[Git][security-tracker-team/security-tracker][master] automatic update
Salvatore Bonaccorso (@carnil)
carnil at debian.org
Wed Nov 13 20:12:52 GMT 2024
Salvatore Bonaccorso pushed to branch master at Debian Security Tracker / security-tracker
Commits:
19eededd by security tracker role at 2024-11-13T20:12:46+00:00
automatic update
- - - - -
1 changed file:
- data/CVE/list
Changes:
=====================================
data/CVE/list
=====================================
@@ -1,4 +1,136 @@
-CVE-2024-11159
+CVE-2024-9682 (The Royal Elementor Addons and Templates plugin for WordPress is vulne ...)
+ TODO: check
+CVE-2024-9668 (The Royal Elementor Addons and Templates plugin for WordPress is vulne ...)
+ TODO: check
+CVE-2024-9477 (Improper Neutralization of Input During Web Page Generation (XSS or 'C ...)
+ TODO: check
+CVE-2024-9476 (A vulnerability in Grafana Labs Grafana OSS and Enterprise allows Priv ...)
+ TODO: check
+CVE-2024-9413 (The transport_message_handler function in SCP-Firmware release version ...)
+ TODO: check
+CVE-2024-9059 (The Royal Elementor Addons and Templates plugin for WordPress is vulne ...)
+ TODO: check
+CVE-2024-8049 (In Progress Telerik Document Processing Libraries, versions prior to 2 ...)
+ TODO: check
+CVE-2024-8001 (A vulnerability was found in VIWIS LMS 9.11. It has been classified as ...)
+ TODO: check
+CVE-2024-7295 (In Progress\xae Telerik\xae Report Server versions prior to 2024 Q4 (1 ...)
+ TODO: check
+CVE-2024-52306 (FileManager provides a Backpack admin interface for files and folder. ...)
+ TODO: check
+CVE-2024-52305 (UnoPim is an open-source Product Information Management (PIM) system b ...)
+ TODO: check
+CVE-2024-52300 (macro-pdfviewer is a PDF Viewer Macro for XWiki using Mozilla pdf.js. ...)
+ TODO: check
+CVE-2024-52299 (macro-pdfviewer is a PDF Viewer Macro for XWiki using Mozilla pdf.js. ...)
+ TODO: check
+CVE-2024-52298 (macro-pdfviewer is a PDF Viewer Macro for XWiki using Mozilla pdf.js. ...)
+ TODO: check
+CVE-2024-52295 (DataEase is an open source data visualization analysis tool. Prior to ...)
+ TODO: check
+CVE-2024-52293 (Craft is a content management system (CMS). Prior to 4.12.2 and 5.4.3, ...)
+ TODO: check
+CVE-2024-52292 (Craft is a content management system (CMS). The dataUrl function can b ...)
+ TODO: check
+CVE-2024-52291 (Craft is a content management system (CMS). A vulnerability in CraftCM ...)
+ TODO: check
+CVE-2024-51996 (Symphony process is a module for the Symphony PHP framework which exec ...)
+ TODO: check
+CVE-2024-50972 (A SQL injection vulnerability in printtool.php of Itsourcecode Constru ...)
+ TODO: check
+CVE-2024-50971 (A SQL injection vulnerability in print.php of Itsourcecode Constructio ...)
+ TODO: check
+CVE-2024-50970 (A SQL injection vulnerability in orderview1.php of Itsourcecode Online ...)
+ TODO: check
+CVE-2024-50969 (A Reflected cross-site scripting (XSS) vulnerability in browse.php of ...)
+ TODO: check
+CVE-2024-50854 (Tenda G3 v3.0 v15.11.0.20 was discovered to contain a stack overflow v ...)
+ TODO: check
+CVE-2024-50853 (Tenda G3 v3.0 v15.11.0.20 was discovered to contain a command injectio ...)
+ TODO: check
+CVE-2024-50852 (Tenda G3 v3.0 v15.11.0.20 was discovered to contain a command injectio ...)
