[Git][security-tracker-team/security-tracker][master] automatic update

Tue, 08 Oct 2024 01:11:59 -0700 


Salvatore Bonaccorso pushed to branch master at Debian Security Tracker / 
security-tracker


Commits:
498c3411 by security tracker role at 2024-10-08T08:11:45+00:00
automatic update

- - - - -


1 changed file:

- data/CVE/list


Changes:

=====================================
data/CVE/list
=====================================
@@ -1,3 +1,111 @@
+CVE-2024-9292 (The Bridge Core plugin for WordPress is vulnerable to Stored 
Cross-Sit ...)
+       TODO: check
+CVE-2024-9021 (In the process of testing the Relevanssi  WordPress plugin 
before 4.23 ...)
+       TODO: check
+CVE-2024-8983 (Custom Twitter Feeds  WordPress plugin before 2.2.3 is not 
filtering s ...)
+       TODO: check
+CVE-2024-8964 (The Image Optimizer, Resizer and CDN \u2013 Sirv plugin for 
WordPress  ...)
+       TODO: check
+CVE-2024-7206 (SSL Pinning BypassineWeLink Some hardware productsallows local 
ATTACKE ...)
+       TODO: check
+CVE-2024-47974 (Race condition during resource shutdown in some Solidigm DC 
Products m ...)
+       TODO: check
+CVE-2024-47973 (In some Solidigm DC Products, a defect in device 
overprovisioning may  ...)
+       TODO: check
+CVE-2024-47969 (Improper resource management in firmware of some Solidigm DC 
Products  ...)
+       TODO: check
+CVE-2024-47968 (Improper resource shutdown in middle of certain operations on 
some Sol ...)
+       TODO: check
+CVE-2024-47967 (Improper resource initialization handling in firmware of some 
Solidigm ...)
+       TODO: check
+CVE-2024-47818 (Saltcorn is an extensible, open source, no-code database 
application b ...)
+       TODO: check
+CVE-2024-47817 (Lara-zeus Dynamic Dashboard simple way to manage widgets for 
your webs ...)
+       TODO: check
+CVE-2024-47814 (Vim is an open source, command line text editor. A 
use-after-free was  ...)
+       TODO: check
+CVE-2024-47782 (WikiDiscover is an extension designed for use with a 
CreateWiki manage ...)
+       TODO: check
+CVE-2024-47781 (CreateWiki is an extension used at Miraheze for requesting & 
creating  ...)
+       TODO: check
+CVE-2024-47772 (Discourse is an open source platform for community discussion. 
An atta ...)
+       TODO: check
+CVE-2024-47610 (InvenTree is an Open Source Inventory Management System. In 
affected v ...)
+       TODO: check
+CVE-2024-47594 (SAP NetWeaver Enterprise Portal (KMC) does not sufficiently 
encode use ...)
+       TODO: check
+CVE-2024-47095 (Cross Site Scripting vulnerability in Follet School Solutions 
Destiny  ...)
+       TODO: check
+CVE-2024-45919 (A security flaw has been discovered in Solvait version 24.4.2 
that all ...)
+       TODO: check
+CVE-2024-45874 (A DLL hijacking vulnerability in VegaBird Vooki 5.2.9 allows 
attackers ...)
+       TODO: check
+CVE-2024-45873 (A DLL hijacking vulnerability in VegaBird Yaazhini 2.0.2 
allows attack ...)
+       TODO: check
+CVE-2024-45382 (in OpenHarmony v4.1.0 and prior versions allow a local 
attacker cause  ...)
+       TODO: check
+CVE-2024-45297 (Discourse is an open source platform for community discussion. 
Users c ...)
+       TODO: check
+CVE-2024-45291 (PHPSpreadsheet is a pure PHP library for reading and writing 
spreadshe ...)
+       TODO: check
+CVE-2024-45290 (PHPSpreadsheet is a pure PHP library for reading and writing 
spreadshe ...)
+       TODO: check
+CVE-2024-45282 (Fields which are in 'read only' state in Bank Statement Draft 
in Manag ...)
+       TODO: check
+CVE-2024-45278 (SAP Commerce Backoffice does not sufficiently encode user 
controlled i ...)
+       TODO: check
+CVE-2024-45277 (The SAP HANA Node.js client package versions from 2.0.0 before 
2.21.31 ...)
+       TODO: check
+CVE-2024-45060 (PHPSpreadsheet is a pure PHP library for reading and writing 
spreadshe ...)
+       TODO: check
+CVE-2024-45051 (Discourse is an open source platform for community discussion. 
A malic ...)
+       TODO: check
+CVE-2024-43789 (Discourse is an open source platform for community discussion. 
A user  ...)
+       TODO: check
+CVE-2024-43697 (in OpenHarmony v4.1.0 and prior versions allow a local 
attacker cause  ...)
+       TODO: check
+CVE-2024-43696 (in OpenHarmony v4.1.0 and prior versions allow a local 
attacker cause  ...)
+       TODO: check
+CVE-2024-43365 (Cacti is an open source performance and fault management 
framework. Th ...)
+       TODO: check
+CVE-2024-43364 (Cacti is an open source performance and fault management 
framework. Th ...)
+       TODO: check
+CVE-2024-43363 (Cacti is an open source performance and fault management 
framework. An ...)
+       TODO: check
+CVE-2024-43362 (Cacti is an open source performance and fault management 
