[Git][security-tracker-team/security-tracker][master] automatic update

Salvatore Bonaccorso (@carnil) carnil at debian.org
Sat Nov 16 20:12:17 GMT 2024 


Salvatore Bonaccorso pushed to branch master at Debian Security Tracker / security-tracker


Commits:
8dd06150 by security tracker role at 2024-11-16T20:12:10+00:00
automatic update

- - - - -


1 changed file:

- data/CVE/list


Changes:

=====================================
data/CVE/list
=====================================
@@ -1,3 +1,93 @@
+CVE-2024-9938 (The Bounce Handler MailPoet 3 plugin for WordPress is vulnerable to Re ...)
+	TODO: check
+CVE-2024-9935 (The PDF Generator Addon for Elementor Page Builder plugin for WordPres ...)
+	TODO: check
+CVE-2024-9887 (The Login using WordPress Users ( WP as SAML IDP ) plugin for WordPres ...)
+	TODO: check
+CVE-2024-9850 (The SVG Case Study plugin for WordPress is vulnerable to Stored Cross- ...)
+	TODO: check
+CVE-2024-9849 (The 3D FlipBook, PDF Viewer, PDF Embedder \u2013 Real 3D FlipBook Word ...)
+	TODO: check
+CVE-2024-9839 (The The Uix Slideshow plugin for WordPress is vulnerable to arbitrary  ...)
+	TODO: check
+CVE-2024-9615 (The BulkPress plugin for WordPress is vulnerable to Reflected Cross-Si ...)
+	TODO: check
+CVE-2024-9500 (A maliciously crafted DLL file when placed in temporary files and fold ...)
+	TODO: check
+CVE-2024-9386 (The Exclusive Divi \u2013 Divi Preloader, Modules for Divi & Extra The ...)
+	TODO: check
+CVE-2024-9192 (The WordPress Video Robot - The Ultimate Video Importer plugin for Wor ...)
+	TODO: check
+CVE-2024-8873 (The PeproDev WooCommerce Receipt Uploader plugin for WordPress is vuln ...)
+	TODO: check
+CVE-2024-8856 (The Backup and Staging by WP Time Capsule plugin for WordPress is vuln ...)
+	TODO: check
+CVE-2024-6628 (The EleForms \u2013 All In One Form Integration including DB for Eleme ...)
+	TODO: check
+CVE-2024-51765 (A security vulnerability has been identified in HPE Cray Data Virtuali ...)
+	TODO: check
+CVE-2024-51764 (A security vulnerability has been identified in HPE Data Management Fr ...)
+	TODO: check
+CVE-2024-50983 (FlightPath 7.5 contains a Cross Site Scripting (XSS) vulnerability, wh ...)
+	TODO: check
+CVE-2024-49592 (McAfee Trial Installer 16.0.53 has Incorrect Access Control that leads ...)
+	TODO: check
+CVE-2024-49060 (Azure Stack HCI Elevation of Privilege Vulnerability)
+	TODO: check
+CVE-2024-45611 (GLPI is an open-source asset and IT management software package that p ...)
+	TODO: check
+CVE-2024-45610 (GLPI is an open-source asset and IT management software package that p ...)
+	TODO: check
+CVE-2024-44758 (An arbitrary file upload vulnerability in the component /Production/Up ...)
+	TODO: check
+CVE-2024-38370 (GLPI is a free asset and IT management software package. Starting in 9 ...)
+	TODO: check
+CVE-2024-11263 (When the Global Pointer (GP) relative addressing is enabled (CONFIG_RI ...)
+	TODO: check
+CVE-2024-11262 (A vulnerability has been found in SourceCodester Student Record Manage ...)
+	TODO: check
+CVE-2024-11261 (A vulnerability, which was classified as critical, was found in Source ...)
+	TODO: check
+CVE-2024-11217 (A vulnerability was found in the OAuth-server. OAuth-server logs the O ...)
+	TODO: check
+CVE-2024-11118 (The 404 Error Monitor plugin for WordPress is vulnerable to Cross-Site ...)
+	TODO: check
+CVE-2024-11094 (The 404 Solution plugin for WordPress is vulnerable to Sensitive Infor ...)
+	TODO: check
