[Git][security-tracker-team/security-tracker][master] automatic update

Salvatore Bonaccorso (@carnil) Fri, 25 Oct 2024 13:13:06 -0700


Salvatore Bonaccorso pushed to branch master at Debian Security Tracker / 
security-tracker



Commits:
311b15cd by security tracker role at 2024-10-25T20:12:46+00:00
automatic update

- - - - -


1 changed file:

- data/CVE/list


Changes:

=====================================
data/CVE/list
=====================================
@@ -1,3 +1,147 @@
+CVE-2024-9991 (This vulnerability exists in Philips lighting devices due to 
storage o ...)
+       TODO: check
+CVE-2024-9585 (The Image Map Pro plugin for WordPress is vulnerable to Stored 
Cross-S ...)
+       TODO: check
+CVE-2024-9584 (The Image Map Pro plugin for WordPress is vulnerable to 
unauthorized m ...)
+       TODO: check
+CVE-2024-8666 (The Shoutcast Icecast HTML5 Radio Player plugin for WordPress 
is vulne ...)
+       TODO: check
+CVE-2024-8036 (ABB is aware of privately reported vulnerabilities in the 
product vers ...)
+       TODO: check
+CVE-2024-49767 (Werkzeug is a Web Server Gateway Interface web application 
library. Ap ...)
+       TODO: check
+CVE-2024-49766 (Werkzeug is a Web Server Gateway Interface web application 
library. On ...)
+       TODO: check
+CVE-2024-49757 (The open-source identity infrastructure software Zitadel 
allows admini ...)
+       TODO: check
+CVE-2024-49753 (Zitadel is open-source identity infrastructure software. 
Versions prio ...)
+       TODO: check
+CVE-2024-49381 (Plenti, a static site generator, has an arbitrary file 
deletion vulner ...)
+       TODO: check
+CVE-2024-49380 (Plenti, a static site generator, has an arbitrary file write 
vulnerabi ...)
+       TODO: check
+CVE-2024-49378 (smartUp, a web browser mouse gestures extension, has a 
universal cross ...)
+       TODO: check
+CVE-2024-49376 (Autolab, a course management service that enables auto-graded 
programm ...)
+       TODO: check
+CVE-2024-48743 (Cross Site Scripting vulnerability in Sentry v.6.0.9 allows a 
remote a ...)
+       TODO: check
+CVE-2024-48700 (Kliqqi-CMS has a background arbitrary code execution 
vulnerability tha ...)
+       TODO: check
+CVE-2024-48655 (An issue in Total.js CMS v.1.0 allows a remote attacker to 
execute arb ...)
+       TODO: check
+CVE-2024-48654 (Cross Site Scripting vulnerability in Blood Bank v.1 allows a 
remote a ...)
+       TODO: check
+CVE-2024-48581 (File Upload vulnerability in Best courier management system in 
php v.1 ...)
+       TODO: check
+CVE-2024-48580 (SQL Injection vulnerability in Best courier management system 
in php v ...)
+       TODO: check
+CVE-2024-48579 (SQL Injection vulnerability in Best House rental management 
system pro ...)
+       TODO: check
+CVE-2024-48459 (A command execution vulnerability exists in the AX2 Pro home 
router pr ...)
+       TODO: check
+CVE-2024-48450 (An arbitrary file upload vulnerability in Huly Platform 
v0.6.295 allow ...)
+       TODO: check
+CVE-2024-48448 (An arbitrary file upload vulnerability in Huly Platform 
v0.6.295 allow ...)
+       TODO: check
+CVE-2024-48428 (An issue in Olive VLE allows an attacker to obtain sensitive 
informati ...)
+       TODO: check
+CVE-2024-48343 (A SQL Injection vulnerability in ESAFENET CDG 5 and earlier 
allows an  ...)
+       TODO: check
+CVE-2024-48204 (SQL injection vulnerability in Hanzhou Haobo network 
management system ...)
+       TODO: check
+CVE-2024-47483 (Dell Data Lakehouse, version(s) 1.0.0.0 and 1.1.0.0, 
contain(s) an Imp ...)
