[Git][security-tracker-team/security-tracker][master] automatic update

Salvatore Bonaccorso (@carnil) Thu, 31 Oct 2024 01:12:09 -0700


Salvatore Bonaccorso pushed to branch master at Debian Security Tracker / 
security-tracker



Commits:
cc83ef3c by security tracker role at 2024-10-31T08:11:54+00:00
automatic update

- - - - -


1 changed file:

- data/CVE/list


Changes:

=====================================
data/CVE/list
=====================================
@@ -1,3 +1,71 @@
+CVE-2024-9708 (The Easy SVG Upload plugin for WordPress is vulnerable to 
Stored Cross ...)
+       TODO: check
+CVE-2024-9700 (The Forminator Forms \u2013 Contact Form, Payment Form & Custom 
Form B ...)
+       TODO: check
+CVE-2024-9446 (The WP Simple Anchors Links plugin for WordPress is vulnerable 
to Stor ...)
+       TODO: check
+CVE-2024-9434 (The WPGlobus Translate Options plugin for WordPress is 
vulnerable to C ...)
+       TODO: check
+CVE-2024-9430 (The Get Quote For Woocommerce \u2013 Request A Quote For 
Woocommerce p ...)
+       TODO: check
+CVE-2024-9165 (The Gift Cards (Gift Vouchers and Packages) (WooCommerce 
Supported) pl ...)
+       TODO: check
+CVE-2024-51427 (An issue in Ethereum v.1.12.2 allows remote attacker to 
execute arbitr ...)
+       TODO: check
+CVE-2024-51426 (Insecure Permissions vulnerability in Ethereum v.1.12.2 allows 
a remot ...)
+       TODO: check
+CVE-2024-51425 (Insecure Permissions vulnerability in Ethereum v.1.12.2 allows 
a remot ...)
+       TODO: check
+CVE-2024-51424 (An issue in Ethereum v.1.12.2 allows remote attacker to 
execute arbitr ...)
+       TODO: check
+CVE-2024-51419 (Cross Site Scripting vulnerability in Shenzhen Interconnection 
Harbor  ...)
+       TODO: check
+CVE-2024-51243 (The eladmin v2.7 and before contains a remote code execution 
(RCE) vul ...)
+       TODO: check
+CVE-2024-51242 (A Server-Side Request Forgery (SSRF) vulnerability has been 
identified ...)
+       TODO: check
+CVE-2024-48807 (Cross Site Scripting vulnerability in PHPGurukul Doctor 
Appointment Ma ...)
+       TODO: check
+CVE-2024-48735 (Directory Traversal in 
/SASStudio/sasexec/sessions/{sessionID}/workspa ...)
+       TODO: check
+CVE-2024-48734 (*Unrestricted file upload in 
/SASStudio/SASStudio/sasexec/{sessionID}/ ...)
+       TODO: check
+CVE-2024-48733 (SQL injection vulnerability in 
/SASStudio/sasexec/sessions/{sessionID} ...)
+       TODO: check
+CVE-2024-48346 (xtreme1 <= v0.9.1 contains a Server-Side Request Forgery 
(SSRF) vulner ...)
+       TODO: check
+CVE-2024-48311 (Piwigo v14.5.0 was discovered to contain a Cross-Site Request 
Forgery  ...)
+       TODO: check
+CVE-2024-48307 (JeecgBoot v3.7.1 was discovered to contain a SQL injection 
vulnerabili ...)
+       TODO: check
+CVE-2024-48112 (A deserialization vulnerability in the component 
\controller\Index.php ...)
+       TODO: check
+CVE-2024-48093 (Unrestricted File Upload in the Discussions tab in Operately 
v.0.1.0 a ...)
+       TODO: check
+CVE-2024-43382 (Snowflake JDBC driver versions >= 3.2.6 and <= 3.19.1 have an 
Incorrec ...)
+       TODO: check
+CVE-2024-21537 (Versions of the package lilconfig from 3.1.0 and before 3.1.1 
are vuln ...)
+       TODO: check
