[Git][security-tracker-team/security-tracker][master] automatic update

Salvatore Bonaccorso (@carnil) Tue, 01 Oct 2024 08:32:58 -0700


Salvatore Bonaccorso pushed to branch master at Debian Security Tracker / 
security-tracker



Commits:
19dd057f by security tracker role at 2024-10-01T08:12:24+00:00
automatic update

- - - - -


1 changed file:

- data/CVE/list


Changes:

=====================================
data/CVE/list
=====================================
@@ -1,3 +1,91 @@
+CVE-2024-9360 (A vulnerability was found in code-projects Restaurant 
Reservation Syst ...)
+       TODO: check
+CVE-2024-9359 (A vulnerability was found in code-projects Restaurant 
Reservation Syst ...)
+       TODO: check
+CVE-2024-9358 (A vulnerability has been found in ThingsBoard up to 3.7.0 and 
classifi ...)
+       TODO: check
+CVE-2024-9304 (The LocateAndFilter plugin for WordPress is vulnerable to 
Stored Cross ...)
+       TODO: check
+CVE-2024-9274 (The Elastik Page Builder plugin for WordPress is vulnerable to 
Stored  ...)
+       TODO: check
+CVE-2024-9272 (The R Animated Icon Plugin plugin for WordPress is vulnerable 
to Store ...)
+       TODO: check
+CVE-2024-9269 (The Relogo plugin for WordPress is vulnerable to Stored 
Cross-Site Scr ...)
+       TODO: check
+CVE-2024-9267 (The Easy WordPress Subscribe \u2013 Optin Hound plugin for 
WordPress i ...)
+       TODO: check
+CVE-2024-9194 (Improper Neutralization of Special Elements used in an SQL 
Command ('S ...)
+       TODO: check
+CVE-2024-9145 (Wiz Code Visual Studio Code extension in versions 1.0.0 up to 
1.5.3 an ...)
+       TODO: check
+CVE-2024-9119 (The SVG Complete plugin for WordPress is vulnerable to Stored 
Cross-Si ...)
+       TODO: check
+CVE-2024-9108 (The Wechat Social login plugin for WordPress is vulnerable to 
arbitrar ...)
+       TODO: check
+CVE-2024-9106 (The Wechat Social login plugin for WordPress is vulnerable to 
authenti ...)
+       TODO: check
+CVE-2024-8990 (The Geo Mashup plugin for WordPress is vulnerable to Stored 
Cross-Site ...)
+       TODO: check
+CVE-2024-8989 (The Free Responsive Testimonials, Social Proof Reviews, and 
Customer R ...)
+       TODO: check
+CVE-2024-8981 (The Broken Link Checker plugin for WordPress is vulnerable to 
Reflecte ...)
+       TODO: check
+CVE-2024-8728 (The Easy Load More plugin for WordPress is vulnerable to 
Reflected Cro ...)
+       TODO: check
+CVE-2024-8727 (The DK PDF plugin for WordPress is vulnerable to Reflected 
Cross-Site  ...)
+       TODO: check
+CVE-2024-8720 (The RumbleTalk Live Group Chat \u2013 HTML5 plugin for 
WordPress is vu ...)
+       TODO: check
+CVE-2024-8718 (The Gravity Forms Toolbar plugin for WordPress is vulnerable to 
Reflec ...)
+       TODO: check
+CVE-2024-8675 (The Soumettre.fr plugin for WordPress is vulnerable to 
unauthorized mo ...)
+       TODO: check
+CVE-2024-8632 (The KB Support \u2013 WordPress Help Desk and Knowledge Base 
plugin fo ...)
+       TODO: check
+CVE-2024-8548 (The KB Support \u2013 WordPress Help Desk and Knowledge Base 
plugin fo ...)
+       TODO: check
+CVE-2024-8107 (The Slider Revolution plugin for WordPress is vulnerable to 
Stored Cro ...)
+       TODO: check
+CVE-2024-7869 (The 123.chat - Video Chat plugin for WordPress is vulnerable to 
Stored ...)
+       TODO: check
+CVE-2024-7675 (A maliciously crafted DWF file, when parsed in w3dtk.dll 
through Autod ...)
+       TODO: check
+CVE-2024-7674 (A maliciously crafted DWF file, when parsed in dwfcore.dll 
through Aut ...)
+       TODO: check
+CVE-2024-7673 (A maliciously crafted DWFX file, when parsed in w3dtk.dll 
through Auto ...)
+       TODO: check
+CVE-2024-7672 (A maliciously crafted DWF file, when parsed in dwfcore.dll 
through Aut ...)
+       TODO: check
+CVE-2024-7671 (A maliciously crafted DWFX file, when parsed in dwfcore.dll 
through Au ...)
+       TODO: check
