[Git][security-tracker-team/security-tracker][master] automatic update
Salvatore Bonaccorso (@carnil)
carnil at debian.org
Tue Dec 3 08:12:08 GMT 2024
Salvatore Bonaccorso pushed to branch master at Debian Security Tracker / security-tracker
Commits:
c0698e6d by security tracker role at 2024-12-03T08:12:01+00:00
automatic update
- - - - -
1 changed file:
- data/CVE/list
Changes:
=====================================
data/CVE/list
=====================================
@@ -1,3 +1,85 @@
+CVE-2024-9694 (The CMSMasters Elementor Addon plugin for WordPress is vulnerable to S ...)
+ TODO: check
+CVE-2024-9200 (A post-authentication command injection vulnerability in the "host" pa ...)
+ TODO: check
+CVE-2024-9197 (A post-authentication buffer overflow vulnerability in the parameter " ...)
+ TODO: check
+CVE-2024-9058 (The Element Pack Elementor Addons (Header Footer, Template Library, Dy ...)
+ TODO: check
+CVE-2024-8748 (A buffer overflow vulnerability in the packet parser of the third-part ...)
+ TODO: check
+CVE-2024-53989 (rails-html-sanitizer is responsible for sanitizing HTML fragments in R ...)
+ TODO: check
+CVE-2024-53988 (rails-html-sanitizer is responsible for sanitizing HTML fragments in R ...)
+ TODO: check
+CVE-2024-53987 (rails-html-sanitizer is responsible for sanitizing HTML fragments in R ...)
+ TODO: check
+CVE-2024-53986 (rails-html-sanitizer is responsible for sanitizing HTML fragments in R ...)
+ TODO: check
+CVE-2024-53985 (rails-html-sanitizer is responsible for sanitizing HTML fragments in R ...)
+ TODO: check
+CVE-2024-53941 (An issue was discovered in Victure RX1800 WiFi 6 Router (software EN_V ...)
+ TODO: check
+CVE-2024-53940 (An issue was discovered in Victure RX1800 WiFi 6 Router (software EN_V ...)
+ TODO: check
+CVE-2024-53939 (An issue was discovered in Victure RX1800 WiFi 6 Router (software EN_V ...)
+ TODO: check
+CVE-2024-53938 (An issue was discovered in Victure RX1800 WiFi 6 Router (software EN_V ...)
+ TODO: check
+CVE-2024-53937 (An issue was discovered on Victure RX1800 WiFi 6 Router (software EN_V ...)
+ TODO: check
+CVE-2024-53477 (JFinal CMS 5.1.0 is vulnerable to Command Execution via unauthorized e ...)
+ TODO: check
+CVE-2024-53375 (Authenticated remote code execution (RCE) vulnerabilities affect TP-Li ...)
+ TODO: check
+CVE-2024-49581 (Restricted Views backed objects (OSV1) could be bypassed under specifi ...)
+ TODO: check
+CVE-2024-49421 (Path traversal in Quick Share Agent prior to version 3.5.14.47 in Andr ...)
+ TODO: check
+CVE-2024-49420 (Improper handling of responses in GamingHub prior to version 6.1.04.6 ...)
+ TODO: check
+CVE-2024-49419 (Insufficient verification of url authenticity in GamingHub prior to ve ...)
+ TODO: check
+CVE-2024-49418 (Insufficient verification of url authenticity in GamingHub prior to ve ...)
+ TODO: check
+CVE-2024-49417 (Use of implicit intent for sensitive communication in Smart Touch Call ...)
+ TODO: check
+CVE-2024-49416 (Use of implicit intent for sensitive communication in SmartThings prio ...)
+ TODO: check
+CVE-2024-49415 (Out-of-bound write in libsaped.so prior to SMR Dec-2024 Release 1 allo ...)
+ TODO: check
+CVE-2024-49414 (Authentication Bypass Using an Alternate Path in Dex Mode prior to SMR ...)
+ TODO: check
+CVE-2024-49413 (Improper Verification of Cryptographic Signature in SmartSwitch prior ...)
+ TODO: check
+CVE-2024-49412 (Improper input validation in Settings prior to SMR Dec-2024 Release 1 ...)
+ TODO: check
+CVE-2024-49411 (Path Traversal in ThemeCenter prior to SMR Dec-2024 Release 1 allows p ...)
+ TODO: check
+CVE-2024-49410 (Out-of-bounds write in libswmfextractor.so prior to SMR Dec-2024 Relea ...)
+ TODO: check
+CVE-2024-45068 (Authentication credentials leakage vulnerability in Hitachi Ops Center ...)
+ TODO: check
+CVE-2024-39890 (An issue was discovered in Samsung Mobile Processor, Wearable Processo ...)
+ TODO: check
+CVE-2024-11898 (The Scratch & Win \u2013 Giveaways and Contests. Boost subscribers, tr ...)
