Salvatore Bonaccorso pushed to branch master at Debian Security Tracker /
security-tracker
Commits:
8bfd6fe1 by Salvatore Bonaccorso at 2024-09-26T23:49:20+02:00
Track new mattermost-server CVEs
- - - - -
9752c31e by Salvatore Bonaccorso at 2024-09-26T23:49:22+02:00
Add CVE-2024-8118/grafana
- - - - -
52a2e7e9 by Salvatore Bonaccorso at 2024-09-26T23:49:24+02:00
Process some NFUs
- - - - -
8c3a6572 by Salvatore Bonaccorso at 2024-09-26T23:49:25+02:00
Add CVE-2024-46632/assimp
- - - - -
1 changed file:
- data/CVE/list
Changes:
=====================================
data/CVE/list
=====================================
@@ -35,17 +35,17 @@ CVE-2024-8633 (The Form Maker by 10Web \u2013
Mobile-Friendly Drag & Drop Contac
CVE-2024-8126 (The Advanced File Manager plugin for WordPress is vulnerable to
arbitr ...)
NOT-FOR-US: WordPress plugin
CVE-2024-8118 (In Grafana, the wrong permission is applied to the alert rule
write AP ...)
- TODO: check
+ - grafana <removed>
CVE-2024-7594 (Vault\u2019s SSH secrets engine did not require the
valid_principals l ...)
- TODO: check
+ NOT-FOR-US: HashiCorp Vault
CVE-2024-7259 (A flaw was found in oVirt. A user with administrator
privileges, inclu ...)
TODO: check
CVE-2024-7108 (Incorrect Authorization vulnerability in National Keep Cyber
Security ...)
- TODO: check
+ NOT-FOR-US: National Keep Cyber SecurityServices CyberMath
CVE-2024-7107 (Files or Directories Accessible to External Parties
vulnerability in N ...)
- TODO: check
+ NOT-FOR-US: National Keep Cyber Security Services CyberMath
CVE-2024-47337 (Missing Authorization vulnerability in Stuart Wilson Joy Of
Text Lite. ...)
- TODO: check
+ NOT-FOR-US: Stuart Wilson Joy Of Text Lite
CVE-2024-47197 (Exposure of Sensitive Information to an Unauthorized Actor,
Insecure S ...)
TODO: check
CVE-2024-47180 (Shields.io is a service for concise, consistent, and legible
badges in ...)
@@ -55,109 +55,110 @@ CVE-2024-47179 (RSSHub is an RSS network. Prior to commit
64e00e7, RSSHub's `doc
CVE-2024-47174 (Nix is a package manager for Linux and other Unix systems.
Starting in ...)
TODO: check
CVE-2024-47171 (Agnai is an artificial-intelligence-agnostic multi-user,
mult-bot role ...)
- TODO: check
+ NOT-FOR-US: Agnai
CVE-2024-47170 (Agnai is an artificial-intelligence-agnostic multi-user,
mult-bot role ...)
- TODO: check
+ NOT-FOR-US: Agnai
CVE-2024-47169 (Agnai is an artificial-intelligence-agnostic multi-user,
mult-bot role ...)
- TODO: check
+ NOT-FOR-US: Agnai
CVE-2024-47145 (Mattermost versions 9.5.x <= 9.5.8 fail to properly authorize
access t ...)
- TODO: check
+ - mattermost-server <itp> (bug #823556)
CVE-2024-47130 (The goTenna Pro series allows unauthenticated attackers to
remotely up ...)
- TODO: check
+ NOT-FOR-US: goTenna Pro
CVE-2024-47129 (The goTenna Pro has a payload length vulnerability that makes
it possi ...)
- TODO: check
+ NOT-FOR-US: goTenna Pro
CVE-2024-47128 (The goTenna Pro broadcast key name is always sent unencrypted
and coul ...)
- TODO: check
+ NOT-FOR-US: goTenna Pro
CVE-2024-47127 (In the goTenna Pro there is a vulnerability that makes it
possible to ...)
- TODO: check
+ NOT-FOR-US: goTenna Pro
CVE-2024-47126 (The goTenna Pro series does not use SecureRandom when
generating its c ...)
- TODO: check
+ NOT-FOR-US: goTenna Pro
CVE-2024-47125 (The goTenna Pro series does not authenticate public keys which
allows ...)
- TODO: check
+ NOT-FOR-US: goTenna Pro
CVE-2024-47124 (The goTenna pro series does not encrypt the callsigns of its
users. Th ...)
