mailman/listinfo/debian-security-tracker-commits
[Git][security-tracker-team/security-tracker][master] automatic update
Salvatore Bonaccorso pushed to branch master at Debian Security Tracker / security-tracker Commits: 5dd2a4bc by security tracker role at 2024-12-22T20:12:41+00:00 automatic update - - - - - 1 changed file: - data/CVE/list Changes: = data/CVE/list = @@ -1,3 +1,7 @@ +CVE-2024-12895 (A vulnerability has been found in TreasureHuntGame TreasureHunt up to ...) + TODO: check +CVE-2024-12894 (A vulnerability, which was classified as critical, was found in Treasu ...) + TODO: check CVE-2024-12893 (A vulnerability, which was classified as problematic, has been found i ...) NOT-FOR-US: Portabilis i-Educar CVE-2024-12892 (A vulnerability classified as problematic was found in code-projects O ...) View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/5dd2a4bcb7ff523bbfd04fd7879beebe660060a8 -- View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/5dd2a4bcb7ff523bbfd04fd7879beebe660060a8 You're receiving this email because of your account on salsa.debian.org. ___ debian-security-tracker-commits mailing list debian-security-tracker-commits@alioth-lists.debian.net https://alioth-lists.debian.net/cgi-bin/mailman/listinfo/debian-security-tracker-commits
[Git][security-tracker-team/security-tracker][master] automatic update
Salvatore Bonaccorso pushed to branch master at Debian Security Tracker / security-tracker Commits: e3d8597b by security tracker role at 2024-12-22T08:12:38+00:00 automatic update - - - - - 1 changed file: - data/CVE/list Changes: = data/CVE/list = @@ -1,3 +1,13 @@ +CVE-2024-12893 (A vulnerability, which was classified as problematic, has been found i ...) + TODO: check +CVE-2024-12892 (A vulnerability classified as problematic was found in code-projects O ...) + TODO: check +CVE-2024-12891 (A vulnerability classified as critical has been found in code-projects ...) + TODO: check +CVE-2024-12890 (A vulnerability was found in code-projects Online Exam Mastering Syste ...) + TODO: check +CVE-2024-11852 (The Element Pack Elementor Addons (Header Footer, Template Library, Dy ...) + TODO: check CVE-2024-9545 (The Shortcodes and extra features for Phlox theme plugin for WordPress ...) NOT-FOR-US: WordPress theme CVE-2024-51464 (IBM i 7.3, 7.4, and 7.5 is vulnerable to bypassing Navigator for i int ...) @@ -12539,6 +12549,7 @@ CVE-2024-48011 (Dell PowerProtect DD, versions prior to 7.7.5.50, contains an Ex CVE-2024-48010 (Dell PowerProtect DD, versions prior to 8.1.0.0, 7.13.1.10, 7.10.1.40, ...) NOT-FOR-US: Dell CVE-2024-47072 (XStream is a simple library to serialize objects to XML and back again ...) + {DLA-4001-1} - libxstream-java 1.4.21-1 (bug #1087274) [bookworm] - libxstream-java (Minor issue) NOTE: https://github.com/x-stream/xstream/security/advisories/GHSA-hfq9-hggm-c56q @@ -250004,7 +250015,7 @@ CVE-2021-43860 (Flatpak is a Linux application sandboxing and distribution frame NOTE: https://github.com/flatpak/flatpak/commit/93357d357119093804df05acc32ff335839c6451 NOTE: https://github.com/flatpak/flatpak/commit/65cbfac982cb1c83993a9e19aa424daee8e9f042 CVE-2021-43859 (XStream is an open source java library to serialize objects to XML and ...) - {DLA-2924-1} + {DLA-4001-1 DLA-2924-1} - libxstream-java 1.4.19-1 [buster] - libxstream-java (Minor issue) NOTE: https://github.com/x-stream/xstream/security/advisories/GHSA-rmr5-cpv2-vgjf View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/e3d8597b887c8cd12eb3808e14ec7c2481f7058b -- View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/e3d8597b887c8cd12eb3808e14ec7c2481f7058b You're receiving this email because of your account on salsa.debian.org. ___ debian-security-tracker-commits mailing list debian-security-tracker-commits@alioth-lists.debian.net https://alioth-lists.debian.net/cgi-bin/mailman/listinfo/debian-security-tracker-commits
[Git][security-tracker-team/security-tracker][master] automatic update
Salvatore Bonaccorso pushed to branch master at Debian Security Tracker / security-tracker Commits: 2dec98e8 by security tracker role at 2024-12-21T20:12:12+00:00 automatic update - - - - - 1 changed file: - data/CVE/list Changes: = data/CVE/list = @@ -1,3 +1,33 @@ +CVE-2024-9545 (The Shortcodes and extra features for Phlox theme plugin for WordPress ...) + TODO: check +CVE-2024-51464 (IBM i 7.3, 7.4, and 7.5 is vulnerable to bypassing Navigator for i int ...) + TODO: check +CVE-2024-51463 (IBM i 7.3, 7.4, and 7.5 is vulnerable to server-side request forgery ...) + TODO: check +CVE-2024-12884 (A vulnerability was found in Codezips E-Commerce Website 1.0. It has b ...) + TODO: check +CVE-2024-12883 (A vulnerability was found in code-projects Job Recruitment 1.0. It has ...) + TODO: check +CVE-2024-12875 (The Easy Digital Downloads \u2013 eCommerce Payments and Subscriptions ...) + TODO: check +CVE-2024-12591 (The MagicPost plugin for WordPress is vulnerable to Stored Cross-Site ...) + TODO: check +CVE-2024-12588 (The Shortcodes and extra features for Phlox theme plugin for WordPress ...) + TODO: check +CVE-2024-12558 (The WP BASE Booking of Appointments, Services and Events plugin for Wo ...) + TODO: check +CVE-2024-12408 (The WP on AWS plugin for WordPress is vulnerable to Reflected Cross-Si ...) + TODO: check +CVE-2024-11808 (The Pingmeter Uptime Monitoring plugin for WordPress is vulnerable to ...) + TODO: check +CVE-2024-11722 (The Frontend Admin by DynamiApps plugin for WordPress is vulnerable to ...) + TODO: check +CVE-2024-11688 (The LaTeX2HTML plugin for WordPress is vulnerable to Reflected Cross-S ...) + TODO: check +CVE-2024-10797 (The Full Screen Menu for Elementor plugin for WordPress is vulnerable ...) + TODO: check +CVE-2024-10453 (The Elementor Website Builder \u2013 More than Just a Page Builder plu ...) + TODO: check CVE-2024-12582 NOT-FOR-US: Skupper CVE-2024-56359 (grist-core is a spreadsheet hosting server. A user visiting a maliciou ...) @@ -2411,7 +2441,7 @@ CVE-2024-48912 (GLPI is a free asset and IT management software package. Startin - glpi NOTE: https://github.com/glpi-project/glpi/security/advisories/GHSA-vjmw-j32j-ph4f CVE-2024-47835 (GStreamer is a library for constructing graphs of media-handling compo ...) - {DSA-5831-1} + {DSA-5831-1 DLA-3999-1} - gst-plugins-base1.0 1.24.10-1 - gst-plugins-base0.10 NOTE: https://securitylab.github.com/advisories/GHSL-2024-263_Gstreamer/ @@ -2481,7 +2511,7 @@ CVE-2024-47758 (GLPI is a free asset and IT management software package. Startin - glpi NOTE: https://github.com/glpi-project/glpi/security/advisories/GHSA-3r4x-6pmx-phwr CVE-2024-47615 (GStreamer is a library for constructing graphs of media-handling compo ...) - {DSA-5831-1} + {DSA-5831-1 DLA-3999-1} - gst-plugins-base1.0 1.24.10-1 - gst-plugins-base0.10 NOTE: https://securitylab.github.com/advisories/GHSL-2024-115_GHSL-2024-118_Gstreamer/ @@ -2499,7 +2529,7 @@ CVE-2024-47613 (GStreamer is a library for constructing graphs of media-handling NOTE: Fixed by: https://gitlab.freedesktop.org/gstreamer/gstreamer/-/commit/1d1c9d63be51d85f9b80f0c227d4b3469fee2534 NOTE: Fixed by: https://gitlab.freedesktop.org/gstreamer/gstreamer/-/commit/5106dc94fb9b2d8bd0db547e2c325244b7c1f32c (1.24.10) CVE-2024-47607 (GStreamer is a library for constructing graphs of media-handling compo ...) - {DSA-5831-1} + {DSA-5831-1 DLA-3999-1} - gst-plugins-base1.0 1.24.10-1 - gst-plugins-base0.10 NOTE: https://securitylab.github.com/advisories/GHSL-2024-115_GHSL-2024-118_Gstreamer/ @@ -2545,7 +2575,7 @@ CVE-2024-47601 (GStreamer is a library for constructing graphs of media-handling NOTE: Fixed by: https://gitlab.freedesktop.org/gstreamer/gstreamer/-/merge_requests/8057 NOTE: Fixed by: https://gitlab.freedesktop.org/gstreamer/gstreamer/-/merge_requests/8058 (1.24.10) CVE-2024-47600 (GStreamer is a library for constructing graphs of media-handling compo ...) - {DSA-5831-1} + {DSA-5831-1 DLA-3999-1} - gst-plugins-base1.0 1.24.10-1 - gst-plugins-base0.10 NOTE: https://securitylab.github.com/advisories/GHSL-2024-248_Gstreamer/ @@ -2618,6 +2648,7 @@ CVE-2024-47543 (GStreamer is a library for constructing graphs of media-handling NOTE: Fixed by: https://gitlab.freedesktop.org/gstreamer/gstreamer/-/merge_requests/8059 NOTE: Fixed by: https://gitlab.freedesktop.org/gstreamer/gstreamer/-/merge_requests/8060 (1.24.10) CVE-2024-47542 (GStreamer is a library for constructing graphs of media-handling compo ...) + {DLA-3999-1} - gst-plugins-base1.0 1.24.10-1
[Git][security-tracker-team/security-tracker][master] automatic update
Salvatore Bonaccorso pushed to branch master at Debian Security Tracker / security-tracker Commits: 4f5bd5a0 by security tracker role at 2024-12-21T08:12:05+00:00 automatic update - - - - - 1 changed file: - data/CVE/list Changes: = data/CVE/list = @@ -1,3 +1,55 @@ +CVE-2024-56359 (grist-core is a spreadsheet hosting server. A user visiting a maliciou ...) + TODO: check +CVE-2024-56358 (grist-core is a spreadsheet hosting server. A user visiting a maliciou ...) + TODO: check +CVE-2024-56357 (grist-core is a spreadsheet hosting server. A user visiting a maliciou ...) + TODO: check +CVE-2024-56335 (vaultwarden is an unofficial Bitwarden compatible server written in Ru ...) + TODO: check +CVE-2024-56334 (systeminformation is a System and OS information library for node.js. ...) + TODO: check +CVE-2024-55509 (SQL injection vulnerability in CodeAstro Complaint Management System v ...) + TODO: check +CVE-2024-40875 (There is a cross-site scripting vulnerability in the management consol ...) + TODO: check +CVE-2024-12846 (A vulnerability, which was classified as problematic, has been found i ...) + TODO: check +CVE-2024-12845 (A vulnerability classified as problematic was found in Emlog Pro up to ...) + TODO: check +CVE-2024-12844 (A vulnerability classified as problematic has been found in Emlog Pro ...) + TODO: check +CVE-2024-12843 (A vulnerability was found in Emlog Pro up to 2.4.1. It has been rated ...) + TODO: check +CVE-2024-12771 (The eCommerce Product Catalog Plugin for WordPress plugin for WordPres ...) + TODO: check +CVE-2024-12721 (The Custom Product Tabs For WooCommerce plugin for WordPress is vulner ...) + TODO: check +CVE-2024-12697 (The real.Kit plugin for WordPress is vulnerable to Stored Cross-Site S ...) + TODO: check +CVE-2024-12635 (The WP Docs plugin for WordPress is vulnerable to time-based SQL Injec ...) + TODO: check +CVE-2024-12262 (The Ebook Store plugin for WordPress is vulnerable to Reflected Cross- ...) + TODO: check +CVE-2024-12066 (The SMSA Shipping(official) plugin for WordPress is vulnerable to arbi ...) + TODO: check +CVE-2024-11977 (The The kk Star Ratings \u2013 Rate Post & Collect User Feedbacks plug ...) + TODO: check +CVE-2024-11975 (The Reactflow Visitor Recording and Heatmaps plugin for WordPress is v ...) + TODO: check +CVE-2024-11938 (The One Click Upsell Funnel for WooCommerce \u2013 Funnel Builder for ...) + TODO: check +CVE-2024-11811 (The Feedify \u2013 Web Push Notifications plugin for WordPress is vuln ...) + TODO: check +CVE-2024-11682 (The G Web Pro Store Locator plugin for WordPress is vulnerable to Refl ...) + TODO: check +CVE-2024-11607 (The GTPayment Donations WordPress plugin through 1.0.0 does not have C ...) + TODO: check +CVE-2024-11349 (The AdForest theme for WordPress is vulnerable to authentication bypas ...) + TODO: check +CVE-2024-11287 (The Ebook Store plugin for WordPress is vulnerable to Reflected Cross- ...) + TODO: check +CVE-2024-11196 (The Multi-column Tag Map plugin for WordPress is vulnerable to Stored ...) + TODO: check CVE-2024-7726 (There exists an unauthenticated accessible JTAG port on the Kioxia PM6 ...) NOT-FOR-US: Kioxia CVE-2024-56356 (In JetBrains TeamCity before 2024.12 insecure XMLParser configuration ...) @@ -132797,10 +132849,10 @@ CVE-2023-31282 RESERVED CVE-2023-31281 RESERVED -CVE-2023-31280 - RESERVED -CVE-2023-31279 - RESERVED +CVE-2023-31280 (An AirVantage online Warranty Checker tool vulnerability could allow a ...) + TODO: check +CVE-2023-31279 (The AirVantage platform is vulnerable to an unauthorized attacker regi ...) + TODO: check CVE-2023-31245 (Devices using Snap One OvrC cloud are sent to a web address when acces ...) NOT-FOR-US: Snap One CVE-2023-31241 (Snap One OvrC cloud servers contain a route an attacker can use to byp ...) @@ -260816,8 +260868,8 @@ CVE-2021-40961 (CMS Made Simple <=2.2.15 is affected by SQL injection in modules NOT-FOR-US: CMS Made Simple CVE-2021-40960 (Galera WebTemplate 1.0 is affected by a directory traversal vulnerabil ...) NOT-FOR-US: Galera WebTemplate -CVE-2021-40959 - RESERVED +CVE-2021-40959 (A reflected cross-site scripting vulnerability in MONITORAPP Applicati ...) + TODO: check CVE-2021-40958 RESERVED CVE-2021-40957 @@ -359867,8 +359919,8 @@ CVE-2020-13714 REJECTED CVE-2020-13713 REJECTED -CVE-2020-13712 - RESERVED +CVE-2020-13712 (A command injection is possible through the user interface, allowing a ...) + TODO: check CVE-2020-13711 RESERVED CVE-2020-13710 View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/4f5bd5a00de
[Git][security-tracker-team/security-tracker][master] automatic update
Salvatore Bonaccorso pushed to branch master at Debian Security Tracker / security-tracker Commits: b05d4319 by security tracker role at 2024-12-20T20:12:49+00:00 automatic update - - - - - 1 changed file: - data/CVE/list Changes: = data/CVE/list = @@ -1,3 +1,65 @@ +CVE-2024-7726 (There exists an unauthenticated accessible JTAG port on the Kioxia PM6 ...) + TODO: check +CVE-2024-56356 (In JetBrains TeamCity before 2024.12 insecure XMLParser configuration ...) + TODO: check +CVE-2024-56355 (In JetBrains TeamCity before 2024.12 missing Content-Type header in Re ...) + TODO: check +CVE-2024-56354 (In JetBrains TeamCity before 2024.12 password field value were accessi ...) + TODO: check +CVE-2024-56353 (In JetBrains TeamCity before 2024.12 backup file exposed user credenti ...) + TODO: check +CVE-2024-56352 (In JetBrains TeamCity before 2024.12 stored XSS was possible via image ...) + TODO: check +CVE-2024-56351 (In JetBrains TeamCity before 2024.12 access tokens were not revoked af ...) + TODO: check +CVE-2024-56350 (In JetBrains TeamCity before 2024.12 build credentials allowed unautho ...) + TODO: check +CVE-2024-56349 (In JetBrains TeamCity before 2024.12 improper access control allowed u ...) + TODO: check +CVE-2024-56348 (In JetBrains TeamCity before 2024.12 improper access control allowed v ...) + TODO: check +CVE-2024-56337 (Time-of-check Time-of-use (TOCTOU) Race Condition vulnerability in Apa ...) + TODO: check +CVE-2024-56333 (Onyxia is a web app that aims at being the glue between multiple open ...) + TODO: check +CVE-2024-56331 (Uptime Kuma is an open source, self-hosted monitoring tool. An **Impro ...) + TODO: check +CVE-2024-56330 (Stardust is a platform for streaming isolated desktop containers. With ...) + TODO: check +CVE-2024-56329 (Socialstream is a third-party package for Laravel Jetstream. It replac ...) + TODO: check +CVE-2024-55471 (Oqtane Framework is vulnerable to Insecure Direct Object Reference (ID ...) + TODO: check +CVE-2024-55470 (Oqtane Framework 6.0.0 is vulnerable to Incorrect Access Control. By m ...) + TODO: check +CVE-2024-55342 (A file upload functionality in Piranha CMS 11.1 allows authenticated r ...) + TODO: check +CVE-2024-55341 (A stored cross-site scripting (XSS) vulnerability in Piranha CMS 11.1 ...) + TODO: check +CVE-2024-55186 (An IDOR (Insecure Direct Object Reference) vulnerability exists in oqt ...) + TODO: check +CVE-2024-51466 (IBM Cognos Analytics 11.2.0 through 11.2.4 FP4 and 12.0.0 through 12 ...) + TODO: check +CVE-2024-40695 (IBM Cognos Analytics 11.2.0 through 11.2.4 FP4 and 12.0.0 through 12 ...) + TODO: check +CVE-2024-37758 (Improper access control in the endpoint /RoleMenuMapping/AddRoleMenu o ...) + TODO: check +CVE-2024-28767 (IBM Security Directory Integrator 7.2.0 through 7.2.0.13 and 10.0.0 th ...) + TODO: check +CVE-2024-12867 (Server-Side Request Forgery in URL Mapper in Arctic Security's Arctic ...) + TODO: check +CVE-2024-12842 (A vulnerability was found in Emlog Pro up to 2.4.1. It has been declar ...) + TODO: check +CVE-2024-12841 (A vulnerability was found in Emlog Pro up to 2.4.1. It has been classi ...) + TODO: check +CVE-2024-12840 (A server-side request forgery exists in Satellite. When a PUT HTTP req ...) + TODO: check +CVE-2024-12677 (Delta Electronics DTM Soft deserializes objects, which could allow an ...) + TODO: check +CVE-2024-12014 (Path Traversal and Insecure Direct Object Reference (IDOR) vulnerabili ...) + TODO: check +CVE-2024-10385 (Ticket management system in DirectAdmin Evolution Skin is vulnerable t ...) + TODO: check CVE-2024-9619 (The WP SHAPES plugin for WordPress is vulnerable to Stored Cross-Site ...) NOT-FOR-US: WordPress plugin CVE-2024-9503 (The Maintenance & Coming Soon Redirect Animation plugin for WordPress ...) @@ -292,7 +354,7 @@ CVE-2024-12692 (Type Confusion in V8 in Google Chrome prior to 131.0.6778.204 al {DSA-5834-1} - chromium 131.0.6778.204-1 [bullseye] - chromium (see #1061268) -CVE-2024-56128 +CVE-2024-56128 (Incorrect Implementation of Authentication Algorithm in Apache Kafka's ...) - kafka (bug #786460) CVE-2024-56059 (Improperly Controlled Modification of Object Prototype Attributes ('Pr ...) NOT-FOR-US: WordPress plugin @@ -2272,7 +2334,7 @@ CVE-2024-55587 (python-libarchive through 4.2.1 allows directory traversal (to c NOT-FOR-US: python-libarchive (different from src:python-libarchive-c) CVE-2024-54269 (Missing Authorization vulnerability in Ninja Team Notibar allows Explo ...) NOT-FOR-US: WordPress plugin -CVE-2024-53677 (File upload logic is flawed vulnerability in Apache Struts. This issu ...) +CVE-202
[Git][security-tracker-team/security-tracker][master] automatic update
Salvatore Bonaccorso pushed to branch master at Debian Security Tracker / security-tracker Commits: f5d8a865 by security tracker role at 2024-12-20T08:11:59+00:00 automatic update - - - - - 1 changed file: - data/CVE/list Changes: = data/CVE/list = @@ -1,3 +1,107 @@ +CVE-2024-9619 (The WP SHAPES plugin for WordPress is vulnerable to Stored Cross-Site ...) + TODO: check +CVE-2024-9503 (The Maintenance & Coming Soon Redirect Animation plugin for WordPress ...) + TODO: check +CVE-2024-8968 (The WordPress Button Plugin MaxButtons WordPress plugin before 9.8.1 d ...) + TODO: check +CVE-2024-5955 (Cross-site scripting vulnerability in Trellix ePolicy Orchestrator pri ...) + TODO: check +CVE-2024-56327 (pyrage is a set of Python bindings for the rage file encryption librar ...) + TODO: check +CVE-2024-54984 (An issue in Quectel BG96 BG96MAR02A08M1G allows attackers to bypass au ...) + TODO: check +CVE-2024-54983 (An issue in Quectel BC95-CNV V100R001C00SPC051 allows attackers to byp ...) + TODO: check +CVE-2024-54982 (An issue in Quectel BC25 with firmware version BC25PAR01A06 allows att ...) + TODO: check +CVE-2024-54663 (An issue was discovered in the Webmail Classic UI in Zimbra Collaborat ...) + TODO: check +CVE-2024-54538 (A denial-of-service issue was addressed with improved input validation ...) + TODO: check +CVE-2024-54009 (Remote authentication bypass vulnerability in HPE Alletra Storage MP B ...) + TODO: check +CVE-2024-44298 (A privacy issue was addressed with improved private data redaction for ...) + TODO: check +CVE-2024-44293 (A privacy issue was addressed with improved private data redaction for ...) + TODO: check +CVE-2024-44292 (A privacy issue was addressed with improved private data redaction for ...) + TODO: check +CVE-2024-44231 (This issue was addressed through improved state management. This issue ...) + TODO: check +CVE-2024-44223 (This issue was addressed through improved state management. This issue ...) + TODO: check +CVE-2024-44211 (This issue was addressed with improved validation of symlinks. This is ...) + TODO: check +CVE-2024-44195 (A logic issue was addressed with improved validation. This issue is fi ...) + TODO: check +CVE-2024-21549 (Versions of the package spatie/browsershot before 5.0.3 are vulnerable ...) + TODO: check +CVE-2024-12832 (Arista NG Firewall ReportEntry SQL Injection Arbitrary File Read and W ...) + TODO: check +CVE-2024-12831 (Arista NG Firewall uvm_login Incorrect Authorization Privilege Escalat ...) + TODO: check +CVE-2024-12830 (Arista NG Firewall custom_handler Directory Traversal Remote Code Exec ...) + TODO: check +CVE-2024-12829 (Arista NG Firewall ExecManagerImpl Command Injection Remote Code Execu ...) + TODO: check +CVE-2024-12729 (A post-auth code injection vulnerability in the User Portal allows aut ...) + TODO: check +CVE-2024-12728 (A weak credentials vulnerability potentially allows privileged system ...) + TODO: check +CVE-2024-12727 (A pre-auth SQL injection vulnerability in the email protection feature ...) + TODO: check +CVE-2024-12700 (There is an unrestricted file upload vulnerability where it is possibl ...) + TODO: check +CVE-2024-12678 (Nomad Community and Nomad Enterprise ("Nomad") allocations are vulnera ...) + TODO: check +CVE-2024-12672 (A third-party vulnerability exists in the Rockwell AutomationArena\xae ...) + TODO: check +CVE-2024-12571 (The Store Locator for WordPress with Google Maps \u2013 LotsOfLocales ...) + TODO: check +CVE-2024-12509 (The Embed Twine plugin for WordPress is vulnerable to Stored Cross-Sit ...) + TODO: check +CVE-2024-12506 (The NACC WordPress Plugin plugin for WordPress is vulnerable to Stored ...) + TODO: check +CVE-2024-12175 (Another \u201cuse after free\u201dcode execution vulnerability exists ...) + TODO: check +CVE-2024-12111 (In a specific scenario a LDAP user can abuse the authentication proces ...) + TODO: check +CVE-2024-11893 (The Spoki \u2013 Chat Buttons and WooCommerce Notifications plugin for ...) + TODO: check +CVE-2024-11878 (The Category Post Slider plugin for WordPress is vulnerable to Stored ...) + TODO: check +CVE-2024-11812 (The Wtyczka SeoPilot dla WP plugin for WordPress is vulnerable to Cros ...) + TODO: check +CVE-2024-11806 (The PKT1 Centro de envios plugin for WordPress is vulnerable to Reflec ...) + TODO: check +CVE-2024-11784 (The Sell Tickets Online \u2013 TicketSource Ticket Shop for WordPress ...) + TODO: check +CVE-2024-11783 (The Financial Calculator plugin for WordPress is vulnerable to Stored ...) + TODO: check +CVE-2024-11776 (The PCRecruiter Extensions plugin for WordPress is vulnerable to Store ...
