Salvatore Bonaccorso pushed to branch master at Debian Security Tracker /
security-tracker
Commits:
15f9681a by security tracker role at 2024-08-29T08:12:16+00:00
automatic update
- - - - -
1 changed file:
- data/CVE/list
Changes:
=====================================
data/CVE/list
=====================================
@@ -1,3 +1,63 @@
+CVE-2024-8250 (NTLMSSP dissector crash in Wireshark 4.2.0 to 4.0.6 and 4.0.0
to 4.0.1 ...)
+ TODO: check
+CVE-2024-8198 (Heap buffer overflow in Skia in Google Chrome prior to
128.0.6613.113 ...)
+ TODO: check
+CVE-2024-8194 (Type Confusion in V8 in Google Chrome prior to 128.0.6613.113
allowed ...)
+ TODO: check
+CVE-2024-8193 (Heap buffer overflow in Skia in Google Chrome prior to
128.0.6613.113 ...)
+ TODO: check
+CVE-2024-7857 (The Media Library Folders plugin for WordPress is vulnerable to
second ...)
+ TODO: check
+CVE-2024-7856 (The MP3 Audio Player \u2013 Music Player, Podcast Player &
Radio by So ...)
+ TODO: check
+CVE-2024-7607 (The Front End Users plugin for WordPress is vulnerable to
time-based S ...)
+ TODO: check
+CVE-2024-7606 (The Front End Users plugin for WordPress is vulnerable to
Stored Cross ...)
+ TODO: check
+CVE-2024-7418 (The The Post Grid \u2013 Shortcode, Gutenberg Blocks and
Elementor Add ...)
+ TODO: check
+CVE-2024-7132 (The Page Builder Gutenberg Blocks WordPress plugin before
3.1.13 does ...)
+ TODO: check
+CVE-2024-6927 (The Viral Signup WordPress plugin through 2.1 does not
sanitise and e ...)
+ TODO: check
+CVE-2024-5987 (The WP Accessibility Helper (WAH) plugin for WordPress is
vulnerable t ...)
+ TODO: check
+CVE-2024-5857 (The Interactive Contact Form and Multi Step Form Builder with
Drag & D ...)
+ TODO: check
+CVE-2024-5417 (The Gutentor WordPress plugin before 3.3.6 does not validate
and esca ...)
+ TODO: check
+CVE-2024-4428 (Improper Privilege Management vulnerability in Menulux
Information Tec ...)
+ TODO: check
+CVE-2024-45440 (core/authorize.php in Drupal 11.x-dev allows Full Path
Disclosure (eve ...)
+ TODO: check
+CVE-2024-45436 (extractFromZipFile in model.go in Ollama before 0.1.47 can
extract mem ...)
+ TODO: check
+CVE-2024-45435 (Chartist 1.x through 1.3.0 allows Prototype Pollution via the
extend f ...)
+ TODO: check
+CVE-2024-45233 (An issue was discovered in powermail extension through 12.3.5
for TYPO ...)
+ TODO: check
+CVE-2024-45232 (An issue was discovered in powermail extension through 12.3.5
for TYPO ...)
+ TODO: check
+CVE-2024-45059 (i-Educar is free, completely online school management software
that al ...)
+ TODO: check
+CVE-2024-45058 (i-Educar is free, completely online school management software
that al ...)
+ TODO: check
+CVE-2024-45057 (i-Educar is free, completely online school management software
that al ...)
+ TODO: check
+CVE-2024-45048 (PHPSpreadsheet is a pure PHP library for reading and writing
spreadshe ...)
+ TODO: check
+CVE-2024-45046 (PHPSpreadsheet is a pure PHP library for reading and writing
spreadshe ...)
+ TODO: check
+CVE-2024-43700 (xfpt versions prior to 1.01 fails to handle appropriately some
paramet ...)
+ TODO: check
+CVE-2024-41918 ('Rakuten Ichiba App' for Android 12.4.0 and earlier and
'Rakuten Ichib ...)
+ TODO: check
+CVE-2024-3944 (The WP To Do plugin for WordPress is vulnerable to Stored
Cross-Site S ...)
+ TODO: check
+CVE-2024-38304 (Dell PowerEdge Platform, 14G Intel BIOS version(s) prior to
2.22.x, co ...)
+ TODO: check
+CVE-2024-38303 (Dell PowerEdge Platform, 14G Intel BIOS version(s) prior to
2.22.x, co ...)
+ TODO: check
CVE-2024-8195 (The Permalink Manager Lite plugin for WordPress is vulnerable
to unaut ...)
NOT-FOR-US: WordPress plugin
CVE-2024-7745 (In WS_FTP Server versions before 8.8.8 (2022.0.8), a Missing
Critical ...)
@@ -119,7 +179,7 @@ CVE-2024-4555 (Improper Privilege Management vulnerability
in OpenText NetIQ Acc
NOT-FOR-US: (OpenText) NetIQ Access Manager
CVE-2024-4554 (Improper Input Validation vulnerability in OpenText NetIQ
Access Manag ...)
NOT-FOR-US: (OpenText) NetIQ Access Manager
-CVE-2024-45346 (The Xiaomi Security Center expresses heartfelt thanks to Ken
Gannon an ...)
+CVE-2024-45346 (A code execution vulnerability exists in the XiaomiGetApps
application ...)
NOT-FOR-US: XiaomiGetApps application
CVE-2024-45049 (Hydra is a Continuous Integration service for Nix based
projects. It i ...)
NOT-FOR-US: Hydra
@@ -1347,7 +1407,7 @@ CVE-2024-7971 (Type confusion in V8 in Google Chrome
prior to 128.0.6613.84 allo
{DSA-5757-1}
- chromium 128.0.6613.84-1
[bullseye] - chromium <end-of-life> (see #1061268)
-CVE-2024-7969 (Type Confusion in V8 in Google Chrome prior to 128.0.6613.84
allowed a ...)
+CVE-2024-7969 (Type Confusion in V8 in Google Chrome prior to 128.0.6613.113
allowed ...)
{DSA-5757-1}
- chromium 128.0.6613.84-1
[bullseye] - chromium <end-of-life> (see #1061268)
@@ -169688,8 +169748,8 @@ CVE-2022-2442 (The Migration, Backup, Staging \u2013
WPvivid plugin for WordPres
NOT-FOR-US: WordPress plugin
CVE-2022-2441 (The ImageMagick Engine plugin for WordPress is vulnerable to
remote co ...)
NOT-FOR-US: WordPress plugin
-CVE-2022-2440
- RESERVED
+CVE-2022-2440 (The Theme Editor plugin for WordPress is vulnerable to
deserialization ...)
+ TODO: check
CVE-2022-2439
RESERVED
CVE-2022-2438 (The Broken Link Checker plugin for WordPress is vulnerable to
deserial ...)
View it on GitLab:
https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/15f9681af87990f6173414dae75d6191e8cd4dcb
--
View it on GitLab:
https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/15f9681af87990f6173414dae75d6191e8cd4dcb
You're receiving this email because of your account on salsa.debian.org.
_______________________________________________
debian-security-tracker-commits mailing list
[email protected]
https://alioth-lists.debian.net/cgi-bin/mailman/listinfo/debian-security-tracker-commits
