[Git][security-tracker-team/security-tracker][master] automatic update
Salvatore Bonaccorso (@carnil)
carnil at debian.org
Thu Nov 28 20:12:30 GMT 2024
Salvatore Bonaccorso pushed to branch master at Debian Security Tracker / security-tracker
Commits:
a1f1893d by security tracker role at 2024-11-28T20:12:24+00:00
automatic update
- - - - -
1 changed file:
- data/CVE/list
Changes:
=====================================
data/CVE/list
=====================================
@@ -1,4 +1,116 @@
-CVE-2023-52922 [can: bcm: Fix UAF in bcm_proc_show()]
+CVE-2024-9669 (The File Manager Pro \u2013 Filester plugin for WordPress is vulnerabl ...)
+ TODO: check
+CVE-2024-8672 (The Widget Options \u2013 The #1 WordPress Widget & Block Control Plug ...)
+ TODO: check
+CVE-2024-8308 (A low privileged remote attacker can insert a SQL injection inthe web ...)
+ TODO: check
+CVE-2024-8066 (The File Manager Pro \u2013 Filester plugin for WordPress is vulnerabl ...)
+ TODO: check
+CVE-2024-7747 (The Wallet for WooCommerce plugin for WordPress is vulnerable to incor ...)
+ TODO: check
+CVE-2024-53737 (Improper Neutralization of Input During Web Page Generation ('Cross-si ...)
+ TODO: check
+CVE-2024-53736 (Cross-Site Request Forgery (CSRF) vulnerability in Jason Grim Custom S ...)
+ TODO: check
+CVE-2024-53734 (Cross-Site Request Forgery (CSRF) vulnerability in Idealien Studios Id ...)
+ TODO: check
+CVE-2024-53733 (Improper Neutralization of Input During Web Page Generation ('Cross-si ...)
+ TODO: check
+CVE-2024-53732 (Cross-Site Request Forgery (CSRF) vulnerability in WP WOX Footer Flyou ...)
+ TODO: check
+CVE-2024-53731 (Improper Neutralization of Input During Web Page Generation ('Cross-si ...)
+ TODO: check
+CVE-2024-52501 (Improper Control of Filename for Include/Require Statement in PHP Prog ...)
+ TODO: check
+CVE-2024-52499 (Improper Control of Filename for Include/Require Statement in PHP Prog ...)
+ TODO: check
+CVE-2024-52498 (Path Traversal: '.../...//' vulnerability in Softpulse Infotech SP Blo ...)
+ TODO: check
+CVE-2024-52497 (Improper Control of Filename for Include/Require Statement in PHP Prog ...)
+ TODO: check
+CVE-2024-52496 (Improper Control of Filename for Include/Require Statement in PHP Prog ...)
+ TODO: check
+CVE-2024-52495 (Improper Neutralization of Special Elements used in an SQL Command ('S ...)
+ TODO: check
+CVE-2024-52490 (Unrestricted Upload of File with Dangerous Type vulnerability in Patho ...)
+ TODO: check
+CVE-2024-52481 (Improper Limitation of a Pathname to a Restricted Directory ('Path Tra ...)
+ TODO: check
+CVE-2024-52475 (Authentication Bypass Using an Alternate Path or Channel vulnerability ...)
+ TODO: check
+CVE-2024-52474 (Improper Neutralization of Special Elements used in an SQL Command ('S ...)
+ TODO: check
+CVE-2024-52338 (Deserialization of untrusted data in IPC and Parquet readers in the Ap ...)
+ TODO: check
+CVE-2024-52283 (Missing sanitation of inputs allowed arbitrary users to conduct a stor ...)
+ TODO: check
+CVE-2024-49503 (A Improper Neutralization of Input During Web Page Generation (XSS or ...)
+ TODO: check
+CVE-2024-49502 (A Improper Neutralization of Input During Web Page Generation (XSS or ...)
+ TODO: check
+CVE-2024-22038 (Various problems in obs-scm-bridge allows attackers that create specia ...)
+ TODO: check
+CVE-2024-22037 (The uyuni-server-attestation systemd service needs a database_password ...)
+ TODO: check
+CVE-2024-11969 (The NetCloud Exchange client for Windows, version 1.110.50, contains a ...)
+ TODO: check
+CVE-2024-11968 (A vulnerability was found in code-projects Farmacia up to 1.0. It has ...)
+ TODO: check
+CVE-2024-11967 (A vulnerability was found in PHPGurukul Complaint Management system 1. ...)
+ TODO: check
+CVE-2024-11966 (A vulnerability was found in PHPGurukul Complaint Management system 1. ...)
+ TODO: check
+CVE-2024-11965 (A vulnerability has been found in PHPGurukul Complaint Management syst ...)
+ TODO: check
+CVE-2024-11964 (A vulnerability, which was classified as critical, was found in PHPGur ...)
+ TODO: check
+CVE-2024-11963 (A vulnerability, which was classified as critical, has been found in c ...)
+ TODO: check
+CVE-2024-11962 (A vulnerability classified as critical was found in code-projects Simp ...)
