[Git][security-tracker-team/security-tracker][master] automatic update
Salvatore Bonaccorso (@carnil)
carnil at debian.org
Thu Dec 12 08:15:04 GMT 2024
Salvatore Bonaccorso pushed to branch master at Debian Security Tracker / security-tracker
Commits:
334acbfe by security tracker role at 2024-12-12T08:13:43+00:00
automatic update
- - - - -
1 changed file:
- data/CVE/list
Changes:
=====================================
data/CVE/list
=====================================
@@ -1,3 +1,313 @@
+CVE-2024-9881 (The LearnPress WordPress plugin before 4.2.7.2 does not sanitise and ...)
+ TODO: check
+CVE-2024-9641 (The LuckyWP Table of Contents WordPress plugin before 2.1.7 does not s ...)
+ TODO: check
+CVE-2024-9428 (The Popup Builder WordPress plugin before 4.3.5 does not sanitise and ...)
+ TODO: check
+CVE-2024-55884 (In the Mullvad VPN client 2024.6 (Desktop), 2024.8 (iOS), and 2024.8-b ...)
+ TODO: check
+CVE-2024-55660 (SiYuan is a personal knowledge management system. Prior to version 3.1 ...)
+ TODO: check
+CVE-2024-55659 (SiYuan is a personal knowledge management system. Prior to version 3.1 ...)
+ TODO: check
+CVE-2024-55658 (SiYuan is a personal knowledge management system. Prior to version 3.1 ...)
+ TODO: check
+CVE-2024-55657 (SiYuan is a personal knowledge management system. Prior to version 3.1 ...)
+ TODO: check
+CVE-2024-55652 (PenDoc is a penetration testing reporting application. Prior to commit ...)
+ TODO: check
+CVE-2024-54534 (The issue was addressed with improved memory handling. This issue is f ...)
+ TODO: check
+CVE-2024-54531 (The issue was addressed with improved memory handling. This issue is f ...)
+ TODO: check
+CVE-2024-54529 (A logic issue was addressed with improved checks. This issue is fixed ...)
+ TODO: check
+CVE-2024-54528 (A logic issue was addressed with improved restrictions. This issue is ...)
+ TODO: check
+CVE-2024-54527 (This issue was addressed with improved checks. This issue is fixed in ...)
+ TODO: check
+CVE-2024-54526 (The issue was addressed with improved checks. This issue is fixed in w ...)
+ TODO: check
+CVE-2024-54524 (A logic issue was addressed with improved file handling. This issue is ...)
+ TODO: check
+CVE-2024-54515 (A logic issue was addressed with improved restrictions. This issue is ...)
+ TODO: check
+CVE-2024-54514 (The issue was addressed with improved checks. This issue is fixed in w ...)
+ TODO: check
+CVE-2024-54513 (A permissions issue was addressed with additional restrictions. This i ...)
+ TODO: check
+CVE-2024-54510 (A race condition was addressed with improved locking. This issue is fi ...)
+ TODO: check
+CVE-2024-54508 (The issue was addressed with improved memory handling. This issue is f ...)
+ TODO: check
+CVE-2024-54506 (An out-of-bounds access issue was addressed with improved bounds check ...)
+ TODO: check
+CVE-2024-54505 (A type confusion issue was addressed with improved memory handling. Th ...)
+ TODO: check
+CVE-2024-54504 (A privacy issue was addressed with improved private data redaction for ...)
+ TODO: check
+CVE-2024-54503 (An inconsistent user interface issue was addressed with improved state ...)
+ TODO: check
+CVE-2024-54502 (The issue was addressed with improved checks. This issue is fixed in w ...)
+ TODO: check
+CVE-2024-54501 (The issue was addressed with improved checks. This issue is fixed in i ...)
+ TODO: check
+CVE-2024-54500 (The issue was addressed with improved checks. This issue is fixed in i ...)
+ TODO: check
+CVE-2024-54498 (A path handling issue was addressed with improved validation. This iss ...)
+ TODO: check
+CVE-2024-54495 (The issue was addressed with improved permissions logic. This issue is ...)
+ TODO: check
+CVE-2024-54494 (A race condition was addressed with additional validation. This issue ...)
+ TODO: check
+CVE-2024-54493 (This issue was addressed through improved state management. This issue ...)
+ TODO: check
+CVE-2024-54492 (This issue was addressed by using HTTPS when sending information over ...)
+ TODO: check
+CVE-2024-54491 (The issue was resolved by sanitizing logging This issue is fixed in ma ...)
+ TODO: check
+CVE-2024-54490 (This issue was addressed by enabling hardened runtime. This issue is f ...)
