Salvatore Bonaccorso pushed to branch master at Debian Security Tracker /
security-tracker
Commits:
19eededd by security tracker role at 2024-11-13T20:12:46+00:00
automatic update
- - - - -
1 changed file:
- data/CVE/list
Changes:
=====================================
data/CVE/list
=====================================
@@ -1,4 +1,136 @@
-CVE-2024-11159
+CVE-2024-9682 (The Royal Elementor Addons and Templates plugin for WordPress
is vulne ...)
+ TODO: check
+CVE-2024-9668 (The Royal Elementor Addons and Templates plugin for WordPress
is vulne ...)
+ TODO: check
+CVE-2024-9477 (Improper Neutralization of Input During Web Page Generation
(XSS or 'C ...)
+ TODO: check
+CVE-2024-9476 (A vulnerability in Grafana Labs Grafana OSS and Enterprise
allows Priv ...)
+ TODO: check
+CVE-2024-9413 (The transport_message_handler function in SCP-Firmware release
version ...)
+ TODO: check
+CVE-2024-9059 (The Royal Elementor Addons and Templates plugin for WordPress
is vulne ...)
+ TODO: check
+CVE-2024-8049 (In Progress Telerik Document Processing Libraries, versions
prior to 2 ...)
+ TODO: check
+CVE-2024-8001 (A vulnerability was found in VIWIS LMS 9.11. It has been
classified as ...)
+ TODO: check
+CVE-2024-7295 (In Progress\xae Telerik\xae Report Server versions prior to
2024 Q4 (1 ...)
+ TODO: check
+CVE-2024-52306 (FileManager provides a Backpack admin interface for files and
folder. ...)
+ TODO: check
+CVE-2024-52305 (UnoPim is an open-source Product Information Management (PIM)
system b ...)
+ TODO: check
+CVE-2024-52300 (macro-pdfviewer is a PDF Viewer Macro for XWiki using Mozilla
pdf.js. ...)
+ TODO: check
+CVE-2024-52299 (macro-pdfviewer is a PDF Viewer Macro for XWiki using Mozilla
pdf.js. ...)
+ TODO: check
+CVE-2024-52298 (macro-pdfviewer is a PDF Viewer Macro for XWiki using Mozilla
pdf.js. ...)
+ TODO: check
+CVE-2024-52295 (DataEase is an open source data visualization analysis tool.
Prior to ...)
+ TODO: check
+CVE-2024-52293 (Craft is a content management system (CMS). Prior to 4.12.2
and 5.4.3, ...)
+ TODO: check
+CVE-2024-52292 (Craft is a content management system (CMS). The dataUrl
function can b ...)
+ TODO: check
+CVE-2024-52291 (Craft is a content management system (CMS). A vulnerability in
CraftCM ...)
+ TODO: check
+CVE-2024-51996 (Symphony process is a module for the Symphony PHP framework
which exec ...)
+ TODO: check
+CVE-2024-50972 (A SQL injection vulnerability in printtool.php of Itsourcecode
Constru ...)
+ TODO: check
+CVE-2024-50971 (A SQL injection vulnerability in print.php of Itsourcecode
Constructio ...)
+ TODO: check
+CVE-2024-50970 (A SQL injection vulnerability in orderview1.php of
Itsourcecode Online ...)
+ TODO: check
+CVE-2024-50969 (A Reflected cross-site scripting (XSS) vulnerability in
browse.php of ...)
+ TODO: check
+CVE-2024-50854 (Tenda G3 v3.0 v15.11.0.20 was discovered to contain a stack
overflow v ...)
+ TODO: check
+CVE-2024-50853 (Tenda G3 v3.0 v15.11.0.20 was discovered to contain a command
injectio ...)
+ TODO: check
+CVE-2024-50852 (Tenda G3 v3.0 v15.11.0.20 was discovered to contain a command
injectio ...)
+ TODO: check
+CVE-2024-49506 (Insecure creation of temporary files allows local users on
systems wit ...)
+ TODO: check
+CVE-2024-49505 (A Improper Neutralization of Input During Web Page Generation
('Cross- ...)
