[Git][security-tracker-team/security-tracker][master] automatic update

Salvatore Bonaccorso (@carnil) carnil at debian.org
Sat Dec 7 20:12:13 GMT 2024 


Salvatore Bonaccorso pushed to branch master at Debian Security Tracker / security-tracker


Commits:
96970a5b by security tracker role at 2024-12-07T20:12:07+00:00
automatic update

- - - - -


1 changed file:

- data/CVE/list


Changes:

=====================================
data/CVE/list
=====================================
@@ -1,3 +1,31 @@
+CVE-2024-47115 (IBM AIX 7.2, 7.3 and VIOS 3.1 and 4.1could allow a local user to execu ...)
+	TODO: check
+CVE-2024-47107 (IBM QRadar SIEM 7.5 is vulnerable to stored cross-site scripting. This ...)
+	TODO: check
+CVE-2024-41762 (IBM Db2 for Linux, UNIX and Windows (includes Db2 Connect Server) 10.5 ...)
+	TODO: check
+CVE-2024-37071 (IBM Db2 for Linux, UNIX and Windows (includes Db2 Connect Server) 10.5 ...)
+	TODO: check
+CVE-2024-12270 (The Beautiful taxonomy filters plugin for WordPress is vulnerable to S ...)
+	TODO: check
+CVE-2024-12253 (The Simple Ecommerce Shopping Cart Plugin- Sell products through Paypa ...)
+	TODO: check
+CVE-2024-12128 (The Simple Ecommerce Shopping Cart Plugin- Sell products through Paypa ...)
+	TODO: check
+CVE-2024-11501 (The Gallery plugin for WordPress is vulnerable to PHP Object Injection ...)
+	TODO: check
+CVE-2024-11464 (The Easy Code Snippets plugin for WordPress is vulnerable to Reflected ...)
+	TODO: check
+CVE-2024-11457 (The Feedpress Generator \u2013 External RSS Frontend Customizer plugin ...)
+	TODO: check
+CVE-2024-11380 (The Mini Program API plugin for WordPress is vulnerable to Stored Cros ...)
+	TODO: check
+CVE-2024-11374 (The TWChat \u2013 Send or receive messages from users plugin for WordP ...)
+	TODO: check
+CVE-2024-11367 (The Smoove connector for Elementor forms plugin for WordPress is vulne ...)
+	TODO: check
+CVE-2024-11010 (The FileOrganizer \u2013 Manage WordPress and Website Files plugin for ...)
+	TODO: check
 CVE-2024-8679 (The Library Management System \u2013 Manage e-Digital Books Library pl ...)
 	NOT-FOR-US: WordPress plugin
 CVE-2024-7894 (The If Menu plugin for WordPress is vulnerable to unauthorized modific ...)
@@ -2059,21 +2087,25 @@ CVE-2024-46055 (OpenVidReview 1.0 is vulnerable to Cross Site Scripting (XSS) in
 CVE-2024-46054 (OpenVidReview 1.0 is vulnerable to Incorrect Access Control. The /uplo ...)
 	NOT-FOR-US: OpenVidReview
 CVE-2024-42333 (The researcher is showing that it is possible to leak a small amount o ...)
+	{DLA-3984-1}
 	- zabbix 1:7.0.5+dfsg-1 (bug #1088689)
 	NOTE: https://support.zabbix.com/browse/ZBX-25629
 	NOTE: Fixed by https://github.com/zabbix/zabbix/commit/72d2ce61872fcbace8f8dfdabc0568c99980989d (7.0.4rc1)
 	NOTE: Fixed by (merge commit) https://github.com/zabbix/zabbix/commit/c4ea57b823cb6a4c2cb0796f500e862fbb6a46ea (6.0.35rc1)
 CVE-2024-42332 (The researcher is showing that due to the way the SNMP trap log is par ...)
+	{DLA-3984-1}
 	- zabbix 1:7.0.5+dfsg-1 (bug #1088689)
 	NOTE: https://support.zabbix.com/browse/ZBX-25628
 	NOTE: Fixed by (merge commit): https://github.com/zabbix/zabbix/commit/e2982fbe05fe0a232c3fd71f2a3426a0bf400f77 (7.0.5rc1)
 	NOTE: Fixed by (merge commit): https://github.com/zabbix/zabbix/commit/c539a227623343187d9907186bce7c9c3bc57a52 (6.0.35rc1)
 CVE-2024-42331 (In the src/libs/zbxembed/browser.c file, the es_browser_ctor method re ...)
+	{DLA-3984-1}
 	- zabbix 1:7.0.5+dfsg-1 (bug #1088689)
 	NOTE: https://support.zabbix.com/browse/ZBX-25627
 	NOTE: Fixed by (merge commit): https://github.com/zabbix/zabbix/commit/e1bcc14d49a779587b6f31dddaf1ccbba4008d20 (7.0.4rc1)