- TODO: check
+ NOT-FOR-US: goTenna Pro
CVE-2024-47123 (The goTenna Pro series use AES CTR mode for short, encrypted
messages ...)
- TODO: check
+ NOT-FOR-US: goTenna Pro
CVE-2024-47122 (In the goTenna Pro application, the encryption keys are stored
along w ...)
- TODO: check
+ NOT-FOR-US: goTenna Pro
CVE-2024-47121 (The goTenna Pro series uses a weak password for the QR
broadcast messa ...)
- TODO: check
+ NOT-FOR-US: goTenna Pro
CVE-2024-47075 (LayUI is a native minimalist modular Web UI component library.
Version ...)
TODO: check
CVE-2024-47044 (Multiple Home GateWay/Hikari Denwa routers provided by NIPPON
TELEGRAP ...)
- TODO: check
+ NOT-FOR-US: Home GateWay/Hikari Denwa routers
CVE-2024-47003 (Mattermost versions 9.11.x <= 9.11.0 and 9.5.x <= 9.5.8 fail
to valida ...)
- TODO: check
+ - mattermost-server <itp> (bug #823556)
CVE-2024-46632 (Assimp v5.4.3 is vulnerable to Buffer Overflow via the
MD5Importer::Lo ...)
- TODO: check
+ - assimp <unfixed>
+ NOTE: https://github.com/assimp/assimp/issues/5771
CVE-2024-46627 (Incorrect access control in BECN DATAGERRY v2.2 allows
attackers to ex ...)
- TODO: check
+ NOT-FOR-US: BECN DATAGERRY
CVE-2024-46330 (VONETS VAP11G-300 v3.3.23.6.9 was discovered to contain a
command inje ...)
- TODO: check
+ NOT-FOR-US: VONETS VAP11G-300
CVE-2024-46329 (VONETS VAP11G-300 v3.3.23.6.9 was discovered to contain a
command inje ...)
- TODO: check
+ NOT-FOR-US: VONETS VAP11G-300
CVE-2024-46328 (VONETS VAP11G-300 v3.3.23.6.9 was discovered to contain
hardcoded cred ...)
- TODO: check
+ NOT-FOR-US: VONETS VAP11G-300
CVE-2024-46327 (An issue in the Http_handle object of VONETS VAP11G-300
v3.3.23.6.9 al ...)
- TODO: check
+ NOT-FOR-US: VONETS VAP11G-300
CVE-2024-45989 (Monica AI Assistant desktop application v2.3.0 is vulnerable
to Exposu ...)
- TODO: check
+ NOT-FOR-US: Monica AI Assistant desktop application
CVE-2024-45987 (Projectworld Online Voting System Version 1.0 is vulnerable to
Cross S ...)
- TODO: check
+ NOT-FOR-US: Projectworld Online Voting System
CVE-2024-45985 (A Cross Site Scripting (XSS) vulnerability in
update_contact.php of Bl ...)
- TODO: check
+ NOT-FOR-US: Blood Bank and Donation Management System
CVE-2024-45984 (A Cross Site Scripting (XSS) vulnerability in add_donor.php of
Blood B ...)
- TODO: check
+ NOT-FOR-US: Blood Bank and Donation Management System
CVE-2024-45983 (A Cross-Site Request Forgery (CSRF) vulnerability exists in
kishan0725 ...)
- TODO: check
+ NOT-FOR-US: kishan0725's Hospital Management System
CVE-2024-45982 (A host header injection vulnerability in scheduleR v0.0.18
allows atta ...)
TODO: check
CVE-2024-45981 (A host header injection vulnerability in BookReviewLibrary 1.0
allows ...)
- TODO: check
+ NOT-FOR-US: BookReviewLibrary
CVE-2024-45980 (A host header injection vulnerability in MEANStore 1.0 allows
attacker ...)
- TODO: check
+ NOT-FOR-US: MEANStore
CVE-2024-45979 (A host header injection vulnerability in Lines Police CAD 1.0
allows a ...)
- TODO: check
+ NOT-FOR-US: Lines Police CAD
CVE-2024-45843 (Mattermost versions 9.5.x <= 9.5.8 fail to include themetadata
endpoin ...)
- TODO: check
+ - mattermost-server <itp> (bug #823556)
CVE-2024-45838 (The goTenna Pro ATAK Plugin does not encrypt the callsigns of
its user ...)
- TODO: check
+ NOT-FOR-US: goTenna Pro
CVE-2024-45723 (The goTenna Pro ATAK Plugin does not use SecureRandom when
generating ...)
- TODO: check
+ NOT-FOR-US: goTenna Pro
CVE-2024-45374 (In the goTenna Pro ATAK Plugin application, the encryption
keys are s ...)
