Salvatore Bonaccorso pushed to branch master at Debian Security Tracker /
security-tracker
Commits:
d1997790 by security tracker role at 2024-10-01T20:12:17+00:00
automatic update
- - - - -
1 changed file:
- data/CVE/list
Changes:
=====================================
data/CVE/list
=====================================
@@ -1,68 +1,170 @@
-CVE-2024-9403
+CVE-2024-9411 (A vulnerability classified as problematic has been found in
OFCMS 1.1. ...)
+ TODO: check
+CVE-2024-9405 (An incorrect limitation of a path to a restricted directory
(path trav ...)
+ TODO: check
+CVE-2024-9341 (A flaw was found in Go. When FIPS mode is enabled on a system,
contain ...)
+ TODO: check
+CVE-2024-9289 (The WordPress & WooCommerce Affiliate Program plugin for
WordPress is ...)
+ TODO: check
+CVE-2024-9265 (The Echo RSS Feed Post Generator plugin for WordPress is
vulnerable to ...)
+ TODO: check
+CVE-2024-9241 (The PDF Image Generator plugin for WordPress is vulnerable to
Reflecte ...)
+ TODO: check
+CVE-2024-9228 (The Loggedin \u2013 Limit Active Logins plugin for WordPress is
vulner ...)
+ TODO: check
+CVE-2024-9224 (The Hello World plugin for WordPress is vulnerable to Arbitrary
File R ...)
+ TODO: check
+CVE-2024-9220 (The LH Copy Media File plugin for WordPress is vulnerable to
Reflected ...)
+ TODO: check
+CVE-2024-9209 (The WP Search Analytics plugin for WordPress is vulnerable to
Reflecte ...)
+ TODO: check
+CVE-2024-9118 (The QS Dark Mode Plugin plugin for WordPress is vulnerable to
Stored C ...)
+ TODO: check
+CVE-2024-9060 (The AVIF & SVG Uploader plugin for WordPress is vulnerable to
Stored C ...)
+ TODO: check
+CVE-2024-9018 (The WP Easy Gallery \u2013 WordPress Gallery Plugin plugin for
WordPre ...)
+ TODO: check
+CVE-2024-8799 (The Custom Banners plugin for WordPress is vulnerable to
Reflected Cro ...)
+ TODO: check
+CVE-2024-8793 (The Store Exporter for WooCommerce \u2013 Export Products,
Export Orde ...)
+ TODO: check
+CVE-2024-8786 (The Auto Featured Image from Title plugin for WordPress is
vulnerable ...)
+ TODO: check
+CVE-2024-8430 (The Spice Starter Sites plugin for WordPress is vulnerable to
unauthor ...)
+ TODO: check
+CVE-2024-8324 (The XO Slider plugin for WordPress is vulnerable to Stored
Cross-Site ...)
+ TODO: check
+CVE-2024-8288 (The Guten Post Layout \u2013 An Advanced Post Grid Collection
for Word ...)
+ TODO: check
+CVE-2024-47608 (Logicytics is designed to harvest and collect data for
forensic analys ...)
+ TODO: check
+CVE-2024-47604 (NuGet Gallery is a package repository that powers nuget.org.
The NuGet ...)
+ TODO: check
+CVE-2024-47534 (go-tuf is a Go implementation of The Update Framework (TUF).
The go-tu ...)
+ TODO: check
+CVE-2024-47071 (OSS Endpoint Manager is an endpoint manager module for
FreePBX. OSS En ...)
+ TODO: check
+CVE-2024-46276 (cute_png v1.05 was discovered to contain a heap buffer
overflow via th ...)
+ TODO: check
+CVE-2024-46274 (cute_png v1.05 was discovered to contain a heap buffer
overflow via th ...)
+ TODO: check
+CVE-2024-46267 (cute_png v1.05 was discovered to contain a heap buffer
overflow via th ...)
+ TODO: check
+CVE-2024-46264 (cute_png v1.05 was discovered to contain a heap buffer
overflow via th ...)
+ TODO: check
+CVE-2024-46263 (cute_png v1.05 was discovered to contain a stack overflow via
the cp_d ...)
+ TODO: check
+CVE-2024-46261 (cute_png v1.05 was discovered to contain a heap buffer
overflow via th ...)
+ TODO: check
+CVE-2024-46259 (cute_png v1.05 was discovered to contain a heap buffer
overflow via th ...)
+ TODO: check
+CVE-2024-46258 (cute_png v1.05 was discovered to contain a heap buffer
overflow via th ...)
+ TODO: check
+CVE-2024-46083 (Scriptcase v9.10.023 and before is vulnerable to Cross Site
Scripting ...)
+ TODO: check
+CVE-2024-46081 (Scriptcase v9.10.023 and before is vulnerable to Cross Site
Scripting ...)
+ TODO: check
+CVE-2024-46079 (Scriptcase v9.10.023 and before is vulnerable to Cross Site
Scripting ...)