+ TODO: check
+CVE-2024-54489 (A path handling issue was addressed with improved validation. This iss ...)
+ TODO: check
+CVE-2024-54486 (The issue was addressed with improved checks. This issue is fixed in i ...)
+ TODO: check
+CVE-2024-54485 (The issue was addressed by adding additional logic. This issue is fixe ...)
+ TODO: check
+CVE-2024-54484 (The issue was resolved by sanitizing logging. This issue is fixed in m ...)
+ TODO: check
+CVE-2024-54479 (The issue was addressed with improved checks. This issue is fixed in i ...)
+ TODO: check
+CVE-2024-54477 (The issue was addressed with improved checks. This issue is fixed in m ...)
+ TODO: check
+CVE-2024-54476 (The issue was addressed with improved checks. This issue is fixed in m ...)
+ TODO: check
+CVE-2024-54474 (The issue was addressed with improved checks. This issue is fixed in m ...)
+ TODO: check
+CVE-2024-54471 (This issue was addressed with additional entitlement checks. This issu ...)
+ TODO: check
+CVE-2024-54466 (An authorization issue was addressed with improved state management. T ...)
+ TODO: check
+CVE-2024-54465 (A logic issue was addressed with improved state management. This issue ...)
+ TODO: check
+CVE-2024-53845 (ESPTouch is a connection protocol for internet of things devices. In t ...)
+ TODO: check
+CVE-2024-53274 (Habitica is an open-source habit-building program. Versions prior to 5 ...)
+ TODO: check
+CVE-2024-53273 (Habitica is an open-source habit-building program. Versions prior to 5 ...)
+ TODO: check
+CVE-2024-53272 (Habitica is an open-source habit-building program. Versions prior to 5 ...)
+ TODO: check
+CVE-2024-45404 (OpenCTI is an open-source cyber threat intelligence platform. In versi ...)
+ TODO: check
+CVE-2024-44300 (A logic issue was addressed with improved file handling. This issue is ...)
+ TODO: check
+CVE-2024-44299 (The issue was addressed with improved bounds checks. This issue is fix ...)
+ TODO: check
+CVE-2024-44291 (A logic issue was addressed with improved file handling. This issue is ...)
+ TODO: check
+CVE-2024-44290 (This issue was addressed with improved redaction of sensitive informat ...)
+ TODO: check
+CVE-2024-44248 (This issue was addressed through improved state management. This issue ...)
+ TODO: check
+CVE-2024-44246 (The issue was addressed with improved routing of Safari-originated req ...)
+ TODO: check
+CVE-2024-44245 (The issue was addressed with improved memory handling. This issue is f ...)
+ TODO: check
+CVE-2024-44243 (A configuration issue was addressed with additional restrictions. This ...)
+ TODO: check
+CVE-2024-44242 (The issue was addressed with improved bounds checks. This issue is fix ...)
+ TODO: check
+CVE-2024-44241 (The issue was addressed with improved bounds checks. This issue is fix ...)
+ TODO: check
+CVE-2024-44225 (A logic issue was addressed with improved checks. This issue is fixed ...)
+ TODO: check
+CVE-2024-44224 (A permissions issue was addressed with additional restrictions. This i ...)
+ TODO: check
+CVE-2024-44220 (The issue was addressed with improved memory handling. This issue is f ...)
+ TODO: check
+CVE-2024-44212 (A cookie management issue was addressed with improved state management ...)
+ TODO: check
+CVE-2024-44201 (The issue was addressed with improved memory handling. This issue is f ...)
+ TODO: check
+CVE-2024-44200 (This issue was addressed with improved redaction of sensitive informat ...)
+ TODO: check
+CVE-2024-42407 (Insertion of Sensitive Information into Log File (CWE-532) in the Gall ...)
+ TODO: check
+CVE-2024-41146 (Use of Multiple Resources with Duplicate Identifier (CWE-694) in the C ...)
+ TODO: check
+CVE-2024-12564 (Exposure of Sensitive Information to an Unauthorized Actor vulnerabili ...)
+ TODO: check
+CVE-2024-12536 (A vulnerability, which was classified as problematic, has been found i ...)
+ TODO: check
+CVE-2024-12526 (The Arena.IM \u2013 Live Blogging for real-time events plugin for Word ...)
+ TODO: check
+CVE-2024-12503 (A vulnerability classified as problematic was found in ClassCMS 4.8. A ...)
+ TODO: check
+CVE-2024-12497 (A vulnerability classified as critical has been found in 1000 Projects ...)
+ TODO: check
+CVE-2024-12492 (A vulnerability was found in code-projects Farmacia 1.0. It has been r ...)
