[Git][security-tracker-team/security-tracker][master] automatic update

Salvatore Bonaccorso (@carnil) carnil at debian.org
Sat Nov 9 08:12:11 GMT 2024 


Salvatore Bonaccorso pushed to branch master at Debian Security Tracker / security-tracker


Commits:
f4bbd65c by security tracker role at 2024-11-09T08:12:05+00:00
automatic update

- - - - -


1 changed file:

- data/CVE/list


Changes:

=====================================
data/CVE/list
=====================================
@@ -1,3 +1,133 @@
+CVE-2024-9874 (The Poll Maker \u2013 Versus Polls, Anonymous Polls, Image Polls plugi ...)
+	TODO: check
+CVE-2024-9775 (The Anih - Creative Agency WordPress Theme theme for WordPress is vuln ...)
+	TODO: check
+CVE-2024-9270 (The Lenxel Core for Lenxel(LNX) LMS plugin for WordPress is vulnerable ...)
+	TODO: check
+CVE-2024-9262 (The User Meta \u2013 User Profile Builder and User management plugin p ...)
+	TODO: check
+CVE-2024-9226 (The Landing Page Cat \u2013 Coming Soon Page, Maintenance Page & Squee ...)
+	TODO: check
+CVE-2024-8960 (The Cowidgets \u2013 Elementor Addons plugin for WordPress is vulnerab ...)
+	TODO: check
+CVE-2024-8756 (The Quform - WordPress Form Builder plugin for WordPress is vulnerable ...)
+	TODO: check
+CVE-2024-52314 (A data.all admin team member who has access to the customer-owned AWS  ...)
+	TODO: check
+CVE-2024-52313 (An authenticated data.all user is able to manipulate a getDataset quer ...)
+	TODO: check
+CVE-2024-52312 (Due to inconsistent authorization permissions, data.all may allow an e ...)
+	TODO: check
+CVE-2024-52311 (Authentication tokens issued via Cognito in data.all are not invalidat ...)
+	TODO: check
+CVE-2024-52009 (Atlantis is a self-hosted golang application that listens for Terrafor ...)
+	TODO: check
+CVE-2024-52007 (HAPI FHIR is a complete implementation of the HL7 FHIR standard for he ...)
+	TODO: check
+CVE-2024-52004 (MediaCMS is an open source video and media CMS, written in Python/Djan ...)
+	TODO: check
+CVE-2024-52002 (Combodo iTop is a simple, web based IT Service Management tool. Severa ...)
+	TODO: check
+CVE-2024-52001 (Combodo iTop is a simple, web based IT Service Management tool. In aff ...)
+	TODO: check
+CVE-2024-52000 (Combodo iTop is a simple, web based IT Service Management tool. Affect ...)
+	TODO: check
+CVE-2024-51157 (07FLYCMS V1.3.9 was discovered to contain a Cross-Site Request Forgery ...)
+	TODO: check
+CVE-2024-50809 (The theme.php file in SDCMS 2.8 has a command execution vulnerability  ...)
+	TODO: check
+CVE-2024-50808 (SeaCms 13.1 is vulnerable to code injection in the notification module ...)
+	TODO: check
+CVE-2024-48073 (sunniwell HT3300 before 1.0.0.B022.2 is vulnerable to Insecure Permiss ...)
+	TODO: check
+CVE-2024-35427 (vmir e8117 was discovered to contain a segmentation violation via the  ...)
+	TODO: check
+CVE-2024-35426 (vmir e8117 was discovered to contain a stack overflow via the init_loc ...)
+	TODO: check
+CVE-2024-35425 (vmir e8117 was discovered to contain a segmentation violation via the  ...)
+	TODO: check
+CVE-2024-35424 (vmir e8117 was discovered to contain a segmentation violation via the  ...)
+	TODO: check
+CVE-2024-35423 (vmir e8117 was discovered to contain a heap buffer overflow via the wa ...)
+	TODO: check
+CVE-2024-35422 (vmir e8117 was discovered to contain a heap buffer overflow via the wa ...)
+	TODO: check
+CVE-2024-35421 (vmir e8117 was discovered to contain a segmentation violation via the  ...)
+	TODO: check
+CVE-2024-35420 (wac commit 385e1 was discovered to contain a heap overflow.)
+	TODO: check
+CVE-2024-35419 (wac commit 385e1 was discovered to contain a heap overflow via the loa ...)
+	TODO: check
+CVE-2024-35418 (wac commit 385e1 was discovered to contain a heap overflow via the set ...)
+	TODO: check
+CVE-2024-35410 (wac commit 385e1 was discovered to contain a heap overflow via the int ...)
+	TODO: check
+CVE-2024-27532 (wasm-micro-runtime (aka WebAssembly Micro Runtime or WAMR) 06df58f is  ...)
+	TODO: check
+CVE-2024-27530 (wasm3 139076a contains a Use-After-Free in ForEachModule.)
+	TODO: check
+CVE-2024-27529 (wasm3 139076a contains memory leaks in Read_utf8.)
+	TODO: check
+CVE-2024-27528 (wasm3 139076a suffers from Invalid Memory Read, leading to DoS and pot ...)
+	TODO: check
+CVE-2024-27527 (wasm3 139076a is vulnerable to Denial of Service (DoS).)
