[Git][security-tracker-team/security-tracker][master] automatic update

Salvatore Bonaccorso (@carnil) Wed, 23 Oct 2024 01:12:56 -0700


Salvatore Bonaccorso pushed to branch master at Debian Security Tracker / 
security-tracker



Commits:
acb1dfe9 by security tracker role at 2024-10-23T08:12:41+00:00
automatic update

- - - - -


1 changed file:

- data/CVE/list


Changes:

=====================================
data/CVE/list
=====================================
@@ -1,4 +1,68 @@
-CVE-2024-50066 [mm/mremap: fix move_normal_pmd/retract_page_tables race]
+CVE-2024-9947 (The ProfilePress Pro plugin for WordPress is vulnerable to 
authenticat ...)
+       TODO: check
+CVE-2024-9927 (The WooCommerce Order Proposal plugin for WordPress is 
vulnerable to p ...)
+       TODO: check
+CVE-2024-9829 (The Download Plugin plugin for WordPress is vulnerable to 
unauthorized ...)
+       TODO: check
+CVE-2024-9583 (The RSS Aggregator \u2013 RSS Import, News Feeds, Feed to Post, 
and Au ...)
+       TODO: check
+CVE-2024-9530 (The Qi Addons For Elementor plugin for WordPress is vulnerable 
to Sens ...)
+       TODO: check
+CVE-2024-7587 (Incorrect Default Permissions vulnerability in GenBroker32, 
which is i ...)
+       TODO: check
+CVE-2024-48919 (Cursor is a code editor built for programming with AI. Prior 
to Sep 27 ...)
+       TODO: check
+CVE-2024-48657 (SQL Injection vulnerability in hospital management system in 
php with  ...)
+       TODO: check
+CVE-2024-48656 (Cross Site Scripting vulnerability in student management 
system in php ...)
+       TODO: check
+CVE-2024-48652 (Cross Site Scripting vulnerability in camaleon-cms v.2.7.5 
allows remo ...)
+       TODO: check
+CVE-2024-48644 (Accounts enumeration vulnerability in the Login Component of 
Reolink D ...)
+       TODO: check
+CVE-2024-48415 (itsourcecode Loan Management System v1.0 is vulnerable to 
Cross Site S ...)
+       TODO: check
+CVE-2024-46914
+       REJECTED
+CVE-2024-46483 (Xlight FTP Server <3.9.4.3 has an integer overflow 
vulnerability in th ...)
+       TODO: check
+CVE-2024-46482 (An arbitrary file upload vulnerability in the Ticket 
Generation functi ...)
+       TODO: check
+CVE-2024-45526 (An issue was discovered in OPC Foundation 
OPCFoundation/UA-.NETStandar ...)
+       TODO: check
+CVE-2024-44812 (SQL Injection vulnerability in Online Complaint Site v.1.0 
allows a re ...)
+       TODO: check
+CVE-2024-44331 (Incorrect Access Control in GStreamer RTSP server 1.25.0 in 
gst-rtsp-s ...)
+       TODO: check
+CVE-2024-43924 (Missing Authorization vulnerability in dFactory Responsive 
Lightbox al ...)
+       TODO: check
+CVE-2024-43812 (Kieback & Peter's DDC4000 serieshas an insufficiently 
protected creden ...)
+       TODO: check
+CVE-2024-43698 (Kieback & Peter's DDC4000 seriesuses weak credentials, which 
may allow ...)
+       TODO: check
+CVE-2024-42643 (Integer Overflow in fast_ping.c in SmartDNS Release46 allows 
remote at ...)
+       TODO: check
+CVE-2024-41717 (Kieback & Peter's DDC4000 seriesis vulnerable to a path 
traversal vuln ...)
+       TODO: check
+CVE-2024-40494 (Buffer Overflow in coap_msg.c in FreeCoAP allows remote 
attackers to e ...)
