[Git][security-tracker-team/security-tracker][master] automatic update

Salvatore Bonaccorso (@carnil) carnil at debian.org
Wed Nov 6 08:12:39 GMT 2024 


Salvatore Bonaccorso pushed to branch master at Debian Security Tracker / security-tracker


Commits:
fbc506ea by security tracker role at 2024-11-06T08:12:31+00:00
automatic update

- - - - -


1 changed file:

- data/CVE/list


Changes:

=====================================
data/CVE/list
=====================================
@@ -1,3 +1,95 @@
+CVE-2024-9946 (The Social Share, Social Login and Social Comments Plugin \u2013 Super ...)
+	TODO: check
+CVE-2024-9934 (The Wp-ImageZoom WordPress plugin through 1.1.0 does not sanitise and  ...)
+	TODO: check
+CVE-2024-9681 (When curl is asked to use HSTS, the expiry time for a subdomain might  ...)
+	TODO: check
+CVE-2024-9307 (The mFolio Lite plugin for WordPress is vulnerable to file uploads due ...)
+	TODO: check
+CVE-2024-7995 (A maliciously crafted binary file when downloaded could lead to escala ...)
+	TODO: check
+CVE-2024-7879 (The WP ULike  WordPress plugin before 4.7.5 does not sanitise and esca ...)
+	TODO: check
+CVE-2024-6626 (The EleForms \u2013 All In One Form Integration including DB for Eleme ...)
+	TODO: check
+CVE-2024-52043 (Observable Response Discrepancy vulnerability in HumHub GmbH & Co. KG  ...)
+	TODO: check
+CVE-2024-51756 (The cap-std project is organized around the eponymous `cap-std` crate, ...)
+	TODO: check
+CVE-2024-51745 (Wasmtime is a fast and secure runtime for WebAssembly. Wasmtime's file ...)
+	TODO: check
+CVE-2024-51358 (An issue in Linux Server Heimdall v.2.6.1 allows a remote attacker to  ...)
+	TODO: check
+CVE-2024-51116 (Tenda AC6 v2.0 V15.03.06.50 was discovered to contain a buffer overflo ...)
+	TODO: check
+CVE-2024-51115 (DCME-320 v7.4.12.90 was discovered to contain a command injection vuln ...)
+	TODO: check
+CVE-2024-49409 (Out-of-bounds write in Battery Full Capacity node prior to Firmware up ...)
+	TODO: check
+CVE-2024-49408 (Out-of-bounds write in usb driver prior to Firmware update Sep-2024 Re ...)
+	TODO: check
+CVE-2024-49407 (Improper access control in Samsung Flow prior to version 4.9.15.7 allo ...)
+	TODO: check
+CVE-2024-49406 (Improper validation of integrity check value in Blockchain Keystore pr ...)
+	TODO: check
+CVE-2024-49405 (Improper authentication in Private Info in Samsung Pass in prior to ve ...)
+	TODO: check
+CVE-2024-49404 (Improper Access Control in Samsung Video Player prior to versions 7.3. ...)
+	TODO: check
+CVE-2024-49403 (Improper access control in Samsung Voice Recorder prior to version 21. ...)
+	TODO: check
+CVE-2024-49402 (Improper input validation in Dressroom prior to SMR Nov-2024 Release 1 ...)
+	TODO: check
+CVE-2024-49401 (Improper input validation in Settings Suggestions prior to SMR Nov-202 ...)
+	TODO: check
+CVE-2024-48746 (An issue in Lens Visual integration with Power BI v.4.0.0.3 allows a r ...)
+	TODO: check
+CVE-2024-48176 (Lylme Spage v1.9.5 is vulnerable to Incorrect Access Control. There is ...)
+	TODO: check
+CVE-2024-47464 (An authenticated Path Traversal vulnerability exists in Instant AOS-8  ...)
+	TODO: check
+CVE-2024-47463 (An arbitrary file creation vulnerability exists in the Instant AOS-8 a ...)
+	TODO: check
+CVE-2024-47462 (An arbitrary file creation vulnerability exists in the Instant AOS-8 a ...)
+	TODO: check
