Salvatore Bonaccorso pushed to branch master at Debian Security Tracker / security-tracker
Commits: 83ff3152 by security tracker role at 2024-11-22T20:12:11+00:00 automatic update - - - - - 1 changed file: - data/CVE/list Changes: ===================================== data/CVE/list ===================================== @@ -1,3 +1,117 @@ +CVE-2024-7882 (Improper Neutralization of Special Elements used in an SQL Command ('S ...) + TODO: check +CVE-2024-7837 (Improper Neutralization of Special Elements used in an SQL Command ('S ...) + TODO: check +CVE-2024-53438 (EventAttendance.php in ChurchCRM 5.7.0 is vulnerable to SQL injection. ...) + TODO: check +CVE-2024-53253 (Sentry is an error tracking and performance monitoring platform. Versi ...) + TODO: check +CVE-2024-52998 (Substance3D - Stager versions 3.0.2 and earlier are affected by an out ...) + TODO: check +CVE-2024-52814 (Argo Helm is a collection of community maintained charts for `argoproj ...) + TODO: check +CVE-2024-52804 (Tornado is a Python web framework and asynchronous networking library. ...) + TODO: check +CVE-2024-52802 (RIOT is an operating system for internet of things (IoT) devices. In v ...) + TODO: check +CVE-2024-52793 (The Deno Standard Library provides APIs for Deno and the Web. Prior to ...) + TODO: check +CVE-2024-52726 (CRMEB v5.4.0 is vulnerable to Arbitrary file read in the save_basics f ...) + TODO: check +CVE-2024-52723 (In TOTOLINK X6000R V9.4.0cu.1041_B20240224 in the shttpd file, the Uci ...) + TODO: check +CVE-2024-51766 (A potential security vulnerability has been identified in the HPE NonS ...) + TODO: check +CVE-2024-51074 (Incorrect access control in Instrument Cluster KIA Seltos Software v1. ...) + TODO: check +CVE-2024-51073 (An issue in Instrument Cluster KIA Seltos Software v1.0, Hardware v1.0 ...) + TODO: check +CVE-2024-51072 (An issue in Instrument Cluster KIA Seltos Software v1.0, Hardware v1.0 ...) + TODO: check +CVE-2024-50965 (Cross Site Scripting vulnerability in Public Knowledge Project PKP Pla ...) + TODO: check +CVE-2024-50657 (An issue in Owncloud android apk v.4.3.1 allows a physically proximate ...) + TODO: check +CVE-2024-50401 (A use of externally-controlled format string vulnerability has been re ...) + TODO: check +CVE-2024-50400 (A use of externally-controlled format string vulnerability has been re ...) + TODO: check +CVE-2024-50399 (A use of externally-controlled format string vulnerability has been re ...) + TODO: check +CVE-2024-50398 (A use of externally-controlled format string vulnerability has been re ...) + TODO: check +CVE-2024-50397 (A use of externally-controlled format string vulnerability has been re ...) + TODO: check +CVE-2024-50396 (A use of externally-controlled format string vulnerability has been re ...) + TODO: check +CVE-2024-50395 (An authorization bypass through user-controlled key vulnerability has ...) + TODO: check +CVE-2024-49054 (Microsoft Edge (Chromium-based) Spoofing Vulnerability) + TODO: check +CVE-2024-48862 (A link following vulnerability has been reported to affect QuLog Cente ...) + TODO: check +CVE-2024-48861 (An OS command injection vulnerability has been reported to affect seve ...) + TODO: check +CVE-2024-48860 (An OS command injection vulnerability has been reported to affect seve ...) + TODO: check +CVE-2024-47863 (An issue was discovered