[Git][security-tracker-team/security-tracker][master] automatic update

Salvatore Bonaccorso (@carnil) Wed, 30 Oct 2024 01:13:00 -0700


Salvatore Bonaccorso pushed to branch master at Debian Security Tracker / 
security-tracker



Commits:
55f02ee1 by security tracker role at 2024-10-30T08:12:44+00:00
automatic update

- - - - -


1 changed file:

- data/CVE/list


Changes:

=====================================
data/CVE/list
=====================================
@@ -1,3 +1,149 @@
+CVE-2024-9997 (A maliciously crafted DWG file when parsed in acdb25.dll 
through Autod ...)
+       TODO: check
+CVE-2024-9996 (A maliciously crafted DWG file when parsed in acdb25.dll 
through Autod ...)
+       TODO: check
+CVE-2024-9886 (The WP Baidu Map plugin for WordPress is vulnerable to Stored 
Cross-Si ...)
+       TODO: check
+CVE-2024-9885 (The Widget or Sidebar Shortcode plugin for WordPress is 
vulnerable to  ...)
+       TODO: check
+CVE-2024-9884 (The T(-) Countdown plugin for WordPress is vulnerable to Stored 
Cross- ...)
+       TODO: check
+CVE-2024-9846 (The The Enable Shortcodes inside Widgets,Comments and Experts 
plugin f ...)
+       TODO: check
+CVE-2024-9827 (A maliciously crafted CATPART file when parsed in CC5Dll.dll 
through A ...)
+       TODO: check
+CVE-2024-9826 (A maliciously crafted 3DM file when parsed in atf_api.dll 
through Auto ...)
+       TODO: check
+CVE-2024-9489 (A maliciously crafted DWG file when parsed in ACAD.exe through 
Autodes ...)
+       TODO: check
+CVE-2024-8896 (A maliciously crafted DXF file when parsed in acdb25.dllthrough 
Autode ...)
+       TODO: check
+CVE-2024-8871 (The Pricing Tables WordPress Plugin \u2013 Easy Pricing Tables 
plugin  ...)
+       TODO: check
+CVE-2024-8792 (The Subscribe to Comments plugin for WordPress is vulnerable to 
Reflec ...)
+       TODO: check
+CVE-2024-8627 (The Ultimate TinyMCE plugin for WordPress is vulnerable to 
Stored Cros ...)
+       TODO: check
+CVE-2024-8600 (A maliciously crafted SLDPRT file when parsed in odxsw_dll.dll 
through ...)
+       TODO: check
+CVE-2024-8599 (A maliciously crafted STP file when parsed in ACTranslators.exe 
throug ...)
+       TODO: check
+CVE-2024-8598 (A maliciously crafted STP file when parsed in ACTranslators.exe 
throug ...)
+       TODO: check
+CVE-2024-8597 (A maliciously crafted STP file when parsed in ASMDATAX230A.dll 
through ...)
+       TODO: check
+CVE-2024-8596 (A maliciously crafted MODEL file when parsed in libodxdll.dll 
through  ...)
+       TODO: check
+CVE-2024-8595 (A maliciously crafted MODEL file when parsed in libodxdll.dll 
through  ...)
+       TODO: check
+CVE-2024-8594 (A maliciously crafted MODEL file when parsed in libodxdll.dll 
through  ...)
+       TODO: check
+CVE-2024-8593 (A maliciously crafted CATPART file when parsed in 
ASMKERN230A.dll thro ...)
+       TODO: check
+CVE-2024-8592 (A maliciously crafted CATPART file when parsed in 
AcTranslators.exe th ...)
+       TODO: check
+CVE-2024-8591 (A maliciously crafted 3DM file when parsed in AcTranslators.exe 
throug ...)
+       TODO: check
+CVE-2024-8590 (A maliciously crafted 3DM file when parsed in atf_api.dll 
through Auto ...)
+       TODO: check
+CVE-2024-8589 (A maliciously crafted SLDPRT file when parsed in odxsw_dll.dll 
through ...)
+       TODO: check
+CVE-2024-8588 (A maliciously crafted SLDPRT file when parsed in odxsw_dll.dll 
through ...)
+       TODO: check
+CVE-2024-8587 (A maliciously crafted SLDPRT file when parsed in odxsw_dll.dll 
through ...)
+       TODO: check
+CVE-2024-8444 (The Download Manager WordPress plugin before 3.3.00 doesn't 
sanitize s ...)
+       TODO: check
+CVE-2024-7992 (A maliciously crafted DWG file, when parsed through Autodesk 
AutoCAD a ...)
+       TODO: check
+CVE-2024-7991 (A maliciously crafted DWG file, when parsed through Autodesk 
AutoCAD a ...)
+       TODO: check
+CVE-2024-51568 (CyberPanel (aka Cyber Panel) before 2.3.5 allows Command 
Injection via ...)
+       TODO: check
+CVE-2024-51567 (upgrademysqlstatus in databases/views.py in CyberPanel (aka 
Cyber Pane ...)
