Salvatore Bonaccorso pushed to branch master at Debian Security Tracker / security-tracker
Commits: 4b17a39d by security tracker role at 2024-10-15T08:12:37+00:00 automatic update - - - - - 1 changed file: - data/CVE/list Changes: ===================================== data/CVE/list ===================================== @@ -1,3 +1,65 @@ +CVE-2024-9982 (AIM LINE Marketing Platform from Esi Technology does not properly vali ...) + TODO: check +CVE-2024-9981 (The ee-class from FormosaSoft does not properly validate a specific pa ...) + TODO: check +CVE-2024-9980 (The ee-class from FormosaSoft does not properly validate a specific pa ...) + TODO: check +CVE-2024-9972 (Property Management System from ChanGate has a SQL Injection vulnerabi ...) + TODO: check +CVE-2024-9971 (The specific query functionality in the FlowMaster BPM Plus from NewTy ...) + TODO: check +CVE-2024-9970 (The FlowMaster BPM Plus system from NewType has a privilege escalation ...) + TODO: check +CVE-2024-9969 (NewType WebEIP v3.0 does not properly validate user input, allowing a ...) + TODO: check +CVE-2024-9968 (WebEIP v3.0 from NewTypedoes not properly validate user input, allow ...) + TODO: check +CVE-2024-9953 (A Potential DOS Vulnerability exists in CERT VINCE software prior to v ...) + TODO: check +CVE-2024-9952 (A vulnerability was found in SourceCodester Online Eyewear Shop 1.0 an ...) + TODO: check +CVE-2024-9944 (The WooCommerce plugin for WordPress is vulnerable to HTML Injection i ...) + TODO: check +CVE-2024-9837 (The The AADMY \u2013 Add Auto Date Month Year Into Posts plugin for Wo ...) + TODO: check +CVE-2024-9820 (The WP 2FA with Telegram plugin for WordPress is vulnerable to Two-Fac ...) + TODO: check +CVE-2024-9687 (The WP 2FA with Telegram plugin for WordPress is vulnerable to Authent ...) + TODO: check +CVE-2024-9548 (The SlimStat Analytics plugin for WordPress is vulnerable to Stored Cr ...) + TODO: check +CVE-2024-9546 (The WPIDE \u2013 File Manager & Code Editor plugin for WordPress is vu ...) + TODO: check +CVE-2024-6757 (The Elementor Website Builder \u2013 More than Just a Page Builder plu ...) + TODO: check +CVE-2024-6207 (CVE 2021-22681 https://www.rockwellautomation.com/en-us/trust-center/s ...) + TODO: check +CVE-2024-48911 (OpenCanary, a multi-protocol network honeypot, directly executed comma ...) + TODO: check +CVE-2024-48909 (SpiceDB is an open source database for scalably storing and querying f ...) + TODO: check +CVE-2024-48824 (An issue in Automatic Systems Maintenance SlimLane 29565_d74ecce0c1081 ...) + TODO: check +CVE-2024-48823 (Local file inclusion in Automatic Systems Maintenance SlimLane 29565_d ...) + TODO: check +CVE-2024-48822 (Privilege escalation in Automatic Systems Maintenance SlimLane 29565_d ...) + TODO: check +CVE-2024-48821 (Cross Site Scripting vulnerability in Automatic Systems Maintenance Sl ...) + TODO: check +CVE-2024-46898 (SHIRASAGI prior to v1.19.1 processes URLs in HTTP requests improperly, ...) + TODO: check +CVE-2024-35520 (Netgear R7000 1.0.11.136 is vulnerable to Command Injection in RMT_inv ...) + TODO: check +CVE-2024-35519 (Netgear EX6120 v1.0.0.68, Netgear EX6100 v1.0.2.28, and Netgear EX3700 ...) + TODO: check +CVE-2024-35518 (Netgear EX6120 v1.0.0.68 is vulnerable to Command Injection in genie_f ...) + TODO: check +CVE-2024-30117 (A dynamic search for a prerequisite library could allow the possibilit ...) + TODO: check +CVE-2024-21535 (Versions of the package markdown-to-jsx before 7.4.0 are vulnerable to ...) + TODO: check +CVE-2024-0129 (NVIDIA NeMo contains a vulnerability in SaveRestoreConnector where a u ...) + TODO: check CVE-2024-9936 (When manipulating the selection node cache, an attacker may have been ...) - firefox 131.0.3-1 NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2024-53/#CVE-2024-9936 @@ -5583,6 +5645,7 @@ CVE-2024-44189 (The issue was addressed with improved checks. This issue is fixe CVE-2024-44188 (A permissions