[Git][security-tracker-team/security-tracker][master] automatic update

Salvatore Bonaccorso (@carnil) Fri, 15 Nov 2024 00:12:19 -0800


Salvatore Bonaccorso pushed to branch master at Debian Security Tracker / 
security-tracker



Commits:
5ca281e3 by security tracker role at 2024-11-15T08:11:59+00:00
automatic update

- - - - -


1 changed file:

- data/CVE/list


Changes:

=====================================
data/CVE/list
=====================================
@@ -1,3 +1,85 @@
+CVE-2024-9834 (Improper data protection on the ventilator's serial interface 
could al ...)
+       TODO: check
+CVE-2024-9832 (There is no limit on the number of failed login attempts 
permitted wit ...)
+       TODO: check
+CVE-2024-9609 (The LearnPress Export Import \u2013 WordPress extension for 
LearnPress ...)
+       TODO: check
+CVE-2024-9529 (The Secure Custom Fields WordPress plugin before 6.3.9, Secure 
Custom  ...)
+       TODO: check
+CVE-2024-9356 (The Yotpo: Product & Photo Reviews for WooCommerce plugin for 
WordPres ...)
+       TODO: check
+CVE-2024-8961 (The Essential Addons for Elementor \u2013 Best Elementor Addon, 
Templa ...)
+       TODO: check
+CVE-2024-52613 (A heap-based buffer under-read in tsMuxer version 
nightly-2024-05-12-0 ...)
+       TODO: check
+CVE-2024-52308 (The GitHub CLI version 2.6.1 and earlier are vulnerable to 
remote code ...)
+       TODO: check
+CVE-2024-51687 (Cross-Site Request Forgery (CSRF) vulnerability in Platform.Ly 
Platfor ...)
+       TODO: check
+CVE-2024-51684 (Cross-Site Request Forgery (CSRF) vulnerability in Ciprian 
Popescu W3P ...)
+       TODO: check
+CVE-2024-51679 (Cross-Site Request Forgery (CSRF) vulnerability in 
GentleSource Appoin ...)
+       TODO: check
+CVE-2024-51659 (Cross-Site Request Forgery (CSRF) vulnerability in GeekRMX 
Twitter @An ...)
+       TODO: check
+CVE-2024-51658 (Cross-Site Request Forgery (CSRF) vulnerability in Henrik Hoff 
WP Cour ...)
+       TODO: check
+CVE-2024-51156 (07FLYCMS V1.3.9 was discovered to contain a Cross-Site Request 
Forgery ...)
+       TODO: check
+CVE-2024-50968 (A business logic vulnerability exists in the Add to Cart 
function of i ...)
+       TODO: check
+CVE-2024-49778 (A heap-based buffer overflow in tsMuxer version 
nightly-2024-05-12-02- ...)
+       TODO: check
+CVE-2024-49777 (A heap-based buffer overflow in tsMuxer version 
nightly-2024-03-14-01- ...)
+       TODO: check
+CVE-2024-49776 (A negative-size-param in tsMuxer version 
nightly-2024-04-05-01-53-02 a ...)
+       TODO: check
+CVE-2024-48974 (The ventilator does not perform proper file integrity checks 
when adop ...)
+       TODO: check
+CVE-2024-48973 (The debug port on the ventilator's serial interface is enabled 
by defa ...)
+       TODO: check
+CVE-2024-48971 (The Clinician Password and Serial Number Clinician Password 
are hard-c ...)
+       TODO: check
+CVE-2024-48970 (The ventilator's microcontroller lacks memory protection. An 
attacker  ...)
+       TODO: check
+CVE-2024-48967 (The ventilator and the Service PC lack sufficient audit 
logging capabi ...)
+       TODO: check
+CVE-2024-48966 (The software tools used by service personnel to test & 
calibrate the v ...)
+       TODO: check
+CVE-2024-42499 (Improper limitation of a pathname to a restricted directory 
('Path Tra ...)
+       TODO: check
+CVE-2024-41217 (A heap-based buffer overflow in tsMuxer version 
nightly-2024-05-10-02- ...)
+       TODO: check
+CVE-2024-41209 (A heap-based buffer overflow in tsMuxer version 
nightly-2024-03-14-01- ...)
+       TODO: check
+CVE-2024-41206 (A stack-based buffer over-read in tsMuxer version 
nightly-2024-03-14-0 ...)
+       TODO: check
+CVE-2024-40579 (Cross Site Scripting vulnerability in Virtuozzo Hybrid Server 
for WHMC ...)
+       TODO: check
+CVE-2024-39707 (Insyde IHISI function 0x49 can restore factory defaults for 
