[Git][security-tracker-team/security-tracker][master] automatic update
Salvatore Bonaccorso (@carnil)
carnil at debian.org
Wed Nov 13 08:12:38 GMT 2024
Salvatore Bonaccorso pushed to branch master at Debian Security Tracker / security-tracker
Commits:
70f02769 by security tracker role at 2024-11-13T08:12:11+00:00
automatic update
- - - - -
1 changed file:
- data/CVE/list
Changes:
=====================================
data/CVE/list
=====================================
@@ -1,3 +1,179 @@
+CVE-2024-9614 (The Constant Contact Forms by MailMunch plugin for WordPress is vulner ...)
+ TODO: check
+CVE-2024-9578 (The Hide Links plugin for WordPress is vulnerable to unauthorized shor ...)
+ TODO: check
+CVE-2024-9426 (The Aqua SVG Sprite plugin for WordPress is vulnerable to Stored Cross ...)
+ TODO: check
+CVE-2024-9409 (CWE-400: An Uncontrolled Resource Consumption vulnerability exists tha ...)
+ TODO: check
+CVE-2024-8985 (The Social Proof (Testimonial) Slider plugin for WordPress is vulnerab ...)
+ TODO: check
+CVE-2024-8938 (CWE-119: Improper Restriction of Operations within the Bounds of a Mem ...)
+ TODO: check
+CVE-2024-8937 (CWE-119: Improper Restriction of Operations within the Bounds of a Mem ...)
+ TODO: check
+CVE-2024-8936 (CWE-20: Improper Input Validation vulnerability exists that could lead ...)
+ TODO: check
+CVE-2024-8935 (CWE-290: Authentication Bypass by Spoofing vulnerability exists that c ...)
+ TODO: check
+CVE-2024-8933 (CWE-924: Improper Enforcement of Message Integrity During Transmission ...)
+ TODO: check
+CVE-2024-8874 (The AJAX Login and Registration modal popup + inline form plugin for W ...)
+ TODO: check
+CVE-2024-52268 (Cross-site scripting vulnerability exists in VK All in One Expansion U ...)
+ TODO: check
+CVE-2024-51179 (An issue in Open 5GS v.2.7.1 allows a remote attacker to cause a denia ...)
+ TODO: check
+CVE-2024-51094 (An issue in Snipe-IT v.7.0.13 build 15514 allows a remote attacker to ...)
+ TODO: check
+CVE-2024-51093 (Cross Site Scripting vulnerability in Snipe-IT v.7.0.13 allows a remot ...)
+ TODO: check
+CVE-2024-49512 (InDesign Desktop versions ID18.5.3, ID19.5 and earlier are affected by ...)
+ TODO: check
+CVE-2024-49511 (InDesign Desktop versions ID18.5.3, ID19.5 and earlier are affected by ...)
+ TODO: check
+CVE-2024-49510 (InDesign Desktop versions ID18.5.3, ID19.5 and earlier are affected by ...)
+ TODO: check
+CVE-2024-49509 (InDesign Desktop versions ID18.5.3, ID19.5 and earlier are affected by ...)
+ TODO: check
+CVE-2024-49508 (InDesign Desktop versions ID18.5.3, ID19.5 and earlier are affected by ...)
+ TODO: check
+CVE-2024-49507 (InDesign Desktop versions ID18.5.3, ID19.5 and earlier are affected by ...)
+ TODO: check
+CVE-2024-48075 (A Heap buffer overflow in the server-site handshake implementation in ...)
+ TODO: check
+CVE-2024-39712 (Argument injection in Ivanti Connect Secure before version 22.7R2.1 an ...)
+ TODO: check
+CVE-2024-39711 (Argument injection in Ivanti Connect Secure before version 22.7R2.1 an ...)
+ TODO: check
+CVE-2024-39710 (Argument injection in Ivanti Connect Secure before version 22.7R2 and ...)
+ TODO: check
+CVE-2024-39709 (Incorrect file permissions in Ivanti Connect Secure before version 22. ...)
+ TODO: check
+CVE-2024-38656 (Argument injection in Ivanti Connect Secure before version 22.7R2.2 an ...)
+ TODO: check
+CVE-2024-38655 (Argument injection in Ivanti Connect Secure before version 22.7R2.1 an ...)
+ TODO: check
+CVE-2024-38654 (Improper bounds checking in Ivanti Secure Access Client before version ...)
+ TODO: check
+CVE-2024-38649 (An out-of-bounds write in IPsec of Ivanti Connect Secure before versio ...)
+ TODO: check
+CVE-2024-37400 (An out of bounds read in Ivanti Connect Secure before version 22.7R2.3 ...)
+ TODO: check
+CVE-2024-37398 (Insufficient validation in Ivanti Secure Access Client before 22.7R4 a ...)
+ TODO: check
+CVE-2024-37376 (SQL injection in Ivanti Endpoint Manager before 2024 November Security ...)
+ TODO: check
+CVE-2024-34787 (Path traversal in Ivanti Endpoint Manager before 2024 November Securit ...)