+CVE-2024-11092 (The SVGPlus plugin for WordPress is vulnerable to Stored Cross-Site Sc ...)
+	TODO: check
+CVE-2024-11085 (The WP Log Viewer plugin for WordPress is vulnerable to unauthorized u ...)
+	TODO: check
+CVE-2024-10884 (The SimpleForm Contact Form Submissions plugin for WordPress is vulner ...)
+	TODO: check
+CVE-2024-10883 (The SimpleForm \u2013 Contact form made simple plugin for WordPress is ...)
+	TODO: check
+CVE-2024-10875 (The Gallery Manager plugin for WordPress is vulnerable to Reflected Cr ...)
+	TODO: check
+CVE-2024-10861 (The Popup Box \u2013 Create Countdown, Coupon, Video, Contact Form Pop ...)
+	TODO: check
+CVE-2024-10795 (The Popularis Extra plugin for WordPress is vulnerable to Information  ...)
+	TODO: check
+CVE-2024-10786 (The Simple Local Avatars plugin for WordPress is vulnerable to unautho ...)
+	TODO: check
+CVE-2024-10728 (The Post Grid Gutenberg Blocks and WordPress Blog Plugin \u2013 PostX  ...)
+	TODO: check
+CVE-2024-10645 (The Blogger 301 Redirect plugin for WordPress is vulnerable to blind t ...)
+	TODO: check
+CVE-2024-10614 (The Customer Reviews for WooCommerce plugin for WordPress is vulnerabl ...)
+	TODO: check
+CVE-2024-10592 (The Mapster WP Maps plugin for WordPress is vulnerable to Stored Cross ...)
+	TODO: check
+CVE-2024-10533 (The WP Chat App plugin for WordPress is vulnerable to unauthorized plu ...)
+	TODO: check
+CVE-2024-10262 (The The Drop Shadow Boxes plugin for WordPress is vulnerable to arbitr ...)
+	TODO: check
+CVE-2024-10147 (The Steel plugin for WordPress is vulnerable to Stored Cross-Site Scri ...)
+	TODO: check
+CVE-2024-10017 (The PJW Mime Config plugin for WordPress is vulnerable to Stored Cross ...)
+	TODO: check
+CVE-2024-10015 (The ConvertCalculator for WordPress plugin for WordPress is vulnerable ...)
+	TODO: check
 CVE-2024-41151
 	NOT-FOR-US: Apache HertzBeat
 CVE-2024-45791
@@ -580,28 +670,28 @@ CVE-2024-10921 (An authorized user may trigger crashes or receive the contents o
 CVE-2024-10571 (The Chartify \u2013 WordPress Chart Plugin plugin for WordPress is vul ...)
 	NOT-FOR-US: WordPress plugin
 CVE-2024-10979 (Incorrect control of environment variables in PostgreSQL PL/Perl allow ...)
-	{DSA-5812-1}
+	{DSA-5812-1 DLA-3954-1}
 	- postgresql-17 17.1-1
 	- postgresql-16 <unfixed>
 	- postgresql-15 <removed>
 	- postgresql-13 <removed>
 	NOTE: https://www.postgresql.org/support/security/CVE-2024-10979/
 CVE-2024-10978 (Incorrect privilege assignment in PostgreSQL allows a less-privileged  ...)
-	{DSA-5812-1}
+	{DSA-5812-1 DLA-3954-1}
 	- postgresql-17 17.1-1
 	- postgresql-16 <unfixed>
 	- postgresql-15 <removed>
 	- postgresql-13 <removed>
 	NOTE: https://www.postgresql.org/support/security/CVE-2024-10978/
 CVE-2024-10977 (Client use of server error message in PostgreSQL allows a server not t ...)
-	{DSA-5812-1}
+	{DSA-5812-1 DLA-3954-1}
 	- postgresql-17 17.1-1
 	- postgresql-16 <unfixed>
 	- postgresql-15 <removed>
 	- postgresql-13 <removed>
 	NOTE: https://www.postgresql.org/support/security/CVE-2024-10977/
 CVE-2024-10976 (Incomplete tracking in PostgreSQL of tables with row security allows a ...)
-	{DSA-5812-1}
+	{DSA-5812-1 DLA-3954-1}
 	- postgresql-17 17.1-1
 	- postgresql-16 <unfixed>
 	- postgresql-15 <removed>
@@ -1775,6 +1865,7 @@ CVE-2023-44255 (An exposure of sensitive information to an unauthorized actor [C
 CVE-2023-32736 (A vulnerability has been identified in SIMATIC S7-PLCSIM V16 (All vers ...)
 	NOT-FOR-US: Siemens
