Salvatore Bonaccorso pushed to branch master at Debian Security Tracker /
security-tracker
Commits:
96970a5b by security tracker role at 2024-12-07T20:12:07+00:00
automatic update
- - - - -
1 changed file:
- data/CVE/list
Changes:
=====================================
data/CVE/list
=====================================
@@ -1,3 +1,31 @@
+CVE-2024-47115 (IBM AIX 7.2, 7.3 and VIOS 3.1 and 4.1could allow a local user
to execu ...)
+ TODO: check
+CVE-2024-47107 (IBM QRadar SIEM 7.5 is vulnerable to stored cross-site
scripting. This ...)
+ TODO: check
+CVE-2024-41762 (IBM Db2 for Linux, UNIX and Windows (includes Db2 Connect
Server) 10.5 ...)
+ TODO: check
+CVE-2024-37071 (IBM Db2 for Linux, UNIX and Windows (includes Db2 Connect
Server) 10.5 ...)
+ TODO: check
+CVE-2024-12270 (The Beautiful taxonomy filters plugin for WordPress is
vulnerable to S ...)
+ TODO: check
+CVE-2024-12253 (The Simple Ecommerce Shopping Cart Plugin- Sell products
through Paypa ...)
+ TODO: check
+CVE-2024-12128 (The Simple Ecommerce Shopping Cart Plugin- Sell products
through Paypa ...)
+ TODO: check
+CVE-2024-11501 (The Gallery plugin for WordPress is vulnerable to PHP Object
Injection ...)
+ TODO: check
+CVE-2024-11464 (The Easy Code Snippets plugin for WordPress is vulnerable to
Reflected ...)
+ TODO: check
+CVE-2024-11457 (The Feedpress Generator \u2013 External RSS Frontend
Customizer plugin ...)
+ TODO: check
+CVE-2024-11380 (The Mini Program API plugin for WordPress is vulnerable to
Stored Cros ...)
+ TODO: check
+CVE-2024-11374 (The TWChat \u2013 Send or receive messages from users plugin
for WordP ...)
+ TODO: check
+CVE-2024-11367 (The Smoove connector for Elementor forms plugin for WordPress
is vulne ...)
+ TODO: check
+CVE-2024-11010 (The FileOrganizer \u2013 Manage WordPress and Website Files
plugin for ...)
+ TODO: check
CVE-2024-8679 (The Library Management System \u2013 Manage e-Digital Books
Library pl ...)
NOT-FOR-US: WordPress plugin
CVE-2024-7894 (The If Menu plugin for WordPress is vulnerable to unauthorized
modific ...)
@@ -2059,21 +2087,25 @@ CVE-2024-46055 (OpenVidReview 1.0 is vulnerable to
Cross Site Scripting (XSS) in
CVE-2024-46054 (OpenVidReview 1.0 is vulnerable to Incorrect Access Control.
The /uplo ...)
NOT-FOR-US: OpenVidReview
CVE-2024-42333 (The researcher is showing that it is possible to leak a small
amount o ...)
+ {DLA-3984-1}
- zabbix 1:7.0.5+dfsg-1 (bug #1088689)
NOTE: https://support.zabbix.com/browse/ZBX-25629
NOTE: Fixed by
https://github.com/zabbix/zabbix/commit/72d2ce61872fcbace8f8dfdabc0568c99980989d
(7.0.4rc1)
NOTE: Fixed by (merge commit)
https://github.com/zabbix/zabbix/commit/c4ea57b823cb6a4c2cb0796f500e862fbb6a46ea
(6.0.35rc1)
CVE-2024-42332 (The researcher is showing that due to the way the SNMP trap
log is par ...)
+ {DLA-3984-1}
- zabbix 1:7.0.5+dfsg-1 (bug #1088689)
NOTE: https://support.zabbix.com/browse/ZBX-25628
NOTE: Fixed by (merge commit):
https://github.com/zabbix/zabbix/commit/e2982fbe05fe0a232c3fd71f2a3426a0bf400f77
(7.0.5rc1)
NOTE: Fixed by (merge commit):
https://github.com/zabbix/zabbix/commit/c539a227623343187d9907186bce7c9c3bc57a52
(6.0.35rc1)
CVE-2024-42331 (In the src/libs/zbxembed/browser.c file, the es_browser_ctor
method re ...)
+ {DLA-3984-1}
- zabbix 1:7.0.5+dfsg-1 (bug #1088689)
NOTE: https://support.zabbix.com/browse/ZBX-25627
NOTE: Fixed by (merge commit):
https://github.com/zabbix/zabbix/commit/e1bcc14d49a779587b6f31dddaf1ccbba4008d20
(7.0.4rc1)
NOTE: and additionally
https://github.com/zabbix/zabbix/commit/e731ed95fda7572ebae5eaffaa70f41e8f897e0d
(7.0.4rc1)
CVE-2024-42330 (The HttpRequest object allows to get the HTTP headers from the
server' ...)