in Centreon Web through 24.10. A stored XSS wa ...) + TODO: check +CVE-2024-45719 (Inadequate Encryption Strength vulnerability in Apache Answer. This i ...) + TODO: check +CVE-2024-44786 (Incorrect access control in Meabilis CMS 1.0 allows attackers to acces ...) + TODO: check +CVE-2024-41781 (IBM PowerVM Platform KeyStore (IBM PowerVM Hypervisor FW950.00 through ...) + TODO: check +CVE-2024-41779 (IBM Engineering Systems Design Rhapsody - Model Manager 7.0.2 and 7.0. ...) + TODO: check +CVE-2024-38647 (An exposure of sensitive information vulnerability has been reported t ...) + TODO: check +CVE-2024-38646 (An incorrect permission assignment for critical resource vulnerability ...) + TODO: check +CVE-2024-38645 (A server-side request forgery (SSRF) vulnerability has been reported t ...) + TODO: check +CVE-2024-38644 (An OS command injection vulnerability has been reported to affect Note ...) + TODO: check +CVE-2024-38643 (A missing authentication for critical function vulnerability has been ...) + TODO: check +CVE-2024-37783 (A reflected cross-site scripting (XSS) vulnerability in Gladinet Centr ...) + TODO: check +CVE-2024-37782 (An LDAP injection vulnerability in the login page of Gladinet CentreSt ...) + TODO: check +CVE-2024-37050 (A buffer copy without checking size of input vulnerability has been re ...) + TODO: check +CVE-2024-37049 (A buffer copy without checking size of input vulnerability has been re ...) + TODO: check +CVE-2024-37048 (A NULL pointer dereference vulnerability has been reported to affect s ...) + TODO: check +CVE-2024-37047 (A buffer copy without checking size of input vulnerability has been re ...) + TODO: check +CVE-2024-37046 (A path traversal vulnerability has been reported to affect several QNA ...) + TODO: check +CVE-2024-37045 (A NULL pointer dereference vulnerability has been reported to affect s ...) + TODO: check +CVE-2024-37044 (A buffer copy without checking size of input vulnerability has been re ...) + TODO: check +CVE-2024-37043 (A path traversal vulnerability has been reported to affect several QNA ...) + TODO: check +CVE-2024-37042 (A NULL pointer dereference vulnerability has been reported to affect s ...) + TODO: check +CVE-2024-37041 (A buffer copy without checking size of input vulnerability has been re ...) + TODO: check +CVE-2024-32770 (A cross-site scripting (XSS) vulnerability has been reported to affect ...) + TODO: check +CVE-2024-32769 (A cross-site scripting (XSS) vulnerability has been reported to affect ...) + TODO: check +CVE-2024-32768 (A cross-site scripting (XSS) vulnerability has been reported to affect ...) + TODO: check +CVE-2024-32767 (A cross-site scripting (XSS) vulnerability has been reported to affect ...) + TODO: check +CVE-2024-11618 (A vulnerability classified as critical was found in IPC Unigy Manageme ...) + TODO: check +CVE-2024-10863 (: Insufficient Logging vulnerability in OpenText Secure Content Manage ...) + TODO: check +CVE-2024-10220 (The Kubernetes kubelet component allows arbitrary command execution vi ...) + TODO: check CVE-2024-9542 (The Sky Addons for Elementor plugin for WordPress is vulnerable to Sen ...) NOT-FOR-US: WordPress plugin CVE-2024-9422 (The GEO my WP WordPress plugin before 4.5, gmw-premium-settings WordPr ...) @@ -310,9 +424,9 @@ CVE-2024-51209 (Cross-Site Scripting (XSS) vulnerabilities