Salvatore Bonaccorso pushed to branch master at Debian Security Tracker /
security-tracker
Commits:
70f02769 by security tracker role at 2024-11-13T08:12:11+00:00
automatic update
- - - - -
1 changed file:
- data/CVE/list
Changes:
=====================================
data/CVE/list
=====================================
@@ -1,3 +1,179 @@
+CVE-2024-9614 (The Constant Contact Forms by MailMunch plugin for WordPress is
vulner ...)
+ TODO: check
+CVE-2024-9578 (The Hide Links plugin for WordPress is vulnerable to
unauthorized shor ...)
+ TODO: check
+CVE-2024-9426 (The Aqua SVG Sprite plugin for WordPress is vulnerable to
Stored Cross ...)
+ TODO: check
+CVE-2024-9409 (CWE-400: An Uncontrolled Resource Consumption vulnerability
exists tha ...)
+ TODO: check
+CVE-2024-8985 (The Social Proof (Testimonial) Slider plugin for WordPress is
vulnerab ...)
+ TODO: check
+CVE-2024-8938 (CWE-119: Improper Restriction of Operations within the Bounds
of a Mem ...)
+ TODO: check
+CVE-2024-8937 (CWE-119: Improper Restriction of Operations within the Bounds
of a Mem ...)
+ TODO: check
+CVE-2024-8936 (CWE-20: Improper Input Validation vulnerability exists that
could lead ...)
+ TODO: check
+CVE-2024-8935 (CWE-290: Authentication Bypass by Spoofing vulnerability exists
that c ...)
+ TODO: check
+CVE-2024-8933 (CWE-924: Improper Enforcement of Message Integrity During
Transmission ...)
+ TODO: check
+CVE-2024-8874 (The AJAX Login and Registration modal popup + inline form
plugin for W ...)
+ TODO: check
+CVE-2024-52268 (Cross-site scripting vulnerability exists in VK All in One
Expansion U ...)
+ TODO: check
+CVE-2024-51179 (An issue in Open 5GS v.2.7.1 allows a remote attacker to cause
a denia ...)
+ TODO: check
+CVE-2024-51094 (An issue in Snipe-IT v.7.0.13 build 15514 allows a remote
attacker to ...)
+ TODO: check
+CVE-2024-51093 (Cross Site Scripting vulnerability in Snipe-IT v.7.0.13 allows
a remot ...)
+ TODO: check
+CVE-2024-49512 (InDesign Desktop versions ID18.5.3, ID19.5 and earlier are
affected by ...)
+ TODO: check
+CVE-2024-49511 (InDesign Desktop versions ID18.5.3, ID19.5 and earlier are
affected by ...)
+ TODO: check
+CVE-2024-49510 (InDesign Desktop versions ID18.5.3, ID19.5 and earlier are
affected by ...)
+ TODO: check
+CVE-2024-49509 (InDesign Desktop versions ID18.5.3, ID19.5 and earlier are
affected by ...)
+ TODO: check
+CVE-2024-49508 (InDesign Desktop versions ID18.5.3, ID19.5 and earlier are
affected by ...)
+ TODO: check
+CVE-2024-49507 (InDesign Desktop versions ID18.5.3, ID19.5 and earlier are
affected by ...)
+ TODO: check
+CVE-2024-48075 (A Heap buffer overflow in the server-site handshake
implementation in ...)
+ TODO: check
+CVE-2024-39712 (Argument injection in Ivanti Connect Secure before version
22.7R2.1 an ...)
+ TODO: check
+CVE-2024-39711 (Argument injection in Ivanti Connect Secure before version
22.7R2.1 an ...)
+ TODO: check
+CVE-2024-39710 (Argument injection in Ivanti Connect Secure before version
22.7R2 and ...)
+ TODO: check
+CVE-2024-39709 (Incorrect file permissions in Ivanti Connect Secure before
version 22. ...)
+ TODO: check
+CVE-2024-38656 (Argument injection in Ivanti Connect Secure before version
22.7R2.2 an ...)
+ TODO: check
+CVE-2024-38655 (Argument injection in Ivanti Connect Secure before version
22.7R2.1 an ...)
+ TODO: check
+CVE-2024-38654 (Improper bounds checking in Ivanti Secure Access Client before
version ...)
+ TODO: check
+CVE-2024-38649 (An out-of-bounds write in IPsec of Ivanti Connect Secure
before versio ...)
+ TODO: check
+CVE-2024-37400 (An out of bounds read in Ivanti Connect Secure before version
22.7R2.3 ...)
+ TODO: check
+CVE-2024-37398 (Insufficient validation in Ivanti Secure Access Client before
22.7R4 a ...)
+ TODO: check
+CVE-2024-37376 (SQL injection in Ivanti Endpoint Manager before 2024 November
Security ...)
+ TODO: check
+CVE-2024-34787 (Path traversal in Ivanti Endpoint Manager before 2024 November
Securit ...)
+ TODO: check
+CVE-2024-34784 (SQL injection in Ivanti Endpoint Manager before 2024 November
Security ...)