 	NOTE: and additionally https://github.com/zabbix/zabbix/commit/e731ed95fda7572ebae5eaffaa70f41e8f897e0d (7.0.4rc1)
 CVE-2024-42330 (The HttpRequest object allows to get the HTTP headers from the server' ...)
+	{DLA-3984-1}
 	- zabbix 1:7.0.5+dfsg-1 (bug #1088689)
 	NOTE: https://support.zabbix.com/browse/ZBX-25626
 	NOTE: Fixed by (merge commit): https://github.com/zabbix/zabbix/commit/e82c5941242edc9f4a96e101caaf27e106f73f47 (7.0.4rc1)
@@ -2119,6 +2151,7 @@ CVE-2024-36468 (The reported vulnerability is a stack buffer overflow in the zbx
 	NOTE: Fixed by (merge commit): https://github.com/zabbix/zabbix/commit/c0dd17ac03c6cc5c7d830d1eee7e5b84243ea673 (7.0.3rc1)
 	NOTE: vulnerable function introduced with commit https://github.com/zabbix/zabbix/commit/3850cd1cfea328baabafd26e56bc425ddff95eac (7.0.0beta1)
 CVE-2024-36464 (When exporting media types, the password is exported in the YAML in pl ...)
+	{DLA-3984-1}
 	- zabbix <unfixed> (bug #1088689)
 	NOTE: https://support.zabbix.com/browse/ZBX-25630
 	NOTE: Despite upstream claiming fixed in 6.0.30rc1, can reproduce with 6.0.36 (package from upstream)
@@ -2172,6 +2205,7 @@ CVE-2024-50942 (qiwen-file v1.4.0 was discovered to contain a SQL injection vuln
 CVE-2024-43784 (lakeFS is an open-source tool that transforms object storage into a Gi ...)
 	NOT-FOR-US: lakeFS
 CVE-2024-36467 (An authenticated user with API access (e.g.: user with default User ro ...)
+	{DLA-3909-1}
 	- zabbix 1:7.0.2+dfsg-1 (bug #1088689)
 	NOTE: https://support.zabbix.com/browse/ZBX-25614
 	NOTE: Fixed by: https://github.com/zabbix/zabbix/commit/dabb5dd27aa979657a5bd6077716ce60951e1552 (7.0.2rc1)
@@ -2325,6 +2359,7 @@ CVE-2024-38831 (VMware Aria Operations contains a local privilege escalation vul
 CVE-2024-38830 (VMware Aria Operations contains a local privilege escalation vulnerabi ...)
 	NOT-FOR-US: VMware
 CVE-2024-36463 (The implementation of atob in "Zabbix JS" allows to create a string wi ...)
+	{DLA-3909-1}
 	- zabbix 1:7.0.3+dfsg-1
 	NOTE: https://support.zabbix.com/browse/ZBX-25611
 	NOTE: Fixed by (merge commit): https://github.com/zabbix/zabbix/commit/223a21567b659366396781429a8d87009600784a (7.0.3rc1)
@@ -2334,6 +2369,7 @@ CVE-2024-36463 (The implementation of atob in "Zabbix JS" allows to create a str
 CVE-2024-32965 (Lobe Chat is an open-source, AI chat framework. Versions of lobe-chat  ...)
 	NOT-FOR-US: Lobe Chat
 CVE-2024-22117 (When a URL is added to the map element, it is recorded in the database ...)
+	{DLA-3909-1}
 	- zabbix 1:7.0.5+dfsg-1
 	NOTE: https://support.zabbix.com/browse/ZBX-25610
 	NOTE: Fixed by: https://github.com/zabbix/zabbix/commit/bcf43da8eaaafc03e53845085f5b87d8c858ac81 (7.0.4rc1)
@@ -312136,7 +312172,7 @@ CVE-2020-35360
 CVE-2020-35359 (Pure-FTPd 1.0.48 allows remote attackers to prevent legitimate server  ...)
 	NOTE: Bogus issue, can be configured using MaxClientsPerIP in pure-ftpd.conf configuration file
 CVE-2020-35357 (A buffer overflow can occur when calculating the quantile value using  ...)
-	{DLA-3576-1}
+	{DLA-3985-1 DLA-3576-1}
 	- gsl 2.7.1+dfsg-6 (bug #1052655)
 	[bookworm] - gsl <no-dsa> (Minor issue)
 	NOTE: https://savannah.gnu.org/bugs/?59624



View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/96970a5b98ad851b825c760726ffb4c3856ecddc

-- 
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/96970a5b98ad851b825c760726ffb4c3856ecddc
You're receiving this email because of your account on salsa.debian.org.


-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://alioth-lists.debian.net/pipermail/debian-security-tracker-commits/attachments/20241207/3b1244a0/attachment-0001.htm>

More information about the debian-security-tracker-commits mailing list