[Git][security-tracker-team/security-tracker][master] automatic update

Salvatore Bonaccorso (@carnil) carnil at debian.org
Thu Oct 10 09:19:24 BST 2024 


Salvatore Bonaccorso pushed to branch master at Debian Security Tracker / security-tracker


Commits:
4e84f76e by security tracker role at 2024-10-10T08:12:08+00:00
automatic update

- - - - -


1 changed file:

- data/CVE/list


Changes:

=====================================
data/CVE/list
=====================================
@@ -1,3 +1,77 @@
+CVE-2024-9802 (The conformance validation endpoint is public so everybody can verify  ...)
+	TODO: check
+CVE-2024-9798 (The health endpoint is public so everybody can see a list of all servi ...)
+	TODO: check
+CVE-2024-9796 (The WP-Advanced-Search WordPress plugin before 3.3.9.2 does not saniti ...)
+	TODO: check
+CVE-2024-9781 (AppleTalk and RELOAD Framing dissector crash in Wireshark 4.4.0 and 4. ...)
+	TODO: check
+CVE-2024-9780 (ITS dissector crash in Wireshark 4.4.0 allows denial of service via pa ...)
+	TODO: check
+CVE-2024-9685 (The Notification for Telegram plugin for WordPress is vulnerable to un ...)
+	TODO: check
+CVE-2024-9581 (The Shortcodes AnyWhere plugin for WordPress is vulnerable to arbitrar ...)
+	TODO: check
+CVE-2024-9522 (The WP Users Masquerade plugin for WordPress is vulnerable to authenti ...)
+	TODO: check
+CVE-2024-9520 (The UserPlus plugin for WordPress is vulnerable to unauthorized access ...)
+	TODO: check
+CVE-2024-9519 (The UserPlus plugin for WordPress is vulnerable to unauthorized modifi ...)
+	TODO: check
+CVE-2024-9518 (The UserPlus plugin for WordPress is vulnerable to privilege escalatio ...)
+	TODO: check
+CVE-2024-9457 (The WP Builder plugin for WordPress is vulnerable to Stored Cross-Site ...)
+	TODO: check
+CVE-2024-9377 (The Products, Order & Customers Export for WooCommerce plugin for Word ...)
+	TODO: check
+CVE-2024-9205 (The Maximum Products per User for WooCommerce plugin for WordPress is  ...)
+	TODO: check
+CVE-2024-9156 (The TI WooCommerce Wishlist WordPress plugin through 2.8.2 is vulnerab ...)
+	TODO: check
+CVE-2024-9074 (The Advanced Blocks Pro plugin for WordPress is vulnerable to Stored C ...)
+	TODO: check
+CVE-2024-9072 (The GDPR-Extensions-com \u2013 Consent Manager plugin for WordPress is ...)
+	TODO: check
+CVE-2024-9067 (The Youzify \u2013 BuddyPress Community, User Profile, Social Network  ...)
+	TODO: check
+CVE-2024-9066 (The Marketing and SEO Booster plugin for WordPress is vulnerable to St ...)
+	TODO: check
+CVE-2024-9065 (The WP Helper Premium plugin for WordPress is vulnerable to unauthoriz ...)
+	TODO: check
+CVE-2024-9064 (The Elementor Inline SVG plugin for WordPress is vulnerable to Stored  ...)
+	TODO: check
+CVE-2024-9057 (The Curator.io: Show all your social media posts in a beautiful feed.  ...)
+	TODO: check
+CVE-2024-9022 (The TS Poll \u2013 Survey, Versus Poll, Image Poll, Video Poll plugin  ...)
+	TODO: check
+CVE-2024-8987 (The Youzify \u2013 BuddyPress Community, User Profile, Social Network  ...)
+	TODO: check
+CVE-2024-8729 (The Easy Social Share Buttons plugin for WordPress is vulnerable to Re ...)
+	TODO: check
+CVE-2024-8513 (The QA Analytics \u2013 Web Analytics Tool with Heatmaps & Session Rep ...)
+	TODO: check
+CVE-2024-8477 (The Newsletter, SMTP, Email marketing and Subscribe forms by Brevo (fo ...)
+	TODO: check
+CVE-2024-8264 (Fortra's Robot Schedule Enterprise Agent prior to version 3.05 writes  ...)
+	TODO: check
+CVE-2024-7049 (In version v0.3.8 of open-webui/open-webui, a vulnerability exists whe ...)
+	TODO: check
+CVE-2024-7048 (In version v0.3.8 of open-webui, an improper privilege management vuln ...)
+	TODO: check
+CVE-2024-6747 (Information leakage in mknotifyd in Checkmk before 2.3.0p18, 2.2.0p36, ...)
+	TODO: check
+CVE-2024-48958 (execute_filter_delta in archive_read_support_format_rar.c in libarchiv ...)
+	TODO: check
+CVE-2024-48957 (execute_filter_audio in archive_read_support_format_rar.c in libarchiv ...)
+	TODO: check
+CVE-2024-48949 (The verify function in lib/elliptic/eddsa/index.js in the Elliptic pac ...)
+	TODO: check
+CVE-2024-48942 (The Syracom Secure Login (2FA) plugin for Jira, Confluence, and Bitbuc ...)
+	TODO: check
+CVE-2024-48941 (The Syracom Secure Login (2FA) plugin for Jira, Confluence, and Bitbuc ...)
+	TODO: check
+CVE-2024-48933 (A cross-site scripting (XSS) vulnerability in LemonLDAP::NG before 2.1 ...)
+	TODO: check
 CVE-2024-9680 (An attacker was able to achieve code execution in the content process  ...)
 	- firefox 131.0.2-1
 	- firefox-esr 128.3.1esr-1
@@ -550,7 +624,7 @@ CVE-2024-39436 (In linkturbonative service, there is a possible command injectio
 	TODO: check
 CVE-2024-38818 (VMware NSX contains a local privilege escalation vulnerability.  An au ...)
 	TODO: check
-CVE-2024-38817 (Mware NSX contains a command injection vulnerability.  A malicious act ...)
+CVE-2024-38817 (VMware NSX contains a command injection vulnerability.  A malicious ac ...)
 	TODO: check
 CVE-2024-38815 (VMware NSX contains a content spoofing vulnerability.  An unauthentica ...)
 	TODO: check



View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/4e84f76ecdccf2c2257add104509e556a27a9c8d

-- 
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/4e84f76ecdccf2c2257add104509e556a27a9c8d
You're receiving this email because of your account on salsa.debian.org.


-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://alioth-lists.debian.net/pipermail/debian-security-tracker-commits/attachments/20241010/12676a5b/attachment.htm>

More information about the debian-security-tracker-commits mailing list