[Git][security-tracker-team/security-tracker][master] automatic update
Salvatore Bonaccorso pushed to branch master at Debian Security Tracker / security-tracker Commits: 58fed669 by security tracker role at 2024-12-19T20:12:16+00:00 automatic update - - - - - 1 changed file: - data/CVE/list Changes: = data/CVE/list = @@ -1,7 +1,95 @@ -CVE-2024-9102 +CVE-2024-9154 (A code injection vulnerability in HMS Networks Ewon Flexy 205 allows e ...) + TODO: check +CVE-2024-7139 (Due to an unchecked buffer length, a specially crafted L2CAP packet ca ...) + TODO: check +CVE-2024-7138 (An assert may be triggered, causing a temporary denial of service when ...) + TODO: check +CVE-2024-7137 (The L2CAP receive data buffer for L2CAP packets is restricted to packe ...) + TODO: check +CVE-2024-56200 (Altair is a fork of Misskey v12. Affected versions lack of request val ...) + TODO: check +CVE-2024-56159 (Astro is a web framework for content-driven websites. A bug in the bui ...) + TODO: check +CVE-2024-55196 (Insufficiently Protected Credentials in the Mail Server Configuration ...) + TODO: check +CVE-2024-55082 (A Server-Side Request Forgery (SSRF) in the endpoint http://{your-serv ...) + TODO: check +CVE-2024-55081 (An XML External Entity (XXE) injection vulnerability in the component ...) + TODO: check +CVE-2024-54790 (A SQL Injection vulnerability was found in /index.php in PHPGurukul Pr ...) + TODO: check +CVE-2024-54150 (cjwt is a C JSON Web Token (JWT) Implementation. Algorithm confusion o ...) + TODO: check +CVE-2024-53991 (Discourse is an open source platform for community discussion. This vu ...) + TODO: check +CVE-2024-52897 (IBM MQ Appliance 9.3 LTS, 9.3 CD, and 9.4 LTSweb console could allow a ...) + TODO: check +CVE-2024-52896 (IBM MQ Appliance 9.3 LTS, 9.3 CD, 9.4 LTS, and 9.4 CD web console coul ...) + TODO: check +CVE-2024-52794 (Discourse is an open source platform for community discussion. Users c ...) + TODO: check +CVE-2024-52589 (Discourse is an open source platform for community discussion. Moderat ...) + TODO: check +CVE-2024-51471 (IBM MQ Appliance 9.3 LTS, 9.3 CD, and 9.4 LTSweb console could allow a ...) + TODO: check +CVE-2024-49765 (Discourse is an open source platform for community discussion. Sites t ...) + TODO: check +CVE-2024-49336 (IBM Security Guardium 11.5 is vulnerable to server-side request forger ...) + TODO: check +CVE-2024-47093 (Improper neutralization of input in Nagvis before version 1.9.42 which ...) + TODO: check +CVE-2024-38864 (Incorrect permissions on the Checkmk Windows Agent's data directory in ...) + TODO: check +CVE-2024-37962 (Improper Neutralization of Input During Web Page Generation ('Cross-si ...) + TODO: check +CVE-2024-12801 (Server-Side Request Forgery (SSRF) in SaxEventRecorder by QOS.CH logba ...) + TODO: check +CVE-2024-12798 (ACE vulnerability in JaninoEventEvaluator by QOS.CH logback-core ...) + TODO: check +CVE-2024-12794 (A vulnerability, which was classified as critical, was found in Codezi ...) + TODO: check +CVE-2024-12793 (A vulnerability, which was classified as problematic, has been found i ...) + TODO: check +CVE-2024-12792 (A vulnerability classified as critical was found in Codezips E-Commerc ...) + TODO: check +CVE-2024-12791 (A vulnerability was found in Codezips E-Commerce Site 1.0. It has been ...) + TODO: check +CVE-2024-12790 (A vulnerability was found in code-projects Hostel Management Site 1.0. ...) + TODO: check +CVE-2024-12789 (A vulnerability was found in PbootCMS up to 3.2.3. It has been classif ...) + TODO: check +CVE-2024-12788 (A vulnerability was found in Codezips Technical Discussion Forum 1.0 a ...) + TODO: check +CVE-2024-12787 (A vulnerability has been found in 1000 Projects Attendance Tracking Ma ...) + TODO: check +CVE-2024-12786 (A vulnerability, which was classified as critical, was found in X1a0He ...) + TODO: check +CVE-2024-12785 (A vulnerability was found in itsourcecode Vehicle Management System 1. ...) + TODO: check +CVE-2024-12784 (A vulnerability was found in itsourcecode Vehicle Management System 1. ...) + TODO: check +CVE-2024-12783 (A vulnerability was found in itsourcecode Vehicle Management System 1. ...) + TODO: check +CVE-2024-12782 (A vulnerability has been found in Fujifilm Apeos C3070, Apeos C5570 an ...) + TODO: check +CVE-2024-12626 (The AutomatorWP \u2013 Automator plugin for no-code automations, webho ...) + TODO: check +CVE-2024-12569 (Disclosure of sensitive information in HikVision camera driver's log f ...) + TODO: check +CVE-2024-12331 (The File Manager Pro \u2013 Filester plugin for WordPress is vulnerabl ...) + TODO: check +CVE-2024-11616 (Netskope was made aware of a security vulnerability in Netsk
[Git][security-tracker-team/security-tracker][master] automatic update
Salvatore Bonaccorso pushed to branch master at Debian Security Tracker / security-tracker Commits: ebf6451a by security tracker role at 2024-12-19T08:11:59+00:00 automatic update - - - - - 1 changed file: - data/CVE/list Changes: = data/CVE/list = @@ -1,13 +1,85 @@ -CVE-2024-12695 +CVE-2024-56319 (In Matter (aka connectedhomeip or Project CHIP) through 1.4.0.0 before ...) + TODO: check +CVE-2024-56318 (In raw\TCP.cpp in Matter (aka connectedhomeip or Project CHIP) through ...) + TODO: check +CVE-2024-56317 (In Matter (aka connectedhomeip or Project CHIP) through 1.4.0.0, the W ...) + TODO: check +CVE-2024-56145 (Craft is a flexible, user-friendly CMS for creating custom digital exp ...) + TODO: check +CVE-2024-56140 (Astro is a web framework for content-driven websites. In affected vers ...) + TODO: check +CVE-2024-56116 (A Cross-Site Request Forgery vulnerability in Amiro.CMS before 7.8.4 a ...) + TODO: check +CVE-2024-56115 (A vulnerability in Amiro.CMS before 7.8.4 exists due to the failure to ...) + TODO: check +CVE-2024-55603 (Kanboard is project management software that focuses on the Kanban met ...) + TODO: check +CVE-2024-55506 (An IDOR vulnerability in CodeAstro's Complaint Management System v1.0 ...) + TODO: check +CVE-2024-55505 (An issue in CodeAstro Complaint Management System v.1.0 allows a remot ...) + TODO: check +CVE-2024-55461 (SeaCMS <=13.0 is vulnerable to command execution in phome.php via the ...) + TODO: check +CVE-2024-55239 (A reflected Cross-Site Scripting vulnerability in the standard documen ...) + TODO: check +CVE-2024-55232 (An IDOR vulnerability in the manage-notes.php module in PHPGurukul Onl ...) + TODO: check +CVE-2024-55231 (An IDOR vulnerability in the edit-notes.php module of PHPGurukul Onlin ...) + TODO: check +CVE-2024-53580 (iperf v3.17.1 was discovered to contain a segmentation violation via t ...) + TODO: check +CVE-2024-51532 (Dell PowerStore contains an Improper Neutralization of Argument Delimi ...) + TODO: check +CVE-2024-4230 (External Control of File Name or Path vulnerability in Edgecross Basic ...) + TODO: check +CVE-2024-4229 (Incorrect Default Permissions vulnerability in Edgecross Basic Softwar ...) + TODO: check +CVE-2024-45338 (An attacker can craft an input to the Parse functions that would be pr ...) + TODO: check +CVE-2024-43106 (A library injection vulnerability exists in Microsoft Excel 16.83 for ...) + TODO: check +CVE-2024-42220 (A library injection vulnerability exists in Microsoft Outlook 16.83.3 ...) + TODO: check +CVE-2024-42004 (A library injection vulnerability exists in Microsoft Teams (work or s ...) + TODO: check +CVE-2024-41165 (A library injection vulnerability exists in Microsoft Word 16.83 for m ...) + TODO: check +CVE-2024-41159 (A library injection vulnerability exists in Microsoft OneNote 16.83 fo ...) + TODO: check +CVE-2024-41145 (A library injection vulnerability exists in the WebView.app helper app ...) + TODO: check +CVE-2024-41138 (A library injection vulnerability exists in the com.microsoft.teams2.m ...) + TODO: check +CVE-2024-39804 (A library injection vulnerability exists in Microsoft PowerPoint 16.83 ...) + TODO: check +CVE-2024-37649 (Insecure Permissions vulnerability in SecureSTATION v.2.5.5.3116-S50-S ...) + TODO: check +CVE-2024-35141 (IBM Security Verify Access Docker 10.0.0 through 10.0.6 could allow a ...) + TODO: check +CVE-2024-12686 (A vulnerability has been discovered in Privileged Remote Access (PRA) ...) + TODO: check +CVE-2024-12560 (The Button Block \u2013 Get fully customizable & multi-functional butt ...) + TODO: check +CVE-2024-12121 (The Broken Link Checker | Finder plugin for WordPress is vulnerable to ...) + TODO: check +CVE-2024-11984 (A unrestricted upload of file with dangerous type vulnerability in epa ...) + TODO: check +CVE-2024-11768 (The Download Manager plugin for WordPress is vulnerable to unauthorize ...) + TODO: check +CVE-2024-11740 (The The Download Manager plugin for WordPress is vulnerable to arbitra ...) + TODO: check +CVE-2024-10548 (The WP Project Manager plugin for WordPress is vulnerable to Sensitive ...) + TODO: check +CVE-2024-12695 (Out of bounds write in V8 in Google Chrome prior to 131.0.6778.204 all ...) - chromium [bullseye] - chromium (see #1061268) -CVE-2024-12694 +CVE-2024-12694 (Use after free in Compositing in Google Chrome prior to 131.0.6778.204 ...) - chromium [bullseye] - chromium (see #1061268) -CVE-2024-12693 +CVE-2024-12693 (Out of bounds memory access in V8 in Google Chrome prior to 131.0.6778 ...) - chromium [bullseye] - chromium (see #1061268) -CVE-2024-12692 +C
[Git][security-tracker-team/security-tracker][master] automatic update
Salvatore Bonaccorso pushed to branch master at Debian Security Tracker / security-tracker Commits: 80e7fe62 by security tracker role at 2024-12-18T20:12:19+00:00 automatic update - - - - - 1 changed file: - data/CVE/list Changes: = data/CVE/list = @@ -1,3 +1,151 @@ +CVE-2024-56128 (Incorrect Implementation of Authentication Algorithm in Apache Kafka's ...) + TODO: check +CVE-2024-56059 (Improperly Controlled Modification of Object Prototype Attributes ('Pr ...) + TODO: check +CVE-2024-56058 (Deserialization of Untrusted Data vulnerability in Gueststream VRPConn ...) + TODO: check +CVE-2024-56057 (Unrestricted Upload of File with Dangerous Type vulnerability in VibeT ...) + TODO: check +CVE-2024-56055 (Path Traversal: '.../...//' vulnerability in VibeThemes WPLMS allows P ...) + TODO: check +CVE-2024-56054 (Unrestricted Upload of File with Dangerous Type vulnerability in VibeT ...) + TODO: check +CVE-2024-56053 (Improper Neutralization of Special Elements used in an SQL Command ('S ...) + TODO: check +CVE-2024-56052 (Unrestricted Upload of File with Dangerous Type vulnerability in VibeT ...) + TODO: check +CVE-2024-56051 (Improper Control of Generation of Code ('Code Injection') vulnerabilit ...) + TODO: check +CVE-2024-56050 (Unrestricted Upload of File with Dangerous Type vulnerability in VibeT ...) + TODO: check +CVE-2024-56049 (Path Traversal: '.../...//' vulnerability in VibeThemes WPLMS allows P ...) + TODO: check +CVE-2024-56048 (Missing Authorization vulnerability in VibeThemes WPLMS allows Accessi ...) + TODO: check +CVE-2024-56047 (Improper Neutralization of Special Elements used in an SQL Command ('S ...) + TODO: check +CVE-2024-56016 (Improper Neutralization of Input During Web Page Generation ('Cross-si ...) + TODO: check +CVE-2024-56010 (Improper Neutralization of Input During Web Page Generation ('Cross-si ...) + TODO: check +CVE-2024-56008 (Missing Authorization vulnerability in spreadr Spreadr Woocommerce all ...) + TODO: check +CVE-2024-55997 (Missing Authorization vulnerability in Web Chunky Order Delivery & Pic ...) + TODO: check +CVE-2024-55985 (Improper Neutralization of Special Elements used in an SQL Command ('S ...) + TODO: check +CVE-2024-55984 (Improper Neutralization of Special Elements used in an SQL Command ('S ...) + TODO: check +CVE-2024-55983 (Improper Neutralization of Special Elements used in an SQL Command ('S ...) + TODO: check +CVE-2024-55975 (Improper Neutralization of Special Elements used in an SQL Command ('S ...) + TODO: check +CVE-2024-55953 (DataEase is an open source business analytics tool. Authenticated user ...) + TODO: check +CVE-2024-55952 (DataEase is an open source business analytics tool. Authenticated user ...) + TODO: check +CVE-2024-55492 (Winmail Server 4.4 is vulnerable to f_user=%22%3E%3Csvg%20onload Cross ...) + TODO: check +CVE-2024-55089 (Rhymix 2.1.19 is vulnerable to Server-Side Request Forgery (SSRF) in t ...) + TODO: check +CVE-2024-55088 (GetSimple CMS CE 3.3.19 is vulnerable to Server-Side Request Forgery ( ...) + TODO: check +CVE-2024-55086 (In the GetSimple CMS CE 3.3.19 management page, Server-Side Request Fo ...) + TODO: check +CVE-2024-54383 (Incorrect Privilege Assignment vulnerability in wpweb WooCommerce PDF ...) + TODO: check +CVE-2024-54381 (Missing Authorization vulnerability in theDotstore Advance Menu Manage ...) + TODO: check +CVE-2024-54350 (Improper Neutralization of Input During Web Page Generation ('Cross-si ...) + TODO: check +CVE-2024-54270 (Improper Control of Filename for Include/Require Statement in PHP Prog ...) + TODO: check +CVE-2024-53271 (Envoy is a cloud-native high-performance edge/middle/service proxy. In ...) + TODO: check +CVE-2024-53270 (Envoy is a cloud-native high-performance edge/middle/service proxy. In ...) + TODO: check +CVE-2024-53269 (Envoy is a cloud-native high-performance edge/middle/service proxy. Wh ...) + TODO: check +CVE-2024-52593 (Misskey is an open source, federated social media platform.In affected ...) + TODO: check +CVE-2024-52592 (Misskey is an open source, federated social media platform. In affecte ...) + TODO: check +CVE-2024-52591 (Misskey is an open source, federated social media platform. In affecte ...) + TODO: check +CVE-2024-52590 (Misskey is an open source, federated social media platform. In affecte ...) + TODO: check +CVE-2024-52579 (Misskey is an open source, federated social media platform. Some APIs ...) + TODO: check +CVE-2024-52485 (Missing Authorization vulnerability in Yudiz Solutions Ltd. WP Menu Im ...) + TODO: check +CVE-2024-52361 (IBM Storage Defender - Resiliency Service 2.0.0 through 2.0.9 stor
[Git][security-tracker-team/security-tracker][master] automatic update
Salvatore Bonaccorso pushed to branch master at Debian Security Tracker / security-tracker Commits: 803cdd57 by security tracker role at 2024-12-18T08:12:06+00:00 automatic update - - - - - 1 changed file: - data/CVE/list Changes: = data/CVE/list = @@ -1,3 +1,91 @@ +CVE-2024-56175 (In Optimizely Configured Commerce before 5.2.2408, malicious payloads ...) + TODO: check +CVE-2024-56174 (In Optimizely Configured Commerce before 5.2.2408, malicious payloads ...) + TODO: check +CVE-2024-56173 (In Optimizely Configured Commerce before 5.2.2408, malicious payloads ...) + TODO: check +CVE-2024-56170 (A validation integrity issue was discovered in Fort through 1.6.4 befo ...) + TODO: check +CVE-2024-56169 (A validation integrity issue was discovered in Fort through 1.6.4 befo ...) + TODO: check +CVE-2024-56142 (pghoard is a PostgreSQL backup daemon and restore tooling that stores ...) + TODO: check +CVE-2024-55059 (A stored HTML Injection vulnerability was identified in PHPGurukul Onl ...) + TODO: check +CVE-2024-55058 (An insecure direct object reference (IDOR) vulnerability was discovere ...) + TODO: check +CVE-2024-55057 (Phpgurukul Online Birth Certificate System 1.0 suffers from insufficie ...) + TODO: check +CVE-2024-55056 (A stored cross-site scripting (XSS) vulnerability was identified in Ph ...) + TODO: check +CVE-2024-54457 (Inclusion of undocumented features or chicken bits issue exists in AE1 ...) + TODO: check +CVE-2024-53688 (Improper neutralization of special elements used in an OS command ('OS ...) + TODO: check +CVE-2024-52792 (LDAP Account Manager (LAM) is a php webfrontend for managing entries ( ...) + TODO: check +CVE-2024-51175 (An issue in H3C switch h3c-S1526 allows a remote attacker to obtain se ...) + TODO: check +CVE-2024-4464 (Authorization bypass through user-controlled key vulnerability in stre ...) + TODO: check +CVE-2024-47480 (Dell Inventory Collector Client, versions prior to 12.7.0, contains an ...) + TODO: check +CVE-2024-47397 (Weak authentication issue exists in AE1021 firmware versions 2.0.10 an ...) + TODO: check +CVE-2024-39703 (In ThreatQuotient ThreatQ before 5.29.3, authenticated users are able ...) + TODO: check +CVE-2024-31668 (rizin before v0.6.3 is vulnerable to Improper Neutralization of Specia ...) + TODO: check +CVE-2024-29646 (Buffer Overflow vulnerability in radarorg radare2 v.5.8.8 allows an at ...) + TODO: check +CVE-2024-21548 (Versions of the package bun before 1.1.30 are vulnerable to Prototype ...) + TODO: check +CVE-2024-21547 (Versions of the package spatie/browsershot before 5.0.2 are vulnerable ...) + TODO: check +CVE-2024-21546 (Versions of the package unisharp/laravel-filemanager before 2.9.1 are ...) + TODO: check +CVE-2024-1610 (In OPPO Store APP, there's a possible escalation of privilege due to i ...) + TODO: check +CVE-2024-12698 (An incomplete fix for ose-olm-catalogd-container was issued for the Ra ...) + TODO: check +CVE-2024-12596 (The LifterLMS \u2013 WP LMS for eLearning, Online Courses, & Quizzes p ...) + TODO: check +CVE-2024-12539 (An issue was discovered where improper authorization controls affected ...) + TODO: check +CVE-2024-12513 (The Contests by Rewards Fuel plugin for WordPress is vulnerable to Sto ...) + TODO: check +CVE-2024-12500 (The Philantro \u2013 Donations and Donor Management plugin for WordPre ...) + TODO: check +CVE-2024-12449 (The Video Share VOD \u2013 Turnkey Video Site Builder Script plugin fo ...) + TODO: check +CVE-2024-12432 (The WPC Shop as a Customer for WooCommerce plugin for WordPress is vul ...) + TODO: check +CVE-2024-12287 (The Biagiotti Membership plugin for WordPress is vulnerable to authent ...) + TODO: check +CVE-2024-12259 (The CRM WordPress Plugin \u2013 RepairBuddy plugin for WordPress is vu ...) + TODO: check +CVE-2024-12250 (The Accept Authorize.NET Payments Using Contact Form 7 plugin for Word ...) + TODO: check +CVE-2024-12061 (The Events Addon for Elementor plugin for WordPress is vulnerable to I ...) + TODO: check +CVE-2024-12025 (The Collapsing Categories plugin for WordPress is vulnerable to SQL In ...) + TODO: check +CVE-2024-11993 (Reflected cross-site scripting (XSS) vulnerability in Liferay Portal 7 ...) + TODO: check +CVE-2024-11881 (The Easy Waveform Player plugin for WordPress is vulnerable to Stored ...) + TODO: check +CVE-2024-11748 (The Taeggie Feed plugin for WordPress is vulnerable to Stored Cross-Si ...) + TODO: check +CVE-2024-11439 (The ScanCircle plugin for WordPress is vulnerable to Stored Cross-Site ...) + TODO: check +CVE-2024-11295 (The Simple Page Access Restriction plugin for WordPress is vulnerable ..
[Git][security-tracker-team/security-tracker][master] automatic update
Salvatore Bonaccorso pushed to branch master at Debian Security Tracker / security-tracker Commits: 4c5bbf87 by security tracker role at 2024-12-17T20:12:49+00:00 automatic update - - - - - 1 changed file: - data/CVE/list Changes: = data/CVE/list = @@ -1,10 +1,116 @@ +CVE-2024-9819 (Authorization Bypass Through User-Controlled Key vulnerability in Next ...) + TODO: check +CVE-2024-9654 (The Easy Digital Downloads plugin for WordPress is vulnerable to Impro ...) + TODO: check +CVE-2024-8972 (Improper Neutralization of Special Elements used in an SQL Command ('S ...) + TODO: check +CVE-2024-8475 (Authentication Bypass by Assumed-Immutable Data vulnerability in Digit ...) + TODO: check +CVE-2024-8429 (Improper Restriction of Excessive Authentication Attempts vulnerabilit ...) + TODO: check +CVE-2024-8326 (The s2Member \u2013 Excellent for All Kinds of Memberships, Content Re ...) + TODO: check +CVE-2024-56139 (pdftools is a high level tools to convert PDF files to ePUB formats. I ...) + TODO: check +CVE-2024-55516 (A vulnerability was found in Raisecom MSG1200, MSG2100E, MSG2200, and ...) + TODO: check +CVE-2024-55515 (A vulnerability was found in Raisecom MSG1200, MSG2100E, MSG2200, and ...) + TODO: check +CVE-2024-55514 (A vulnerability was found in Raisecom MSG1200, MSG2100E, MSG2200, and ...) + TODO: check +CVE-2024-55513 (A vulnerability was found in Raisecom MSG1200, MSG2100E, MSG2200, and ...) + TODO: check +CVE-2024-55496 (A vulnerability has been found in the 1000projects Bookstore Managemen ...) + TODO: check +CVE-2024-54677 (Uncontrolled Resource Consumption vulnerability in the examples web ap ...) + TODO: check +CVE-2024-54662 (Dante 1.4.0 through 1.4.3 (fixed in 1.4.4) has incorrect access contro ...) + TODO: check +CVE-2024-52542 (Dell AppSync, version 4.6.0.x, contain a Symbolic Link (Symlink) Follo ...) + TODO: check +CVE-2024-51479 (Next.js is a React framework for building full-stack web applications. ...) + TODO: check +CVE-2024-50379 (Time-of-check Time-of-use (TOCTOU) Race Condition vulnerability during ...) + TODO: check +CVE-2024-49820 (IBM Security Guardium Key Lifecycle Manager 4.1, 4.1.1, 4.2.0, and 4.2 ...) + TODO: check +CVE-2024-49819 (IBM Security Guardium Key Lifecycle Manager 4.1, 4.1.1, 4.2.0, and 4.2 ...) + TODO: check +CVE-2024-49818 (IBM Security Guardium Key Lifecycle Manager 4.1, 4.1.1, 4.2.0, and 4.2 ...) + TODO: check +CVE-2024-49817 (IBM Security Guardium Key Lifecycle Manager 4.1, 4.1.1, 4.2.0, and 4.2 ...) + TODO: check +CVE-2024-49816 (IBM Security Guardium Key Lifecycle Manager 4.1, 4.1.1, 4.2.0, and 4.2 ...) + TODO: check +CVE-2024-49194 (Databricks JDBC Driver before 2.6.40 could potentially allow remote co ...) + TODO: check +CVE-2024-42194 (An improper handling of insufficient permissions or privileges affects ...) + TODO: check +CVE-2024-37607 (A Buffer overflow vulnerability in D-Link DAP-2555 REVA_FIRMWARE_1.20 ...) + TODO: check +CVE-2024-37606 (A Stack overflow vulnerability in D-Link DCS-932L REVB_FIRMWARE_2.18.0 ...) + TODO: check +CVE-2024-37605 (A NULL pointer dereference in D-Link DIR-860L REVB_FIRMWARE_2.04.B04_i ...) + TODO: check +CVE-2024-36832 (A NULL pointer dereference in D-Link DAP-1513 REVA_FIRMWARE_1.01 allow ...) + TODO: check +CVE-2024-36831 (A NULL pointer dereference in the plugins_call_handle_uri_clean functi ...) + TODO: check +CVE-2024-12671 (A maliciously crafted DWFX file, when parsed through Autodesk Naviswor ...) + TODO: check +CVE-2024-12670 (A maliciously crafted DWF file, when parsed through Autodesk Naviswork ...) + TODO: check +CVE-2024-12669 (A maliciously crafted DWFX file, when parsed through Autodesk Naviswor ...) + TODO: check +CVE-2024-12601 (The Calculated Fields Form plugin for WordPress is vulnerable to Denia ...) + TODO: check +CVE-2024-12469 (The WP BASE Booking of Appointments, Services and Events plugin for Wo ...) + TODO: check +CVE-2024-12395 (The WooCommerce Additional Fees On Checkout (Free) plugin for WordPres ...) + TODO: check +CVE-2024-12293 (The User Role Editor plugin for WordPress is vulnerable to Cross-Site ...) + TODO: check +CVE-2024-12200 (A maliciously crafted DWFX file, when parsed through Autodesk Naviswor ...) + TODO: check +CVE-2024-12199 (A maliciously crafted DWFX file, when parsed through Autodesk Naviswor ...) + TODO: check +CVE-2024-12198 (A maliciously crafted DWFX file, when parsed through Autodesk Naviswor ...) + TODO: check +CVE-2024-12197 (A maliciously crafted DWFX file, when parsed through Autodesk Naviswor ...) + TODO: check +CVE-2024-12194 (A maliciously crafted DWFX file, when parsed through Autodesk Naviswor ...)
[Git][security-tracker-team/security-tracker][master] automatic update
Salvatore Bonaccorso pushed to branch master at Debian Security Tracker / security-tracker Commits: 9b68c6f9 by security tracker role at 2024-12-17T08:12:05+00:00 automatic update - - - - - 1 changed file: - data/CVE/list Changes: = data/CVE/list = @@ -1,3 +1,67 @@ +CVE-2024-9624 (The WP All Import Pro plugin for WordPress is vulnerable to Server-Sid ...) + TODO: check +CVE-2024-56017 (Cross-Site Request Forgery (CSRF) vulnerability in Tom Royal Stop Regi ...) + TODO: check +CVE-2024-55951 (Metabase is an open-source data analytics platform. For new sandboxing ...) + TODO: check +CVE-2024-55864 (Cross-site scripting vulnerability exists in My WP Customize Admin/Fro ...) + TODO: check +CVE-2024-7 (ui/pref/ProxyPrefView.java in weasis-core in Weasis 4.5.1 has a hardco ...) + TODO: check +CVE-2024-4 (Intrexx Portal Server before 12.0.2 allows XSS via a user-defined port ...) + TODO: check +CVE-2024-55452 (A URL redirection vulnerability exists in UJCMS 9.6.3 due to improper ...) + TODO: check +CVE-2024-55451 (A Stored Cross-Site Scripting (XSS) vulnerability exists in authentica ...) + TODO: check +CVE-2024-55104 (Online Nurse Hiring System v1.0 was discovered to contain multiple SQL ...) + TODO: check +CVE-2024-55103 (Online Nurse Hiring System v1.0 was discovered to contain a SQL inject ...) + TODO: check +CVE-2024-55100 (A stored cross-site scripting (XSS) vulnerability in the component /ad ...) + TODO: check +CVE-2024-55085 (GetSimple CMS CE 3.3.19 suffers from arbitrary code execution in the t ...) + TODO: check +CVE-2024-54125 (Improper authorization in handler for custom URL scheme issue in "Shon ...) + TODO: check +CVE-2024-52949 (iptraf-ng 1.2.1 has a stack-based buffer overflow.) + TODO: check +CVE-2024-38499 (CA Client Automation (ITCM) allows non-admin/non-root users to encrypt ...) + TODO: check +CVE-2024-37776 (A cross-site scripting (XSS) vulnerability in Sunbird DCIM dcTrack v9. ...) + TODO: check +CVE-2024-37775 (Incorrect access control in Sunbird DCIM dcTrack v9.1.2 allows attacke ...) + TODO: check +CVE-2024-37774 (A Cross-Site Request Forgery (CSRF) in Sunbird DCIM dcTrack v9.1.2 all ...) + TODO: check +CVE-2024-37773 (An HTML injection vulnerability in Sunbird DCIM dcTrack 9.1.2 allows a ...) + TODO: check +CVE-2024-35230 (GeoServer is an open source software server written in Java that allow ...) + TODO: check +CVE-2024-29671 (Buffer Overflow vulnerability in NEXTU FLATA AX1500 Router v.1.0.2 all ...) + TODO: check +CVE-2024-12443 (The CRM Perks \u2013 WordPress HelpDesk Integration \u2013 Zendesk, Fr ...) + TODO: check +CVE-2024-12356 (A critical vulnerability has been discovered in Privileged Remote Acce ...) + TODO: check +CVE-2024-12239 (The PowerPack Lite for Beaver Builder plugin for WordPress is vulnerab ...) + TODO: check +CVE-2024-12220 (The SMS for WooCommerce plugin for WordPress is vulnerable to Cross-Si ...) + TODO: check +CVE-2024-12219 (The Stop Registration Spam plugin for WordPress is vulnerable to Cross ...) + TODO: check +CVE-2024-11999 (CWE-1104: Use of Unmaintained Third-Party Components vulnerability exi ...) + TODO: check +CVE-2024-11906 (The TPG Get Posts plugin for WordPress is vulnerable to Stored Cross-S ...) + TODO: check +CVE-2024-11905 (The Animated Counters plugin for WordPress is vulnerable to Stored Cro ...) + TODO: check +CVE-2024-11902 (The Slope Widgets plugin for WordPress is vulnerable to Stored Cross-S ...) + TODO: check +CVE-2024-11900 (The Portfolio \u2013 Filterable Masonry Portfolio Gallery for Professi ...) + TODO: check +CVE-2024-10205 (Authentication Bypass vulnerability in Hitachi Ops Center Analyzer on ...) + TODO: check CVE-2024-8058 (An improper parsing vulnerability was reported in the FileZ client tha ...) NOT-FOR-US: FileZ client CVE-2024-6002 @@ -66470,7 +66534,7 @@ CVE-2024-28328 (CSV Injection vulnerability in the Asus RT-N12+ router allows ad NOT-FOR-US: ASUS CVE-2024-28327 (Asus RT-N12+ B1 router stores user passwords in plaintext, which could ...) NOT-FOR-US: ASUS -CVE-2024-28326 (Incorrect Access Control in Asus RT-N12+ B1 routers allows local attac ...) +CVE-2024-28326 (Incorrect Access Control in ASUS RT-N12+ B1 and RT-N12 D1 routers allo ...) NOT-FOR-US: ASUS CVE-2024-28325 (Asus RT-N12+ B1 router stores credentials in cleartext, which could al ...) NOT-FOR-US: ASUS @@ -297645,14 +297709,14 @@ CVE-2021-26283 RESERVED CVE-2021-26282 RESERVED -CVE-2021-26281 - RESERVED -CVE-2021-26280 - RESERVED -CVE-2021-26279 - RESERVED -CVE-2021-26278 - RESERVED +CVE-2021-26281 (Some parameters of the alarm clock module are improperly stor
[Git][security-tracker-team/security-tracker][master] automatic update
Salvatore Bonaccorso pushed to branch master at Debian Security Tracker / security-tracker Commits: 7e3d4a34 by security tracker role at 2024-12-16T20:12:12+00:00 automatic update - - - - - 1 changed file: - data/CVE/list Changes: = data/CVE/list = @@ -1,3 +1,337 @@ +CVE-2024-8058 (An improper parsing vulnerability was reported in the FileZ client tha ...) + TODO: check +CVE-2024-6002 + REJECTED +CVE-2024-6001 (An improper certificate validation vulnerability was reported in LADM ...) + TODO: check +CVE-2024-56015 (Cross-Site Request Forgery (CSRF) vulnerability in John Godley Tidy Up ...) + TODO: check +CVE-2024-56013 (Authentication Bypass Using an Alternate Path or Channel vulnerability ...) + TODO: check +CVE-2024-56012 (Cross-Site Request Forgery (CSRF) vulnerability in Pearlbells Flash Ne ...) + TODO: check +CVE-2024-56011 (Improper Neutralization of Input During Web Page Generation ('Cross-si ...) + TODO: check +CVE-2024-56009 (Missing Authorization vulnerability in spreadr Spreadr Woocommerce all ...) + TODO: check +CVE-2024-56007 (Missing Authorization vulnerability in Ram Segev Leader allows Exploit ...) + TODO: check +CVE-2024-56005 (Cross-Site Request Forgery (CSRF) vulnerability in Posti Posti Shippin ...) + TODO: check +CVE-2024-56004 (Missing Authorization vulnerability in Alex W Fowler Easy Site Importe ...) + TODO: check +CVE-2024-56003 (Missing Authorization vulnerability in David Cramer Caldera SMTP Maile ...) + TODO: check +CVE-2024-56001 (Missing Authorization vulnerability in Ksher Ksher allows Exploiting I ...) + TODO: check +CVE-2024-55999 (Missing Authorization vulnerability in Marco Giannini XML Multilanguag ...) + TODO: check +CVE-2024-55998 (Missing Authorization vulnerability in dusthazard Popup Surveys & Poll ...) + TODO: check +CVE-2024-55996 (Missing Authorization vulnerability in Dreamfox Dreamfox Media Payment ...) + TODO: check +CVE-2024-55994 (Missing Authorization vulnerability in \u641c\u72d0\u7545\u8a00 \u7545 ...) + TODO: check +CVE-2024-55993 (Missing Authorization vulnerability in PickPlugins Job Board Manager a ...) + TODO: check +CVE-2024-55992 (Missing Authorization vulnerability in Open Tools WooCommerce Basic Or ...) + TODO: check +CVE-2024-55990 (Improper Neutralization of Special Elements used in an SQL Command ('S ...) + TODO: check +CVE-2024-55989 (Improper Neutralization of Special Elements used in an SQL Command ('S ...) + TODO: check +CVE-2024-55988 (Improper Neutralization of Special Elements used in an SQL Command ('S ...) + TODO: check +CVE-2024-55987 (Improper Neutralization of Special Elements used in an SQL Command ('S ...) + TODO: check +CVE-2024-55986 (Improper Neutralization of Special Elements used in an SQL Command ('S ...) + TODO: check +CVE-2024-55982 (Improper Neutralization of Special Elements used in an SQL Command ('S ...) + TODO: check +CVE-2024-55981 (Improper Neutralization of Special Elements used in an SQL Command ('S ...) + TODO: check +CVE-2024-55980 (Improper Neutralization of Special Elements used in an SQL Command ('S ...) + TODO: check +CVE-2024-55979 (Improper Neutralization of Special Elements used in an SQL Command ('S ...) + TODO: check +CVE-2024-55978 (Improper Neutralization of Special Elements used in an SQL Command ('S ...) + TODO: check +CVE-2024-55977 (Improper Neutralization of Special Elements used in an SQL Command ('S ...) + TODO: check +CVE-2024-55976 (Improper Neutralization of Special Elements used in an SQL Command ('S ...) + TODO: check +CVE-2024-55974 (Improper Neutralization of Special Elements used in an SQL Command ('S ...) + TODO: check +CVE-2024-55973 (Improper Neutralization of Special Elements used in an SQL Command ('S ...) + TODO: check +CVE-2024-55972 (Improper Neutralization of Special Elements used in an SQL Command ('S ...) + TODO: check +CVE-2024-55949 (MinIO is a high-performance, S3 compatible object store, open sourced ...) + TODO: check +CVE-2024-54682 (Mattermost versions 10.1.x <= 10.1.2, 10.0.x <= 10.0.2, 9.11.x <= 9.11 ...) + TODO: check +CVE-2024-54443 (Improper Neutralization of Input During Web Page Generation ('Cross-si ...) + TODO: check +CVE-2024-54442 (Improper Neutralization of Input During Web Page Generation ('Cross-si ...) + TODO: check +CVE-2024-54441 (Improper Neutralization of Input During Web Page Generation ('Cross-si ...) + TODO: check +CVE-2024-54440 (Cross-Site Request Forgery (CSRF) vulnerability in blueskyy WP-Ban-Use ...) + TODO: check +CVE-2024-54439 (Cross-Site Request Forgery (CSRF) vulnerability in Alok Tiwari Amazon ...) + TODO: check +CVE-2024-54438 (Cross-Site Request Forgery (CSRF) vulnera
[Git][security-tracker-team/security-tracker][master] automatic update
