[Git][security-tracker-team/security-tracker][master] automatic update

Salvatore Bonaccorso (@carnil) carnil at debian.org
Sat Dec 21 20:12:18 GMT 2024 


Salvatore Bonaccorso pushed to branch master at Debian Security Tracker / security-tracker


Commits:
2dec98e8 by security tracker role at 2024-12-21T20:12:12+00:00
automatic update

- - - - -


1 changed file:

- data/CVE/list


Changes:

=====================================
data/CVE/list
=====================================
@@ -1,3 +1,33 @@
+CVE-2024-9545 (The Shortcodes and extra features for Phlox theme plugin for WordPress ...)
+	TODO: check
+CVE-2024-51464 (IBM i 7.3, 7.4, and 7.5 is vulnerable to bypassing Navigator for i int ...)
+	TODO: check
+CVE-2024-51463 (IBM i 7.3, 7.4, and 7.5   is vulnerable to server-side request forgery ...)
+	TODO: check
+CVE-2024-12884 (A vulnerability was found in Codezips E-Commerce Website 1.0. It has b ...)
+	TODO: check
+CVE-2024-12883 (A vulnerability was found in code-projects Job Recruitment 1.0. It has ...)
+	TODO: check
+CVE-2024-12875 (The Easy Digital Downloads \u2013 eCommerce Payments and Subscriptions ...)
+	TODO: check
+CVE-2024-12591 (The MagicPost plugin for WordPress is vulnerable to Stored Cross-Site  ...)
+	TODO: check
+CVE-2024-12588 (The Shortcodes and extra features for Phlox theme plugin for WordPress ...)
+	TODO: check
+CVE-2024-12558 (The WP BASE Booking of Appointments, Services and Events plugin for Wo ...)
+	TODO: check
+CVE-2024-12408 (The WP on AWS plugin for WordPress is vulnerable to Reflected Cross-Si ...)
+	TODO: check
+CVE-2024-11808 (The Pingmeter Uptime Monitoring plugin for WordPress is vulnerable to  ...)
+	TODO: check
+CVE-2024-11722 (The Frontend Admin by DynamiApps plugin for WordPress is vulnerable to ...)
+	TODO: check
+CVE-2024-11688 (The LaTeX2HTML plugin for WordPress is vulnerable to Reflected Cross-S ...)
+	TODO: check
+CVE-2024-10797 (The Full Screen Menu for Elementor plugin for WordPress is vulnerable  ...)
+	TODO: check
+CVE-2024-10453 (The Elementor Website Builder \u2013 More than Just a Page Builder plu ...)
+	TODO: check
 CVE-2024-12582
 	NOT-FOR-US: Skupper
 CVE-2024-56359 (grist-core is a spreadsheet hosting server. A user visiting a maliciou ...)
@@ -2411,7 +2441,7 @@ CVE-2024-48912 (GLPI is a free asset and IT management software package. Startin
 	- glpi <removed>
 	NOTE: https://github.com/glpi-project/glpi/security/advisories/GHSA-vjmw-j32j-ph4f
 CVE-2024-47835 (GStreamer is a library for constructing graphs of media-handling compo ...)
-	{DSA-5831-1}
+	{DSA-5831-1 DLA-3999-1}
 	- gst-plugins-base1.0 1.24.10-1
 	- gst-plugins-base0.10 <removed>
 	NOTE: https://securitylab.github.com/advisories/GHSL-2024-263_Gstreamer/
@@ -2481,7 +2511,7 @@ CVE-2024-47758 (GLPI is a free asset and IT management software package. Startin
 	- glpi <removed>
 	NOTE: https://github.com/glpi-project/glpi/security/advisories/GHSA-3r4x-6pmx-phwr
 CVE-2024-47615 (GStreamer is a library for constructing graphs of media-handling compo ...)
-	{DSA-5831-1}
+	{DSA-5831-1 DLA-3999-1}
 	- gst-plugins-base1.0 1.24.10-1
 	- gst-plugins-base0.10 <removed>
 	NOTE: https://securitylab.github.com/advisories/GHSL-2024-115_GHSL-2024-118_Gstreamer/
@@ -2499,7 +2529,7 @@ CVE-2024-47613 (GStreamer is a library for constructing graphs of media-handling
 	NOTE: Fixed by: https://gitlab.freedesktop.org/gstreamer/gstreamer/-/commit/1d1c9d63be51d85f9b80f0c227d4b3469fee2534
