[Git][security-tracker-team/security-tracker][master] automatic update

Salvatore Bonaccorso (@carnil) carnil at debian.org
Fri Nov 15 08:12:06 GMT 2024 


Salvatore Bonaccorso pushed to branch master at Debian Security Tracker / security-tracker


Commits:
5ca281e3 by security tracker role at 2024-11-15T08:11:59+00:00
automatic update

- - - - -


1 changed file:

- data/CVE/list


Changes:

=====================================
data/CVE/list
=====================================
@@ -1,3 +1,85 @@
+CVE-2024-9834 (Improper data protection on the ventilator's serial interface could al ...)
+	TODO: check
+CVE-2024-9832 (There is no limit on the number of failed login attempts permitted wit ...)
+	TODO: check
+CVE-2024-9609 (The LearnPress Export Import \u2013 WordPress extension for LearnPress ...)
+	TODO: check
+CVE-2024-9529 (The Secure Custom Fields WordPress plugin before 6.3.9, Secure Custom  ...)
+	TODO: check
+CVE-2024-9356 (The Yotpo: Product & Photo Reviews for WooCommerce plugin for WordPres ...)
+	TODO: check
+CVE-2024-8961 (The Essential Addons for Elementor \u2013 Best Elementor Addon, Templa ...)
+	TODO: check
+CVE-2024-52613 (A heap-based buffer under-read in tsMuxer version nightly-2024-05-12-0 ...)
+	TODO: check
+CVE-2024-52308 (The GitHub CLI version 2.6.1 and earlier are vulnerable to remote code ...)
+	TODO: check
+CVE-2024-51687 (Cross-Site Request Forgery (CSRF) vulnerability in Platform.Ly Platfor ...)
+	TODO: check
+CVE-2024-51684 (Cross-Site Request Forgery (CSRF) vulnerability in Ciprian Popescu W3P ...)
+	TODO: check
+CVE-2024-51679 (Cross-Site Request Forgery (CSRF) vulnerability in GentleSource Appoin ...)
+	TODO: check
+CVE-2024-51659 (Cross-Site Request Forgery (CSRF) vulnerability in GeekRMX Twitter @An ...)
+	TODO: check
+CVE-2024-51658 (Cross-Site Request Forgery (CSRF) vulnerability in Henrik Hoff WP Cour ...)
+	TODO: check
+CVE-2024-51156 (07FLYCMS V1.3.9 was discovered to contain a Cross-Site Request Forgery ...)
+	TODO: check
+CVE-2024-50968 (A business logic vulnerability exists in the Add to Cart function of i ...)
+	TODO: check
+CVE-2024-49778 (A heap-based buffer overflow in tsMuxer version nightly-2024-05-12-02- ...)
+	TODO: check
+CVE-2024-49777 (A heap-based buffer overflow in tsMuxer version nightly-2024-03-14-01- ...)
+	TODO: check
+CVE-2024-49776 (A negative-size-param in tsMuxer version nightly-2024-04-05-01-53-02 a ...)
+	TODO: check
+CVE-2024-48974 (The ventilator does not perform proper file integrity checks when adop ...)
+	TODO: check
+CVE-2024-48973 (The debug port on the ventilator's serial interface is enabled by defa ...)
+	TODO: check
+CVE-2024-48971 (The Clinician Password and Serial Number Clinician Password are hard-c ...)
+	TODO: check
+CVE-2024-48970 (The ventilator's microcontroller lacks memory protection. An attacker  ...)
+	TODO: check
+CVE-2024-48967 (The ventilator and the Service PC lack sufficient audit logging capabi ...)
+	TODO: check
+CVE-2024-48966 (The software tools used by service personnel to test & calibrate the v ...)
+	TODO: check
+CVE-2024-42499 (Improper limitation of a pathname to a restricted directory ('Path Tra ...)
+	TODO: check
+CVE-2024-41217 (A heap-based buffer overflow in tsMuxer version nightly-2024-05-10-02- ...)
+	TODO: check
+CVE-2024-41209 (A heap-based buffer overflow in tsMuxer version nightly-2024-03-14-01- ...)
+	TODO: check
+CVE-2024-41206 (A stack-based buffer over-read in tsMuxer version nightly-2024-03-14-0 ...)
+	TODO: check
+CVE-2024-40579 (Cross Site Scripting vulnerability in Virtuozzo Hybrid Server for WHMC ...)
+	TODO: check