Salvatore Bonaccorso pushed to branch master at Debian Security Tracker / security-tracker Commits: 74bdb9ac by security tracker role at 2024-12-16T08:11:57+00:00 automatic update - - - - - 1 changed file: - data/CVE/list Changes: = data/CVE/list = @@ -1,3 +1,43 @@ +CVE-2024-9679 (A Hardcoded Cryptographic key vulnerability existed in DLP Extension 1 ...) + TODO: check +CVE-2024-9678 (An SQL Injection vulnerability existed in DLP Extension 11.11.1.3. Th ...) + TODO: check +CVE-2024-8798 (No proper validation of the length of user input in olcp_ind_handler i ...) + TODO: check +CVE-2024-8650 (An issue was discovered in GitLab CE/EE affecting all versions from 15 ...) + TODO: check +CVE-2024-8116 (An issue has been discovered in GitLab CE/EE affecting all versions fr ...) + TODO: check +CVE-2024-5333 (The Events Calendar WordPress plugin before 6.8.2.1 is missing access ...) + TODO: check +CVE-2024-56112 (CyberPanel (aka Cyber Panel) before f0cf648 allows XSS via token or us ...) + TODO: check +CVE-2024-56087 (An issue was discovered in Logpoint before 7.5.0. Authenticated users ...) + TODO: check +CVE-2024-56086 (An issue was discovered in Logpoint before 7.5.0. Authenticated users ...) + TODO: check +CVE-2024-56085 (An issue was discovered in Logpoint before 7.5.0. Authenticated users ...) + TODO: check +CVE-2024-56084 (An issue was discovered in Logpoint UniversalNormalizer before 5.7.0. ...) + TODO: check +CVE-2024-56083 (Cognition Devin before 2024-12-12 provides write access to code by an ...) + TODO: check +CVE-2024-53376 (CyberPanel before 2.3.8 allows remote authenticated users to execute a ...) + TODO: check +CVE-2024-12646 (The topm-client from Chunghwa Telecom has an Arbitrary File Delete vul ...) + TODO: check +CVE-2024-12645 (The topm-client from Chunghwa Telecom has an Arbitrary File Read vulne ...) + TODO: check +CVE-2024-12644 (The tbm-client from Chunghwa Telecom has an Arbitrary File vulnerabili ...) + TODO: check +CVE-2024-12643 (The tbm-client from Chunghwa Telecom has an Arbitrary File Delete vuln ...) + TODO: check +CVE-2024-12642 (TenderDocTransfer from Chunghwa Telecom has an Arbitrary File Write vu ...) + TODO: check +CVE-2024-12641 (TenderDocTransfer from Chunghwa Telecom has a Reflected Cross-site scr ...) + TODO: check +CVE-2024-11841 (The Tithe.ly Giving Button WordPress plugin through 1.1 does not valid ...) + TODO: check CVE-2024-7701 (Use of Password Hash With Insufficient Computational Effort vulnerabil ...) - percona-toolkit TODO: check details on upstream reports @@ -1235,6 +1275,7 @@ CVE-2024-47607 (GStreamer is a library for constructing graphs of media-handling NOTE: Fixed by: https://gitlab.freedesktop.org/gstreamer/gstreamer/-/commit/2838374d6ee4a0c9c4c4221ac46d5c1688f26e59 NOTE: Fixed by: https://gitlab.freedesktop.org/gstreamer/gstreamer/-/commit/804eca458fb547942ed70b88c021b996be9228a2 (1.24.10) CVE-2024-47606 (GStreamer is a library for constructing graphs of media-handling compo ...) + {DLA-3994-1} - gstreamer1.0 1.24.10-1 - gstreamer0.10 - gst-plugins-good1.0 1.24.10-1 View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/74bdb9ac8c8075f5abdfaa2e5184ef917b973bd5 -- View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/74bdb9ac8c8075f5abdfaa2e5184ef917b973bd5 You're receiving this email because of your account on salsa.debian.org. ___ debian-security-tracker-commits mailing list debian-security-tracker-commits@alioth-lists.debian.net https://alioth-lists.debian.net/cgi-bin/mailman/listinfo/debian-security-tracker-commits
[Git][security-tracker-team/security-tracker][master] automatic update
Salvatore Bonaccorso pushed to branch master at Debian Security Tracker / security-tracker Commits: 00e76400 by security tracker role at 2024-12-15T20:12:15+00:00 automatic update - - - - - 1 changed file: - data/CVE/list Changes: = data/CVE/list = @@ -1,3 +1,7 @@ +CVE-2024-7701 (Use of Password Hash With Insufficient Computational Effort vulnerabil ...) + TODO: check +CVE-2024-11858 (A flaw was found in Radare2, which contains a command injection vulner ...) + TODO: check CVE-2024-56082 (ChatBar.tsx in Lumos before 1.0.17 parses raw HTML in Markdown because ...) NOT-FOR-US: ChatBar.tsx in Lumos CVE-2024-56074 (gitingest before 9996a06 mishandles symbolic links that point outside ...) View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/00e7640034101a8433ea4678424a2f4d3eace751 -- View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/00e7640034101a8433ea4678424a2f4d3eace751 You're receiving this email because of your account on salsa.debian.org. ___ debian-security-tracker-commits mailing list debian-security-tracker-commits@alioth-lists.debian.net https://alioth-lists.debian.net/cgi-bin/mailman/listinfo/debian-security-tracker-commits
[Git][security-tracker-team/security-tracker][master] automatic update
Salvatore Bonaccorso pushed to branch master at Debian Security Tracker / security-tracker Commits: 6f4d1753 by security tracker role at 2024-12-15T08:11:55+00:00 automatic update - - - - - 1 changed file: - data/CVE/list Changes: = data/CVE/list = @@ -1,3 +1,15 @@ +CVE-2024-56082 (ChatBar.tsx in Lumos before 1.0.17 parses raw HTML in Markdown because ...) + TODO: check +CVE-2024-56074 (gitingest before 9996a06 mishandles symbolic links that point outside ...) + TODO: check +CVE-2024-56073 (An issue was discovered in FastNetMon Community Edition through 1.2.7. ...) + TODO: check +CVE-2024-56072 (An issue was discovered in FastNetMon Community Edition through 1.2.7. ...) + TODO: check +CVE-2024-55970 (File Manager in Syncfusion Essential Studio for ASP.NET MVC before 27. ...) + TODO: check +CVE-2024-55969 (DocIO in Syncfusion Essential Studio for ASP.NET MVC before 27.1.55 th ...) + TODO: check CVE-2024-31892 (IBM Storage Scale GUI 5.1.9.0 through 5.1.9.6 and 5.2.0.0 through 5.2. ...) NOT-FOR-US: IBM CVE-2024-31891 (IBM Storage Scale GUI 5.1.9.0 through 5.1.9.6 and 5.2.0.0 through 5.2. ...) View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/6f4d1753370905d4e4e61a7fed635937afe41598 -- View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/6f4d1753370905d4e4e61a7fed635937afe41598 You're receiving this email because of your account on salsa.debian.org. ___ debian-security-tracker-commits mailing list debian-security-tracker-commits@alioth-lists.debian.net https://alioth-lists.debian.net/cgi-bin/mailman/listinfo/debian-security-tracker-commits
[Git][security-tracker-team/security-tracker][master] automatic update
Salvatore Bonaccorso pushed to branch master at Debian Security Tracker / security-tracker Commits: 1abe408b by security tracker role at 2024-12-14T20:12:17+00:00 automatic update - - - - - 1 changed file: - data/CVE/list Changes: = data/CVE/list = @@ -1,3 +1,11 @@ +CVE-2024-31892 (IBM Storage Scale GUI 5.1.9.0 through 5.1.9.6 and 5.2.0.0 through 5.2. ...) + TODO: check +CVE-2024-31891 (IBM Storage Scale GUI 5.1.9.0 through 5.1.9.6 and 5.2.0.0 through 5.2. ...) + TODO: check +CVE-2024-11721 (The Frontend Admin by DynamiApps plugin for WordPress is vulnerable to ...) + TODO: check +CVE-2024-11720 (The Frontend Admin by DynamiApps plugin for WordPress is vulnerable to ...) + TODO: check CVE-2024-9698 (The Crafthemes Demo Import plugin for WordPress is vulnerable to arbit ...) NOT-FOR-US: WordPress plugin CVE-2024-55956 (In Cleo Harmony before 5.8.0.24, VLTrader before 5.8.0.24, and LexiCom ...) @@ -1120,6 +1128,7 @@ CVE-2024-48912 (GLPI is a free asset and IT management software package. Startin - glpi NOTE: https://github.com/glpi-project/glpi/security/advisories/GHSA-vjmw-j32j-ph4f CVE-2024-47835 (GStreamer is a library for constructing graphs of media-handling compo ...) + {DSA-5831-1} - gst-plugins-base1.0 1.24.10-1 - gst-plugins-base0.10 NOTE: https://gstreamer.freedesktop.org/security/sa-2024-0029.html @@ -1182,6 +1191,7 @@ CVE-2024-47758 (GLPI is a free asset and IT management software package. Startin - glpi NOTE: https://github.com/glpi-project/glpi/security/advisories/GHSA-3r4x-6pmx-phwr CVE-2024-47615 (GStreamer is a library for constructing graphs of media-handling compo ...) + {DSA-5831-1} - gst-plugins-base1.0 1.24.10-1 - gst-plugins-base0.10 NOTE: https://gstreamer.freedesktop.org/security/sa-2024-0026.html @@ -1197,6 +1207,7 @@ CVE-2024-47613 (GStreamer is a library for constructing graphs of media-handling NOTE: Fixed by: https://gitlab.freedesktop.org/gstreamer/gstreamer/-/commit/1d1c9d63be51d85f9b80f0c227d4b3469fee2534 NOTE: Fixed by: https://gitlab.freedesktop.org/gstreamer/gstreamer/-/commit/5106dc94fb9b2d8bd0db547e2c325244b7c1f32c (1.24.10) CVE-2024-47607 (GStreamer is a library for constructing graphs of media-handling compo ...) + {DSA-5831-1} - gst-plugins-base1.0 1.24.10-1 - gst-plugins-base0.10 NOTE: https://gstreamer.freedesktop.org/security/sa-2024-0024.html @@ -1236,6 +1247,7 @@ CVE-2024-47601 (GStreamer is a library for constructing graphs of media-handling NOTE: Fixed by: https://gitlab.freedesktop.org/gstreamer/gstreamer/-/merge_requests/8057 NOTE: Fixed by: https://gitlab.freedesktop.org/gstreamer/gstreamer/-/merge_requests/8058 (1.24.10) CVE-2024-47600 (GStreamer is a library for constructing graphs of media-handling compo ...) + {DSA-5831-1} - gst-plugins-base1.0 1.24.10-1 - gst-plugins-base0.10 NOTE: https://gstreamer.freedesktop.org/security/sa-2024-0018.html @@ -1306,6 +1318,7 @@ CVE-2024-47542 (GStreamer is a library for constructing graphs of media-handling NOTE: Fixed by: https://gitlab.freedesktop.org/gstreamer/gstreamer/-/commit/537161868f36048571f400648ac7909f26c73d53 NOTE: Fixed by: https://gitlab.freedesktop.org/gstreamer/gstreamer/-/commit/921d8daa00c329932616dd5d197b601a7e271e79 (1.24.10) CVE-2024-47541 (GStreamer is a library for constructing graphs of media-handling compo ...) + {DSA-5831-1} - gst-plugins-base1.0 1.24.10-1 - gst-plugins-base0.10 NOTE: https://gstreamer.freedesktop.org/security/sa-2024-0023.html @@ -1329,6 +1342,7 @@ CVE-2024-47539 (GStreamer is a library for constructing graphs of media-handling NOTE: Fixed by: https://gitlab.freedesktop.org/gstreamer/gstreamer/-/merge_requests/8059 NOTE: Fixed by: https://gitlab.freedesktop.org/gstreamer/gstreamer/-/merge_requests/8060 (1.24.10) CVE-2024-47538 (GStreamer is a library for constructing graphs of media-handling compo ...) + {DSA-5831-1} - gst-plugins-base1.0 1.24.10-1 - gst-plugins-base0.10 NOTE: https://gstreamer.freedesktop.org/security/sa-2024-0022.html View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/1abe408b7eaf8e858535e9f9dfdd044b2de9740a -- View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/1abe408b7eaf8e858535e9f9dfdd044b2de9740a You're receiving this email because of your account on salsa.debian.org. ___ debian-security-tracker-commits mailing list debian-security-tracker-commits@alioth-lists.debian.net https://alioth-lists.debian.net/cgi-bin/mailman/listinfo/debian-security-tracker-commits
[Git][security-tracker-team/security-tracker][master] automatic update
Salvatore Bonaccorso pushed to branch master at Debian Security Tracker / security-tracker Commits: 8f5b909d by security tracker role at 2024-12-14T08:12:45+00:00 automatic update - - - - - 1 changed file: - data/CVE/list Changes: = data/CVE/list = @@ -1,3 +1,103 @@ +CVE-2024-9698 (The Crafthemes Demo Import plugin for WordPress is vulnerable to arbit ...) + TODO: check +CVE-2024-55956 (In Cleo Harmony before 5.8.0.24, VLTrader before 5.8.0.24, and LexiCom ...) + TODO: check +CVE-2024-55946 (Playloom Engine is an open-source, high-performance game development e ...) + TODO: check +CVE-2024-12632 + REJECTED +CVE-2024-12628 (The bodi0`s Easy cache plugin for WordPress is vulnerable to Stored Cr ...) + TODO: check +CVE-2024-12578 (The Tickera \u2013 WordPress Event Ticketing plugin for WordPress is v ...) + TODO: check +CVE-2024-12555 (The SIP Calculator plugin for WordPress is vulnerable to Cross-Site Re ...) + TODO: check +CVE-2024-12553 (GeoVision GV-ASManager Missing Authorization Information Disclosure Vu ...) + TODO: check +CVE-2024-12552 (Wacom Center WTabletServicePro Link Following Local Privilege Escalati ...) + TODO: check +CVE-2024-12523 (The States Map US plugin for WordPress is vulnerable to Stored Cross-S ...) + TODO: check +CVE-2024-12517 (The WooCommerce Cart Count Shortcode plugin for WordPress is vulnerabl ...) + TODO: check +CVE-2024-12502 (The My IDX Home Search plugin for WordPress is vulnerable to Stored Cr ...) + TODO: check +CVE-2024-12501 (The Simple Locator plugin for WordPress is vulnerable to Stored Cross- ...) + TODO: check +CVE-2024-12474 (The GeoDataSource Country Region DropDown plugin for WordPress is vuln ...) + TODO: check +CVE-2024-12459 (The Ganohrs Toggle Shortcode plugin for WordPress is vulnerable to Sto ...) + TODO: check +CVE-2024-12458 (The Smart PopUp Blaster plugin for WordPress is vulnerable to Stored C ...) + TODO: check +CVE-2024-12448 (The Posts and Products Views for WooCommerce plugin for WordPress is v ...) + TODO: check +CVE-2024-12447 (The Get Post Content Shortcode plugin for WordPress is vulnerable to I ...) + TODO: check +CVE-2024-12446 (The Post to Pdf plugin for WordPress is vulnerable to Stored Cross-Sit ...) + TODO: check +CVE-2024-12422 (The Import Eventbrite Events plugin for WordPress is vulnerable to Ref ...) + TODO: check +CVE-2024-12411 (The WP Ad Guru \u2013 Banner ad, Responsive popup, Popup maker, Ad rot ...) + TODO: check +CVE-2024-11894 (The The Permalinker plugin for WordPress is vulnerable to Stored Cross ...) + TODO: check +CVE-2024-11889 (The My IDX Home Search plugin for WordPress is vulnerable to Stored Cr ...) + TODO: check +CVE-2024-11888 (The IDer Login for WordPress plugin for WordPress is vulnerable to Sto ...) + TODO: check +CVE-2024-11884 (The Wp photo text slider 50 plugin for WordPress is vulnerable to Stor ...) + TODO: check +CVE-2024-11883 (The Connatix Video Embed plugin for WordPress is vulnerable to Stored ...) + TODO: check +CVE-2024-11879 (The Stripe Donation plugin for WordPress is vulnerable to Stored Cross ...) + TODO: check +CVE-2024-11877 (The Cricket Live Score plugin for WordPress is vulnerable to Stored Cr ...) + TODO: check +CVE-2024-11876 (The Kredeum NFTs, the easiest way to sell your NFTs directly on your W ...) + TODO: check +CVE-2024-11873 (The glomex oEmbed plugin for WordPress is vulnerable to Stored Cross-S ...) + TODO: check +CVE-2024-11869 (The Buk for WordPress plugin for WordPress is vulnerable to Stored Cro ...) + TODO: check +CVE-2024-11867 (The Companion Portfolio \u2013 Responsive Portfolio Plugin plugin for ...) + TODO: check +CVE-2024-11865 (The Tabs Maker plugin for WordPress is vulnerable to Stored Cross-Site ...) + TODO: check +CVE-2024-11855 (The Koalendar \u2013 Events & Appointments Booking Calendar plugin for ...) + TODO: check +CVE-2024-11770 (The Post Carousel & Slider plugin for WordPress is vulnerable to Store ...) + TODO: check +CVE-2024-11763 (The Plezi plugin for WordPress is vulnerable to Stored Cross-Site Scri ...) + TODO: check +CVE-2024-11759 (The Bukza plugin for WordPress is vulnerable to Stored Cross-Site Scri ...) + TODO: check +CVE-2024-11755 (The IMS Countdown plugin for WordPress is vulnerable to Stored Cross-S ...) + TODO: check +CVE-2024-11752 (The Eveeno plugin for WordPress is vulnerable to Stored Cross-Site Scr ...) + TODO: check +CVE-2024-11751 (The TCBD Popover plugin for WordPress is vulnerable to Stored Cross-Si ...) + TODO: check +CVE-2024-11715 (The WP Job Portal \u2013 A Complete Recruitment System for Company or ...) + TODO: check +CVE-2024-11714 (The WP Job Portal \u2013 A Complete Rec
[Git][security-tracker-team/security-tracker][master] automatic update
Salvatore Bonaccorso pushed to branch master at Debian Security Tracker / security-tracker Commits: 2025b298 by security tracker role at 2024-12-13T20:12:19+00:00 automatic update - - - - - 1 changed file: - data/CVE/list Changes: = data/CVE/list = @@ -1,3 +1,491 @@ +CVE-2024-9945 (An information-disclosure vulnerability exists in Fortra's GoAnywhere ...) + TODO: check +CVE-2024-9608 (The MyParcel plugin for WordPress is vulnerable to Reflected Cross-Sit ...) + TODO: check +CVE-2024-9290 (The Super Backup & Clone - Migrate for WordPress plugin for WordPress ...) + TODO: check +CVE-2024-55890 (D-Tale is a visualizer for pandas data structures. Prior to version 3. ...) + TODO: check +CVE-2024-55889 (phpMyFAQ is an open source FAQ web application. Prior to version 3.2.1 ...) + TODO: check +CVE-2024-55887 (Ucum-java is a FHIR Java library providing UCUM Services. In versions ...) + TODO: check +CVE-2024-55661 (Laravel Pulse is a real-time application performance monitoring tool a ...) + TODO: check +CVE-2024-54351 (Cross-Site Request Forgery (CSRF) vulnerability in Tom Landis Fancy Ro ...) + TODO: check +CVE-2024-54349 (Improper Neutralization of Input During Web Page Generation ('Cross-si ...) + TODO: check +CVE-2024-54347 (Improper Neutralization of Input During Web Page Generation ('Cross-si ...) + TODO: check +CVE-2024-54346 (Improper Neutralization of Input During Web Page Generation ('Cross-si ...) + TODO: check +CVE-2024-54345 (Improper Neutralization of Input During Web Page Generation ('Cross-si ...) + TODO: check +CVE-2024-54344 (Improper Neutralization of Input During Web Page Generation ('Cross-si ...) + TODO: check +CVE-2024-54343 (Improper Neutralization of Input During Web Page Generation ('Cross-si ...) + TODO: check +CVE-2024-54342 (Improper Neutralization of Input During Web Page Generation ('Cross-si ...) + TODO: check +CVE-2024-54341 (Improper Neutralization of Input During Web Page Generation ('Cross-si ...) + TODO: check +CVE-2024-54340 (Improper Neutralization of Input During Web Page Generation ('Cross-si ...) + TODO: check +CVE-2024-54339 (Improper Neutralization of Input During Web Page Generation ('Cross-si ...) + TODO: check +CVE-2024-54338 (Improper Neutralization of Input During Web Page Generation ('Cross-si ...) + TODO: check +CVE-2024-54337 (Cross-Site Request Forgery (CSRF) vulnerability in DevriX DX Dark Site ...) + TODO: check +CVE-2024-54336 (Authentication Bypass Using an Alternate Path or Channel vulnerability ...) + TODO: check +CVE-2024-54335 (Improper Neutralization of Input During Web Page Generation ('Cross-si ...) + TODO: check +CVE-2024-54334 (Improper Neutralization of Input During Web Page Generation ('Cross-si ...) + TODO: check +CVE-2024-54333 (Improper Neutralization of Input During Web Page Generation ('Cross-si ...) + TODO: check +CVE-2024-54330 (Server-Side Request Forgery (SSRF) vulnerability in Hep Hep Hurra (HHH ...) + TODO: check +CVE-2024-54329 (Improper Neutralization of Input During Web Page Generation ('Cross-si ...) + TODO: check +CVE-2024-54328 (Improper Neutralization of Input During Web Page Generation ('Cross-si ...) + TODO: check +CVE-2024-54327 (Improper Neutralization of Input During Web Page Generation ('Cross-si ...) + TODO: check +CVE-2024-54326 (Missing Authorization vulnerability in Eyal Fitoussi GEO my WordPress ...) + TODO: check +CVE-2024-54325 (Improper Neutralization of Input During Web Page Generation ('Cross-si ...) + TODO: check +CVE-2024-54324 (Improper Neutralization of Input During Web Page Generation ('Cross-si ...) + TODO: check +CVE-2024-54323 (Missing Authorization vulnerability in WPExpertsio New User Approve al ...) + TODO: check +CVE-2024-54322 (Improper Neutralization of Input During Web Page Generation ('Cross-si ...) + TODO: check +CVE-2024-54321 (Cross-Site Request Forgery (CSRF) vulnerability in Hive Support Hive S ...) + TODO: check +CVE-2024-54320 (Improper Neutralization of Input During Web Page Generation ('Cross-si ...) + TODO: check +CVE-2024-54319 (Improper Neutralization of Input During Web Page Generation ('Cross-si ...) + TODO: check +CVE-2024-54318 (Improper Neutralization of Input During Web Page Generation ('Cross-si ...) + TODO: check +CVE-2024-54317 (Improper Neutralization of Input During Web Page Generation ('Cross-si ...) + TODO: check +CVE-2024-54316 (Improper Neutralization of Input During Web Page Generation ('Cross-si ...) + TODO: check +CVE-2024-54315 (Improper Neutralization of Input During Web Page Generation ('Cross-si ...) + TODO: check +CVE-2024-54314 (Improper Neutralization of Input During Web Page Generation ('Cross-si ..
[Git][security-tracker-team/security-tracker][master] automatic update
Salvatore Bonaccorso pushed to branch master at Debian Security Tracker / security-tracker Commits: 20ed4bca by security tracker role at 2024-12-13T08:12:17+00:00 automatic update - - - - - 1 changed file: - data/CVE/list Changes: = data/CVE/list = @@ -1,3 +1,51 @@ +CVE-2024-9508 (Horner Automation Cscape contains a memory corruption vulnerability, w ...) + TODO: check +CVE-2024-55918 (An issue was discovered in the Graphics::ColorNames package before 3.2 ...) + TODO: check +CVE-2024-21544 (Versions of the package spatie/browsershot before 5.0.1 are vulnerable ...) + TODO: check +CVE-2024-21543 (Versions of the package djoser before 2.3.0 are vulnerable to Authenti ...) + TODO: check +CVE-2024-12603 (A logic vulnerability in the the mobile application (com.transsion.app ...) + TODO: check +CVE-2024-12581 (The Gutenberg Blocks with AI by Kadence WP \u2013 Page Builder Feature ...) + TODO: check +CVE-2024-12579 (The Minify HTML plugin for WordPress is vulnerable to Regular Expressi ...) + TODO: check +CVE-2024-12574 (The SVG Shortcode plugin for WordPress is vulnerable to Stored Cross-S ...) + TODO: check +CVE-2024-12572 (The Hello In All Languages plugin for WordPress is vulnerable to Cross ...) + TODO: check +CVE-2024-12300 (The AR for WordPress plugin for WordPress is vulnerable to unauthorize ...) + TODO: check +CVE-2024-12289 (Boundary Community Edition and Boundary Enterprise (\u201cBoundary\u20 ...) + TODO: check +CVE-2024-12212 (The vulnerability occurs in the parsing of CSP files. The issues resul ...) + TODO: check +CVE-2024-11839 (Deserialization of Untrusted Data vulnerability in PlexTrac (Runbooks ...) + TODO: check +CVE-2024-11838 (External Control of File Name or Path vulnerability in PlexTrac allows ...) + TODO: check +CVE-2024-11837 (Improper Neutralization of Special Elements used in an N1QL Command (' ...) + TODO: check +CVE-2024-11836 (Server-Side Request Forgery (SSRF) vulnerability in PlexTrac allowing ...) + TODO: check +CVE-2024-11835 (Uncontrolled Resource Consumption vulnerability in PlexTrac allows Web ...) + TODO: check +CVE-2024-11834 (Improper Limitation of a Pathname to a Restricted Directory ('Path Tra ...) + TODO: check +CVE-2024-11833 (Improper Limitation of a Pathname to a Restricted Directory ('Path Tra ...) + TODO: check +CVE-2024-11809 (The Primer MyData for Woocommerce plugin for WordPress is vulnerable t ...) + TODO: check +CVE-2024-11767 (The NewsmanApp plugin for WordPress is vulnerable to Stored Cross-Site ...) + TODO: check +CVE-2024-10939 (The Image Widget WordPress plugin before 4.4.11 does not sanitise and ...) + TODO: check +CVE-2024-10678 (The Ultimate Blocks WordPress plugin before 3.2.4 does not validate a ...) + TODO: check +CVE-2019-25221 (The Responsive Filterable Portfolio plugin for WordPress is vulnerable ...) + TODO: check CVE-2024-12455 [powerpc: getrandom() returns EINVAL as retcode instead of errno] - glibc (Vulnerable code not present) NOTE: https://sourceware.org/bugzilla/show_bug.cgi?id=32440 @@ -45,7 +93,8 @@ CVE-2024-54122 (Concurrent variable access vulnerability in the ability module I NOT-FOR-US: Huawei CVE-2024-54119 (Cross-process screen stack vulnerability in the UIExtension module Imp ...) NOT-FOR-US: Huawei -CVE-2024-54118 (Cross-process screen stack vulnerability in the UIExtension module Imp ...) +CVE-2024-54118 + REJECTED NOT-FOR-US: Huawei CVE-2024-54117 (Cross-process screen stack vulnerability in the UIExtension module Imp ...) NOT-FOR-US: Huawei @@ -100047,7 +100096,8 @@ CVE-2023-6577 (A vulnerability was found in Byzoro PatrolFlow 2530Pro up to 2023 NOT-FOR-US: Beijing Baichuo PatrolFlow 2530Pro CVE-2023-6576 (A vulnerability was found in Byzoro S210 up to 20231123. It has been d ...) NOT-FOR-US: Beijing Baichuo S210 -CVE-2023-6061 (Multiple components of Iconics SCADA Suite are prone to a Phantom DLL ...) +CVE-2023-6061 + REJECTED NOT-FOR-US: Iconics SCADA Suite CVE-2023-5058 (Improper Input Validation in the processing of user-supplied splash sc ...) NOT-FOR-US: Phoenix View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/20ed4bcac5c0b5d44968bc0dff774641fd47bd34 -- View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/20ed4bcac5c0b5d44968bc0dff774641fd47bd34 You're receiving this email because of your account on salsa.debian.org. ___ debian-security-tracker-commits mailing list debian-security-tracker-commits@alioth-lists.debian.net https://alioth-lists.debian.net/cgi-bin/mailman/listinfo/debian-security-tracker-commits
[Git][security-tracker-team/security-tracker][master] automatic update
Salvatore Bonaccorso pushed to branch master at Debian Security Tracker / security-tracker Commits: d2885226 by security tracker role at 2024-12-12T20:12:26+00:00 automatic update - - - - - 1 changed file: - data/CVE/list Changes: = data/CVE/list = @@ -1,4 +1,144 @@ -CVE-2024-55633 +CVE-2024-9387 (An issue was discovered in GitLab CE/EE affecting all versions from 11 ...) + TODO: check +CVE-2024-9367 (An issue was discovered in GitLab CE/EE affecting all versions startin ...) + TODO: check +CVE-2024-8647 (An issue was discovered in GitLab affecting all versions starting 15.2 ...) + TODO: check +CVE-2024-8233 (An issue has been discovered in GitLab CE/EE affecting all versions fr ...) + TODO: check +CVE-2024-8179 (An issue has been discovered in GitLab CE/EE affecting all versions fr ...) + TODO: check +CVE-2024-55888 (Hush Line is an open-source whistleblower management system. Starting ...) + TODO: check +CVE-2024-55886 (OpenSearch Data Prepper is a component of the OpenSearch project that ...) + TODO: check +CVE-2024-55885 (beego is an open-source web framework for the Go programming language. ...) + TODO: check +CVE-2024-55879 (XWiki Platform is a generic wiki platform. Starting in version 2.3 and ...) + TODO: check +CVE-2024-55878 (SimpleXLSX is software for parsing and retrieving data from Excel XLSx ...) + TODO: check +CVE-2024-55877 (XWiki Platform is a generic wiki platform. Starting in version 9.7-rc- ...) + TODO: check +CVE-2024-55876 (XWiki Platform is a generic wiki platform. Starting in version 1.2-mil ...) + TODO: check +CVE-2024-55875 (http4k is a functional toolkit for Kotlin HTTP applications. Prior to ...) + TODO: check +CVE-2024-55663 (XWiki Platform is a generic wiki platform. Starting in version 11.10.6 ...) + TODO: check +CVE-2024-55662 (XWiki Platform is a generic wiki platform. Starting in version 3.3-mil ...) + TODO: check +CVE-2024-55099 (A SQL Injection vulnerability was found in /admin/index.php in phpguru ...) + TODO: check +CVE-2024-54842 (A SQL injection vulnerability was found in phpgurukul Online Nurse Hir ...) + TODO: check +CVE-2024-54811 (A SQL injection vulnerability in /index.php in PHPGurukul Park Ticketi ...) + TODO: check +CVE-2024-54810 (A SQL Injection vulnerability was found in /preschool/admin/password-r ...) + TODO: check +CVE-2024-54122 (Concurrent variable access vulnerability in the ability module Impact: ...) + TODO: check +CVE-2024-54119 (Cross-process screen stack vulnerability in the UIExtension module Imp ...) + TODO: check +CVE-2024-54118 (Cross-process screen stack vulnerability in the UIExtension module Imp ...) + TODO: check +CVE-2024-54117 (Cross-process screen stack vulnerability in the UIExtension module Imp ...) + TODO: check +CVE-2024-54116 (Out-of-bounds read vulnerability in the M3U8 module Impact: Successful ...) + TODO: check +CVE-2024-54115 (Out-of-bounds read vulnerability in the DASH module Impact: Successful ...) + TODO: check +CVE-2024-54114 (Out-of-bounds access vulnerability in playback in the DASH module Impa ...) + TODO: check +CVE-2024-54113 (Process residence vulnerability in abnormal scenarios in the print mod ...) + TODO: check +CVE-2024-54112 (Cross-process screen stack vulnerability in the UIExtension module Imp ...) + TODO: check +CVE-2024-54111 (Read/Write vulnerability in the image decoding module Impact: Successf ...) + TODO: check +CVE-2024-54110 (Cross-process screen stack vulnerability in the UIExtension module Imp ...) + TODO: check +CVE-2024-54109 (Read/Write vulnerability in the image decoding module Impact: Successf ...) + TODO: check +CVE-2024-54108 (Read/Write vulnerability in the image decoding module Impact: Successf ...) + TODO: check +CVE-2024-54107 (Read/Write vulnerability in the image decoding module Impact: Successf ...) + TODO: check +CVE-2024-54106 (Null pointer dereference vulnerability in the image decoding module Im ...) + TODO: check +CVE-2024-54105 (Read/Write vulnerability in the image decoding module Impact: Successf ...) + TODO: check +CVE-2024-54104 (Cross-process screen stack vulnerability in the UIExtension module Imp ...) + TODO: check +CVE-2024-54103 (Vulnerability of improper access control in the album module Impact: S ...) + TODO: check +CVE-2024-54102 (Race condition vulnerability in the DDR module Impact: Successful expl ...) + TODO: check +CVE-2024-54101 (Denial of service (DoS) vulnerability in the installation module Impac ...) + TODO: check +CVE-2024-54100 (Vulnerability of improper access control in the secure input module Im ...) + TODO: check +CVE-2024-54099 (File replacement vulnerability on some devices Impact: Succ
[Git][security-tracker-team/security-tracker][master] automatic update
Salvatore Bonaccorso pushed to branch master at Debian Security Tracker / security-tracker Commits: 334acbfe by security tracker role at 2024-12-12T08:13:43+00:00 automatic update - - - - - 1 changed file: - data/CVE/list Changes: = data/CVE/list = @@ -1,3 +1,313 @@ +CVE-2024-9881 (The LearnPress WordPress plugin before 4.2.7.2 does not sanitise and ...) + TODO: check +CVE-2024-9641 (The LuckyWP Table of Contents WordPress plugin before 2.1.7 does not s ...) + TODO: check +CVE-2024-9428 (The Popup Builder WordPress plugin before 4.3.5 does not sanitise and ...) + TODO: check +CVE-2024-55884 (In the Mullvad VPN client 2024.6 (Desktop), 2024.8 (iOS), and 2024.8-b ...) + TODO: check +CVE-2024-55660 (SiYuan is a personal knowledge management system. Prior to version 3.1 ...) + TODO: check +CVE-2024-55659 (SiYuan is a personal knowledge management system. Prior to version 3.1 ...) + TODO: check +CVE-2024-55658 (SiYuan is a personal knowledge management system. Prior to version 3.1 ...) + TODO: check +CVE-2024-55657 (SiYuan is a personal knowledge management system. Prior to version 3.1 ...) + TODO: check +CVE-2024-55652 (PenDoc is a penetration testing reporting application. Prior to commit ...) + TODO: check +CVE-2024-54534 (The issue was addressed with improved memory handling. This issue is f ...) + TODO: check +CVE-2024-54531 (The issue was addressed with improved memory handling. This issue is f ...) + TODO: check +CVE-2024-54529 (A logic issue was addressed with improved checks. This issue is fixed ...) + TODO: check +CVE-2024-54528 (A logic issue was addressed with improved restrictions. This issue is ...) + TODO: check +CVE-2024-54527 (This issue was addressed with improved checks. This issue is fixed in ...) + TODO: check +CVE-2024-54526 (The issue was addressed with improved checks. This issue is fixed in w ...) + TODO: check +CVE-2024-54524 (A logic issue was addressed with improved file handling. This issue is ...) + TODO: check +CVE-2024-54515 (A logic issue was addressed with improved restrictions. This issue is ...) + TODO: check +CVE-2024-54514 (The issue was addressed with improved checks. This issue is fixed in w ...) + TODO: check +CVE-2024-54513 (A permissions issue was addressed with additional restrictions. This i ...) + TODO: check +CVE-2024-54510 (A race condition was addressed with improved locking. This issue is fi ...) + TODO: check +CVE-2024-54508 (The issue was addressed with improved memory handling. This issue is f ...) + TODO: check +CVE-2024-54506 (An out-of-bounds access issue was addressed with improved bounds check ...) + TODO: check +CVE-2024-54505 (A type confusion issue was addressed with improved memory handling. Th ...) + TODO: check +CVE-2024-54504 (A privacy issue was addressed with improved private data redaction for ...) + TODO: check +CVE-2024-54503 (An inconsistent user interface issue was addressed with improved state ...) + TODO: check +CVE-2024-54502 (The issue was addressed with improved checks. This issue is fixed in w ...) + TODO: check +CVE-2024-54501 (The issue was addressed with improved checks. This issue is fixed in i ...) + TODO: check +CVE-2024-54500 (The issue was addressed with improved checks. This issue is fixed in i ...) + TODO: check +CVE-2024-54498 (A path handling issue was addressed with improved validation. This iss ...) + TODO: check +CVE-2024-54495 (The issue was addressed with improved permissions logic. This issue is ...) + TODO: check +CVE-2024-54494 (A race condition was addressed with additional validation. This issue ...) + TODO: check +CVE-2024-54493 (This issue was addressed through improved state management. This issue ...) + TODO: check +CVE-2024-54492 (This issue was addressed by using HTTPS when sending information over ...) + TODO: check +CVE-2024-54491 (The issue was resolved by sanitizing logging This issue is fixed in ma ...) + TODO: check +CVE-2024-54490 (This issue was addressed by enabling hardened runtime. This issue is f ...) + TODO: check +CVE-2024-54489 (A path handling issue was addressed with improved validation. This iss ...) + TODO: check +CVE-2024-54486 (The issue was addressed with improved checks. This issue is fixed in i ...) + TODO: check +CVE-2024-54485 (The issue was addressed by adding additional logic. This issue is fixe ...) + TODO: check +CVE-2024-54484 (The issue was resolved by sanitizing logging. This issue is fixed in m ...) + TODO: check +CVE-2024-54479 (The issue was addressed with improved checks. This issue is fixed in i ...) + TODO: check +CVE-2024-54477 (The issue was addressed with improved checks. This issue is fixed in m ..