+ TODO: check
+CVE-2024-49504 (grub2 allowed attackers with access to the grub shell to
access files ...)
+ TODO: check
+CVE-2024-49379 (Umbrel is a home server OS for self-hosting. The login
functionality o ...)
+ TODO: check
+CVE-2024-48989 (A vulnerability in the PROFINET stack implementation of the
IndraDrive ...)
+ TODO: check
+CVE-2024-48900 (A vulnerability was found in Moodle. Additional checks are
required to ...)
+ TODO: check
+CVE-2024-48510 (Directory Traversal vulnerability in DotNetZip v.1.16.0 and
before all ...)
+ TODO: check
+CVE-2024-47574 (A authentication bypass using an alternate path or channel in
Fortinet ...)
+ TODO: check
+CVE-2024-45594 (Decidim is a participatory democracy framework. The meeting
embeds fea ...)
+ TODO: check
+CVE-2024-43093 (In shouldHideDocument of ExternalStorageProvider.java, there
is a poss ...)
+ TODO: check
+CVE-2024-43091 (In filterMask of SkEmbossMaskFilter.cpp, there is a possible
out of bo ...)
+ TODO: check
+CVE-2024-43090 (In multiple locations, there is a possible cross-user image
read due t ...)
+ TODO: check
+CVE-2024-43089 (In updateInternal of MediaProvider.java , there is a possible
access o ...)
+ TODO: check
+CVE-2024-43088 (In multiple functions in AppInfoBase.java, there is a possible
way to ...)
+ TODO: check
+CVE-2024-43087 (In getInstalledAccessibilityPreferences of
AccessibilitySettings.java, ...)
+ TODO: check
+CVE-2024-43086 (In validateAccountsInternal of AccountManagerService.java,
there is a ...)
+ TODO: check
+CVE-2024-43085 (In handleMessage of UsbDeviceManager.java, there is a possible
method ...)
+ TODO: check
+CVE-2024-43084 (In visitUris of multiple files, there is a possible
information disclo ...)
+ TODO: check
+CVE-2024-43083 (In validate of WifiConfigurationUtil.java , there is a
possible persis ...)
+ TODO: check
+CVE-2024-43082 (In onActivityResult of EditUserPhotoController.java, there is
a possib ...)
+ TODO: check
+CVE-2024-43081 (In installExistingPackageAsUser of InstallPackageHelper.java,
there is ...)
+ TODO: check
+CVE-2024-43080 (In onReceive of AppRestrictionsFragment.java, there is a
possible esca ...)
+ TODO: check
+CVE-2024-42834 (A stored cross-site scripting (XSS) vulnerability in the
Create Custom ...)
+ TODO: check
+CVE-2024-40671 (In DevmemIntChangeSparse2 of devicemem_server.c, there is a
possible w ...)
+ TODO: check
+CVE-2024-40661 (In mayAdminGrantPermission of
AdminRestrictedPermissionsUtils.java, th ...)
+ TODO: check
+CVE-2024-40660 (In setTransactionState of SurfaceFlinger.cpp, there is a
possible way ...)
+ TODO: check
+CVE-2024-40443 (SQL Injection vulnerability in Simple Laboratory Management
System usi ...)
+ TODO: check
+CVE-2024-34747 (In DevmemXIntMapPages of devicemem_server.c, there is a
possible use-a ...)
+ TODO: check
+CVE-2024-34729 (In multiple locations, there is a possible arbitrary code
execution du ...)
+ TODO: check
+CVE-2024-34719 (In multiple locations, there is a possible permissions bypass
due to a ...)
+ TODO: check
+CVE-2024-31337 (In PVRSRVRGXKickTA3DKM of rgxta3d.c, there is a possible
arbitrary cod ...)
+ TODO: check
+CVE-2024-23715 (In PMRWritePMPageList of pmr.c, there is a possible out of
bounds writ ...)
+ TODO: check
+CVE-2024-11175 (A vulnerability was found in Public CMS 5.202406.d and
classified as p ...)