+ TODO: check
+CVE-2024-11961 (A vulnerability was found in Guangzhou Huayi Intelligent Technology Je ...)
+ TODO: check
+CVE-2024-11960 (A vulnerability was found in D-Link DIR-605L 2.13B01. It has been decl ...)
+ TODO: check
+CVE-2024-11959 (A vulnerability was found in D-Link DIR-605L 2.13B01. It has been clas ...)
+ TODO: check
+CVE-2024-11788 (The StreamWeasels YouTube Integration plugin for WordPress is vulnerab ...)
+ TODO: check
+CVE-2024-11786 (The Login with Vipps and MobilePay plugin for WordPress is vulnerable ...)
+ TODO: check
+CVE-2024-11761 (The LegalWeb Cloud plugin for WordPress is vulnerable to Stored Cross- ...)
+ TODO: check
+CVE-2024-11685 (The `Kudos Donations \u2013 Easy donations and payments with Mollie` p ...)
+ TODO: check
+CVE-2024-11684 (The Kudos Donations \u2013 Easy donations and payments with Mollie plu ...)
+ TODO: check
+CVE-2024-11620 (Improper Control of Generation of Code ('Code Injection') vulnerabilit ...)
+ TODO: check
+CVE-2024-11599 (Mattermost versions 10.0.x <= 10.0.1, 10.1.x <= 10.1.1, 9.11.x <= 9.11 ...)
+ TODO: check
+CVE-2024-11458 (The FAQ Builder AYS plugin for WordPress is vulnerable to Reflected Cr ...)
+ TODO: check
+CVE-2024-11431 (The Ragic Shortcode plugin for WordPress is vulnerable to Stored Cross ...)
+ TODO: check
+CVE-2024-11402 (Improper Neutralization of Input During Web Page Generation ('Cross-si ...)
+ TODO: check
+CVE-2024-11366 (The SEO Landing Page Generator plugin for WordPress is vulnerable to R ...)
+ TODO: check
+CVE-2024-11333 (The HLS Player plugin for WordPress is vulnerable to Stored Cross-Site ...)
+ TODO: check
+CVE-2024-11203 (The EmbedPress \u2013 Embed PDF, 3D Flipbook, Social Feeds, Google Doc ...)
+ TODO: check
+CVE-2024-11103 (The Contest Gallery plugin for WordPress is vulnerable to privilege es ...)
+ TODO: check
+CVE-2024-11082 (The Tumult Hype Animations plugin for WordPress is vulnerable to arbit ...)
+ TODO: check
+CVE-2024-10798 (The Royal Elementor Addons and Templates plugin for WordPress is vulne ...)
+ TODO: check
+CVE-2024-10780 (The Restaurant & Cafe Addon for Elementor plugin for WordPress is vuln ...)
+ TODO: check
+CVE-2024-10670 (The Primary Addon for Elementor plugin for WordPress is vulnerable to ...)
+ TODO: check
+CVE-2023-52922 (In the Linux kernel, the following vulnerability has been resolved: c ...)
- linux 6.4.11-1
[bookworm] - linux 6.1.52-1
[bullseye] - linux 5.10.191-1
@@ -383,7 +495,7 @@ CVE-2024-XXXX [Supplemental group inheritance grants unintended access to GID 0
NOTE: https://github.com/proftpd/proftpd/issues/1830
NOTE: Pending confirmation for CVE assignment (likely to get CVE-2024-48651)
CVE-2024-11699 (Memory safety bugs present in Firefox 132, Firefox ESR 128.4, and Thun ...)
- {DSA-5821-1 DSA-5820-1}
+ {DSA-5821-1 DSA-5820-1 DLA-3971-1 DLA-3969-1}
- firefox 133.0-1
- firefox-esr 128.5.0esr-1
- thunderbird 1:128.5.0esr-1
@@ -410,7 +522,7 @@ CVE-2024-11704 (A double-free issue could have occurred in `sec_pkcs7_decoder_st
- firefox <unfixed>
NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2024-63/#CVE-2024-11704
CVE-2024-11697 (When handling keypress events, an attacker may have been able to trick ...)
- {DSA-5821-1 DSA-5820-1}
+ {DSA-5821-1 DSA-5820-1 DLA-3971-1 DLA-3969-1}
- firefox 133.0-1
- firefox-esr 128.5.0esr-1
- thunderbird 1:128.5.0esr-1
@@ -418,7 +530,7 @@ CVE-2024-11697 (When handling keypress events, an attacker may have been able to
NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2024-64/#CVE-2024-11697
NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2024-68/#CVE-2024-11697
CVE-2024-11696 (The application failed to account for exceptions thrown by the `loadMa ...)
- {DSA-5821-1 DSA-5820-1}
+ {DSA-5821-1 DSA-5820-1 DLA-3971-1 DLA-3969-1}
- firefox 133.0-1
- firefox-esr 128.5.0esr-1
- thunderbird 1:128.5.0esr-1
@@ -429,7 +541,7 @@ CVE-2024-11703 (On Android, Firefox may have inadvertently allowed viewing saved
- firefox <unfixed>
NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2024-63/#CVE-2024-11703
CVE-2024-11695 (A crafted URL containing Arabic script and whitespace characters could ...)