+ TODO: check
+CVE-2024-11853 (The jAlbum Bridge plugin for WordPress is vulnerable to Stored Cross-S ...)
+ TODO: check
+CVE-2024-11805 (The Quick License Manager \u2013 WooCommerce Plugin plugin for WordPre ...)
+ TODO: check
+CVE-2024-11732 (The BP Profile Shortcodes Extra plugin for WordPress is vulnerable to ...)
+ TODO: check
+CVE-2024-11707 (The My auctions allegro plugin for WordPress is vulnerable to Reflecte ...)
+ TODO: check
+CVE-2024-11461 (The Form Data Collector plugin for WordPress is vulnerable to Reflecte ...)
+ TODO: check
+CVE-2024-11453 (The WordPress Pinterest Plugin \u2013 Make a Popup, User Profile, Maso ...)
+ TODO: check
+CVE-2024-10893 (The WP Booking Calendar WordPress plugin before 10.6.5 does not saniti ...)
+ TODO: check
+CVE-2024-10484 (The Spectra \u2013 WordPress Gutenberg Blocks plugin for WordPress is ...)
+ TODO: check
CVE-2024-8785 (In WhatsUp Gold versions released before 2024.0.1, aremote unauthentic ...)
NOT-FOR-US: WhatsUp
CVE-2024-5890 (ServiceNow has addressed an HTML injection vulnerability that was iden ...)
@@ -2767,6 +2849,7 @@ CVE-2024-45511 (An issue was discovered in Zimbra Collaboration (ZCS) through 10
CVE-2024-45510 (An issue was discovered in Zimbra Collaboration (ZCS) through 10.0. Zi ...)
NOT-FOR-US: Zimbra
CVE-2024-44309 (A cookie management issue was addressed with improved state management ...)
+ {DSA-5823-1}
- webkit2gtk 2.46.4-1
[buster] - webkit2gtk <end-of-life> (EOL in buster LTS)
- wpewebkit 2.46.4-1
@@ -2774,6 +2857,7 @@ CVE-2024-44309 (A cookie management issue was addressed with improved state mana
[bullseye] - wpewebkit <ignored> (wpewebkit >= 2.40 can no longer be sensibly backported)
NOTE: https://webkitgtk.org/security/WSA-2024-0007.html
CVE-2024-44308 (The issue was addressed with improved checks. This issue is fixed in S ...)
+ {DSA-5823-1}
- webkit2gtk 2.46.4-1
[buster] - webkit2gtk <end-of-life> (EOL in buster LTS)
- wpewebkit 2.46.4-1
@@ -308295,7 +308379,7 @@ CVE-2021-20786 (Cross-site request forgery (CSRF) vulnerability in GroupSession
NOT-FOR-US: GroupSession
CVE-2021-20785 (Cross-site scripting vulnerability in GroupSession (GroupSession Free ...)
NOT-FOR-US: GroupSession
-CVE-2021-20784 (HTTP header injection vulnerability in Everything all versions except ...)
+CVE-2021-20784 (HTTP header injection vulnerability in Everything version 1.0, 1.1, an ...)
NOT-FOR-US: Everything
CVE-2021-20783 (Cross-site request forgery (CSRF) vulnerability in Optical BB unit E-W ...)
NOT-FOR-US: Optical BB unit E-WMTA2.3
@@ -475771,8 +475855,8 @@ CVE-2018-9451 (In DynamicRefTable::load of ResourceTypes.cpp, there is a possibl
NOT-FOR-US: Android
CVE-2018-9450 (In avrc_proc_vendor_command of avrc_api.cc, there is a possible out of ...)
NOT-FOR-US: Android
-CVE-2018-9449
- RESERVED
+CVE-2018-9449 (In process_service_search_attr_rsp of sdp_discovery.cc, there is a pos ...)
+ TODO: check
CVE-2018-9448 (In avct_bcb_msg_ind of avct_bcb_act.cc, there is a possible out of bou ...)
NOT-FOR-US: Android
CVE-2018-9447
@@ -475787,8 +475871,8 @@ CVE-2018-9443
RESERVED
CVE-2018-9442
RESERVED
-CVE-2018-9441
- RESERVED
+CVE-2018-9441 (In sdp_copy_raw_data of sdp_discovery.cc, there is a possible out of b ...)
+ TODO: check
CVE-2018-9440 (In parse of M3UParser.cpp there is a possible resource exhaustion due ...)
NOT-FOR-US: Android Media Framework
CVE-2018-9439
@@ -475799,8 +475883,8 @@ CVE-2018-9437 (In getstring of ID3.cpp there is a possible out-of-bounds read du
NOT-FOR-US: Android Media Framework
CVE-2018-9436 (In bnep_data_ind of bnep_main.cc, there is a possible out of bounds re ...)
