[Git][security-tracker-team/security-tracker][master] automatic update
Salvatore Bonaccorso (@carnil)
carnil at debian.org
Tue Oct 1 09:12:30 BST 2024
Salvatore Bonaccorso pushed to branch master at Debian Security Tracker / security-tracker
Commits:
19dd057f by security tracker role at 2024-10-01T08:12:24+00:00
automatic update
- - - - -
1 changed file:
- data/CVE/list
Changes:
=====================================
data/CVE/list
=====================================
@@ -1,3 +1,91 @@
+CVE-2024-9360 (A vulnerability was found in code-projects Restaurant Reservation Syst ...)
+ TODO: check
+CVE-2024-9359 (A vulnerability was found in code-projects Restaurant Reservation Syst ...)
+ TODO: check
+CVE-2024-9358 (A vulnerability has been found in ThingsBoard up to 3.7.0 and classifi ...)
+ TODO: check
+CVE-2024-9304 (The LocateAndFilter plugin for WordPress is vulnerable to Stored Cross ...)
+ TODO: check
+CVE-2024-9274 (The Elastik Page Builder plugin for WordPress is vulnerable to Stored ...)
+ TODO: check
+CVE-2024-9272 (The R Animated Icon Plugin plugin for WordPress is vulnerable to Store ...)
+ TODO: check
+CVE-2024-9269 (The Relogo plugin for WordPress is vulnerable to Stored Cross-Site Scr ...)
+ TODO: check
+CVE-2024-9267 (The Easy WordPress Subscribe \u2013 Optin Hound plugin for WordPress i ...)
+ TODO: check
+CVE-2024-9194 (Improper Neutralization of Special Elements used in an SQL Command ('S ...)
+ TODO: check
+CVE-2024-9145 (Wiz Code Visual Studio Code extension in versions 1.0.0 up to 1.5.3 an ...)
+ TODO: check
+CVE-2024-9119 (The SVG Complete plugin for WordPress is vulnerable to Stored Cross-Si ...)
+ TODO: check
+CVE-2024-9108 (The Wechat Social login plugin for WordPress is vulnerable to arbitrar ...)
+ TODO: check
+CVE-2024-9106 (The Wechat Social login plugin for WordPress is vulnerable to authenti ...)
+ TODO: check
+CVE-2024-8990 (The Geo Mashup plugin for WordPress is vulnerable to Stored Cross-Site ...)
+ TODO: check
+CVE-2024-8989 (The Free Responsive Testimonials, Social Proof Reviews, and Customer R ...)
+ TODO: check
+CVE-2024-8981 (The Broken Link Checker plugin for WordPress is vulnerable to Reflecte ...)
+ TODO: check
+CVE-2024-8728 (The Easy Load More plugin for WordPress is vulnerable to Reflected Cro ...)
+ TODO: check
+CVE-2024-8727 (The DK PDF plugin for WordPress is vulnerable to Reflected Cross-Site ...)
+ TODO: check
+CVE-2024-8720 (The RumbleTalk Live Group Chat \u2013 HTML5 plugin for WordPress is vu ...)
+ TODO: check
+CVE-2024-8718 (The Gravity Forms Toolbar plugin for WordPress is vulnerable to Reflec ...)
+ TODO: check
+CVE-2024-8675 (The Soumettre.fr plugin for WordPress is vulnerable to unauthorized mo ...)
+ TODO: check
+CVE-2024-8632 (The KB Support \u2013 WordPress Help Desk and Knowledge Base plugin fo ...)
+ TODO: check
+CVE-2024-8548 (The KB Support \u2013 WordPress Help Desk and Knowledge Base plugin fo ...)
+ TODO: check
+CVE-2024-8107 (The Slider Revolution plugin for WordPress is vulnerable to Stored Cro ...)
+ TODO: check
+CVE-2024-7869 (The 123.chat - Video Chat plugin for WordPress is vulnerable to Stored ...)
+ TODO: check
+CVE-2024-7675 (A maliciously crafted DWF file, when parsed in w3dtk.dll through Autod ...)
+ TODO: check
+CVE-2024-7674 (A maliciously crafted DWF file, when parsed in dwfcore.dll through Aut ...)
+ TODO: check
+CVE-2024-7673 (A maliciously crafted DWFX file, when parsed in w3dtk.dll through Auto ...)
+ TODO: check
+CVE-2024-7672 (A maliciously crafted DWF file, when parsed in dwfcore.dll through Aut ...)