[Git][security-tracker-team/security-tracker][master] automatic update
Salvatore Bonaccorso pushed to branch master at Debian Security Tracker / security-tracker Commits: 6b61fa05 by security tracker role at 2024-12-11T20:12:46+00:00 automatic update - - - - - 1 changed file: - data/CVE/list Changes: = data/CVE/list = @@ -1,7 +1,143 @@ -CVE-2024-12382 +CVE-2024-9845 (Under specific circumstances, insecure permissions in Ivanti Automatio ...) + TODO: check +CVE-2024-8496 (Under specific circumstances, insecure permissions in Ivanti Workspace ...) + TODO: check +CVE-2024-55587 (python-libarchive through 4.2.1 allows directory traversal (to create ...) + TODO: check +CVE-2024-54269 (Missing Authorization vulnerability in Ninja Team Notibar allows Explo ...) + TODO: check +CVE-2024-53677 (File upload logic is flawed vulnerability in Apache Struts. This issu ...) + TODO: check +CVE-2024-51460 (IBM InfoSphere Information Server 11.7 could allow an authenticated us ...) + TODO: check +CVE-2024-50585 (Users who click on a malicious link or visit a website under the contr ...) + TODO: check +CVE-2024-50339 (GLPI is a free asset and IT management software package. Starting in v ...) + TODO: check +CVE-2024-48912 (GLPI is a free asset and IT management software package. Starting in v ...) + TODO: check +CVE-2024-47835 (GStreamer is a library for constructing graphs of media-handling compo ...) + TODO: check +CVE-2024-47834 (GStreamer is a library for constructing graphs of media-handling compo ...) + TODO: check +CVE-2024-47778 (GStreamer is a library for constructing graphs of media-handling compo ...) + TODO: check +CVE-2024-4 (GStreamer is a library for constructing graphs of media-handling compo ...) + TODO: check +CVE-2024-47776 (GStreamer is a library for constructing graphs of media-handling compo ...) + TODO: check +CVE-2024-47775 (GStreamer is a library for constructing graphs of media-handling compo ...) + TODO: check +CVE-2024-47774 (GStreamer is a library for constructing graphs of media-handling compo ...) + TODO: check +CVE-2024-47761 (GLPI is a free asset and IT management software package. Starting in v ...) + TODO: check +CVE-2024-47760 (GLPI is a free asset and IT management software package. Starting in v ...) + TODO: check +CVE-2024-47758 (GLPI is a free asset and IT management software package. Starting in v ...) + TODO: check +CVE-2024-47615 (GStreamer is a library for constructing graphs of media-handling compo ...) + TODO: check +CVE-2024-47613 (GStreamer is a library for constructing graphs of media-handling compo ...) + TODO: check +CVE-2024-47607 (GStreamer is a library for constructing graphs of media-handling compo ...) + TODO: check +CVE-2024-47606 (GStreamer is a library for constructing graphs of media-handling compo ...) + TODO: check +CVE-2024-47603 (GStreamer is a library for constructing graphs of media-handling compo ...) + TODO: check +CVE-2024-47602 (GStreamer is a library for constructing graphs of media-handling compo ...) + TODO: check +CVE-2024-47601 (GStreamer is a library for constructing graphs of media-handling compo ...) + TODO: check +CVE-2024-47600 (GStreamer is a library for constructing graphs of media-handling compo ...) + TODO: check +CVE-2024-47599 (GStreamer is a library for constructing graphs of media-handling compo ...) + TODO: check +CVE-2024-47598 (GStreamer is a library for constructing graphs of media-handling compo ...) + TODO: check +CVE-2024-47597 (GStreamer is a library for constructing graphs of media-handling compo ...) + TODO: check +CVE-2024-47596 (GStreamer is a library for constructing graphs of media-handling compo ...) + TODO: check +CVE-2024-47546 (GStreamer is a library for constructing graphs of media-handling compo ...) + TODO: check +CVE-2024-47545 (GStreamer is a library for constructing graphs of media-handling compo ...) + TODO: check +CVE-2024-47544 (GStreamer is a library for constructing graphs of media-handling compo ...) + TODO: check +CVE-2024-47543 (GStreamer is a library for constructing graphs of media-handling compo ...) + TODO: check +CVE-2024-47542 (GStreamer is a library for constructing graphs of media-handling compo ...) + TODO: check +CVE-2024-47541 (GStreamer is a library for constructing graphs of media-handling compo ...) + TODO: check +CVE-2024-47540 (GStreamer is a library for constructing graphs of media-handling compo ...) + TODO: check +CVE-2024-47539 (GStreamer is a library for constructing graphs of media-handling compo ...) + TODO: check +CVE-2024-47538 (GStreamer is a library for constructing graphs of media-handling compo ...) + TODO: check +CVE-2024-47537 (GStreamer is a library for constructing graphs of media-
[Git][security-tracker-team/security-tracker][master] automatic update
Salvatore Bonaccorso pushed to branch master at Debian Security Tracker / security-tracker Commits: af3abbf7 by security tracker role at 2024-12-11T08:12:39+00:00 automatic update - - - - - 1 changed file: - data/CVE/list Changes: = data/CVE/list = @@ -1,4 +1,328 @@ -CVE-2024-11053 +CVE-2024-55655 (sigstore-python is a Python tool for generating and verifying Sigstore ...) + TODO: check +CVE-2024-55653 (PwnDoc is a penetration test report generator. In versions up to and i ...) + TODO: check +CVE-2024-54133 (Action Pack is a framework for handling and responding to web requests ...) + TODO: check +CVE-2024-54051 (Adobe Connect versions 12.6, 11.4.7 and earlier are affected by a URL ...) + TODO: check +CVE-2024-54050 (Adobe Connect versions 12.6, 11.4.7 and earlier are affected by a URL ...) + TODO: check +CVE-2024-54049 (Adobe Connect versions 12.6, 11.4.7 and earlier are affected by a refl ...) + TODO: check +CVE-2024-54048 (Adobe Connect versions 12.6, 11.4.7 and earlier are affected by a refl ...) + TODO: check +CVE-2024-54047 (Adobe Connect versions 12.6, 11.4.7 and earlier are affected by a refl ...) + TODO: check +CVE-2024-54046 (Adobe Connect versions 12.6, 11.4.7 and earlier are affected by a refl ...) + TODO: check +CVE-2024-54045 (Adobe Connect versions 12.6, 11.4.7 and earlier are affected by a refl ...) + TODO: check +CVE-2024-54044 (Adobe Connect versions 12.6, 11.4.7 and earlier are affected by a refl ...) + TODO: check +CVE-2024-54043 (Adobe Connect versions 12.6, 11.4.7 and earlier are affected by a refl ...) + TODO: check +CVE-2024-54042 (Adobe Connect versions 12.6, 11.4.7 and earlier are affected by a refl ...) + TODO: check +CVE-2024-54041 (Adobe Connect versions 12.6, 11.4.7 and earlier are affected by a stor ...) + TODO: check +CVE-2024-54040 (Adobe Connect versions 12.6, 11.4.7 and earlier are affected by a stor ...) + TODO: check +CVE-2024-54039 (Adobe Connect versions 12.6, 11.4.7 and earlier are affected by a stor ...) + TODO: check +CVE-2024-54038 (Adobe Connect versions 12.6, 11.4.7 and earlier are affected by an Imp ...) + TODO: check +CVE-2024-54037 (Adobe Connect versions 12.6, 11.4.7 and earlier are affected by a DOM- ...) + TODO: check +CVE-2024-54036 (Adobe Connect versions 12.6, 11.4.7 and earlier are affected by a stor ...) + TODO: check +CVE-2024-54034 (Adobe Connect versions 12.6, 11.4.7 and earlier are affected by a refl ...) + TODO: check +CVE-2024-54032 (Adobe Connect versions 12.6, 11.4.7 and earlier are affected by a stor ...) + TODO: check +CVE-2024-53960 (Adobe Experience Manager versions 6.5.21 and earlier are affected by a ...) + TODO: check +CVE-2024-53959 (Adobe Framemaker versions 2020.7, 2022.5 and earlier are affected by a ...) + TODO: check +CVE-2024-53958 (Substance3D - Painter versions 10.1.1 and earlier are affected by an o ...) + TODO: check +CVE-2024-53957 (Substance3D - Painter versions 10.1.1 and earlier are affected by a He ...) + TODO: check +CVE-2024-53956 (Premiere Pro versions 25.0, 24.6.3 and earlier are affected by a Heap- ...) + TODO: check +CVE-2024-53955 (Bridge versions 14.1.3, 15.0 and earlier are affected by an Integer Un ...) + TODO: check +CVE-2024-53954 (Animate versions 23.0.8, 24.0.5 and earlier are affected by an Integer ...) + TODO: check +CVE-2024-53953 (Animate versions 23.0.8, 24.0.5 and earlier are affected by a Use Afte ...) + TODO: check +CVE-2024-53952 (InDesign Desktop versions ID19.5, ID18.5.4 and earlier are affected by ...) + TODO: check +CVE-2024-53951 (InDesign Desktop versions ID19.5, ID18.5.4 and earlier are affected by ...) + TODO: check +CVE-2024-53292 (Dell VxVerify, versions prior to x.40.405, contain a Plain-text Passwo ...) + TODO: check +CVE-2024-53290 (Dell ThinOS version 2408 contains an Improper Neutralization of Specia ...) + TODO: check +CVE-2024-53289 (Dell ThinOS version 2408 contains a Time-of-check Time-of-use (TOCTOU) ...) + TODO: check +CVE-2024-53006 (Substance3D - Modeler versions 1.14.1 and earlier are affected by a NU ...) + TODO: check +CVE-2024-53005 (Substance3D - Modeler versions 1.14.1 and earlier are affected by an o ...) + TODO: check +CVE-2024-53004 (Substance3D - Modeler versions 1.14.1 and earlier are affected by an o ...) + TODO: check +CVE-2024-53003 (Substance3D - Modeler versions 1.14.1 and earlier are affected by an o ...) + TODO: check +CVE-2024-53002 (Substance3D - Modeler versions 1.14.1 and earlier are affected by an o ...) + TODO: check +CVE-2024-53001 (Substance3D - Modeler versions 1.14.1 and earlier are affected by an o ...) + TODO: check +CVE-2024-53000 (Substance3D - Modeler versions 1.14.1 and earlier are a
[Git][security-tracker-team/security-tracker][master] automatic update
Salvatore Bonaccorso pushed to branch master at Debian Security Tracker / security-tracker Commits: 231f9679 by security tracker role at 2024-12-10T20:12:46+00:00 automatic update - - - - - 1 changed file: - data/CVE/list Changes: = data/CVE/list = @@ -1,3 +1,315 @@ +CVE-2024-9844 (Insufficient server-side controls in Secure Application Manager of Iva ...) + TODO: check +CVE-2024-8540 (Insecure permissions in Ivanti Sentry before versions 9.20.2 and 10.0. ...) + TODO: check +CVE-2024-8256 (In Teltonika Networks RUTOS devices, running on versions 7.0 to 7.8 (e ...) + TODO: check +CVE-2024-7572 (Insufficient permissions in Ivanti DSM before version 2024.3.5740 allo ...) + TODO: check +CVE-2024-5660 (Use of Hardware Page Aggregation (HPA) and Stage-1 and/or Stage-2 tran ...) + TODO: check +CVE-2024-55602 (PwnDoc is a penetration test report generator. Prior to commit 1d4219c ...) + TODO: check +CVE-2024-55586 (Nette Database through 3.2.4 allows SQL injection in certain situation ...) + TODO: check +CVE-2024-0 (Mitel MiCollab through 9.8 SP2 could allow an authenticated attacker w ...) + TODO: check +CVE-2024-55548 (Improper check of password character lenght in ORing IAP-420 allows a ...) + TODO: check +CVE-2024-55547 (SNMP objects in NET-SNMP used in ORing IAP-420 allows Command Injectio ...) + TODO: check +CVE-2024-55546 (Missing input validation in the ORing IAP-420 web-interface allows sto ...) + TODO: check +CVE-2024-55545 (Missing input validation in the ORing IAP-420 web-interface allows Cro ...) + TODO: check +CVE-2024-55544 (Missing input validation in the ORing IAP-420 web-interface allows sto ...) + TODO: check +CVE-2024-55500 (Cross-Site Request Forgery (CSRF) in Avenwu Whistle v.2.9.90 and befor ...) + TODO: check +CVE-2024-54751 (COMFAST CF-WR630AX v2.7.0.2 was discovered to contain a hardcoded pass ...) + TODO: check +CVE-2024-54152 (Angular Expressions provides expressions for the Angular.JS web framew ...) + TODO: check +CVE-2024-54095 (A vulnerability has been identified in Solid Edge SE2024 (All versions ...) + TODO: check +CVE-2024-54094 (A vulnerability has been identified in Solid Edge SE2024 (All versions ...) + TODO: check +CVE-2024-54093 (A vulnerability has been identified in Solid Edge SE2024 (All versions ...) + TODO: check +CVE-2024-54091 (A vulnerability has been identified in Parasolid V36.1 (All versions < ...) + TODO: check +CVE-2024-54008 (An authenticated Remote Code Execution (RCE) vulnerability exists in t ...) + TODO: check +CVE-2024-54005 (A vulnerability has been identified in COMOS V10.3 (All versions < V10 ...) + TODO: check +CVE-2024-53866 (The package manager pnpm prior to version 9.15.0 seems to mishandle ov ...) + TODO: check +CVE-2024-53832 (A vulnerability has been identified in CPCI85 Central Processing/Commu ...) + TODO: check +CVE-2024-53481 (A Cross Site Scripting (XSS) vulnerability in the profile.php of PHPGu ...) + TODO: check +CVE-2024-53480 (Phpgurukul's Beauty Parlour Management System v1.1 is vulnerable to SQ ...) + TODO: check +CVE-2024-53247 (In Splunk Enterprise versions below 9.3.2, 9.2.4, and 9.1.7, and versi ...) + TODO: check +CVE-2024-53246 (In Splunk Enterprise versions below 9.3.2, 9.2.4, and 9.1.7 and Splunk ...) + TODO: check +CVE-2024-53245 (In Splunk Enterprise versions below 9.3.0, 9.2.4, and 9.1.7 and Splunk ...) + TODO: check +CVE-2024-53244 (In Splunk Enterprise versions below 9.3.2, 9.2.4, and 9.1.7 and Splunk ...) + TODO: check +CVE-2024-53243 (In Splunk Enterprise versions below 9.3.2, 9.2.4, and 9.1.7 and versio ...) + TODO: check +CVE-2024-53242 (A vulnerability has been identified in Teamcenter Visualization V14.2 ...) + TODO: check +CVE-2024-53041 (A vulnerability has been identified in Teamcenter Visualization V14.2 ...) + TODO: check +CVE-2024-52538 (Dell Avamar, version(s) 19.9, contain(s) an Improper Neutralization of ...) + TODO: check +CVE-2024-52051 (A vulnerability has been identified in SIMATIC S7-PLCSIM V17 (All vers ...) + TODO: check +CVE-2024-51165 (SQL injection vulnerability in JEPAAS7.2.8, via /je/rbac/rbac/loadLogi ...) + TODO: check +CVE-2024-50931 (Silicon Labs Z-Wave Series 500 v6.84.0 was discovered to contain insec ...) + TODO: check +CVE-2024-50930 (An issue in Silicon Labs Z-Wave Series 500 v6.84.0 allows attackers to ...) + TODO: check +CVE-2024-50929 (Insecure permissions in Silicon Labs (SiLabs) Z-Wave Series 700 and 80 ...) + TODO: check +CVE-2024-50928 (Insecure permissions in Silicon Labs (SiLabs) Z-Wave Series 700 and 80 ...) + TODO: check +CVE-2024-50924 (Insecure permissions in Silicon Labs (SiLabs) Z-Wave Series 700 and 80 ...)
[Git][security-tracker-team/security-tracker][master] automatic update
Salvatore Bonaccorso pushed to branch master at Debian Security Tracker / security-tracker Commits: ad12ba9d by security tracker role at 2024-12-10T08:12:03+00:00 automatic update - - - - - 1 changed file: - data/CVE/list Changes: = data/CVE/list = @@ -1,4 +1,80 @@ -CVE-2024-12369 +CVE-2024-9672 (A reflected cross-site scripting (XSS) vulnerability exists in PaperCu ...) + TODO: check +CVE-2024-55638 (Deserialization of Untrusted Data vulnerability in Drupal Core allows ...) + TODO: check +CVE-2024-55637 (Deserialization of Untrusted Data vulnerability in Drupal Core allows ...) + TODO: check +CVE-2024-55636 (Deserialization of Untrusted Data vulnerability in Drupal Core allows ...) + TODO: check +CVE-2024-55635 (Improper Neutralization of Input During Web Page Generation (XSS or 'C ...) + TODO: check +CVE-2024-55634 (A vulnerability in Drupal Core allows Privilege Escalation.This issue ...) + TODO: check +CVE-2024-55601 (Hugo is a static site generator. Starting in version 0.123.0 and prior ...) + TODO: check +CVE-2024-54198 (In certain conditions, SAP NetWeaver Application Server ABAP allows an ...) + TODO: check +CVE-2024-54197 (SAP NetWeaver Administrator(System Overview) allows an authenticated a ...) + TODO: check +CVE-2024-54151 (Directus is a real-time API and App dashboard for managing SQL databas ...) + TODO: check +CVE-2024-54149 (Winter is a free, open-source content management system (CMS) based on ...) + TODO: check +CVE-2024-53919 (An injection vulnerability in Barco ClickShare CX-30/20, C-5/10, and C ...) + TODO: check +CVE-2024-53552 (CrushFTP 10 before 10.8.3 and 11 before 11.2.3 mishandles password res ...) + TODO: check +CVE-2024-50628 (An issue was discovered in the web services of Digi ConnectPort LTS be ...) + TODO: check +CVE-2024-50627 (An issue was discovered in Digi ConnectPort LTS before 1.4.12. A Privi ...) + TODO: check +CVE-2024-50626 (An issue was discovered in Digi ConnectPort LTS before 1.4.12. A Direc ...) + TODO: check +CVE-2024-50625 (An issue was discovered in Digi ConnectPort LTS before 1.4.12. A vulne ...) + TODO: check +CVE-2024-47946 (If the attacker has access to a valid Poweruser session, remote code e ...) + TODO: check +CVE-2024-47585 (SAP NetWeaver Application Server for ABAP and ABAP Platform allows an ...) + TODO: check +CVE-2024-47582 (Due to missing validation of XML input, an unauthenticated attacker co ...) + TODO: check +CVE-2024-47581 (SAP HCM Approve Timesheets Version 4 application does not perform nece ...) + TODO: check +CVE-2024-47580 (An attacker authenticated as an administrator can use an exposed webse ...) + TODO: check +CVE-2024-47579 (An attacker authenticated as an administrator can use an exposed webse ...) + TODO: check +CVE-2024-47578 (Adobe Document Service allows an attacker with administrator privilege ...) + TODO: check +CVE-2024-47577 (Webservice API endpoints for Assisted Service Module within SAP Commer ...) + TODO: check +CVE-2024-47576 (SAP Product Lifecycle Costing Client (versions below 4.7.1) applicatio ...) + TODO: check +CVE-2024-46455 (unstructured v.0.14.2 and before is vulnerable to XML External Entity ...) + TODO: check +CVE-2024-37144 (Dell PowerFlex appliance versions prior to IC 46.381.00 and IC 46.376. ...) + TODO: check +CVE-2024-37143 (Dell PowerFlex appliance versions prior to IC 46.381.00 and IC 46.376. ...) + TODO: check +CVE-2024-32732 (Under certain conditions SAP BusinessObjects Business Intelligence pla ...) + TODO: check +CVE-2024-28138 (An unauthenticated attacker with network access to the affected device ...) + TODO: check +CVE-2024-21542 (Versions of the package luigi before 3.6.0 are vulnerable to Arbitrary ...) + TODO: check +CVE-2024-12393 (Improper Neutralization of Input During Web Page Generation (XSS or 'C ...) + TODO: check +CVE-2024-12174 (An Improper Certificate Validation vulnerability exists in Tenable Sec ...) + TODO: check +CVE-2024-11205 (The WPForms plugin for WordPress is vulnerable to unauthorized modific ...) + TODO: check +CVE-2024-11107 (The System Dashboard WordPress plugin before 2.8.15 does not sanitise ...) + TODO: check +CVE-2024-10708 (The System Dashboard WordPress plugin before 2.8.15 does not validate ...) + TODO: check +CVE-2023-6947 (The Best WordPress Gallery Plugin \u2013 FooGallery plugin for WordPre ...) + TODO: check +CVE-2024-12369 (A vulnerability was found in OIDC-Client. When using the RH SSO OIDC a ...) NOT-FOR-US: elytron-oidc-client CVE-2024-8259 (Improper Neutralization of Special Elements used in an SQL Command ('S ...) NOT-FOR-US: Eryaz Information Technologies NatraCar B2B Dealer Mana
[Git][security-tracker-team/security-tracker][master] automatic update
Salvatore Bonaccorso pushed to branch master at Debian Security Tracker / security-tracker Commits: c8803cf5 by security tracker role at 2024-12-09T20:13:03+00:00 automatic update - - - - - 1 changed file: - data/CVE/list Changes: = data/CVE/list = @@ -1,3 +1,345 @@ +CVE-2024-8259 (Improper Neutralization of Special Elements used in an SQL Command ('S ...) + TODO: check +CVE-2024-54938 (A Directory Listing issue was found in Kashipara E-Learning Management ...) + TODO: check +CVE-2024-54937 (A Directory Listing issue was found in Kashipara E-Learning Management ...) + TODO: check +CVE-2024-54936 (A Stored Cross-Site Scripting (XSS) vulnerability was found in /send_m ...) + TODO: check +CVE-2024-54935 (A Stored Cross-Site Scripting (XSS) vulnerability was found in /send_m ...) + TODO: check +CVE-2024-54934 (Kashipara E-learning Management System v1.0 is vulnerable to SQL Injec ...) + TODO: check +CVE-2024-54933 (Kashipara E-learning Management System v1.0 is vulnerable to SQL Injec ...) + TODO: check +CVE-2024-54932 (Kashipara E-learning Management System v1.0 is vulnerable to SQL Injec ...) + TODO: check +CVE-2024-54931 (A SQL Injection was found in /admin/delete_event.php in kashipara E-le ...) + TODO: check +CVE-2024-54930 (Kashipara E-learning Management System v1.0 is vulnerable to SQL Injec ...) + TODO: check +CVE-2024-54929 (KASHIPARA E-learning Management System v1.0 is vulnerable to SQL Injec ...) + TODO: check +CVE-2024-54928 (kashipara E-learning Management System v1.0 is vulnerable to SQL Injec ...) + TODO: check +CVE-2024-54927 (Kashipara E-learning Management System v1.0 is vulnerable to SQL Injec ...) + TODO: check +CVE-2024-54926 (A SQL Injection vulnerability was found in /search_class.php of kaship ...) + TODO: check +CVE-2024-54925 (A SQL Injection was found in /remove_sent_message.php in kashipara E-l ...) + TODO: check +CVE-2024-54924 (A SQL Injection was found in /admin/edit_content.php in kashipara E-le ...) + TODO: check +CVE-2024-54923 (A SQL Injection vulnerability was found in /admin/edit_teacher.php in ...) + TODO: check +CVE-2024-54922 (A SQL Injection was found in /admin/edit_user.php of kashipara E-learn ...) + TODO: check +CVE-2024-54921 (A SQL Injection was found in /student_signup.php in kashipara E-learni ...) + TODO: check +CVE-2024-54920 (A SQL Injection vulnerability was found in /teacher_signup.php of kash ...) + TODO: check +CVE-2024-54919 (A Stored Cross Site Scripting (XSS ) was found in /teacher_avatar.php ...) + TODO: check +CVE-2024-54918 (Kashipara E-learning Management System v1.0 is vulnerable to Remote Co ...) + TODO: check +CVE-2024-54260 (Improper Neutralization of Input During Web Page Generation ('Cross-si ...) + TODO: check +CVE-2024-54255 (URL Redirection to Untrusted Site ('Open Redirect') vulnerability in a ...) + TODO: check +CVE-2024-54254 (Missing Authorization vulnerability in Kofi Mokome Message Filter for ...) + TODO: check +CVE-2024-54253 (Improper Neutralization of Input During Web Page Generation ('Cross-si ...) + TODO: check +CVE-2024-54251 (Missing Authorization vulnerability in Prodigy Commerce Prodigy Commer ...) + TODO: check +CVE-2024-54247 (Improper Neutralization of Input During Web Page Generation ('Cross-si ...) + TODO: check +CVE-2024-54232 (Improper Neutralization of Input During Web Page Generation ('Cross-si ...) + TODO: check +CVE-2024-54230 (Improper Neutralization of Input During Web Page Generation ('Cross-si ...) + TODO: check +CVE-2024-54228 (Improper Neutralization of Input During Web Page Generation ('Cross-si ...) + TODO: check +CVE-2024-54227 (Missing Authorization vulnerability in theDotstore Minimum and Maximum ...) + TODO: check +CVE-2024-54226 (Cross-Site Request Forgery (CSRF) vulnerability in Karl Kiesinger Coun ...) + TODO: check +CVE-2024-54225 (Improper Control of Filename for Include/Require Statement in PHP Prog ...) + TODO: check +CVE-2024-54224 (Improper Neutralization of Input During Web Page Generation ('Cross-si ...) + TODO: check +CVE-2024-54223 (Improper Neutralization of Script-Related HTML Tags in a Web Page (Bas ...) + TODO: check +CVE-2024-54220 (Improper Neutralization of Input During Web Page Generation ('Cross-si ...) + TODO: check +CVE-2024-54219 (Improper Neutralization of Input During Web Page Generation ('Cross-si ...) + TODO: check +CVE-2024-54218 (Missing Authorization vulnerability in Thehp AIO Contact.This issue af ...) + TODO: check +CVE-2024-54217 (Missing Authorization vulnerability in Repute info systems ARForms.Thi ...) + TODO: check +CVE-2024-54215 (Improper Neutralization of Special Elements used in an SQL Command ('S
[Git][security-tracker-team/security-tracker][master] automatic update