+       TODO: check
+CVE-2024-47481 (Dell Data Lakehouse, version(s) 1.0.0.0, 1.1.0., contain(s) an 
Imprope ...)
+       TODO: check
+CVE-2024-47041 (In valid_address of syscall.c, there is a possible out of 
bounds read  ...)
+       TODO: check
+CVE-2024-47035 (In vring_init of 
external/headers/include/virtio/virtio_ring.h, there  ...)
+       TODO: check
+CVE-2024-47034 (there is a possible out of bounds read due to a missing bounds 
check.  ...)
+       TODO: check
+CVE-2024-47033 (In lwis_allocator_free of lwis_allocator.c, there is a 
possible memory ...)
+       TODO: check
+CVE-2024-47031 (Android before 2024-10-05 on Google Pixel devices allows 
privilege esc ...)
+       TODO: check
+CVE-2024-47030 (Android before 2024-10-05 on Google Pixel devices allows 
information d ...)
+       TODO: check
+CVE-2024-47029 (In TrustySharedMemoryManager::GetSharedMemory of 
ondevice/trusty/trust ...)
+       TODO: check
+CVE-2024-47028 (In ffu_flash_pack of ffu.c, there is a possible out of bounds 
read due ...)
+       TODO: check
+CVE-2024-47027 (In sm_mem_compat_get_vmm_obj of lib/sm/shared_mem.c, there is 
a possib ...)
+       TODO: check
+CVE-2024-47026 (In gsc_gsa_rescue of gsc_gsa.c, there is a possible out of 
bounds read ...)
+       TODO: check
+CVE-2024-47025 (In ppmp_protect_buf of drm_fw.c, there is a possible 
information discl ...)
+       TODO: check
+CVE-2024-47024 (In vring_size of 
external/headers/include/virtio/virtio_ring.h, there  ...)
+       TODO: check
+CVE-2024-47023 (there is a possible man-in-the-middle attack due to a logic 
error in t ...)
+       TODO: check
+CVE-2024-47022 (Android before 2024-10-05 on Google Pixel devices allows 
information d ...)
+       TODO: check
+CVE-2024-47021 (In sms_ExtractCbLanguage of sms_CellBroadcast.c, there is a 
possible o ...)
+       TODO: check
+CVE-2024-47020 (Android before 2024-10-05 on Google Pixel devices allows 
information d ...)
+       TODO: check
+CVE-2024-47019 (In ProtocolEmbmsSaiListAdapter::Init() of 
protocolembmsadapter.cpp, th ...)
+       TODO: check
+CVE-2024-47018 (In pmucal_rae_handle_seq_int of flexpmu_cal_rae.c, there is a 
possible ...)
+       TODO: check
+CVE-2024-47017 (In ufshc_scsi_cmd of ufs.c, there is a possible stack variable 
use aft ...)
+       TODO: check
+CVE-2024-47016 (there is a possible privilege escalation due to an insecure 
default va ...)
+       TODO: check
+CVE-2024-47015 (In ProtocolMiscHwConfigChangeAdapter::GetData() of 
protocolmiscadapter ...)
+       TODO: check
+CVE-2024-47014 (Android before 2024-10-05 on Google Pixel devices allows 
privilege esc ...)
+       TODO: check
+CVE-2024-47013 (In pmucal_rae_handle_seq_int of flexpmu_cal_rae.c, there is a 
possible ...)
+       TODO: check
+CVE-2024-47012 (In mm_GetMobileIdIndexForNsUpdate of mm_GmmPduCodec.c, there 
is a poss ...)
+       TODO: check
+CVE-2024-44101 (there is a possible Null Pointer Dereference (modem crash) due 
to impr ...)
+       TODO: check
+CVE-2024-44100 (Android before 2024-10-05 on Google Pixel devices allows 
information d ...)
+       TODO: check
+CVE-2024-44099 (There is a possible Local bypass of user interaction due to an 
insecur ...)
+       TODO: check
+CVE-2024-44098 (In lwis_device_event_states_clear_locked of lwis_event.c, 
there is a p ...)
+       TODO: check
+CVE-2024-37847 (An arbitrary file upload vulnerability in MangoOS before 5.1.4 
and Man ...)
+       TODO: check
+CVE-2024-37846 (MangoOS before 5.2.0 was discovered to contain a Client-Side 
Template  ...)
+       TODO: check