+ TODO: check
+CVE-2024-12490 (A vulnerability was found in code-projects Online Class and Exam Sched ...)
+ TODO: check
+CVE-2024-12489 (A vulnerability was found in code-projects Online Class and Exam Sched ...)
+ TODO: check
+CVE-2024-12488 (A vulnerability was found in code-projects Online Class and Exam Sched ...)
+ TODO: check
+CVE-2024-12487 (A vulnerability has been found in code-projects Online Class and Exam ...)
+ TODO: check
+CVE-2024-12486 (A vulnerability, which was classified as critical, was found in code-p ...)
+ TODO: check
+CVE-2024-12485 (A vulnerability, which was classified as critical, has been found in c ...)
+ TODO: check
+CVE-2024-12463 (The Arena.IM \u2013 Live Blogging for real-time events plugin for Word ...)
+ TODO: check
+CVE-2024-12461 (The WP-Revive Adserver plugin for WordPress is vulnerable to Stored Cr ...)
+ TODO: check
+CVE-2024-12441 (The BP Email Assign Templates plugin for WordPress is vulnerable to Re ...)
+ TODO: check
+CVE-2024-12406 (The Library Management System \u2013 Manage e-Digital Books Library pl ...)
+ TODO: check
+CVE-2024-12341 (The Custom Skins Contact Form 7 plugin for WordPress is vulnerable to ...)
+ TODO: check
+CVE-2024-12338 (The Website Toolbox Community plugin for WordPress is vulnerable to Re ...)
+ TODO: check
+CVE-2024-12329 (The Essential Real Estate plugin for WordPress is vulnerable to unauth ...)
+ TODO: check
+CVE-2024-12312 (The Print Science Designer plugin for WordPress is vulnerable to PHP O ...)
+ TODO: check
+CVE-2024-12265 (The Web3 Crypto Payments by DePay for WooCommerce plugin for WordPress ...)
+ TODO: check
+CVE-2024-12263 (The Child Theme Creator by Orbisius plugin for WordPress is vulnerable ...)
+ TODO: check
+CVE-2024-12260 (The Ultimate Endpoints With Rest Api plugin for WordPress is vulnerabl ...)
+ TODO: check
+CVE-2024-12258 (The WP Service Payment Form With Authorize.net plugin for WordPress is ...)
+ TODO: check
+CVE-2024-12255 (The Accept Stripe Payments Using Contact Form 7 plugin for WordPress i ...)
+ TODO: check
+CVE-2024-12201 (The Hash Form \u2013 Drag & Drop Form Builder plugin for WordPress is ...)
+ TODO: check
+CVE-2024-12172 (The WP Courses LMS \u2013 Online Courses Builder, eLearning Courses, C ...)
+ TODO: check
+CVE-2024-12162 (The Video & Photo Gallery for Ultimate Member plugin for WordPress is ...)
+ TODO: check
+CVE-2024-12156 (The AI Content Writer, RSS Feed to Post, Autoblogging SEO Help plugin ...)
+ TODO: check
+CVE-2024-12072 (The Analytics Cat \u2013 Google Analytics Made Easy plugin for WordPre ...)
+ TODO: check
+CVE-2024-12059 (The ElementInvader Addons for Elementor plugin for WordPress is vulner ...)
+ TODO: check
+CVE-2024-12040 (The Product Carousel Slider & Grid Ultimate for WooCommerce plugin for ...)
+ TODO: check
+CVE-2024-12018 (The Snippet Shortcodes plugin for WordPress is vulnerable to unauthori ...)
+ TODO: check
+CVE-2024-11950 (XnSoft XnView Classic RWZ File Parsing Integer Underflow Remote Code E ...)
+ TODO: check
+CVE-2024-11949 (GFI Archiver Store Service Deserialization of Untrusted Data Remote Co ...)
+ TODO: check
+CVE-2024-11948 (GFI Archiver Telerik Web UI Remote Code Execution Vulnerability. This ...)
+ TODO: check
+CVE-2024-11947 (GFI Archiver Core Service Deserialization of Untrusted Data Remote Cod ...)
+ TODO: check
+CVE-2024-11914 (The Gutenberg Blocks and Page Layouts \u2013 Attire Blocks plugin for ...)
+ TODO: check
+CVE-2024-11901 (The PowerBI Embed Reports plugin for WordPress is vulnerable to Stored ...)
+ TODO: check
+CVE-2024-11891 (The Perfect Font Awesome Integration plugin for WordPress is vulnerabl ...)
+ TODO: check
+CVE-2024-11882 (The FAQ And Answers \u2013 Create Frequently Asked Questions Area on W ...)