+CVE-2024-10561 (A vulnerability was found in Codezips Pet Shop Management 
System 1.0.  ...)
+       TODO: check
+CVE-2024-10559 (A vulnerability was found in SourceCodester Airport Booking 
Management ...)
+       TODO: check
+CVE-2024-10557 (A vulnerability has been found in code-projects Blood Bank 
Management  ...)
+       TODO: check
+CVE-2024-10556 (A vulnerability, which was classified as critical, was found 
in Codezi ...)
+       TODO: check
+CVE-2024-10544 (The Woo Manage Fraud Orders plugin for WordPress is vulnerable 
to Sens ...)
+       TODO: check
+CVE-2024-10392 (The AI Power: Complete AI Pack plugin for WordPress is 
vulnerable to a ...)
+       TODO: check
+CVE-2024-10086 (A vulnerability was identified in Consul and Consul Enterprise 
such th ...)
+       TODO: check
+CVE-2024-10006 (A vulnerability was identified in Consul and Consul Enterprise 
(\u201c ...)
+       TODO: check
+CVE-2024-10005 (A vulnerability was identified in Consul and Consul Enterprise 
(\u201c ...)
+       TODO: check
+CVE-2023-52066 (http.zig commit 76cf5 was discovered to contain a CRLF 
injection vulne ...)
+       TODO: check
 CVE-2024-9419 (Client / Server PCs with the HP Smart Universal Printing Driver 
instal ...)
        NOT-FOR-US: HP
 CVE-2024-9388 (The Black Widgets For Elementor plugin for WordPress is 
vulnerable to  ...)
@@ -4456,6 +4524,7 @@ CVE-2024-9444 (The ElementsReady Addons for Elementor 
plugin for WordPress is vu
 CVE-2024-9348 (Docker Desktop before v4.34.3 allows RCE via unsanitized GitHub 
source ...)
        NOT-FOR-US: Docker Desktop
 CVE-2024-9143 (Issue summary: Use of the low-level GF(2^m) elliptic curve APIs 
with u ...)
+       {DLA-3942-1}
        [experimental] - openssl 3.4.0-1
        - openssl 3.3.2-2 (bug #1085378)
        [bookworm] - openssl <postponed> (Minor issue, fix along in next update)
@@ -10887,7 +10956,8 @@ CVE-2024-22303 (Incorrect Privilege Assignment 
vulnerability in favethemes Houze
        NOT-FOR-US: WordPress plugin
 CVE-2024-21743 (Privilege Escalation vulnerability in favethemes Houzez Login 
Register ...)
        NOT-FOR-US: WordPress plugin
-CVE-2024-8421 (This CVE has been rejected.)
+CVE-2024-8421
+       REJECTED
        NOT-FOR-US: Red Hat specific golang.org/x/net/http2 CVE relating to 
CVE-2023-39325
        NOTE: https://bugzilla.redhat.com/show_bug.cgi?id=2309710#c7
 CVE-2024-XXXX [RUSTSEC-2023-0086]
@@ -30024,6 +30094,7 @@ CVE-2024-37370 (In MIT Kerberos 5 (aka krb5) before 
1.21.3, an attacker can modi
        - krb5 1.21.3-1
        NOTE: 
https://github.com/krb5/krb5/commit/55fbf435edbe2e92dd8101669b1ce7144bc96fef 
(krb5-1.21.3-final)
 CVE-2024-5535 (Issue summary: Calling the OpenSSL API function 
SSL_select_next_proto  ...)
+       {DLA-3942-1}
        - openssl 3.3.2-1 (bug #1074487)
        [bookworm] - openssl <postponed> (Minor issue, fix along with next 
update round)
        NOTE: https://www.openssl.org/news/secadv/20240627.txt
@@ -38561,6 +38632,7 @@ CVE-2023-35949 (Multiple stack-based buffer overflow 
vulnerabilities exist in th
        NOTE: 
https://talosintelligence.com/vulnerability_reports/TALOS-2023-1784
        NOTE: https://github.com/libigl/libigl/issues/2387
 CVE-2024-4741 [Use After Free with SSL_free_buffers]
