[Git][security-tracker-team/security-tracker][master] automatic update
Salvatore Bonaccorso (@carnil)
carnil at debian.org
Tue Oct 8 09:11:51 BST 2024
Salvatore Bonaccorso pushed to branch master at Debian Security Tracker / security-tracker
Commits:
498c3411 by security tracker role at 2024-10-08T08:11:45+00:00
automatic update
- - - - -
1 changed file:
- data/CVE/list
Changes:
=====================================
data/CVE/list
=====================================
@@ -1,3 +1,111 @@
+CVE-2024-9292 (The Bridge Core plugin for WordPress is vulnerable to Stored Cross-Sit ...)
+ TODO: check
+CVE-2024-9021 (In the process of testing the Relevanssi WordPress plugin before 4.23 ...)
+ TODO: check
+CVE-2024-8983 (Custom Twitter Feeds WordPress plugin before 2.2.3 is not filtering s ...)
+ TODO: check
+CVE-2024-8964 (The Image Optimizer, Resizer and CDN \u2013 Sirv plugin for WordPress ...)
+ TODO: check
+CVE-2024-7206 (SSL Pinning BypassineWeLink Some hardware productsallows local ATTACKE ...)
+ TODO: check
+CVE-2024-47974 (Race condition during resource shutdown in some Solidigm DC Products m ...)
+ TODO: check
+CVE-2024-47973 (In some Solidigm DC Products, a defect in device overprovisioning may ...)
+ TODO: check
+CVE-2024-47969 (Improper resource management in firmware of some Solidigm DC Products ...)
+ TODO: check
+CVE-2024-47968 (Improper resource shutdown in middle of certain operations on some Sol ...)
+ TODO: check
+CVE-2024-47967 (Improper resource initialization handling in firmware of some Solidigm ...)
+ TODO: check
+CVE-2024-47818 (Saltcorn is an extensible, open source, no-code database application b ...)
+ TODO: check
+CVE-2024-47817 (Lara-zeus Dynamic Dashboard simple way to manage widgets for your webs ...)
+ TODO: check
+CVE-2024-47814 (Vim is an open source, command line text editor. A use-after-free was ...)
+ TODO: check
+CVE-2024-47782 (WikiDiscover is an extension designed for use with a CreateWiki manage ...)
+ TODO: check
+CVE-2024-47781 (CreateWiki is an extension used at Miraheze for requesting & creating ...)
+ TODO: check
+CVE-2024-47772 (Discourse is an open source platform for community discussion. An atta ...)
+ TODO: check
+CVE-2024-47610 (InvenTree is an Open Source Inventory Management System. In affected v ...)
+ TODO: check
+CVE-2024-47594 (SAP NetWeaver Enterprise Portal (KMC) does not sufficiently encode use ...)
+ TODO: check
+CVE-2024-47095 (Cross Site Scripting vulnerability in Follet School Solutions Destiny ...)
+ TODO: check
+CVE-2024-45919 (A security flaw has been discovered in Solvait version 24.4.2 that all ...)
+ TODO: check
+CVE-2024-45874 (A DLL hijacking vulnerability in VegaBird Vooki 5.2.9 allows attackers ...)
+ TODO: check
+CVE-2024-45873 (A DLL hijacking vulnerability in VegaBird Yaazhini 2.0.2 allows attack ...)
+ TODO: check
+CVE-2024-45382 (in OpenHarmony v4.1.0 and prior versions allow a local attacker cause ...)
+ TODO: check
+CVE-2024-45297 (Discourse is an open source platform for community discussion. Users c ...)
+ TODO: check
+CVE-2024-45291 (PHPSpreadsheet is a pure PHP library for reading and writing spreadshe ...)
+ TODO: check
+CVE-2024-45290 (PHPSpreadsheet is a pure PHP library for reading and writing spreadshe ...)
+ TODO: check
+CVE-2024-45282 (Fields which are in 'read only' state in Bank Statement Draft in Manag ...)
+ TODO: check
+CVE-2024-45278 (SAP Commerce Backoffice does not sufficiently encode user controlled i ...)
+ TODO: check
+CVE-2024-45277 (The SAP HANA Node.js client package versions from 2.0.0 before 2.21.31 ...)
+ TODO: check
+CVE-2024-45060 (PHPSpreadsheet is a pure PHP library for reading and writing spreadshe ...)
+ TODO: check
+CVE-2024-45051 (Discourse is an open source platform for community discussion. A malic ...)
+ TODO: check
+CVE-2024-43789 (Discourse is an open source platform for community discussion. A user ...)
+ TODO: check
+CVE-2024-43697 (in OpenHarmony v4.1.0 and prior versions allow a local attacker cause ...)
+ TODO: check
+CVE-2024-43696 (in OpenHarmony v4.1.0 and prior versions allow a local attacker cause ...)
+ TODO: check
+CVE-2024-43365 (Cacti is an open source performance and fault management framework. Th ...)
+ TODO: check
+CVE-2024-43364 (Cacti is an open source performance and fault management framework. Th ...)
+ TODO: check
+CVE-2024-43363 (Cacti is an open source performance and fault management framework. An ...)
+ TODO: check
+CVE-2024-43362 (Cacti is an open source performance and fault management framework. Th ...)
+ TODO: check
+CVE-2024-39831 (in OpenHarmony v4.1.0 allow a local attacker with high privileges arbi ...)
