[Git][security-tracker-team/security-tracker][master] automatic update

Salvatore Bonaccorso (@carnil) carnil at debian.org
Fri Dec 27 08:12:10 GMT 2024 


Salvatore Bonaccorso pushed to branch master at Debian Security Tracker / security-tracker


Commits:
6ccf538f by security tracker role at 2024-12-27T08:12:04+00:00
automatic update

- - - - -


1 changed file:

- data/CVE/list


Changes:

=====================================
data/CVE/list
=====================================
@@ -1,3 +1,61 @@
+CVE-2024-56527 (An issue was discovered in TCPDF before 6.8.0. The Error function lack ...)
+	TODO: check
+CVE-2024-56522 (An issue was discovered in TCPDF before 6.8.0. unserializeTCPDFtag use ...)
+	TODO: check
+CVE-2024-56521 (An issue was discovered in TCPDF before 6.8.0. If libcurl is used, CUR ...)
+	TODO: check
+CVE-2024-56520 (An issue was discovered in tc-lib-pdf-font before 2.6.4, as used in TC ...)
+	TODO: check
+CVE-2024-56519 (An issue was discovered in TCPDF before 6.8.0. setSVGStyles does not s ...)
+	TODO: check
+CVE-2024-56510 (@marp-team/marp-core is the core for Marp, which is the ecosystem to w ...)
+	TODO: check
+CVE-2024-56361 (LGSL (Live Game Server List) provides online status for games. Before  ...)
+	TODO: check
+CVE-2024-55950 (Tabby (formerly Terminus) is a highly configurable terminal emulator.  ...)
+	TODO: check
+CVE-2024-53850 (The Addressing GLPI plugin enables you to create IP reports for visual ...)
+	TODO: check
+CVE-2024-45805 (OpenCTI is an open-source cyber threat intelligence platform. Before 6 ...)
+	TODO: check
+CVE-2024-45600 (Fields is a GLPI plugin that allows users to add custom fields on GLPI ...)
+	TODO: check
+CVE-2024-12983 (A vulnerability classified as problematic has been found in code-proje ...)
+	TODO: check
+CVE-2024-12982 (A vulnerability was found in PHPGurukul Blood Bank & Donor Management  ...)
+	TODO: check
+CVE-2024-12981 (A vulnerability was found in CodeAstro Car Rental System 1.0. It has b ...)
+	TODO: check
+CVE-2024-12980 (A vulnerability was found in code-projects Job Recruitment 1.0. It has ...)
+	TODO: check
+CVE-2024-12979 (A vulnerability was found in code-projects Job Recruitment 1.0 and cla ...)
+	TODO: check
+CVE-2024-12978 (A vulnerability has been found in code-projects Job Recruitment 1.0 an ...)
+	TODO: check
+CVE-2024-12977 (A vulnerability, which was classified as critical, was found in PHPGur ...)
+	TODO: check
+CVE-2024-12976 (A vulnerability, which was classified as critical, has been found in C ...)
+	TODO: check
+CVE-2024-12969 (A vulnerability, which was classified as critical, has been found in c ...)
+	TODO: check
+CVE-2024-12968 (A vulnerability classified as critical was found in code-projects Job  ...)
+	TODO: check
+CVE-2024-12967 (A vulnerability classified as critical has been found in code-projects ...)
+	TODO: check
+CVE-2024-12966 (A vulnerability was found in code-projects Job Recruitment 1.0. It has ...)
+	TODO: check
+CVE-2024-12965 (A vulnerability was found in 1000 Projects Portfolio Management System ...)
+	TODO: check
+CVE-2024-11921 (The GiveWP  WordPress plugin before 3.19.0 does not sanitise and escap ...)
+	TODO: check
+CVE-2024-11842 (The DN Shipping by Weight for WooCommerce WordPress plugin before 1.2  ...)
+	TODO: check
+CVE-2024-11645 (The float block WordPress plugin through 1.7 does not sanitise and esc ...)
+	TODO: check
+CVE-2024-11644 (The WP-SVG WordPress plugin through 0.9 does not validate and escape s ...)
+	TODO: check
+CVE-2024-11605 (The wp-publications WordPress plugin through 1.2 does not escape filen ...)
+	TODO: check
 CVE-2024-8994 (Some Honor products are affected by information leak vulnerability, su ...)
 	NOT-FOR-US: Honor
 CVE-2024-8993 (Some Honor products are affected by information leak vulnerability, su ...)
@@ -4351,6 +4409,7 @@ CVE-2024-55566 (ColPack 1.0.10 through 9a7293a has a predictable temporary file
 	NOTE: https://bugzilla.suse.com/show_bug.cgi?id=1225617
 	NOTE: Negligible security impact with fs.protected_symlinks=1 being the standard in Debian
 CVE-2024-55565 (nanoid (aka Nano ID) before 5.0.9 mishandles non-integer values. 3.3.8 ...)
+	{DLA-4003-1}
 	- node-postcss 8.4.49+~cs9.2.32-1
 	[bookworm] - node-postcss <no-dsa> (Minor issue)
 	NOTE: node-postcss bundles nanoid
@@ -19519,7 +19578,7 @@ CVE-2024-10134 (A vulnerability was found in ESAFENET CDG 5 and classified as cr
 	NOT-FOR-US: ESAFENET CDG
 CVE-2024-10133 (A vulnerability has been found in ESAFENET CDG 5 and classified as cri ...)
 	NOT-FOR-US: ESAFENET CDG
-CVE-2024-9774
+CVE-2024-9774 (A vulnerability was found in python-sql where unary operators do not e ...)
 	{DSA-5795-1 DLA-3932-1}
 	- python-sql 1.5.2-1
 	NOTE: https://discuss.tryton.org/t/security-release-for-issue-93
@@ -114501,6 +114560,7 @@ CVE-2023-5227 (Unrestricted Upload of File with Dangerous Type in GitHub reposit
 CVE-2023-5201 (The OpenHook plugin for WordPress is vulnerable to Remote Code Executi ...)
 	NOT-FOR-US: OpenHook plugin for WordPress
 CVE-2023-44270 (An issue was discovered in PostCSS before 8.4.31. The vulnerability af ...)
+	{DLA-4003-1}
 	- node-postcss 8.4.31+~cs8.0.26-1 (bug #1053282)
 	[bookworm] - node-postcss <no-dsa> (Minor issue)
 	[buster] - node-postcss <postponed> (Minor issue)
@@ -305687,6 +305747,7 @@ CVE-2021-23567 (The package colors after 1.4.0 are vulnerable to Denial of Servi
 	NOTE: https://github.com/Marak/colors.js/issues/285
 	NOTE: Introduced with: https://github.com/Marak/colors.js/commit/074a0f8ed0c31c35d13d28632bd8a049ff136fb6
 CVE-2021-23566 (The package nanoid from 3.0.0 and before 3.1.31 are vulnerable to Info ...)
+	{DLA-4003-1}
 	- node-postcss 8.4.5+~cs7.1.51-1
 	NOTE: https://github.com/ai/nanoid/commit/2b7bd9332bc49b6330c7ddb08e5c661833db2575 (3.1.31)
 	NOTE: https://github.com/ai/nanoid/pull/328



View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/6ccf538f667687b750f98c9ac6f96dd2a95eb982

-- 
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/6ccf538f667687b750f98c9ac6f96dd2a95eb982
You're receiving this email because of your account on salsa.debian.org.


-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://alioth-lists.debian.net/pipermail/debian-security-tracker-commits/attachments/20241227/3996597c/attachment-0001.htm>

More information about the debian-security-tracker-commits mailing list