Salvatore Bonaccorso pushed to branch master at Debian Security Tracker /
security-tracker
Commits:
334acbfe by security tracker role at 2024-12-12T08:13:43+00:00
automatic update
- - - - -
1 changed file:
- data/CVE/list
Changes:
=====================================
data/CVE/list
=====================================
@@ -1,3 +1,313 @@
+CVE-2024-9881 (The LearnPress WordPress plugin before 4.2.7.2 does not
sanitise and ...)
+ TODO: check
+CVE-2024-9641 (The LuckyWP Table of Contents WordPress plugin before 2.1.7
does not s ...)
+ TODO: check
+CVE-2024-9428 (The Popup Builder WordPress plugin before 4.3.5 does not
sanitise and ...)
+ TODO: check
+CVE-2024-55884 (In the Mullvad VPN client 2024.6 (Desktop), 2024.8 (iOS), and
2024.8-b ...)
+ TODO: check
+CVE-2024-55660 (SiYuan is a personal knowledge management system. Prior to
version 3.1 ...)
+ TODO: check
+CVE-2024-55659 (SiYuan is a personal knowledge management system. Prior to
version 3.1 ...)
+ TODO: check
+CVE-2024-55658 (SiYuan is a personal knowledge management system. Prior to
version 3.1 ...)
+ TODO: check
+CVE-2024-55657 (SiYuan is a personal knowledge management system. Prior to
version 3.1 ...)
+ TODO: check
+CVE-2024-55652 (PenDoc is a penetration testing reporting application. Prior
to commit ...)
+ TODO: check
+CVE-2024-54534 (The issue was addressed with improved memory handling. This
issue is f ...)
+ TODO: check
+CVE-2024-54531 (The issue was addressed with improved memory handling. This
issue is f ...)
+ TODO: check
+CVE-2024-54529 (A logic issue was addressed with improved checks. This issue
is fixed ...)
+ TODO: check
+CVE-2024-54528 (A logic issue was addressed with improved restrictions. This
issue is ...)
+ TODO: check
+CVE-2024-54527 (This issue was addressed with improved checks. This issue is
fixed in ...)
+ TODO: check
+CVE-2024-54526 (The issue was addressed with improved checks. This issue is
fixed in w ...)
+ TODO: check
+CVE-2024-54524 (A logic issue was addressed with improved file handling. This
issue is ...)
+ TODO: check
+CVE-2024-54515 (A logic issue was addressed with improved restrictions. This
issue is ...)
+ TODO: check
+CVE-2024-54514 (The issue was addressed with improved checks. This issue is
fixed in w ...)
+ TODO: check
+CVE-2024-54513 (A permissions issue was addressed with additional
restrictions. This i ...)
+ TODO: check
+CVE-2024-54510 (A race condition was addressed with improved locking. This
issue is fi ...)
+ TODO: check
+CVE-2024-54508 (The issue was addressed with improved memory handling. This
issue is f ...)
+ TODO: check
+CVE-2024-54506 (An out-of-bounds access issue was addressed with improved
bounds check ...)
+ TODO: check
+CVE-2024-54505 (A type confusion issue was addressed with improved memory
handling. Th ...)
+ TODO: check
+CVE-2024-54504 (A privacy issue was addressed with improved private data
redaction for ...)
+ TODO: check
+CVE-2024-54503 (An inconsistent user interface issue was addressed with
improved state ...)
+ TODO: check
+CVE-2024-54502 (The issue was addressed with improved checks. This issue is
fixed in w ...)
+ TODO: check
+CVE-2024-54501 (The issue was addressed with improved checks. This issue is
fixed in i ...)
+ TODO: check
+CVE-2024-54500 (The issue was addressed with improved checks. This issue is
fixed in i ...)
+ TODO: check
+CVE-2024-54498 (A path handling issue was addressed with improved validation.
This iss ...)
+ TODO: check
+CVE-2024-54495 (The issue was addressed with improved permissions logic. This
issue is ...)