in Anuj Kumar's Clien NOT-FOR-US: Anuj Kumar's Client Management System CVE-2024-51208 (File Upload vulnerability in change-image.php in Anuj Kumar's Boat Boo ...) NOT-FOR-US: Anuj Kumar's Boat Booking System -CVE-2024-51163 (Local File Inclusion vulnerability in Vegam Solutions Vegam 4i v.6.3.4 ...) +CVE-2024-51163 (A Local File Inclusion vulnerability in Vegam Solutions Vegam 4i versi ...) NOT-FOR-US: Vegam Solutions Vegam 4i -CVE-2024-51162 (An issue in Audimex EE v.15.1.20 and before allows a remote attacker t ...) +CVE-2024-51162 (An issue in Audimex EE versions 15.1.20 and earlier allowing a remote ...) NOT-FOR-US: Audimex EE CVE-2024-51151 (D-Link DI-8200 16.07.26A1 is vulnerable to remote command execution in ...) NOT-FOR-US: D-Link @@ -3440,7 +3554,7 @@ CVE-2024-47909 (A stack-based buffer overflow in Ivanti Connect Secure before ve NOT-FOR-US: Ivanti CVE-2024-47907 (A stack-based buffer overflow in IPsec of Ivanti Connect Secure before ...) NOT-FOR-US: Ivanti -CVE-2024-47906 (Excessive binary privileges in Ivanti Connect Secure which affects ver ...) +CVE-2024-47906 (Excessive binary privileges in Ivanti Connect Secure before version 22 ...) NOT-FOR-US: Ivanti CVE-2024-47905 (A stack-based buffer overflow in Ivanti Connect Secure before version ...) NOT-FOR-US: Ivanti @@ -3708,11 +3822,11 @@ CVE-2024-11122 (A vulnerability, which was classified as critical, has been foun NOT-FOR-US: Lingdang CRM CVE-2024-11121 (A vulnerability classified as critical was found in \u4e0a\u6d77\u7075 ...) NOT-FOR-US: Lingdang CRM -CVE-2024-11007 (Command injection in Ivanti Connect Secure before version 22.7R2.1 and ...) +CVE-2024-11007 (Command injection in Ivanti Connect Secure before version 22.7R2.1 (No ...) NOT-FOR-US: Ivanti -CVE-2024-11006 (Command injection in Ivanti Connect Secure before version 22.7R2.1 and ...) +CVE-2024-11006 (Command injection in Ivanti Connect Secure before version 22.7R2.1 (No ...) NOT-FOR-US: Ivanti -CVE-2024-11005 (Command injection in Ivanti Connect Secure before version 22.7R2.1 and ...) +CVE-2024-11005 (Command injection in Ivanti Connect Secure before version 22.7R2.1 (No ...) NOT-FOR-US: Ivanti CVE-2024-11004 (Reflected XSS in Ivanti Connect Secure before version 22.7R2.1 and Iva ...) NOT-FOR-US: Ivanti @@ -6123,13 +6237,13 @@ CVE-2024-51561 (This vulnerability exists in Aero due to improper implementation NOT-FOR-US: Aero CVE-2024-51560 (This vulnerability exists in the Wave 2.0due to improper exception han ...) NOT-FOR-US: Wave 2.0 -CVE-2024-51559 (This vulnerability exists in the Wave 2.0dueto missing authorization c ...) +CVE-2024-51559 (This vulnerability exists in the Wave 2.0 due to improper authorizatio ...) NOT-FOR-US: Wave 2.0 CVE-2024-51558 (This vulnerability exists in the Wave 2.0due to missing restrictions f ...) NOT-FOR-US: Wave 2.0 CVE-2024-51557 (This vulnerability exists in the Wave 2.0 due to missing rate limiting ...) NOT-FOR-US: Wave 2.0 -CVE-2024-51556 (This vulnerability exists in the Wave 2.0 due to weak encryption of se ...) +CVE-2024-51556 (This vulnerability exists in the Wave 2.0 due to insufficient encrypti ...) NOT-FOR-US: Wave 2.0 CVE-2024-51408 (AppSmith Community 1.8.3 before 1.46 allows SSRF via New DataSource fo ...) NOT-FOR-US: AppSmith Community @@ -7773,7 +7887,7 @@ CVE-2024-44301 (The issue was addressed with improved