+ TODO: check
+CVE-2024-34784 (SQL injection in Ivanti Endpoint Manager before 2024 November Security ...)
+ TODO: check
+CVE-2024-34782 (SQL injection in Ivanti Endpoint Manager before 2024 November Security ...)
+ TODO: check
+CVE-2024-34781 (SQL injection in Ivanti Endpoint Manager before 2024 November Security ...)
+ TODO: check
+CVE-2024-34780 (SQL injection in Ivanti Endpoint Manager before 2024 November Security ...)
+ TODO: check
+CVE-2024-32847 (SQL injection in Ivanti Endpoint Manager before 2024 November Security ...)
+ TODO: check
+CVE-2024-32844 (SQL injection in Ivanti Endpoint Manager before 2024 November Security ...)
+ TODO: check
+CVE-2024-32841 (SQL injection in Ivanti Endpoint Manager before 2024 November Security ...)
+ TODO: check
+CVE-2024-32839 (SQL injection in Ivanti Endpoint Manager before 2024 November Security ...)
+ TODO: check
+CVE-2024-29211 (A race condition in Ivanti Secure Access Client before version 22.7R4 ...)
+ TODO: check
+CVE-2024-28731 (Cross Site Request Forgery vulnerability in DLink DWR 2000M 5G CPE Wit ...)
+ TODO: check
+CVE-2024-28730 (Cross Site Scripting vulnerability in DLink DWR 2000M 5G CPE With Wifi ...)
+ TODO: check
+CVE-2024-28729 (An issue in DLink DWR 2000M 5G CPE With Wifi 6 Ax1800 and Dlink DWR 5G ...)
+ TODO: check
+CVE-2024-28728 (Cross Site Scripting vulnerability in DLink DWR 2000M 5G CPE With Wifi ...)
+ TODO: check
+CVE-2024-28726 (An issue in DLink DWR 2000M 5G CPE With Wifi 6 Ax1800 and Dlink DWR 5G ...)
+ TODO: check
+CVE-2024-21541 (All versions of the package dom-iterator are vulnerable to Arbitrary C ...)
+ TODO: check
+CVE-2024-21540 (All versions of the package source-map-support are vulnerable to Direc ...)
+ TODO: check
+CVE-2024-11168 (The urllib.parse.urlsplit() and urlparse() functions improperly valida ...)
+ TODO: check
+CVE-2024-11150 (The WordPress User Extra Fields plugin for WordPress is vulnerable to ...)
+ TODO: check
+CVE-2024-11143 (The Kognetiks Chatbot for WordPress plugin for WordPress is vulnerable ...)
+ TODO: check
+CVE-2024-11117 (Inappropriate implementation in FileSystem in Google Chrome prior to 1 ...)
+ TODO: check
+CVE-2024-11116 (Inappropriate implementation in Blink in Google Chrome prior to 131.0. ...)
+ TODO: check
+CVE-2024-11115 (Insufficient policy enforcement in Navigation in Google Chrome on iOS ...)
+ TODO: check
+CVE-2024-11114 (Inappropriate implementation in Views in Google Chrome on Windows prio ...)
+ TODO: check
+CVE-2024-11113 (Use after free in Accessibility in Google Chrome prior to 131.0.6778.6 ...)
+ TODO: check
+CVE-2024-11112 (Use after free in Media in Google Chrome on Windows prior to 131.0.677 ...)
+ TODO: check
+CVE-2024-11111 (Inappropriate implementation in Autofill in Google Chrome prior to 131 ...)
+ TODO: check
+CVE-2024-11110 (Inappropriate implementation in Extensions in Google Chrome prior to 1 ...)
+ TODO: check
+CVE-2024-10887 (The NiceJob plugin for WordPress is vulnerable to Stored Cross-Site Sc ...)
+ TODO: check
+CVE-2024-10882 (The Product Delivery Date for WooCommerce \u2013 Lite plugin for WordP ...)
+ TODO: check
+CVE-2024-10877 (The AFI \u2013 The Easiest Integration Plugin plugin for WordPress is ...)
+ TODO: check
+CVE-2024-10854 (The Buy one click WooCommerce plugin for WordPress is vulnerable to un ...)
+ TODO: check
+CVE-2024-10853 (The Buy one click WooCommerce plugin for WordPress is vulnerable to un ...)
+ TODO: check
+CVE-2024-10852 (The Buy one click WooCommerce plugin for WordPress is vulnerable to un ...)
+ TODO: check
+CVE-2024-10851 (The Razorpay Payment Button Plugin plugin for WordPress is vulnerable ...)
+ TODO: check
+CVE-2024-10850 (The Razorpay Payment Button Elementor Plugin plugin for WordPress is v ...)
+ TODO: check
+CVE-2024-10828 (The Advanced Order Export For WooCommerce plugin for WordPress is vuln ...)
+ TODO: check
+CVE-2024-10820 (The WooCommerce Upload Files plugin for WordPress is vulnerable to arb ...)
+ TODO: check
+CVE-2024-10816 (The LUNA RADIO PLAYER plugin for WordPress is vulnerable to Directory ...)