+ TODO: check
+CVE-2024-49506 (Insecure creation of temporary files allows local users on systems wit ...)
+ TODO: check
+CVE-2024-49505 (A Improper Neutralization of Input During Web Page Generation ('Cross- ...)
+ TODO: check
+CVE-2024-49504 (grub2 allowed attackers with access to the grub shell to access files ...)
+ TODO: check
+CVE-2024-49379 (Umbrel is a home server OS for self-hosting. The login functionality o ...)
+ TODO: check
+CVE-2024-48989 (A vulnerability in the PROFINET stack implementation of the IndraDrive ...)
+ TODO: check
+CVE-2024-48900 (A vulnerability was found in Moodle. Additional checks are required to ...)
+ TODO: check
+CVE-2024-48510 (Directory Traversal vulnerability in DotNetZip v.1.16.0 and before all ...)
+ TODO: check
+CVE-2024-47574 (A authentication bypass using an alternate path or channel in Fortinet ...)
+ TODO: check
+CVE-2024-45594 (Decidim is a participatory democracy framework. The meeting embeds fea ...)
+ TODO: check
+CVE-2024-43093 (In shouldHideDocument of ExternalStorageProvider.java, there is a poss ...)
+ TODO: check
+CVE-2024-43091 (In filterMask of SkEmbossMaskFilter.cpp, there is a possible out of bo ...)
+ TODO: check
+CVE-2024-43090 (In multiple locations, there is a possible cross-user image read due t ...)
+ TODO: check
+CVE-2024-43089 (In updateInternal of MediaProvider.java , there is a possible access o ...)
+ TODO: check
+CVE-2024-43088 (In multiple functions in AppInfoBase.java, there is a possible way to ...)
+ TODO: check
+CVE-2024-43087 (In getInstalledAccessibilityPreferences of AccessibilitySettings.java, ...)
+ TODO: check
+CVE-2024-43086 (In validateAccountsInternal of AccountManagerService.java, there is a ...)
+ TODO: check
+CVE-2024-43085 (In handleMessage of UsbDeviceManager.java, there is a possible method ...)
+ TODO: check
+CVE-2024-43084 (In visitUris of multiple files, there is a possible information disclo ...)
+ TODO: check
+CVE-2024-43083 (In validate of WifiConfigurationUtil.java , there is a possible persis ...)
+ TODO: check
+CVE-2024-43082 (In onActivityResult of EditUserPhotoController.java, there is a possib ...)
+ TODO: check
+CVE-2024-43081 (In installExistingPackageAsUser of InstallPackageHelper.java, there is ...)
+ TODO: check
+CVE-2024-43080 (In onReceive of AppRestrictionsFragment.java, there is a possible esca ...)
+ TODO: check
+CVE-2024-42834 (A stored cross-site scripting (XSS) vulnerability in the Create Custom ...)
+ TODO: check
+CVE-2024-40671 (In DevmemIntChangeSparse2 of devicemem_server.c, there is a possible w ...)
+ TODO: check
+CVE-2024-40661 (In mayAdminGrantPermission of AdminRestrictedPermissionsUtils.java, th ...)
+ TODO: check
+CVE-2024-40660 (In setTransactionState of SurfaceFlinger.cpp, there is a possible way ...)
+ TODO: check
+CVE-2024-40443 (SQL Injection vulnerability in Simple Laboratory Management System usi ...)
+ TODO: check
+CVE-2024-34747 (In DevmemXIntMapPages of devicemem_server.c, there is a possible use-a ...)
+ TODO: check
+CVE-2024-34729 (In multiple locations, there is a possible arbitrary code execution du ...)
+ TODO: check
+CVE-2024-34719 (In multiple locations, there is a possible permissions bypass due to a ...)
+ TODO: check
+CVE-2024-31337 (In PVRSRVRGXKickTA3DKM of rgxta3d.c, there is a possible arbitrary cod ...)
+ TODO: check
+CVE-2024-23715 (In PMRWritePMPageList of pmr.c, there is a possible out of bounds writ ...)