NOT-FOR-US: Android
-CVE-2018-9435
- RESERVED
+CVE-2018-9435 (In gatt_process_error_rsp of gatt_cl.cc, there is a possible out of bo ...)
+ TODO: check
CVE-2018-9434
RESERVED
NOT-FOR-US: Android
@@ -475808,28 +475892,23 @@ CVE-2018-9433 (In ArrayConcatVisitor of builtins-array.cc, there is a possible t
NOT-FOR-US: Android
CVE-2018-9432 (In createPhonebookDialogView and createMapDialogView of BluetoothPermi ...)
NOT-FOR-US: Android
-CVE-2018-9431
- RESERVED
+CVE-2018-9431 (In OSUInfo of OSUInfo.java, there is a possible escalation of privileg ...)
NOT-FOR-US: Android
-CVE-2018-9430
- RESERVED
+CVE-2018-9430 (In prop2cfg of btif_storage.cc, there is a possible out of bounds writ ...)
NOT-FOR-US: Android
-CVE-2018-9429
- RESERVED
+CVE-2018-9429 (In buildImageItemsIfPossible of ItemTable.cpp there is a possible out ...)
NOT-FOR-US: Android Media Framework
CVE-2018-9428 (In startDevice of AAudioServiceStreamBase.cpp there is a possible out ...)
NOT-FOR-US: Android Media Framework
CVE-2018-9427 (In CopyToOMX of OMXNodeInstance.cpp there is a possible out-of-bounds ...)
NOT-FOR-US: Android Media Framework
-CVE-2018-9426
- RESERVED
+CVE-2018-9426 (In RsaKeyPairGenerator::getNumberOfIterations of RSAKeyPairGenerator.j ...)
NOT-FOR-US: Android
CVE-2018-9425 (In Platform, there is a possible bypass of user interaction requiremen ...)
NOT-FOR-US: Android
CVE-2018-9424 (In CryptoPlugin::decrypt of CryptoPlugin.cpp, there is a possible out ...)
NOT-FOR-US: Android Media Framework
-CVE-2018-9423
- RESERVED
+CVE-2018-9423 (In ihevcd_parse_slice_header of ihevcd_parse_slice_header.c there is a ...)
NOT-FOR-US: Android Media Framework
CVE-2018-9422 (In get_futex_key of futex.c, there is a use-after-free due to improper ...)
{DLA-1422-1}
@@ -475841,8 +475920,7 @@ CVE-2018-9420 (In BnCameraService::onTransact of CameraService.cpp, there is a p
NOT-FOR-US: Android
CVE-2018-9419 (In l2cble_process_sig_cmd of l2c_ble.cc, there is a possible out of bo ...)
NOT-FOR-US: Android
-CVE-2018-9418
- RESERVED
+CVE-2018-9418 (In handle_app_cur_val_response of dtif_rc.cc, there is a possible stac ...)
NOT-FOR-US: Android
CVE-2018-9417 (In f_hidg_read and hidg_disable of f_hid.c, there is a possible use-af ...)
NOT-FOR-US: Android kernel (no source release, so not from upstream kernel)
@@ -475855,11 +475933,9 @@ CVE-2018-9415 (In driver_override_store and driver_override_show of bus.c, there
[jessie] - linux <not-affected> (Vulnerable code not present)
NOTE: https://source.android.com/security/bulletin/pixel/2018-07-01
NOTE: https://patchwork.kernel.org/patch/10175615/
-CVE-2018-9414
- RESERVED
+CVE-2018-9414 (In gattServerSendResponseNative of com_android_bluetooth_gatt.cpp, the ...)
NOT-FOR-US: Android
-CVE-2018-9413
- RESERVED
+CVE-2018-9413 (In handle_notification_response of btif_rc.cc, there is a possible out ...)
NOT-FOR-US: Android
CVE-2018-9412 (In removeUnsynchronization of ID3.cpp there is a possible resource exh ...)
NOT-FOR-US: Android Media Framework
@@ -475937,8 +476013,7 @@ CVE-2018-9378
RESERVED
CVE-2018-9377 (In BnAudioPolicyService::onTransact of IAudioPolicyService.cpp, there ...)
NOT-FOR-US: Android
-CVE-2018-9376
- RESERVED
+CVE-2018-9376 (In rpc_msg_handler and related handlers ofdrivers/misc/mediatek/eccci/ ...)
NOT-FOR-US: Android
CVE-2018-9375
RESERVED
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/c0698e6d9e85d472c480ab8433f2d6f486df2548
--
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/c0698e6d9e85d472c480ab8433f2d6f486df2548
You're receiving this email because of your account on salsa.debian.org.
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://alioth-lists.debian.net/pipermail/debian-security-tracker-commits/attachments/20241203/2a8728f0/attachment.htm>
More information about the debian-security-tracker-commits
mailing list