+ TODO: check
+CVE-2024-11875 (The Add infos to the events calendar plugin for WordPress is vulnerabl ...)
+ TODO: check
+CVE-2024-11872 (Epic Games Launcher Incorrect Default Permissions Local Privilege Esca ...)
+ TODO: check
+CVE-2024-11871 (The Social Media Shortcodes plugin for WordPress is vulnerable to Stor ...)
+ TODO: check
+CVE-2024-11804 (The Planaday API plugin for WordPress is vulnerable to Reflected Cross ...)
+ TODO: check
+CVE-2024-11785 (The Integrate Firebase plugin for WordPress is vulnerable to Stored Cr ...)
+ TODO: check
+CVE-2024-11781 (The Smart Agenda \u2013 Prise de rendez-vous en ligne plugin for WordP ...)
+ TODO: check
+CVE-2024-11766 (The WordPress Book Plugin for Displaying Books in Grid, Flip, Slider, ...)
+ TODO: check
+CVE-2024-11765 (The WordPress Portfolio Plugin \u2013 A Plugin for Making Filterable P ...)
+ TODO: check
+CVE-2024-11757 (The WP GeoNames plugin for WordPress is vulnerable to Stored Cross-Sit ...)
+ TODO: check
+CVE-2024-11750 (The ONLYOFFICE DocSpace plugin for WordPress is vulnerable to Stored C ...)
+ TODO: check
+CVE-2024-11727 (The NotificationX \u2013 Live Sales Notification, WooCommerce Sales Po ...)
+ TODO: check
+CVE-2024-11724 (The Cookie Consent for WP \u2013 Cookie Consent, Consent Log, Cookie S ...)
+ TODO: check
+CVE-2024-11723 (The kvCORE IDX plugin for WordPress is vulnerable to Reflected Cross-S ...)
+ TODO: check
+CVE-2024-11709 (The AI Post Generator | AutoWriter plugin for WordPress is vulnerable ...)
+ TODO: check
+CVE-2024-11689 (The HQ Rental Software plugin for WordPress is vulnerable to Cross-Sit ...)
+ TODO: check
+CVE-2024-11683 (The Newsletter Subscriptions plugin for WordPress is vulnerable to Ref ...)
+ TODO: check
+CVE-2024-11459 (The Country Blocker plugin for WordPress is vulnerable to Reflected Cr ...)
+ TODO: check
+CVE-2024-11443 (The de:branding plugin for WordPress is vulnerable to unauthorized mod ...)
+ TODO: check
+CVE-2024-11442 (The Horizontal scroll image slideshow plugin for WordPress is vulnerab ...)
+ TODO: check
+CVE-2024-11433 (The Surbma | SalesAutopilot Shortcode plugin for WordPress is vulnerab ...)
+ TODO: check
+CVE-2024-11430 (The SQL Chart Builder plugin for WordPress is vulnerable to SQL Inject ...)
+ TODO: check
+CVE-2024-11427 (The Catch Popup plugin for WordPress is vulnerable to Stored Cross-Sit ...)
+ TODO: check
+CVE-2024-11419 (The Password for WP plugin for WordPress is vulnerable to Cross-Site R ...)
+ TODO: check
+CVE-2024-11417 (The dejure.org Vernetzungsfunktion plugin for WordPress is vulnerable ...)
+ TODO: check
+CVE-2024-11413 (The HostFact bestelformulier integratie plugin for WordPress is vulner ...)
+ TODO: check
+CVE-2024-11410 (The Top and footer bars for announcements, notifications, advertisemen ...)
+ TODO: check
+CVE-2024-11384 (The Arena.IM \u2013 Live Blogging for real-time events plugin for Word ...)
+ TODO: check
+CVE-2024-11359 (The Library Bookshelves plugin for WordPress is vulnerable to Reflecte ...)
+ TODO: check
+CVE-2024-11279 (The Schema App Structured Data plugin for WordPress is vulnerable to R ...)
+ TODO: check
+CVE-2024-11181 (The Greenshift \u2013 animation and page builder blocks plugin for Wor ...)
+ TODO: check
+CVE-2024-11052 (The Ninja Forms \u2013 The Contact Form Builder That Grows With You pl ...)
+ TODO: check
+CVE-2024-11015 (The Sign In With Google plugin for WordPress is vulnerable to authenti ...)
+ TODO: check
+CVE-2024-10910 (The The Grid Plus \u2013 Unlimited grid layout plugin for WordPress is ...)
+ TODO: check
+CVE-2024-10784 (The Unlimited Elements For Elementor (Free Widgets, Addons, Templates) ...)
