[Git][security-tracker-team/security-tracker][master] automatic update

Salvatore Bonaccorso (@carnil) Fri, 06 Dec 2024 00:12:17 -0800


Salvatore Bonaccorso pushed to branch master at Debian Security Tracker / 
security-tracker



Commits:
c2f80834 by security tracker role at 2024-12-06T08:12:02+00:00
automatic update

- - - - -


1 changed file:

- data/CVE/list


Changes:

=====================================
data/CVE/list
=====================================
@@ -1,3 +1,65 @@
+CVE-2024-9769 (The Video Gallery \u2013 Best WordPress YouTube Gallery plugin 
for Wor ...)
+       TODO: check
+CVE-2024-6219 (Mark Laing discovered in LXD's PKI mode, until version 5.21.1, 
that a  ...)
+       TODO: check
+CVE-2024-6156 (Mark Laing discovered that LXD's PKI mode, until version 
5.21.2, could ...)
+       TODO: check
+CVE-2024-54140 (sigstore-java is a sigstore java client for interacting with 
sigstore  ...)
+       TODO: check
+CVE-2024-53589 (GNU objdump 2.43 is vulnerable to Buffer Overflow in the BFD 
(Binary F ...)
+       TODO: check
+CVE-2024-53523 (JSFinder commit d70ab9bc5221e016c08cffaf0d9ac79646c90645 is 
vulnerable ...)
+       TODO: check
+CVE-2024-53457 (A stored cross-site scripting (XSS) vulnerability in the 
Device Settin ...)
+       TODO: check
+CVE-2024-52798 (path-to-regexp turns path strings into a regular expressions. 
In certa ...)
+       TODO: check
+CVE-2024-49041 (Microsoft Edge (Chromium-based) Spoofing Vulnerability)
+       TODO: check
+CVE-2024-38920 (Open Robotics Robotic Operating System 2 (ROS2) and Nav2 
humble versio ...)
+       TODO: check
+CVE-2024-38910 (Open Robotics Robotic Operating System 2 (ROS2) and Nav2 
humble versio ...)
+       TODO: check
+CVE-2024-37863 (Open Robotics Robotic Operating System 2 (ROS2) and Nav2 
humble versio ...)
+       TODO: check
+CVE-2024-37862 (Buffer Overflow vulnerability in Open Robotic Robotic 
Operating System ...)
+       TODO: check
+CVE-2024-37861 (Open Robotics Robotic Operating System 2 (ROS2) and Nav2 
humble versio ...)
+       TODO: check
+CVE-2024-37860 (Buffer Overflow vulnerability in Open Robotic Operating System 
2 ROS2  ...)
+       TODO: check
+CVE-2024-30964 (Insecure Permissions vulnerability in Open Robotics Robotic 
Operating  ...)
+       TODO: check
+CVE-2024-30963 (Buffer Overflow vulnerability in Open Robotics Robotic 
Operating Syste ...)
+       TODO: check
+CVE-2024-30962 (Buffer Overflow vulnerability in Open Robotics Robotic 
Operating Syste ...)
+       TODO: check
+CVE-2024-30961 (Insecure Permissions vulnerability in Open Robotics Robotic 
Operating  ...)
+       TODO: check
+CVE-2024-12064
+       REJECTED
+CVE-2024-11585 (The WP Hide & Security Enhancer plugin for WordPress is 
vulnerable to  ...)
+       TODO: check
+CVE-2024-11379 (The Broadcast plugin for WordPress is vulnerable to Reflected 
Cross-Si ...)
+       TODO: check
+CVE-2024-11201 (The myCred \u2013 Loyalty Points and Rewards plugin for 
WordPress and  ...)
+       TODO: check
+CVE-2024-11178 (The Login With OTP plugin for WordPress is vulnerable to 
authenticatio ...)
+       TODO: check
+CVE-2024-11149 (In OpenBSD 7.4 before errata 014, vmm(4) did not restore GDTR 
limits p ...)
+       TODO: check
+CVE-2024-10933 (In OpenBSD 7.5 before errata 009 and OpenBSD 7.4 before errata 
022, ex ...)
+       TODO: check
+CVE-2024-10836 (The Flixita theme for WordPress is vulnerable to Reflected 
Cross-Site  ...)