+ TODO: check
+CVE-2024-11165 (An information disclosure vulnerability exists in the backup
configura ...)
+ TODO: check
+CVE-2024-11028 (The MultiManager WP \u2013 Manage All Your WordPress Sites
Easily plug ...)
+ TODO: check
+CVE-2024-10013 (In Progress Telerik UI for WinForms versions prior to 2024 Q4
(2024.4. ...)
+ TODO: check
+CVE-2024-10012 (In Progress Telerik UI for WPF versions prior to 2024 Q4
(2024.4.1111) ...)
+ TODO: check
+CVE-2023-38920 (Cross Site Scripting vulnerability in Cyber Cafe Management
System v.1 ...)
+ TODO: check
+CVE-2023-35686 (In PVRSRVRGXKickTA3DKM of rgxta3d.c, there is a possible
arbitrary cod ...)
+ TODO: check
+CVE-2023-35659 (In DevmemIntChangeSparse of devicemem_server.c, there is a
possible ar ...)
+ TODO: check
+CVE-2024-11159 (Using remote content in OpenPGP encrypted messages can lead to
the dis ...)
- thunderbird 1:128.4.3esr-1
NOTE:
https://www.mozilla.org/en-US/security/advisories/mfsa2024-61/#CVE-2024-11159
CVE-2024-9614 (The Constant Contact Forms by MailMunch plugin for WordPress is
vulner ...)
@@ -39,9 +171,9 @@ CVE-2024-49510 (InDesign Desktop versions ID18.5.3, ID19.5
and earlier are affec
NOT-FOR-US: Adobe
CVE-2024-49509 (InDesign Desktop versions ID18.5.3, ID19.5 and earlier are
affected by ...)
NOT-FOR-US: Adobe
-CVE-2024-49508 (InDesign Desktop versions ID18.5.3, ID19.5 and earlier are
affected by ...)
+CVE-2024-49508 (InDesign Desktop versions ID18.5.2, ID19.5 and earlier are
affected by ...)
NOT-FOR-US: Adobe
-CVE-2024-49507 (InDesign Desktop versions ID18.5.3, ID19.5 and earlier are
affected by ...)
+CVE-2024-49507 (InDesign Desktop versions ID18.5.2, ID19.5 and earlier are
affected by ...)
NOT-FOR-US: Adobe
CVE-2024-48075 (A Heap buffer overflow in the server-site handshake
implementation in ...)
NOT-FOR-US: SharkSSL
@@ -42911,7 +43043,7 @@ CVE-2023-35949 (Multiple stack-based buffer overflow
vulnerabilities exist in th
NOTE: https://github.com/prusa3d/PrusaSlicer/issues/12905 and #1074233
NOTE:
https://talosintelligence.com/vulnerability_reports/TALOS-2023-1784
NOTE: https://github.com/libigl/libigl/issues/2387
-CVE-2024-4741 [Use After Free with SSL_free_buffers]
+CVE-2024-4741 (Issue summary: Calling the OpenSSL API function
SSL_free_buffers may c ...)
{DLA-3942-1}
- openssl 3.2.2-1 (bug #1072113)
[bookworm] - openssl 3.0.14-1~deb12u1
@@ -161009,8 +161141,8 @@ CVE-2022-45159
RESERVED
CVE-2022-45158
RESERVED
-CVE-2022-45157
- RESERVED
+CVE-2022-45157 (A vulnerability has been identified in the way that Rancher
stores vSp ...)
+ TODO: check
CVE-2022-45156
RESERVED
CVE-2022-45155 (An Improper Handling of Exceptional Conditions vulnerability
in obs-se ...)
View it on GitLab:
https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/19eededdb3e262df0b52be94f7cb667e1c9ad5de
--
View it on GitLab:
https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/19eededdb3e262df0b52be94f7cb667e1c9ad5de
You're receiving this email because of your account on salsa.debian.org.
_______________________________________________
debian-security-tracker-commits mailing list
[email protected]
https://alioth-lists.debian.net/cgi-bin/mailman/listinfo/debian-security-tracker-commits