- {DSA-5821-1 DSA-5820-1}
+ {DSA-5821-1 DSA-5820-1 DLA-3971-1 DLA-3969-1}
- firefox 133.0-1
- firefox-esr 128.5.0esr-1
- thunderbird 1:128.5.0esr-1
@@ -437,7 +549,7 @@ CVE-2024-11695 (A crafted URL containing Arabic script and whitespace characters
NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2024-64/#CVE-2024-11695
NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2024-68/#CVE-2024-11695
CVE-2024-11694 (Enhanced Tracking Protection's Strict mode may have inadvertently allo ...)
- {DSA-5821-1 DSA-5820-1}
+ {DSA-5821-1 DSA-5820-1 DLA-3971-1 DLA-3969-1}
- firefox 133.0-1
- firefox-esr 128.5.0esr-1
- thunderbird 1:128.5.0esr-1
@@ -458,7 +570,7 @@ CVE-2024-11701 (The incorrect domain may have been displayed in the address bar
- firefox 133.0-1
NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2024-63/#CVE-2024-11701
CVE-2024-11692 (An attacker could cause a select dropdown to be shown over another tab ...)
- {DSA-5821-1 DSA-5820-1}
+ {DSA-5821-1 DSA-5820-1 DLA-3971-1 DLA-3969-1}
- firefox 133.0-1
- firefox-esr 128.5.0esr-1
- thunderbird 1:128.5.0esr-1
@@ -31606,7 +31718,7 @@ CVE-2024-41817 (ImageMagick is a free and open-source software suite, used for e
NOTE: https://github.com/ImageMagick/ImageMagick/security/advisories/GHSA-8rxc-922v-phg8
NOTE: https://github.com/ImageMagick/ImageMagick/commit/6526a2b28510ead6a3e14de711bb991ad9abff38
CVE-2024-41810 (Twisted is an event-based framework for internet applications, support ...)
- {DSA-5797-1}
+ {DSA-5797-1 DLA-3970-1}
- twisted 24.7.0-1 (bug #1077680)
NOTE: https://github.com/twisted/twisted/security/advisories/GHSA-cf56-g6w6-pqq2
NOTE: Merge commit: https://github.com/twisted/twisted/commit/046a164f89a0f08d3239ecebd750360f8914df33 (twisted-24.7.0rc1)
@@ -31617,7 +31729,7 @@ CVE-2024-41726 (Path traversal vulnerability exists in SKYSEA Client View Ver.3.
CVE-2024-41676 (Magento-lts is a long-term support alternative to Magento Community Ed ...)
NOT-FOR-US: Magento LTS (alternative to Magento Community Edition)
CVE-2024-41671 (Twisted is an event-based framework for internet applications, support ...)
- {DSA-5797-1}
+ {DSA-5797-1 DLA-3970-1}
- twisted 24.7.0-1 (bug #1077679)
NOTE: https://github.com/twisted/twisted/security/advisories/GHSA-c8m8-j448-xjx7
NOTE: https://github.com/twisted/twisted/commit/4a930de12fb67e88fefcb8822104152f42b27abc (twisted-24.7.0rc1)
@@ -102988,7 +103100,7 @@ CVE-2023-46233 (crypto-js is a JavaScript library of crypto standards. Prior to
CVE-2023-46232 (era-compiler-vyper is the EraVM Vyper compiler for zkSync Era, a layer ...)
NOT-FOR-US: era-compiler-vyper
CVE-2023-46137 (Twisted is an event-based framework for internet applications. Prior t ...)
- {DSA-5797-1}
+ {DSA-5797-1 DLA-3970-1}
- twisted 23.10.0-1 (bug #1054913)
[buster] - twisted <no-dsa> (Minor issue)
NOTE: https://github.com/twisted/twisted/security/advisories/GHSA-xc8x-vp79-p3wm
@@ -184269,7 +184381,7 @@ CVE-2022-39350 (@dependencytrack/frontend is a Single Page Application (SPA) use
CVE-2022-39349 (The Tasks.org Android app is an open-source app for to-do lists and re ...)
NOT-FOR-US: Tasks.org Android app
CVE-2022-39348 (Twisted is an event-based framework for internet applications. Started ...)
- {DLA-3212-1}
+ {DLA-3970-1 DLA-3212-1}
- twisted 22.4.0-4 (bug #1023359)
NOTE: https://github.com/twisted/twisted/security/advisories/GHSA-vg46-2rrj-3647
NOTE: Introduced by: https://github.com/twisted/twisted/commit/f49041bb67792506d85aeda9cf6157e92f8048f4
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/a1f1893d55da524626b6453b136cd2ca4ae2678d
--
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/a1f1893d55da524626b6453b136cd2ca4ae2678d
You're receiving this email because of your account on salsa.debian.org.
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://alioth-lists.debian.net/pipermail/debian-security-tracker-commits/attachments/20241128/0b4bb008/attachment-0001.htm>
More information about the debian-security-tracker-commits
mailing list