+ TODO: check
+CVE-2024-10637 (The Gutenberg Blocks with AI by Kadence WP WordPress plugin before 3. ...)
+ TODO: check
+CVE-2024-10590 (The Opt-In Downloads plugin for WordPress is vulnerable to arbitrary f ...)
+ TODO: check
+CVE-2024-10583 (The Popup Maker \u2013 Boost Sales, Conversions, Optins, Subscribers w ...)
+ TODO: check
+CVE-2024-10568 (The Ajax Search Lite WordPress plugin before 4.12.4 does not sanitise ...)
+ TODO: check
+CVE-2024-10518 (The Paid Membership Plugin, Ecommerce, User Registration Form, Login F ...)
+ TODO: check
+CVE-2024-10517 (The Paid Membership Plugin, Ecommerce, User Registration Form, Login F ...)
+ TODO: check
+CVE-2024-10499 (The AI Engine WordPress plugin before 2.6.5 does not sanitize and esca ...)
+ TODO: check
+CVE-2024-10182 (The Cognito Forms plugin for WordPress is vulnerable to Stored Cross-S ...)
+ TODO: check
+CVE-2024-10124 (The Vayu Blocks \u2013 Gutenberg Blocks for WordPress & WooCommerce pl ...)
+ TODO: check
+CVE-2024-10111 (The OAuth Single Sign On \u2013 SSO (OAuth Client) plugin for WordPres ...)
+ TODO: check
+CVE-2024-10010 (The LearnPress WordPress plugin before 4.2.7.2 does not sanitise and ...)
+ TODO: check
CVE-2024-9845 (Under specific circumstances, insecure permissions in Ivanti Automatio ...)
NOT-FOR-US: Ivanti
CVE-2024-8496 (Under specific circumstances, insecure permissions in Ivanti Workspace ...)
@@ -8854,6 +9164,7 @@ CVE-2024-52533 (gio/gsocks4aproxy.c in GNOME GLib before 2.82.1 has an off-by-on
NOTE: https://gitlab.gnome.org/GNOME/glib/-/commit/25833cefda24c60af913d6f2d532b5afd608b821 (main)
NOTE: https://gitlab.gnome.org/GNOME/glib/-/commit/ec0b708b981af77fef8e4bbb603cde4de4cd2e29 (2.82.1)
CVE-2024-52532 (GNOME libsoup before 3.6.1 has an infinite loop, and memory consumptio ...)
+ {DLA-3992-1}
- libsoup3 3.6.0-4 (bug #1087416)
[bookworm] - libsoup3 <no-dsa> (Minor issue)
- libsoup2.4 2.74.3-8.1 (bug #1089238)
@@ -8864,6 +9175,7 @@ CVE-2024-52532 (GNOME libsoup before 3.6.1 has an infinite loop, and memory cons
NOTE: Test fix #1: https://gitlab.gnome.org/GNOME/libsoup/-/commit/29b96fab2512666d7241e46c98cc45b60b795c0c (master)
NOTE: Test fix #2: https://gitlab.gnome.org/GNOME/libsoup/-/commit/4c9e75c6676a37b6485620c332e568e1a3f530ff (master)
CVE-2024-52531 (GNOME libsoup before 3.6.1 allows a buffer overflow in applications th ...)
+ {DLA-3992-1}
- libsoup3 3.6.0-4 (bug #1087417)
[bookworm] - libsoup3 <no-dsa> (Minor issue)
- libsoup2.4 2.74.3-8.1 (bug #1089240)
@@ -8872,6 +9184,7 @@ CVE-2024-52531 (GNOME libsoup before 3.6.1 allows a buffer overflow in applicati
NOTE: https://gitlab.gnome.org/GNOME/libsoup/-/commit/3c54033634ae537b52582900a7ba432c52ae8174
NOTE: https://gitlab.gnome.org/GNOME/libsoup/-/commit/a35222dd0bfab2ac97c10e86b95f762456628283
CVE-2024-52530 (GNOME libsoup before 3.6.0 allows HTTP request smuggling in some confi ...)
+ {DLA-3992-1}
- libsoup3 3.5.2-1
[bookworm] - libsoup3 <no-dsa> (Minor issue)
- libsoup2.4 2.74.3-8.1 (bug #1088812)
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/334acbfe3665e2e72d23ea5c133b2d6ac3a7f3ec
--
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/334acbfe3665e2e72d23ea5c133b2d6ac3a7f3ec
You're receiving this email because of your account on salsa.debian.org.
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://alioth-lists.debian.net/pipermail/debian-security-tracker-commits/attachments/20241212/f8c4ddbe/attachment-0001.htm>
More information about the debian-security-tracker-commits
mailing list