+ TODO: check
+CVE-2024-39806 (in OpenHarmony v4.1.0 and prior versions allow a local attacker cause ...)
+ TODO: check
+CVE-2024-37179 (SAP BusinessObjects Business Intelligence Platform allows an authentic ...)
+ TODO: check
+CVE-2024-34672 (Improper input validation in SamsungVideoPlayer prior to versions 7.3. ...)
+ TODO: check
+CVE-2024-34671 (Use of implicit intent for sensitive communication in translation\ud63 ...)
+ TODO: check
+CVE-2024-34670 (Use of implicit intent for sensitive communication in Sound Assistant ...)
+ TODO: check
+CVE-2024-34669 (Out-of-bounds write in parsing h.263+ format in librtppayload.so prior ...)
+ TODO: check
+CVE-2024-34668 (Out-of-bounds write in parsing h.263 format in librtppayload.so prior ...)
+ TODO: check
+CVE-2024-34667 (Out-of-bounds write in parsing h.265 format in librtppayload.so prior ...)
+ TODO: check
+CVE-2024-34666 (Out-of-bounds write in parsing h.264 format in a specific mode in libr ...)
+ TODO: check
+CVE-2024-34665 (Out-of-bounds write in parsing h.264 format in librtppayload.so prior ...)
+ TODO: check
+CVE-2024-34664 (Improper check for exception conditions in Knox Guard prior to SMR Oct ...)
+ TODO: check
+CVE-2024-34663 (Integer overflow in libSEF.quram.so prior to SMR Oct-2024 Release 1 al ...)
+ TODO: check
+CVE-2024-34662 (Improper access control in ActivityManager prior to SMR Oct-2024 Relea ...)
+ TODO: check
+CVE-2024-21533 (All versions of the package ggit are vulnerable to Arbitrary Argument ...)
+ TODO: check
+CVE-2024-21532 (All versions of the package ggit are vulnerable to Command Injection v ...)
+ TODO: check
CVE-2024-9576 (Vulnerability in Distro Linux Workbooth v2.5 that allows to escalate p ...)
TODO: check
CVE-2024-9574 (SQL injection vulnerability in SOPlanning <1.45, via /soplanning/www/u ...)
@@ -28552,28 +28660,28 @@ CVE-2024-30465 (Missing Authorization vulnerability in Pagelayer Team PageLayer.
NOT-FOR-US: WordPress plugin
CVE-2024-30464 (Missing Authorization vulnerability in WPZOOM Social Icons Widget & Bl ...)
NOT-FOR-US: WordPress plugin
-CVE-2024-8925 [Erroneous parsing of multipart form data]
+CVE-2024-8925 (In PHP versions8.1.* before 8.1.30, 8.2.* before 8.2.24, 8.3.* before ...)
{DSA-5780-1}
- php8.2 8.2.24-1
- php7.4 <removed>
NOTE: Fixed in 8.3.12, 8.2.24
NOTE: https://github.com/php/php-src/security/advisories/GHSA-9pqp-7h25-4f32
NOTE: https://github.com/php/php-src/commit/19b49258d0c5a61398d395d8afde1123e8d161e0 (PHP-8.2.24)
-CVE-2024-9026 [Logs from childrens may be altered]
+CVE-2024-9026 (In PHP versions 8.1.* before 8.1.30, 8.2.* before 8.2.24, 8.3.* before ...)
- php8.2 8.2.24-1
- php7.4 <removed>
NOTE: Fixed in 8.3.12, 8.2.24
NOTE: https://github.com/php/php-src/security/advisories/GHSA-865w-9rf3-2wh5
NOTE: https://github.com/php/php-src/commit/1f8e16172c7961045c2b0f34ba7613e3f21cdee8 (PHP-8.2.24)
NOTE: Introduced by: https://github.com/php/php-src/commit/0bc6a66a7a0624e63edcd2499f91b227cdb77f47 (php-7.4.4RC1)
-CVE-2024-8927 [cgi.force_redirect configuration is byppassible due to the environment variable collision]
+CVE-2024-8927 (In PHP versions 8.1.* before 8.1.30, 8.2.* before 8.2.24, 8.3.* before ...)
{DSA-5780-1}
- php8.2 8.2.24-1
- php7.4 <removed>
NOTE: Fixed in 8.3.12, 8.2.24
NOTE: https://github.com/php/php-src/security/advisories/GHSA-94p6-54jq-9mwp
NOTE: https://github.com/php/php-src/commit/48808d98f4fc2a05193cdcc1aedd6c66816450f1 (PHP-8.2.24)
-CVE-2024-8926 [Bypass of CVE-2024-4577, Parameter Injection Vulnerability]
+CVE-2024-8926 (In PHP versions 8.1.* before 8.1.30, 8.2.* before 8.2.24, 8.3.* before ...)
{DSA-5780-1}
- php8.2 <not-affected> (Windows-specific)
- php7.4 <not-affected> (Windows-specific)
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/498c3411d573895b743ce2ceeb5aaf12c8c0cd8e
--
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/498c3411d573895b743ce2ceeb5aaf12c8c0cd8e
You're receiving this email because of your account on salsa.debian.org.
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://alioth-lists.debian.net/pipermail/debian-security-tracker-commits/attachments/20241008/69d29de6/attachment-0001.htm>
More information about the debian-security-tracker-commits
mailing list