Salvatore Bonaccorso pushed to branch master at Debian Security Tracker /
security-tracker
Commits:
9da99758 by security tracker role at 2024-11-29T08:12:33+00:00
automatic update
- - - - -
1 changed file:
- data/CVE/list
Changes:
=====================================
data/CVE/list
=====================================
@@ -1,3 +1,51 @@
+CVE-2024-9852 (Uncontrolled Search Path Element vulnerability in ICONICS
GENESIS64 al ...)
+ TODO: check
+CVE-2024-9044 (A XML External Entity (XXE) vulnerability has been identified
in Easy ...)
+ TODO: check
+CVE-2024-8300 (Dead Code vulnerability in ICONICS GENESIS64 Version 10.97.2,
10.97.2 ...)
+ TODO: check
+CVE-2024-8299 (Uncontrolled Search Path Element vulnerability in ICONICS
GENESIS64 al ...)
+ TODO: check
+CVE-2024-54124 (In Click Studios Passwordstate before build 9920, there is a
potential ...)
+ TODO: check
+CVE-2024-54123 (Backdrop CMS before 1.28.4 and 1.29.x before 1.29.2 allows XSS
via an ...)
+ TODO: check
+CVE-2024-53701 (Multiple FCNT Android devices provide the original security
features s ...)
+ TODO: check
+CVE-2024-45495 (MSA FieldServer Gateway 5.0.0 through 6.5.2 allows
cross-origin WebSoc ...)
+ TODO: check
+CVE-2024-39162 (pyspider through 0.3.10 allows /update XSS. NOTE: This
vulnerability o ...)
+ TODO: check
+CVE-2024-35451 (LinkStack 2.7.9 through 4.7.7 allows
resources\views\components\favico ...)
+ TODO: check
+CVE-2024-11983 (Certain models of routers from Billion Electric has an OS
Command Inje ...)
+ TODO: check
+CVE-2024-11982 (Certain models of routers from Billion Electric has a
Plaintext Storag ...)
+ TODO: check
+CVE-2024-11981 (Certain models of routers from Billion Electric has an
Authentication ...)
+ TODO: check
+CVE-2024-11980 (Certain modes of routers from Billion Electric have a Missing
Authenti ...)
+ TODO: check
+CVE-2024-11979 (DreamMaker from Interinfo has a Path Traversal vulnerability
and does ...)
+ TODO: check
+CVE-2024-11978 (DreamMaker from Interinfo has a Path Traversal vulnerability,
allowing ...)
+ TODO: check
+CVE-2024-11971 (A vulnerability classified as problematic was found in Guizhou
Xiaoma ...)
+ TODO: check
+CVE-2024-11970 (A vulnerability classified as critical has been found in
code-projects ...)
+ TODO: check
+CVE-2024-11482 (A vulnerability in ESM 11.6.10 allows unauthenticated access
to the in ...)
+ TODO: check
+CVE-2024-11481 (A vulnerability in ESM 11.6.10 allows unauthenticated access
to the in ...)
+ TODO: check
+CVE-2024-11014 (Cross-site request forgery (CSRF) vulnerability in NEC
Corporation UNI ...)
+ TODO: check
+CVE-2024-11013 (Command Injection vulnerability in NEC Corporation UNIVERGE IX
from Ve ...)
+ TODO: check
+CVE-2024-10980 (The Element Pack Elementor Addons (Header Footer, Template
Library, Dy ...)
+ TODO: check
+CVE-2024-10704 (The Photo Gallery by 10Web WordPress plugin before 1.8.31
does not sa ...)
+ TODO: check
CVE-2024-9669 (The File Manager Pro \u2013 Filester plugin for WordPress is
vulnerabl ...)
NOT-FOR-US: WordPress plugin
CVE-2024-8672 (The Widget Options \u2013 The #1 WordPress Widget & Block
Control Plug ...)
@@ -498,7 +546,7 @@ CVE-2024-10308 (The Jeg Elementor Kit plugin for WordPress
is vulnerable to Stor
NOT-FOR-US: WordPress plugin
CVE-2024-10240 (An issue has been discovered in GitLab EE affecting all
versions start ...)
- gitlab <not-affected> (Vulnerable code introduced later)
-CVE-2024-48651 [Supplemental group inheritance grants unintended access to GID
0 due to lack of supplemental groups from mod_sql]
+CVE-2024-48651 (In ProFTPD through 1.3.8b before cec01cc, supplemental group
inheritan ...)
- proftpd-dfsg 1.3.8.b+dfsg-4 (bug #1082326)
NOTE: https://github.com/proftpd/proftpd/issues/1830
NOTE: Fixed by:
https://github.com/proftpd/proftpd/commit/cec01cc0a2523453e5da5a486bc6d977c3768db1
@@ -16200,6 +16248,7 @@ CVE-2024-31449 (Redis is an open source, in-memory
database that persists on dis
NOTE: https://github.com/valkey-io/valkey/pull/1114
NOTE:
https://github.com/valkey-io/valkey/commit/4fbab5740bfef66918d6c2950dd2b3b4e07815a2
(8.0.1)
CVE-2024-31228 (Redis is an open source, in-memory database that persists on
disk. Aut ...)
+ {DLA-3973-1}
- redis 5:7.0.15-2 (bug #1084805)
- redict 7.3.1+ds-1
- valkey 8.0.1+dfsg1-1
@@ -194013,6 +194062,7 @@ CVE-2022-35978 (Minetest is a free open-source voxel
game engine with easy moddi
NOTE:
https://github.com/minetest/minetest/security/advisories/GHSA-663q-pcjw-27cc
NOTE:
https://github.com/minetest/minetest/commit/da71e86633d0b27cd02d7aac9fdac625d141ca13
(5.6.0)
CVE-2022-35977 (Redis is an in-memory database that persists on disk.
Authenticated us ...)
+ {DLA-3973-1}
- redis 5:7.0.8-1
[buster] - redis <ignored> (Minor issue; requires authed user)
NOTE:
https://github.com/redis/redis/commit/6c25c6b7da116e110e89a5db45eeae743879e7ea
(7.0.8)
View it on GitLab:
https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/9da99758c323ae74b55bdf1885b3df96658e7412
--
View it on GitLab:
https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/9da99758c323ae74b55bdf1885b3df96658e7412
You're receiving this email because of your account on salsa.debian.org.
_______________________________________________
debian-security-tracker-commits mailing list
debian-security-tracker-commits@alioth-lists.debian.net
https://alioth-lists.debian.net/cgi-bin/mailman/listinfo/debian-security-tracker-commits