 CVE-2024-49369 (Icinga is a monitoring system which checks the availability of network ...)
+	{DLA-3953-1}
 	- icinga2 2.14.3-1 (bug #1087384)
 	[bookworm] - icinga2 <no-dsa> (Will be fixed via point release; Only affects deployments with access to Icinga API via client certificates)
 	NOTE: https://github.com/Icinga/icinga2/security/advisories/GHSA-j7wq-r9mg-9wpv
@@ -259599,7 +259690,7 @@ CVE-2021-37700 (@github/paste-markdown is an npm package for pasting markdown ob
 CVE-2021-37699 (Next.js is an open source website development framework to be used wit ...)
 	NOT-FOR-US: next.js
 CVE-2021-37698 (Icinga is a monitoring system which checks the availability of network ...)
-	{DLA-2816-1}
+	{DLA-3953-1 DLA-2816-1}
 	- icinga2 2.13.1-1
 	[buster] - icinga2 <no-dsa> (Minor issue)
 	NOTE: https://github.com/Icinga/icinga2/security/advisories/GHSA-cxfm-8j5v-5qr2
@@ -271849,7 +271940,7 @@ CVE-2021-32745 (Collabora Online is a collaborative online office suite. A refle
 CVE-2021-32744 (Collabora Online is a collaborative online office suite. In versions p ...)
 	NOT-FOR-US: Collabora Online
 CVE-2021-32743 (Icinga is a monitoring system which checks the availability of network ...)
-	{DLA-2816-1}
+	{DLA-3953-1 DLA-2816-1}
 	[experimental] - icinga2 2.12.5-1~exp1
 	- icinga2 2.12.5-1 (bug #991494)
 	[buster] - icinga2 <no-dsa> (Minor issue)
@@ -271867,7 +271958,7 @@ CVE-2021-32740 (Addressable is an alternative implementation to the URI implemen
 	NOTE: https://github.com/sporkmonger/addressable/security/advisories/GHSA-jxhc-q857-3j6g
 	NOTE: https://github.com/sporkmonger/addressable/commit/b48ff03347a6d46e8dc674e242ce74c6381962a5#diff-fb36d3dc67e6565ffde17e666a98697f48e76dac38fabf1bb9e97cdf3b583d76
 CVE-2021-32739 (Icinga is a monitoring system which checks the availability of network ...)
-	{DLA-2816-1}
+	{DLA-3953-1 DLA-2816-1}
 	[experimental] - icinga2 2.12.5-1~exp1
 	- icinga2 2.12.5-1 (bug #991494)
 	[buster] - icinga2 <no-dsa> (Minor issue)
@@ -510297,18 +510388,18 @@ CVE-2017-13316
 	NOT-FOR-US: Android
 CVE-2017-13315
 	RESERVED
-CVE-2017-13314
-	RESERVED
-CVE-2017-13313
-	RESERVED
-CVE-2017-13312
-	RESERVED
-CVE-2017-13311
-	RESERVED
-CVE-2017-13310
-	RESERVED
-CVE-2017-13309
-	RESERVED
+CVE-2017-13314 (In setAllowOnlyVpnForUids of NetworkManagementService.java, there is a ...)
+	TODO: check
+CVE-2017-13313 (In ElementaryStreamQueue::dequeueAccessUnitMPEG4Video of ESQueue.cpp,  ...)
+	TODO: check
+CVE-2017-13312 (In createFromParcel of MediaCas.java, there is a possible parcel read/ ...)
+	TODO: check
+CVE-2017-13311 (In the read() function of ProcessStats.java, there is a possible read/ ...)
+	TODO: check
+CVE-2017-13310 (In createFromParcel of ViewPager.java, there is a possible read/write  ...)
+	TODO: check
+CVE-2017-13309 (In readEncryptedData of ConscryptEngine.java, there is a possible plai ...)
+	TODO: check
 CVE-2017-13308
 	RESERVED
 CVE-2017-13307 (A elevation of privilege vulnerability in the Upstream kernel pci sysf ...)



View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/8dd0615089d8120683ff9218f2bcecf5a1ba6ebb

-- 
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/8dd0615089d8120683ff9218f2bcecf5a1ba6ebb
You're receiving this email because of your account on salsa.debian.org.


-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://alioth-lists.debian.net/pipermail/debian-security-tracker-commits/attachments/20241116/e438f80e/attachment.htm>

More information about the debian-security-tracker-commits mailing list