+ TODO: check
+CVE-2024-34782 (SQL injection in Ivanti Endpoint Manager before 2024 November
Security ...)
+ TODO: check
+CVE-2024-34781 (SQL injection in Ivanti Endpoint Manager before 2024 November
Security ...)
+ TODO: check
+CVE-2024-34780 (SQL injection in Ivanti Endpoint Manager before 2024 November
Security ...)
+ TODO: check
+CVE-2024-32847 (SQL injection in Ivanti Endpoint Manager before 2024 November
Security ...)
+ TODO: check
+CVE-2024-32844 (SQL injection in Ivanti Endpoint Manager before 2024 November
Security ...)
+ TODO: check
+CVE-2024-32841 (SQL injection in Ivanti Endpoint Manager before 2024 November
Security ...)
+ TODO: check
+CVE-2024-32839 (SQL injection in Ivanti Endpoint Manager before 2024 November
Security ...)
+ TODO: check
+CVE-2024-29211 (A race condition in Ivanti Secure Access Client before version
22.7R4 ...)
+ TODO: check
+CVE-2024-28731 (Cross Site Request Forgery vulnerability in DLink DWR 2000M 5G
CPE Wit ...)
+ TODO: check
+CVE-2024-28730 (Cross Site Scripting vulnerability in DLink DWR 2000M 5G CPE
With Wifi ...)
+ TODO: check
+CVE-2024-28729 (An issue in DLink DWR 2000M 5G CPE With Wifi 6 Ax1800 and
Dlink DWR 5G ...)
+ TODO: check
+CVE-2024-28728 (Cross Site Scripting vulnerability in DLink DWR 2000M 5G CPE
With Wifi ...)
+ TODO: check
+CVE-2024-28726 (An issue in DLink DWR 2000M 5G CPE With Wifi 6 Ax1800 and
Dlink DWR 5G ...)
+ TODO: check
+CVE-2024-21541 (All versions of the package dom-iterator are vulnerable to
Arbitrary C ...)
+ TODO: check
+CVE-2024-21540 (All versions of the package source-map-support are vulnerable
to Direc ...)
+ TODO: check
+CVE-2024-11168 (The urllib.parse.urlsplit() and urlparse() functions
improperly valida ...)
+ TODO: check
+CVE-2024-11150 (The WordPress User Extra Fields plugin for WordPress is
vulnerable to ...)
+ TODO: check
+CVE-2024-11143 (The Kognetiks Chatbot for WordPress plugin for WordPress is
vulnerable ...)
+ TODO: check
+CVE-2024-11117 (Inappropriate implementation in FileSystem in Google Chrome
prior to 1 ...)
+ TODO: check
+CVE-2024-11116 (Inappropriate implementation in Blink in Google Chrome prior
to 131.0. ...)
+ TODO: check
+CVE-2024-11115 (Insufficient policy enforcement in Navigation in Google Chrome
on iOS ...)
+ TODO: check
+CVE-2024-11114 (Inappropriate implementation in Views in Google Chrome on
Windows prio ...)
+ TODO: check
+CVE-2024-11113 (Use after free in Accessibility in Google Chrome prior to
131.0.6778.6 ...)
+ TODO: check
+CVE-2024-11112 (Use after free in Media in Google Chrome on Windows prior to
131.0.677 ...)
+ TODO: check
+CVE-2024-11111 (Inappropriate implementation in Autofill in Google Chrome
prior to 131 ...)
+ TODO: check
+CVE-2024-11110 (Inappropriate implementation in Extensions in Google Chrome
prior to 1 ...)
+ TODO: check
+CVE-2024-10887 (The NiceJob plugin for WordPress is vulnerable to Stored
Cross-Site Sc ...)
+ TODO: check
+CVE-2024-10882 (The Product Delivery Date for WooCommerce \u2013 Lite plugin
for WordP ...)
+ TODO: check
+CVE-2024-10877 (The AFI \u2013 The Easiest Integration Plugin plugin for
WordPress is ...)
+ TODO: check
+CVE-2024-10854 (The Buy one click WooCommerce plugin for WordPress is
vulnerable to un ...)
+ TODO: check
+CVE-2024-10853 (The Buy one click WooCommerce plugin for WordPress is
vulnerable to un ...)
+ TODO: check
+CVE-2024-10852 (The Buy one click WooCommerce plugin for WordPress is
vulnerable to un ...)
+ TODO: check
+CVE-2024-10851 (The Razorpay Payment Button Plugin plugin for WordPress is
vulnerable ...)
+ TODO: check
+CVE-2024-10850 (The Razorpay Payment Button Elementor Plugin plugin for
WordPress is v ...)
+ TODO: check
+CVE-2024-10828 (The Advanced Order Export For WooCommerce plugin for WordPress
is vuln ...)
+ TODO: check
+CVE-2024-10820 (The WooCommerce Upload Files plugin for WordPress is
vulnerable to arb ...)
+ TODO: check
+CVE-2024-10816 (The LUNA RADIO PLAYER plugin for WordPress is vulnerable to
Directory ...)