+       {DLA-3942-1}
        - openssl 3.2.2-1 (bug #1072113)
        [bookworm] - openssl 3.0.14-1~deb12u1
        [buster] - openssl <postponed> (Minor issue, fix along with next update 
round)
@@ -58230,6 +58302,7 @@ CVE-2024-26811 (In the Linux kernel, the following 
vulnerability has been resolv
        - linux 6.8.9-1
        NOTE: 
https://git.kernel.org/linus/a677ebd8ca2f2632ccdecbad7b87641274e15aac (6.9-rc3)
 CVE-2024-2511 (Issue summary: Some non-default TLS server configurations can 
cause un ...)
+       {DLA-3942-1}
        [experimental] - openssl 3.3.0-1
        - openssl 3.2.2-1 (bug #1068658)
        [bookworm] - openssl 3.0.14-1~deb12u1
@@ -77247,6 +77320,7 @@ CVE-2023-33757 (A lack of SSL certificate validation in 
Splicecom iPCS (iOS App)
 CVE-2024-0822 (An authentication bypass vulnerability was found in 
overt-engine. This ...)
        NOT-FOR-US: ovirt-engine
 CVE-2024-0727 (Issue summary: Processing a maliciously formatted PKCS12 file 
may lead ...)
+       {DLA-3942-1}
        - openssl 3.1.5-1 (bug #1061582)
        [bookworm] - openssl 3.0.13-1~deb12u1
        [buster] - openssl <postponed> (Minor issue, DoS, Low severity)
@@ -81885,9 +81959,9 @@ CVE-2023-38675 (FPE in paddle.linalg.matrix_rank in 
PaddlePaddle before 2.6.0. T
        NOT-FOR-US: PaddlePaddle
 CVE-2023-38674 (FPE in paddle.nanmedian in PaddlePaddle before 2.6.0. This 
flaw can ca ...)
        NOT-FOR-US: PaddlePaddle
-CVE-2023-37608 (An issue in Automatic Systems SOC FL9600 FastLine 
v.lego_T04E00 allows ...)
+CVE-2023-37608 (An issue in Automatic Systems SOC FL9600 FirstLane V06 
lego_T04E00 all ...)
        NOT-FOR-US: Automatic Systems SOC FL9600 FastLine v.lego_T04E00
-CVE-2023-37607 (Directory Traversal in Automatic-Systems SOC FL9600 FastLine 
lego_T04E ...)
+CVE-2023-37607 (Directory Traversal in Automatic Systems SOC FL9600 FirstLane 
V06 lego ...)
        NOT-FOR-US: Automatic-Systems SOC FL9600 FastLine lego_T04E00
 CVE-2023-51785 (Deserialization of Untrusted Data vulnerability in Apache 
InLong.This  ...)
        NOT-FOR-US: Apache InLong
@@ -93881,6 +93955,7 @@ CVE-2023-5717 (A heap out-of-bounds write vulnerability 
in the Linux kernel's Li
        [bookworm] - linux 6.1.64-1
        NOTE: 
https://git.kernel.org/linus/32671e3799ca2e4590773fd0e63aaa4229e50c06 (6.6-rc7)
 CVE-2023-5678 (Issue summary: Generating excessively long X9.42 DH keys or 
checking e ...)
+       {DLA-3942-1}
        - openssl 3.0.12-2 (bug #1055473)
        [bookworm] - openssl 3.0.13-1~deb12u1
        [buster] - openssl <postponed> (Minor issue; can be fixed along with 
future update)



View it on GitLab: 
https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/cc83ef3ce4b5e0f7503fa1f27d63177fd2362ec6

-- 
View it on GitLab: 
https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/cc83ef3ce4b5e0f7503fa1f27d63177fd2362ec6
You're receiving this email because of your account on salsa.debian.org.

_______________________________________________
debian-security-tracker-commits mailing list
[email protected]
https://alioth-lists.debian.net/cgi-bin/mailman/listinfo/debian-security-tracker-commits

[Git][security-tracker-team/security-tracker][master] automatic update

Reply via email to