+ {DLA-3984-1}
- zabbix 1:7.0.5+dfsg-1 (bug #1088689)
NOTE: https://support.zabbix.com/browse/ZBX-25626
NOTE: Fixed by (merge commit):
https://github.com/zabbix/zabbix/commit/e82c5941242edc9f4a96e101caaf27e106f73f47
(7.0.4rc1)
@@ -2119,6 +2151,7 @@ CVE-2024-36468 (The reported vulnerability is a stack
buffer overflow in the zbx
NOTE: Fixed by (merge commit):
https://github.com/zabbix/zabbix/commit/c0dd17ac03c6cc5c7d830d1eee7e5b84243ea673
(7.0.3rc1)
NOTE: vulnerable function introduced with commit
https://github.com/zabbix/zabbix/commit/3850cd1cfea328baabafd26e56bc425ddff95eac
(7.0.0beta1)
CVE-2024-36464 (When exporting media types, the password is exported in the
YAML in pl ...)
+ {DLA-3984-1}
- zabbix <unfixed> (bug #1088689)
NOTE: https://support.zabbix.com/browse/ZBX-25630
NOTE: Despite upstream claiming fixed in 6.0.30rc1, can reproduce with
6.0.36 (package from upstream)
@@ -2172,6 +2205,7 @@ CVE-2024-50942 (qiwen-file v1.4.0 was discovered to
contain a SQL injection vuln
CVE-2024-43784 (lakeFS is an open-source tool that transforms object storage
into a Gi ...)
NOT-FOR-US: lakeFS
CVE-2024-36467 (An authenticated user with API access (e.g.: user with default
User ro ...)
+ {DLA-3909-1}
- zabbix 1:7.0.2+dfsg-1 (bug #1088689)
NOTE: https://support.zabbix.com/browse/ZBX-25614
NOTE: Fixed by:
https://github.com/zabbix/zabbix/commit/dabb5dd27aa979657a5bd6077716ce60951e1552
(7.0.2rc1)
@@ -2325,6 +2359,7 @@ CVE-2024-38831 (VMware Aria Operations contains a local
privilege escalation vul
CVE-2024-38830 (VMware Aria Operations contains a local privilege escalation
vulnerabi ...)
NOT-FOR-US: VMware
CVE-2024-36463 (The implementation of atob in "Zabbix JS" allows to create a
string wi ...)
+ {DLA-3909-1}
- zabbix 1:7.0.3+dfsg-1
NOTE: https://support.zabbix.com/browse/ZBX-25611
NOTE: Fixed by (merge commit):
https://github.com/zabbix/zabbix/commit/223a21567b659366396781429a8d87009600784a
(7.0.3rc1)
@@ -2334,6 +2369,7 @@ CVE-2024-36463 (The implementation of atob in "Zabbix JS"
allows to create a str
CVE-2024-32965 (Lobe Chat is an open-source, AI chat framework. Versions of
lobe-chat ...)
NOT-FOR-US: Lobe Chat
CVE-2024-22117 (When a URL is added to the map element, it is recorded in the
database ...)
+ {DLA-3909-1}
- zabbix 1:7.0.5+dfsg-1
NOTE: https://support.zabbix.com/browse/ZBX-25610
NOTE: Fixed by:
https://github.com/zabbix/zabbix/commit/bcf43da8eaaafc03e53845085f5b87d8c858ac81
(7.0.4rc1)
@@ -312136,7 +312172,7 @@ CVE-2020-35360
CVE-2020-35359 (Pure-FTPd 1.0.48 allows remote attackers to prevent legitimate
server ...)
NOTE: Bogus issue, can be configured using MaxClientsPerIP in
pure-ftpd.conf configuration file
CVE-2020-35357 (A buffer overflow can occur when calculating the quantile
value using ...)
- {DLA-3576-1}
+ {DLA-3985-1 DLA-3576-1}
- gsl 2.7.1+dfsg-6 (bug #1052655)
[bookworm] - gsl <no-dsa> (Minor issue)
NOTE: https://savannah.gnu.org/bugs/?59624
View it on GitLab:
https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/96970a5b98ad851b825c760726ffb4c3856ecddc
--
View it on GitLab:
https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/96970a5b98ad851b825c760726ffb4c3856ecddc
You're receiving this email because of your account on salsa.debian.org.
_______________________________________________
debian-security-tracker-commits mailing list
debian-security-tracker-commits@alioth-lists.debian.net
https://alioth-lists.debian.net/cgi-bin/mailman/listinfo/debian-security-tracker-commits