+ TODO: check
+CVE-2024-10802 (The Hash Elements plugin for WordPress is vulnerable to
unauthorized a ...)
+ TODO: check
+CVE-2024-10800 (The WordPress User Extra Fields plugin for WordPress is
vulnerable to ...)
+ TODO: check
+CVE-2024-10794 (The Boostify Header Footer Builder for Elementor plugin for
WordPress ...)
+ TODO: check
+CVE-2024-10778 (The BuddyPress Builder for Elementor \u2013 BuddyBuilder
plugin for Wo ...)
+ TODO: check
+CVE-2024-10717 (The Styler for Ninja Forms plugin for WordPress is vulnerable
to unaut ...)
+ TODO: check
+CVE-2024-10686 (The Design for Contact Form 7 Style WordPress Plugin \u2013
CF7 WOW St ...)
+ TODO: check
+CVE-2024-10684 (The Kognetiks Chatbot for WordPress plugin for WordPress is
vulnerable ...)
+ TODO: check
+CVE-2024-10629 (The GPX Viewer plugin for WordPress is vulnerable to arbitrary
file cr ...)
+ TODO: check
+CVE-2024-10593 (The WPForms \u2013 Easy Form Builder for WordPress \u2013
Contact Form ...)
+ TODO: check
+CVE-2024-10577 (The \u80d6\u9f20\u91c7\u96c6(Fat Rat Collect)
\u5fae\u4fe1\u77e5\u4e4e ...)
+ TODO: check
+CVE-2024-10575 (CWE-862: Missing Authorization vulnerability exists that could
cause u ...)
+ TODO: check
+CVE-2024-10531 (The Kognetiks Chatbot for WordPress plugin for WordPress is
vulnerable ...)
+ TODO: check
+CVE-2024-10530 (The Kognetiks Chatbot for WordPress plugin for WordPress is
vulnerable ...)
+ TODO: check
+CVE-2024-10529 (The Kognetiks Chatbot for WordPress plugin for WordPress is
vulnerable ...)
+ TODO: check
+CVE-2024-10174 (The WP Project Manager \u2013 Task, team, and project
management plugi ...)
+ TODO: check
+CVE-2024-10038 (The WP-Strava plugin for WordPress is vulnerable to Stored
Cross-Site ...)
+ TODO: check
CVE-2023-4458 [ksmbd: fix wrong DataOffset validation of create context]
- linux 6.5.3-1
[bookworm] - linux 6.1.52-1
@@ -96499,7 +96675,7 @@ CVE-2023-39345 (strapi is an open-source headless CMS.
Versions prior to 4.13.1
NOT-FOR-US: strapi
CVE-2023-35911 (Improper Neutralization of Special Elements used in an SQL
Command ('S ...)
NOT-FOR-US: WordPress plugin
-CVE-2023-4699 (Insufficient Verification of Data Authenticity vulnerability in
Mitsub ...)
+CVE-2023-4699 (Missing Authentication for Critical Function vulnerability in
Mitsubis ...)
NOT-FOR-US: Mitsubishi
CVE-2023-4625 (Improper Restriction of Excessive Authentication Attempts
vulnerabilit ...)
NOT-FOR-US: Mitsubishi
@@ -284037,16 +284213,16 @@ CVE-2021-27706 (Buffer Overflow in Tenda G1 and G3
routers with firmware version
NOT-FOR-US: Tenda routers
CVE-2021-27705 (Buffer Overflow in Tenda G1 and G3 routers with firmware
v15.11.0.17(9 ...)
NOT-FOR-US: Tenda routers
-CVE-2021-27704
- RESERVED
-CVE-2021-27703
- RESERVED
-CVE-2021-27702
- RESERVED
-CVE-2021-27701
- RESERVED
-CVE-2021-27700
- RESERVED
+CVE-2021-27704 (Appspace 6.2.4 is affected by Incorrect Access Control via the
Appspac ...)
+ TODO: check
+CVE-2021-27703 (Sercomm Model Etisalat Model S3- AC2100 is affected by Cross
Site Scri ...)
+ TODO: check
+CVE-2021-27702 (Sercomm Router Etisalat Model S3- AC2100 is affected by
Incorrect Acce ...)
+ TODO: check
+CVE-2021-27701 (SOCIFI Socifi Guest wifi as SAAS is affected by Cross Site
Request For ...)
+ TODO: check
+CVE-2021-27700 (SOCIFI Socifi Guest wifi as SAAS wifi portal is affected by
Insecure P ...)
+ TODO: check
CVE-2021-27699
RESERVED
CVE-2021-27698 (RIOT-OS 2021.01 contains a buffer overflow vulnerability in
/sys/net/g ...)
View it on GitLab:
https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/70f0276969737bede92127a99504dfa6b1325c3c
--
View it on GitLab:
https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/70f0276969737bede92127a99504dfa6b1325c3c
You're receiving this email because of your account on salsa.debian.org.
_______________________________________________
debian-security-tracker-commits mailing list
[email protected]
https://alioth-lists.debian.net/cgi-bin/mailman/listinfo/debian-security-tracker-commits
