[Git][security-tracker-team/security-tracker][master] automatic update
Salvatore Bonaccorso (@carnil)
carnil at debian.org
Tue Oct 1 21:12:23 BST 2024
Salvatore Bonaccorso pushed to branch master at Debian Security Tracker / security-tracker
Commits:
d1997790 by security tracker role at 2024-10-01T20:12:17+00:00
automatic update
- - - - -
1 changed file:
- data/CVE/list
Changes:
=====================================
data/CVE/list
=====================================
@@ -1,68 +1,170 @@
-CVE-2024-9403
+CVE-2024-9411 (A vulnerability classified as problematic has been found in OFCMS 1.1. ...)
+ TODO: check
+CVE-2024-9405 (An incorrect limitation of a path to a restricted directory (path trav ...)
+ TODO: check
+CVE-2024-9341 (A flaw was found in Go. When FIPS mode is enabled on a system, contain ...)
+ TODO: check
+CVE-2024-9289 (The WordPress & WooCommerce Affiliate Program plugin for WordPress is ...)
+ TODO: check
+CVE-2024-9265 (The Echo RSS Feed Post Generator plugin for WordPress is vulnerable to ...)
+ TODO: check
+CVE-2024-9241 (The PDF Image Generator plugin for WordPress is vulnerable to Reflecte ...)
+ TODO: check
+CVE-2024-9228 (The Loggedin \u2013 Limit Active Logins plugin for WordPress is vulner ...)
+ TODO: check
+CVE-2024-9224 (The Hello World plugin for WordPress is vulnerable to Arbitrary File R ...)
+ TODO: check
+CVE-2024-9220 (The LH Copy Media File plugin for WordPress is vulnerable to Reflected ...)
+ TODO: check
+CVE-2024-9209 (The WP Search Analytics plugin for WordPress is vulnerable to Reflecte ...)
+ TODO: check
+CVE-2024-9118 (The QS Dark Mode Plugin plugin for WordPress is vulnerable to Stored C ...)
+ TODO: check
+CVE-2024-9060 (The AVIF & SVG Uploader plugin for WordPress is vulnerable to Stored C ...)
+ TODO: check
+CVE-2024-9018 (The WP Easy Gallery \u2013 WordPress Gallery Plugin plugin for WordPre ...)
+ TODO: check
+CVE-2024-8799 (The Custom Banners plugin for WordPress is vulnerable to Reflected Cro ...)
+ TODO: check
+CVE-2024-8793 (The Store Exporter for WooCommerce \u2013 Export Products, Export Orde ...)
+ TODO: check
+CVE-2024-8786 (The Auto Featured Image from Title plugin for WordPress is vulnerable ...)
+ TODO: check
+CVE-2024-8430 (The Spice Starter Sites plugin for WordPress is vulnerable to unauthor ...)
+ TODO: check
+CVE-2024-8324 (The XO Slider plugin for WordPress is vulnerable to Stored Cross-Site ...)
+ TODO: check
+CVE-2024-8288 (The Guten Post Layout \u2013 An Advanced Post Grid Collection for Word ...)
+ TODO: check
+CVE-2024-47608 (Logicytics is designed to harvest and collect data for forensic analys ...)
+ TODO: check
+CVE-2024-47604 (NuGet Gallery is a package repository that powers nuget.org. The NuGet ...)
+ TODO: check
+CVE-2024-47534 (go-tuf is a Go implementation of The Update Framework (TUF). The go-tu ...)
+ TODO: check
+CVE-2024-47071 (OSS Endpoint Manager is an endpoint manager module for FreePBX. OSS En ...)
+ TODO: check
+CVE-2024-46276 (cute_png v1.05 was discovered to contain a heap buffer overflow via th ...)
+ TODO: check
+CVE-2024-46274 (cute_png v1.05 was discovered to contain a heap buffer overflow via th ...)
+ TODO: check
+CVE-2024-46267 (cute_png v1.05 was discovered to contain a heap buffer overflow via th ...)
+ TODO: check
+CVE-2024-46264 (cute_png v1.05 was discovered to contain a heap buffer overflow via th ...)
+ TODO: check
+CVE-2024-46263 (cute_png v1.05 was discovered to contain a stack overflow via the cp_d ...)
