Salvatore Bonaccorso pushed to branch master at Debian Security Tracker /
security-tracker
Commits:
6ccf538f by security tracker role at 2024-12-27T08:12:04+00:00
automatic update
- - - - -
1 changed file:
- data/CVE/list
Changes:
=====================================
data/CVE/list
=====================================
@@ -1,3 +1,61 @@
+CVE-2024-56527 (An issue was discovered in TCPDF before 6.8.0. The Error
function lack ...)
+ TODO: check
+CVE-2024-56522 (An issue was discovered in TCPDF before 6.8.0.
unserializeTCPDFtag use ...)
+ TODO: check
+CVE-2024-56521 (An issue was discovered in TCPDF before 6.8.0. If libcurl is
used, CUR ...)
+ TODO: check
+CVE-2024-56520 (An issue was discovered in tc-lib-pdf-font before 2.6.4, as
used in TC ...)
+ TODO: check
+CVE-2024-56519 (An issue was discovered in TCPDF before 6.8.0. setSVGStyles
does not s ...)
+ TODO: check
+CVE-2024-56510 (@marp-team/marp-core is the core for Marp, which is the
ecosystem to w ...)
+ TODO: check
+CVE-2024-56361 (LGSL (Live Game Server List) provides online status for games.
Before ...)
+ TODO: check
+CVE-2024-55950 (Tabby (formerly Terminus) is a highly configurable terminal
emulator. ...)
+ TODO: check
+CVE-2024-53850 (The Addressing GLPI plugin enables you to create IP reports
for visual ...)
+ TODO: check
+CVE-2024-45805 (OpenCTI is an open-source cyber threat intelligence platform.
Before 6 ...)
+ TODO: check
+CVE-2024-45600 (Fields is a GLPI plugin that allows users to add custom fields
on GLPI ...)
+ TODO: check
+CVE-2024-12983 (A vulnerability classified as problematic has been found in
code-proje ...)
+ TODO: check
+CVE-2024-12982 (A vulnerability was found in PHPGurukul Blood Bank & Donor
Management ...)
+ TODO: check
+CVE-2024-12981 (A vulnerability was found in CodeAstro Car Rental System 1.0.
It has b ...)
+ TODO: check
+CVE-2024-12980 (A vulnerability was found in code-projects Job Recruitment
1.0. It has ...)
+ TODO: check
+CVE-2024-12979 (A vulnerability was found in code-projects Job Recruitment 1.0
and cla ...)
+ TODO: check
+CVE-2024-12978 (A vulnerability has been found in code-projects Job
Recruitment 1.0 an ...)
+ TODO: check
+CVE-2024-12977 (A vulnerability, which was classified as critical, was found
in PHPGur ...)
+ TODO: check
+CVE-2024-12976 (A vulnerability, which was classified as critical, has been
found in C ...)
+ TODO: check
+CVE-2024-12969 (A vulnerability, which was classified as critical, has been
found in c ...)
+ TODO: check
+CVE-2024-12968 (A vulnerability classified as critical was found in
code-projects Job ...)
+ TODO: check
+CVE-2024-12967 (A vulnerability classified as critical has been found in
code-projects ...)
+ TODO: check
+CVE-2024-12966 (A vulnerability was found in code-projects Job Recruitment
1.0. It has ...)
+ TODO: check
+CVE-2024-12965 (A vulnerability was found in 1000 Projects Portfolio
Management System ...)
+ TODO: check
+CVE-2024-11921 (The GiveWP WordPress plugin before 3.19.0 does not sanitise
and escap ...)
+ TODO: check
+CVE-2024-11842 (The DN Shipping by Weight for WooCommerce WordPress plugin
before 1.2 ...)
+ TODO: check
+CVE-2024-11645 (The float block WordPress plugin through 1.7 does not sanitise
and esc ...)
+ TODO: check
+CVE-2024-11644 (The WP-SVG WordPress plugin through 0.9 does not validate and
escape s ...)
+ TODO: check
+CVE-2024-11605 (The wp-publications WordPress plugin through 1.2 does not
escape filen ...)
+ TODO: check
CVE-2024-8994 (Some Honor products are affected by information leak
vulnerability, su ...)
NOT-FOR-US: Honor
CVE-2024-8993 (Some Honor products are affected by information leak
vulnerability, su ...)
@@ -4351,6 +4409,7 @@ CVE-2024-55566 (ColPack 1.0.10 through 9a7293a has a
predictable temporary file
NOTE: https://bugzilla.suse.com/show_bug.cgi?id=1225617
NOTE: Negligible security impact with fs.protected_symlinks=1 being the
standard in Debian
CVE-2024-55565 (nanoid (aka Nano ID) before 5.0.9 mishandles non-integer
values. 3.3.8 ...)
+ {DLA-4003-1}
- node-postcss 8.4.49+~cs9.2.32-1
[bookworm] - node-postcss <no-dsa> (Minor issue)
NOTE: node-postcss bundles nanoid
@@ -19519,7 +19578,7 @@ CVE-2024-10134 (A vulnerability was found in ESAFENET
CDG 5 and classified as cr
NOT-FOR-US: ESAFENET CDG
CVE-2024-10133 (A vulnerability has been found in ESAFENET CDG 5 and
classified as cri ...)
NOT-FOR-US: ESAFENET CDG
-CVE-2024-9774
+CVE-2024-9774 (A vulnerability was found in python-sql where unary operators
do not e ...)
{DSA-5795-1 DLA-3932-1}
- python-sql 1.5.2-1
NOTE: https://discuss.tryton.org/t/security-release-for-issue-93
@@ -114501,6 +114560,7 @@ CVE-2023-5227 (Unrestricted Upload of File with
Dangerous Type in GitHub reposit
CVE-2023-5201 (The OpenHook plugin for WordPress is vulnerable to Remote Code
Executi ...)
NOT-FOR-US: OpenHook plugin for WordPress
CVE-2023-44270 (An issue was discovered in PostCSS before 8.4.31. The
vulnerability af ...)
+ {DLA-4003-1}
- node-postcss 8.4.31+~cs8.0.26-1 (bug #1053282)
[bookworm] - node-postcss <no-dsa> (Minor issue)
[buster] - node-postcss <postponed> (Minor issue)
@@ -305687,6 +305747,7 @@ CVE-2021-23567 (The package colors after 1.4.0 are
vulnerable to Denial of Servi
NOTE: https://github.com/Marak/colors.js/issues/285
NOTE: Introduced with:
https://github.com/Marak/colors.js/commit/074a0f8ed0c31c35d13d28632bd8a049ff136fb6
CVE-2021-23566 (The package nanoid from 3.0.0 and before 3.1.31 are vulnerable
to Info ...)
+ {DLA-4003-1}
- node-postcss 8.4.5+~cs7.1.51-1
NOTE:
https://github.com/ai/nanoid/commit/2b7bd9332bc49b6330c7ddb08e5c661833db2575
(3.1.31)
NOTE: https://github.com/ai/nanoid/pull/328
View it on GitLab:
https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/6ccf538f667687b750f98c9ac6f96dd2a95eb982
--
View it on GitLab:
https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/6ccf538f667687b750f98c9ac6f96dd2a95eb982
You're receiving this email because of your account on salsa.debian.org.
_______________________________________________
debian-security-tracker-commits mailing list
[email protected]
https://alioth-lists.debian.net/cgi-bin/mailman/listinfo/debian-security-tracker-commits