+       TODO: check
+CVE-2024-10578 (The Pubnews theme for WordPress is vulnerable to unauthorized 
arbitrar ...)
+       TODO: check
+CVE-2024-10551 (The Sticky Social Icons WordPress plugin through 1.2.1 does 
not saniti ...)
+       TODO: check
+CVE-2024-10480 (The 3DPrint Lite WordPress plugin before 2.1 does not have 
CSRF check  ...)
+       TODO: check
+CVE-2024-10247 (The Video Gallery \u2013 Best WordPress YouTube Gallery Plugin 
plugin  ...)
+       TODO: check
 CVE-2024-6784 (Server-Side Request Forgery vulnerabilities were found 
providing a pot ...)
        NOT-FOR-US: ABB
 CVE-2024-6516 (Cross Site Scripting vulnerabilities where found providing a 
potential ...)
@@ -318867,7 +318929,7 @@ CVE-2021-0938 (In memzero_explicit of 
compiler-clang.h, there is a possible bypa
        NOTE: https://source.android.com/security/bulletin/pixel/2021-10-01
        NOTE: 
https://git.kernel.org/linus/3347acc6fcd4ee71ad18a9ff9d9dac176b517329
 CVE-2021-0937
-       RESERVED
+       REJECTED
        - linux 5.10.38-1
        [buster] - linux 4.19.194-1
        [stretch] - linux 4.9.272-1
@@ -476618,18 +476680,18 @@ CVE-2018-9393 (In procfile_write of 
drivers/misc/mediatek/connectivity/wlan/gen2
        NOT-FOR-US: Android
 CVE-2018-9392 (In get_binary of 
vendor/mediatek/proprietary/hardware/connectivity/gps ...)
        NOT-FOR-US: Android
-CVE-2018-9391
-       RESERVED
-CVE-2018-9390
-       RESERVED
+CVE-2018-9391 (In update_gps_sv and output_vzw_debug of     
vendor/mediatek/proprieta ...)
+       TODO: check
+CVE-2018-9390 (In procfile_write of gl_proc.c, there is a possible out of  
bounds rea ...)
+       TODO: check
 CVE-2018-9389
        RESERVED
-CVE-2018-9388
-       RESERVED
+CVE-2018-9388 (In store_upgrade and store_cmd of 
drivers/input/touchscreen/stm/ftm4_p ...)
+       TODO: check
 CVE-2018-9387
        RESERVED
-CVE-2018-9386
-       RESERVED
+CVE-2018-9386 (In reboot_block_command of htc reboot_block driver, there is a 
possibl ...)
+       TODO: check
 CVE-2018-9385 (In driver_override_store of bus.c, there is a possible out of 
bounds w ...)
        - linux 4.16.12-1
        [stretch] - linux 4.9.107-1
@@ -515549,8 +515611,8 @@ CVE-2017-13310 (In createFromParcel of 
ViewPager.java, there is a possible read/
        NOT-FOR-US: Android
 CVE-2017-13309 (In readEncryptedData of ConscryptEngine.java, there is a 
possible plai ...)
        NOT-FOR-US: Android
-CVE-2017-13308
-       RESERVED
+CVE-2017-13308 (In tscpu_write_GPIO_out and mtkts_Abts_write of mtk_ts_Abts.c, 
there i ...)
+       TODO: check
 CVE-2017-13307 (A elevation of privilege vulnerability in the Upstream kernel 
pci sysf ...)
        NOT-FOR-US: Android kernel (no source release, so apparently not in 
mainline)
 CVE-2017-13306 (A elevation of privilege vulnerability in the Upstream kernel 
mnh driv ...)



View it on GitLab: 
https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/c2f808346c3cd8130e8754e293a813ee33b6abdc

-- 
View it on GitLab: 
https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/c2f808346c3cd8130e8754e293a813ee33b6abdc
You're receiving this email because of your account on salsa.debian.org.

_______________________________________________
debian-security-tracker-commits mailing list
[email protected]
https://alioth-lists.debian.net/cgi-bin/mailman/listinfo/debian-security-tracker-commits

[Git][security-tracker-team/security-tracker][master] automatic update

Reply via email to