Salvatore Bonaccorso pushed to branch master at Debian Security Tracker / security-tracker
Commits: 58fed669 by security tracker role at 2024-12-19T20:12:16+00:00 automatic update - - - - - 1 changed file: - data/CVE/list Changes: ===================================== data/CVE/list ===================================== @@ -1,7 +1,95 @@ -CVE-2024-9102 +CVE-2024-9154 (A code injection vulnerability in HMS Networks Ewon Flexy 205 allows e ...) + TODO: check +CVE-2024-7139 (Due to an unchecked buffer length, a specially crafted L2CAP packet ca ...) + TODO: check +CVE-2024-7138 (An assert may be triggered, causing a temporary denial of service when ...) + TODO: check +CVE-2024-7137 (The L2CAP receive data buffer for L2CAP packets is restricted to packe ...) + TODO: check +CVE-2024-56200 (Altair is a fork of Misskey v12. Affected versions lack of request val ...) + TODO: check +CVE-2024-56159 (Astro is a web framework for content-driven websites. A bug in the bui ...) + TODO: check +CVE-2024-55196 (Insufficiently Protected Credentials in the Mail Server Configuration ...) + TODO: check +CVE-2024-55082 (A Server-Side Request Forgery (SSRF) in the endpoint http://{your-serv ...) + TODO: check +CVE-2024-55081 (An XML External Entity (XXE) injection vulnerability in the component ...) + TODO: check +CVE-2024-54790 (A SQL Injection vulnerability was found in /index.php in PHPGurukul Pr ...) + TODO: check +CVE-2024-54150 (cjwt is a C JSON Web Token (JWT) Implementation. Algorithm confusion o ...) + TODO: check +CVE-2024-53991 (Discourse is an open source platform for community discussion. This vu ...) + TODO: check +CVE-2024-52897 (IBM MQ Appliance 9.3 LTS, 9.3 CD, and 9.4 LTSweb console could allow a ...) + TODO: check +CVE-2024-52896 (IBM MQ Appliance 9.3 LTS, 9.3 CD, 9.4 LTS, and 9.4 CD web console coul ...) + TODO: check +CVE-2024-52794 (Discourse is an open source platform for community discussion. Users c ...) + TODO: check +CVE-2024-52589 (Discourse is an open source platform for community discussion. Moderat ...) + TODO: check +CVE-2024-51471 (IBM MQ Appliance 9.3 LTS, 9.3 CD, and 9.4 LTSweb console could allow a ...) + TODO: check +CVE-2024-49765 (Discourse is an open source platform for community discussion. Sites t ...) + TODO: check +CVE-2024-49336 (IBM Security Guardium 11.5 is vulnerable to server-side request forger ...) + TODO: check +CVE-2024-47093 (Improper neutralization of input in Nagvis before version 1.9.42 which ...) + TODO: check +CVE-2024-38864 (Incorrect permissions on the Checkmk Windows Agent's data directory in ...) + TODO: check +CVE-2024-37962 (Improper Neutralization of Input During Web Page Generation ('Cross-si ...) + TODO: check +CVE-2024-12801 (Server-Side Request Forgery (SSRF) in SaxEventRecorder by QOS.CH logba ...) + TODO: check +CVE-2024-12798 (ACE vulnerability in JaninoEventEvaluator by QOS.CH logback-core ...) + TODO: check +CVE-2024-12794 (A vulnerability, which was classified as critical, was found in Codezi ...) + TODO: check +CVE-2024-12793 (A vulnerability, which was classified as problematic, has been found i ...) + TODO: check +CVE-2024-12792 (A vulnerability classified as critical was found in Codezips E-Commerc ...) + TODO: check +CVE-2024-12791 (A vulnerability was found in Codezips E-Commerce Site 1.0. It has been ...) + TODO: check +CVE-2024-12790 (A vulnerability was found in code-projects Hostel Management Site 1.0. ...) + TODO: check +CVE-2024-12789 (A vulnerability was found in PbootCMS up to 3.2.3. It has been classif ...) + TODO: check +CVE-2024-12788 (A vulnerability was found in Codezips Technical Discussion Forum 1.0 a ...) + TODO: check +CVE-2024-12787 (A vulnerability has been found in 1000 Projects Attendance Tracking Ma ...) + TODO: check +CVE-2024-12786 (A vulnerability, which was classified as critical, was found in X1a0He ...) + TODO: check +CVE-2024-12785 (A vulnerability was found in itsourcecode Vehicle Management System 1. ...) + TODO: check +CVE-2024-12784 (A vulnerability was found in itsourcecode Vehicle Management System 1. ...) + TODO: check +CVE-2024-12783 (A vulnerability was found in itsourcecode Vehicle Management System 