+ TODO: check
+CVE-2024-11175 (A vulnerability was found in Public CMS 5.202406.d and classified as p ...)
+ TODO: check
+CVE-2024-11165 (An information disclosure vulnerability exists in the backup configura ...)
+ TODO: check
+CVE-2024-11028 (The MultiManager WP \u2013 Manage All Your WordPress Sites Easily plug ...)
+ TODO: check
+CVE-2024-10013 (In Progress Telerik UI for WinForms versions prior to 2024 Q4 (2024.4. ...)
+ TODO: check
+CVE-2024-10012 (In Progress Telerik UI for WPF versions prior to 2024 Q4 (2024.4.1111) ...)
+ TODO: check
+CVE-2023-38920 (Cross Site Scripting vulnerability in Cyber Cafe Management System v.1 ...)
+ TODO: check
+CVE-2023-35686 (In PVRSRVRGXKickTA3DKM of rgxta3d.c, there is a possible arbitrary cod ...)
+ TODO: check
+CVE-2023-35659 (In DevmemIntChangeSparse of devicemem_server.c, there is a possible ar ...)
+ TODO: check
+CVE-2024-11159 (Using remote content in OpenPGP encrypted messages can lead to the dis ...)
- thunderbird 1:128.4.3esr-1
NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2024-61/#CVE-2024-11159
CVE-2024-9614 (The Constant Contact Forms by MailMunch plugin for WordPress is vulner ...)
@@ -39,9 +171,9 @@ CVE-2024-49510 (InDesign Desktop versions ID18.5.3, ID19.5 and earlier are affec
NOT-FOR-US: Adobe
CVE-2024-49509 (InDesign Desktop versions ID18.5.3, ID19.5 and earlier are affected by ...)
NOT-FOR-US: Adobe
-CVE-2024-49508 (InDesign Desktop versions ID18.5.3, ID19.5 and earlier are affected by ...)
+CVE-2024-49508 (InDesign Desktop versions ID18.5.2, ID19.5 and earlier are affected by ...)
NOT-FOR-US: Adobe
-CVE-2024-49507 (InDesign Desktop versions ID18.5.3, ID19.5 and earlier are affected by ...)
+CVE-2024-49507 (InDesign Desktop versions ID18.5.2, ID19.5 and earlier are affected by ...)
NOT-FOR-US: Adobe
CVE-2024-48075 (A Heap buffer overflow in the server-site handshake implementation in ...)
NOT-FOR-US: SharkSSL
@@ -42911,7 +43043,7 @@ CVE-2023-35949 (Multiple stack-based buffer overflow vulnerabilities exist in th
NOTE: https://github.com/prusa3d/PrusaSlicer/issues/12905 and #1074233
NOTE: https://talosintelligence.com/vulnerability_reports/TALOS-2023-1784
NOTE: https://github.com/libigl/libigl/issues/2387
-CVE-2024-4741 [Use After Free with SSL_free_buffers]
+CVE-2024-4741 (Issue summary: Calling the OpenSSL API function SSL_free_buffers may c ...)
{DLA-3942-1}
- openssl 3.2.2-1 (bug #1072113)
[bookworm] - openssl 3.0.14-1~deb12u1
@@ -161009,8 +161141,8 @@ CVE-2022-45159
RESERVED
CVE-2022-45158
RESERVED
-CVE-2022-45157
- RESERVED
+CVE-2022-45157 (A vulnerability has been identified in the way that Rancher stores vSp ...)
+ TODO: check
CVE-2022-45156
RESERVED
CVE-2022-45155 (An Improper Handling of Exceptional Conditions vulnerability in obs-se ...)
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/19eededdb3e262df0b52be94f7cb667e1c9ad5de
--
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/19eededdb3e262df0b52be94f7cb667e1c9ad5de
You're receiving this email because of your account on salsa.debian.org.
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://alioth-lists.debian.net/pipermail/debian-security-tracker-commits/attachments/20241113/cedbade0/attachment-0001.htm>
More information about the debian-security-tracker-commits
mailing list