+ TODO: check
+CVE-2024-54494 (A race condition was addressed with additional validation.
This issue ...)
+ TODO: check
+CVE-2024-54493 (This issue was addressed through improved state management.
This issue ...)
+ TODO: check
+CVE-2024-54492 (This issue was addressed by using HTTPS when sending
information over ...)
+ TODO: check
+CVE-2024-54491 (The issue was resolved by sanitizing logging This issue is
fixed in ma ...)
+ TODO: check
+CVE-2024-54490 (This issue was addressed by enabling hardened runtime. This
issue is f ...)
+ TODO: check
+CVE-2024-54489 (A path handling issue was addressed with improved validation.
This iss ...)
+ TODO: check
+CVE-2024-54486 (The issue was addressed with improved checks. This issue is
fixed in i ...)
+ TODO: check
+CVE-2024-54485 (The issue was addressed by adding additional logic. This issue
is fixe ...)
+ TODO: check
+CVE-2024-54484 (The issue was resolved by sanitizing logging. This issue is
fixed in m ...)
+ TODO: check
+CVE-2024-54479 (The issue was addressed with improved checks. This issue is
fixed in i ...)
+ TODO: check
+CVE-2024-54477 (The issue was addressed with improved checks. This issue is
fixed in m ...)
+ TODO: check
+CVE-2024-54476 (The issue was addressed with improved checks. This issue is
fixed in m ...)
+ TODO: check
+CVE-2024-54474 (The issue was addressed with improved checks. This issue is
fixed in m ...)
+ TODO: check
+CVE-2024-54471 (This issue was addressed with additional entitlement checks.
This issu ...)
+ TODO: check
+CVE-2024-54466 (An authorization issue was addressed with improved state
management. T ...)
+ TODO: check
+CVE-2024-54465 (A logic issue was addressed with improved state management.
This issue ...)
+ TODO: check
+CVE-2024-53845 (ESPTouch is a connection protocol for internet of things
devices. In t ...)
+ TODO: check
+CVE-2024-53274 (Habitica is an open-source habit-building program. Versions
prior to 5 ...)
+ TODO: check
+CVE-2024-53273 (Habitica is an open-source habit-building program. Versions
prior to 5 ...)
+ TODO: check
+CVE-2024-53272 (Habitica is an open-source habit-building program. Versions
prior to 5 ...)
+ TODO: check
+CVE-2024-45404 (OpenCTI is an open-source cyber threat intelligence platform.
In versi ...)
+ TODO: check
+CVE-2024-44300 (A logic issue was addressed with improved file handling. This
issue is ...)
+ TODO: check
+CVE-2024-44299 (The issue was addressed with improved bounds checks. This
issue is fix ...)
+ TODO: check
+CVE-2024-44291 (A logic issue was addressed with improved file handling. This
issue is ...)
+ TODO: check
+CVE-2024-44290 (This issue was addressed with improved redaction of sensitive
informat ...)
+ TODO: check
+CVE-2024-44248 (This issue was addressed through improved state management.
This issue ...)
+ TODO: check
+CVE-2024-44246 (The issue was addressed with improved routing of
Safari-originated req ...)
+ TODO: check
+CVE-2024-44245 (The issue was addressed with improved memory handling. This
issue is f ...)
+ TODO: check
+CVE-2024-44243 (A configuration issue was addressed with additional
restrictions. This ...)
+ TODO: check
+CVE-2024-44242 (The issue was addressed with improved bounds checks. This
issue is fix ...)
+ TODO: check
+CVE-2024-44241 (The issue was addressed with improved bounds checks. This
issue is fix ...)
+ TODO: check
+CVE-2024-44225 (A logic issue was addressed with improved checks. This issue
is fixed ...)
+ TODO: check
+CVE-2024-44224 (A permissions issue was addressed with additional
restrictions. This i ...)