+CVE-2024-37845 (MangoOS before 5.2.0 was discovered to contain an 
authenticated remote ...)
+       TODO: check
+CVE-2024-37844 (A stored cross-site scripting (XSS) vulnerability in MangoOS 
before 5. ...)
+       TODO: check
+CVE-2024-10387 (CVE-2024-10387 IMPACT    A Denial-of-Service vulnerability 
exists in t ...)
+       TODO: check
+CVE-2024-10386 (CVE-2024-10386 IMPACT    An authentication vulnerability 
exists in the ...)
+       TODO: check
+CVE-2024-10381 (This vulnerability exists in Matrix Door Controller Cosec Vega 
FAXQ du ...)
+       TODO: check
+CVE-2024-10380 (A vulnerability, which was classified as critical, has been 
found in S ...)
+       TODO: check
+CVE-2024-10379 (A vulnerability classified as problematic was found in 
ESAFENET CDG 5. ...)
+       TODO: check
+CVE-2024-10378 (A vulnerability classified as critical has been found in 
ESAFENET CDG  ...)
+       TODO: check
+CVE-2024-10377 (A vulnerability was found in ESAFENET CDG 5. It has been rated 
as crit ...)
+       TODO: check
+CVE-2024-10376 (A vulnerability was found in ESAFENET CDG 5. It has been 
declared as c ...)
+       TODO: check
+CVE-2024-10374 (The WP-Members Membership Plugin plugin for WordPress is 
vulnerable to ...)
+       TODO: check
+CVE-2024-10343 (The Beek Widget Extention plugin for WordPress is vulnerable 
to Stored ...)
+       TODO: check
+CVE-2024-10112 (The Simple News plugin for WordPress is vulnerable to Stored 
Cross-Sit ...)
+       TODO: check
+CVE-2024-10016 (The File Upload Types by WPForms plugin for WordPress is 
vulnerable to ...)
+       TODO: check
 CVE-2024-9686 (The Order Notification for Telegram plugin for WordPress is 
vulnerable ...)
        NOT-FOR-US: WordPress plugin
 CVE-2024-9630 (The WPS Telegram Chat plugin for WordPress is vulnerable to 
authorizat ...)
@@ -2339,7 +2483,7 @@ CVE-2024-47634 (Cross-Site Request Forgery (CSRF) 
vulnerability in Streamline.Lv
        NOT-FOR-US: WordPress plugin
 CVE-2024-47325 (Improper Neutralization of Special Elements used in an SQL 
Command ('S ...)
        NOT-FOR-US: WordPress plugin
-CVE-2024-44061 (Improper Neutralization of Script-Related HTML Tags in a Web 
Page (Bas ...)
+CVE-2024-44061 (: Improper Neutralization of Script-Related HTML Tags in a Web 
Page (B ...)
        NOT-FOR-US: WordPress plugin
 CVE-2024-44000 (Insufficiently Protected Credentials vulnerability in 
LiteSpeed Techno ...)
        NOT-FOR-US: WordPress plugin
@@ -3304,7 +3448,7 @@ CVE-2024-45085 (IBM WebSphere Application Server 8.5 is 
vulnerable to a denial o
 CVE-2024-44775 (An issue in kmqtt v0.2.7 allows attackers to cause a Denial of 
Service ...)
        NOT-FOR-US: kmqtt
 CVE-2024-41311 (In Libheif 1.17.6, insufficient checks in 
ImageOverlay::parse() decodi ...)
-       {DLA-3934-1}
+       {DSA-5796-1 DLA-3934-1}
        - libheif 1.18.1-1
        NOTE: https://github.com/strukturag/libheif/issues/1226
        NOTE: https://github.com/strukturag/libheif/pull/1227
@@ -3953,7 +4097,7 @@ CVE-2024-40616
        REJECTED
 CVE-2023-50780 (Apache ActiveMQ Artemis allows access to diagnostic 
information and co ...)
        NOT-FOR-US: Apache ActiveMQ Artemis
-CVE-2023-48082 (Nagios XI before 5.11.3 2024R1 was discovered to improperly 
handle API ...)
+CVE-2023-48082 (Nagios XI before 2024R1 was discovered to improperly handle 
API keys g ...)
        NOT-FOR-US: Nagios XI
 CVE-2023-45817
        REJECTED
@@ -21033,6 +21177,7 @@ CVE-2024-41817 (ImageMagick is a free and open-source 
software suite, used for e
        NOTE: 