Salvatore Bonaccorso pushed to branch master at Debian Security Tracker / security-tracker Commits: 52ea3b0c by security tracker role at 2024-12-09T08:12:15+00:00 automatic update - - - - - 1 changed file: - data/CVE/list Changes: = data/CVE/list = @@ -1,3 +1,67 @@ +CVE-2024-9651 (The Fluent Forms WordPress plugin before 5.2.1 does not sanitise and ...) + TODO: check +CVE-2024-55582 (Oxide before 6 has unencrypted Control Plane datastores.) + TODO: check +CVE-2024-55580 (An issue was discovered in Qlik Sense Enterprise for Windows before No ...) + TODO: check +CVE-2024-55579 (An issue was discovered in Qlik Sense Enterprise for Windows before No ...) + TODO: check +CVE-2024-55578 (Zammad before 6.4.1 places sensitive data (such as auth_microsoft_offi ...) + TODO: check +CVE-2024-55566 (ColPack 1.0.10 through 9a7293a has a predictable temporary file (locat ...) + TODO: check +CVE-2024-55565 (nanoid (aka Nano ID) before 5.0.9 mishandles non-integer values. 3.3.8 ...) + TODO: check +CVE-2024-55564 (The POSIX::2008 package before 0.24 for Perl has a potential _execve50 ...) + TODO: check +CVE-2024-55563 (Bitcoin Core through 27.2 allows transaction-relay jamming via an off- ...) + TODO: check +CVE-2024-55560 (MailCleaner before 28d913e has default values of ssh_host_dsa_key, ssh ...) + TODO: check +CVE-2024-53285 (Improper neutralization of input during web page generation ('Cross-si ...) + TODO: check +CVE-2024-53284 (Improper neutralization of input during web page generation ('Cross-si ...) + TODO: check +CVE-2024-53283 (Improper neutralization of input during web page generation ('Cross-si ...) + TODO: check +CVE-2024-53282 (Improper neutralization of input during web page generation ('Cross-si ...) + TODO: check +CVE-2024-53281 (Improper neutralization of input during web page generation ('Cross-si ...) + TODO: check +CVE-2024-53280 (Improper neutralization of input during web page generation ('Cross-si ...) + TODO: check +CVE-2024-53279 (Improper neutralization of input during web page generation ('Cross-si ...) + TODO: check +CVE-2024-12360 (A vulnerability was found in code-projects Online Class and Exam Sched ...) + TODO: check +CVE-2024-12359 (A vulnerability was found in code-projects Admin Dashboard 1.0. It has ...) + TODO: check +CVE-2024-12358 (A vulnerability was found in WeiYe-Jing datax-web 2.1.1. It has been c ...) + TODO: check +CVE-2024-12357 (A vulnerability was found in SourceCodester Best House Rental Manageme ...) + TODO: check +CVE-2024-12355 (A vulnerability has been found in SourceCodester Phone Contact Manager ...) + TODO: check +CVE-2024-12354 (A vulnerability, which was classified as critical, was found in Source ...) + TODO: check +CVE-2024-12353 (A vulnerability, which was classified as problematic, has been found i ...) + TODO: check +CVE-2024-12352 (A vulnerability classified as problematic was found in TOTOLINK EX1800 ...) + TODO: check +CVE-2024-12351 (A vulnerability classified as critical has been found in JFinalCMS 1.0 ...) + TODO: check +CVE-2024-12350 (A vulnerability was found in JFinalCMS 1.0. It has been rated as criti ...) + TODO: check +CVE-2024-12349 (A vulnerability was found in JFinalCMS 1.0. It has been declared as pr ...) + TODO: check +CVE-2024-12348 (A vulnerability was found in Guizhou Xiaoma Technology jpress 5.1.2. I ...) + TODO: check +CVE-2024-12347 (A vulnerability was found in Guangzhou Huayi Intelligent Technology Je ...) + TODO: check +CVE-2024-12346 (A vulnerability has been found in Talentera up to 20241128 and classif ...) + TODO: check +CVE-2024-12344 (A vulnerability, which was classified as critical, was found in TP-Lin ...) + TODO: check CVE-2024-12343 (A vulnerability classified as critical has been found in TP-Link VN020 ...) NOT-FOR-US: TP-Link CVE-2024-53473 (WeGIA 3.2.0 before 3998672 does not verify permission to change a pass ...) @@ -59023,6 +59087,7 @@ CVE-2024-34069 (Werkzeug is a comprehensive WSGI web application library. The de NOTE: Fixed by: https://github.com/pallets/werkzeug/commit/71b69dfb7df3d912e66bab87fbb1f21f83504967 (3.0.3) NOTE: Fixed by: https://github.com/pallets/werkzeug/commit/890b6b62634fa61224222aee31081c61b054ff01 (3.0.3) CVE-2024-34064 (Jinja is an extensible templating engine. The `xmlattr` filter in affe ...) + {DLA-3988-1} - jinja2 (bug #1070712) [bookworm] - jinja2 (Minor issue) [buster] - jinja2 (Minor issue) @@ -91381,7 +91446,7 @@ CVE-2023-4246 (The GiveWP plugin for WordPress is vulnerable to Cross-Site Reque CVE-2022-4958 (A vulnerability classified as problematic has been found in qkmc-rk re ...) NOT-FOR-US: qkmc-rk redb
[Git][security-tracker-team/security-tracker][master] automatic update
Salvatore Bonaccorso pushed to branch master at Debian Security Tracker / security-tracker Commits: 3147975a by security tracker role at 2024-12-08T20:12:45+00:00 automatic update - - - - - 1 changed file: - data/CVE/list Changes: = data/CVE/list = @@ -1,3 +1,5 @@ +CVE-2024-12343 (A vulnerability classified as critical has been found in TP-Link VN020 ...) + TODO: check CVE-2024-53473 (WeGIA 3.2.0 before 3998672 does not verify permission to change a pass ...) TODO: check CVE-2024-12342 (A vulnerability was found in TP-Link VN020 F3v(T) TT_V6.2.1021. It has ...) @@ -4185,26 +4187,26 @@ CVE-2024-11477 (7-Zip Zstandard Decompression Integer Underflow Remote Code Exec - p7zip (Vulnerable code not present) NOTE: https://www.zerodayinitiative.com/advisories/ZDI-24-1532/ CVE-2024-11233 (In PHP versions 8.1.* before 8.1.31, 8.2.* before 8.2.26, 8.3.* before ...) - {DSA-5819-1} + {DSA-5819-1 DLA-3986-1} - php8.2 8.2.26-4 (bug #1088688) - php7.4 NOTE: https://github.com/php/php-src/security/advisories/GHSA-r977-prxv-hc43 NOTE: https://github.com/php/php-src/commit/a6c84cd7efd7eaaaefd4463412508df570d35358 (php-8.2.26) CVE-2024-11234 (In PHP versions 8.1.* before 8.1.31, 8.2.* before 8.2.26, 8.3.* before ...) - {DSA-5819-1} + {DSA-5819-1 DLA-3986-1} - php8.2 8.2.26-4 (bug #1088688) - php7.4 NOTE: https://github.com/php/php-src/security/advisories/GHSA-c5f2-jwm7-mmq2 NOTE: https://github.com/php/php-src/commit/cf6700e86d6357420a7c8386da63d48fec55f633 (php-8.2.26) CVE-2024-11236 (In PHP versions 8.1.* before 8.1.31, 8.2.* before 8.2.26, 8.3.* before ...) - {DSA-5819-1} + {DSA-5819-1 DLA-3986-1} - php8.2 8.2.26-4 (bug #1088688) - php7.4 NOTE: https://github.com/php/php-src/security/advisories/GHSA-5hqh-c84r-qjcv NOTE: https://github.com/php/php-src/commit/7742f79a8a9c20522dbf40e1dc1d4ccad71d399c (php-8.2.26) NOTE: https://github.com/php/php-src/commit/2dbe1425c5768faea2aa7bca26081dd208c94ac8 (php-8.2.26) CVE-2024-8929 (In PHP versions 8.1.* before 8.1.31, 8.2.* before 8.2.26, 8.3.* before ...) - {DSA-5819-1} + {DSA-5819-1 DLA-3986-1} - php8.2 8.2.26-4 (bug #1088688) - php7.4 NOTE: https://github.com/php/php-src/security/advisories/GHSA-h35g-vwh6-m678 @@ -4212,7 +4214,7 @@ CVE-2024-8929 (In PHP versions 8.1.* before 8.1.31, 8.2.* before 8.2.26, 8.3.* b NOTE: Follow-up: https://github.com/php/php-src/commit/abc6de0ddec93564e9faa8065ac5756a1fbaf763 (php-8.2.26) NOTE: Follow-up: https://github.com/php/php-src/commit/913031c844737d78a62c4af2aab1c3eeb7dc95bf (php-8.2.26) CVE-2024-8932 (In PHP versions 8.1.* before 8.1.31, 8.2.* before 8.2.26, 8.3.* before ...) - {DSA-5819-1} + {DSA-5819-1 DLA-3986-1} - php8.2 8.2.26-4 (bug #1088688) - php7.4 NOTE: https://github.com/php/php-src/security/advisories/GHSA-g665-fm4p-vhff @@ -125386,7 +125388,7 @@ CVE-2020-36728 (The Adning Advertising plugin for WordPress is vulnerable to fil CVE-2020-36705 (The Adning Advertising plugin for WordPress is vulnerable to arbitrary ...) NOT-FOR-US: Adning Advertising plugin for WordPress CVE-2023-33865 (RenderDoc before 1.27 allows local privilege escalation via a symlink ...) - {DLA-3501-1} + {DLA-3987-1 DLA-3501-1} - renderdoc 1.27+dfsg-1 (bug #1037208) [bookworm] - renderdoc (Minor issue) NOTE: https://www.openwall.com/lists/oss-security/2023/06/06/3 @@ -125396,7 +125398,7 @@ CVE-2023-33865 (RenderDoc before 1.27 allows local privilege escalation via a sy NOTE: https://github.com/baldurk/renderdoc/commit/203fc8382a79d53d2035613d9425d966b1d4958e (v1.27) NOTE: https://github.com/baldurk/renderdoc/commit/771aa8e769b72e6a36b31d6e2116db9952dcbe9b (v1.27) CVE-2023-33864 (StreamReader::ReadFromExternal in RenderDoc before 1.27 allows an Inte ...) - {DLA-3501-1} + {DLA-3987-1 DLA-3501-1} - renderdoc 1.27+dfsg-1 (bug #1037208) [bookworm] - renderdoc (Minor issue) NOTE: https://www.openwall.com/lists/oss-security/2023/06/06/3 @@ -125406,7 +125408,7 @@ CVE-2023-33864 (StreamReader::ReadFromExternal in RenderDoc before 1.27 allows a NOTE: https://github.com/baldurk/renderdoc/commit/203fc8382a79d53d2035613d9425d966b1d4958e (v1.27) NOTE: https://github.com/baldurk/renderdoc/commit/771aa8e769b72e6a36b31d6e2116db9952dcbe9b (v1.27) CVE-2023-33863 (SerialiseValue in RenderDoc before 1.27 allows an Integer Overflow wit ...) - {DLA-3501-1} + {DLA-3987-1 DLA-3501-1} - renderdoc 1.27+dfsg-1 (bug #1037208) [bookworm] - renderdoc (Minor issue) NOTE: https://www.openwall.com/lists/oss-security/2023/06/06/3 View it on GitLab: h
[Git][security-tracker-team/security-tracker][master] automatic update
Salvatore Bonaccorso pushed to branch master at Debian Security Tracker / security-tracker Commits: 271dfc5f by security tracker role at 2024-12-08T08:11:52+00:00 automatic update - - - - - 1 changed file: - data/CVE/list Changes: = data/CVE/list = @@ -1,3 +1,9 @@ +CVE-2024-53473 (WeGIA 3.2.0 before 3998672 does not verify permission to change a pass ...) + TODO: check +CVE-2024-12342 (A vulnerability was found in TP-Link VN020 F3v(T) TT_V6.2.1021. It has ...) + TODO: check +CVE-2024-12209 (The WP Umbrella: Update Backup Restore & Monitoring plugin for WordPre ...) + TODO: check CVE-2024-47115 (IBM AIX 7.2, 7.3 and VIOS 3.1 and 4.1could allow a local user to execu ...) NOT-FOR-US: IBM CVE-2024-47107 (IBM QRadar SIEM 7.5 is vulnerable to stored cross-site scripting. This ...) View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/271dfc5f2d43f495b3d38804798ab66aec5d9894 -- View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/271dfc5f2d43f495b3d38804798ab66aec5d9894 You're receiving this email because of your account on salsa.debian.org. ___ debian-security-tracker-commits mailing list debian-security-tracker-commits@alioth-lists.debian.net https://alioth-lists.debian.net/cgi-bin/mailman/listinfo/debian-security-tracker-commits
[Git][security-tracker-team/security-tracker][master] automatic update
Salvatore Bonaccorso pushed to branch master at Debian Security Tracker / security-tracker Commits: 96970a5b by security tracker role at 2024-12-07T20:12:07+00:00 automatic update - - - - - 1 changed file: - data/CVE/list Changes: = data/CVE/list = @@ -1,3 +1,31 @@ +CVE-2024-47115 (IBM AIX 7.2, 7.3 and VIOS 3.1 and 4.1could allow a local user to execu ...) + TODO: check +CVE-2024-47107 (IBM QRadar SIEM 7.5 is vulnerable to stored cross-site scripting. This ...) + TODO: check +CVE-2024-41762 (IBM Db2 for Linux, UNIX and Windows (includes Db2 Connect Server) 10.5 ...) + TODO: check +CVE-2024-37071 (IBM Db2 for Linux, UNIX and Windows (includes Db2 Connect Server) 10.5 ...) + TODO: check +CVE-2024-12270 (The Beautiful taxonomy filters plugin for WordPress is vulnerable to S ...) + TODO: check +CVE-2024-12253 (The Simple Ecommerce Shopping Cart Plugin- Sell products through Paypa ...) + TODO: check +CVE-2024-12128 (The Simple Ecommerce Shopping Cart Plugin- Sell products through Paypa ...) + TODO: check +CVE-2024-11501 (The Gallery plugin for WordPress is vulnerable to PHP Object Injection ...) + TODO: check +CVE-2024-11464 (The Easy Code Snippets plugin for WordPress is vulnerable to Reflected ...) + TODO: check +CVE-2024-11457 (The Feedpress Generator \u2013 External RSS Frontend Customizer plugin ...) + TODO: check +CVE-2024-11380 (The Mini Program API plugin for WordPress is vulnerable to Stored Cros ...) + TODO: check +CVE-2024-11374 (The TWChat \u2013 Send or receive messages from users plugin for WordP ...) + TODO: check +CVE-2024-11367 (The Smoove connector for Elementor forms plugin for WordPress is vulne ...) + TODO: check +CVE-2024-11010 (The FileOrganizer \u2013 Manage WordPress and Website Files plugin for ...) + TODO: check CVE-2024-8679 (The Library Management System \u2013 Manage e-Digital Books Library pl ...) NOT-FOR-US: WordPress plugin CVE-2024-7894 (The If Menu plugin for WordPress is vulnerable to unauthorized modific ...) @@ -2059,21 +2087,25 @@ CVE-2024-46055 (OpenVidReview 1.0 is vulnerable to Cross Site Scripting (XSS) in CVE-2024-46054 (OpenVidReview 1.0 is vulnerable to Incorrect Access Control. The /uplo ...) NOT-FOR-US: OpenVidReview CVE-2024-42333 (The researcher is showing that it is possible to leak a small amount o ...) + {DLA-3984-1} - zabbix 1:7.0.5+dfsg-1 (bug #1088689) NOTE: https://support.zabbix.com/browse/ZBX-25629 NOTE: Fixed by https://github.com/zabbix/zabbix/commit/72d2ce61872fcbace8f8dfdabc0568c99980989d (7.0.4rc1) NOTE: Fixed by (merge commit) https://github.com/zabbix/zabbix/commit/c4ea57b823cb6a4c2cb0796f500e862fbb6a46ea (6.0.35rc1) CVE-2024-42332 (The researcher is showing that due to the way the SNMP trap log is par ...) + {DLA-3984-1} - zabbix 1:7.0.5+dfsg-1 (bug #1088689) NOTE: https://support.zabbix.com/browse/ZBX-25628 NOTE: Fixed by (merge commit): https://github.com/zabbix/zabbix/commit/e2982fbe05fe0a232c3fd71f2a3426a0bf400f77 (7.0.5rc1) NOTE: Fixed by (merge commit): https://github.com/zabbix/zabbix/commit/c539a227623343187d9907186bce7c9c3bc57a52 (6.0.35rc1) CVE-2024-42331 (In the src/libs/zbxembed/browser.c file, the es_browser_ctor method re ...) + {DLA-3984-1} - zabbix 1:7.0.5+dfsg-1 (bug #1088689) NOTE: https://support.zabbix.com/browse/ZBX-25627 NOTE: Fixed by (merge commit): https://github.com/zabbix/zabbix/commit/e1bcc14d49a779587b6f31dddaf1ccbba4008d20 (7.0.4rc1) NOTE: and additionally https://github.com/zabbix/zabbix/commit/e731ed95fda7572ebae5eaffaa70f41e8f897e0d (7.0.4rc1) CVE-2024-42330 (The HttpRequest object allows to get the HTTP headers from the server' ...) + {DLA-3984-1} - zabbix 1:7.0.5+dfsg-1 (bug #1088689) NOTE: https://support.zabbix.com/browse/ZBX-25626 NOTE: Fixed by (merge commit): https://github.com/zabbix/zabbix/commit/e82c5941242edc9f4a96e101caaf27e106f73f47 (7.0.4rc1) @@ -2119,6 +2151,7 @@ CVE-2024-36468 (The reported vulnerability is a stack buffer overflow in the zbx NOTE: Fixed by (merge commit): https://github.com/zabbix/zabbix/commit/c0dd17ac03c6cc5c7d830d1eee7e5b84243ea673 (7.0.3rc1) NOTE: vulnerable function introduced with commit https://github.com/zabbix/zabbix/commit/3850cd1cfea328baabafd26e56bc425ddff95eac (7.0.0beta1) CVE-2024-36464 (When exporting media types, the password is exported in the YAML in pl ...) + {DLA-3984-1} - zabbix (bug #1088689) NOTE: https://support.zabbix.com/browse/ZBX-25630 NOTE: Despite upstream claiming fixed in 6.0.30rc1, can reproduce with 6.0.36 (package from upstream) @@ -2172,6 +2205,7 @@ CVE-2024-50942 (qiwen-file v1.4.0 was discovered to contain a SQL injection vu
[Git][security-tracker-team/security-tracker][master] automatic update
Salvatore Bonaccorso pushed to branch master at Debian Security Tracker / security-tracker Commits: d23d411e by security tracker role at 2024-12-07T08:12:22+00:00 automatic update - - - - - 1 changed file: - data/CVE/list Changes: = data/CVE/list = @@ -1,4 +1,82 @@ -CVE-2024-53143 [fsnotify: Fix ordering of iput() and watched_objects decrement] +CVE-2024-8679 (The Library Management System \u2013 Manage e-Digital Books Library pl ...) + TODO: check +CVE-2024-7894 (The If Menu plugin for WordPress is vulnerable to unauthorized modific ...) + TODO: check +CVE-2024-7875 (Tungsten Automation(Kofax) TotalAgility in versions all through7.9.0.2 ...) + TODO: check +CVE-2024-7874 (Tungsten Automation (Kofax) TotalAgility in versions all through7.9.0. ...) + TODO: check +CVE-2024-54138 (NuGet Gallery is a package repository that powers nuget.org. The NuGet ...) + TODO: check +CVE-2024-44856 (Open Robotics Robotic Operating System 2 ROS2 navigation2 v.humble was ...) + TODO: check +CVE-2024-44855 (Open Robotics Robotic Operating System 2 ROS2 navigation2 v.humble was ...) + TODO: check +CVE-2024-44854 (Open Robotics Robotic Operating System 2 ROS2 navigation2 v.humble was ...) + TODO: check +CVE-2024-44853 (Open Robotics Robotic Operating System 2 ROS2 navigation2 v.humble was ...) + TODO: check +CVE-2024-44852 (Open Robotics Robotic Operating System 2 ROS2 navigation2 v.humble was ...) + TODO: check +CVE-2024-41650 (Insecure Permissions vulnerability in Open Robotics Robotic Operating ...) + TODO: check +CVE-2024-41649 (Insecure Permissions vulnerability in Open Robotics Robotic Operating ...) + TODO: check +CVE-2024-41648 (Insecure Permissions vulnerability in Open Robotics Robotic Operating ...) + TODO: check +CVE-2024-41647 (Insecure Permissions vulnerability in Open Robotics Robotic Operating ...) + TODO: check +CVE-2024-41646 (Insecure Permissions vulnerability in Open Robotics Robotic Operating ...) + TODO: check +CVE-2024-41645 (Insecure Permissions vulnerability in Open Robotics Robotic Operating ...) + TODO: check +CVE-2024-41644 (Insecure Permissions vulnerability in Open Robotics Robotic Operating ...) + TODO: check +CVE-2024-38927 (Open Robotics Robotic Operating System 2 (ROS2) and Nav2 humble versio ...) + TODO: check +CVE-2024-38926 (Open Robotics Robotic Operating System 2 (ROS2) and Nav2 humble versio ...) + TODO: check +CVE-2024-38925 (Open Robotics Robotic Operating System 2 (ROS2) and Nav2 humble versio ...) + TODO: check +CVE-2024-38924 (Open Robotics Robotic Operating System 2 (ROS2) and Nav2 humble versio ...) + TODO: check +CVE-2024-38923 (Open Robotics Robotic Operating System 2 (ROS2) and Nav2 humble versio ...) + TODO: check +CVE-2024-38922 (Open Robotics Robotic Operating System 2 (ROS2) and Nav2 humble versio ...) + TODO: check +CVE-2024-38921 (Open Robotics Robotic Operating System 2 (ROS2) and Nav2 humble versio ...) + TODO: check +CVE-2024-12326 (Jirafeau normally prevents browser preview for SVG files due to the po ...) + TODO: check +CVE-2024-12257 (The CardGate Payments for WooCommerce plugin for WordPress is vulnerab ...) + TODO: check +CVE-2024-12167 (The Shortcodes Blocks Creator Ultimate plugin for WordPress is vulnera ...) + TODO: check +CVE-2024-12166 (The Shortcodes Blocks Creator Ultimate plugin for WordPress is vulnera ...) + TODO: check +CVE-2024-12165 (The Mollie for Contact Form 7 plugin for WordPress is vulnerable to Re ...) + TODO: check +CVE-2024-12115 (The Poll Maker \u2013 Versus Polls, Anonymous Polls, Image Polls plugi ...) + TODO: check +CVE-2024-12026 (The Message Filter for Contact Form 7 plugin for WordPress is vulnerab ...) + TODO: check +CVE-2024-11943 (The \uc6cc\ub4dc\ud504\ub808\uc2a4 \uacb0\uc81c \uc2ec\ud50c\ud398\uc7 ...) + TODO: check +CVE-2024-11904 (The \ucf54\ub4dc\uc5e0\uc0f5 \uc18c\uc15c\ud1a1 plugin for WordPress i ...) + TODO: check +CVE-2024-11451 (The Zooom plugin for WordPress is vulnerable to Stored Cross-Site Scri ...) + TODO: check +CVE-2024-11436 (The Drag & Drop Builder, Human Face Detector, Pre-built Templates, Spa ...) + TODO: check +CVE-2024-11353 (The SMS for Lead Capture Forms plugin for WordPress is vulnerable to u ...) + TODO: check +CVE-2024-11329 (The Comfino Payment Gateway plugin for WordPress is vulnerable to Refl ...) + TODO: check +CVE-2024-11183 (The Simple Side Tab WordPress plugin before 2.2.0 does not sanitise an ...) + TODO: check +CVE-2024-10046 (The \u0627\u0641\u0632\u0648\u0646\u0647 \u067e\u06cc\u0627\u0645\u06a ...) + TODO: check +CVE-2024-53143 (In the Linux kernel, the following vulnerability has been resolved: f ...) - linux [bookwo
[Git][security-tracker-team/security-tracker][master] automatic update
Salvatore Bonaccorso pushed to branch master at Debian Security Tracker / security-tracker Commits: 98b6bbfc by security tracker role at 2024-12-06T20:12:10+00:00 automatic update - - - - - 1 changed file: - data/CVE/list Changes: = data/CVE/list = @@ -1,3 +1,261 @@ +CVE-2024-9872 (The Online Booking & Scheduling Calendar for WordPress by vcita plugin ...) + TODO: check +CVE-2024-9866 (The Event Tickets with Ticket Scanner plugin for WordPress is vulnerab ...) + TODO: check +CVE-2024-9706 (The Ultimate Coming Soon & Maintenance plugin for WordPress is vulnera ...) + TODO: check +CVE-2024-9705 (The Ultimate Coming Soon & Maintenance plugin for WordPress is vulnera ...) + TODO: check +CVE-2024-55268 (A Reflected Cross Site Scripting (XSS) vulnerability was found in /cov ...) + TODO: check +CVE-2024-54750 (Ubiquiti U6-LR 6.6.65 was discovered to contain a hardcoded password v ...) + TODO: check +CVE-2024-54749 (Ubiquiti U7-Pro 7.0.35 was discovered to contain a hardcoded password ...) + TODO: check +CVE-2024-54747 (WAVLINK WN531P3 202383 was discovered to contain a hardcoded password ...) + TODO: check +CVE-2024-54745 (WAVLINK WN701AE M01AE_V240305 was discovered to contain a hardcoded pa ...) + TODO: check +CVE-2024-54216 (Path Traversal vulnerability in NotFound ARForms allows Path Traversal ...) + TODO: check +CVE-2024-54214 (Unrestricted Upload of File with Dangerous Type vulnerability in NotFo ...) + TODO: check +CVE-2024-54213 (Improper Neutralization of Input During Web Page Generation ('Cross-si ...) + TODO: check +CVE-2024-54212 (Improper Neutralization of Input During Web Page Generation ('Cross-si ...) + TODO: check +CVE-2024-54211 (Improper Neutralization of Input During Web Page Generation ('Cross-si ...) + TODO: check +CVE-2024-54210 (Improper Neutralization of Input During Web Page Generation ('Cross-si ...) + TODO: check +CVE-2024-54209 (Improper Neutralization of Input During Web Page Generation ('Cross-si ...) + TODO: check +CVE-2024-54208 (Improper Neutralization of Input During Web Page Generation ('Cross-si ...) + TODO: check +CVE-2024-54207 (Improper Neutralization of Input During Web Page Generation ('Cross-si ...) + TODO: check +CVE-2024-54206 (Improper Neutralization of Input During Web Page Generation ('Cross-si ...) + TODO: check +CVE-2024-54205 (Cross-Site Request Forgery (CSRF) vulnerability in Paloma Paloma Widge ...) + TODO: check +CVE-2024-54143 (openwrt/asu is an image on demand server for OpenWrt based distributio ...) + TODO: check +CVE-2024-54141 (phpMyFAQ is an open source FAQ web application for PHP 8.1+ and MySQL, ...) + TODO: check +CVE-2024-54137 (liboqs is a C-language cryptographic library that provides implementat ...) + TODO: check +CVE-2024-54136 (ClipBucket V5 provides open source video hosting with PHP. ClipBucket- ...) + TODO: check +CVE-2024-54135 (ClipBucket V5 provides open source video hosting with PHP. ClipBucket- ...) + TODO: check +CVE-2024-53826 (Missing Authorization vulnerability in WPSight WPCasa allows Accessing ...) + TODO: check +CVE-2024-53825 (Missing Authorization vulnerability in Ninja Team Filebird allows Expl ...) + TODO: check +CVE-2024-53824 (Improper Control of Filename for Include/Require Statement in PHP Prog ...) + TODO: check +CVE-2024-53823 (Improper Neutralization of Input During Web Page Generation ('Cross-si ...) + TODO: check +CVE-2024-53821 (Improper Neutralization of Input During Web Page Generation ('Cross-si ...) + TODO: check +CVE-2024-53820 (Improper Neutralization of Input During Web Page Generation ('Cross-si ...) + TODO: check +CVE-2024-53817 (Improper Neutralization of Special Elements used in an SQL Command ('S ...) + TODO: check +CVE-2024-53815 (Improper Neutralization of Special Elements used in an SQL Command ('S ...) + TODO: check +CVE-2024-53813 (Missing Authorization vulnerability in WP Travel WP Travel allows Expl ...) + TODO: check +CVE-2024-53812 (Improper Neutralization of Input During Web Page Generation ('Cross-si ...) + TODO: check +CVE-2024-53811 (Unrestricted Upload of File with Dangerous Type vulnerability in POSIM ...) + TODO: check +CVE-2024-53810 (Missing Authorization vulnerability in Najeeb Ahmad Simple User Regist ...) + TODO: check +CVE-2024-53809 (Cross-Site Request Forgery (CSRF) vulnerability in Kiboko Labs Namaste ...) + TODO: check +CVE-2024-53808 (Improper Neutralization of Special Elements used in an SQL Command ('S ...) + TODO: check +CVE-2024-53807 (Improper Neutralization of Special Elements used in an SQL Command ('S ...) + TODO: check +CVE-2024-53806 (Missing Authorization vulnerability in WpMaspik Maspik \u2013 Spam bla ...