+ TODO: check
+CVE-2024-45999 (A SQL Injection vulnerability was discovered in Cloudlog
2.6.15, speci ...)
+ TODO: check
+CVE-2024-45967 (Pagekit 1.0.18 is vulnerable to Cross Site Scripting (XSS) in
index.ph ...)
+ TODO: check
+CVE-2024-45408 (eLabFTW is an open source electronic lab notebook for research
labs. A ...)
+ TODO: check
+CVE-2024-44744 (An issue in Malwarebytes Premium Security v5.0.0.883 allows
attackers ...)
+ TODO: check
+CVE-2024-44610 (PCAN-Ethernet Gateway FD before 1.3.0 and PCAN-Ethernet
Gateway before ...)
+ TODO: check
+CVE-2024-42514 (A vulnerability in the legacy chat component of Mitel
MiContact Center ...)
+ TODO: check
+CVE-2024-41673 (Decidim is a participatory democracy framework. The version
control fe ...)
+ TODO: check
+CVE-2024-41276 (A vulnerability in Kaiten version 57.131.12 and earlier allows
attacke ...)
+ TODO: check
+CVE-2024-31835 (Cross Site Scripting vulnerability in flatpress CMS Flatpress
v1.3 all ...)
+ TODO: check
+CVE-2024-30132 (HCL Nomad server on Domino did not configure certain HTTP
Security hea ...)
+ TODO: check
+CVE-2024-25661 (In Infinera TNMS (Transcend Network Management System)
19.10.3, cleart ...)
+ TODO: check
+CVE-2024-25660 (The WebDAV service in Infinera TNMS (Transcend Network
Management Syst ...)
+ TODO: check
+CVE-2024-25659 (In Infinera TNMS (Transcend Network Management System)
19.10.3, an ins ...)
+ TODO: check
+CVE-2024-25658 (Cleartext storage of passwords in Infinera TNMS (Transcend
Network Man ...)
+ TODO: check
+CVE-2024-25632 (eLabFTW is an open source electronic lab notebook for research
labs. I ...)
+ TODO: check
+CVE-2023-7273 (Cross site request forgery in Kiteworks OwnCloud allows an
unauthentic ...)
+ TODO: check
+CVE-2023-3441 (An issue has been discovered in GitLab EE/CE affecting all
versions st ...)
+ TODO: check
+CVE-2024-9403 (Memory safety bugs present in Firefox 130. Some of these bugs
showed e ...)
- firefox <unfixed>
NOTE:
https://www.mozilla.org/en-US/security/advisories/mfsa2024-46/#CVE-2024-9403
-CVE-2024-9402
+CVE-2024-9402 (Memory safety bugs present in Firefox 130, Firefox ESR 128.2,
and Thun ...)
- firefox <unfixed>
- thunderbird <unfixed>
NOTE:
https://www.mozilla.org/en-US/security/advisories/mfsa2024-46/#CVE-2024-9402
NOTE:
https://www.mozilla.org/en-US/security/advisories/mfsa2024-49/#CVE-2024-9402
-CVE-2024-9401
+CVE-2024-9401 (Memory safety bugs present in Firefox 130, Firefox ESR 115.15,
Firefox ...)
- firefox <unfixed>
- firefox-esr <unfixed>
- thunderbird <unfixed>
NOTE:
https://www.mozilla.org/en-US/security/advisories/mfsa2024-46/#CVE-2024-9401
NOTE:
https://www.mozilla.org/en-US/security/advisories/mfsa2024-48/#CVE-2024-9401
NOTE:
https://www.mozilla.org/en-US/security/advisories/mfsa2024-49/#CVE-2024-9401
-CVE-2024-9400
+CVE-2024-9400 (A potential memory corruption vulnerability could be triggered
if an a ...)
- firefox <unfixed>
- thunderbird <unfixed>
NOTE:
https://www.mozilla.org/en-US/security/advisories/mfsa2024-46/#CVE-2024-9400
NOTE:
https://www.mozilla.org/en-US/security/advisories/mfsa2024-49/#CVE-2024-9400
-CVE-2024-9399
+CVE-2024-9399 (A website configured to initiate a specially crafted
WebTransport sess ...)
- firefox <unfixed>
- thunderbird <unfixed>
NOTE:
https://www.mozilla.org/en-US/security/advisories/mfsa2024-46/#CVE-2024-9399
NOTE:
https://www.mozilla.org/en-US/security/advisories/mfsa2024-49/#CVE-2024-9399
-CVE-2024-9398
+CVE-2024-9398 (By checking the result of calls to `window.open` with
specifically set ...)
- firefox <unfixed>
- thunderbird <unfixed>
NOTE:
https://www.mozilla.org/en-US/security/advisories/mfsa2024-46/#CVE-2024-9398
NOTE:
https://www.mozilla.org/en-US/security/advisories/mfsa2024-49/#CVE-2024-9398
-CVE-2024-9397
+CVE-2024-9397 (A missing delay in directory upload UI could have made it
possible for ...)