+ TODO: check
+CVE-2024-10802 (The Hash Elements plugin for WordPress is vulnerable to unauthorized a ...)
+ TODO: check
+CVE-2024-10800 (The WordPress User Extra Fields plugin for WordPress is vulnerable to ...)
+ TODO: check
+CVE-2024-10794 (The Boostify Header Footer Builder for Elementor plugin for WordPress ...)
+ TODO: check
+CVE-2024-10778 (The BuddyPress Builder for Elementor \u2013 BuddyBuilder plugin for Wo ...)
+ TODO: check
+CVE-2024-10717 (The Styler for Ninja Forms plugin for WordPress is vulnerable to unaut ...)
+ TODO: check
+CVE-2024-10686 (The Design for Contact Form 7 Style WordPress Plugin \u2013 CF7 WOW St ...)
+ TODO: check
+CVE-2024-10684 (The Kognetiks Chatbot for WordPress plugin for WordPress is vulnerable ...)
+ TODO: check
+CVE-2024-10629 (The GPX Viewer plugin for WordPress is vulnerable to arbitrary file cr ...)
+ TODO: check
+CVE-2024-10593 (The WPForms \u2013 Easy Form Builder for WordPress \u2013 Contact Form ...)
+ TODO: check
+CVE-2024-10577 (The \u80d6\u9f20\u91c7\u96c6(Fat Rat Collect) \u5fae\u4fe1\u77e5\u4e4e ...)
+ TODO: check
+CVE-2024-10575 (CWE-862: Missing Authorization vulnerability exists that could cause u ...)
+ TODO: check
+CVE-2024-10531 (The Kognetiks Chatbot for WordPress plugin for WordPress is vulnerable ...)
+ TODO: check
+CVE-2024-10530 (The Kognetiks Chatbot for WordPress plugin for WordPress is vulnerable ...)
+ TODO: check
+CVE-2024-10529 (The Kognetiks Chatbot for WordPress plugin for WordPress is vulnerable ...)
+ TODO: check
+CVE-2024-10174 (The WP Project Manager \u2013 Task, team, and project management plugi ...)
+ TODO: check
+CVE-2024-10038 (The WP-Strava plugin for WordPress is vulnerable to Stored Cross-Site ...)
+ TODO: check
CVE-2023-4458 [ksmbd: fix wrong DataOffset validation of create context]
- linux 6.5.3-1
[bookworm] - linux 6.1.52-1
@@ -96499,7 +96675,7 @@ CVE-2023-39345 (strapi is an open-source headless CMS. Versions prior to 4.13.1
NOT-FOR-US: strapi
CVE-2023-35911 (Improper Neutralization of Special Elements used in an SQL Command ('S ...)
NOT-FOR-US: WordPress plugin
-CVE-2023-4699 (Insufficient Verification of Data Authenticity vulnerability in Mitsub ...)
+CVE-2023-4699 (Missing Authentication for Critical Function vulnerability in Mitsubis ...)
NOT-FOR-US: Mitsubishi
CVE-2023-4625 (Improper Restriction of Excessive Authentication Attempts vulnerabilit ...)
NOT-FOR-US: Mitsubishi
@@ -284037,16 +284213,16 @@ CVE-2021-27706 (Buffer Overflow in Tenda G1 and G3 routers with firmware version
NOT-FOR-US: Tenda routers
CVE-2021-27705 (Buffer Overflow in Tenda G1 and G3 routers with firmware v15.11.0.17(9 ...)
NOT-FOR-US: Tenda routers
-CVE-2021-27704
- RESERVED
-CVE-2021-27703
- RESERVED
-CVE-2021-27702
- RESERVED
-CVE-2021-27701
- RESERVED
-CVE-2021-27700
- RESERVED
+CVE-2021-27704 (Appspace 6.2.4 is affected by Incorrect Access Control via the Appspac ...)
+ TODO: check
+CVE-2021-27703 (Sercomm Model Etisalat Model S3- AC2100 is affected by Cross Site Scri ...)
+ TODO: check
+CVE-2021-27702 (Sercomm Router Etisalat Model S3- AC2100 is affected by Incorrect Acce ...)
+ TODO: check
+CVE-2021-27701 (SOCIFI Socifi Guest wifi as SAAS is affected by Cross Site Request For ...)
+ TODO: check
+CVE-2021-27700 (SOCIFI Socifi Guest wifi as SAAS wifi portal is affected by Insecure P ...)
+ TODO: check
CVE-2021-27699
RESERVED
CVE-2021-27698 (RIOT-OS 2021.01 contains a buffer overflow vulnerability in /sys/net/g ...)
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/70f0276969737bede92127a99504dfa6b1325c3c
--
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/70f0276969737bede92127a99504dfa6b1325c3c
You're receiving this email because of your account on salsa.debian.org.
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://alioth-lists.debian.net/pipermail/debian-security-tracker-commits/attachments/20241113/b574b3c5/attachment.htm>
More information about the debian-security-tracker-commits
mailing list