[Git][security-tracker-team/security-tracker][master] automatic update

Salvatore Bonaccorso (@carnil) Wed, 06 Nov 2024 00:12:52 -0800


Salvatore Bonaccorso pushed to branch master at Debian Security Tracker / 
security-tracker



Commits:
fbc506ea by security tracker role at 2024-11-06T08:12:31+00:00
automatic update

- - - - -


1 changed file:

- data/CVE/list


Changes:

=====================================
data/CVE/list
=====================================
@@ -1,3 +1,95 @@
+CVE-2024-9946 (The Social Share, Social Login and Social Comments Plugin 
\u2013 Super ...)
+       TODO: check
+CVE-2024-9934 (The Wp-ImageZoom WordPress plugin through 1.1.0 does not 
sanitise and  ...)
+       TODO: check
+CVE-2024-9681 (When curl is asked to use HSTS, the expiry time for a subdomain 
might  ...)
+       TODO: check
+CVE-2024-9307 (The mFolio Lite plugin for WordPress is vulnerable to file 
uploads due ...)
+       TODO: check
+CVE-2024-7995 (A maliciously crafted binary file when downloaded could lead to 
escala ...)
+       TODO: check
+CVE-2024-7879 (The WP ULike  WordPress plugin before 4.7.5 does not sanitise 
and esca ...)
+       TODO: check
+CVE-2024-6626 (The EleForms \u2013 All In One Form Integration including DB 
for Eleme ...)
+       TODO: check
+CVE-2024-52043 (Observable Response Discrepancy vulnerability in HumHub GmbH & 
Co. KG  ...)
+       TODO: check
+CVE-2024-51756 (The cap-std project is organized around the eponymous 
`cap-std` crate, ...)
+       TODO: check
+CVE-2024-51745 (Wasmtime is a fast and secure runtime for WebAssembly. 
Wasmtime's file ...)
+       TODO: check
+CVE-2024-51358 (An issue in Linux Server Heimdall v.2.6.1 allows a remote 
attacker to  ...)
+       TODO: check
+CVE-2024-51116 (Tenda AC6 v2.0 V15.03.06.50 was discovered to contain a buffer 
overflo ...)
+       TODO: check
+CVE-2024-51115 (DCME-320 v7.4.12.90 was discovered to contain a command 
injection vuln ...)
+       TODO: check
+CVE-2024-49409 (Out-of-bounds write in Battery Full Capacity node prior to 
Firmware up ...)
+       TODO: check
+CVE-2024-49408 (Out-of-bounds write in usb driver prior to Firmware update 
Sep-2024 Re ...)
+       TODO: check
+CVE-2024-49407 (Improper access control in Samsung Flow prior to version 
4.9.15.7 allo ...)
+       TODO: check
+CVE-2024-49406 (Improper validation of integrity check value in Blockchain 
Keystore pr ...)
+       TODO: check
+CVE-2024-49405 (Improper authentication in Private Info in Samsung Pass in 
prior to ve ...)
+       TODO: check
+CVE-2024-49404 (Improper Access Control in Samsung Video Player prior to 
versions 7.3. ...)
+       TODO: check
+CVE-2024-49403 (Improper access control in Samsung Voice Recorder prior to 
version 21. ...)
+       TODO: check
+CVE-2024-49402 (Improper input validation in Dressroom prior to SMR Nov-2024 
Release 1 ...)
+       TODO: check
+CVE-2024-49401 (Improper input validation in Settings Suggestions prior to SMR 
Nov-202 ...)
+       TODO: check
+CVE-2024-48746 (An issue in Lens Visual integration with Power BI v.4.0.0.3 
allows a r ...)
+       TODO: check
+CVE-2024-48176 (Lylme Spage v1.9.5 is vulnerable to Incorrect Access Control. 
There is ...)
+       TODO: check
+CVE-2024-47464 (An authenticated Path Traversal vulnerability exists in 
Instant AOS-8  ...)
+       TODO: check
+CVE-2024-47463 (An arbitrary file creation vulnerability exists in the Instant 
AOS-8 a ...)
+       TODO: check
+CVE-2024-47462 (An arbitrary file creation vulnerability exists in the Instant 
AOS-8 a ...)
+       TODO: check
+CVE-2024-47461 (An authenticated command injection vulnerability exists in the 
Instant ...)