checks. This issue is fixe CVE-2024-44297 (The issue was addressed with improved bounds checks. This issue is fix ...) NOT-FOR-US: Apple CVE-2024-44296 (The issue was addressed with improved checks. This issue is fixed in t ...) - {DSA-5804-1} + {DSA-5804-1 DLA-3961-1} - webkit2gtk 2.46.3-1 [buster] - webkit2gtk <end-of-life> (EOL in buster LTS) - wpewebkit 2.46.3-1 @@ -7851,7 +7965,7 @@ CVE-2024-44251 (This issue was addressed through improved state management. This CVE-2024-44247 (The issue was addressed with improved checks. This issue is fixed in m ...) NOT-FOR-US: Apple CVE-2024-44244 (A memory corruption issue was addressed with improved input validation ...) - {DSA-5804-1} + {DSA-5804-1 DLA-3961-1} - webkit2gtk 2.46.3-1 [buster] - webkit2gtk <end-of-life> (EOL in buster LTS) - wpewebkit 2.46.3-1 @@ -8890,7 +9004,7 @@ CVE-2024-44206 (An issue in the handling of URL protocols was addressed with imp CVE-2024-44205 (A privacy issue was addressed with improved private data redaction for ...) NOT-FOR-US: Apple CVE-2024-44185 (The issue was addressed with improved checks. This issue is fixed in t ...) - {DSA-5792-1} + {DSA-5792-1 DLA-3961-1} - webkit2gtk 2.46.0-1 [buster] - webkit2gtk <end-of-life> (EOL in buster LTS) - wpewebkit 2.46.1-1 @@ -18305,7 +18419,7 @@ CVE-2024-44189 (The issue was addressed with improved checks. This issue is fixe CVE-2024-44188 (A permissions issue was addressed with additional restrictions. This i ...) NOT-FOR-US: Apple CVE-2024-44187 (A cross-origin issue existed with "iframe" elements. This was addresse ...) - {DSA-5792-1} + {DSA-5792-1 DLA-3961-1} - webkit2gtk 2.46.0-1 [buster] - webkit2gtk <end-of-life> (EOL in buster LTS) - wpewebkit 2.46.1-1 @@ -18397,7 +18511,7 @@ CVE-2024-44125 (The issue was addressed with improved checks. This issue is fixe CVE-2024-44124 (This issue was addressed through improved state management. This issue ...) NOT-FOR-US: Apple CVE-2024-40866 (The issue was addressed with improved UI. This issue is fixed in Safar ...) - {DSA-5792-1} + {DSA-5792-1 DLA-3961-1} - webkit2gtk 2.46.0-1 [buster] - webkit2gtk <end-of-life> (EOL in buster LTS) - wpewebkit 2.46.1-1 @@ -146326,10 +146440,10 @@ CVE-2023-24469 (Potential Cross-Site Scripting in ArcSight Logger versions prior NOT-FOR-US: ArcSight CVE-2023-24468 (Broken access control in Advanced Authentication versions prior to 6.4 ...) NOT-FOR-US: NetIQ -CVE-2023-24467 - RESERVED -CVE-2023-24466 - RESERVED +CVE-2023-24467 (Possible Command Injection in iManager GET parameter has been disco ...) + TODO: check +CVE-2023-24466 (Possible XML External Entity Injection in iManager GET parameter ha ...) + TODO: check CVE-2023-24020 (Snap One Wattbox WB-300-IP-3 versions WB10.9a17 and prior could bypass ...) NOT-FOR-US: Snap One Wattbox WB-300-IP-3 CVE-2023-23582 (Snap One Wattbox WB-300-IP-3 versions WB10.9a17 and prior are vulnerab ...) @@ -220213,8 +220327,8 @@ CVE-2022-26326 (Potential open redirection vulnerability when URL is crafted in NOT-FOR-US: NetIQ Access Manager CVE-2022-26325 (Reflected Cross Site Scripting (XSS) vulnerability in NetIQ Access Man ...) NOT-FOR-US: NetIQ Access Manager -CVE-2022-26324 - RESERVED +CVE-2022-26324 (Possible XSS in iManager URL for access Component has been discovered ...) + TODO: check CVE-2022-26323 RESERVED CVE-2022-26322 (Possible Insertion of Sensitive