certain UE ...)
+       TODO: check
+CVE-2024-39610 (Cross-site scripting vulnerability exists in FitNesse releases 
prior t ...)
+       TODO: check
+CVE-2024-31695 (A misconfiguration in the fingerprint authentication mechanism 
of Bina ...)
+       TODO: check
+CVE-2024-11120 (Certain EOL GeoVision devices have an OS Command Injection 
vulnerabili ...)
+       TODO: check
+CVE-2024-10924 (The Really Simple Security (Free, Pro, and Pro Multisite) 
plugins for  ...)
+       TODO: check
+CVE-2024-10897 (The Tutor LMS Elementor Addons plugin for WordPress is 
vulnerable to u ...)
+       TODO: check
+CVE-2024-10825 (The Hide My WP Ghost \u2013 Security & Firewall plugin for 
WordPress i ...)
+       TODO: check
+CVE-2024-10793 (The WP Activity Log plugin for WordPress is vulnerable to 
Stored Cross ...)
+       TODO: check
+CVE-2024-10582 (The Music Player for Elementor \u2013 Audio Player & Podcast 
Player pl ...)
+       TODO: check
+CVE-2024-10260 (The Tripetto plugin for WordPress is vulnerable to Stored 
Cross-Site S ...)
+       TODO: check
+CVE-2024-10113 (The WP AdCenter \u2013 Ad Manager & Adsense Ads plugin for 
WordPress i ...)
+       TODO: check
+CVE-2024-10104 (The Jobs for WordPress plugin before 2.7.8 does not sanitise 
and escap ...)
+       TODO: check
 CVE-2024-9693 (An issue was discovered in GitLab CE/EE affecting all versions 
startin ...)
        - gitlab <unfixed>
 CVE-2024-9633 (An issue has been discovered in GitLab CE/EE affecting all 
versions st ...)
@@ -604,7 +686,7 @@ CVE-2024-51179 (An issue in Open 5GS v.2.7.1 allows a 
remote attacker to cause a
        NOT-FOR-US: Open5GS
 CVE-2024-51094 (An issue in Snipe-IT v.7.0.13 build 15514 allows a 
low-privileged atta ...)
        - snipe-it <itp> (bug #1005172)
-CVE-2024-51093 (Cross Site Scripting vulnerability in Snipe-IT v.7.0.13 allows 
a remot ...)
+CVE-2024-51093 (Stored Cross-Site Scripting (XSS) vulnerability in Snipe-IT - 
v7.0.13  ...)
        - snipe-it <itp> (bug #1005172)
 CVE-2024-49512 (InDesign Desktop versions ID18.5.3, ID19.5 and earlier are 
affected by ...)
        NOT-FOR-US: Adobe
@@ -509994,8 +510076,7 @@ CVE-2017-13229 (A remote code execution vulnerability 
in the Android media frame
        NOT-FOR-US: Android Media Framework
 CVE-2017-13228 (In function ih264d_ref_idx_reordering of libavc, there is an 
out-of-bo ...)
        NOT-FOR-US: Android Media Framework
-CVE-2017-13227
-       RESERVED
+CVE-2017-13227 (In the autofill service, the package name that is provided by 
the app  ...)
        NOT-FOR-US: Android
 CVE-2017-13226 (An elevation of privilege vulnerability in the MediaTek mtk. 
Product:  ...)
        NOT-FOR-US: Mediatek components for Android
@@ -639676,7 +639757,7 @@ CVE-2013-3902 (Use-after-free vulnerability in 
win32k.sys in the kernel-mode dri
        NOT-FOR-US: Microsoft Windows
 CVE-2013-3901
        REJECTED
-CVE-2013-3900 (The WinVerifyTrust function in Microsoft Windows XP SP2 and 
SP3, Windo ...)
+CVE-2013-3900 (Why is Microsoft republishing a CVE from 2013? We are 
republishing CVE ...)
        NOT-FOR-US: Microsoft Windows
 CVE-2013-3899 (win32k.sys in the kernel-mode drivers in Microsoft Windows XP 
SP2 and  ...)
        NOT-FOR-US: Microsoft Windows



View it on GitLab: 
https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/5ca281e339bd01512bcd3b3132be38baa7e3229f

-- 
View it on GitLab: 
https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/5ca281e339bd01512bcd3b3132be38baa7e3229f
You're receiving this email because of your account on salsa.debian.org.

_______________________________________________
debian-security-tracker-commits mailing list
[email protected]
https://alioth-lists.debian.net/cgi-bin/mailman/listinfo/debian-security-tracker-commits

[Git][security-tracker-team/security-tracker][master] automatic update

Reply via email to