[Git][security-tracker-team/security-tracker][master] automatic update

Salvatore Bonaccorso (@carnil) carnil at debian.org
Sat Oct 12 21:12:23 BST 2024 


Salvatore Bonaccorso pushed to branch master at Debian Security Tracker / security-tracker


Commits:
b9a6c33e by security tracker role at 2024-10-12T20:12:17+00:00
automatic update

- - - - -


1 changed file:

- data/CVE/list


Changes:

=====================================
data/CVE/list
=====================================
@@ -1,3 +1,19 @@
+CVE-2024-9894 (A vulnerability, which was classified as critical, was found in code-p ...)
+	TODO: check
+CVE-2024-9696 (The Rescue Shortcodes plugin for WordPress is vulnerable to Stored Cro ...)
+	TODO: check
+CVE-2024-9595 (The TablePress \u2013 Tables in WordPress made easy plugin for WordPre ...)
+	TODO: check
+CVE-2024-8915 (The Category Icon plugin for WordPress is vulnerable to Stored Cross-S ...)
+	TODO: check
+CVE-2024-8902 (The Elementor Addon Elements plugin for WordPress is vulnerable to Sen ...)
+	TODO: check
+CVE-2024-8760 (The Stackable \u2013 Page Builder Gutenberg Blocks plugin for WordPres ...)
+	TODO: check
+CVE-2024-8757 (The WP Post Author \u2013 Boost Your Blog's Engagement with Autho ...)
+	TODO: check
+CVE-2024-49193 (Zendesk before 2024-07-02 allows remote attackers to read ticket histo ...)
+	TODO: check
 CVE-2024-6519 [qemu: SCSI: lsi53c895a: use-after-free local privilege escalation vulnerability]
 	- qemu <unfixed>
 	NOTE: https://bugzilla.redhat.com/show_bug.cgi?id=2292089
@@ -654,7 +670,7 @@ CVE-2024-48933 (A cross-site scripting (XSS) vulnerability in LemonLDAP::NG befo
 	- lemonldap-ng <unfixed> (bug #1084979)
 	NOTE: https://gitlab.ow2.org/lemonldap-ng/lemonldap-ng/-/issues/3232
 CVE-2024-9680 (An attacker was able to achieve code execution in the content process  ...)
-	{DSA-5788-1 DLA-3914-1}
+	{DSA-5789-1 DSA-5788-1 DLA-3916-1 DLA-3914-1}
 	- firefox 131.0.2-1
 	- firefox-esr 128.3.1esr-1
 	- thunderbird <unfixed>
@@ -2568,7 +2584,7 @@ CVE-2024-9402 (Memory safety bugs present in Firefox 130, Firefox ESR 128.2, and
 	NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2024-46/#CVE-2024-9402
 	NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2024-49/#CVE-2024-9402
 CVE-2024-9401 (Memory safety bugs present in Firefox 130, Firefox ESR 115.15, Firefox ...)
-	{DSA-5783-1 DLA-3913-1}
+	{DSA-5789-1 DSA-5783-1 DLA-3916-1 DLA-3913-1}
 	- firefox 131.0-1
 	- firefox-esr 128.3.0esr-1
 	- thunderbird 1:128.3.0esr-1
@@ -2614,7 +2630,7 @@ CVE-2024-9395 (A specially crafted filename containing a large number of spaces
 	- firefox <not-affected> (Only affects Firefox on Android)
 	NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2024-46/#CVE-2024-9395
 CVE-2024-9394 (An attacker could, via a specially crafted multipart response, execute ...)
-	{DSA-5783-1 DLA-3913-1}
+	{DSA-5789-1 DSA-5783-1 DLA-3916-1 DLA-3913-1}
 	- firefox 131.0-1
 	- firefox-esr 128.3.0esr-1
 	- thunderbird 1:128.3.0esr-1
@@ -2622,7 +2638,7 @@ CVE-2024-9394 (An attacker could, via a specially crafted multipart response, ex
 	NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2024-48/#CVE-2024-9394
 	NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2024-49/#CVE-2024-9394
 CVE-2024-9393 (An attacker could, via a specially crafted multipart response, execute ...)
-	{DSA-5783-1 DLA-3913-1}
+	{DSA-5789-1 DSA-5783-1 DLA-3916-1 DLA-3913-1}
 	- firefox 131.0-1
 	- firefox-esr 128.3.0esr-1
 	- thunderbird 1:128.3.0esr-1
@@ -2630,7 +2646,7 @@ CVE-2024-9393 (An attacker could, via a specially crafted multipart response, ex
 	NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2024-48/#CVE-2024-9393
 	NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2024-49/#CVE-2024-9393
 CVE-2024-9392 (A compromised content process could have allowed for the arbitrary loa ...)
-	{DSA-5783-1 DLA-3913-1}
+	{DSA-5789-1 DSA-5783-1 DLA-3916-1 DLA-3913-1}
 	- firefox 131.0-1
 	- firefox-esr 128.3.0esr-1
 	- thunderbird 1:128.3.0esr-1
@@ -5258,7 +5274,7 @@ CVE-2024-8660 (Concrete CMS versions 9.0.0 through 9.3.3 are affected by a store
 CVE-2024-7873 (Improper Neutralization of Input During Web Page Generation (XSS or 'C ...)
 	NOT-FOR-US: Veribase Order
 CVE-2024-7788 (Improper Digital Signature Invalidation vulnerability in Zip Repair Mo ...)
-	{DSA-5772-1}
+	{DSA-5772-1 DLA-3915-1}
 	- libreoffice 4:24.2.5-1
 	NOTE: https://www.libreoffice.org/about-us/security/advisories/CVE-2024-7788
 	NOTE: https://gerrit.libreoffice.org/c/core/+/169952



View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/b9a6c33ef94da8dafa60de7b80bccc402ea27f3f

-- 
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/b9a6c33ef94da8dafa60de7b80bccc402ea27f3f
You're receiving this email because of your account on salsa.debian.org.


-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://alioth-lists.debian.net/pipermail/debian-security-tracker-commits/attachments/20241012/710c726b/attachment.htm>

More information about the debian-security-tracker-commits mailing list