1. ...) + TODO: check +CVE-2024-12782 (A vulnerability has been found in Fujifilm Apeos C3070, Apeos C5570 an ...) + TODO: check +CVE-2024-12626 (The AutomatorWP \u2013 Automator plugin for no-code automations, webho ...) + TODO: check +CVE-2024-12569 (Disclosure of sensitive information in HikVision camera driver's log f ...) + TODO: check +CVE-2024-12331 (The File Manager Pro \u2013 Filester plugin for WordPress is vulnerabl ...) + TODO: check +CVE-2024-11616 (Netskope was made aware of a security vulnerability in Netskope Endpoi ...) + TODO: check +CVE-2024-10244 (Improper Neutralization of Special Elements used in an SQL Command ('S ...) + TODO: check +CVE-2023-7005 (A specially crafted message can be sent to the TTLock App that downgra ...) + TODO: check +CVE-2023-4617 (Incorrect authorization vulnerability in HTTP POST method in Govee Hom ...) + TODO: check +CVE-2024-9102 (phpLDAPadmin since at least version 1.2.0 through the latest version 1 ...) - phpldapadmin <unfixed> NOTE: https://www.redguard.ch/blog/2024/12/19/security-advisory-phpldapadmin/ -CVE-2024-9101 +CVE-2024-9101 (A reflected cross-site scripting (XSS) vulnerability in the 'Entry Cho ...) - phpldapadmin <unfixed> NOTE: https://www.redguard.ch/blog/2024/12/19/security-advisory-phpldapadmin/ CVE-2024-56319 (In Matter (aka connectedhomeip or Project CHIP) through 1.4.0.0 before ...) @@ -6368,7 +6456,7 @@ CVE-2024-53901 (The Imager package before 1.025 for Perl has a heap-based buffer NOTE: https://github.com/tonycoz/imager/issues/534 NOTE: https://github.com/tonycoz/imager/commit/7851737838aa86113b276aea02729cc1f6e9eed0 (v1.025) NOTE: https://github.com/briandfoy/cpan-security-advisory/issues/167 -CVE-2024-38819 +CVE-2024-38819 (Applications serving static resources through the functional web frame ...) - libspring-java <unfixed> (unimportant) NOTE: https://bugzilla.redhat.com/show_bug.cgi?id=2327614 NOTE: Only supported for building applications shipped in Debian, see README.Debian.security @@ -11076,12 +11164,12 @@ CVE-2024-49369 (Icinga is a monitoring system which checks the availability of n NOTE: Fixed by: https://github.com/Icinga/icinga2/commit/3504fc7ed688c10d86988e2029a65efc311393fe (v2.13.10) NOTE: Fixed by: https://github.com/Icinga/icinga2/commit/0419a2c36de408e9a703aec0962061ec9a285d3c (v2.12.11) NOTE: Fixed by: https://github.com/Icinga/icinga2/commit/8fed6608912c752b337d977f730547875a820831 (v2.11.12) -CVE-2024-45819 +CVE-2024-45819 (PVH guests have their ACPI tables constructed by the toolstack. The c ...) [experimental] - xen 4.19.1-1~exp1 - xen <unfixed> [bullseye] - xen <end-of-life> (EOLed in Bullseye) NOTE: https://xenbits.xen.org/xsa/advisory-464.html -CVE-2024-45818 +CVE-2024-45818 (The hypervisor contains code to accelerate VGA memory accesses for HVM ...) [experimental] - xen 4.19.1-1~exp1 - xen <unfixed> [bullseye] - xen <end-of-life> (EOLed in Bullseye) @@ -16225,7 +16313,7 @@ CVE-2024-48539 (Neye3C v4.5.2.0 was discovered to contain a hardcoded encryption NOT-FOR-US: Neye3C CVE-2024-48538 (Incorrect access control in the firmware update and download processes ...) NOT-FOR-US: Neye3C -CVE-2024-48514 (php-heic-to-jpg <= 1.0.5 is vulnerable to remote code execution. An at ...) +CVE-2024-48514 (php-heic-to-jpg <= 1.0.5 is vulnerable to code injection (fixed in 1.0 ...) NOT-FOR-US: php-heic-to-jpg CVE-2024-48454 (An issue in SourceCodester Purchase Order Management System v1.0 allow ...) NOT-FOR-US: SourceCodester Purchase Order Management System @@ -49304,7 +49392,7 @@ CVE-2024-0427 (The ARForms - Premium WordPress Form Builder Plugin WordPress plu NOT-FOR-US: WordPress plugin CVE-2024-0160 (Dell Client Platform contains an incorrect authorization vulnerability ...) NOT-FOR-US: Dell -CVE-2024-25131 +CVE-2024-25131 (A flaw was found in the MustGather.managed.openshift.io Custom Defined ...) NOT-FOR-US: MustGather.managed.openshift.io Custom Defined Resource (CRD) CVE-2024-5847 (Use after free in PDFium in Google Chrome prior to 126.0.6478.54 allow ...) {DSA-5710-1} @@ -281736,8 +281824,8 @@ CVE-2021-32591 (A missing cryptographic steps vulnerability in the function that NOT-FOR-US: FortiGuard CVE-2021-32590 (Multiple