+ TODO: check
+CVE-2024-46261 (cute_png v1.05 was discovered to contain a heap buffer overflow via th ...)
+ TODO: check
+CVE-2024-46259 (cute_png v1.05 was discovered to contain a heap buffer overflow via th ...)
+ TODO: check
+CVE-2024-46258 (cute_png v1.05 was discovered to contain a heap buffer overflow via th ...)
+ TODO: check
+CVE-2024-46083 (Scriptcase v9.10.023 and before is vulnerable to Cross Site Scripting ...)
+ TODO: check
+CVE-2024-46081 (Scriptcase v9.10.023 and before is vulnerable to Cross Site Scripting ...)
+ TODO: check
+CVE-2024-46079 (Scriptcase v9.10.023 and before is vulnerable to Cross Site Scripting ...)
+ TODO: check
+CVE-2024-45999 (A SQL Injection vulnerability was discovered in Cloudlog 2.6.15, speci ...)
+ TODO: check
+CVE-2024-45967 (Pagekit 1.0.18 is vulnerable to Cross Site Scripting (XSS) in index.ph ...)
+ TODO: check
+CVE-2024-45408 (eLabFTW is an open source electronic lab notebook for research labs. A ...)
+ TODO: check
+CVE-2024-44744 (An issue in Malwarebytes Premium Security v5.0.0.883 allows attackers ...)
+ TODO: check
+CVE-2024-44610 (PCAN-Ethernet Gateway FD before 1.3.0 and PCAN-Ethernet Gateway before ...)
+ TODO: check
+CVE-2024-42514 (A vulnerability in the legacy chat component of Mitel MiContact Center ...)
+ TODO: check
+CVE-2024-41673 (Decidim is a participatory democracy framework. The version control fe ...)
+ TODO: check
+CVE-2024-41276 (A vulnerability in Kaiten version 57.131.12 and earlier allows attacke ...)
+ TODO: check
+CVE-2024-31835 (Cross Site Scripting vulnerability in flatpress CMS Flatpress v1.3 all ...)
+ TODO: check
+CVE-2024-30132 (HCL Nomad server on Domino did not configure certain HTTP Security hea ...)
+ TODO: check
+CVE-2024-25661 (In Infinera TNMS (Transcend Network Management System) 19.10.3, cleart ...)
+ TODO: check
+CVE-2024-25660 (The WebDAV service in Infinera TNMS (Transcend Network Management Syst ...)
+ TODO: check
+CVE-2024-25659 (In Infinera TNMS (Transcend Network Management System) 19.10.3, an ins ...)
+ TODO: check
+CVE-2024-25658 (Cleartext storage of passwords in Infinera TNMS (Transcend Network Man ...)
+ TODO: check
+CVE-2024-25632 (eLabFTW is an open source electronic lab notebook for research labs. I ...)
+ TODO: check
+CVE-2023-7273 (Cross site request forgery in Kiteworks OwnCloud allows an unauthentic ...)
+ TODO: check
+CVE-2023-3441 (An issue has been discovered in GitLab EE/CE affecting all versions st ...)
+ TODO: check
+CVE-2024-9403 (Memory safety bugs present in Firefox 130. Some of these bugs showed e ...)
- firefox <unfixed>
NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2024-46/#CVE-2024-9403
-CVE-2024-9402
+CVE-2024-9402 (Memory safety bugs present in Firefox 130, Firefox ESR 128.2, and Thun ...)
- firefox <unfixed>
- thunderbird <unfixed>
NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2024-46/#CVE-2024-9402
NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2024-49/#CVE-2024-9402
-CVE-2024-9401
+CVE-2024-9401 (Memory safety bugs present in Firefox 130, Firefox ESR 115.15, Firefox ...)
- firefox <unfixed>
- firefox-esr <unfixed>
- thunderbird <unfixed>
NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2024-46/#CVE-2024-9401
NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2024-48/#CVE-2024-9401
NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2024-49/#CVE-2024-9401
-CVE-2024-9400
+CVE-2024-9400 (A potential memory corruption vulnerability could be triggered if an a ...)
- firefox <unfixed>
- thunderbird <unfixed>
NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2024-46/#CVE-2024-9400
NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2024-49/#CVE-2024-9400
-CVE-2024-9399
+CVE-2024-9399 (A website configured to initiate a specially crafted WebTransport sess ...)