+ TODO: check
+CVE-2024-44220 (The issue was addressed with improved memory handling. This
issue is f ...)
+ TODO: check
+CVE-2024-44212 (A cookie management issue was addressed with improved state
management ...)
+ TODO: check
+CVE-2024-44201 (The issue was addressed with improved memory handling. This
issue is f ...)
+ TODO: check
+CVE-2024-44200 (This issue was addressed with improved redaction of sensitive
informat ...)
+ TODO: check
+CVE-2024-42407 (Insertion of Sensitive Information into Log File (CWE-532) in
the Gall ...)
+ TODO: check
+CVE-2024-41146 (Use of Multiple Resources with Duplicate Identifier (CWE-694)
in the C ...)
+ TODO: check
+CVE-2024-12564 (Exposure of Sensitive Information to an Unauthorized Actor
vulnerabili ...)
+ TODO: check
+CVE-2024-12536 (A vulnerability, which was classified as problematic, has been
found i ...)
+ TODO: check
+CVE-2024-12526 (The Arena.IM \u2013 Live Blogging for real-time events plugin
for Word ...)
+ TODO: check
+CVE-2024-12503 (A vulnerability classified as problematic was found in
ClassCMS 4.8. A ...)
+ TODO: check
+CVE-2024-12497 (A vulnerability classified as critical has been found in 1000
Projects ...)
+ TODO: check
+CVE-2024-12492 (A vulnerability was found in code-projects Farmacia 1.0. It
has been r ...)
+ TODO: check
+CVE-2024-12490 (A vulnerability was found in code-projects Online Class and
Exam Sched ...)
+ TODO: check
+CVE-2024-12489 (A vulnerability was found in code-projects Online Class and
Exam Sched ...)
+ TODO: check
+CVE-2024-12488 (A vulnerability was found in code-projects Online Class and
Exam Sched ...)
+ TODO: check
+CVE-2024-12487 (A vulnerability has been found in code-projects Online Class
and Exam ...)
+ TODO: check
+CVE-2024-12486 (A vulnerability, which was classified as critical, was found
in code-p ...)
+ TODO: check
+CVE-2024-12485 (A vulnerability, which was classified as critical, has been
found in c ...)
+ TODO: check
+CVE-2024-12463 (The Arena.IM \u2013 Live Blogging for real-time events plugin
for Word ...)
+ TODO: check
+CVE-2024-12461 (The WP-Revive Adserver plugin for WordPress is vulnerable to
Stored Cr ...)
+ TODO: check
+CVE-2024-12441 (The BP Email Assign Templates plugin for WordPress is
vulnerable to Re ...)
+ TODO: check
+CVE-2024-12406 (The Library Management System \u2013 Manage e-Digital Books
Library pl ...)
+ TODO: check
+CVE-2024-12341 (The Custom Skins Contact Form 7 plugin for WordPress is
vulnerable to ...)
+ TODO: check
+CVE-2024-12338 (The Website Toolbox Community plugin for WordPress is
vulnerable to Re ...)
+ TODO: check
+CVE-2024-12329 (The Essential Real Estate plugin for WordPress is vulnerable
to unauth ...)
+ TODO: check
+CVE-2024-12312 (The Print Science Designer plugin for WordPress is vulnerable
to PHP O ...)
+ TODO: check
+CVE-2024-12265 (The Web3 Crypto Payments by DePay for WooCommerce plugin for
WordPress ...)
+ TODO: check
+CVE-2024-12263 (The Child Theme Creator by Orbisius plugin for WordPress is
vulnerable ...)
+ TODO: check
+CVE-2024-12260 (The Ultimate Endpoints With Rest Api plugin for WordPress is
vulnerabl ...)
+ TODO: check
+CVE-2024-12258 (The WP Service Payment Form With Authorize.net plugin for
WordPress is ...)
+ TODO: check
+CVE-2024-12255 (The Accept Stripe Payments Using Contact Form 7 plugin for
WordPress i ...)
