[Git][security-tracker-team/security-tracker][master] automatic update

Wed Dec 25 20:12:17 GMT 2024


Salvatore Bonaccorso pushed to branch master at Debian Security Tracker / security-tracker


Commits:
747cf529 by security tracker role at 2024-12-25T20:12:11+00:00
automatic update

- - - - -


1 changed file:

- data/CVE/list


Changes:

=====================================
data/CVE/list
=====================================
@@ -1,3 +1,55 @@
+CVE-2024-8950 (Improper Neutralization of Special Elements used in an SQL Command ('S ...)
+	TODO: check
+CVE-2024-56431 (oc_huff_tree_unpack in huffdec.c in libtheora in Theora through 1.0 71 ...)
+	TODO: check
+CVE-2024-56430 (OpenFHE through 1.2.3 has a NULL pointer dereference in BinFHEContext: ...)
+	TODO: check
+CVE-2024-53291 (Dell NativeEdge, version(s) 2.1.0.0, contain(s) an Exposure of Sensiti ...)
+	TODO: check
+CVE-2024-52906 (IBM AIX7.2, 7.3, VIOS 3.1, and 4.1    could allow a non-privileged loc ...)
+	TODO: check
+CVE-2024-52543 (Dell NativeEdge, version(s) 2.1.0.0, contain(s) a Creation of Temporar ...)
+	TODO: check
+CVE-2024-52535 (Dell SupportAssist for Home PCs versions 4.6.1 and prior and Dell Supp ...)
+	TODO: check
+CVE-2024-52534 (Dell ECS, version(s) prior to ECS 3.8.1.3, contain(s) an Authenticatio ...)
+	TODO: check
+CVE-2024-52046 (The ObjectSerializationDecoder in Apache MINA uses Java\u2019s native  ...)
+	TODO: check
+CVE-2024-47978 (Dell NativeEdge, version(s) 2.1.0.0, contain(s) an Execution with Unne ...)
+	TODO: check
+CVE-2024-47102 (IBM AIX7.2, 7.3, VIOS 3.1, and 4.1  could allow a non-privileged local ...)
+	TODO: check
+CVE-2024-39727 (IBM Engineering Lifecycle Optimization - Engineering Insights 7.0.2 an ...)
+	TODO: check
+CVE-2024-39725 (IBM Engineering Lifecycle Optimization - Engineering Insights 7.0.2 an ...)
+	TODO: check
+CVE-2024-1609 (In OPPOStore iOS App, there's a possible escalation of privilege due t ...)
+	TODO: check
+CVE-2024-12926 (A vulnerability classified as critical was found in Codezips Project M ...)
+	TODO: check
+CVE-2024-12636 (The Privacy Policy Generator, Terms & Conditions Generator WordPress P ...)
+	TODO: check
+CVE-2024-12428 (The WP Data Access \u2013 App, Table, Form and Chart Builder plugin pl ...)
+	TODO: check
+CVE-2024-12413 (The MarketKing \u2014 Ultimate WooCommerce Multivendor Marketplace Sol ...)
+	TODO: check
+CVE-2024-12335 (The Avada (Fusion) Builder plugin for WordPress is vulnerable to Infor ...)
+	TODO: check
+CVE-2024-12272 (The WP Travel Engine \u2013 Elementor Widgets | Create Travel Booking  ...)
+	TODO: check
+CVE-2024-12190 (The Contact Form by Bit Form: Multi Step Form, Calculation Contact For ...)
+	TODO: check
+CVE-2024-12032 (The Tourfic \u2013 Ultimate Hotel Booking, Travel Booking & Apartment  ...)
+	TODO: check
+CVE-2024-11281 (The WooCommerce Point of Sale plugin for WordPress is vulnerable to pr ...)
+	TODO: check
+CVE-2024-10862 (The NEX-Forms \u2013 Ultimate Form Builder \u2013 Contact forms and mu ...)
+	TODO: check
+CVE-2024-10858 (The Jetpack  WordPress plugin before 14.1 does not properly checks the ...)
+	TODO: check
+CVE-2023-5117 (An issue was discovered in GitLab CE/EE affecting all versions before  ...)
+	TODO: check
 CVE-2024-8721 (The Tracking Code Manager plugin for WordPress is vulnerable to Stored ...)
 	NOT-FOR-US: WordPress plugin
 CVE-2024-53163 (In the Linux kernel, the following vulnerability has been resolved:  c ...)
@@ -6020,7 +6072,8 @@ CVE-2024-36611 (In Symfony v7.07, a security vulnerability was identified in the
 	- symfony <unfixed> (bug #1088817)
 	NOTE: https://github.com/symfony/symfony/commit/a804ca15fcad279d7727b91d12a667fd5b925995 (v7.1.0-BETA1)
 	NOTE: Not considered a security issue by upstream: https://github.com/symfony/symfony/issues/59077#issuecomment-2513935018
-CVE-2024-36610 (A deserialization vulnerability exists in the Stub class of the VarDum ...)
+CVE-2024-36610
+	REJECTED
 	- symfony 6.4.4+dfsg-3 (unimportant)
 	NOTE: Fixed by: https://github.com/symfony/symfony/commit/3ffd495bb3cc4d2e24e35b2d83c5b909cab7e259 (v6.4.4)
 	NOTE: Not considered a security issue by upstream: https://github.com/symfony/symfony/issues/59077#issuecomment-2513935018



View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/747cf5297cf0ee992023ca42dc85ec7090163c79

-- 
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/747cf5297cf0ee992023ca42dc85ec7090163c79
You're receiving this email because of your account on salsa.debian.org.


-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://alioth-lists.debian.net/pipermail/debian-security-tracker-commits/attachments/20241225/b4c99483/attachment.htm>