+       TODO: check
+CVE-2024-51378 (getresetstatus in dns/views.py and ftp/views.py in CyberPanel 
(aka Cyb ...)
+       TODO: check
+CVE-2024-50512 (Generation of Error Message Containing Sensitive Information 
vulnerabi ...)
+       TODO: check
+CVE-2024-50511 (Unrestricted Upload of File with Dangerous Type vulnerability 
in David ...)
+       TODO: check
+CVE-2024-50510 (Unrestricted Upload of File with Dangerous Type vulnerability 
in Web a ...)
+       TODO: check
+CVE-2024-50509 (Improper Limitation of a Pathname to a Restricted Directory 
('Path Tra ...)
+       TODO: check
+CVE-2024-50508 (Improper Limitation of a Pathname to a Restricted Directory 
('Path Tra ...)
+       TODO: check
+CVE-2024-50507 (Deserialization of Untrusted Data vulnerability in Daniel 
Schmitzer DS ...)
+       TODO: check
+CVE-2024-50506 (Incorrect Privilege Assignment vulnerability in Azexo 
Marketing Automa ...)
+       TODO: check
+CVE-2024-50504 (Incorrect Privilege Assignment vulnerability in Matt Whiteman 
Bulk Cha ...)
+       TODO: check
+CVE-2024-50503 (Authentication Bypass Using an Alternate Path or Channel 
vulnerability ...)
+       TODO: check
+CVE-2024-50456 (Missing Authorization vulnerability in The SEO Guys at 
SEOPress SEOPre ...)
+       TODO: check
+CVE-2024-50455 (Missing Authorization vulnerability in The SEO Guys at 
SEOPress SEOPre ...)
+       TODO: check
+CVE-2024-50454 (Missing Authorization vulnerability in The SEO Guys at 
SEOPress SEOPre ...)
+       TODO: check
+CVE-2024-50428 (Missing Authorization vulnerability in Mondula GmbH Multi Step 
Form al ...)
+       TODO: check
+CVE-2024-50425 (Exposure of Sensitive System Information to an Unauthorized 
Control Sp ...)
+       TODO: check
+CVE-2024-50424 (Missing Authorization vulnerability in Templately allows 
Exploiting In ...)
+       TODO: check
+CVE-2024-50423 (Missing Authorization vulnerability in Templately allows 
Exploiting In ...)
+       TODO: check
+CVE-2024-50422 (Missing Authorization vulnerability in Cloudways Breeze allows 
Exploit ...)
+       TODO: check
+CVE-2024-50421 (Missing Authorization vulnerability in WP Overnight 
WooCommerce PDF In ...)
+       TODO: check
+CVE-2024-50348 (InstantCMS is a free and open source content management 
system. In pho ...)
+       TODO: check
+CVE-2024-48573 (A NoSQL injection vulnerability in AquilaCMS 1.409.20 and 
prior allows ...)
+       TODO: check
+CVE-2024-48572 (A User enumeration vulnerability in AquilaCMS 1.409.20 and 
prior allow ...)
+       TODO: check
+CVE-2024-48461 (Cross Site Scripting vulnerability in TeslaLogger Admin Panel 
before v ...)
+       TODO: check
+CVE-2024-48206 (A Deserialization of Untrusted Data vulnerability in chainer 
v7.8.1.po ...)
+       TODO: check
+CVE-2024-48138 (A remote code execution (RCE) vulnerability in the component 
/PluXml/c ...)
+       TODO: check
+CVE-2024-48063 (In PyTorch <=2.4.1, the RemoteModule has Deserialization RCE.)
+       TODO: check
+CVE-2024-44081 (In Jitsi Meet before 2.0.9779, the functionality to share a 
video file ...)
+       TODO: check
+CVE-2024-44080 (In Jitsi Meet before 2.0.9779, the functionality to share an 
image usi ...)
+       TODO: check
+CVE-2024-10509 (A vulnerability, which was classified as critical, has been 
found in C ...)
+       TODO: check
+CVE-2024-10507 (A vulnerability classified as critical was found in Codezips 
Free Exam ...)
+       TODO: check
+CVE-2024-10506 (A vulnerability classified as critical has been found in 
code-projects ...)
+       TODO: check
+CVE-2024-10505 (A vulnerability was found in wuzhicms 4.1.0. It has been 
classified as ...)
+       TODO: check
+CVE-2024-10503 (A vulnerability was found in Klokan MapTiler tileserver-gl 
2.3.1 and c ...)
+       TODO: check
+CVE-2024-10502 (A vulnerability has been found in ESAFENET CDG 5 and 
classified as cri ...)
+       TODO: check
+CVE-2024-10501 (A vulnerability, which was classified as critical, was found 
in ESAFEN ...)
+       TODO: check
+CVE-2024-10500 (A vulnerability, which was classified as critical, has been 
found in E ...)
+       TODO: check