https://github.com/ImageMagick/ImageMagick/security/advisories/GHSA-8rxc-922v-phg8
        NOTE: 
https://github.com/ImageMagick/ImageMagick/commit/6526a2b28510ead6a3e14de711bb991ad9abff38
 CVE-2024-41810 (Twisted is an event-based framework for internet applications, 
support ...)
+       {DSA-5797-1}
        - twisted 24.7.0-1 (bug #1077680)
        NOTE: 
https://github.com/twisted/twisted/security/advisories/GHSA-cf56-g6w6-pqq2
        NOTE: Merge commit: 
https://github.com/twisted/twisted/commit/046a164f89a0f08d3239ecebd750360f8914df33
 (twisted-24.7.0rc1)
@@ -21043,6 +21188,7 @@ CVE-2024-41726 (Path traversal vulnerability exists in 
SKYSEA Client View Ver.3.
 CVE-2024-41676 (Magento-lts is a long-term support alternative to Magento 
Community Ed ...)
        NOT-FOR-US: Magento LTS (alternative to Magento Community Edition)
 CVE-2024-41671 (Twisted is an event-based framework for internet applications, 
support ...)
+       {DSA-5797-1}
        - twisted 24.7.0-1 (bug #1077679)
        NOTE: 
https://github.com/twisted/twisted/security/advisories/GHSA-c8m8-j448-xjx7
        NOTE: 
https://github.com/twisted/twisted/commit/4a930de12fb67e88fefcb8822104152f42b27abc
 (twisted-24.7.0rc1)
@@ -85437,6 +85583,7 @@ CVE-2023-49463 (libheif v1.17.5 was discovered to 
contain a segmentation violati
        NOTE: 
https://github.com/strukturag/libheif/commit/26ec3953d46bb5756b97955661565bcbc6647abf
 (v1.17.6)
        NOTE: Crash in CLI tool, no security impact (only affects example tool 
shipped in libheif-examples)
 CVE-2023-49462 (libheif v1.17.5 was discovered to contain a segmentation 
violation via ...)
+       {DSA-5796-1}
        - libheif 1.17.6-1 (bug #1059151)
        [bullseye] - libheif <no-dsa> (Minor issue)
        [buster] - libheif <not-affected> (Vulnerable code not present)
@@ -92082,7 +92229,7 @@ CVE-2023-46852 (In Memcached before 1.6.22, a buffer 
overflow exists when proces
        [buster] - memcached <not-affected> (The vulnerable code was introduced 
later)
        NOTE: 
https://github.com/memcached/memcached/commit/76a6c363c18cfe7b6a1524ae64202ac9db330767
 (1.6.22)
 CVE-2023-46604 (The Java OpenWire protocol marshaller is vulnerable to Remote 
Code  Ex ...)
-       {DLA-3657-1}
+       {DLA-3936-1 DLA-3657-1}
        - activemq 5.17.6+dfsg-1 (bug #1054909)
        NOTE: 
https://activemq.apache.org/security-advisories.data/CVE-2023-46604-announcement.txt
        NOTE: http://www.openwall.com/lists/oss-security/2023/10/27/5
@@ -92372,6 +92519,7 @@ CVE-2023-46233 (crypto-js is a JavaScript library of 
crypto standards. Prior to
 CVE-2023-46232 (era-compiler-vyper is the EraVM Vyper compiler for zkSync Era, 
a layer ...)
        NOT-FOR-US: era-compiler-vyper
 CVE-2023-46137 (Twisted is an event-based framework for internet applications. 
Prior t ...)
+       {DSA-5797-1}
        - twisted 23.10.0-1 (bug #1054913)
        [bullseye] - twisted <no-dsa> (Minor issue)
        [buster] - twisted <no-dsa> (Minor issue)
@@ -92486,7 +92634,7 @@ CVE-2023-46525 (TP-LINK TL-WR886N 
V7.0_3.0.14_Build_221115_Rel.56908n.bin was di
        NOT-FOR-US: TP-LINK
 CVE-2023-46523 (TP-LINK TL-WR886N V7.0_3.0.14_Build_221115_Rel.56908n.bin was 
discover ...)
        NOT-FOR-US: TP-LINK
-CVE-2023-46522 (TP-LINK TL-WR886N V7.0_3.0.14_Build_221115_Rel.56908n.bin was 
discover ...)
+CVE-2023-46522 (TP-LINK device TL-WR886N 
V7.0_3.0.14_Build_221115_Rel.56908n.bin and T ...)
        NOT-FOR-US: TP-LINK
 CVE-2023-46521 (TP-LINK TL-WR886N V7.0_3.0.14_Build_221115_Rel.56908n.bin was 
discover ...)