 	NOTE: Fixed by: https://gitlab.freedesktop.org/gstreamer/gstreamer/-/commit/5106dc94fb9b2d8bd0db547e2c325244b7c1f32c (1.24.10)
 CVE-2024-47607 (GStreamer is a library for constructing graphs of media-handling compo ...)
-	{DSA-5831-1}
+	{DSA-5831-1 DLA-3999-1}
 	- gst-plugins-base1.0 1.24.10-1
 	- gst-plugins-base0.10 <removed>
 	NOTE: https://securitylab.github.com/advisories/GHSL-2024-115_GHSL-2024-118_Gstreamer/
@@ -2545,7 +2575,7 @@ CVE-2024-47601 (GStreamer is a library for constructing graphs of media-handling
 	NOTE: Fixed by: https://gitlab.freedesktop.org/gstreamer/gstreamer/-/merge_requests/8057
 	NOTE: Fixed by: https://gitlab.freedesktop.org/gstreamer/gstreamer/-/merge_requests/8058 (1.24.10)
 CVE-2024-47600 (GStreamer is a library for constructing graphs of media-handling compo ...)
-	{DSA-5831-1}
+	{DSA-5831-1 DLA-3999-1}
 	- gst-plugins-base1.0 1.24.10-1
 	- gst-plugins-base0.10 <removed>
 	NOTE: https://securitylab.github.com/advisories/GHSL-2024-248_Gstreamer/
@@ -2618,6 +2648,7 @@ CVE-2024-47543 (GStreamer is a library for constructing graphs of media-handling
 	NOTE: Fixed by: https://gitlab.freedesktop.org/gstreamer/gstreamer/-/merge_requests/8059
 	NOTE: Fixed by: https://gitlab.freedesktop.org/gstreamer/gstreamer/-/merge_requests/8060 (1.24.10)
 CVE-2024-47542 (GStreamer is a library for constructing graphs of media-handling compo ...)
+	{DLA-3999-1}
 	- gst-plugins-base1.0 1.24.10-1
 	[bookworm] - gst-plugins-base1.0 <no-dsa> (Minor issue)
 	- gst-plugins-base0.10 <removed>
@@ -2627,7 +2658,7 @@ CVE-2024-47542 (GStreamer is a library for constructing graphs of media-handling
 	NOTE: Fixed by: https://gitlab.freedesktop.org/gstreamer/gstreamer/-/commit/537161868f36048571f400648ac7909f26c73d53
 	NOTE: Fixed by: https://gitlab.freedesktop.org/gstreamer/gstreamer/-/commit/921d8daa00c329932616dd5d197b601a7e271e79 (1.24.10)
 CVE-2024-47541 (GStreamer is a library for constructing graphs of media-handling compo ...)
-	{DSA-5831-1}
+	{DSA-5831-1 DLA-3999-1}
 	- gst-plugins-base1.0 1.24.10-1
 	- gst-plugins-base0.10 <removed>
 	NOTE: https://securitylab.github.com/advisories/GHSL-2024-228_GStreamer/
@@ -2654,7 +2685,7 @@ CVE-2024-47539 (GStreamer is a library for constructing graphs of media-handling
 	NOTE: Fixed by: https://gitlab.freedesktop.org/gstreamer/gstreamer/-/merge_requests/8059
 	NOTE: Fixed by: https://gitlab.freedesktop.org/gstreamer/gstreamer/-/merge_requests/8060 (1.24.10)
 CVE-2024-47538 (GStreamer is a library for constructing graphs of media-handling compo ...)
-	{DSA-5831-1}
+	{DSA-5831-1 DLA-3999-1}
 	- gst-plugins-base1.0 1.24.10-1
 	- gst-plugins-base0.10 <removed>
 	NOTE: https://securitylab.github.com/advisories/GHSL-2024-115_GHSL-2024-118_Gstreamer/
@@ -10883,6 +10914,7 @@ CVE-2024-7571 (Incorrect permissions in Ivanti Secure Access Client before 22.7R
 CVE-2024-7516 (A vulnerability in Brocade Fabric OS versions before 9.2.2 could allow ...)
 	NOT-FOR-US: Brocade Fabric OS
 CVE-2024-52301 (Laravel is a web application framework. When the register_argc_argv ph ...)
+	{DLA-3997-1}
 	- php-laravel-framework <unfixed> (bug #1088189)
 	NOTE: https://github.com/laravel/framework/security/advisories/GHSA-gv7v-rgg6-548h
 	NOTE: Fixed by: https://github.com/laravel/framework/commit/eded6bdfc05af9b5437d107b4d092558fe46292c (v8.83.28)
@@ -48147,6 +48179,7 @@ CVE-2024-37895 (Lobe Chat is an open-source LLMs/AI chat framework. In affected
 CVE-2024-37893 (Firefly III is a free and open source personal finance manager. In aff ...)
 	NOT-FOR-US: Firefly