framework. Th ...)
+       TODO: check
+CVE-2024-39831 (in OpenHarmony v4.1.0 allow a local attacker with high 
privileges arbi ...)
+       TODO: check
+CVE-2024-39806 (in OpenHarmony v4.1.0 and prior versions allow a local 
attacker cause  ...)
+       TODO: check
+CVE-2024-37179 (SAP BusinessObjects Business Intelligence Platform allows an 
authentic ...)
+       TODO: check
+CVE-2024-34672 (Improper input validation in SamsungVideoPlayer prior to 
versions 7.3. ...)
+       TODO: check
+CVE-2024-34671 (Use of implicit intent for sensitive communication in 
translation\ud63 ...)
+       TODO: check
+CVE-2024-34670 (Use of implicit intent for sensitive communication in Sound 
Assistant  ...)
+       TODO: check
+CVE-2024-34669 (Out-of-bounds write in parsing h.263+ format in 
librtppayload.so prior ...)
+       TODO: check
+CVE-2024-34668 (Out-of-bounds write in parsing h.263 format in 
librtppayload.so prior  ...)
+       TODO: check
+CVE-2024-34667 (Out-of-bounds write in parsing h.265 format in 
librtppayload.so prior  ...)
+       TODO: check
+CVE-2024-34666 (Out-of-bounds write in parsing h.264 format in a specific mode 
in libr ...)
+       TODO: check
+CVE-2024-34665 (Out-of-bounds write in parsing h.264 format in 
librtppayload.so prior  ...)
+       TODO: check
+CVE-2024-34664 (Improper check for exception conditions in Knox Guard prior to 
SMR Oct ...)
+       TODO: check
+CVE-2024-34663 (Integer overflow in libSEF.quram.so prior to SMR Oct-2024 
Release 1 al ...)
+       TODO: check
+CVE-2024-34662 (Improper access control in ActivityManager prior to SMR 
Oct-2024 Relea ...)
+       TODO: check
+CVE-2024-21533 (All versions of the package ggit are vulnerable to Arbitrary 
Argument  ...)
+       TODO: check
+CVE-2024-21532 (All versions of the package ggit are vulnerable to Command 
Injection v ...)
+       TODO: check
 CVE-2024-9576 (Vulnerability in Distro Linux Workbooth v2.5 that allows to 
escalate p ...)
        TODO: check
 CVE-2024-9574 (SQL injection vulnerability in SOPlanning <1.45, via 
/soplanning/www/u ...)
@@ -28552,28 +28660,28 @@ CVE-2024-30465 (Missing Authorization vulnerability 
in Pagelayer Team PageLayer.
        NOT-FOR-US: WordPress plugin
 CVE-2024-30464 (Missing Authorization vulnerability in WPZOOM Social Icons 
Widget & Bl ...)
        NOT-FOR-US: WordPress plugin
-CVE-2024-8925 [Erroneous parsing of multipart form data]
+CVE-2024-8925 (In PHP versions8.1.* before 8.1.30, 8.2.* before 8.2.24, 8.3.* 
before  ...)
        {DSA-5780-1}
        - php8.2 8.2.24-1
        - php7.4 <removed>
        NOTE: Fixed in 8.3.12, 8.2.24
        NOTE: 
https://github.com/php/php-src/security/advisories/GHSA-9pqp-7h25-4f32
        NOTE: 
https://github.com/php/php-src/commit/19b49258d0c5a61398d395d8afde1123e8d161e0 
(PHP-8.2.24)
-CVE-2024-9026 [Logs from childrens may be altered]
+CVE-2024-9026 (In PHP versions 8.1.* before 8.1.30, 8.2.* before 8.2.24, 8.3.* 
before ...)
        - php8.2 8.2.24-1
        - php7.4 <removed>
        NOTE: Fixed in 8.3.12, 8.2.24
        NOTE: 
https://github.com/php/php-src/security/advisories/GHSA-865w-9rf3-2wh5
        NOTE: 
https://github.com/php/php-src/commit/1f8e16172c7961045c2b0f34ba7613e3f21cdee8 
(PHP-8.2.24)
        NOTE: Introduced by: 
https://github.com/php/php-src/commit/0bc6a66a7a0624e63edcd2499f91b227cdb77f47 
(php-7.4.4RC1)
-CVE-2024-8927 [cgi.force_redirect configuration is byppassible due to the 
environment variable collision]
+CVE-2024-8927 (In PHP versions 8.1.* before 8.1.30, 8.2.* before 8.2.24, 8.3.* 
before ...)
        {DSA-5780-1}
        - php8.2 8.2.24-1
        - php7.4 <removed>
        NOTE: Fixed in 8.3.12, 8.2.24
        NOTE: 
https://github.com/php/php-src/security/advisories/GHSA-94p6-54jq-9mwp
        NOTE: 
https://github.com/php/php-src/commit/48808d98f4fc2a05193cdcc1aedd6c66816450f1 
(PHP-8.2.24)
-CVE-2024-8926 [Bypass of CVE-2024-4577, Parameter Injection Vulnerability]
+CVE-2024-8926 (In PHP versions 8.1.* before 8.1.30, 8.2.* before 8.2.24, 8.3.* 
before ...)
        {DSA-5780-1}
        - php8.2 <not-affected> (Windows-specific)
        - php7.4 <not-affected> (Windows-specific)



View it on GitLab: 
https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/498c3411d573895b743ce2ceeb5aaf12c8c0cd8e

-- 
View it on GitLab: 
https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/498c3411d573895b743ce2ceeb5aaf12c8c0cd8e
You're receiving this email because of your account on salsa.debian.org.



_______________________________________________
debian-security-tracker-commits mailing list
[email protected]
https://alioth-lists.debian.net/cgi-bin/mailman/listinfo/debian-security-tracker-commits

Reply via email to