+ TODO: check
+CVE-2024-12201 (The Hash Form \u2013 Drag & Drop Form Builder plugin for
WordPress is ...)
+ TODO: check
+CVE-2024-12172 (The WP Courses LMS \u2013 Online Courses Builder, eLearning
Courses, C ...)
+ TODO: check
+CVE-2024-12162 (The Video & Photo Gallery for Ultimate Member plugin for
WordPress is ...)
+ TODO: check
+CVE-2024-12156 (The AI Content Writer, RSS Feed to Post, Autoblogging SEO Help
plugin ...)
+ TODO: check
+CVE-2024-12072 (The Analytics Cat \u2013 Google Analytics Made Easy plugin for
WordPre ...)
+ TODO: check
+CVE-2024-12059 (The ElementInvader Addons for Elementor plugin for WordPress
is vulner ...)
+ TODO: check
+CVE-2024-12040 (The Product Carousel Slider & Grid Ultimate for WooCommerce
plugin for ...)
+ TODO: check
+CVE-2024-12018 (The Snippet Shortcodes plugin for WordPress is vulnerable to
unauthori ...)
+ TODO: check
+CVE-2024-11950 (XnSoft XnView Classic RWZ File Parsing Integer Underflow
Remote Code E ...)
+ TODO: check
+CVE-2024-11949 (GFI Archiver Store Service Deserialization of Untrusted Data
Remote Co ...)
+ TODO: check
+CVE-2024-11948 (GFI Archiver Telerik Web UI Remote Code Execution
Vulnerability. This ...)
+ TODO: check
+CVE-2024-11947 (GFI Archiver Core Service Deserialization of Untrusted Data
Remote Cod ...)
+ TODO: check
+CVE-2024-11914 (The Gutenberg Blocks and Page Layouts \u2013 Attire Blocks
plugin for ...)
+ TODO: check
+CVE-2024-11901 (The PowerBI Embed Reports plugin for WordPress is vulnerable
to Stored ...)
+ TODO: check
+CVE-2024-11891 (The Perfect Font Awesome Integration plugin for WordPress is
vulnerabl ...)
+ TODO: check
+CVE-2024-11882 (The FAQ And Answers \u2013 Create Frequently Asked Questions
Area on W ...)
+ TODO: check
+CVE-2024-11875 (The Add infos to the events calendar plugin for WordPress is
vulnerabl ...)
+ TODO: check
+CVE-2024-11872 (Epic Games Launcher Incorrect Default Permissions Local
Privilege Esca ...)
+ TODO: check
+CVE-2024-11871 (The Social Media Shortcodes plugin for WordPress is vulnerable
to Stor ...)
+ TODO: check
+CVE-2024-11804 (The Planaday API plugin for WordPress is vulnerable to
Reflected Cross ...)
+ TODO: check
+CVE-2024-11785 (The Integrate Firebase plugin for WordPress is vulnerable to
Stored Cr ...)
+ TODO: check
+CVE-2024-11781 (The Smart Agenda \u2013 Prise de rendez-vous en ligne plugin
for WordP ...)
+ TODO: check
+CVE-2024-11766 (The WordPress Book Plugin for Displaying Books in Grid, Flip,
Slider, ...)
+ TODO: check
+CVE-2024-11765 (The WordPress Portfolio Plugin \u2013 A Plugin for Making
Filterable P ...)
+ TODO: check
+CVE-2024-11757 (The WP GeoNames plugin for WordPress is vulnerable to Stored
Cross-Sit ...)
+ TODO: check
+CVE-2024-11750 (The ONLYOFFICE DocSpace plugin for WordPress is vulnerable to
Stored C ...)
+ TODO: check
+CVE-2024-11727 (The NotificationX \u2013 Live Sales Notification, WooCommerce
Sales Po ...)
+ TODO: check
+CVE-2024-11724 (The Cookie Consent for WP \u2013 Cookie Consent, Consent Log,
Cookie S ...)