[Git][security-tracker-team/security-tracker][master] automatic update
Salvatore Bonaccorso pushed to branch master at Debian Security Tracker / security-tracker Commits: c2f80834 by security tracker role at 2024-12-06T08:12:02+00:00 automatic update - - - - - 1 changed file: - data/CVE/list Changes: = data/CVE/list = @@ -1,3 +1,65 @@ +CVE-2024-9769 (The Video Gallery \u2013 Best WordPress YouTube Gallery plugin for Wor ...) + TODO: check +CVE-2024-6219 (Mark Laing discovered in LXD's PKI mode, until version 5.21.1, that a ...) + TODO: check +CVE-2024-6156 (Mark Laing discovered that LXD's PKI mode, until version 5.21.2, could ...) + TODO: check +CVE-2024-54140 (sigstore-java is a sigstore java client for interacting with sigstore ...) + TODO: check +CVE-2024-53589 (GNU objdump 2.43 is vulnerable to Buffer Overflow in the BFD (Binary F ...) + TODO: check +CVE-2024-53523 (JSFinder commit d70ab9bc5221e016c08cffaf0d9ac79646c90645 is vulnerable ...) + TODO: check +CVE-2024-53457 (A stored cross-site scripting (XSS) vulnerability in the Device Settin ...) + TODO: check +CVE-2024-52798 (path-to-regexp turns path strings into a regular expressions. In certa ...) + TODO: check +CVE-2024-49041 (Microsoft Edge (Chromium-based) Spoofing Vulnerability) + TODO: check +CVE-2024-38920 (Open Robotics Robotic Operating System 2 (ROS2) and Nav2 humble versio ...) + TODO: check +CVE-2024-38910 (Open Robotics Robotic Operating System 2 (ROS2) and Nav2 humble versio ...) + TODO: check +CVE-2024-37863 (Open Robotics Robotic Operating System 2 (ROS2) and Nav2 humble versio ...) + TODO: check +CVE-2024-37862 (Buffer Overflow vulnerability in Open Robotic Robotic Operating System ...) + TODO: check +CVE-2024-37861 (Open Robotics Robotic Operating System 2 (ROS2) and Nav2 humble versio ...) + TODO: check +CVE-2024-37860 (Buffer Overflow vulnerability in Open Robotic Operating System 2 ROS2 ...) + TODO: check +CVE-2024-30964 (Insecure Permissions vulnerability in Open Robotics Robotic Operating ...) + TODO: check +CVE-2024-30963 (Buffer Overflow vulnerability in Open Robotics Robotic Operating Syste ...) + TODO: check +CVE-2024-30962 (Buffer Overflow vulnerability in Open Robotics Robotic Operating Syste ...) + TODO: check +CVE-2024-30961 (Insecure Permissions vulnerability in Open Robotics Robotic Operating ...) + TODO: check +CVE-2024-12064 + REJECTED +CVE-2024-11585 (The WP Hide & Security Enhancer plugin for WordPress is vulnerable to ...) + TODO: check +CVE-2024-11379 (The Broadcast plugin for WordPress is vulnerable to Reflected Cross-Si ...) + TODO: check +CVE-2024-11201 (The myCred \u2013 Loyalty Points and Rewards plugin for WordPress and ...) + TODO: check +CVE-2024-11178 (The Login With OTP plugin for WordPress is vulnerable to authenticatio ...) + TODO: check +CVE-2024-11149 (In OpenBSD 7.4 before errata 014, vmm(4) did not restore GDTR limits p ...) + TODO: check +CVE-2024-10933 (In OpenBSD 7.5 before errata 009 and OpenBSD 7.4 before errata 022, ex ...) + TODO: check +CVE-2024-10836 (The Flixita theme for WordPress is vulnerable to Reflected Cross-Site ...) + TODO: check +CVE-2024-10578 (The Pubnews theme for WordPress is vulnerable to unauthorized arbitrar ...) + TODO: check +CVE-2024-10551 (The Sticky Social Icons WordPress plugin through 1.2.1 does not saniti ...) + TODO: check +CVE-2024-10480 (The 3DPrint Lite WordPress plugin before 2.1 does not have CSRF check ...) + TODO: check +CVE-2024-10247 (The Video Gallery \u2013 Best WordPress YouTube Gallery Plugin plugin ...) + TODO: check CVE-2024-6784 (Server-Side Request Forgery vulnerabilities were found providing a pot ...) NOT-FOR-US: ABB CVE-2024-6516 (Cross Site Scripting vulnerabilities where found providing a potential ...) @@ -318867,7 +318929,7 @@ CVE-2021-0938 (In memzero_explicit of compiler-clang.h, there is a possible bypa NOTE: https://source.android.com/security/bulletin/pixel/2021-10-01 NOTE: https://git.kernel.org/linus/3347acc6fcd4ee71ad18a9ff9d9dac176b517329 CVE-2021-0937 - RESERVED + REJECTED - linux 5.10.38-1 [buster] - linux 4.19.194-1 [stretch] - linux 4.9.272-1 @@ -476618,18 +476680,18 @@ CVE-2018-9393 (In procfile_write of drivers/misc/mediatek/connectivity/wlan/gen2 NOT-FOR-US: Android CVE-2018-9392 (In get_binary of vendor/mediatek/proprietary/hardware/connectivity/gps ...) NOT-FOR-US: Android -CVE-2018-9391 - RESERVED -CVE-2018-9390 - RESERVED +CVE-2018-9391 (In update_gps_sv and output_vzw_debug of vendor/mediatek/proprieta ...) + TODO: check +CVE-2018-9390 (In procfile_write of gl_proc.c, there is a possible out of bounds rea ...) + TODO: check CVE-2018-9389 RESERVED -CVE-2018-938
[Git][security-tracker-team/security-tracker][master] automatic update
Salvatore Bonaccorso pushed to branch master at Debian Security Tracker / security-tracker Commits: 61f356a0 by security tracker role at 2024-12-05T20:12:04+00:00 automatic update - - - - - 1 changed file: - data/CVE/list Changes: = data/CVE/list = @@ -1,3 +1,161 @@ +CVE-2024-6784 (Server-Side Request Forgery vulnerabilities were found providing a pot ...) + TODO: check +CVE-2024-6516 (Cross Site Scripting vulnerabilities where found providing a potential ...) + TODO: check +CVE-2024-6515 (Web browser interface may manipulate application username/password in ...) + TODO: check +CVE-2024-54679 (CyberPanel (aka Cyber Panel) before 6778ad1 does not require the Filem ...) + TODO: check +CVE-2024-54130 (The NASA\u2019s Interplanetary Overlay Network (ION) is an implementat ...) + TODO: check +CVE-2024-54129 (The NASA\u2019s Interplanetary Overlay Network (ION) is an implementat ...) + TODO: check +CVE-2024-54128 (Directus is a real-time API and App dashboard for managing SQL databas ...) + TODO: check +CVE-2024-54127 (This vulnerability exists in the TP-Link Archer C50 due to presence of ...) + TODO: check +CVE-2024-54126 (This vulnerability exists in the TP-Link Archer C50 due to improper si ...) + TODO: check +CVE-2024-54001 (Kanboard is project management software that focuses on the Kanban met ...) + TODO: check +CVE-2024-53857 (rPGP is a pure Rust implementation of OpenPGP. Prior to 0.14.1, rPGP a ...) + TODO: check +CVE-2024-53856 (rPGP is a pure Rust implementation of OpenPGP. Prior to 0.14.1, rPGP a ...) + TODO: check +CVE-2024-53846 (OTP is a set of Erlang libraries, which consists of the Erlang runtime ...) + TODO: check +CVE-2024-53703 (A vulnerability in the SonicWall SMA100 SSLVPN firmware 10.2.1.13-72sv ...) + TODO: check +CVE-2024-53702 (Use of cryptographically weak pseudo-random number generator (PRNG) vu ...) + TODO: check +CVE-2024-53490 (Favorites-web 1.3.0 favorites-web has a directory traversal vulnerabil ...) + TODO: check +CVE-2024-53472 (WeGIA v3.2.0 was discovered to contain a Cross-Site Request Forgery (C ...) + TODO: check +CVE-2024-53471 (Multiple stored cross-site scripting (XSS) vulnerabilities in the comp ...) + TODO: check +CVE-2024-53470 (Multiple stored cross-site scripting (XSS) vulnerabilities in the comp ...) + TODO: check +CVE-2024-53442 (whapa v1.59 is vulnerable to Command Injection via a crafted filename ...) + TODO: check +CVE-2024-52564 (Inclusion of undocumented features or chicken bits issue exists in UD- ...) + TODO: check +CVE-2024-52271 (User Interface (UI) Misrepresentation of Critical Information vulnerab ...) + TODO: check +CVE-2024-52270 (User Interface (UI) Misrepresentation of Critical Information vulnerab ...) + TODO: check +CVE-2024-51555 (Default Credentail vulnerabilities allows access to an Aspect device u ...) + TODO: check +CVE-2024-51554 (Default Credentail vulnerabilities in ASPECT on Linux allows access to ...) + TODO: check +CVE-2024-51551 (Default Credentail vulnerabilities in ASPECT on Linux allows access to ...) + TODO: check +CVE-2024-51550 (Data Validation / Data Sanitization vulnerabilities in Linux allows u ...) + TODO: check +CVE-2024-51549 (Absolute File Traversal vulnerabilities allows access and modificatio ...) + TODO: check +CVE-2024-51548 (Dangerous File Upload vulnerabilities allow upload of malicious script ...) + TODO: check +CVE-2024-51546 (Credentials Disclosure vulnerabilities allow access to on board projec ...) + TODO: check +CVE-2024-51545 (Username Enumeration vulnerabilities allow access to application level ...) + TODO: check +CVE-2024-51544 (Service Control vulnerabilities allow access to service restart reques ...) + TODO: check +CVE-2024-51543 (Information Disclosure vulnerabilities allow access to application con ...) + TODO: check +CVE-2024-51542 (Configuration Download vulnerabilities allow access to dependency conf ...) + TODO: check +CVE-2024-51541 (Local File Inclusion vulnerabilities allow access to sensitive system ...) + TODO: check +CVE-2024-48847 (MD5 Checksum Bypass vulnerabilities where found exploiting a weakness ...) + TODO: check +CVE-2024-48846 (Cross Site Request Forgery vulnerabilities where found providing a pot ...) + TODO: check +CVE-2024-48845 (Weak Password Reset Rules vulnerabilities where found providing a pot ...) + TODO: check +CVE-2024-48844 (Denial of Service vulnerabilities where found providing a potiential f ...) + TODO: check +CVE-2024-48843 (Denial of Service vulnerabilities where found providing a potiential f ...) + TODO: check +CVE-2024-48840 (Unauthorized Access vulnerabilities allow Remote Code Execution. Affec ..
[Git][security-tracker-team/security-tracker][master] automatic update
Salvatore Bonaccorso pushed to branch master at Debian Security Tracker / security-tracker Commits: 330e241d by security tracker role at 2024-12-05T08:12:05+00:00 automatic update - - - - - 1 changed file: - data/CVE/list Changes: = data/CVE/list = @@ -1,3 +1,45 @@ +CVE-2024-54675 (app/webroot/js/workflows-editor/workflows-editor.js in MISP through 2. ...) + TODO: check +CVE-2024-54674 (app/View/GalaxyClusters/cluster_export_misp_galaxy.ctp in MISP through ...) + TODO: check +CVE-2024-54221 (Improper Neutralization of Special Elements used in an SQL Command ('S ...) + TODO: check +CVE-2024-54014 (Improper authorization in handler for custom URL scheme issue in 'Skyl ...) + TODO: check +CVE-2024-53982 (ZOO-Project is a C-based WPS (Web Processing Service) implementation. ...) + TODO: check +CVE-2024-51210 (Firepad through 1.5.11 allows remote attackers, who have knowledge of ...) + TODO: check +CVE-2024-50947 (An issue in kmqtt v0.2.7 allows attackers to cause a Denial of Service ...) + TODO: check +CVE-2024-42195 (HCL DevOps Deploy / HCL Launch is vulnerable to HTML injection. This v ...) + TODO: check +CVE-2024-39219 (An issue in Aginode GigaSwitch V5 before version 7.06G allows authenti ...) + TODO: check +CVE-2024-38829 (A vulnerability in VMware Tanzu Spring LDAP allows data exposure for c ...) + TODO: check +CVE-2024-12188 (A vulnerability was found in 1000 Projects Library Management System 1 ...) + TODO: check +CVE-2024-12187 (A vulnerability was found in 1000 Projects Library Management System 1 ...) + TODO: check +CVE-2024-12186 (A vulnerability was found in code-projects Hotel Management System 1.0 ...) + TODO: check +CVE-2024-12185 (A vulnerability has been found in code-projects Hotel Management Syste ...) + TODO: check +CVE-2024-12183 (A vulnerability, which was classified as problematic, was found in Ded ...) + TODO: check +CVE-2024-12182 (A vulnerability, which was classified as problematic, has been found i ...) + TODO: check +CVE-2024-12181 (A vulnerability classified as problematic was found in DedeCMS 5.7.116 ...) + TODO: check +CVE-2024-12180 (A vulnerability classified as problematic has been found in DedeCMS 5. ...) + TODO: check +CVE-2024-11429 (The Free Responsive Testimonials, Social Proof Reviews, and Customer R ...) + TODO: check +CVE-2024-10881 (The LUNA RADIO PLAYER plugin for WordPress is vulnerable to Stored Cro ...) + TODO: check +CVE-2024-10178 (The Gutentor \u2013 Gutenberg Blocks \u2013 Page Builder for Gutenberg ...) + TODO: check CVE-2024-8962 (The WPBITS Addons For Elementor Page Builder plugin for WordPress is v ...) NOT-FOR-US: WordPress plugin CVE-2024-8894 (Out-of-bounds Writevulnerability was discovered in Open Design Allianc ...) @@ -23867,10 +23909,12 @@ CVE-2024-32668 (An insufficient boundary validation in the USB code could lead t CVE-2024-2166 (Improper Neutralization of Input During Web Page Generation ('Cross-si ...) NOT-FOR-US: Forcepoint Email Security CVE-2024-20506 (A vulnerability in the ClamD service module of Clam AntiVirus (ClamAV) ...) + {DLA-3983-1} - clamav 1.4.1+dfsg-1 (bug #1080962) [bookworm] - clamav 1.0.7+dfsg-1~deb12u1 NOTE: https://blog.clamav.net/2024/09/clamav-141-132-107-and-010312-security.html CVE-2024-20505 (A vulnerability in the PDF parsing module of Clam AntiVirus (ClamAV) v ...) + {DLA-3983-1} - clamav 1.4.1+dfsg-1 (bug #1080962) [bookworm] - clamav 1.0.7+dfsg-1~deb12u1 NOTE: https://blog.clamav.net/2024/09/clamav-141-132-107-and-010312-security.html @@ -476258,10 +476302,10 @@ CVE-2018-9465 (In task_get_unused_fd_flags of binder.c, there is a possible memo NOTE: https://git.kernel.org/linus/7f3dc0088b98533f17128058fac73cd8b2752ef1 CVE-2018-9464 RESERVED -CVE-2018-9463 - RESERVED -CVE-2018-9462 - RESERVED +CVE-2018-9463 (In sw49408_irq_runtime_engine_debug of touch_sw49408.c, there is a pos ...) + TODO: check +CVE-2018-9462 (In store_cmd of ftm4_pdc.c, there is a possible out of bounds write du ...) + TODO: check CVE-2018-9461 RESERVED CVE-2018-9460 @@ -476306,8 +476350,8 @@ CVE-2018-9441 (In sdp_copy_raw_data of sdp_discovery.cc, there is a possible out NOT-FOR-US: Android CVE-2018-9440 (In parse of M3UParser.cpp there is a possible resource exhaustion due ...) NOT-FOR-US: Android Media Framework -CVE-2018-9439 - RESERVED +CVE-2018-9439 (In __unregister_prot_hook and packet_release of af_packet.c, there is ...) + TODO: check CVE-2018-9438 (When a device connects only over WiFi VPN, the device may not receive ...) NOT-FOR-US: Android CVE-2018-9437 (In getstring of ID3.cpp there is a possible out-of-bounds read du
[Git][security-tracker-team/security-tracker][master] automatic update
Salvatore Bonaccorso pushed to branch master at Debian Security Tracker / security-tracker Commits: 20c0b522 by security tracker role at 2024-12-04T20:12:28+00:00 automatic update - - - - - 1 changed file: - data/CVE/list Changes: = data/CVE/list = @@ -1,3 +1,99 @@ +CVE-2024-8962 (The WPBITS Addons For Elementor Page Builder plugin for WordPress is v ...) + TODO: check +CVE-2024-8894 (Out-of-bounds Writevulnerability was discovered in Open Design Allianc ...) + TODO: check +CVE-2024-7488 (Improper Input Validation vulnerability in RestApp Inc. Online Orderin ...) + TODO: check +CVE-2024-5020 (Multiple plugins for WordPress are vulnerable to Stored Cross-Site Scr ...) + TODO: check +CVE-2024-54158 (In JetBrains YouTrack before 2024.3.52635 potential spoofing attack wa ...) + TODO: check +CVE-2024-54157 (In JetBrains YouTrack before 2024.3.52635 potential ReDoS was possible ...) + TODO: check +CVE-2024-54156 (In JetBrains YouTrack before 2024.3.52635 multiple merge functions wer ...) + TODO: check +CVE-2024-54155 (In JetBrains YouTrack before 2024.3.51866 improper access control allo ...) + TODO: check +CVE-2024-54154 (In JetBrains YouTrack before 2024.3.51866 system takeover was possible ...) + TODO: check +CVE-2024-54153 (In JetBrains YouTrack before 2024.3.51866 unauthenticated database bac ...) + TODO: check +CVE-2024-54134 (A publish-access account was compromised for `@solana/web3.js`, a Java ...) + TODO: check +CVE-2024-54132 (The GitHub CLI is GitHub\u2019s official command line tool. A security ...) + TODO: check +CVE-2024-54002 (Dependency-Track is a Component Analysis platform that allows organiza ...) + TODO: check +CVE-2024-53614 (A hardcoded decryption key in Thinkware Cloud APK v4.3.46 allows attac ...) + TODO: check +CVE-2024-52676 (Itsourcecode Online Discussion Forum Project v.1.0.0 is vulnerable to ...) + TODO: check +CVE-2024-52278 + REJECTED +CVE-2024-52277 (User Interface (UI) Misrepresentation of Critical Information vulnerab ...) + TODO: check +CVE-2024-52276 (** INITIAL LIMITED RELEASE ** User Interface (UI) Misrepresentation o ...) + TODO: check +CVE-2024-52275 (Stack-based Buffer Overflow vulnerability in Shenzhen Tenda Technology ...) + TODO: check +CVE-2024-52274 (Stack-based Buffer Overflow vulnerability in Shenzhen Tenda Technology ...) + TODO: check +CVE-2024-52273 (Stack-based Buffer Overflow vulnerability in Shenzhen Tenda Technology ...) + TODO: check +CVE-2024-52272 (Stack-based Buffer Overflow vulnerability in Shenzhen Tenda Technology ...) + TODO: check +CVE-2024-52269 (** INITIAL LIMITED RELEASE ** User Interface (UI) Misrepresentation o ...) + TODO: check +CVE-2024-51465 (IBM App Connect Enterprise Certified Container 11.4, 11.5, 11.6, 12.0, ...) + TODO: check +CVE-2024-48453 (An issue in INOVANCE AM401_CPU1608TPTN allows a remote attacker to exe ...) + TODO: check +CVE-2024-40745 (Reflected Cross site scripting vulnerability in Convert Forms componen ...) + TODO: check +CVE-2024-40744 (Unrestricted file upload via security bypass in Convert Forms componen ...) + TODO: check +CVE-2024-39163 (binux pyspider up to v0.3.10 was discovered to contain a Cross-Site Re ...) + TODO: check +CVE-2024-37575 (The Mister org.mistergroup.shouldianswer application 1.4.264 for Andro ...) + TODO: check +CVE-2024-37574 (The GriceMobile com.grice.call application 4.5.2 for Android enables a ...) + TODO: check +CVE-2024-20397 (A vulnerability in the bootloader of Cisco NX-OS Software could allow ...) + TODO: check +CVE-2024-12196 (Incorrect authorization in the permission component in Devolutions Ser ...) + TODO: check +CVE-2024-12151 (Incorrect permission assignment in the user migration feature in Devol ...) + TODO: check +CVE-2024-12149 (Incorrect permission assignment in temporary access requests component ...) + TODO: check +CVE-2024-12148 (Incorrect authorization in permission validation component in Devoluti ...) + TODO: check +CVE-2024-12147 (A vulnerability was found in Netgear R6900 1.0.1.26_1.0.20. It has bee ...) + TODO: check +CVE-2024-12138 (A vulnerability classified as critical was found in horilla up to 1.2. ...) + TODO: check +CVE-2024-12107 (Double-Free Vulnerability in uD3TN BPv7 Caused by Malformed Endpoint I ...) + TODO: check +CVE-2024-12056 (The Client secret is not checked when using the OAuth Password grant t ...) + TODO: check +CVE-2024-11952 (The Classic Addons \u2013 WPBakery Page Builder plugin for WordPress i ...) + TODO: check +CVE-2024-11935 (The Email Address Obfuscation plugin for WordPress is vulnerable to St ...) + TODO: check +CVE-2024-11880 (The B Testimonial \u2013 testimonial plugin
[Git][security-tracker-team/security-tracker][master] automatic update
Salvatore Bonaccorso pushed to branch master at Debian Security Tracker / security-tracker Commits: f34e26d7 by security tracker role at 2024-12-04T08:12:01+00:00 automatic update - - - - - 1 changed file: - data/CVE/list Changes: = data/CVE/list = @@ -1,3 +1,101 @@ +CVE-2024-9404 (Moxa\u2019s IP Cameras are affected by a medium-severity vulnerability ...) + TODO: check +CVE-2024-54664 (An issue was discovered in Veritas NetBackup before 10.5. This only ap ...) + TODO: check +CVE-2024-54661 (readline.sh in socat through 1.8.0.1 relies on the /tmp/$USER/stderr2 ...) + TODO: check +CVE-2024-54131 (The Kolide Agent (aka: Launcher) is the lightweight agent designed to ...) + TODO: check +CVE-2024-53672 (A vulnerability in the ClearPass Policy Manager web-based management i ...) + TODO: check +CVE-2024-53502 (Seecms v4.8 was discovered to contain a SQL injection vulnerability in ...) + TODO: check +CVE-2024-51773 (A vulnerability in the HPE Aruba Networking ClearPass Policy Manager w ...) + TODO: check +CVE-2024-51772 (An authenticated RCE vulnerability in the ClearPass Policy Manager web ...) + TODO: check +CVE-2024-51363 (Insecure deserialization in Hodoku v2.3.0 to v2.3.2 allows attackers t ...) + TODO: check +CVE-2024-46625 (An authenticated arbitrary file upload vulnerability in the /documentC ...) + TODO: check +CVE-2024-46624 (An issue in InfoDom Performa 365 v4.0.1 allows authenticated attackers ...) + TODO: check +CVE-2024-45757 (An issue was discovered in Centreon centreon-bam 24.04, 23.10, 23.04, ...) + TODO: check +CVE-2024-45717 (The SolarWinds Platform was susceptible to a XSS vulnerability that af ...) + TODO: check +CVE-2024-45207 (DLL injection in Veeam Agent for Windows can occur if the system's PAT ...) + TODO: check +CVE-2024-45206 (A vulnerability in Veeam Service Provider Console has been identified, ...) + TODO: check +CVE-2024-45205 (An Improper Certificate Validation on the UniFi iOS App managing a sta ...) + TODO: check +CVE-2024-45204 (A vulnerability exists where a low-privileged user can exploit insuffi ...) + TODO: check +CVE-2024-42457 (A vulnerability in Veeam Backup & Replication allows users with certai ...) + TODO: check +CVE-2024-42456 (A vulnerability in Veeam Backup & Replication platform allows a low-pr ...) + TODO: check +CVE-2024-42455 (A vulnerability in Veeam Backup & Replication allows a low-privileged ...) + TODO: check +CVE-2024-42453 (A vulnerability Veeam Backup & Replication allows low-privileged users ...) + TODO: check +CVE-2024-42452 (A vulnerability in Veeam Backup & Replication allows a low-privileged ...) + TODO: check +CVE-2024-42451 (A vulnerability in Veeam Backup & Replication allows low-privileged us ...) + TODO: check +CVE-2024-42449 (From the VSPC management agent machine, under condition that the manag ...) + TODO: check +CVE-2024-40717 (A vulnerability in Veeam Backup & Replication allows a low-privileged ...) + TODO: check +CVE-2024-40391 + REJECTED +CVE-2024-12123 (A hidden field manipulation vulnerability was identified in Issuetrak ...) + TODO: check +CVE-2024-12099 (The Dollie Hub \u2013 Build Your Own WordPress Cloud Platform plugin f ...) + TODO: check +CVE-2024-11985 (An improper input validation vulnerability leads to device crashes in ...) + TODO: check +CVE-2024-11903 (The WP eCards plugin for WordPress is vulnerable to Stored Cross-Site ...) + TODO: check +CVE-2024-11897 (The Contact Form, Survey & Form Builder \u2013 MightyForms plugin for ...) + TODO: check +CVE-2024-11813 (The Pulsating Chat Button plugin for WordPress is vulnerable to Cross- ...) + TODO: check +CVE-2024-11807 (The NPS computy plugin for WordPress is vulnerable to Reflected Cross- ...) + TODO: check +CVE-2024-11769 (The Flower Delivery by Florist One plugin for WordPress is vulnerable ...) + TODO: check +CVE-2024-11747 (The Responsive Videos plugin for WordPress is vulnerable to Stored Cro ...) + TODO: check +CVE-2024-11479 (A HTML Injection vulnerability was identified in Issuetrak version 17. ...) + TODO: check +CVE-2024-11466 (The Intro Tour Tutorial DeepPresentation plugin for WordPress is vulne ...) + TODO: check +CVE-2024-11398 (Improper limitation of a pathname to a restricted directory ('Path Tra ...) + TODO: check +CVE-2024-11293 (The Registration Forms \u2013 User Registration Forms, Invitation-Bas ...) + TODO: check +CVE-2024-11093 (The SG Helper plugin for WordPress is vulnerable to Stored Cross-Site ...) + TODO: check +CVE-2024-10952 (The The Authors List plugin for WordPress is vulnerable to arbitrary s ...) + TODO: check +CVE-2024-10885 (The SearchIQ \u2013 The Search Solution
[Git][security-tracker-team/security-tracker][master] automatic update
Salvatore Bonaccorso pushed to branch master at Debian Security Tracker / security-tracker Commits: 5d45f8b5 by security tracker role at 2024-12-03T20:12:27+00:00 automatic update - - - - - 1 changed file: - data/CVE/list Changes: = data/CVE/list = @@ -1,4 +1,94 @@ -CVE-2024-45106 +CVE-2024-9978 (in OpenHarmony v4.1.1 and prior versions allow a local attacker cause ...) + TODO: check +CVE-2024-54000 (Mobile Security Framework (MobSF) is a pen-testing, malware analysis a ...) + TODO: check +CVE-2024-53999 (Mobile Security Framework (MobSF) is a pen-testing, malware analysis a ...) + TODO: check +CVE-2024-53921 (An issue was discovered in the installer in Samsung Magician 8.1.0 on ...) + TODO: check +CVE-2024-53867 (Synapse is an open-source Matrix homeserver. The Sliding Sync feature ...) + TODO: check +CVE-2024-53863 (Synapse is an open-source Matrix homeserver. In Synapse versions befor ...) + TODO: check +CVE-2024-53257 (Vitess is a database clustering system for horizontal scaling of MySQL ...) + TODO: check +CVE-2024-52815 (Synapse is an open-source Matrix homeserver. Synapse versions before 1 ...) + TODO: check +CVE-2024-52805 (Synapse is an open-source Matrix homeserver. In Synapse before 1.120.1 ...) + TODO: check +CVE-2024-52548 (An attacker who can execute arbitrary Operating Systems commands, can ...) + TODO: check +CVE-2024-52547 (An authenticated attacker can trigger a stack based buffer overflow in ...) + TODO: check +CVE-2024-52546 (An unauthenticated attacker can perform a null pointer dereference in ...) + TODO: check +CVE-2024-52545 (An unauthenticated attacker can perform an out of bounds heap read in ...) + TODO: check +CVE-2024-52544 (An unauthenticated attacker can trigger a stack based buffer overflow ...) + TODO: check +CVE-2024-51771 (A vulnerability in the HPE Aruba Networking ClearPass Policy Manager w ...) + TODO: check +CVE-2024-51114 (An issue in Beijing Digital China Yunke Information Technology Co.Ltd ...) + TODO: check +CVE-2024-50948 (An issue in mochiMQTT v2.6.3 allows attackers to cause a Denial of Ser ...) + TODO: check +CVE-2024-48080 (An issue in aedes v0.51.2 allows attackers to cause a Denial of Servic ...) + TODO: check +CVE-2024-47476 (Dell NetWorker Management Console, version(s) 19.11, contain(s) an Imp ...) + TODO: check +CVE-2024-45676 (IBM Cognos Controller 11.0.0 and 11.0.1 could allow an authent ...) + TODO: check +CVE-2024-42422 (Dell NetWorker, version(s) 19.10, contain(s) an Authorization Bypass T ...) + TODO: check +CVE-2024-41777 (IBM Cognos Controller 11.0.0 and 11.0.1 contains hard-coded ...) + TODO: check +CVE-2024-41776 (IBM Cognos Controller 11.0.0 and 11.0.1 is vulnerable to c ...) + TODO: check +CVE-2024-41775 (IBM Cognos Controller 11.0.0 and 11.0.1uses weaker than expected crypt ...) + TODO: check +CVE-2024-40691 (IBM Cognos Controller 11.0.0 and 11.0.1 could be vulnerable to malic ...) + TODO: check +CVE-2024-37303 (Synapse is an open-source Matrix homeserver. Synapse before version 1. ...) + TODO: check +CVE-2024-37302 (Synapse is an open-source Matrix homeserver. Synapse versions before 1 ...) + TODO: check +CVE-2024-29404 (An issue in Razer Synapse 3 v.3.9.131.20813 and Synapse 3 App v.202402 ...) + TODO: check +CVE-2024-25036 (IBM Cognos Controller 11.0.0 and 11.0.1 could allow an authentic ...) + TODO: check +CVE-2024-25035 (IBM Cognos Controller 11.0.0 and 11.0.1 exposes server details tha ...) + TODO: check +CVE-2024-25020 (IBM Cognos Controller 11.0.0 and 11.0.1 is vulnerable to ...) + TODO: check +CVE-2024-25019 (IBM Cognos Controller 11.0.0 and 11.0.1 could be vulnerable to malic ...) + TODO: check +CVE-2024-12101 + REJECTED +CVE-2024-12082 (in OpenHarmony v4.0.0 and prior versions allow a local attacker cause ...) + TODO: check +CVE-2024-12062 (The Charity Addon for Elementor plugin for WordPress is vulnerable to ...) + TODO: check +CVE-2024-12053 (Type Confusion in V8 in Google Chrome prior to 131.0.6778.108 allowed ...) + TODO: check +CVE-2024-11866 (The BMLT Tabbed Map plugin for WordPress is vulnerable to Stored Cross ...) + TODO: check +CVE-2024-11844 (The IdeaPush plugin for WordPress is vulnerable to unauthorized modifi ...) + TODO: check +CVE-2024-11782 (The WP Mailster plugin for WordPress is vulnerable to Stored Cross-Sit ...) + TODO: check +CVE-2024-11391 (The Advanced File Manager plugin for WordPress is vulnerable to arbitr ...) + TODO: check +CVE-2024-11326 (The Campaign Monitor Forms by Optin Cat plugin for WordPress is vulner ...) + TODO: check +CVE-2024-11325 (The AWeber Forms by Opti
[Git][security-tracker-team/security-tracker][master] automatic update
Salvatore Bonaccorso pushed to branch master at Debian Security Tracker / security-tracker Commits: c0698e6d by security tracker role at 2024-12-03T08:12:01+00:00 automatic update - - - - - 1 changed file: - data/CVE/list Changes: = data/CVE/list = @@ -1,3 +1,85 @@ +CVE-2024-9694 (The CMSMasters Elementor Addon plugin for WordPress is vulnerable to S ...) + TODO: check +CVE-2024-9200 (A post-authentication command injection vulnerability in the "host" pa ...) + TODO: check +CVE-2024-9197 (A post-authentication buffer overflow vulnerability in the parameter " ...) + TODO: check +CVE-2024-9058 (The Element Pack Elementor Addons (Header Footer, Template Library, Dy ...) + TODO: check +CVE-2024-8748 (A buffer overflow vulnerability in the packet parser of the third-part ...) + TODO: check +CVE-2024-53989 (rails-html-sanitizer is responsible for sanitizing HTML fragments in R ...) + TODO: check +CVE-2024-53988 (rails-html-sanitizer is responsible for sanitizing HTML fragments in R ...) + TODO: check +CVE-2024-53987 (rails-html-sanitizer is responsible for sanitizing HTML fragments in R ...) + TODO: check +CVE-2024-53986 (rails-html-sanitizer is responsible for sanitizing HTML fragments in R ...) + TODO: check +CVE-2024-53985 (rails-html-sanitizer is responsible for sanitizing HTML fragments in R ...) + TODO: check +CVE-2024-53941 (An issue was discovered in Victure RX1800 WiFi 6 Router (software EN_V ...) + TODO: check +CVE-2024-53940 (An issue was discovered in Victure RX1800 WiFi 6 Router (software EN_V ...) + TODO: check +CVE-2024-53939 (An issue was discovered in Victure RX1800 WiFi 6 Router (software EN_V ...) + TODO: check +CVE-2024-53938 (An issue was discovered in Victure RX1800 WiFi 6 Router (software EN_V ...) + TODO: check +CVE-2024-53937 (An issue was discovered on Victure RX1800 WiFi 6 Router (software EN_V ...) + TODO: check +CVE-2024-53477 (JFinal CMS 5.1.0 is vulnerable to Command Execution via unauthorized e ...) + TODO: check +CVE-2024-53375 (Authenticated remote code execution (RCE) vulnerabilities affect TP-Li ...) + TODO: check +CVE-2024-49581 (Restricted Views backed objects (OSV1) could be bypassed under specifi ...) + TODO: check +CVE-2024-49421 (Path traversal in Quick Share Agent prior to version 3.5.14.47 in Andr ...) + TODO: check +CVE-2024-49420 (Improper handling of responses in GamingHub prior to version 6.1.04.6 ...) + TODO: check +CVE-2024-49419 (Insufficient verification of url authenticity in GamingHub prior to ve ...) + TODO: check +CVE-2024-49418 (Insufficient verification of url authenticity in GamingHub prior to ve ...) + TODO: check +CVE-2024-49417 (Use of implicit intent for sensitive communication in Smart Touch Call ...) + TODO: check +CVE-2024-49416 (Use of implicit intent for sensitive communication in SmartThings prio ...) + TODO: check +CVE-2024-49415 (Out-of-bound write in libsaped.so prior to SMR Dec-2024 Release 1 allo ...) + TODO: check +CVE-2024-49414 (Authentication Bypass Using an Alternate Path in Dex Mode prior to SMR ...) + TODO: check +CVE-2024-49413 (Improper Verification of Cryptographic Signature in SmartSwitch prior ...) + TODO: check +CVE-2024-49412 (Improper input validation in Settings prior to SMR Dec-2024 Release 1 ...) + TODO: check +CVE-2024-49411 (Path Traversal in ThemeCenter prior to SMR Dec-2024 Release 1 allows p ...) + TODO: check +CVE-2024-49410 (Out-of-bounds write in libswmfextractor.so prior to SMR Dec-2024 Relea ...) + TODO: check +CVE-2024-45068 (Authentication credentials leakage vulnerability in Hitachi Ops Center ...) + TODO: check +CVE-2024-39890 (An issue was discovered in Samsung Mobile Processor, Wearable Processo ...) + TODO: check +CVE-2024-11898 (The Scratch & Win \u2013 Giveaways and Contests. Boost subscribers, tr ...) + TODO: check +CVE-2024-11853 (The jAlbum Bridge plugin for WordPress is vulnerable to Stored Cross-S ...) + TODO: check +CVE-2024-11805 (The Quick License Manager \u2013 WooCommerce Plugin plugin for WordPre ...) + TODO: check +CVE-2024-11732 (The BP Profile Shortcodes Extra plugin for WordPress is vulnerable to ...) + TODO: check +CVE-2024-11707 (The My auctions allegro plugin for WordPress is vulnerable to Reflecte ...) + TODO: check +CVE-2024-11461 (The Form Data Collector plugin for WordPress is vulnerable to Reflecte ...) + TODO: check +CVE-2024-11453 (The WordPress Pinterest Plugin \u2013 Make a Popup, User Profile, Maso ...) + TODO: check +CVE-2024-10893 (The WP Booking Calendar WordPress plugin before 10.6.5 does not saniti ...) + TODO: check +CVE-2024-10484 (The Spectra \u2013 WordPress Gutenberg Blocks plugin for WordPress is ...)