        NOT-FOR-US: TP-LINK
@@ -120679,6 +120827,7 @@ CVE-2023-29661
 CVE-2023-29660
        RESERVED
 CVE-2023-29659 (A Segmentation fault caused by a floating point exception 
exists in li ...)
+       {DSA-5796-1}
        - libheif 1.16.2-1 (bug #1035607)
        [bullseye] - libheif <no-dsa> (Minor issue)
        [buster] - libheif <no-dsa> (Minor issue)
@@ -131612,8 +131761,8 @@ CVE-2023-26249 (Knot Resolver before 5.6.0 enables 
attackers to consume its reso
        [bullseye] - knot-resolver <no-dsa> (Minor issue)
        [buster] - knot-resolver <no-dsa> (Minor issue)
        NOTE: https://www.knot-resolver.cz/2023-01-26-knot-resolver-5.6.0.html
-CVE-2023-26248
-       RESERVED
+CVE-2023-26248 (The Kademlia DHT (go-libp2p-kad-dht 0.20.0 and earlier) used 
in IPFS ( ...)
+       TODO: check
 CVE-2023-26247
        RESERVED
 CVE-2023-26246 (An issue was discovered in the Hyundai Gen5W_L in-vehicle 
infotainment ...)
@@ -167773,6 +167922,7 @@ CVE-2022-41680 (Forma LMS on its 3.1.0 version and 
earlier is vulnerable to a SQ
 CVE-2022-41679 (Forma LMS version 3.1.0 and earlier are affected by an 
Cross-Site scri ...)
        NOT-FOR-US: Forma LMS
 CVE-2022-41678 (Once an user is authenticated on Jolokia, he can potentially 
trigger a ...)
+       {DLA-3936-1}
        - activemq 5.17.6+dfsg-1 (unimportant)
        NOTE: https://lists.apache.org/thread/7g17kwbtjl011mm4tr8bn1vnoq9wh4sl
        NOTE: 
https://activemq.apache.org/security-advisories.data/CVE-2022-41678-announcement.txt
@@ -199165,22 +199315,22 @@ CVE-2022-30363
        RESERVED
 CVE-2022-30362
        RESERVED
-CVE-2022-30361
-       RESERVED
-CVE-2022-30360
-       RESERVED
-CVE-2022-30359
-       RESERVED
-CVE-2022-30358
-       RESERVED
-CVE-2022-30357
-       RESERVED
-CVE-2022-30356
-       RESERVED
-CVE-2022-30355
-       RESERVED
-CVE-2022-30354
-       RESERVED
+CVE-2022-30361 (OvalEdge 5.2.8.0 and earlier is affected by a Sensitive Data 
Exposure  ...)
+       TODO: check
+CVE-2022-30360 (OvalEdge 5.2.8.0 and earlier is affected by multiple Stored 
XSS (AKA P ...)
+       TODO: check
+CVE-2022-30359 (OvalEdge 5.2.8.0 and earlier is affected by a Sensitive Data 
Exposure  ...)
+       TODO: check
+CVE-2022-30358 (OvalEdge 5.2.8.0 and earlier is affected by an Account 
Takeover vulner ...)
+       TODO: check
+CVE-2022-30357 (OvalEdge 5.2.8.0 and earlier is affected by an Account 
Takeover vulner ...)
+       TODO: check
+CVE-2022-30356 (OvalEdge 5.2.8.0 and earlier is affected by a Privilege 
Escalation vul ...)
+       TODO: check
+CVE-2022-30355 (OvalEdge 5.2.8.0 and earlier is affected by an Account 
Takeover vulner ...)
+       TODO: check
+CVE-2022-30354 (OvalEdge 5.2.8.0 and earlier is affected by a Sensitive Data 
Exposure  ...)
+       TODO: check
 CVE-2022-30353
        RESERVED
 CVE-2022-30352 (phpABook 0.9i is vulnerable to SQL Injection due to 
insufficient sanit ...)



View it on GitLab: 
https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/311b15cd6351b388e81338a1dc5c7cc69745e44e

-- 
View it on GitLab: 
https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/311b15cd6351b388e81338a1dc5c7cc69745e44e
You're receiving this email because of your account on salsa.debian.org.

_______________________________________________
debian-security-tracker-commits mailing list
debian-security-tracker-commits@alioth-lists.debian.net
https://alioth-lists.debian.net/cgi-bin/mailman/listinfo/debian-security-tracker-commits

[Git][security-tracker-team/security-tracker][master] automatic update

Reply via email to