+       TODO: check
+CVE-2024-47460 (Command injection vulnerability in the underlying CLI service 
could le ...)
+       TODO: check
+CVE-2024-42509 (Command injection vulnerability in the underlying CLI service 
could le ...)
+       TODO: check
+CVE-2024-34682 (Improper authorization in Settings prior to SMR Nov-2024 
Release 1 all ...)
+       TODO: check
+CVE-2024-34681 (Improper input validation in BluetoothAdapter prior to SMR 
Nov-2024 Re ...)
+       TODO: check
+CVE-2024-34680 (Use of implicit intent for sensitive communication in WlanTest 
prior t ...)
+       TODO: check
+CVE-2024-34679 (Incorrect default permissions in Crane prior to SMR Nov-2024 
Release 1 ...)
+       TODO: check
+CVE-2024-34678 (Out-of-bounds write in libsapeextractor.so prior to SMR 
Nov-2024 Relea ...)
+       TODO: check
+CVE-2024-34677 (Exposure of sensitive information in System UI prior to SMR 
Nov-2024 R ...)
+       TODO: check
+CVE-2024-34676 (Out-of-bounds write in parsing subtitle file in 
libsubextractor.so pri ...)
+       TODO: check
+CVE-2024-34675 (Improper access control in Dex Mode prior to SMR Nov-2024 
Release 1 al ...)
+       TODO: check
+CVE-2024-34674 (Improper access control in Contacts prior to SMR Nov-2024 
Release 1 al ...)
+       TODO: check
+CVE-2024-34673 (Improper Input Validation in IpcProtocol in Modem prior to SMR 
Nov-202 ...)
+       TODO: check
+CVE-2024-10647 (The WS Form LITE \u2013 Drag & Drop Contact Form Builder for 
WordPress ...)
+       TODO: check
+CVE-2024-10543 (The Tumult Hype Animations plugin for WordPress is vulnerable 
to unaut ...)
+       TODO: check
+CVE-2024-10535 (The Video Gallery for WooCommerce plugin for WordPress is 
vulnerable t ...)
+       TODO: check
+CVE-2024-10084 (The Contact Form 7 \u2013 Dynamic Text Extension plugin for 
WordPress  ...)
+       TODO: check
+CVE-2024-10028 (The Everest Backup \u2013 WordPress Cloud Backup, Migration, 
Restore & ...)
+       TODO: check
+CVE-2024-10020 (The Heateor Social Login WordPress plugin for WordPress is 
vulnerable  ...)
+       TODO: check
 CVE-2024-10826
        - chromium <unfixed>
        [bullseye] - chromium <end-of-life> (see #1061268)
@@ -123905,7 +123997,7 @@ CVE-2023-29661
 CVE-2023-29660
        RESERVED
 CVE-2023-29659 (A Segmentation fault caused by a floating point exception 
exists in li ...)
-       {DSA-5796-1}
+       {DSA-5796-1 DLA-3945-1}
        - libheif 1.16.2-1 (bug #1035607)
        [buster] - libheif <no-dsa> (Minor issue)
        NOTE: https://github.com/strukturag/libheif/issues/794
@@ -134230,6 +134322,7 @@ CVE-2023-22342 (Improper input validation in some 
Intel(R) Thunderbolt(TM) DCH d
 CVE-2023-22293 (Improper access control in the Intel(R) Thunderbolt(TM) DCH 
drivers fo ...)
        NOT-FOR-US: Intel
 CVE-2023-0996 (There is a vulnerability in the strided image data parsing code 
in the ...)
+       {DLA-3945-1}
        - libheif 1.15.1-1 (bug #1032101)
        [buster] - libheif <no-dsa> (Minor issue)
        NOTE: https://github.com/strukturag/libheif/pull/759



View it on GitLab: 
https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/fbc506ea97a632110c783fd1607230865bb337bc

-- 
View it on GitLab: 
https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/fbc506ea97a632110c783fd1607230865bb337bc
You're receiving this email because of your account on salsa.debian.org.

_______________________________________________
debian-security-tracker-commits mailing list
[email protected]
https://alioth-lists.debian.net/cgi-bin/mailman/listinfo/debian-security-tracker-commits

[Git][security-tracker-team/security-tracker][master] automatic update

Reply via email to