- TODO: check
+ NOT-FOR-US: goTenna Pro
CVE-2024-45042 (Ory Kratos is an identity, user management and authentication
system f ...)
TODO: check
CVE-2024-44860 (An information disclosure vulnerability in the
/Letter/PrintQr/ endpoi ...)
- TODO: check
+ NOT-FOR-US: Solvait
CVE-2024-43814 (goTenna Pro ATAK Plugin by default enables frequent
unencrypted Posit ...)
- TODO: check
+ NOT-FOR-US: goTenna Pro
CVE-2024-43694 (In the goTenna Pro ATAK Plugin application, the encryption
keys are s ...)
- TODO: check
+ NOT-FOR-US: goTenna Pro
CVE-2024-43191 (IBM ManageIQ could allow a remote authenticated attacker to
execute ar ...)
- TODO: check
+ NOT-FOR-US: IBM
CVE-2024-43108 (The goTenna Pro ATAK Plugin use AES CTR mode for short,
encrypted mes ...)
- TODO: check
+ NOT-FOR-US: goTenna Pro
CVE-2024-42406 (Mattermost versions 9.11.x <= 9.11.0, 9.10.x <= 9.10.1, 9.9.x
<= 9.9.2 ...)
- TODO: check
+ - mattermost-server <itp> (bug #823556)
CVE-2024-41931 (The goTenna Pro ATAK Plugin broadcast key name is always sent
unencryp ...)
- TODO: check
+ NOT-FOR-US: goTenna Pro
CVE-2024-41722 (In the goTenna Pro ATAK Plugin there is a vulnerability that
makes it ...)
- TODO: check
+ NOT-FOR-US: goTenna Pro
CVE-2024-41715 (The goTenna Pro ATAK Plugin has a payload length vulnerability
that m ...)
- TODO: check
+ NOT-FOR-US: goTenna Pro
CVE-2024-41605 (An issue in Foxit Software Foxit PDF Reader v.2024.2.2.25170
allows a ...)
- TODO: check
+ NOT-FOR-US: Foxit PDF Reader
CVE-2024-39577 (Dell SmartFabric OS10 Software, versions 10.5.6.x, 10.5.5.x,
10.5.4.x, ...)
- TODO: check
+ NOT-FOR-US: Dell
CVE-2024-39319 (aimeos/ai-controller-frontend is the Aimeos frontend
controller packag ...)
- TODO: check
+ NOT-FOR-US: Aimeos frontend controller
CVE-2024-37125 (Dell SmartFabric OS10 Software, versions 10.5.6.x, 10.5.5.x,
10.5.4.x, ...)
- TODO: check
+ NOT-FOR-US: Dell
CVE-2024-31899 (IBM Cognos Command Center 10.2.4.1 and 10.2.5 could disclose
highly se ...)
NOT-FOR-US: IBM
CVE-2024-30134 (The HCL Traveler for Microsoft Outlook executable (HTMO.exe)
is being ...)
- TODO: check
+ NOT-FOR-US: HCL
CVE-2023-46175 (IBM Cloud Pak for Multicloud Management 2.3 through 2.3 FP8
stores use ...)
NOT-FOR-US: IBM
CVE-2024-47177
@@ -139915,7 +139916,7 @@ CVE-2023-0012 (In SAP Host Agent (Windows) - versions
7.21, 7.22, an attacker wh
CVE-2022-4542 (The Compact WP Audio Player WordPress plugin before 1.9.8 does
not val ...)
NOT-FOR-US: WordPress plugin
CVE-2022-4541 (The WordPress Visitors plugin for WordPress is vulnerable to
Stored Cr ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin
CVE-2022-4540
REJECTED
CVE-2022-4539 (The Web Application Firewall plugin for WordPress is vulnerable
to IP ...)
View it on GitLab:
https://salsa.debian.org/security-tracker-team/security-tracker/-/compare/5373c95798688a93bb6cc7d33a35b1926e09f705...8c3a65727d66795cdae9ede414dc7c57e8ae89dc
--
View it on GitLab:
https://salsa.debian.org/security-tracker-team/security-tracker/-/compare/5373c95798688a93bb6cc7d33a35b1926e09f705...8c3a65727d66795cdae9ede414dc7c57e8ae89dc
You're receiving this email because of your account on salsa.debian.org.
_______________________________________________
debian-security-tracker-commits mailing list
[email protected]
https://alioth-lists.debian.net/cgi-bin/mailman/listinfo/debian-security-tracker-commits