+ TODO: check
+CVE-2024-7671 (A maliciously crafted DWFX file, when parsed in dwfcore.dll through Au ...)
+ TODO: check
+CVE-2024-7670 (A maliciously crafted DWFX file, when parsed in w3dtk.dll through Auto ...)
+ TODO: check
+CVE-2024-7434 (The UltraPress theme for WordPress is vulnerable to PHP Object Injecti ...)
+ TODO: check
+CVE-2024-7433 (The Empowerment theme for WordPress is vulnerable to PHP Object Inject ...)
+ TODO: check
+CVE-2024-7432 (The Unseen Blog theme for WordPress is vulnerable to PHP Object Inject ...)
+ TODO: check
+CVE-2024-47560 (RevoWorks Cloud Client 3.0.91 and earlier contains an incorrect author ...)
+ TODO: check
+CVE-2024-47396 (Improper Neutralization of Input During Web Page Generation (XSS or 'C ...)
+ TODO: check
+CVE-2024-47295 (Insecure initial password configuration issue in SEIKO EPSON Web Confi ...)
+ TODO: check
+CVE-2024-46503 (An issue in the _readFileSync function of Simple-Spellchecker v1.0.2 a ...)
+ TODO: check
+CVE-2024-45073 (IBM WebSphere Application Server 8.5 and 9.0 is vulnerable to stored c ...)
+ TODO: check
+CVE-2024-28808 (An issue was discovered in Infinera hiT 7300 5.60.50. Hidden functiona ...)
+ TODO: check
+CVE-2024-28807 (An issue was discovered in Infinera hiT 7300 5.60.50. Cleartext storag ...)
+ TODO: check
+CVE-2024-21531 (All versions of the package git-shallow-clone are vulnerable to Comman ...)
+ TODO: check
+CVE-2024-21489 (Versions of the package uplot before 1.6.31 are vulnerable to Prototyp ...)
+ TODO: check
+CVE-2024-0116 (NVIDIA Triton Inference Server contains a vulnerability where a user m ...)
+ TODO: check
CVE-2024-9355
NOT-FOR-US: golang-fips
CVE-2024-9158 (A stored cross site scripting vulnerability exists in Nessus Network M ...)
@@ -2497,7 +2585,7 @@ CVE-2024-22303 (Incorrect Privilege Assignment vulnerability in favethemes Houze
NOT-FOR-US: WordPress plugin
CVE-2024-21743 (Privilege Escalation vulnerability in favethemes Houzez Login Register ...)
NOT-FOR-US: WordPress plugin
-CVE-2024-8421
+CVE-2024-8421 (This CVE has been rejected.)
NOT-FOR-US: Red Hat specific golang.org/x/net/http2 CVE relating to CVE-2023-39325
NOTE: https://bugzilla.redhat.com/show_bug.cgi?id=2309710#c7
CVE-2024-XXXX [RUSTSEC-2023-0086]
@@ -74421,6 +74509,7 @@ CVE-2023-7106 (A vulnerability was found in code-projects E-Commerce Website 1.0
CVE-2023-7105 (A vulnerability was found in code-projects E-Commerce Website 1.0. It ...)
NOT-FOR-US: code-projects E-Commerce Website
CVE-2023-7104 (A vulnerability was found in SQLite SQLite3 up to 3.43.0 and classifie ...)
+ {DLA-3907-1}
- sqlite3 3.43.1-1
[bookworm] - sqlite3 <no-dsa> (Minor issue)
[buster] - sqlite3 <no-dsa> (Minor issue)
@@ -248031,6 +248120,7 @@ CVE-2021-36691 (libjxl v0.5.0 is affected by a Assertion failed issue in lib/jxl
NOTE: Special case of https://github.com/libjxl/libjxl/issues/762
NOTE: Negligible security impact
CVE-2021-36690 (A segmentation fault can occur in the sqlite3.exe command-line compone ...)
+ {DLA-3907-1}
- sqlite3 3.36.0-2 (unimportant)
[stretch] - sqlite3 <not-affected> (vulnerable code is not present)
- sqlite <not-affected> (Vulnerable code is not present)
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/19dd057faf6945f41f23ea47c4dfeb44c113b2ca
--
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/19dd057faf6945f41f23ea47c4dfeb44c113b2ca
You're receiving this email because of your account on salsa.debian.org.
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://alioth-lists.debian.net/pipermail/debian-security-tracker-commits/attachments/20241001/2a42b879/attachment.htm>
More information about the debian-security-tracker-commits
mailing list