[Git][security-tracker-team/security-tracker][master] automatic update
Salvatore Bonaccorso pushed to branch master at Debian Security Tracker / security-tracker Commits: 65cca1f1 by security tracker role at 2024-12-02T20:12:06+00:00 automatic update - - - - - 1 changed file: - data/CVE/list Changes: = data/CVE/list = @@ -1,89 +1,345 @@ -CVE-2024-53124 [net: fix data-races around sk->sk_forward_alloc] +CVE-2024-8785 (In WhatsUp Gold versions released before 2024.0.1, aremote unauthentic ...) + TODO: check +CVE-2024-5890 (ServiceNow has addressed an HTML injection vulnerability that was iden ...) + TODO: check +CVE-2024-53992 (unzip-bot is a Telegram bot to extract various types of archives. User ...) + TODO: check +CVE-2024-53990 (The AsyncHttpClient (AHC) library allows Java applications to easily e ...) + TODO: check +CVE-2024-53984 (Nanopb is a small code-size Protocol Buffers implementation. When the ...) + TODO: check +CVE-2024-53981 (python-multipart is a streaming multipart parser for Python. When pars ...) + TODO: check +CVE-2024-53900 (Mongoose before 8.8.3 can improperly use $where in match.) + TODO: check +CVE-2024-53862 (Argo Workflows is an open source container-native workflow engine for ...) + TODO: check +CVE-2024-53793 (Cross-Site Request Forgery (CSRF) vulnerability in eDoc Intelligence L ...) + TODO: check +CVE-2024-53792 (Improper Neutralization of Special Elements used in an SQL Command ('S ...) + TODO: check +CVE-2024-53789 (Cross-Site Request Forgery (CSRF) vulnerability in Ritesh Sanap Advanc ...) + TODO: check +CVE-2024-53784 (Missing Authorization vulnerability in E-goi Smart Marketing SMS and N ...) + TODO: check +CVE-2024-53782 (Cross-Site Request Forgery (CSRF) vulnerability in CMSaccount Photo Vi ...) + TODO: check +CVE-2024-53781 (Cross-Site Request Forgery (CSRF) vulnerability in Home Junction Spati ...) + TODO: check +CVE-2024-53780 (Cross-Site Request Forgery (CSRF) vulnerability in Rajeev Chauhan Load ...) + TODO: check +CVE-2024-53779 (Cross-Site Request Forgery (CSRF) vulnerability in Max Engel Yahoo! We ...) + TODO: check +CVE-2024-53777 (Cross-Site Request Forgery (CSRF) vulnerability in Alberto Reineri Sim ...) + TODO: check +CVE-2024-53776 (Cross-Site Request Forgery (CSRF) vulnerability in Raphael Heide Donat ...) + TODO: check +CVE-2024-53775 (Cross-Site Request Forgery (CSRF) vulnerability in TannerRitchie Web A ...) + TODO: check +CVE-2024-53770 (Cross-Site Request Forgery (CSRF) vulnerability in Peter MacIntyre Rin ...) + TODO: check +CVE-2024-53769 (Cross-Site Request Forgery (CSRF) vulnerability in Ludovic RIAUDEL Cus ...) + TODO: check +CVE-2024-53765 (Cross-Site Request Forgery (CSRF) vulnerability in Think201 Mins To Re ...) + TODO: check +CVE-2024-53762 (Cross-Site Request Forgery (CSRF) vulnerability in Faster Themes FastB ...) + TODO: check +CVE-2024-53761 (Cross-Site Request Forgery (CSRF) vulnerability in P. Roy WP Revisions ...) + TODO: check +CVE-2024-53759 (Improper Neutralization of Input During Web Page Generation ('Cross-si ...) + TODO: check +CVE-2024-53755 (Cross-Site Request Forgery (CSRF) vulnerability in Andrea Pernici Thir ...) + TODO: check +CVE-2024-53754 (Cross-Site Request Forgery (CSRF) vulnerability in Arrow Design Out Of ...) + TODO: check +CVE-2024-53753 (Cross-Site Request Forgery (CSRF) vulnerability in CultBooking CultBoo ...) + TODO: check +CVE-2024-53751 (Cross-Site Request Forgery (CSRF) vulnerability in Abdul Hakeem Build ...) + TODO: check +CVE-2024-53741 (Improper Neutralization of Input During Web Page Generation ('Cross-si ...) + TODO: check +CVE-2024-53740 (Improper Neutralization of Input During Web Page Generation ('Cross-si ...) + TODO: check +CVE-2024-53730 (Cross-Site Request Forgery (CSRF) vulnerability in Aaron Hodge Silver ...) + TODO: check +CVE-2024-53729 (Cross-Site Request Forgery (CSRF) vulnerability in Plumeria Web Design ...) + TODO: check +CVE-2024-53728 (Cross-Site Request Forgery (CSRF) vulnerability in SEO-K\xfcche Intern ...) + TODO: check +CVE-2024-53727 (Cross-Site Request Forgery (CSRF) vulnerability in LinkLaunder.com Lin ...) + TODO: check +CVE-2024-53726 (Cross-Site Request Forgery (CSRF) vulnerability in Realty Candy Realty ...) + TODO: check +CVE-2024-53725 (Cross-Site Request Forgery (CSRF) vulnerability in Script-Recipes Post ...) + TODO: check +CVE-2024-53724 (Cross-Site Request Forgery (CSRF) vulnerability in Ronny L. Bull IceSt ...) + TODO: check +CVE-2024-53723 (Cross-Site Request Forgery (CSRF) vulnerability in A.Cihangir BALTACI ...) + TODO: check +CVE-2024-53722 (Cross-Site Request Forgery (CSRF) vulnerability in Rockemmusic Favicon ...) + TODO: check +CVE-2024-53721 (Improper Neutralization
[Git][security-tracker-team/security-tracker][master] automatic update
Salvatore Bonaccorso pushed to branch master at Debian Security Tracker / security-tracker Commits: e4f498fa by security tracker role at 2024-12-02T08:12:02+00:00 automatic update - - - - - 1 changed file: - data/CVE/list Changes: = data/CVE/list = @@ -1,3 +1,65 @@ +CVE-2024-53752 (Improper Neutralization of Input During Web Page Generation ('Cross-si ...) + TODO: check +CVE-2024-53750 (Cross-Site Request Forgery (CSRF) vulnerability in Maeve Lander PayPal ...) + TODO: check +CVE-2024-53749 (Improper Neutralization of Input During Web Page Generation ('Cross-si ...) + TODO: check +CVE-2024-53748 (Improper Neutralization of Input During Web Page Generation ('Cross-si ...) + TODO: check +CVE-2024-53747 (Improper Neutralization of Input During Web Page Generation ('Cross-si ...) + TODO: check +CVE-2024-53746 (Improper Neutralization of Input During Web Page Generation ('Cross-si ...) + TODO: check +CVE-2024-53745 (Improper Neutralization of Input During Web Page Generation ('Cross-si ...) + TODO: check +CVE-2024-53744 (Improper Neutralization of Input During Web Page Generation ('Cross-si ...) + TODO: check +CVE-2024-53743 (Improper Neutralization of Input During Web Page Generation ('Cross-si ...) + TODO: check +CVE-2024-53742 (Improper Neutralization of Input During Web Page Generation ('Cross-si ...) + TODO: check +CVE-2024-53605 (Incorrect access control in the component content://com.handcent.messa ...) + TODO: check +CVE-2024-53104 (In the Linux kernel, the following vulnerability has been resolved: m ...) + TODO: check +CVE-2024-53103 (In the Linux kernel, the following vulnerability has been resolved: h ...) + TODO: check +CVE-2024-45520 (WithSecure Atlant (formerly F-Secure Atlant) 1.0.35-1 allows a remote ...) + TODO: check +CVE-2024-20139 (In Bluetooth firmware, there is a possible firmware asssert due to imp ...) + TODO: check +CVE-2024-20138 (In wlan driver, there is a possible out of bound read due to improper ...) + TODO: check +CVE-2024-20137 (In wlan driver, there is a possible client disconnection due to improp ...) + TODO: check +CVE-2024-20136 (In da, there is a possible out of bounds read due to a missing bounds ...) + TODO: check +CVE-2024-20135 (In soundtrigger, there is a possible out of bounds write due to a miss ...) + TODO: check +CVE-2024-20134 (In ril, there is a possible out of bounds write due to a missing bound ...) + TODO: check +CVE-2024-20133 (In Modem, there is a possible escalation of privilege due to an incorr ...) + TODO: check +CVE-2024-20132 (In Modem, there is a possible out of bonds write due to a mission boun ...) + TODO: check +CVE-2024-20131 (In Modem, there is a possible escalation of privilege due to an incorr ...) + TODO: check +CVE-2024-20130 (In power, there is a possible out of bounds write due to a missing bou ...) + TODO: check +CVE-2024-20129 (In Telephony, there is a possible out of bounds read due to a missing ...) + TODO: check +CVE-2024-20128 (In Telephony, there is a possible out of bounds read due to a missing ...) + TODO: check +CVE-2024-20127 (In Telephony, there is a possible out of bounds read due to a missing ...) + TODO: check +CVE-2024-20125 (In vdec, there is a possible out of bounds write due to a missing boun ...) + TODO: check +CVE-2024-20116 (In cmdq, there is a possible out of bounds read due to a missing bound ...) + TODO: check +CVE-2024-12007 (A vulnerability, which was classified as critical, was found in code-p ...) + TODO: check +CVE-2024-11856 (A security vulnerability in HPE IceWall products could be exploited re ...) + TODO: check CVE-2024-52596 - simplesamlphp NOTE: https://github.com/simplesamlphp/simplesamlphp/releases/tag/v2.3.4 View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/e4f498faf01803eb00795aa66f4d68e6ff6f3ba9 -- View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/e4f498faf01803eb00795aa66f4d68e6ff6f3ba9 You're receiving this email because of your account on salsa.debian.org. ___ debian-security-tracker-commits mailing list debian-security-tracker-commits@alioth-lists.debian.net https://alioth-lists.debian.net/cgi-bin/mailman/listinfo/debian-security-tracker-commits
[Git][security-tracker-team/security-tracker][master] automatic update
Salvatore Bonaccorso pushed to branch master at Debian Security Tracker / security-tracker Commits: 643bcc65 by security tracker role at 2024-12-01T08:12:05+00:00 automatic update - - - - - 1 changed file: - data/CVE/list Changes: = data/CVE/list = @@ -1,3 +1,43 @@ +CVE-2024-53788 (Improper Neutralization of Input During Web Page Generation ('Cross-si ...) + TODO: check +CVE-2024-53787 (Improper Neutralization of Input During Web Page Generation ('Cross-si ...) + TODO: check +CVE-2024-53786 (Improper Neutralization of Input During Web Page Generation ('Cross-si ...) + TODO: check +CVE-2024-53783 (Improper Neutralization of Special Elements used in an SQL Command ('S ...) + TODO: check +CVE-2024-53778 (Cross-Site Request Forgery (CSRF) vulnerability in Essential Marketer ...) + TODO: check +CVE-2024-53774 (Improper Neutralization of Input During Web Page Generation ('Cross-si ...) + TODO: check +CVE-2024-53773 (Improper Neutralization of Input During Web Page Generation ('Cross-si ...) + TODO: check +CVE-2024-53772 (Improper Neutralization of Input During Web Page Generation ('Cross-si ...) + TODO: check +CVE-2024-53771 (Improper Neutralization of Input During Web Page Generation ('Cross-si ...) + TODO: check +CVE-2024-53768 (Exposure of Sensitive System Information to an Unauthorized Control Sp ...) + TODO: check +CVE-2024-53767 (Improper Neutralization of Input During Web Page Generation ('Cross-si ...) + TODO: check +CVE-2024-53766 (Improper Neutralization of Input During Web Page Generation ('Cross-si ...) + TODO: check +CVE-2024-53764 (Improper Neutralization of Input During Web Page Generation ('Cross-si ...) + TODO: check +CVE-2024-53763 (Improper Neutralization of Input During Web Page Generation ('Cross-si ...) + TODO: check +CVE-2024-53760 (Improper Neutralization of Input During Web Page Generation ('Cross-si ...) + TODO: check +CVE-2024-53758 (Improper Neutralization of Input During Web Page Generation ('Cross-si ...) + TODO: check +CVE-2024-53757 (Improper Neutralization of Input During Web Page Generation ('Cross-si ...) + TODO: check +CVE-2024-53756 (Improper Neutralization of Input During Web Page Generation ('Cross-si ...) + TODO: check +CVE-2024-53739 (Improper Control of Filename for Include/Require Statement in PHP Prog ...) + TODO: check +CVE-2024-53738 (Server-Side Request Forgery (SSRF) vulnerability in Gabe Livan Asset C ...) + TODO: check CVE-2024-12002 (A vulnerability classified as problematic was found in Tenda FH451, FH ...) NOT-FOR-US: Tenda CVE-2024-12001 (A vulnerability classified as problematic has been found in code-proje ...) View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/643bcc65aa90607af64a838c2f33558a1bb6be33 -- View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/643bcc65aa90607af64a838c2f33558a1bb6be33 You're receiving this email because of your account on salsa.debian.org. ___ debian-security-tracker-commits mailing list debian-security-tracker-commits@alioth-lists.debian.net https://alioth-lists.debian.net/cgi-bin/mailman/listinfo/debian-security-tracker-commits
[Git][security-tracker-team/security-tracker][master] automatic update
Salvatore Bonaccorso pushed to branch master at Debian Security Tracker / security-tracker Commits: 94f12f02 by security tracker role at 2024-11-30T20:12:12+00:00 automatic update - - - - - 1 changed file: - data/CVE/list Changes: = data/CVE/list = @@ -1,3 +1,11 @@ +CVE-2024-12002 (A vulnerability classified as problematic was found in Tenda FH451, FH ...) + TODO: check +CVE-2024-12001 (A vulnerability classified as problematic has been found in code-proje ...) + TODO: check +CVE-2024-12000 (A vulnerability was found in code-projects Blood Bank System 1.0. It h ...) + TODO: check +CVE-2024-11998 (A vulnerability was found in code-projects Farmacia 1.0. It has been d ...) + TODO: check CVE-2024-54159 (stalld through 1.19.7 allows local users to cause a denial of service ...) NOT-FOR-US: stalld CVE-2024-53623 (Incorrect access control in the component l_0_0.xml of TP-Link ARCHER- ...) @@ -478,6 +486,7 @@ CVE-2024-54004 (Jenkins Filesystem List Parameter Plugin 0.0.14 and earlier does CVE-2024-5921 (An insufficient certification validation issue in the Palo Alto Networ ...) NOT-FOR-US: Palo Alto Networks CVE-2024-53849 (editorconfig-core-c is theEditorConfig core library written in C (fo ...) + {DLA-3978-1} - editorconfig-core 0.12.7-0.1 [bookworm] - editorconfig-core (Minor issue) NOTE: https://github.com/editorconfig/editorconfig-core-c/security/advisories/GHSA-475j-wc37-6274 @@ -3651,11 +3660,13 @@ CVE-2023-49952 (Mastodon 4.1.x before 4.1.17 and 4.2.x before 4.2.9 allows a byp CVE-2024-5030 (The CM Table Of Contents WordPress plugin before 1.2.3 does not have ...) NOT-FOR-US: WordPress plugin CVE-2024-52947 (A cross-site scripting (XSS) vulnerability in LemonLDAP::NG before 2.2 ...) + {DLA-3979-1} - lemonldap-ng 2.20.1+ds-1 [bookworm] - lemonldap-ng (Minor issue, will be fixed via spu) NOTE: https://gitlab.ow2.org/lemonldap-ng/lemonldap-ng/-/issues/3257 NOTE: Fixed by: https://gitlab.ow2.org/lemonldap-ng/lemonldap-ng/-/commit/600ba2c0b3d4bb0a4dd2eb9d8b612edcca8805dc (v2.20.1) CVE-2024-52946 (An issue was discovered in LemonLDAP::NG before 2.20.1. An Improper Ch ...) + {DLA-3979-1} - lemonldap-ng 2.20.1+ds-1 [bookworm] - lemonldap-ng (Minor issue, will be fixed via spu) NOTE: https://gitlab.ow2.org/lemonldap-ng/lemonldap-ng/-/issues/3255 @@ -15556,6 +15567,7 @@ CVE-2024-48942 (The Syracom Secure Login (2FA) plugin for Jira, Confluence, and CVE-2024-48941 (The Syracom Secure Login (2FA) plugin for Jira, Confluence, and Bitbuc ...) NOT-FOR-US: Jira plugin CVE-2024-48933 (A cross-site scripting (XSS) vulnerability in LemonLDAP::NG before 2.1 ...) + {DLA-3979-1} - lemonldap-ng 2.20.0+ds-1 (bug #1084979) [bookworm] - lemonldap-ng 2.16.1+ds-deb12u3 NOTE: https://gitlab.ow2.org/lemonldap-ng/lemonldap-ng/-/issues/3232 @@ -22676,6 +22688,7 @@ CVE-2024-7349 (The LifterLMS \u2013 WP LMS for eLearning, Online Courses, & Quiz CVE-2024-6792 (The WP ULike WordPress plugin before 4.7.2.1 does not properly saniti ...) NOT-FOR-US: WordPress plugin CVE-2024-45751 (tgt (aka Linux target framework) before 1.0.93 attempts to achieve ent ...) + {DLA-3976-1} - tgt 1:1.0.85-1.3 (bug #1081158) [bookworm] - tgt 1:1.0.85-1+deb12u1 NOTE: https://github.com/fujita/tgt/pull/67 @@ -24310,6 +24323,7 @@ CVE-2024-45048 (PHPSpreadsheet is a pure PHP library for reading and writing spr CVE-2024-45046 (PHPSpreadsheet is a pure PHP library for reading and writing spreadshe ...) NOT-FOR-US: PHPSpreadsheet CVE-2024-43700 (xfpt versions prior to 1.01 fails to handle appropriately some paramet ...) + {DLA-3977-1} - xfpt 1.00-3 (bug #1080219) [bookworm] - xfpt 0.11-1+deb12u1 NOTE: https://github.com/PhilipHazel/xfpt/commit/a690304bbd3fd19e9dfdad50dcc87ad829f744e4 @@ -150450,6 +150464,7 @@ CVE-2023-23699 (Auth. (contributor+) Stored Cross-Site Scripting (XSS) vulnerabi CVE-2023-0342 (MongoDB Ops Manager Diagnostics Archive may not redact sensitive PEM k ...) NOT-FOR-US: MongoDB Ops Manager Diagnostics Archive CVE-2023-0341 (A stack buffer overflow exists in the ec_glob function of editorconfig ...) + {DLA-3978-1} - editorconfig-core 0.12.6-0.1 [buster] - editorconfig-core (Minor issue) NOTE: https://github.com/editorconfig/editorconfig-core-c/pull/87 View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/94f12f02030d3b37dc00b8cc5257458915a4bc76 -- View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/94f12f02030d3b37dc00b8cc5257458915a4bc76 You're receiving this email because of your account on salsa.debian.org.