- firefox <unfixed>
- thunderbird <unfixed>
NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2024-46/#CVE-2024-9399
NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2024-49/#CVE-2024-9399
-CVE-2024-9398
+CVE-2024-9398 (By checking the result of calls to `window.open` with specifically set ...)
- firefox <unfixed>
- thunderbird <unfixed>
NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2024-46/#CVE-2024-9398
NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2024-49/#CVE-2024-9398
-CVE-2024-9397
+CVE-2024-9397 (A missing delay in directory upload UI could have made it possible for ...)
- firefox <unfixed>
- thunderbird <unfixed>
NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2024-46/#CVE-2024-9397
NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2024-49/#CVE-2024-9397
-CVE-2024-9396
+CVE-2024-9396 (It is currently unknown if this issue is exploitable but a condition m ...)
- firefox <unfixed>
- thunderbird <unfixed>
NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2024-46/#CVE-2024-9396
NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2024-49/#CVE-2024-9396
-CVE-2024-9395
+CVE-2024-9395 (A specially crafted filename containing a large number of spaces could ...)
- firefox <not-affected> (Only affects Firefox on Android)
NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2024-46/#CVE-2024-9395
-CVE-2024-9394
+CVE-2024-9394 (An attacker could, via a specially crafted multipart response, execute ...)
- firefox <unfixed>
- firefox-esr <unfixed>
- thunderbird <unfixed>
NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2024-46/#CVE-2024-9394
NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2024-48/#CVE-2024-9394
NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2024-49/#CVE-2024-9394
-CVE-2024-9393
+CVE-2024-9393 (An attacker could, via a specially crafted multipart response, execute ...)
- firefox <unfixed>
- firefox-esr <unfixed>
- thunderbird <unfixed>
NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2024-46/#CVE-2024-9393
NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2024-48/#CVE-2024-9393
NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2024-49/#CVE-2024-9393
-CVE-2024-9392
+CVE-2024-9392 (A compromised content process could have allowed for the arbitrary loa ...)
- firefox <unfixed>
- firefox-esr <unfixed>
- thunderbird <unfixed>
NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2024-46/#CVE-2024-9392
NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2024-48/#CVE-2024-9392
NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2024-49/#CVE-2024-9392
-CVE-2024-9391
+CVE-2024-9391 (A user who enables full-screen mode on a specially crafted web page co ...)
- firefox <not-affected> (Only affects Firefox Focus for Android)
NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2024-46/#CVE-2024-9391
CVE-2024-9360 (A vulnerability was found in code-projects Restaurant Reservation Syst ...)
@@ -153,7 +255,7 @@ CVE-2024-21489 (Versions of the package uplot before 1.6.31 are vulnerable to Pr
NOT-FOR-US: Node uplot
CVE-2024-0116 (NVIDIA Triton Inference Server contains a vulnerability where a user m ...)
NOT-FOR-US: NVIDIA
-CVE-2024-9355
+CVE-2024-9355 (A vulnerability was found in Golang FIPS OpenSSL. This flaw allows a m ...)
NOT-FOR-US: golang-fips
CVE-2024-9158 (A stored cross site scripting vulnerability exists in Nessus Network M ...)
NOT-FOR-US: Nessus
@@ -246056,8 +246158,8 @@ CVE-2021-3667 (An improper locking issue was found in the virStoragePoolLookupBy
NOTE: Introduced in https://libvirt.org/git/?p=libvirt.git;a=commit;h=7aa0e8c0cb8a6293d0c6f7e3d29c13b96dec2129
CVE-2021-37578 (Apache jUDDI uses several classes related to Java's Remote Method Invo ...)
NOT-FOR-US: Apache jUDDI
-CVE-2021-37577
- RESERVED
+CVE-2021-37577 (Bluetooth LE and BR/EDR Secure Connections pairing and Secure Simple P ...)
+ TODO: check
CVE-2021-37575
RESERVED
CVE-2021-37574
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/d1997790739e74d59d45783700579166760ce741
--
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/d1997790739e74d59d45783700579166760ce741
You're receiving this email because of your account on salsa.debian.org.
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://alioth-lists.debian.net/pipermail/debian-security-tracker-commits/attachments/20241001/672672c6/attachment-0001.htm>
More information about the debian-security-tracker-commits
mailing list