[Git][security-tracker-team/security-tracker][master] automatic update
Salvatore Bonaccorso (@carnil)
carnil at debian.org
Tue Oct 15 15:06:07 BST 2024
Salvatore Bonaccorso pushed to branch master at Debian Security Tracker / security-tracker
Commits:
4b17a39d by security tracker role at 2024-10-15T08:12:37+00:00
automatic update
- - - - -
1 changed file:
- data/CVE/list
Changes:
=====================================
data/CVE/list
=====================================
@@ -1,3 +1,65 @@
+CVE-2024-9982 (AIM LINE Marketing Platform from Esi Technology does not properly vali ...)
+ TODO: check
+CVE-2024-9981 (The ee-class from FormosaSoft does not properly validate a specific pa ...)
+ TODO: check
+CVE-2024-9980 (The ee-class from FormosaSoft does not properly validate a specific pa ...)
+ TODO: check
+CVE-2024-9972 (Property Management System from ChanGate has a SQL Injection vulnerabi ...)
+ TODO: check
+CVE-2024-9971 (The specific query functionality in the FlowMaster BPM Plus from NewTy ...)
+ TODO: check
+CVE-2024-9970 (The FlowMaster BPM Plus system from NewType has a privilege escalation ...)
+ TODO: check
+CVE-2024-9969 (NewType WebEIP v3.0 does not properly validate user input, allowing a ...)
+ TODO: check
+CVE-2024-9968 (WebEIP v3.0 from NewTypedoes not properly validate user input, allow ...)
+ TODO: check
+CVE-2024-9953 (A Potential DOS Vulnerability exists in CERT VINCE software prior to v ...)
+ TODO: check
+CVE-2024-9952 (A vulnerability was found in SourceCodester Online Eyewear Shop 1.0 an ...)
+ TODO: check
+CVE-2024-9944 (The WooCommerce plugin for WordPress is vulnerable to HTML Injection i ...)
+ TODO: check
+CVE-2024-9837 (The The AADMY \u2013 Add Auto Date Month Year Into Posts plugin for Wo ...)
+ TODO: check
+CVE-2024-9820 (The WP 2FA with Telegram plugin for WordPress is vulnerable to Two-Fac ...)
+ TODO: check
+CVE-2024-9687 (The WP 2FA with Telegram plugin for WordPress is vulnerable to Authent ...)
+ TODO: check
+CVE-2024-9548 (The SlimStat Analytics plugin for WordPress is vulnerable to Stored Cr ...)
+ TODO: check
+CVE-2024-9546 (The WPIDE \u2013 File Manager & Code Editor plugin for WordPress is vu ...)
+ TODO: check
+CVE-2024-6757 (The Elementor Website Builder \u2013 More than Just a Page Builder plu ...)
+ TODO: check
+CVE-2024-6207 (CVE 2021-22681 https://www.rockwellautomation.com/en-us/trust-center/s ...)
+ TODO: check
+CVE-2024-48911 (OpenCanary, a multi-protocol network honeypot, directly executed comma ...)
+ TODO: check
+CVE-2024-48909 (SpiceDB is an open source database for scalably storing and querying f ...)
+ TODO: check
+CVE-2024-48824 (An issue in Automatic Systems Maintenance SlimLane 29565_d74ecce0c1081 ...)
+ TODO: check
+CVE-2024-48823 (Local file inclusion in Automatic Systems Maintenance SlimLane 29565_d ...)
+ TODO: check
+CVE-2024-48822 (Privilege escalation in Automatic Systems Maintenance SlimLane 29565_d ...)
+ TODO: check
+CVE-2024-48821 (Cross Site Scripting vulnerability in Automatic Systems Maintenance Sl ...)
+ TODO: check
+CVE-2024-46898 (SHIRASAGI prior to v1.19.1 processes URLs in HTTP requests improperly, ...)
+ TODO: check
+CVE-2024-35520 (Netgear R7000 1.0.11.136 is vulnerable to Command Injection in RMT_inv ...)
+ TODO: check
+CVE-2024-35519 (Netgear EX6120 v1.0.0.68, Netgear EX6100 v1.0.2.28, and Netgear EX3700 ...)
+ TODO: check
+CVE-2024-35518 (Netgear EX6120 v1.0.0.68 is vulnerable to Command Injection in genie_f ...)
+ TODO: check
+CVE-2024-30117 (A dynamic search for a prerequisite library could allow the possibilit ...)
+ TODO: check
+CVE-2024-21535 (Versions of the package markdown-to-jsx before 7.4.0 are vulnerable to ...)
+ TODO: check
+CVE-2024-0129 (NVIDIA NeMo contains a vulnerability in SaveRestoreConnector where a u ...)