+CVE-2024-47461 (An authenticated command injection vulnerability exists in the Instant ...)
+	TODO: check
+CVE-2024-47460 (Command injection vulnerability in the underlying CLI service could le ...)
+	TODO: check
+CVE-2024-42509 (Command injection vulnerability in the underlying CLI service could le ...)
+	TODO: check
+CVE-2024-34682 (Improper authorization in Settings prior to SMR Nov-2024 Release 1 all ...)
+	TODO: check
+CVE-2024-34681 (Improper input validation in BluetoothAdapter prior to SMR Nov-2024 Re ...)
+	TODO: check
+CVE-2024-34680 (Use of implicit intent for sensitive communication in WlanTest prior t ...)
+	TODO: check
+CVE-2024-34679 (Incorrect default permissions in Crane prior to SMR Nov-2024 Release 1 ...)
+	TODO: check
+CVE-2024-34678 (Out-of-bounds write in libsapeextractor.so prior to SMR Nov-2024 Relea ...)
+	TODO: check
+CVE-2024-34677 (Exposure of sensitive information in System UI prior to SMR Nov-2024 R ...)
+	TODO: check
+CVE-2024-34676 (Out-of-bounds write in parsing subtitle file in libsubextractor.so pri ...)
+	TODO: check
+CVE-2024-34675 (Improper access control in Dex Mode prior to SMR Nov-2024 Release 1 al ...)
+	TODO: check
+CVE-2024-34674 (Improper access control in Contacts prior to SMR Nov-2024 Release 1 al ...)
+	TODO: check
+CVE-2024-34673 (Improper Input Validation in IpcProtocol in Modem prior to SMR Nov-202 ...)
+	TODO: check
+CVE-2024-10647 (The WS Form LITE \u2013 Drag & Drop Contact Form Builder for WordPress ...)
+	TODO: check
+CVE-2024-10543 (The Tumult Hype Animations plugin for WordPress is vulnerable to unaut ...)
+	TODO: check
+CVE-2024-10535 (The Video Gallery for WooCommerce plugin for WordPress is vulnerable t ...)
+	TODO: check
+CVE-2024-10084 (The Contact Form 7 \u2013 Dynamic Text Extension plugin for WordPress  ...)
+	TODO: check
+CVE-2024-10028 (The Everest Backup \u2013 WordPress Cloud Backup, Migration, Restore & ...)
+	TODO: check
+CVE-2024-10020 (The Heateor Social Login WordPress plugin for WordPress is vulnerable  ...)
+	TODO: check
 CVE-2024-10826
 	- chromium <unfixed>
 	[bullseye] - chromium <end-of-life> (see #1061268)
@@ -123905,7 +123997,7 @@ CVE-2023-29661
 CVE-2023-29660
 	RESERVED
 CVE-2023-29659 (A Segmentation fault caused by a floating point exception exists in li ...)
-	{DSA-5796-1}
+	{DSA-5796-1 DLA-3945-1}
 	- libheif 1.16.2-1 (bug #1035607)
 	[buster] - libheif <no-dsa> (Minor issue)
 	NOTE: https://github.com/strukturag/libheif/issues/794
@@ -134230,6 +134322,7 @@ CVE-2023-22342 (Improper input validation in some Intel(R) Thunderbolt(TM) DCH d
 CVE-2023-22293 (Improper access control in the Intel(R) Thunderbolt(TM) DCH drivers fo ...)
 	NOT-FOR-US: Intel
 CVE-2023-0996 (There is a vulnerability in the strided image data parsing code in the ...)
+	{DLA-3945-1}
 	- libheif 1.15.1-1 (bug #1032101)
 	[buster] - libheif <no-dsa> (Minor issue)
 	NOTE: https://github.com/strukturag/libheif/pull/759



View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/fbc506ea97a632110c783fd1607230865bb337bc

-- 
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/fbc506ea97a632110c783fd1607230865bb337bc
You're receiving this email because of your account on salsa.debian.org.


-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://alioth-lists.debian.net/pipermail/debian-security-tracker-commits/attachments/20241106/04c64b7e/attachment.htm>

More information about the debian-security-tracker-commits mailing list