+CVE-2024-10399 (The Download Monitor plugin for WordPress is vulnerable to 
unauthorize ...)
+       TODO: check
+CVE-2024-10228 (The Vagrant VMWare Utility Windows installer targeted a custom 
locatio ...)
+       TODO: check
+CVE-2024-10223 (The WP Team \u2013 WordPress Team Member Plugin plugin for 
WordPress i ...)
+       TODO: check
+CVE-2024-10108 (The WPAdverts \u2013 Classifieds Plugin plugin for WordPress 
is vulner ...)
+       TODO: check
+CVE-2023-5816 (The Code Explorer plugin for WordPress is vulnerable to 
arbitrary exte ...)
+       TODO: check
 CVE-2024-46956 [PostScript interpreter - fix buffer length check]
        - ghostscript 10.04.0~dfsg-1
        NOTE: https://bugs.ghostscript.com/show_bug.cgi?id=707895
@@ -28,10 +174,10 @@ CVE-2024-46951 [PS interpreter - check the type of the 
Pattern Implementation]
        NOTE: https://bugs.ghostscript.com/show_bug.cgi?id=707991
        NOTE: 
https://cgit.ghostscript.com/cgi-bin/cgit.cgi/ghostpdl.git/commit/?id=f49812186baa7d1362880673408a6fbe8719b4f8
        NOTE: 
https://cgit.ghostscript.com/cgi-bin/cgit.cgi/ghostpdl.git/commit/?id=ada21374f0c90cc3acf7ce0e96302394560c7aee
 (ghostpdl-10.04.0)
-CVE-2024-10488
+CVE-2024-10488 (Use after free in WebRTC in Google Chrome prior to 
130.0.6723.92 allow ...)
        - chromium <unfixed>
        [bullseye] - chromium <end-of-life> (see #1061268)
-CVE-2024-10487
+CVE-2024-10487 (Out of bounds write in Dawn in Google Chrome prior to 
130.0.6723.92 al ...)
        - chromium <unfixed>
        [bullseye] - chromium <end-of-life> (see #1061268)
 CVE-2024-9990 (The Crypto plugin for WordPress is vulnerable to Cross-Site 
Request Fo ...)
@@ -347,7 +493,7 @@ CVE-2024-10458 (A permission leak could have occurred from 
a trusted site to an
        NOTE: 
https://www.mozilla.org/en-US/security/advisories/mfsa2024-55/#CVE-2024-10458
        NOTE: 
https://www.mozilla.org/en-US/security/advisories/mfsa2024-56/#CVE-2024-10458
        NOTE: 
https://www.mozilla.org/en-US/security/advisories/mfsa2024-58/#CVE-2024-10458
-CVE-2024-9632
+CVE-2024-9632 (A flaw was found in the X.org server. Due to improperly tracked 
alloca ...)
        {DSA-5800-1 DLA-3940-1}
        - xorg-server 2:21.1.13-3.1 (bug #1086244)
        - xwayland <unfixed> (bug #1086245)
@@ -71662,6 +71808,7 @@ CVE-2024-25366 (Buffer Overflow vulnerability in 
mz-automation.de libiec61859 v.
 CVE-2024-25274 (An arbitrary file upload vulnerability in the component 
/sysFile/uploa ...)
        NOT-FOR-US: Novel-Plus
 CVE-2024-25262 (texlive-bin commit c515e was discovered to contain heap buffer 
overflo ...)
+       {DLA-3941-1}
        - texlive-bin 2023.20230311.66589-9 (bug #1064517)
        [bookworm] - texlive-bin <no-dsa> (Minor issue)
        [buster] - texlive-bin <no-dsa> (Minor issue)
@@ -116650,6 +116797,7 @@ CVE-2023-2454 (schema_element defeats protective 
search_path changes; It was fou
        NOTE: 
https://git.postgresql.org/gitweb/?p=postgresql.git;a=commitdiff;h=23cb8eaeb97df350273cb8902e55842a955339c8
 (REL_11_20)
        NOTE: 
https://git.postgresql.org/gitweb/?p=postgresql.git;a=commitdiff;h=766e061404c2159dccebad4d19e496d8ced8b2c4
 (REL_11_20)
 CVE-2023-32668 (LuaTeX before 1.17.0 allows a document (compiled with the 
default sett ...)
+       {DLA-3941-1}
        - texlive-bin 2022.20220321.62855-6 (bug #1036470)
        [bookworm] - texlive-bin 2022.20220321.62855-5.1+deb12u1
        [buster] - texlive-bin <no-dsa> (Minor issue)



View it on GitLab: 
https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/55f02ee1bd07b056262d40d0c7c0fa593eb764f6

-- 
View it on GitLab: 
https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/55f02ee1bd07b056262d40d0c7c0fa593eb764f6
You're receiving this email because of your account on salsa.debian.org.

_______________________________________________
debian-security-tracker-commits mailing list
[email protected]
https://alioth-lists.debian.net/cgi-bin/mailman/listinfo/debian-security-tracker-commits

[Git][security-tracker-team/security-tracker][master] automatic update

Reply via email to