+       TODO: check
+CVE-2024-40493 (Null Pointer Dereference in `coap_client_exchange_blockwise2` 
function ...)
+       TODO: check
+CVE-2024-31880 (IBM Db2 for Linux, UNIX and Windows (includes Db2 Connect 
Server) 10.5 ...)
+       TODO: check
+CVE-2024-31029 (An issue in the server_handle_regular function of the 
test_coap_server ...)
+       TODO: check
+CVE-2024-26519 (An issue in Casa Systems NTC-221 version 2.0.99.0 and before 
allows a  ...)
+       TODO: check
+CVE-2024-10231 (Type Confusion in V8 in Google Chrome prior to 130.0.6723.69 
allowed a ...)
+       TODO: check
+CVE-2024-10230 (Type Confusion in V8 in Google Chrome prior to 130.0.6723.69 
allowed a ...)
+       TODO: check
+CVE-2024-10229 (Inappropriate implementation in Extensions in Google Chrome 
prior to 1 ...)
+       TODO: check
+CVE-2024-10045 (The Transients Manager plugin for WordPress is vulnerable to 
Cross-Sit ...)
+       TODO: check
+CVE-2024-50066 (In the Linux kernel, the following vulnerability has been 
resolved:  m ...)
        - linux <unfixed>
        [bookworm] - linux <not-affected> (Vulnerable code not present)
        [bullseye] - linux <not-affected> (Vulnerable code not present)
@@ -1309,7 +1373,8 @@ CVE-2024-47757 (In the Linux kernel, the following 
vulnerability has been resolv
 CVE-2024-47756 (In the Linux kernel, the following vulnerability has been 
resolved:  P ...)
        - linux 6.11.2-1
        NOTE: 
https://git.kernel.org/linus/6188a1c762eb9bbd444f47696eda77a5eae6207a (6.12-rc1)
-CVE-2024-47755 (In the Linux kernel, the following vulnerability has been 
resolved:  n ...)
+CVE-2024-47755
+       REJECTED
        - linux 6.11.2-1
        NOTE: 
https://git.kernel.org/linus/62c2aa6b1f565d2fc1ec11a6e9e8336ce37a6426 (6.12-rc1)
 CVE-2024-47754 (In the Linux kernel, the following vulnerability has been 
resolved:  m ...)
@@ -1421,7 +1486,8 @@ CVE-2024-47727 (In the Linux kernel, the following 
vulnerability has been resolv
 CVE-2024-47726 (In the Linux kernel, the following vulnerability has been 
resolved:  f ...)
        - linux 6.11.2-1
        NOTE: 
https://git.kernel.org/linus/96cfeb0389530ae32ade8a48ae3ae1ac3b6c009d (6.12-rc1)
-CVE-2024-47725 (In the Linux kernel, the following vulnerability has been 
resolved:  d ...)
+CVE-2024-47725
+       REJECTED
        - linux 6.11.2-1
        NOTE: 
https://git.kernel.org/linus/e6a3531dd542cb127c8de32ab1e54a48ae19962b (6.12-rc1)
 CVE-2024-47724 (In the Linux kernel, the following vulnerability has been 
resolved:  w ...)
@@ -2662,6 +2728,7 @@ CVE-2024-45085 (IBM WebSphere Application Server 8.5 is 
vulnerable to a denial o
 CVE-2024-44775 (An issue in kmqtt v0.2.7 allows attackers to cause a Denial of 
Service ...)
        NOT-FOR-US: kmqtt
 CVE-2024-41311 (In Libheif 1.17.6, insufficient checks in 
ImageOverlay::parse() decodi ...)
+       {DLA-3934-1}
        - libheif 1.18.1-1
        NOTE: https://github.com/strukturag/libheif/issues/1226
        NOTE: https://github.com/strukturag/libheif/pull/1227
@@ -4628,15 +4695,20 @@ CVE-2024-25885 (An issue in the getcolor function in 
utils.py of xhtml2pdf v0.2.
        NOTE: 
https://gist.github.com/salvatore-abello/c88dd0027496774023ef36c7b576d206
