Salvatore Bonaccorso pushed to branch master at Debian Security Tracker /
security-tracker
Commits:
fee3ca59 by security tracker role at 2024-09-05T20:12:32+00:00
automatic update
- - - - -
1 changed file:
- data/CVE/list
Changes:
=====================================
data/CVE/list
=====================================
@@ -1,3 +1,103 @@
+CVE-2024-8473 (Cross-Site Scripting (XSS) vulnerability, whereby
user-controlled inpu ...)
+ TODO: check
+CVE-2024-8472 (Cross-Site Scripting (XSS) vulnerability, whereby
user-controlled inpu ...)
+ TODO: check
+CVE-2024-8471 (Cross-Site Scripting (XSS) vulnerability, whereby
user-controlled inpu ...)
+ TODO: check
+CVE-2024-8470 (SQL injection vulnerability, by which an attacker could send a
special ...)
+ TODO: check
+CVE-2024-8469 (SQL injection vulnerability, by which an attacker could send a
special ...)
+ TODO: check
+CVE-2024-8468 (SQL injection vulnerability, by which an attacker could send a
special ...)
+ TODO: check
+CVE-2024-8467 (SQL injection vulnerability, by which an attacker could send a
special ...)
+ TODO: check
+CVE-2024-8466 (SQL injection vulnerability, by which an attacker could send a
special ...)
+ TODO: check
+CVE-2024-8465 (SQL injection vulnerability, by which an attacker could send a
special ...)
+ TODO: check
+CVE-2024-8464 (SQL injection vulnerability, by which an attacker could send a
special ...)
+ TODO: check
+CVE-2024-8463 (File upload restriction bypass vulnerability in PHPGurukul Job
Portal ...)
+ TODO: check
+CVE-2024-8462 (A vulnerability was found in Windmill 1.380.0. It has been
classified ...)
+ TODO: check
+CVE-2024-8461 (A vulnerability, which was classified as problematic, was found
in D-L ...)
+ TODO: check
+CVE-2024-8460 (A vulnerability, which was classified as problematic, has been
found i ...)
+ TODO: check
+CVE-2024-8445 (The fix for CVE-2024-2199 in 389-ds-base was insufficient to
cover all ...)
+ TODO: check
+CVE-2024-8395 (FlyCASS CASS and KCM systems did not correctly filter SQL
queries, whi ...)
+ TODO: check
+CVE-2024-8363 (The Share This Image plugin for WordPress is vulnerable to
Stored Cros ...)
+ TODO: check
+CVE-2024-7884 (When a canister method is called via ic_cdk::call* , a new
Future Call ...)
+ TODO: check
+CVE-2024-7605 (The HelloAsso plugin for WordPress is vulnerable to
unauthorized modif ...)
+ TODO: check
+CVE-2024-7591 (Improper Input Validation vulnerability in Progress LoadMaster
allows ...)
+ TODO: check
+CVE-2024-7381 (The Geo Controller plugin for WordPress is vulnerable to
unauthorized ...)
+ TODO: check
+CVE-2024-7380 (The Geo Controller plugin for WordPress is vulnerable to
unauthorized ...)
+ TODO: check
+CVE-2024-6929 (The Dynamic Featured Image plugin for WordPress is vulnerable
to Store ...)
+ TODO: check
+CVE-2024-6894 (The RD Station plugin for WordPress is vulnerable to Stored
Cross-Site ...)
+ TODO: check
+CVE-2024-6332 (The Booking for Appointments and Events Calendar \u2013 Amelia
Premium ...)
+ TODO: check
+CVE-2024-5957 (This vulnerability allows unauthenticated remote attackers to
bypass a ...)
+ TODO: check
+CVE-2024-5956 (This vulnerability allows unauthenticated remote attackers to
bypass a ...)
+ TODO: check
+CVE-2024-5309 (The Form Vibes \u2013 Database Manager for Forms plugin for
WordPress ...)
+ TODO: check
+CVE-2024-45589 (RapidIdentity LTS through 2023.0.2 and Cloud through 2024.08.0
imprope ...)
+ TODO: check
+CVE-2024-45401 (stripe-cli is a command-line tool for the payment processor
Stripe. A ...)
+ TODO: check
+CVE-2024-45392 (SuiteCRM is an open-source customer relationship management
(CRM) syst ...)
+ TODO: check
+CVE-2024-45178 (An issue was discovered in za-internet C-MOR Video
Surveillance 5.2401 ...)
+ TODO: check
+CVE-2024-45176 (An issue was discovered in za-internet C-MOR Video
Surveillance 5.2401 ...)
+ TODO: check
+CVE-2024-45175 (An issue was discovered in za-internet C-MOR Video
Surveillance 5.2401 ...)
+ TODO: check
+CVE-2024-45173 (An issue was discovered in za-internet C-MOR Video
Surveillance 5.2401 ...)
+ TODO: check
+CVE-2024-45171 (An issue was discovered in za-internet C-MOR Video
Surveillance 5.2401 ...)
+ TODO: check
+CVE-2024-45159 (An issue was discovered in Mbed TLS 3.x before 3.6.1. With TLS
1.3, wh ...)
+ TODO: check
+CVE-2024-45158 (An issue was discovered in Mbed TLS 3.6 before 3.6.1. A stack
buffer o ...)
+ TODO: check
+CVE-2024-45157 (An issue was discovered in Mbed TLS before 2.28.9 and 3.x
before 3.6.1 ...)
+ TODO: check
+CVE-2024-45107 (Acrobat Reader versions 20.005.30636, 24.002.20964,
24.001.30123, 24.0 ...)
+ TODO: check
+CVE-2024-45098 (IBM Aspera Faspex 5.0.0 through 5.0.9 could allow a user to
bypass int ...)
