Salvatore Bonaccorso pushed to branch master at Debian Security Tracker /
security-tracker
Commits:
f87b39ac by security tracker role at 2024-10-17T08:11:54+00:00
automatic update
- - - - -
1 changed file:
- data/CVE/list
Changes:
=====================================
data/CVE/list
=====================================
@@ -1,3 +1,67 @@
+CVE-2024-9951 (The WP Photo Album Plus plugin for WordPress is vulnerable to
Reflecte ...)
+ TODO: check
+CVE-2024-9940 (The Calculated Fields Form plugin for WordPress is vulnerable
to HTML ...)
+ TODO: check
+CVE-2024-9863 (The UserPro plugin for WordPress is vulnerable to privilege
escalation ...)
+ TODO: check
+CVE-2024-9862 (The Miniorange OTP Verification with Firebase plugin for
WordPress is ...)
+ TODO: check
+CVE-2024-9861 (The Miniorange OTP Verification with Firebase plugin for
WordPress is ...)
+ TODO: check
+CVE-2024-9352 (The Forminator Forms \u2013 Contact Form, Payment Form & Custom
Form B ...)
+ TODO: check
+CVE-2024-9351 (The Forminator Forms \u2013 Contact Form, Payment Form & Custom
Form B ...)
+ TODO: check
+CVE-2024-9347 (The The Ultimate WordPress Toolkit \u2013 WP Extended plugin
for WordP ...)
+ TODO: check
+CVE-2024-9263 (The WP Timetics- AI-powered Appointment Booking Calendar and
Online Sc ...)
+ TODO: check
+CVE-2024-9240 (The ReDi Restaurant Reservation plugin for WordPress is
vulnerable to ...)
+ TODO: check
+CVE-2024-9215 (The Co-Authors, Multiple Authors and Guest Authors in an Author
Box wi ...)
+ TODO: check
+CVE-2024-9213 (The \u0627\u0641\u0632\u0648\u0646\u0647
\u067e\u06cc\u0627\u0645\u06a ...)
+ TODO: check
+CVE-2024-8719 (The Flexmls\xae IDX Plugin plugin for WordPress is vulnerable
to Refle ...)
+ TODO: check
+CVE-2024-7994 (A maliciously crafted RFA file, when parsed through Autodesk
Revit, ca ...)
+ TODO: check
+CVE-2024-7993 (A maliciously crafted PDF file, when parsed through Autodesk
Revit, ca ...)
+ TODO: check
+CVE-2024-7417 (The Royal Elementor Addons and Templates plugin for WordPress
is vulne ...)
+ TODO: check
+CVE-2024-5429 (The Logo Slider WordPress plugin before 4.1.0 does not
validate and e ...)
+ TODO: check
+CVE-2024-49593 (In Advanced Custom Fields (ACF) before 6.3.9 and Secure Custom
Fields ...)
+ TODO: check
+CVE-2024-48918 (RDS Light is a simplified version of the Reflective Dialogue
System (R ...)
+ TODO: check
+CVE-2024-48758 (dingfanzu CMS V1.0 was discovered to contain a Cross-Site
Request Forg ...)
+ TODO: check
+CVE-2024-48180 (ClassCMS <=4.8 is vulnerable to file inclusion in the nowView
method i ...)
+ TODO: check
+CVE-2024-47889 (Action Mailer is a framework for designing email service
layers. Start ...)
+ TODO: check
+CVE-2024-47888 (Action Text brings rich text content and editing to Rails.
Starting in ...)
+ TODO: check
+CVE-2024-47887 (Action Pack is a framework for handling and responding to web
requests ...)
+ TODO: check
+CVE-2024-46213 (REDAXO CMS v2.11.0 was discovered to contain a remote code
execution ( ...)
+ TODO: check
+CVE-2024-46212 (An issue in the component /index.php?page=backup/export of
REDAXO CMS ...)
+ TODO: check
+CVE-2024-45767 (Dell OpenManage Enterprise, version(s) OME 4.1 and prior,
contain(s) a ...)
+ TODO: check
+CVE-2024-45766 (Dell OpenManage Enterprise, version(s) OME 4.1 and prior,
contain(s) a ...)
+ TODO: check
+CVE-2024-44762 (A discrepancy in error messages for invalid login attempts in
Webmin U ...)
+ TODO: check
+CVE-2024-3187 (This issue tracks two CWE-416 Use After Free (UAF) and one
CWE-415 Dou ...)
+ TODO: check
+CVE-2024-3186 (CWE-476 NULL Pointer Dereference vulnerability in the
evalExpr() funct ...)
+ TODO: check
+CVE-2024-3184 (Multiple CWE-476 NULL Pointer Dereference vulnerabilities were
found i ...)
+ TODO: check
CVE-2024-9893 (The Nextend Social Login Pro plugin for WordPress is vulnerable
to aut ...)
NOT-FOR-US: WordPress plugin
CVE-2024-9858 (There exists an insecure default user permission in Google
Cloud Migra ...)
@@ -84061,6 +84125,7 @@ CVE-2023-49090 (CarrierWave is a solution for file
uploads for Rails, Sinatra an
NOTE: Fixing this issue incompletely opens up CVE-2024-29034 and so
apply complete set
NOTE: of fixes.
CVE-2023-49083 (cryptography is a package designed to expose cryptographic
primitives ...)
+ {DLA-3922-1}
- python-cryptography 41.0.7-1 (bug #1057108)
[bookworm] - python-cryptography <no-dsa> (Minor issue)
[buster] - python-cryptography <not-affected> (Vulnerable code
introduced later)
@@ -135653,7 +135718,7 @@ CVE-2023-23933 (OpenSearch Anomaly Detection
identifies atypical data and receiv
CVE-2023-23932 (OpenDDS is an open source C++ implementation of the Object
Management ...)
NOT-FOR-US: OpenDDS
CVE-2023-23931 (cryptography is a package designed to expose cryptographic
primitives ...)
- {DLA-3331-2 DLA-3331-1}
+ {DLA-3922-1 DLA-3331-2 DLA-3331-1}
- python-cryptography 38.0.4-3 (bug #1031049)
NOTE:
https://github.com/pyca/cryptography/security/advisories/GHSA-w7pp-m8wf-vj6r
NOTE:
https://github.com/pyca/cryptography/commit/9fbf84efc861668755ab645530ec7be9cf3c6696
View it on GitLab:
https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/f87b39acf3c3a46acd5b881b5c8f9affbb6e0a65
--
View it on GitLab:
https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/f87b39acf3c3a46acd5b881b5c8f9affbb6e0a65
You're receiving this email because of your account on salsa.debian.org.
_______________________________________________
debian-security-tracker-commits mailing list
[email protected]
https://alioth-lists.debian.net/cgi-bin/mailman/listinfo/debian-security-tracker-commits
