Salvatore Bonaccorso pushed to branch master at Debian Security Tracker /
security-tracker
Commits:
140dbb05 by security tracker role at 2024-09-09T08:11:55+00:00
automatic update
- - - - -
1 changed file:
- data/CVE/list
Changes:
=====================================
data/CVE/list
=====================================
@@ -1,3 +1,31 @@
+CVE-2024-8586 (WebITR from Uniong has an Open Redirect vulnerability, which
allows un ...)
+ TODO: check
+CVE-2024-8585 (Orca HCM from LEARNING DIGITA does not properly restrict a
specific pa ...)
+ TODO: check
+CVE-2024-8584 (Orca HCM from LEARNING DIGITAL does not properly restrict
access to a ...)
+ TODO: check
+CVE-2024-8583 (A vulnerability was found in SourceCodester Online Bank
Management Sys ...)
+ TODO: check
+CVE-2024-8582 (A vulnerability was found in SourceCodester Food Ordering
Management S ...)
+ TODO: check
+CVE-2024-8580 (A vulnerability classified as critical was found in TOTOLINK
AC1200 T8 ...)
+ TODO: check
+CVE-2024-7918 (The Pocket Widget WordPress plugin through 0.1.3 does not
sanitise and ...)
+ TODO: check
+CVE-2024-7689 (The Snapshot Backup WordPress plugin through 2.1.1 does not
have CSRF ...)
+ TODO: check
+CVE-2024-7688 (The AZIndex WordPress plugin through 0.8.1 does not have CSRF
checks i ...)
+ TODO: check
+CVE-2024-7687 (The AZIndex WordPress plugin through 0.8.1 does not have CSRF
check in ...)
+ TODO: check
+CVE-2024-6910 (The EventON WordPress plugin before 2.2.17 does not sanitise
and escap ...)
+ TODO: check
+CVE-2024-5561 (The Popup Maker WordPress plugin before 1.19.1 does not
sanitise and ...)
+ TODO: check
+CVE-2024-45625 (Cross-site scripting vulnerability exists in Forminator
versions prior ...)
+ TODO: check
+CVE-2024-45203 (Improper authorization in handler for custom URL scheme issue
in "@cos ...)
+ TODO: check
CVE-2024-6840
NOT-FOR-US: Ansible Automation Controller
CVE-2024-8579 (A vulnerability classified as critical has been found in
TOTOLINK AC12 ...)
@@ -1018,7 +1046,7 @@ CVE-2024-8385 (A difference in the handling of
StructFields and ArrayTypes in WA
NOTE:
https://www.mozilla.org/en-US/security/advisories/mfsa2024-39/#CVE-2024-8385
NOTE:
https://www.mozilla.org/en-US/security/advisories/mfsa2024-43/#CVE-2024-8385
CVE-2024-8384 (The JavaScript garbage collector could mis-color
cross-compartment obj ...)
- {DSA-5767-1 DSA-5765-1 DLA-3869-1}
+ {DSA-5767-1 DSA-5765-1 DLA-3882-1 DLA-3869-1}
- firefox 130.0-1
- firefox-esr 115.15.0esr-1
- thunderbird <unfixed>
@@ -1027,13 +1055,13 @@ CVE-2024-8384 (The JavaScript garbage collector could
mis-color cross-compartmen
NOTE:
https://www.mozilla.org/en-US/security/advisories/mfsa2024-43/#CVE-2024-8384
NOTE:
https://www.mozilla.org/en-US/security/advisories/mfsa2024-44/#CVE-2024-8384
CVE-2024-8383 (Firefox normally asks for confirmation before asking the
operating sys ...)
- {DSA-5767-1 DSA-5765-1 DLA-3869-1}
+ {DSA-5767-1 DSA-5765-1 DLA-3882-1 DLA-3869-1}
- firefox 130.0-1
- firefox-esr 115.15.0esr-1
NOTE:
https://www.mozilla.org/en-US/security/advisories/mfsa2024-39/#CVE-2024-8383
NOTE:
https://www.mozilla.org/en-US/security/advisories/mfsa2024-41/#CVE-2024-8383
CVE-2024-8382 (Internal browser event interfaces were exposed to web content
when pri ...)
- {DSA-5767-1 DSA-5765-1 DLA-3869-1}
+ {DSA-5767-1 DSA-5765-1 DLA-3882-1 DLA-3869-1}
- firefox 130.0-1
- firefox-esr 115.15.0esr-1
- thunderbird <unfixed>
@@ -1042,7 +1070,7 @@ CVE-2024-8382 (Internal browser event interfaces were
exposed to web content whe
NOTE:
https://www.mozilla.org/en-US/security/advisories/mfsa2024-43/#CVE-2024-8382
NOTE:
https://www.mozilla.org/en-US/security/advisories/mfsa2024-44/#CVE-2024-8382
CVE-2024-8381 (A potentially exploitable type confusion could be triggered
when looki ...)
- {DSA-5767-1 DSA-5765-1 DLA-3869-1}
+ {DSA-5767-1 DSA-5765-1 DLA-3882-1 DLA-3869-1}
- firefox 130.0-1
- firefox-esr 115.15.0esr-1
- thunderbird <unfixed>
@@ -45939,7 +45967,7 @@ CVE-2024-27706 (Cross Site Scripting vulnerability in
Huly Platform v.0.6.202 al
NOT-FOR-US: Huily Platform
CVE-2024-27705 (Cross Site Scripting vulnerability in Leantime v3.0.6 allows
attackers ...)
NOT-FOR-US: Leantime
-CVE-2024-26258 (OS command injection vulnerability in WRC-X3200GST3-B v1.25
and earlie ...)
+CVE-2024-26258 (OS command injection vulnerability in ELECOM wireless LAN
routers allo ...)
NOT-FOR-US: WRC-X3200GST3-B
CVE-2024-25568 (OS command injection vulnerability in ELECOM wireless LAN
routers allo ...)
NOT-FOR-US: WRC-X3200GST3-B
@@ -91555,7 +91583,7 @@ CVE-2023-4409 (A vulnerability, which was classified as
critical, has been found
NOT-FOR-US: NBS&HappySoftWeChat
CVE-2023-4407 (A vulnerability classified as critical was found in Codecanyon
Credit ...)
NOT-FOR-US: Codecanyon Credit Lite
-CVE-2023-40072 (OS command injection vulnerability in ELECOM network devices
allows an ...)
+CVE-2023-40072 (OS command injection vulnerability in ELECOM wireless LAN
access point ...)
NOT-FOR-US: WAB-S600-PS
CVE-2023-40069 (OS command injection vulnerability in ELECOM wireless LAN
routers allo ...)
NOT-FOR-US: ELECOM wireless LAN routers
View it on GitLab:
https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/140dbb050451c96948863bc8271363990c1e8a04
--
View it on GitLab:
https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/140dbb050451c96948863bc8271363990c1e8a04
You're receiving this email because of your account on salsa.debian.org.
_______________________________________________
debian-security-tracker-commits mailing list
[email protected]
https://alioth-lists.debian.net/cgi-bin/mailman/listinfo/debian-security-tracker-commits
