[Git][security-tracker-team/security-tracker][master] automatic update

Salvatore Bonaccorso (@carnil) carnil at debian.org
Fri Dec 6 08:12:08 GMT 2024 


Salvatore Bonaccorso pushed to branch master at Debian Security Tracker / security-tracker


Commits:
c2f80834 by security tracker role at 2024-12-06T08:12:02+00:00
automatic update

- - - - -


1 changed file:

- data/CVE/list


Changes:

=====================================
data/CVE/list
=====================================
@@ -1,3 +1,65 @@
+CVE-2024-9769 (The Video Gallery \u2013 Best WordPress YouTube Gallery plugin for Wor ...)
+	TODO: check
+CVE-2024-6219 (Mark Laing discovered in LXD's PKI mode, until version 5.21.1, that a  ...)
+	TODO: check
+CVE-2024-6156 (Mark Laing discovered that LXD's PKI mode, until version 5.21.2, could ...)
+	TODO: check
+CVE-2024-54140 (sigstore-java is a sigstore java client for interacting with sigstore  ...)
+	TODO: check
+CVE-2024-53589 (GNU objdump 2.43 is vulnerable to Buffer Overflow in the BFD (Binary F ...)
+	TODO: check
+CVE-2024-53523 (JSFinder commit d70ab9bc5221e016c08cffaf0d9ac79646c90645 is vulnerable ...)
+	TODO: check
+CVE-2024-53457 (A stored cross-site scripting (XSS) vulnerability in the Device Settin ...)
+	TODO: check
+CVE-2024-52798 (path-to-regexp turns path strings into a regular expressions. In certa ...)
+	TODO: check
+CVE-2024-49041 (Microsoft Edge (Chromium-based) Spoofing Vulnerability)
+	TODO: check
+CVE-2024-38920 (Open Robotics Robotic Operating System 2 (ROS2) and Nav2 humble versio ...)
+	TODO: check
+CVE-2024-38910 (Open Robotics Robotic Operating System 2 (ROS2) and Nav2 humble versio ...)
+	TODO: check
+CVE-2024-37863 (Open Robotics Robotic Operating System 2 (ROS2) and Nav2 humble versio ...)
+	TODO: check
+CVE-2024-37862 (Buffer Overflow vulnerability in Open Robotic Robotic Operating System ...)
+	TODO: check
+CVE-2024-37861 (Open Robotics Robotic Operating System 2 (ROS2) and Nav2 humble versio ...)
+	TODO: check
+CVE-2024-37860 (Buffer Overflow vulnerability in Open Robotic Operating System 2 ROS2  ...)
+	TODO: check
+CVE-2024-30964 (Insecure Permissions vulnerability in Open Robotics Robotic Operating  ...)
+	TODO: check
+CVE-2024-30963 (Buffer Overflow vulnerability in Open Robotics Robotic Operating Syste ...)
+	TODO: check
+CVE-2024-30962 (Buffer Overflow vulnerability in Open Robotics Robotic Operating Syste ...)
+	TODO: check
+CVE-2024-30961 (Insecure Permissions vulnerability in Open Robotics Robotic Operating  ...)
+	TODO: check
+CVE-2024-12064
+	REJECTED
+CVE-2024-11585 (The WP Hide & Security Enhancer plugin for WordPress is vulnerable to  ...)
+	TODO: check
+CVE-2024-11379 (The Broadcast plugin for WordPress is vulnerable to Reflected Cross-Si ...)
+	TODO: check
+CVE-2024-11201 (The myCred \u2013 Loyalty Points and Rewards plugin for WordPress and  ...)
+	TODO: check
+CVE-2024-11178 (The Login With OTP plugin for WordPress is vulnerable to authenticatio ...)
+	TODO: check
+CVE-2024-11149 (In OpenBSD 7.4 before errata 014, vmm(4) did not restore GDTR limits p ...)
+	TODO: check
+CVE-2024-10933 (In OpenBSD 7.5 before errata 009 and OpenBSD 7.4 before errata 022, ex ...)
+	TODO: check