+CVE-2024-39707 (Insyde IHISI function 0x49 can restore factory defaults for certain UE ...)
+	TODO: check
+CVE-2024-39610 (Cross-site scripting vulnerability exists in FitNesse releases prior t ...)
+	TODO: check
+CVE-2024-31695 (A misconfiguration in the fingerprint authentication mechanism of Bina ...)
+	TODO: check
+CVE-2024-11120 (Certain EOL GeoVision devices have an OS Command Injection vulnerabili ...)
+	TODO: check
+CVE-2024-10924 (The Really Simple Security (Free, Pro, and Pro Multisite) plugins for  ...)
+	TODO: check
+CVE-2024-10897 (The Tutor LMS Elementor Addons plugin for WordPress is vulnerable to u ...)
+	TODO: check
+CVE-2024-10825 (The Hide My WP Ghost \u2013 Security & Firewall plugin for WordPress i ...)
+	TODO: check
+CVE-2024-10793 (The WP Activity Log plugin for WordPress is vulnerable to Stored Cross ...)
+	TODO: check
+CVE-2024-10582 (The Music Player for Elementor \u2013 Audio Player & Podcast Player pl ...)
+	TODO: check
+CVE-2024-10260 (The Tripetto plugin for WordPress is vulnerable to Stored Cross-Site S ...)
+	TODO: check
+CVE-2024-10113 (The WP AdCenter \u2013 Ad Manager & Adsense Ads plugin for WordPress i ...)
+	TODO: check
+CVE-2024-10104 (The Jobs for WordPress plugin before 2.7.8 does not sanitise and escap ...)
+	TODO: check
 CVE-2024-9693 (An issue was discovered in GitLab CE/EE affecting all versions startin ...)
 	- gitlab <unfixed>
 CVE-2024-9633 (An issue has been discovered in GitLab CE/EE affecting all versions st ...)
@@ -604,7 +686,7 @@ CVE-2024-51179 (An issue in Open 5GS v.2.7.1 allows a remote attacker to cause a
 	NOT-FOR-US: Open5GS
 CVE-2024-51094 (An issue in Snipe-IT v.7.0.13 build 15514 allows a low-privileged atta ...)
 	- snipe-it <itp> (bug #1005172)
-CVE-2024-51093 (Cross Site Scripting vulnerability in Snipe-IT v.7.0.13 allows a remot ...)
+CVE-2024-51093 (Stored Cross-Site Scripting (XSS) vulnerability in Snipe-IT - v7.0.13  ...)
 	- snipe-it <itp> (bug #1005172)
 CVE-2024-49512 (InDesign Desktop versions ID18.5.3, ID19.5 and earlier are affected by ...)
 	NOT-FOR-US: Adobe
@@ -509994,8 +510076,7 @@ CVE-2017-13229 (A remote code execution vulnerability in the Android media frame
 	NOT-FOR-US: Android Media Framework
 CVE-2017-13228 (In function ih264d_ref_idx_reordering of libavc, there is an out-of-bo ...)
 	NOT-FOR-US: Android Media Framework
-CVE-2017-13227
-	RESERVED
+CVE-2017-13227 (In the autofill service, the package name that is provided by the app  ...)
 	NOT-FOR-US: Android
 CVE-2017-13226 (An elevation of privilege vulnerability in the MediaTek mtk. Product:  ...)
 	NOT-FOR-US: Mediatek components for Android
@@ -639676,7 +639757,7 @@ CVE-2013-3902 (Use-after-free vulnerability in win32k.sys in the kernel-mode dri
 	NOT-FOR-US: Microsoft Windows
 CVE-2013-3901
 	REJECTED
-CVE-2013-3900 (The WinVerifyTrust function in Microsoft Windows XP SP2 and SP3, Windo ...)
+CVE-2013-3900 (Why is Microsoft republishing a CVE from 2013? We are republishing CVE ...)
 	NOT-FOR-US: Microsoft Windows
 CVE-2013-3899 (win32k.sys in the kernel-mode drivers in Microsoft Windows XP SP2 and  ...)
 	NOT-FOR-US: Microsoft Windows



View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/5ca281e339bd01512bcd3b3132be38baa7e3229f

-- 
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/5ca281e339bd01512bcd3b3132be38baa7e3229f
You're receiving this email because of your account on salsa.debian.org.


-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://alioth-lists.debian.net/pipermail/debian-security-tracker-commits/attachments/20241115/3eb01a18/attachment.htm>

More information about the debian-security-tracker-commits mailing list