+	TODO: check
+CVE-2024-21994 (StorageGRID (formerly StorageGRID Webscale) versions prior to 11.9 are ...)
+	TODO: check
+CVE-2024-11026 (A vulnerability was found in Intelligent Apps Freenow App 12.10.0 on A ...)
+	TODO: check
+CVE-2024-10953 (An authenticated data.all user is able to perform mutating UPDATE oper ...)
+	TODO: check
+CVE-2024-10876 (The Charitable \u2013 Donation Plugin for WordPress \u2013 Fundraising ...)
+	TODO: check
+CVE-2024-10871 (The Category Ajax Filter plugin for WordPress is vulnerable to Local F ...)
+	TODO: check
+CVE-2024-10814 (The Code Embed plugin for WordPress is vulnerable to Server-Side Reque ...)
+	TODO: check
+CVE-2024-10801 (The WordPress User Extra Fields plugin for WordPress is vulnerable to  ...)
+	TODO: check
+CVE-2024-10779 (The Cowidgets \u2013 Elementor Addons plugin for WordPress is vulnerab ...)
+	TODO: check
+CVE-2024-10770 (The Envo Extra plugin for WordPress is vulnerable to Information Expos ...)
+	TODO: check
+CVE-2024-10693 (The SKT Addons for Elementor plugin for WordPress is vulnerable to Inf ...)
+	TODO: check
+CVE-2024-10688 (The Attesa Extra plugin for WordPress is vulnerable to Information Exp ...)
+	TODO: check
+CVE-2024-10683 (The Contact Form 7 \u2013 PayPal & Stripe Add-on plugin for WordPress  ...)
+	TODO: check
+CVE-2024-10674 (The Th Shop Mania theme for WordPress is vulnerable to unauthorized ar ...)
+	TODO: check
+CVE-2024-10673 (The Top Store theme for WordPress is vulnerable to unauthorized arbitr ...)
+	TODO: check
+CVE-2024-10669 (The Countdown Timer block \u2013 Display the event's date into a  ...)
+	TODO: check
+CVE-2024-10667 (The Content Slider Block plugin for WordPress is vulnerable to Informa ...)
+	TODO: check
+CVE-2024-10627 (The WooCommerce Support Ticket System plugin for WordPress is vulnerab ...)
+	TODO: check
+CVE-2024-10626 (The WooCommerce Support Ticket System plugin for WordPress is vulnerab ...)
+	TODO: check
+CVE-2024-10625 (The WooCommerce Support Ticket System plugin for WordPress is vulnerab ...)
+	TODO: check
+CVE-2024-10589 (The Leopard - WordPress Offload Media plugin for WordPress is vulnerab ...)
+	TODO: check
+CVE-2024-10588 (The Debug Tool plugin for WordPress is vulnerable to unauthorized acce ...)
+	TODO: check
+CVE-2024-10586 (The Debug Tool plugin for WordPress is vulnerable to arbitrary file cr ...)
+	TODO: check
+CVE-2024-10547 (The WP Membership plugin for WordPress is vulnerable to arbitrary file ...)
+	TODO: check
+CVE-2024-10508 (The RegistrationMagic \u2013 User Registration Plugin with Custom Regi ...)
+	TODO: check
+CVE-2024-10470 (The WPLMS Learning Management System for WordPress, WordPress LMS them ...)
+	TODO: check
+CVE-2024-10294 (The CE21 Suite plugin for WordPress is vulnerable to unauthorized modi ...)
+	TODO: check
+CVE-2024-10285 (The CE21 Suite plugin for WordPress is vulnerable to sensitive informa ...)
+	TODO: check
+CVE-2024-10284 (The CE21 Suite plugin for WordPress is vulnerable to authentication by ...)
+	TODO: check
 CVE-2024-10973
 	NOT-FOR-US: Keycloak
 CVE-2024-9841 (A Reflected Cross-Site Scripting (XSS) vulnerability has been identifi ...)
@@ -7360,7 +7490,7 @@ CVE-2024-41311 (In Libheif 1.17.6, insufficient checks in ImageOverlay::parse()
 	NOTE: https://github.com/strukturag/libheif/issues/1226
 	NOTE: https://github.com/strukturag/libheif/pull/1227
 	NOTE: https://github.com/strukturag/libheif/commit/a3ed1b1eb178c5d651d6ac619c8da3d71ac2be36 (v1.18.0)
-CVE-2024-38204 (Improper Access Control in Imagine Cup allows an authorized attacker t ...)
+CVE-2024-38204 (Improper access control in Imagine Cup allows an authorized attacker t ...)
 	NOT-FOR-US: Microsoft
 CVE-2024-38190 (Missing authorization in Power Platform allows an unauthenticated atta ...)
 	NOT-FOR-US: Microsoft



View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/f4bbd65c8108ca2006464b1ab12d0f03e87bab89

-- 
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/f4bbd65c8108ca2006464b1ab12d0f03e87bab89
You're receiving this email because of your account on salsa.debian.org.


-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://alioth-lists.debian.net/pipermail/debian-security-tracker-commits/attachments/20241109/cef27a16/attachment.htm>

More information about the debian-security-tracker-commits mailing list