[Git][security-tracker-team/security-tracker][master] automatic update
Salvatore Bonaccorso (@carnil)
carnil at debian.org
Thu Aug 29 09:12:38 BST 2024
Salvatore Bonaccorso pushed to branch master at Debian Security Tracker / security-tracker
Commits:
15f9681a by security tracker role at 2024-08-29T08:12:16+00:00
automatic update
- - - - -
1 changed file:
- data/CVE/list
Changes:
=====================================
data/CVE/list
=====================================
@@ -1,3 +1,63 @@
+CVE-2024-8250 (NTLMSSP dissector crash in Wireshark 4.2.0 to 4.0.6 and 4.0.0 to 4.0.1 ...)
+ TODO: check
+CVE-2024-8198 (Heap buffer overflow in Skia in Google Chrome prior to 128.0.6613.113 ...)
+ TODO: check
+CVE-2024-8194 (Type Confusion in V8 in Google Chrome prior to 128.0.6613.113 allowed ...)
+ TODO: check
+CVE-2024-8193 (Heap buffer overflow in Skia in Google Chrome prior to 128.0.6613.113 ...)
+ TODO: check
+CVE-2024-7857 (The Media Library Folders plugin for WordPress is vulnerable to second ...)
+ TODO: check
+CVE-2024-7856 (The MP3 Audio Player \u2013 Music Player, Podcast Player & Radio by So ...)
+ TODO: check
+CVE-2024-7607 (The Front End Users plugin for WordPress is vulnerable to time-based S ...)
+ TODO: check
+CVE-2024-7606 (The Front End Users plugin for WordPress is vulnerable to Stored Cross ...)
+ TODO: check
+CVE-2024-7418 (The The Post Grid \u2013 Shortcode, Gutenberg Blocks and Elementor Add ...)
+ TODO: check
+CVE-2024-7132 (The Page Builder Gutenberg Blocks WordPress plugin before 3.1.13 does ...)
+ TODO: check
+CVE-2024-6927 (The Viral Signup WordPress plugin through 2.1 does not sanitise and e ...)
+ TODO: check
+CVE-2024-5987 (The WP Accessibility Helper (WAH) plugin for WordPress is vulnerable t ...)
+ TODO: check
+CVE-2024-5857 (The Interactive Contact Form and Multi Step Form Builder with Drag & D ...)
+ TODO: check
+CVE-2024-5417 (The Gutentor WordPress plugin before 3.3.6 does not validate and esca ...)
+ TODO: check
+CVE-2024-4428 (Improper Privilege Management vulnerability in Menulux Information Tec ...)
+ TODO: check
+CVE-2024-45440 (core/authorize.php in Drupal 11.x-dev allows Full Path Disclosure (eve ...)
+ TODO: check
+CVE-2024-45436 (extractFromZipFile in model.go in Ollama before 0.1.47 can extract mem ...)
+ TODO: check
+CVE-2024-45435 (Chartist 1.x through 1.3.0 allows Prototype Pollution via the extend f ...)
+ TODO: check
+CVE-2024-45233 (An issue was discovered in powermail extension through 12.3.5 for TYPO ...)
+ TODO: check
+CVE-2024-45232 (An issue was discovered in powermail extension through 12.3.5 for TYPO ...)
+ TODO: check
+CVE-2024-45059 (i-Educar is free, completely online school management software that al ...)
+ TODO: check
+CVE-2024-45058 (i-Educar is free, completely online school management software that al ...)
+ TODO: check
+CVE-2024-45057 (i-Educar is free, completely online school management software that al ...)
+ TODO: check
+CVE-2024-45048 (PHPSpreadsheet is a pure PHP library for reading and writing spreadshe ...)
+ TODO: check
+CVE-2024-45046 (PHPSpreadsheet is a pure PHP library for reading and writing spreadshe ...)
+ TODO: check
+CVE-2024-43700 (xfpt versions prior to 1.01 fails to handle appropriately some paramet ...)
+ TODO: check
+CVE-2024-41918 ('Rakuten Ichiba App' for Android 12.4.0 and earlier and 'Rakuten Ichib ...)
+ TODO: check
+CVE-2024-3944 (The WP To Do plugin for WordPress is vulnerable to Stored Cross-Site S ...)
+ TODO: check
+CVE-2024-38304 (Dell PowerEdge Platform, 14G Intel BIOS version(s) prior to 2.22.x, co ...)
+ TODO: check
+CVE-2024-38303 (Dell PowerEdge Platform, 14G Intel BIOS version(s) prior to 2.22.x, co ...)
+ TODO: check
CVE-2024-8195 (The Permalink Manager Lite plugin for WordPress is vulnerable to unaut ...)
NOT-FOR-US: WordPress plugin
CVE-2024-7745 (In WS_FTP Server versions before 8.8.8 (2022.0.8), a Missing Critical ...)
@@ -119,7 +179,7 @@ CVE-2024-4555 (Improper Privilege Management vulnerability in OpenText NetIQ Acc
NOT-FOR-US: (OpenText) NetIQ Access Manager
CVE-2024-4554 (Improper Input Validation vulnerability in OpenText NetIQ Access Manag ...)
NOT-FOR-US: (OpenText) NetIQ Access Manager
-CVE-2024-45346 (The Xiaomi Security Center expresses heartfelt thanks to Ken Gannon an ...)
+CVE-2024-45346 (A code execution vulnerability exists in the XiaomiGetApps application ...)
NOT-FOR-US: XiaomiGetApps application
CVE-2024-45049 (Hydra is a Continuous Integration service for Nix based projects. It i ...)
NOT-FOR-US: Hydra
@@ -1347,7 +1407,7 @@ CVE-2024-7971 (Type confusion in V8 in Google Chrome prior to 128.0.6613.84 allo
{DSA-5757-1}
- chromium 128.0.6613.84-1
[bullseye] - chromium <end-of-life> (see #1061268)
-CVE-2024-7969 (Type Confusion in V8 in Google Chrome prior to 128.0.6613.84 allowed a ...)
+CVE-2024-7969 (Type Confusion in V8 in Google Chrome prior to 128.0.6613.113 allowed ...)
{DSA-5757-1}
- chromium 128.0.6613.84-1
[bullseye] - chromium <end-of-life> (see #1061268)
@@ -169688,8 +169748,8 @@ CVE-2022-2442 (The Migration, Backup, Staging \u2013 WPvivid plugin for WordPres
NOT-FOR-US: WordPress plugin
CVE-2022-2441 (The ImageMagick Engine plugin for WordPress is vulnerable to remote co ...)
NOT-FOR-US: WordPress plugin
-CVE-2022-2440
- RESERVED
+CVE-2022-2440 (The Theme Editor plugin for WordPress is vulnerable to deserialization ...)
+ TODO: check
CVE-2022-2439
RESERVED
CVE-2022-2438 (The Broken Link Checker plugin for WordPress is vulnerable to deserial ...)
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/15f9681af87990f6173414dae75d6191e8cd4dcb
--
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/15f9681af87990f6173414dae75d6191e8cd4dcb
You're receiving this email because of your account on salsa.debian.org.
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://alioth-lists.debian.net/pipermail/debian-security-tracker-commits/attachments/20240829/7b32be8a/attachment.htm>
More information about the debian-security-tracker-commits
mailing list