+CVE-2024-7670 (A maliciously crafted DWFX file, when parsed in w3dtk.dll 
through Auto ...)
+       TODO: check
+CVE-2024-7434 (The UltraPress theme for WordPress is vulnerable to PHP Object 
Injecti ...)
+       TODO: check
+CVE-2024-7433 (The Empowerment theme for WordPress is vulnerable to PHP Object 
Inject ...)
+       TODO: check
+CVE-2024-7432 (The Unseen Blog theme for WordPress is vulnerable to PHP Object 
Inject ...)
+       TODO: check
+CVE-2024-47560 (RevoWorks Cloud Client 3.0.91 and earlier contains an 
incorrect author ...)
+       TODO: check
+CVE-2024-47396 (Improper Neutralization of Input During Web Page Generation 
(XSS or 'C ...)
+       TODO: check
+CVE-2024-47295 (Insecure initial password configuration issue in SEIKO EPSON 
Web Confi ...)
+       TODO: check
+CVE-2024-46503 (An issue in the _readFileSync function of Simple-Spellchecker 
v1.0.2 a ...)
+       TODO: check
+CVE-2024-45073 (IBM WebSphere Application Server 8.5 and 9.0 is vulnerable to 
stored c ...)
+       TODO: check
+CVE-2024-28808 (An issue was discovered in Infinera hiT 7300 5.60.50. Hidden 
functiona ...)
+       TODO: check
+CVE-2024-28807 (An issue was discovered in Infinera hiT 7300 5.60.50. 
Cleartext storag ...)
+       TODO: check
+CVE-2024-21531 (All versions of the package git-shallow-clone are vulnerable 
to Comman ...)
+       TODO: check
+CVE-2024-21489 (Versions of the package uplot before 1.6.31 are vulnerable to 
Prototyp ...)
+       TODO: check
+CVE-2024-0116 (NVIDIA Triton Inference Server contains a vulnerability where a 
user m ...)
+       TODO: check
 CVE-2024-9355
        NOT-FOR-US: golang-fips
 CVE-2024-9158 (A stored cross site scripting vulnerability exists in Nessus 
Network M ...)
@@ -2497,7 +2585,7 @@ CVE-2024-22303 (Incorrect Privilege Assignment 
vulnerability in favethemes Houze
        NOT-FOR-US: WordPress plugin
 CVE-2024-21743 (Privilege Escalation vulnerability in favethemes Houzez Login 
Register ...)
        NOT-FOR-US: WordPress plugin
-CVE-2024-8421
+CVE-2024-8421 (This CVE has been rejected.)
        NOT-FOR-US: Red Hat specific golang.org/x/net/http2 CVE relating to 
CVE-2023-39325
        NOTE: https://bugzilla.redhat.com/show_bug.cgi?id=2309710#c7
 CVE-2024-XXXX [RUSTSEC-2023-0086]
@@ -74421,6 +74509,7 @@ CVE-2023-7106 (A vulnerability was found in 
code-projects E-Commerce Website 1.0
 CVE-2023-7105 (A vulnerability was found in code-projects E-Commerce Website 
1.0. It  ...)
        NOT-FOR-US: code-projects E-Commerce Website
 CVE-2023-7104 (A vulnerability was found in SQLite SQLite3 up to 3.43.0 and 
classifie ...)
+       {DLA-3907-1}
        - sqlite3 3.43.1-1
        [bookworm] - sqlite3 <no-dsa> (Minor issue)
        [buster] - sqlite3 <no-dsa> (Minor issue)
@@ -248031,6 +248120,7 @@ CVE-2021-36691 (libjxl v0.5.0 is affected by a 
Assertion failed issue in lib/jxl
        NOTE: Special case of https://github.com/libjxl/libjxl/issues/762
        NOTE: Negligible security impact
 CVE-2021-36690 (A segmentation fault can occur in the sqlite3.exe command-line 
compone ...)
+       {DLA-3907-1}
        - sqlite3 3.36.0-2 (unimportant)
        [stretch] - sqlite3 <not-affected> (vulnerable code is not present)
        - sqlite <not-affected> (Vulnerable code is not present)



View it on GitLab: 
https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/19dd057faf6945f41f23ea47c4dfeb44c113b2ca

-- 
View it on GitLab: 
https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/19dd057faf6945f41f23ea47c4dfeb44c113b2ca
You're receiving this email because of your account on salsa.debian.org.

_______________________________________________
debian-security-tracker-commits mailing list
[email protected]
https://alioth-lists.debian.net/cgi-bin/mailman/listinfo/debian-security-tracker-commits

[Git][security-tracker-team/security-tracker][master] automatic update

Reply via email to