[Git][security-tracker-team/security-tracker][master] automatic update
Salvatore Bonaccorso pushed to branch master at Debian Security Tracker / security-tracker Commits: 15d2e145 by security tracker role at 2024-11-30T08:12:35+00:00 automatic update - - - - - 1 changed file: - data/CVE/list Changes: = data/CVE/list = @@ -1,3 +1,19 @@ +CVE-2024-54159 (stalld through 1.19.7 allows local users to cause a denial of service ...) + TODO: check +CVE-2024-53623 (Incorrect access control in the component l_0_0.xml of TP-Link ARCHER- ...) + TODO: check +CVE-2024-43703 (Software installed and run as a non-privileged user may conduct improp ...) + TODO: check +CVE-2024-43702 (Software installed and run as a non-privileged user may conduct improp ...) + TODO: check +CVE-2024-11997 (A vulnerability was found in code-projects Farmacia 1.0. It has been c ...) + TODO: check +CVE-2024-11996 (A vulnerability was found in code-projects Farmacia 1.0 and classified ...) + TODO: check +CVE-2024-11995 (A vulnerability has been found in code-projects Farmacia 1.0 and class ...) + TODO: check +CVE-2024-11252 (The Social Sharing Plugin \u2013 Sassy Social Share plugin for WordPre ...) + TODO: check CVE-2024-53983 (The Backstage Scaffolder plugin Houses types and utilities for buildin ...) NOT-FOR-US: Backstage Scaffolder plugin CVE-2024-53980 (RIOT is an open-source microcontroller operating system, designed to m ...) View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/15d2e14577c1fd65019ca7dd1f2eb319ee167fd0 -- View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/15d2e14577c1fd65019ca7dd1f2eb319ee167fd0 You're receiving this email because of your account on salsa.debian.org. ___ debian-security-tracker-commits mailing list debian-security-tracker-commits@alioth-lists.debian.net https://alioth-lists.debian.net/cgi-bin/mailman/listinfo/debian-security-tracker-commits
[Git][security-tracker-team/security-tracker][master] automatic update
Salvatore Bonaccorso pushed to branch master at Debian Security Tracker / security-tracker Commits: fc8e3358 by security tracker role at 2024-11-29T20:12:58+00:00 automatic update - - - - - 1 changed file: - data/CVE/list Changes: = data/CVE/list = @@ -1,3 +1,111 @@ +CVE-2024-53983 (The Backstage Scaffolder plugin Houses types and utilities for buildin ...) + TODO: check +CVE-2024-53980 (RIOT is an open-source microcontroller operating system, designed to m ...) + TODO: check +CVE-2024-53979 (ibm.ibm_zhmc is an Ansible collection for the IBM Z HMC. The Ansible c ...) + TODO: check +CVE-2024-53865 (zhmcclient is a pure Python client library for the IBM Z HMC Web Servi ...) + TODO: check +CVE-2024-53864 (Ibexa Admin UI Bundle is all the necessary parts to run the Ibexa DXP ...) + TODO: check +CVE-2024-53861 (pyjwt is a JSON Web Token implementation in Python. An incorrect strin ...) + TODO: check +CVE-2024-53848 (check-jsonschema is a CLI and set of pre-commit hooks for jsonschema v ...) + TODO: check +CVE-2024-53507 (A SQL injection vulnerability was discovered in Siyuan 3.1.11 in /getH ...) + TODO: check +CVE-2024-53506 (A SQL injection vulnerability has been identified in Siyuan 3.1.11 via ...) + TODO: check +CVE-2024-53505 (A SQL injection vulnerability has been identified in Siyuan 3.1.11 via ...) + TODO: check +CVE-2024-53504 (A SQL injection vulnerability has been identified in Siyuan 3.1.11 via ...) + TODO: check +CVE-2024-52810 (@intlify/shared is a shared library for the intlify project. The lates ...) + TODO: check +CVE-2024-52809 (vue-i18n is an internationalization plugin for Vue.js. In affected ve ...) + TODO: check +CVE-2024-52801 (sftpgo is a full-featured and highly configurable event-driven file tr ...) + TODO: check +CVE-2024-52800 (veraPDF is an open source PDF/A validation library. Executing policy c ...) + TODO: check +CVE-2024-52782 (DCME-320 <=7.4.12.90, DCME-520 <=9.25.5.11, DCME-320-L <=9.3.5.26, and ...) + TODO: check +CVE-2024-52781 (DCME-320 <=7.4.12.90, DCME-520 <=9.25.5.11, DCME-320-L <=9.3.5.26, and ...) + TODO: check +CVE-2024-52780 (DCME-320 <=7.4.12.90, DCME-520 <=9.25.5.11, DCME-320-L <=9.3.5.26, and ...) + TODO: check +CVE-2024-52779 (DCME-320 <=7.4.12.90, DCME-520 <=9.25.5.11, DCME-320-L <=9.3.5.26, and ...) + TODO: check +CVE-2024-52778 (DCME-320 <=7.4.12.90, DCME-520 <=9.25.5.11, DCME-320-L <=9.3.5.26, and ...) + TODO: check +CVE-2024-52777 (DCME-320 <=7.4.12.90, DCME-520 <=9.25.5.11, DCME-320-L, <=9.3.5.26, an ...) + TODO: check +CVE-2024-52003 (Traefik (pronounced traffic) is an HTTP reverse proxy and load balance ...) + TODO: check +CVE-2024-50357 (FutureNet NXR series routers provided by Century Systems Co., Ltd. hav ...) + TODO: check +CVE-2024-49806 (IBM Security Verify Access Appliance 10.0.0 through 10.0.8 contains ...) + TODO: check +CVE-2024-49805 (IBM Security Verify Access Appliance 10.0.0 through 10.0.8 contains ...) + TODO: check +CVE-2024-49804 (IBM Security Verify Access Appliance 10.0.0 through 10.0.8 could all ...) + TODO: check +CVE-2024-49803 (IBM Security Verify Access Appliance 10.0.0 through 10.0.8 could allow ...) + TODO: check +CVE-2024-49360 (Sandboxie is a sandbox-based isolation software for 32-bit and 64-bit ...) + TODO: check +CVE-2024-48406 (Buffer Overflow vulnerability in SunBK201 umicat through v.0.3.2 and f ...) + TODO: check +CVE-2024-47193 (WithSecure Elements Agent for Mac before 24.3, MDR before 24.3, and El ...) + TODO: check +CVE-2024-47094 (Insertion of Sensitive Information into Log File in Checkmk GmbH's Che ...) + TODO: check +CVE-2024-36671 (nodemcu before v3.0.0-release_20240225 was discovered to contain an in ...) + TODO: check +CVE-2024-36626 (In prestashop 8.1.4, a NULL pointer dereference was identified in the ...) + TODO: check +CVE-2024-36625 (Zulip 8.3 is vulnerable to Cross Site Scripting (XSS) via the replace_ ...) + TODO: check +CVE-2024-36624 (Zulip 8.3 is vulnerable to Cross Site Scripting (XSS) via the construc ...) + TODO: check +CVE-2024-36623 (moby v25.0.3 has a Race Condition vulnerability in the streamformatter ...) + TODO: check +CVE-2024-36622 (In RaspAP raspap-webgui 3.0.9 and earlier, a command injection vulnera ...) + TODO: check +CVE-2024-36621 (moby v25.0.5 is affected by a Race Condition in builder/builder-next/a ...) + TODO: check +CVE-2024-36620 (moby v25.0.0 - v26.0.2 is vulnerable to NULL Pointer Dereference via d ...) + TODO: check +CVE-2024-36619 (FFmpeg n6.1.1 has a vulnerability in the WAVARC decoder of the libavco ...) + TODO: check +CVE-2024-36618 (FFmpeg n6.1.1 has a vulnerability in the AVI demuxer of the libavforma
[Git][security-tracker-team/security-tracker][master] automatic update
Salvatore Bonaccorso pushed to branch master at Debian Security Tracker / security-tracker Commits: 9da99758 by security tracker role at 2024-11-29T08:12:33+00:00 automatic update - - - - - 1 changed file: - data/CVE/list Changes: = data/CVE/list = @@ -1,3 +1,51 @@ +CVE-2024-9852 (Uncontrolled Search Path Element vulnerability in ICONICS GENESIS64 al ...) + TODO: check +CVE-2024-9044 (A XML External Entity (XXE) vulnerability has been identified in Easy ...) + TODO: check +CVE-2024-8300 (Dead Code vulnerability in ICONICS GENESIS64 Version 10.97.2, 10.97.2 ...) + TODO: check +CVE-2024-8299 (Uncontrolled Search Path Element vulnerability in ICONICS GENESIS64 al ...) + TODO: check +CVE-2024-54124 (In Click Studios Passwordstate before build 9920, there is a potential ...) + TODO: check +CVE-2024-54123 (Backdrop CMS before 1.28.4 and 1.29.x before 1.29.2 allows XSS via an ...) + TODO: check +CVE-2024-53701 (Multiple FCNT Android devices provide the original security features s ...) + TODO: check +CVE-2024-45495 (MSA FieldServer Gateway 5.0.0 through 6.5.2 allows cross-origin WebSoc ...) + TODO: check +CVE-2024-39162 (pyspider through 0.3.10 allows /update XSS. NOTE: This vulnerability o ...) + TODO: check +CVE-2024-35451 (LinkStack 2.7.9 through 4.7.7 allows resources\views\components\favico ...) + TODO: check +CVE-2024-11983 (Certain models of routers from Billion Electric has an OS Command Inje ...) + TODO: check +CVE-2024-11982 (Certain models of routers from Billion Electric has a Plaintext Storag ...) + TODO: check +CVE-2024-11981 (Certain models of routers from Billion Electric has an Authentication ...) + TODO: check +CVE-2024-11980 (Certain modes of routers from Billion Electric have a Missing Authenti ...) + TODO: check +CVE-2024-11979 (DreamMaker from Interinfo has a Path Traversal vulnerability and does ...) + TODO: check +CVE-2024-11978 (DreamMaker from Interinfo has a Path Traversal vulnerability, allowing ...) + TODO: check +CVE-2024-11971 (A vulnerability classified as problematic was found in Guizhou Xiaoma ...) + TODO: check +CVE-2024-11970 (A vulnerability classified as critical has been found in code-projects ...) + TODO: check +CVE-2024-11482 (A vulnerability in ESM 11.6.10 allows unauthenticated access to the in ...) + TODO: check +CVE-2024-11481 (A vulnerability in ESM 11.6.10 allows unauthenticated access to the in ...) + TODO: check +CVE-2024-11014 (Cross-site request forgery (CSRF) vulnerability in NEC Corporation UNI ...) + TODO: check +CVE-2024-11013 (Command Injection vulnerability in NEC Corporation UNIVERGE IX from Ve ...) + TODO: check +CVE-2024-10980 (The Element Pack Elementor Addons (Header Footer, Template Library, Dy ...) + TODO: check +CVE-2024-10704 (The Photo Gallery by 10Web WordPress plugin before 1.8.31 does not sa ...) + TODO: check CVE-2024-9669 (The File Manager Pro \u2013 Filester plugin for WordPress is vulnerabl ...) NOT-FOR-US: WordPress plugin CVE-2024-8672 (The Widget Options \u2013 The #1 WordPress Widget & Block Control Plug ...) @@ -498,7 +546,7 @@ CVE-2024-10308 (The Jeg Elementor Kit plugin for WordPress is vulnerable to Stor NOT-FOR-US: WordPress plugin CVE-2024-10240 (An issue has been discovered in GitLab EE affecting all versions start ...) - gitlab (Vulnerable code introduced later) -CVE-2024-48651 [Supplemental group inheritance grants unintended access to GID 0 due to lack of supplemental groups from mod_sql] +CVE-2024-48651 (In ProFTPD through 1.3.8b before cec01cc, supplemental group inheritan ...) - proftpd-dfsg 1.3.8.b+dfsg-4 (bug #1082326) NOTE: https://github.com/proftpd/proftpd/issues/1830 NOTE: Fixed by: https://github.com/proftpd/proftpd/commit/cec01cc0a2523453e5da5a486bc6d977c3768db1 @@ -16200,6 +16248,7 @@ CVE-2024-31449 (Redis is an open source, in-memory database that persists on dis NOTE: https://github.com/valkey-io/valkey/pull/1114 NOTE: https://github.com/valkey-io/valkey/commit/4fbab5740bfef66918d6c2950dd2b3b4e07815a2 (8.0.1) CVE-2024-31228 (Redis is an open source, in-memory database that persists on disk. Aut ...) + {DLA-3973-1} - redis 5:7.0.15-2 (bug #1084805) - redict 7.3.1+ds-1 - valkey 8.0.1+dfsg1-1 @@ -194013,6 +194062,7 @@ CVE-2022-35978 (Minetest is a free open-source voxel game engine with easy moddi NOTE: https://github.com/minetest/minetest/security/advisories/GHSA-663q-pcjw-27cc NOTE: https://github.com/minetest/minetest/commit/da71e86633d0b27cd02d7aac9fdac625d141ca13 (5.6.0) CVE-2022-35977 (Redis is an in-memory database that persists on disk. Authenticated us ...) + {DLA-3973-1} - redis 5:7.0.8-1 [buster] - r
[Git][security-tracker-team/security-tracker][master] automatic update
Salvatore Bonaccorso pushed to branch master at Debian Security Tracker / security-tracker Commits: a1f1893d by security tracker role at 2024-11-28T20:12:24+00:00 automatic update - - - - - 1 changed file: - data/CVE/list Changes: = data/CVE/list = @@ -1,4 +1,116 @@ -CVE-2023-52922 [can: bcm: Fix UAF in bcm_proc_show()] +CVE-2024-9669 (The File Manager Pro \u2013 Filester plugin for WordPress is vulnerabl ...) + TODO: check +CVE-2024-8672 (The Widget Options \u2013 The #1 WordPress Widget & Block Control Plug ...) + TODO: check +CVE-2024-8308 (A low privileged remote attacker can insert a SQL injection inthe web ...) + TODO: check +CVE-2024-8066 (The File Manager Pro \u2013 Filester plugin for WordPress is vulnerabl ...) + TODO: check +CVE-2024-7747 (The Wallet for WooCommerce plugin for WordPress is vulnerable to incor ...) + TODO: check +CVE-2024-53737 (Improper Neutralization of Input During Web Page Generation ('Cross-si ...) + TODO: check +CVE-2024-53736 (Cross-Site Request Forgery (CSRF) vulnerability in Jason Grim Custom S ...) + TODO: check +CVE-2024-53734 (Cross-Site Request Forgery (CSRF) vulnerability in Idealien Studios Id ...) + TODO: check +CVE-2024-53733 (Improper Neutralization of Input During Web Page Generation ('Cross-si ...) + TODO: check +CVE-2024-53732 (Cross-Site Request Forgery (CSRF) vulnerability in WP WOX Footer Flyou ...) + TODO: check +CVE-2024-53731 (Improper Neutralization of Input During Web Page Generation ('Cross-si ...) + TODO: check +CVE-2024-52501 (Improper Control of Filename for Include/Require Statement in PHP Prog ...) + TODO: check +CVE-2024-52499 (Improper Control of Filename for Include/Require Statement in PHP Prog ...) + TODO: check +CVE-2024-52498 (Path Traversal: '.../...//' vulnerability in Softpulse Infotech SP Blo ...) + TODO: check +CVE-2024-52497 (Improper Control of Filename for Include/Require Statement in PHP Prog ...) + TODO: check +CVE-2024-52496 (Improper Control of Filename for Include/Require Statement in PHP Prog ...) + TODO: check +CVE-2024-52495 (Improper Neutralization of Special Elements used in an SQL Command ('S ...) + TODO: check +CVE-2024-52490 (Unrestricted Upload of File with Dangerous Type vulnerability in Patho ...) + TODO: check +CVE-2024-52481 (Improper Limitation of a Pathname to a Restricted Directory ('Path Tra ...) + TODO: check +CVE-2024-52475 (Authentication Bypass Using an Alternate Path or Channel vulnerability ...) + TODO: check +CVE-2024-52474 (Improper Neutralization of Special Elements used in an SQL Command ('S ...) + TODO: check +CVE-2024-52338 (Deserialization of untrusted data in IPC and Parquet readers in the Ap ...) + TODO: check +CVE-2024-52283 (Missing sanitation of inputs allowed arbitrary users to conduct a stor ...) + TODO: check +CVE-2024-49503 (A Improper Neutralization of Input During Web Page Generation (XSS or ...) + TODO: check +CVE-2024-49502 (A Improper Neutralization of Input During Web Page Generation (XSS or ...) + TODO: check +CVE-2024-22038 (Various problems in obs-scm-bridge allows attackers that create specia ...) + TODO: check +CVE-2024-22037 (The uyuni-server-attestation systemd service needs a database_password ...) + TODO: check +CVE-2024-11969 (The NetCloud Exchange client for Windows, version 1.110.50, contains a ...) + TODO: check +CVE-2024-11968 (A vulnerability was found in code-projects Farmacia up to 1.0. It has ...) + TODO: check +CVE-2024-11967 (A vulnerability was found in PHPGurukul Complaint Management system 1. ...) + TODO: check +CVE-2024-11966 (A vulnerability was found in PHPGurukul Complaint Management system 1. ...) + TODO: check +CVE-2024-11965 (A vulnerability has been found in PHPGurukul Complaint Management syst ...) + TODO: check +CVE-2024-11964 (A vulnerability, which was classified as critical, was found in PHPGur ...) + TODO: check +CVE-2024-11963 (A vulnerability, which was classified as critical, has been found in c ...) + TODO: check +CVE-2024-11962 (A vulnerability classified as critical was found in code-projects Simp ...) + TODO: check +CVE-2024-11961 (A vulnerability was found in Guangzhou Huayi Intelligent Technology Je ...) + TODO: check +CVE-2024-11960 (A vulnerability was found in D-Link DIR-605L 2.13B01. It has been decl ...) + TODO: check +CVE-2024-11959 (A vulnerability was found in D-Link DIR-605L 2.13B01. It has been clas ...) + TODO: check +CVE-2024-11788 (The StreamWeasels YouTube Integration plugin for WordPress is vulnerab ...) + TODO: check +CVE-2024-11786 (The Login with Vipps and MobilePay plugin for WordPress is vulnerable ...) + TODO: check +CVE-2024-11761 (The LegalWeb Cloud pl
[Git][security-tracker-team/security-tracker][master] automatic update
Salvatore Bonaccorso pushed to branch master at Debian Security Tracker / security-tracker Commits: 9f5f27fe by security tracker role at 2024-11-28T08:12:06+00:00 automatic update - - - - - 1 changed file: - data/CVE/list Changes: = data/CVE/list = @@ -1,3 +1,69 @@ +CVE-2024-53860 (sp-php-email-handler is a PHP package for handling contact form submis ...) + TODO: check +CVE-2024-53859 (go-gh is a Go module for interacting with the `gh` utility and the Git ...) + TODO: check +CVE-2024-53858 (The gh cli is GitHub\u2019s official command line tool. A security vul ...) + TODO: check +CVE-2024-53260 (Autolab is a course management service that enables auto-graded progra ...) + TODO: check +CVE-2024-53008 (Inconsistent interpretation of HTTP requests ('HTTP Request/Response S ...) + TODO: check +CVE-2024-46939 (The game extension engine of versions 1.2.7.0 and earlier exposes some ...) + TODO: check +CVE-2024-38658 (There is an Out-of-bounds read vulnerability in V-Server (v4.0.19.0 an ...) + TODO: check +CVE-2024-38389 (There is an Out-of-bounds read vulnerability in TELLUS (v4.0.19.0 and ...) + TODO: check +CVE-2024-38309 (There are multiple stack-based buffer overflow vulnerabilities in V-SF ...) + TODO: check +CVE-2024-36466 (A bug in the code allows an attacker to sign a forged zbx_session cook ...) + TODO: check +CVE-2024-11933 (Fuji Electric Monitouch V-SFT X1 File Parsing Heap-based Buffer Overfl ...) + TODO: check +CVE-2024-11925 (The JobSearch WP Job Board plugin for WordPress is vulnerable to privi ...) + TODO: check +CVE-2024-11918 (The Image Alt Text plugin for WordPress is vulnerable to unauthorized ...) + TODO: check +CVE-2024-11803 (Fuji Electric Tellus Lite V-Simulator 5 V8 File Parsing Out-Of-Bounds ...) + TODO: check +CVE-2024-11802 (Fuji Electric Tellus Lite V-Simulator 5 V8 File Parsing Stack-Based Bu ...) + TODO: check +CVE-2024-11801 (Fuji Electric Tellus Lite V-Simulator 5 V8 File Parsing Out-Of-Bounds ...) + TODO: check +CVE-2024-11800 (Fuji Electric Tellus Lite V-Simulator 5 V8 File Parsing Stack-based Bu ...) + TODO: check +CVE-2024-11799 (Fuji Electric Tellus Lite V-Simulator 5 V8 File Parsing Stack-based Bu ...) + TODO: check +CVE-2024-11798 (Fuji Electric Monitouch V-SFT X1 File Parsing Out-Of-Bounds Write Remo ...) + TODO: check +CVE-2024-11797 (Fuji Electric Monitouch V-SFT V8 File Parsing Out-Of-Bounds Write Remo ...) + TODO: check +CVE-2024-11796 (Fuji Electric Monitouch V-SFT V9C File Parsing Out-Of-Bounds Write Rem ...) + TODO: check +CVE-2024-11795 (Fuji Electric Monitouch V-SFT V8 File Parsing Stack-based Buffer Overf ...) + TODO: check +CVE-2024-11794 (Fuji Electric Monitouch V-SFT V10 File Parsing Out-Of-Bounds Write Rem ...) + TODO: check +CVE-2024-11793 (Fuji Electric Monitouch V-SFT V9C File Parsing Out-Of-Bounds Write Rem ...) + TODO: check +CVE-2024-11792 (Fuji Electric Monitouch V-SFT V8 File Parsing Stack-based Buffer Overf ...) + TODO: check +CVE-2024-11791 (Fuji Electric Monitouch V-SFT V8C File Parsing Stack-based Buffer Over ...) + TODO: check +CVE-2024-11790 (Fuji Electric Monitouch V-SFT V10 File Parsing Stack-based Buffer Over ...) + TODO: check +CVE-2024-11789 (Fuji Electric Monitouch V-SFT V10 File Parsing Stack-based Buffer Over ...) + TODO: check +CVE-2024-11787 (Fuji Electric Monitouch V-SFT V10 File Parsing Stack-based Buffer Over ...) + TODO: check +CVE-2024-10896 (The Logo Slider WordPress plugin before 4.5.0 does not sanitise and e ...) + TODO: check +CVE-2024-10510 (The adBuddy+ (AdBlocker Detection) by NetfunkDesign WordPress plugin t ...) + TODO: check +CVE-2024-10493 (The Element Pack Elementor Addons (Header Footer, Template Library, Dy ...) + TODO: check +CVE-2024-10473 (The Logo Slider WordPress plugin before 4.5.0 does not sanitise and e ...) + TODO: check CVE-2024-11738 - rust-rustls (Vulnerable code introduced later) NOTE: https://rustsec.org/advisories/RUSTSEC-2024-0399.html @@ -42178,16 +42244,19 @@ CVE-2024-38448 (htags in GNU Global through 6.6.12 allows code execution in situ CVE-2024-38443 (C/sorting/binary_insertion_sort.c in The Algorithms - C through e5dad3 ...) NOT-FOR-US: The Algorithms - C CVE-2024-38441 (Netatalk before 3.2.1 has an off-by-one error and resultant heap-based ...) + {DLA-3968-1} - netatalk 3.1.18~ds-2 (bug #1074475) NOTE: https://github.com/Netatalk/netatalk/issues/1098 NOTE: https://netatalk.io/security/CVE-2024-38441 NOTE: https://github.com/Netatalk/netatalk/commit/77b5d99007cfef4d73d76fd6f0c26584891608e5 (netatalk-3-2-1) CVE-2024-38440 (Netatalk before 3.2.1 has an off-by-one error, and resultant heap-base ...) + {D
[Git][security-tracker-team/security-tracker][master] automatic update
Salvatore Bonaccorso pushed to branch master at Debian Security Tracker / security-tracker Commits: a0cc68ef by security tracker role at 2024-11-27T20:12:17+00:00 automatic update - - - - - 1 changed file: - data/CVE/list Changes: = data/CVE/list = @@ -1,6 +1,76 @@ -CVE-2024-54003 +CVE-2024-53920 (In elisp-mode.el in GNU Emacs through 30.0.92, a user who chooses to i ...) + TODO: check +CVE-2024-53855 (Centurion ERP (Enterprise Rescource Planning) is a simple application ...) + TODO: check +CVE-2024-53635 (A Reflected Cross Site Scripting (XSS) vulnerability was found in /cov ...) + TODO: check +CVE-2024-53604 (A SQL Injection vulnerability was found in /covid-tms/check_availabili ...) + TODO: check +CVE-2024-53603 (A SQL Injection vulnerability was found in /covid-tms/password-recover ...) + TODO: check +CVE-2024-53264 (bunkerweb is an Open-source and next-generation Web Application Firewa ...) + TODO: check +CVE-2024-53254 + REJECTED +CVE-2024-52951 (Stored Cross-Site Scripting in the Access Request History in Omada Ide ...) + TODO: check +CVE-2024-52323 (ZohocorpManageEngine Analytics Plus versions below 6100 are vulnerable ...) + TODO: check +CVE-2024-51228 (An issue in TOTOLINK-CX-A3002RU V1.0.4-B20171106.1512 and TOTOLINK-CX- ...) + TODO: check +CVE-2024-47181 (Contiki-NG is an open-source, cross-platform operating system for IoT ...) + TODO: check +CVE-2024-46055 (OpenVidReview 1.0 is vulnerable to Cross Site Scripting (XSS) in revie ...) + TODO: check +CVE-2024-46054 (OpenVidReview 1.0 is vulnerable to Incorrect Access Control. The /uplo ...) + TODO: check +CVE-2024-42333 (The researcher is showing that it is possible to leak a small amount o ...) + TODO: check +CVE-2024-42332 (The researcher is showing that due to the way the SNMP trap log is par ...) + TODO: check +CVE-2024-42331 (In the src/libs/zbxembed/browser.c file, the es_browser_ctor method re ...) + TODO: check +CVE-2024-42330 (The HttpRequest object allows to get the HTTP headers from the server' ...) + TODO: check +CVE-2024-42329 (The webdriver for the Browser object expects an error object to be ini ...) + TODO: check +CVE-2024-42328 (When the webdriver for the Browser object downloads data from a HTTP s ...) + TODO: check +CVE-2024-42327 (A non-admin user account on the Zabbix frontend with the default User ...) + TODO: check +CVE-2024-42326 (There was discovered a use after free bug in browser.c in the es_brows ...) + TODO: check +CVE-2024-41126 (Contiki-NG is an open-source, cross-platform operating system for IoT ...) + TODO: check +CVE-2024-41125 (Contiki-NG is an open-source, cross-platform operating system for IoT ...) + TODO: check +CVE-2024-37816 (Quectel EC25-EUX EC25EUXGAR08A05M1G was discovered to contain a stack ...) + TODO: check +CVE-2024-36468 (The reported vulnerability is a stack buffer overflow in the zbx_snmp_ ...) + TODO: check +CVE-2024-36464 (When exporting media types, the password is exported in the YAML in pl ...) + TODO: check +CVE-2024-31976 (EnGenius EWS356-FIR 1.1.30 and earlier devices allow a remote attacker ...) + TODO: check +CVE-2024-21703 (This Medium severity Security Misconfiguration vulnerability was intro ...) + TODO: check +CVE-2024-11862 (Non constant time cryptographic operation in Devolutions.XTS.NET 2024. ...) + TODO: check +CVE-2024-11860 (A vulnerability classified as critical has been found in SourceCodeste ...) + TODO: check +CVE-2024-11667 (A directory traversal vulnerability in the web management interface of ...) + TODO: check +CVE-2024-11160 + REJECTED +CVE-2024-11025 (An authenticated attacker with low privileges may use a SQL Injection ...) + TODO: check +CVE-2024-11009 (The Internal Linking for SEO traffic & Ranking \u2013 Auto internal li ...) + TODO: check +CVE-2024-10521 (The WordPress Contact Forms by Cimatti plugin for WordPress is vulnera ...) + TODO: check +CVE-2024-54003 (Jenkins Simple Queue Plugin 1.4.4 and earlier does not escape the view ...) NOT-FOR-US: Jenkins plugin -CVE-2024-54004 +CVE-2024-54004 (Jenkins Filesystem List Parameter Plugin 0.0.14 and earlier does not r ...) NOT-FOR-US: Jenkins plugin CVE-2024-5921 (An insufficient certification validation issue in the Palo Alto Networ ...) NOT-FOR-US: Palo Alto Networks @@ -17,7 +87,7 @@ CVE-2024-53675 (An XML external entity injection (XXE) vulnerability in HPE Insi NOT-FOR-US: HPE CVE-2024-53674 (An XML external entity injection (XXE) vulnerability in HPE Insight Re ...) NOT-FOR-US: HPE -CVE-2024-53673 (A java deserialization vulnerability in HPE Remote Insight Support all ...) +CVE-2024-53673 (A java deserialization vulnerability in HPE Re
[Git][security-tracker-team/security-tracker][master] automatic update
Salvatore Bonaccorso pushed to branch master at Debian Security Tracker / security-tracker Commits: 431abe7c by security tracker role at 2024-11-27T08:12:14+00:00 automatic update - - - - - 1 changed file: - data/CVE/list Changes: = data/CVE/list = @@ -1,3 +1,49 @@ +CVE-2024-5921 (An insufficient certification validation issue in the Palo Alto Networ ...) + TODO: check +CVE-2024-53849 (editorconfig-core-c is theEditorConfig core library written in C (fo ...) + TODO: check +CVE-2024-53676 (A directory traversal vulnerability in Hewlett Packard Enterprise Insi ...) + TODO: check +CVE-2024-53675 (An XML external entity injection (XXE) vulnerability in HPE Insight Re ...) + TODO: check +CVE-2024-53674 (An XML external entity injection (XXE) vulnerability in HPE Insight Re ...) + TODO: check +CVE-2024-53673 (A java deserialization vulnerability in HPE Remote Insight Support all ...) + TODO: check +CVE-2024-52959 (A Improper Control of Generation of Code ('Code Injection') vulnerabil ...) + TODO: check +CVE-2024-52958 (A improper verification of cryptographic signature vulnerability in pl ...) + TODO: check +CVE-2024-50942 (qiwen-file v1.4.0 was discovered to contain a SQL injection vulnerabil ...) + TODO: check +CVE-2024-43784 (lakeFS is an open-source tool that transforms object storage into a Gi ...) + TODO: check +CVE-2024-36467 (An authenticated user with API access (e.g.: user with default User ro ...) + TODO: check +CVE-2024-11820 (A vulnerability, which was classified as problematic, has been found i ...) + TODO: check +CVE-2024-11819 (A vulnerability classified as critical was found in 1000 Projects Port ...) + TODO: check +CVE-2024-11818 (A vulnerability classified as critical has been found in PHPGurukul Us ...) + TODO: check +CVE-2024-11817 (A vulnerability was found in PHPGurukul User Registration & Login and ...) + TODO: check +CVE-2024-11745 (A vulnerability was found in Tenda AC8 16.03.34.09 and classified as c ...) + TODO: check +CVE-2024-11744 (A vulnerability has been found in 1000 Projects Portfolio Management S ...) + TODO: check +CVE-2024-11622 (An XML external entity injection (XXE) vulnerability in HPE Insight Re ...) + TODO: check +CVE-2024-11219 (The Otter Blocks \u2013 Gutenberg Blocks, Page Builder for Gutenberg E ...) + TODO: check +CVE-2024-11083 (The ProfilePress plugin for WordPress is vulnerable to Sensitive Infor ...) + TODO: check +CVE-2024-10895 (The Counter Up \u2013 Animated Number Counter & Milestone Showcase plu ...) + TODO: check +CVE-2024-10580 (The Hustle \u2013 Email Marketing, Lead Generation, Optins, Popups plu ...) + TODO: check +CVE-2024-10175 (The Pricing Tables For WPBakery Page Builder (formerly Visual Composer ...) + TODO: check CVE-2024-9929 (A vulnerability exists in NSD570 that allows any authenticated user to ...) NOT-FOR-US: Hitachi Energy CVE-2024-9928 (A vulnerability exists in NSD570 login panel that does not restrict ex ...) @@ -8632,7 +8678,7 @@ CVE-2024-10525 (In Eclipse Mosquitto, from version 1.3.2 through 2.0.18, if a ma CVE-2024-10456 (Delta Electronics InfraSuite Device Master versions prior to 1.0.12 ar ...) NOT-FOR-US: Delta Electronics CVE-2024-10573 (An out-of-bounds write flaw was found in mpg123 when handling crafted ...) - {DSA-5811-1} + {DSA-5811-1 DLA-3967-1} - mpg123 1.32.8-1 (bug #1086443) NOTE: https://www.openwall.com/lists/oss-security/2024/10/30/2 NOTE: https://sourceforge.net/p/mpg123/bugs/322/ @@ -13258,7 +13304,7 @@ CVE-2024-9444 (The ElementsReady Addons for Elementor plugin for WordPress is vu CVE-2024-9348 (Docker Desktop before v4.34.3 allows RCE via unsanitized GitHub source ...) NOT-FOR-US: Docker Desktop CVE-2024-9143 (Issue summary: Use of the low-level GF(2^m) elliptic curve APIs with u ...) - {DLA-3942-1} + {DLA-3942-2 DLA-3942-1} [experimental] - openssl 3.4.0-1 - openssl 3.3.2-2 (bug #1085378) [bookworm] - openssl 3.0.15-1~deb12u1 @@ -3,7 +38934,7 @@ CVE-2024-37370 (In MIT Kerberos 5 (aka krb5) before 1.21.3, an attacker can modi - krb5 1.21.3-1 NOTE: https://github.com/krb5/krb5/commit/55fbf435edbe2e92dd8101669b1ce7144bc96fef (krb5-1.21.3-final) CVE-2024-5535 (Issue summary: Calling the OpenSSL API function SSL_select_next_proto ...) - {DLA-3942-1} + {DLA-3942-2 DLA-3942-1} - openssl 3.3.2-1 (bug #1074487) [bookworm] - openssl 3.0.15-1~deb12u1 NOTE: https://www.openssl.org/news/secadv/20240627.txt @@ -47440,7 +47486,7 @@ CVE-2023-35949 (Multiple stack-based buffer overflow vulnerabilities exist in th NOTE: https://talosintelligence.com/vulnerability_reports/TALOS-2023-1784 NOTE: https
[Git][security-tracker-team/security-tracker][master] automatic update
Salvatore Bonaccorso pushed to branch master at Debian Security Tracker / security-tracker Commits: e1f5a10c by security tracker role at 2024-11-26T20:12:52+00:00 automatic update - - - - - 1 changed file: - data/CVE/list Changes: = data/CVE/list = @@ -1,101 +1,245 @@ +CVE-2024-9929 (A vulnerability exists in NSD570 that allows any authenticated user to ...) + TODO: check +CVE-2024-9928 (A vulnerability exists in NSD570 login panel that does not restrict ex ...) + TODO: check +CVE-2024-9461 (The Total Upkeep \u2013 WordPress Backup Plugin plus Restore & Migrate ...) + TODO: check +CVE-2024-9170 (The Booster for WooCommerce plugin for WordPress is vulnerable to Stor ...) + TODO: check +CVE-2024-8899 (The Jeg Elementor Kit plugin for WordPress is vulnerable to Sensitive ...) + TODO: check +CVE-2024-8676 (A vulnerability was found in CRI-O, where it can be requested to take ...) + TODO: check +CVE-2024-8237 (A Denial of Service (DoS) issue has been discovered in GitLab CE/EE af ...) + TODO: check +CVE-2024-8236 (The Elementor Website Builder \u2013 More than Just a Page Builder plu ...) + TODO: check +CVE-2024-8177 (An issue was discovered in GitLab CE/EE affecting all versions startin ...) + TODO: check +CVE-2024-8114 (An issue has been discovered in GitLab CE/EE affecting all versions fr ...) + TODO: check +CVE-2024-53976 (Under certain circumstances, navigating to a webpage would result in t ...) + TODO: check +CVE-2024-53975 (Accessing a non-secure HTTP site that uses a non-existent port may cau ...) + TODO: check +CVE-2024-53844 (E.D.D.I (Enhanced Dialog Driven Interface) is a middleware to connect ...) + TODO: check +CVE-2024-53620 (A cross-site scripting (XSS) vulnerability in the Article module of SP ...) + TODO: check +CVE-2024-53619 (An authenticated arbitrary file upload vulnerability in the Documents ...) + TODO: check +CVE-2024-53555 (A CSV injection vulnerability in Taiga v6.8.1 allows attackers to exec ...) + TODO: check +CVE-2024-53365 (A stored cross-site scripting (XSS) vulnerability was identified in PH ...) + TODO: check +CVE-2024-53267 (sigstore-java is a sigstore java client for interacting with sigstore ...) + TODO: check +CVE-2024-52337 (A log spoofing flaw was found in the Tuned package due to improper san ...) + TODO: check +CVE-2024-52336 (A script injection vulnerability was identified in the Tuned package. ...) + TODO: check +CVE-2024-52008 (Fides is an open-source privacy engineering platform. The user invite ...) + TODO: check +CVE-2024-51058 (Local File Inclusion (LFI) vulnerability has been discovered in TCPDF ...) + TODO: check +CVE-2024-50377 (A CWE-798 "Use of Hard-coded Credentials" was discovered affecting the ...) + TODO: check +CVE-2024-50376 (A CWE-79 "Improper Neutralization of Input During Web Page Generation ...) + TODO: check +CVE-2024-50375 (A CWE-306 "Missing Authentication for Critical Function" was discovere ...) + TODO: check +CVE-2024-50374 (A CWE-78 "Improper Neutralization of Special Elements used in an OS Co ...) + TODO: check +CVE-2024-50373 (A CWE-78 "Improper Neutralization of Special Elements used in an OS Co ...) + TODO: check +CVE-2024-50372 (A CWE-78 "Improper Neutralization of Special Elements used in an OS Co ...) + TODO: check +CVE-2024-50371 (A CWE-78 "Improper Neutralization of Special Elements used in an OS Co ...) + TODO: check +CVE-2024-50370 (A CWE-78 "Improper Neutralization of Special Elements used in an OS Co ...) + TODO: check +CVE-2024-50369 (A CWE-78 "Improper Neutralization of Special Elements used in an OS Co ...) + TODO: check +CVE-2024-50368 (A CWE-78 "Improper Neutralization of Special Elements used in an OS Co ...) + TODO: check +CVE-2024-50367 (A CWE-78 "Improper Neutralization of Special Elements used in an OS Co ...) + TODO: check +CVE-2024-50366 (A CWE-78 "Improper Neutralization of Special Elements used in an OS Co ...) + TODO: check +CVE-2024-50365 (A CWE-78 "Improper Neutralization of Special Elements used in an OS Co ...) + TODO: check +CVE-2024-50364 (A CWE-78 "Improper Neutralization of Special Elements used in an OS Co ...) + TODO: check +CVE-2024-50363 (A CWE-78 "Improper Neutralization of Special Elements used in an OS Co ...) + TODO: check +CVE-2024-50362 (A CWE-78 "Improper Neutralization of Special Elements used in an OS Co ...) + TODO: check +CVE-2024-50361 (A CWE-78 "Improper Neutralization of Special Elements used in an OS Co ...) + TODO: check +CVE-2024-50360 (A CWE-78 "Improper Neutralization of Special Elements used in an OS Co ...) + TODO: check +CVE-2024-50359 (A CWE-78 "Improper Neutralization of Special Elements used in an OS Co ...) +