[Git][security-tracker-team/security-tracker][master] automatic update

Salvatore Bonaccorso (@carnil) Fri, 27 Sep 2024 01:22:50 -0700


Salvatore Bonaccorso pushed to branch master at Debian Security Tracker / 
security-tracker



Commits:
1f055053 by security tracker role at 2024-09-27T08:12:23+00:00
automatic update

- - - - -


1 changed file:

- data/CVE/list


Changes:

=====================================
data/CVE/list
=====================================
@@ -1,3 +1,51 @@
+CVE-2024-9130 (The GiveWP \u2013 Donation Plugin and Fundraising Platform 
plugin for  ...)
+       TODO: check
+CVE-2024-9049 (The Beaver Builder \u2013 WordPress Page Builder plugin for 
WordPress  ...)
+       TODO: check
+CVE-2024-9029 (A flaw was found in freeimage library. Processing a crafted 
image can  ...)
+       TODO: check
+CVE-2024-8991 (The OSM \u2013 OpenStreetMap plugin for WordPress is vulnerable 
to Sto ...)
+       TODO: check
+CVE-2024-8974 (Information disclosure in Gitlab EE/CE affecting all versions 
from 15. ...)
+       TODO: check
+CVE-2024-8965 (The Absolute Reviews plugin for WordPress is vulnerable to 
Stored Cros ...)
+       TODO: check
+CVE-2024-8922 (The Product Enquiry for WooCommerce, WooCommerce product 
catalog plugi ...)
+       TODO: check
+CVE-2024-8681 (The Premium Addons for Elementor plugin for WordPress is 
vulnerable to ...)
+       TODO: check
+CVE-2024-7714 (The AI ChatBot with ChatGPT and Content Generator by AYS 
WordPress plu ...)
+       TODO: check
+CVE-2024-7713 (The AI ChatBot with ChatGPT and Content Generator by AYS 
WordPress plu ...)
+       TODO: check
+CVE-2024-7400 (The vulnerability potentially allowed an attacker to misuse 
ESET\u2019 ...)
+       TODO: check
+CVE-2024-7011 (Sharp NEC Projectors (NP-CB4500UL, NP-CB4500WL, NP-CB4700UL, 
NP-P525UL ...)
+       TODO: check
+CVE-2024-6769 (A DLL Hijacking caused by drive remapping combined with a 
poisoning of ...)
+       TODO: check
+CVE-2024-4099 (An issue has been discovered in GitLab EE affecting all 
versions start ...)
+       TODO: check
+CVE-2024-46628 (Tenda G3 Router firmware v15.03.05.05 was discovered to 
contain a remo ...)
+       TODO: check
+CVE-2024-45986 (A stored Cross-Site Scripting (XSS) vulnerability was 
identified in Pr ...)
+       TODO: check
+CVE-2024-40508 (Cross Site Scripting vulnerability in openPetra v.2023.02 
allows a rem ...)
+       TODO: check
+CVE-2024-40507 (Cross Site Scripting vulnerability in openPetra v.2023.02 
allows a rem ...)
+       TODO: check
+CVE-2024-40506 (Cross Site Scripting vulnerability in openPetra v.2023.02 
allows a rem ...)
+       TODO: check
+CVE-2024-39435 (In Logmanager service, there is a possible missing 
verification incorr ...)
+       TODO: check
+CVE-2024-39434 (In drm service, there is a possible out of bounds read due to 
a missin ...)
+       TODO: check
+CVE-2024-39433 (In drm service, there is a possible out of bounds write due to 
a missi ...)
+       TODO: check
+CVE-2024-39432 (In UMTS RLC driver, there is a possible out of bounds read due 
to a mi ...)
+       TODO: check
+CVE-2024-39431 (In UMTS RLC driver, there is a possible out of bounds write 
due to a m ...)
+       TODO: check
 CVE-2024-9203 (A vulnerability, which was classified as problematic, has been 
found i ...)
        NOT-FOR-US: Enpass Password Manager
 CVE-2024-9199 (Rate limit vulnerability in Clibo Manager v1.1.9.2 that could 
allow an ...)
@@ -161,22 +209,22 @@ CVE-2024-30134 (The HCL Traveler for Microsoft Outlook 
executable (HTMO.exe) is
        NOT-FOR-US: HCL
 CVE-2023-46175 (IBM Cloud Pak for Multicloud Management 2.3 through 2.3 FP8 
stores use ...)