 CVE-2024-25825 (FydeOS for PC 17.1 R114, FydeOS for VMware 17.0 R114, FydeOS 
for You 1 ...)
        NOT-FOR-US: FydeOS
-CVE-2024-25286 (3DSecure 2.0 allows CSRF in the Authorization Method via 
modified Orig ...)
+CVE-2024-25286
+       REJECTED
        NOT-FOR-US: 3DSecure
-CVE-2024-25285 (3DSecure 2.0 allows form action hijacking via 
threeDsMethod.jsp?threeD ...)
+CVE-2024-25285
+       REJECTED
        NOT-FOR-US: 3DSecure
-CVE-2024-25284 (3DSecure 2.0 allows reflected XSS in the 3DS Authorization 
Method via  ...)
+CVE-2024-25284
+       REJECTED
        NOT-FOR-US: 3DSecure
-CVE-2024-25283 (3DSecure 2.0 allows reflected XSS in the 3DS Authorization 
Challenge v ...)
+CVE-2024-25283
+       REJECTED
        NOT-FOR-US: 3DSecure
-CVE-2024-25282 (3DSecure 2.0 allows XSS in its 3DSMethod Authentication via a 
modified ...)
+CVE-2024-25282
+       REJECTED
        NOT-FOR-US: 3DSecure
 CVE-2024-20787 (Substance3D - Painter versions 10.0.1 and earlier are affected 
by an o ...)
        NOT-FOR-US: Adobe
@@ -49294,6 +49366,7 @@ CVE-2024-33401 (Cross Site Scripting vulnerability in 
DedeCMS v.5.7.113 allows a
 CVE-2024-33350 (Directory Traversal vulnerability in TaoCMS v.3.0.2 allows a 
remote at ...)
        NOT-FOR-US: TaoCMS
 CVE-2024-31837 (DMitry (Deepmagic Information Gathering Tool) 1.3a has a 
format-string ...)
+       {DLA-3933-1}
        - dmitry 1.3a-5 (bug #1070370)
        [bookworm] - dmitry 1.3a-1.2+deb12u1
        [buster] - dmitry <postponed> (Minor issue, crash in CLI tool, requires 
malicious parameter)
@@ -338867,6 +338940,7 @@ CVE-2020-14932 (compose.php in SquirrelMail 1.4.22 
calls unserialize for the $ma
        - squirrelmail <removed>
        NOTE: https://www.openwall.com/lists/oss-security/2020/06/20/1
 CVE-2020-14931 (A stack-based buffer overflow in DMitry (Deepmagic Information 
Gatheri ...)
+       {DLA-3933-1}
        - dmitry 1.3a-5 (bug #1070370)
        [bookworm] - dmitry 1.3a-1.2+deb12u1
        [buster] - dmitry <postponed> (Minor issue, requires hostile whois 
server)
@@ -519023,6 +519097,7 @@ CVE-2017-7940 (The iw_read_gif_file function in 
imagew-gif.c in libimageworsener
 CVE-2017-7939 (The read_next_pam_token function in imagew-pnm.c in 
libimageworsener.a ...)
        NOT-FOR-US: ImageWorsener
 CVE-2017-7938 (Stack-based buffer overflow in DMitry (Deepmagic Information 
Gathering ...)
+       {DLA-3933-1}
        - dmitry 1.3a-5 (bug #1070370)
        [bookworm] - dmitry 1.3a-1.2+deb12u1
        [buster] - dmitry <postponed> (Minor issue, crash in CLI tool, requires 
malicious parameter)



View it on GitLab: 
https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/acb1dfe98b5c9764aca2c72aa67f845971263378

-- 
View it on GitLab: 
https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/acb1dfe98b5c9764aca2c72aa67f845971263378
You're receiving this email because of your account on salsa.debian.org.

_______________________________________________
debian-security-tracker-commits mailing list
[email protected]
https://alioth-lists.debian.net/cgi-bin/mailman/listinfo/debian-security-tracker-commits

[Git][security-tracker-team/security-tracker][master] automatic update

Reply via email to