- firefox <unfixed>
- thunderbird <unfixed>
NOTE:
https://www.mozilla.org/en-US/security/advisories/mfsa2024-46/#CVE-2024-9397
NOTE:
https://www.mozilla.org/en-US/security/advisories/mfsa2024-49/#CVE-2024-9397
-CVE-2024-9396
+CVE-2024-9396 (It is currently unknown if this issue is exploitable but a
condition m ...)
- firefox <unfixed>
- thunderbird <unfixed>
NOTE:
https://www.mozilla.org/en-US/security/advisories/mfsa2024-46/#CVE-2024-9396
NOTE:
https://www.mozilla.org/en-US/security/advisories/mfsa2024-49/#CVE-2024-9396
-CVE-2024-9395
+CVE-2024-9395 (A specially crafted filename containing a large number of
spaces could ...)
- firefox <not-affected> (Only affects Firefox on Android)
NOTE:
https://www.mozilla.org/en-US/security/advisories/mfsa2024-46/#CVE-2024-9395
-CVE-2024-9394
+CVE-2024-9394 (An attacker could, via a specially crafted multipart response,
execute ...)
- firefox <unfixed>
- firefox-esr <unfixed>
- thunderbird <unfixed>
NOTE:
https://www.mozilla.org/en-US/security/advisories/mfsa2024-46/#CVE-2024-9394
NOTE:
https://www.mozilla.org/en-US/security/advisories/mfsa2024-48/#CVE-2024-9394
NOTE:
https://www.mozilla.org/en-US/security/advisories/mfsa2024-49/#CVE-2024-9394
-CVE-2024-9393
+CVE-2024-9393 (An attacker could, via a specially crafted multipart response,
execute ...)
- firefox <unfixed>
- firefox-esr <unfixed>
- thunderbird <unfixed>
NOTE:
https://www.mozilla.org/en-US/security/advisories/mfsa2024-46/#CVE-2024-9393
NOTE:
https://www.mozilla.org/en-US/security/advisories/mfsa2024-48/#CVE-2024-9393
NOTE:
https://www.mozilla.org/en-US/security/advisories/mfsa2024-49/#CVE-2024-9393
-CVE-2024-9392
+CVE-2024-9392 (A compromised content process could have allowed for the
arbitrary loa ...)
- firefox <unfixed>
- firefox-esr <unfixed>
- thunderbird <unfixed>
NOTE:
https://www.mozilla.org/en-US/security/advisories/mfsa2024-46/#CVE-2024-9392
NOTE:
https://www.mozilla.org/en-US/security/advisories/mfsa2024-48/#CVE-2024-9392
NOTE:
https://www.mozilla.org/en-US/security/advisories/mfsa2024-49/#CVE-2024-9392
-CVE-2024-9391
+CVE-2024-9391 (A user who enables full-screen mode on a specially crafted web
page co ...)
- firefox <not-affected> (Only affects Firefox Focus for Android)
NOTE:
https://www.mozilla.org/en-US/security/advisories/mfsa2024-46/#CVE-2024-9391
CVE-2024-9360 (A vulnerability was found in code-projects Restaurant
Reservation Syst ...)
@@ -153,7 +255,7 @@ CVE-2024-21489 (Versions of the package uplot before 1.6.31
are vulnerable to Pr
NOT-FOR-US: Node uplot
CVE-2024-0116 (NVIDIA Triton Inference Server contains a vulnerability where a
user m ...)
NOT-FOR-US: NVIDIA
-CVE-2024-9355
+CVE-2024-9355 (A vulnerability was found in Golang FIPS OpenSSL. This flaw
allows a m ...)
NOT-FOR-US: golang-fips
CVE-2024-9158 (A stored cross site scripting vulnerability exists in Nessus
Network M ...)
NOT-FOR-US: Nessus
@@ -246056,8 +246158,8 @@ CVE-2021-3667 (An improper locking issue was found in
the virStoragePoolLookupBy
NOTE: Introduced in
https://libvirt.org/git/?p=libvirt.git;a=commit;h=7aa0e8c0cb8a6293d0c6f7e3d29c13b96dec2129
CVE-2021-37578 (Apache jUDDI uses several classes related to Java's Remote
Method Invo ...)
NOT-FOR-US: Apache jUDDI
-CVE-2021-37577
- RESERVED
+CVE-2021-37577 (Bluetooth LE and BR/EDR Secure Connections pairing and Secure
Simple P ...)
+ TODO: check
CVE-2021-37575
RESERVED
CVE-2021-37574
View it on GitLab:
https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/d1997790739e74d59d45783700579166760ce741
--
View it on GitLab:
https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/d1997790739e74d59d45783700579166760ce741
You're receiving this email because of your account on salsa.debian.org.
_______________________________________________
debian-security-tracker-commits mailing list
[email protected]
https://alioth-lists.debian.net/cgi-bin/mailman/listinfo/debian-security-tracker-commits