+ TODO: check
+CVE-2024-45097 (IBM Aspera Faspex 5.0.0 through 5.0.9 could allow a user to
bypass int ...)
+ TODO: check
+CVE-2024-45096 (IBM Aspera Faspex 5.0.0 through 5.0.9 could allow a user with
access t ...)
+ TODO: check
+CVE-2024-44728 (Sourcecodehero Event Management System 1.0 allows Stored
Cross-Site Sc ...)
+ TODO: check
+CVE-2024-44727 (Sourcecodehero Event Management System1.0 is vulnerable to SQL
Injecti ...)
+ TODO: check
+CVE-2024-44587 (itsourcecode Alton Management System 1.0 is vulnerable to SQL
Injectio ...)
+ TODO: check
+CVE-2024-42885 (SQL Injection vulnerability in ESAFENET CDG 5.6 and before
allows an a ...)
+ TODO: check
+CVE-2024-42491 (Asterisk is an open-source private branch exchange (PBX).
Prior to ver ...)
+ TODO: check
+CVE-2024-24759 (MindsDB is a platform for building artificial intelligence
from enterp ...)
+ TODO: check
+CVE-2023-51712 (An issue was discovered in Trusted Firmware-M through 2.0.0.
The lack ...)
+ TODO: check
CVE-2024-8178 (The ctl_write_buffer and ctl_read_buffer functions allocated
memory to ...)
NOT-FOR-US: FreeBSD
CVE-2024-7627 (The Bit File Manager plugin for WordPress is vulnerable to
Remote Code ...)
@@ -135371,8 +135471,8 @@ CVE-2022-4531
REJECTED
CVE-2022-4530
REJECTED
-CVE-2022-4529
- RESERVED
+CVE-2022-4529 (The Security, Antivirus, Firewall \u2013 S.A.F plugin for
WordPress is ...)
+ TODO: check
CVE-2022-4528
REJECTED
CVE-2022-4527 (A vulnerability was found in collective.task up to 3.0.8. It
has been ...)
@@ -141803,7 +141903,7 @@ CVE-2021-4241 (A vulnerability, which was classified
as problematic, was found i
CVE-2021-4240 (A vulnerability, which was classified as problematic, was found
in php ...)
NOT-FOR-US: phpservermon
CVE-2022-45442 (Sinatra is a domain-specific language for creating web
applications in ...)
- {DLA-3264-1}
+ {DLA-3877-1 DLA-3264-1}
- ruby-sinatra 3.0.5-2 (bug #1025125)
NOTE:
https://github.com/sinatra/sinatra/security/advisories/GHSA-2x8x-jmrp-phxw
NOTE:
https://github.com/sinatra/sinatra/commit/ea8fc9495a350f7551b39e3025bfcd06f49f363b
(v3.0.4)
@@ -151594,8 +151694,8 @@ CVE-2022-3558 (The Import and export users and
customers WordPress plugin before
NOT-FOR-US: WordPress plugin
CVE-2022-3557
RESERVED
-CVE-2022-3556
- RESERVED
+CVE-2022-3556 (The Cab fare calculator plugin for WordPress is vulnerable to
Stored C ...)
+ TODO: check
CVE-2022-3555
REJECTED
CVE-2022-3554
@@ -172923,6 +173023,7 @@ CVE-2022-2311 (The Find and Replace All WordPress
plugin before 1.3 does not san
CVE-2022-2310 (An authentication bypass vulnerability in Skyhigh SWG in main
releases ...)
NOT-FOR-US: Skyhigh SWG
CVE-2022-2309 (NULL Pointer Dereference allows attackers to cause a denial of
service ...)
+ {DLA-3878-1}
- lxml 4.9.1-1 (bug #1014766)
[bullseye] - lxml <no-dsa> (Minor issue)
[buster] - lxml <no-dsa> (Minor issue)
@@ -187936,7 +188037,7 @@ CVE-2022-29972 (An argument injection vulnerability
in the browser-based authent
CVE-2022-29971 (An argument injection vulnerability in the browser-based
authenticatio ...)
NOT-FOR-US: Magnitude Simba Amazon Athena ODBC Driver
CVE-2022-29970 (Sinatra before 2.2.0 does not validate that the expanded path
matches ...)
- {DLA-3166-1}
+ {DLA-3877-1 DLA-3166-1}
- ruby-sinatra 2.2.2-1 (bug #1014717)
NOTE:
https://github.com/sinatra/sinatra/commit/462c3ca1db53ed3cfc394cf5948e9c948ad1c10e
(v2.2.0)
CVE-2022-29969 (The RSS extension before 2022-04-29 for MediaWiki allows XSS
via an rs ...)
@@ -549481,6 +549582,7 @@ CVE-2016-3710 (The VGA module in QEMU improperly
performs bounds checking on ban
NOTE: http://xenbits.xen.org/xsa/advisory-179.html
NOTE: mitigation: run HVM in stubdomains, PV, default video card not
vulnerable, i386-only
CVE-2016-3709 (Possible cross-site scripting vulnerability in libxml after
commit 960 ...)
+ {DLA-3878-1}
- libxml2 2.9.12+dfsg-3
[buster] - libxml2 <no-dsa> (Minor issue)
NOTE: https://mail.gnome.org/archives/xml/2018-January/msg00010.html
View it on GitLab:
https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/fee3ca59f208cbe36b5e9bef5ea409deedd6cc29
--
View it on GitLab:
https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/fee3ca59f208cbe36b5e9bef5ea409deedd6cc29
You're receiving this email because of your account on salsa.debian.org.
_______________________________________________
debian-security-tracker-commits mailing list
[email protected]
https://alioth-lists.debian.net/cgi-bin/mailman/listinfo/debian-security-tracker-commits