improper neutralization of special elements used in an SQL co ...) NOT-FOR-US: FortiPortal -CVE-2021-32589 - RESERVED +CVE-2021-32589 (A Use After Free (CWE-416) vulnerability in FortiManager version 7.0.0 ...) + TODO: check CVE-2021-32588 (A use of hard-coded credentials (CWE-798) vulnerability in FortiPortal ...) NOT-FOR-US: FortiGuard CVE-2021-32587 (An improper access control vulnerability in FortiManager and FortiAnal ...) @@ -298710,8 +298798,8 @@ CVE-2021-26117 (The optional ActiveMQ LDAP login module can be configured to use NOTE: https://gitbox.apache.org/repos/asf?p=activemq.git;h=c9f68f4c64b2687eee283b95538753665d2b229b CVE-2021-26116 (An improper neutralization of special elements used in an OS command v ...) NOT-FOR-US: FortiAuthenticator -CVE-2021-26115 - RESERVED +CVE-2021-26115 (An OS command injection (CWE-78) vulnerability in FortiWAN version 4.5 ...) + TODO: check CVE-2021-26114 (Multiple improper neutralization of special elements used in an SQL co ...) NOT-FOR-US: FortiWAN CVE-2021-26113 (A use of a one-way hash with a predictable salt vulnerability [CWE-760 ...) @@ -298736,8 +298824,8 @@ CVE-2021-26104 (Multiple OS command injection (CWE-78) vulnerabilities in the co NOT-FOR-US: Fortiguard CVE-2021-26103 (An insufficient verification of data authenticity vulnerability (CWE-3 ...) NOT-FOR-US: FortiGuard -CVE-2021-26102 - RESERVED +CVE-2021-26102 (A relative path traversal vulnerability (CWE-23) in FortiWAN version 4 ...) + TODO: check CVE-2021-26101 RESERVED CVE-2021-26100 (A missing cryptographic step in the Identity-Based Encryption service ...) @@ -307399,8 +307487,8 @@ CVE-2021-22503 (Possible Improper Neutralization of Input During Web Page Gener NOT-FOR-US: NetIQ CVE-2021-22502 (Remote Code execution vulnerability in Micro Focus Operation Bridge Re ...) NOT-FOR-US: Micro Focus -CVE-2021-22501 - RESERVED +CVE-2021-22501 (Improper Restriction of XML External Entity Reference vulnerability in ...) + TODO: check CVE-2021-22500 (Cross Site Request Forgery vulnerability in Micro Focus Application Pe ...) NOT-FOR-US: Micro Focus CVE-2021-22499 (Persistent Cross-Site scripting vulnerability in Micro Focus Applicati ...) @@ -353282,8 +353370,8 @@ CVE-2020-15936 (A improper input validation in Fortinet FortiGate version 6.4.3 NOT-FOR-US: FortiGuard CVE-2020-15935 (A cleartext storage of sensitive information in GUI in FortiADC versio ...) NOT-FOR-US: Fortiguard -CVE-2020-15934 - RESERVED +CVE-2020-15934 (An execution with unnecessary privileges vulnerability in the VCM engi ...) + TODO: check CVE-2020-15933 (A exposure of sensitive information to an unauthorized actor in Fortin ...) NOT-FOR-US: FortiGuard CVE-2020-15932 (Overwolf before 0.149.2.30 mishandles Symbolic Links during updates, c ...) @@ -361816,8 +361904,8 @@ CVE-2020-12822 RESERVED CVE-2020-12821 (Gossipsub 1.0 does not properly resist invalid message spam, such as a ...) NOT-FOR-US: Gossipsub -CVE-2020-12820 - RESERVED +CVE-2020-12820 (Under non-default configuration, a stack-based buffer overflow in Fort ...) + TODO: check CVE-2020-12819 (A heap-based buffer overflow vulnerability in the processing of Link C ...) NOT-FOR-US: FortiGuard CVE-2020-12818 (An insufficient logging vulnerability in FortiGate before 6.4.1 may al ...) @@ -378445,8 +378533,8 @@ CVE-2020-6925 RESERVED CVE-2020-6924 RESERVED -CVE-2020-6923 - RESERVED +CVE-2020-6923 (The HP Linux Imaging and Printing (HPLIP) software may potentially be ...) + TODO: check CVE-2020-6922 (Potential security vulnerabilities including compromise of integrity, ...) NOT-FOR-US: HP CVE-2020-6921 (Potential security vulnerabilities including compromise of integrity, ...) View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/58fed66977624759ae522edcb3e8f10cdfb25464 -- View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/58fed66977624759ae522edcb3e8f10cdfb25464 You're receiving this email because of your account on salsa.debian.org.
_______________________________________________ debian-security-tracker-commits mailing list debian-security-tracker-commits@alioth-lists.debian.net https://alioth-lists.debian.net/cgi-bin/mailman/listinfo/debian-security-tracker-commits