Information into Log File Vulnerabilit ...) @@ -260331,10 +260445,10 @@ CVE-2021-38136 (Corero SecureWatch Managed Services 9.7.2.0020 is affected by a NOT-FOR-US: Corero SecureWatch Managed Services CVE-2021-3688 (A flaw was found in Red Hat JBoss Core Services HTTP Server in all ver ...) NOT-FOR-US: Red Hat JBoss Core Services HTTP Server -CVE-2021-38135 - RESERVED -CVE-2021-38134 - RESERVED +CVE-2021-38135 (Possible External Service Interaction attack in iManager has been di ...) + TODO: check +CVE-2021-38134 (Possible XSS in iManager URL for access Component has been discovered ...) + TODO: check CVE-2021-38133 (Possible External Service Interaction attack in eDirectory has been ...) NOT-FOR-US: NetIQ CVE-2021-38132 (Possible External Service Interaction attack in eDirectory has been ...) @@ -260363,14 +260477,14 @@ CVE-2021-38121 (Insufficient or weak TLS protocol version identified in Advance NOT-FOR-US: NetIQ CVE-2021-38120 (A vulnerability identified in Advance Authentication that allows bash ...) NOT-FOR-US: NetIQ -CVE-2021-38119 - RESERVED -CVE-2021-38118 - RESERVED -CVE-2021-38117 - RESERVED -CVE-2021-38116 - RESERVED +CVE-2021-38119 (Possible Reflected Cross-Site Scripting (XSS) Vulnerability in iManag ...) + TODO: check +CVE-2021-38118 (Possible improper input validation Vulnerability in iManager has been ...) + TODO: check +CVE-2021-38117 (Possible Command injection Vulnerability in iManager has been discove ...) + TODO: check +CVE-2021-38116 (Possible Elevation of Privilege Vulnerability in iManager has been di ...) + TODO: check CVE-2021-38115 (read_header_tga in gd_tga.c in the GD Graphics Library (aka LibGD) thr ...) {DLA-3781-1} - libgd2 2.3.3-1 (bug #991912) @@ -280554,8 +280668,8 @@ CVE-2021-30301 (Possible denial of service due to out of memory while processing NOT-FOR-US: Qualcomm CVE-2021-30300 (Possible denial of service due to incorrectly decoding hex data for th ...) NOT-FOR-US: Qualcomm -CVE-2021-30299 - RESERVED +CVE-2021-30299 (Possible out of bound access in audio module due to lack of validation ...) + TODO: check CVE-2021-30298 (Possible out of bound access due to improper validation of item size a ...) NOT-FOR-US: Qualcomm components for Android CVE-2021-30297 (Possible out of bound read due to improper validation of packet length ...) @@ -523269,8 +523383,8 @@ CVE-2017-9713 RESERVED CVE-2017-9712 (In Android for MSM, Firefox OS for MSM, QRD Android, with all Android ...) NOT-FOR-US: Qualcomm components for Android -CVE-2017-9711 - RESERVED +CVE-2017-9711 (Certain unprivileged processes are able to perform IOCTL calls.) + TODO: check CVE-2017-9710 (In Android for MSM, Firefox OS for MSM, QRD Android, with all Android ...) NOT-FOR-US: Qualcomm components for Android CVE-2017-9709 (In Android for MSM, Firefox OS for MSM, QRD Android, with all Android ...) View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/83ff3152202c786a4b8d1e62fb23fcc1efaf2fbd -- View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/83ff3152202c786a4b8d1e62fb23fcc1efaf2fbd You're receiving this email because of your account on salsa.debian.org.
_______________________________________________ debian-security-tracker-commits mailing list debian-security-tracker-commits@alioth-lists.debian.net https://alioth-lists.debian.net/cgi-bin/mailman/listinfo/debian-security-tracker-commits