issue was addressed with additional restrictions. This i ...) NOT-FOR-US: Apple CVE-2024-44187 (A cross-origin issue existed with "iframe" elements. This was addresse ...) + {DSA-5792-1} - webkit2gtk 2.46.0-1 [buster] - webkit2gtk <end-of-life> (EOL in buster LTS) - wpewebkit 2.46.1-1 @@ -5674,6 +5737,7 @@ CVE-2024-44125 (The issue was addressed with improved checks. This issue is fixe CVE-2024-44124 (This issue was addressed through improved state management. This issue ...) NOT-FOR-US: Apple CVE-2024-40866 (The issue was addressed with improved UI. This issue is fixed in Safar ...) + {DSA-5792-1} - webkit2gtk 2.46.0-1 [buster] - webkit2gtk <end-of-life> (EOL in buster LTS) - wpewebkit 2.46.1-1 @@ -30142,14 +30206,14 @@ CVE-2024-30465 (Missing Authorization vulnerability in Pagelayer Team PageLayer. CVE-2024-30464 (Missing Authorization vulnerability in WPZOOM Social Icons Widget & Bl ...) NOT-FOR-US: WordPress plugin CVE-2024-8925 (In PHP versions8.1.* before 8.1.30, 8.2.* before 8.2.24, 8.3.* before ...) - {DSA-5780-1} + {DSA-5780-1 DLA-3920-1} - php8.2 8.2.24-1 - php7.4 <removed> NOTE: Fixed in 8.3.12, 8.2.24 NOTE: https://github.com/php/php-src/security/advisories/GHSA-9pqp-7h25-4f32 NOTE: https://github.com/php/php-src/commit/19b49258d0c5a61398d395d8afde1123e8d161e0 (PHP-8.2.24) CVE-2024-9026 (In PHP versions 8.1.* before 8.1.30, 8.2.* before 8.2.24, 8.3.* before ...) - {DSA-5780-1} + {DSA-5780-1 DLA-3920-1} - php8.2 8.2.24-1 - php7.4 <removed> NOTE: Fixed in 8.3.12, 8.2.24 @@ -30157,7 +30221,7 @@ CVE-2024-9026 (In PHP versions 8.1.* before 8.1.30, 8.2.* before 8.2.24, 8.3.* b NOTE: https://github.com/php/php-src/commit/1f8e16172c7961045c2b0f34ba7613e3f21cdee8 (PHP-8.2.24) NOTE: Introduced by: https://github.com/php/php-src/commit/0bc6a66a7a0624e63edcd2499f91b227cdb77f47 (php-7.4.4RC1) CVE-2024-8927 (In PHP versions 8.1.* before 8.1.30, 8.2.* before 8.2.24, 8.3.* before ...) - {DSA-5780-1} + {DSA-5780-1 DLA-3920-1} - php8.2 8.2.24-1 - php7.4 <removed> NOTE: Fixed in 8.3.12, 8.2.24 @@ -50910,7 +50974,7 @@ CVE-2024-5585 (In PHP versions8.1.* before 8.1.29, 8.2.* before 8.2.20, 8.3.* be NOTE: https://github.com/php/php-src/security/advisories/GHSA-9fcc-425m-g385 NOTE: https://github.com/php/php-src/commit/4b15f5d4ec750b31ec8911f5eb0915a45f96feca CVE-2024-5458 (In PHP versions8.1.* before 8.1.29, 8.2.* before 8.2.20, 8.3.* before ...) - {DSA-5717-1 DLA-3833-1} + {DSA-5717-1 DLA-3920-1 DLA-3833-1} - php8.2 8.2.20-2 (bug #1072885) - php7.4 <removed> - php7.3 <removed> @@ -67994,7 +68058,8 @@ CVE-2023-39249 (Dell SupportAssist for Business PCs version 3.4.0 contains a loc NOT-FOR-US: Dell CVE-2023-38960 (Insecure Permissions issue in Raiden Professional Server RaidenFTPD v. ...) NOT-FOR-US: RaidenFTPD -CVE-2024-1342 (A flaw was found in OpenShift. The existing Cross-Site Request Forgery ...) +CVE-2024-1342 + REJECTED NOT-FOR-US: Red Hat OpenShift CVE-2024-25122 (sidekiq-unique-jobs is an open source project which prevents simultane ...) NOT-FOR-US: sidekiq-unique-jobs @@ -132171,6 +132236,7 @@ CVE-2023-0589 (The WP Image Carousel WordPress plugin through 1.0.2 does not san CVE-2023-0588 (The Catalyst Connect Zoho CRM Client Portal WordPress plugin before 2. ...) NOT-FOR-US: WordPress plugin CVE-2022-4900 (A vulnerability was found in PHP where setting the environment variabl ...) + {DLA-3920-1} - php8.2 <not-affected> (Fixed before initial upload) - php7.4 <removed> - php7.3 <not-affected> (Vulnerable code not present) View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/4b17a39d5651f62b66dd0a4a041fbab5ed2c814c -- View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/4b17a39d5651f62b66dd0a4a041fbab5ed2c814c You're receiving this email because of your account on salsa.debian.org.
_______________________________________________ debian-security-tracker-commits mailing list [email protected] https://alioth-lists.debian.net/cgi-bin/mailman/listinfo/debian-security-tracker-commits