+ TODO: check
+CVE-2024-11723 (The kvCORE IDX plugin for WordPress is vulnerable to Reflected
Cross-S ...)
+ TODO: check
+CVE-2024-11709 (The AI Post Generator | AutoWriter plugin for WordPress is
vulnerable ...)
+ TODO: check
+CVE-2024-11689 (The HQ Rental Software plugin for WordPress is vulnerable to
Cross-Sit ...)
+ TODO: check
+CVE-2024-11683 (The Newsletter Subscriptions plugin for WordPress is
vulnerable to Ref ...)
+ TODO: check
+CVE-2024-11459 (The Country Blocker plugin for WordPress is vulnerable to
Reflected Cr ...)
+ TODO: check
+CVE-2024-11443 (The de:branding plugin for WordPress is vulnerable to
unauthorized mod ...)
+ TODO: check
+CVE-2024-11442 (The Horizontal scroll image slideshow plugin for WordPress is
vulnerab ...)
+ TODO: check
+CVE-2024-11433 (The Surbma | SalesAutopilot Shortcode plugin for WordPress is
vulnerab ...)
+ TODO: check
+CVE-2024-11430 (The SQL Chart Builder plugin for WordPress is vulnerable to
SQL Inject ...)
+ TODO: check
+CVE-2024-11427 (The Catch Popup plugin for WordPress is vulnerable to Stored
Cross-Sit ...)
+ TODO: check
+CVE-2024-11419 (The Password for WP plugin for WordPress is vulnerable to
Cross-Site R ...)
+ TODO: check
+CVE-2024-11417 (The dejure.org Vernetzungsfunktion plugin for WordPress is
vulnerable ...)
+ TODO: check
+CVE-2024-11413 (The HostFact bestelformulier integratie plugin for WordPress
is vulner ...)
+ TODO: check
+CVE-2024-11410 (The Top and footer bars for announcements, notifications,
advertisemen ...)
+ TODO: check
+CVE-2024-11384 (The Arena.IM \u2013 Live Blogging for real-time events plugin
for Word ...)
+ TODO: check
+CVE-2024-11359 (The Library Bookshelves plugin for WordPress is vulnerable to
Reflecte ...)
+ TODO: check
+CVE-2024-11279 (The Schema App Structured Data plugin for WordPress is
vulnerable to R ...)
+ TODO: check
+CVE-2024-11181 (The Greenshift \u2013 animation and page builder blocks plugin
for Wor ...)
+ TODO: check
+CVE-2024-11052 (The Ninja Forms \u2013 The Contact Form Builder That Grows
With You pl ...)
+ TODO: check
+CVE-2024-11015 (The Sign In With Google plugin for WordPress is vulnerable to
authenti ...)
+ TODO: check
+CVE-2024-10910 (The The Grid Plus \u2013 Unlimited grid layout plugin for
WordPress is ...)
+ TODO: check
+CVE-2024-10784 (The Unlimited Elements For Elementor (Free Widgets, Addons,
Templates) ...)
+ TODO: check
+CVE-2024-10637 (The Gutenberg Blocks with AI by Kadence WP WordPress plugin
before 3. ...)
+ TODO: check
+CVE-2024-10590 (The Opt-In Downloads plugin for WordPress is vulnerable to
arbitrary f ...)
+ TODO: check
+CVE-2024-10583 (The Popup Maker \u2013 Boost Sales, Conversions, Optins,
Subscribers w ...)
+ TODO: check
+CVE-2024-10568 (The Ajax Search Lite WordPress plugin before 4.12.4 does not
sanitise ...)
+ TODO: check
+CVE-2024-10518 (The Paid Membership Plugin, Ecommerce, User Registration Form,
Login F ...)
+ TODO: check
+CVE-2024-10517 (The Paid Membership Plugin, Ecommerce, User Registration Form,
Login F ...)