        NOT-FOR-US: IBM
-CVE-2024-47177
+CVE-2024-47177 (CUPS is a standards-based, open-source printing system, and 
cups-filte ...)
        - cups-filters <unfixed> (bug #1082822)
        NOTE: 
https://github.com/OpenPrinting/cups-filters/security/advisories/GHSA-p9rh-jxmq-gq47
        NOTE: 
https://www.evilsocket.net/2024/09/26/Attacking-UNIX-systems-via-CUPS-Part-I/
-CVE-2024-47175
+CVE-2024-47175 (CUPS is a standards-based, open-source printing system, and 
`libppd` c ...)
        - libppd <removed>
        NOTE: 
https://github.com/OpenPrinting/libppd/security/advisories/GHSA-7xfx-47qg-grp6
        NOTE: 
https://www.evilsocket.net/2024/09/26/Attacking-UNIX-systems-via-CUPS-Part-I/
        NOTE: Fixed by: 
https://github.com/OpenPrinting/libppd/commit/d681747ebf12602cb426725eb8ce2753211e2477
-CVE-2024-47076
+CVE-2024-47076 (CUPS is a standards-based, open-source printing system, and 
`libcupsfi ...)
        - libcupsfilters <unfixed> (bug #1082821)
        - cups-filters <unfixed> (bug #1082827)
        NOTE: 
https://github.com/OpenPrinting/libcupsfilters/security/advisories/GHSA-w63j-6g73-wmg5
        NOTE: 
https://www.evilsocket.net/2024/09/26/Attacking-UNIX-systems-via-CUPS-Part-I/
        NOTE: Fixed by: 
https://github.com/OpenPrinting/libcupsfilters/commit/95576ec3d20c109332d14672a807353cdc551018
-CVE-2024-47176
+CVE-2024-47176 (CUPS is a standards-based, open-source printing system, and 
`cups-brow ...)
        - cups-filters <unfixed> (bug #1082820)
        NOTE: 
https://github.com/OpenPrinting/cups-browsed/security/advisories/GHSA-rj88-6mr5-rcw8
        NOTE: 
https://www.evilsocket.net/2024/09/26/Attacking-UNIX-systems-via-CUPS-Part-I/
@@ -14238,17 +14286,17 @@ CVE-2024-24622 (Softaculous Webuzo contains a command 
injection in the password
 CVE-2024-24621 (Softaculous Webuzo contains an authentication bypass 
vulnerability thr ...)
        NOT-FOR-US: Softaculous Webuzo
 CVE-2024-35296 (Invalid Accept-Encoding header can cause Apache Traffic Server 
to fail ...)
-       {DSA-5758-1}
+       {DSA-5758-1 DLA-3897-1}
        - trafficserver 9.2.5+ds-1 (bug #1077141)
        NOTE: https://www.openwall.com/lists/oss-security/2024/07/25/1
        NOTE: 
https://github.com/apache/trafficserver/commit/4122abd9272d49cb4ed87d479e1febb0f1c7c1da
 CVE-2024-35161 (Apache Traffic Server forwards malformed HTTP chunked trailer 
section  ...)
-       {DSA-5758-1}
+       {DSA-5758-1 DLA-3897-1}
        - trafficserver 9.2.5+ds-1 (bug #1077141)
        NOTE: https://www.openwall.com/lists/oss-security/2024/07/25/1
        NOTE: 
https://github.com/apache/trafficserver/commit/3ba1e2685f89bcd631b66748f70f69a5eecf741b
 CVE-2023-38522 (Apache Traffic Server accepts characters that are not allowed 
for HTTP ...)
-       {DSA-5758-1}
+       {DSA-5758-1 DLA-3897-1}
        - trafficserver 9.2.5+ds-1 (bug #1077141)
        NOTE: https://www.openwall.com/lists/oss-security/2024/07/25/1
        NOTE: 
https://github.com/apache/trafficserver/commit/b104992e2315969688a697cbf7d5007a7dca396f



View it on GitLab: 
https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/1f0550533f61843e58930cbc83ae333d29d73a01

-- 
View it on GitLab: 
https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/1f0550533f61843e58930cbc83ae333d29d73a01
You're receiving this email because of your account on salsa.debian.org.

_______________________________________________
debian-security-tracker-commits mailing list
[email protected]
https://alioth-lists.debian.net/cgi-bin/mailman/listinfo/debian-security-tracker-commits

[Git][security-tracker-team/security-tracker][master] automatic update

Reply via email to