+CVE-2024-10836 (The Flixita theme for WordPress is vulnerable to Reflected Cross-Site  ...)
+	TODO: check
+CVE-2024-10578 (The Pubnews theme for WordPress is vulnerable to unauthorized arbitrar ...)
+	TODO: check
+CVE-2024-10551 (The Sticky Social Icons WordPress plugin through 1.2.1 does not saniti ...)
+	TODO: check
+CVE-2024-10480 (The 3DPrint Lite WordPress plugin before 2.1 does not have CSRF check  ...)
+	TODO: check
+CVE-2024-10247 (The Video Gallery \u2013 Best WordPress YouTube Gallery Plugin plugin  ...)
+	TODO: check
 CVE-2024-6784 (Server-Side Request Forgery vulnerabilities were found providing a pot ...)
 	NOT-FOR-US: ABB
 CVE-2024-6516 (Cross Site Scripting vulnerabilities where found providing a potential ...)
@@ -318867,7 +318929,7 @@ CVE-2021-0938 (In memzero_explicit of compiler-clang.h, there is a possible bypa
 	NOTE: https://source.android.com/security/bulletin/pixel/2021-10-01
 	NOTE: https://git.kernel.org/linus/3347acc6fcd4ee71ad18a9ff9d9dac176b517329
 CVE-2021-0937
-	RESERVED
+	REJECTED
 	- linux 5.10.38-1
 	[buster] - linux 4.19.194-1
 	[stretch] - linux 4.9.272-1
@@ -476618,18 +476680,18 @@ CVE-2018-9393 (In procfile_write of drivers/misc/mediatek/connectivity/wlan/gen2
 	NOT-FOR-US: Android
 CVE-2018-9392 (In get_binary of vendor/mediatek/proprietary/hardware/connectivity/gps ...)
 	NOT-FOR-US: Android
-CVE-2018-9391
-	RESERVED
-CVE-2018-9390
-	RESERVED
+CVE-2018-9391 (In update_gps_sv and output_vzw_debug of     vendor/mediatek/proprieta ...)
+	TODO: check
+CVE-2018-9390 (In procfile_write of gl_proc.c, there is a possible out of  bounds rea ...)
+	TODO: check
 CVE-2018-9389
 	RESERVED
-CVE-2018-9388
-	RESERVED
+CVE-2018-9388 (In store_upgrade and store_cmd of drivers/input/touchscreen/stm/ftm4_p ...)
+	TODO: check
 CVE-2018-9387
 	RESERVED
-CVE-2018-9386
-	RESERVED
+CVE-2018-9386 (In reboot_block_command of htc reboot_block driver, there is a possibl ...)
+	TODO: check
 CVE-2018-9385 (In driver_override_store of bus.c, there is a possible out of bounds w ...)
 	- linux 4.16.12-1
 	[stretch] - linux 4.9.107-1
@@ -515549,8 +515611,8 @@ CVE-2017-13310 (In createFromParcel of ViewPager.java, there is a possible read/
 	NOT-FOR-US: Android
 CVE-2017-13309 (In readEncryptedData of ConscryptEngine.java, there is a possible plai ...)
 	NOT-FOR-US: Android
-CVE-2017-13308
-	RESERVED
+CVE-2017-13308 (In tscpu_write_GPIO_out and mtkts_Abts_write of mtk_ts_Abts.c, there i ...)
+	TODO: check
 CVE-2017-13307 (A elevation of privilege vulnerability in the Upstream kernel pci sysf ...)
 	NOT-FOR-US: Android kernel (no source release, so apparently not in mainline)
 CVE-2017-13306 (A elevation of privilege vulnerability in the Upstream kernel mnh driv ...)



View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/c2f808346c3cd8130e8754e293a813ee33b6abdc

-- 
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/c2f808346c3cd8130e8754e293a813ee33b6abdc
You're receiving this email because of your account on salsa.debian.org.


-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://alioth-lists.debian.net/pipermail/debian-security-tracker-commits/attachments/20241206/7a34eeeb/attachment-0001.htm>

More information about the debian-security-tracker-commits mailing list