+ TODO: check
+CVE-2024-10499 (The AI Engine WordPress plugin before 2.6.5 does not sanitize
and esca ...)
+ TODO: check
+CVE-2024-10182 (The Cognito Forms plugin for WordPress is vulnerable to Stored
Cross-S ...)
+ TODO: check
+CVE-2024-10124 (The Vayu Blocks \u2013 Gutenberg Blocks for WordPress &
WooCommerce pl ...)
+ TODO: check
+CVE-2024-10111 (The OAuth Single Sign On \u2013 SSO (OAuth Client) plugin for
WordPres ...)
+ TODO: check
+CVE-2024-10010 (The LearnPress WordPress plugin before 4.2.7.2 does not
sanitise and ...)
+ TODO: check
CVE-2024-9845 (Under specific circumstances, insecure permissions in Ivanti
Automatio ...)
NOT-FOR-US: Ivanti
CVE-2024-8496 (Under specific circumstances, insecure permissions in Ivanti
Workspace ...)
@@ -8854,6 +9164,7 @@ CVE-2024-52533 (gio/gsocks4aproxy.c in GNOME GLib before
2.82.1 has an off-by-on
NOTE:
https://gitlab.gnome.org/GNOME/glib/-/commit/25833cefda24c60af913d6f2d532b5afd608b821
(main)
NOTE:
https://gitlab.gnome.org/GNOME/glib/-/commit/ec0b708b981af77fef8e4bbb603cde4de4cd2e29
(2.82.1)
CVE-2024-52532 (GNOME libsoup before 3.6.1 has an infinite loop, and memory
consumptio ...)
+ {DLA-3992-1}
- libsoup3 3.6.0-4 (bug #1087416)
[bookworm] - libsoup3 <no-dsa> (Minor issue)
- libsoup2.4 2.74.3-8.1 (bug #1089238)
@@ -8864,6 +9175,7 @@ CVE-2024-52532 (GNOME libsoup before 3.6.1 has an
infinite loop, and memory cons
NOTE: Test fix #1:
https://gitlab.gnome.org/GNOME/libsoup/-/commit/29b96fab2512666d7241e46c98cc45b60b795c0c
(master)
NOTE: Test fix #2:
https://gitlab.gnome.org/GNOME/libsoup/-/commit/4c9e75c6676a37b6485620c332e568e1a3f530ff
(master)
CVE-2024-52531 (GNOME libsoup before 3.6.1 allows a buffer overflow in
applications th ...)
+ {DLA-3992-1}
- libsoup3 3.6.0-4 (bug #1087417)
[bookworm] - libsoup3 <no-dsa> (Minor issue)
- libsoup2.4 2.74.3-8.1 (bug #1089240)
@@ -8872,6 +9184,7 @@ CVE-2024-52531 (GNOME libsoup before 3.6.1 allows a
buffer overflow in applicati
NOTE:
https://gitlab.gnome.org/GNOME/libsoup/-/commit/3c54033634ae537b52582900a7ba432c52ae8174
NOTE:
https://gitlab.gnome.org/GNOME/libsoup/-/commit/a35222dd0bfab2ac97c10e86b95f762456628283
CVE-2024-52530 (GNOME libsoup before 3.6.0 allows HTTP request smuggling in
some confi ...)
+ {DLA-3992-1}
- libsoup3 3.5.2-1
[bookworm] - libsoup3 <no-dsa> (Minor issue)
- libsoup2.4 2.74.3-8.1 (bug #1088812)
View it on GitLab:
https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/334acbfe3665e2e72d23ea5c133b2d6ac3a7f3ec
--
View it on GitLab:
https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/334acbfe3665e2e72d23ea5c133b2d6ac3a7f3ec
You're receiving this email because of your account on salsa.debian.org.
_______________________________________________
debian-security-tracker-commits mailing list
[email protected]
https://alioth-lists.debian.net/cgi-bin/mailman/listinfo/debian-security-tracker-commits