 CVE-2024-37891 (urllib3 is a user-friendly HTTP client library for Python. When using  ...)
+	{DLA-3998-1}
 	[experimental] - python-urllib3 2.2.3-1
 	- python-urllib3 2.2.3-3 (bug #1074149)
 	[bookworm] - python-urllib3 <no-dsa> (Minor issue)
@@ -66487,6 +66520,7 @@ CVE-2023-52647 (In the Linux kernel, the following vulnerability has been resolv
 	[buster] - linux <not-affected> (Vulnerable code not present)
 	NOTE: https://git.kernel.org/linus/eb2f932100288dbb881eadfed02e1459c6b9504c (6.9-rc1)
 CVE-2024-4340 (Passing a heavily nested list to sqlparse.parse() leads to a Denial of ...)
+	{DLA-4000-1}
 	- sqlparse 0.5.0-1 (bug #1070148)
 	[bookworm] - sqlparse <no-dsa> (Minor issue)
 	[buster] - sqlparse <postponed> (Minor issue)
@@ -110872,7 +110906,7 @@ CVE-2023-45902 (Dreamer CMS v4.1.3 was discovered to contain a Cross-Site Reques
 CVE-2023-45901 (Dreamer CMS v4.1.3 was discovered to contain a Cross-Site Request Forg ...)
 	NOT-FOR-US: Dreamer CMS
 CVE-2023-45803 (urllib3 is a user-friendly HTTP client library for Python. urllib3 pre ...)
-	{DLA-3649-1}
+	{DLA-3998-1 DLA-3649-1}
 	- python-urllib3 1.26.18-1 (bug #1054226)
 	[bookworm] - python-urllib3 <no-dsa> (Minor issue)
 	NOTE: https://github.com/urllib3/urllib3/security/advisories/GHSA-g4mx-q9vg-27p4
@@ -113271,7 +113305,7 @@ CVE-2023-44075 (Cross Site Scripting vulnerability in Small CRM in PHP v.3.0 all
 CVE-2023-43838 (An arbitrary file upload vulnerability in Personal Management System v ...)
 	NOT-FOR-US: Personal Management System
 CVE-2023-43804 (urllib3 is a user-friendly HTTP client library for Python. urllib3 doe ...)
-	{DLA-3610-1}
+	{DLA-3998-1 DLA-3610-1}
 	- python-urllib3 1.26.17-1 (bug #1053626)
 	[bookworm] - python-urllib3 <no-dsa> (Minor issue)
 	NOTE: https://github.com/urllib3/urllib3/security/advisories/GHSA-v845-jxx5-vc9f
@@ -134935,7 +134969,7 @@ CVE-2023-30609 (matrix-react-sdk is a react-based SDK for inserting a Matrix cha
 	NOT-FOR-US: Node matrix-react-sdk
 	NOTE: https://github.com/matrix-org/matrix-react-sdk/security/advisories/GHSA-xv83-x443-7rmw
 CVE-2023-30608 (sqlparse is a non-validating SQL parser module for Python. In affected ...)
-	{DLA-3425-1}
+	{DLA-4000-1 DLA-3425-1}
 	- sqlparse 0.4.4-1 (bug #1034615)
 	[bookworm] - sqlparse <no-dsa> (Minor issue)
 	NOTE: https://github.com/andialbrecht/sqlparse/security/advisories/GHSA-rrm6-wvj7-cwh2
@@ -281328,6 +281362,7 @@ CVE-2021-32840 (SharpZipLib (or #ziplib) is a Zip, GZip, Tar and BZip2 library.
 	NOTE: https://github.com/icsharpcode/SharpZipLib/commit/a0e96de70b5264f4c919b09253b1522bc7a221cc
 	NOTE: Introduced by https://github.com/icsharpcode/SharpZipLib/commit/0cbdef20f1d5654ab5b93a6ce1ff8a917d3b905b
 CVE-2021-32839 (sqlparse is a non-validating SQL parser module for Python. In sqlparse ...)
+	{DLA-4000-1}
 	- sqlparse 0.4.2-1 (bug #994841)
 	[buster] - sqlparse <not-affected> (Vulnerable code introduced later)
 	[stretch] - sqlparse <not-affected> (Vulnerable code introduced later)



View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/2dec98e83298882b57722f436229db98cc2b7588

-- 
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/2dec98e83298882b57722f436229db98cc2b7588
You're receiving this email because of your account on salsa.debian.org.


-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://alioth-lists.debian.net/pipermail/debian-security-tracker-commits/attachments/20241221/f7089311/attachment.htm>

More information about the debian-security-tracker-commits mailing list