+ TODO: check
CVE-2024-9936 (When manipulating the selection node cache, an attacker may have been ...)
- firefox 131.0.3-1
NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2024-53/#CVE-2024-9936
@@ -5583,6 +5645,7 @@ CVE-2024-44189 (The issue was addressed with improved checks. This issue is fixe
CVE-2024-44188 (A permissions issue was addressed with additional restrictions. This i ...)
NOT-FOR-US: Apple
CVE-2024-44187 (A cross-origin issue existed with "iframe" elements. This was addresse ...)
+ {DSA-5792-1}
- webkit2gtk 2.46.0-1
[buster] - webkit2gtk <end-of-life> (EOL in buster LTS)
- wpewebkit 2.46.1-1
@@ -5674,6 +5737,7 @@ CVE-2024-44125 (The issue was addressed with improved checks. This issue is fixe
CVE-2024-44124 (This issue was addressed through improved state management. This issue ...)
NOT-FOR-US: Apple
CVE-2024-40866 (The issue was addressed with improved UI. This issue is fixed in Safar ...)
+ {DSA-5792-1}
- webkit2gtk 2.46.0-1
[buster] - webkit2gtk <end-of-life> (EOL in buster LTS)
- wpewebkit 2.46.1-1
@@ -30142,14 +30206,14 @@ CVE-2024-30465 (Missing Authorization vulnerability in Pagelayer Team PageLayer.
CVE-2024-30464 (Missing Authorization vulnerability in WPZOOM Social Icons Widget & Bl ...)
NOT-FOR-US: WordPress plugin
CVE-2024-8925 (In PHP versions8.1.* before 8.1.30, 8.2.* before 8.2.24, 8.3.* before ...)
- {DSA-5780-1}
+ {DSA-5780-1 DLA-3920-1}
- php8.2 8.2.24-1
- php7.4 <removed>
NOTE: Fixed in 8.3.12, 8.2.24
NOTE: https://github.com/php/php-src/security/advisories/GHSA-9pqp-7h25-4f32
NOTE: https://github.com/php/php-src/commit/19b49258d0c5a61398d395d8afde1123e8d161e0 (PHP-8.2.24)
CVE-2024-9026 (In PHP versions 8.1.* before 8.1.30, 8.2.* before 8.2.24, 8.3.* before ...)
- {DSA-5780-1}
+ {DSA-5780-1 DLA-3920-1}
- php8.2 8.2.24-1
- php7.4 <removed>
NOTE: Fixed in 8.3.12, 8.2.24
@@ -30157,7 +30221,7 @@ CVE-2024-9026 (In PHP versions 8.1.* before 8.1.30, 8.2.* before 8.2.24, 8.3.* b
NOTE: https://github.com/php/php-src/commit/1f8e16172c7961045c2b0f34ba7613e3f21cdee8 (PHP-8.2.24)
NOTE: Introduced by: https://github.com/php/php-src/commit/0bc6a66a7a0624e63edcd2499f91b227cdb77f47 (php-7.4.4RC1)
CVE-2024-8927 (In PHP versions 8.1.* before 8.1.30, 8.2.* before 8.2.24, 8.3.* before ...)
- {DSA-5780-1}
+ {DSA-5780-1 DLA-3920-1}
- php8.2 8.2.24-1
- php7.4 <removed>
NOTE: Fixed in 8.3.12, 8.2.24
@@ -50910,7 +50974,7 @@ CVE-2024-5585 (In PHP versions8.1.* before 8.1.29, 8.2.* before 8.2.20, 8.3.* be
NOTE: https://github.com/php/php-src/security/advisories/GHSA-9fcc-425m-g385
NOTE: https://github.com/php/php-src/commit/4b15f5d4ec750b31ec8911f5eb0915a45f96feca
CVE-2024-5458 (In PHP versions8.1.* before 8.1.29, 8.2.* before 8.2.20, 8.3.* before ...)
- {DSA-5717-1 DLA-3833-1}
+ {DSA-5717-1 DLA-3920-1 DLA-3833-1}
- php8.2 8.2.20-2 (bug #1072885)
- php7.4 <removed>
- php7.3 <removed>
@@ -67994,7 +68058,8 @@ CVE-2023-39249 (Dell SupportAssist for Business PCs version 3.4.0 contains a loc
NOT-FOR-US: Dell
CVE-2023-38960 (Insecure Permissions issue in Raiden Professional Server RaidenFTPD v. ...)
NOT-FOR-US: RaidenFTPD
-CVE-2024-1342 (A flaw was found in OpenShift. The existing Cross-Site Request Forgery ...)
+CVE-2024-1342
+ REJECTED
NOT-FOR-US: Red Hat OpenShift
CVE-2024-25122 (sidekiq-unique-jobs is an open source project which prevents simultane ...)
NOT-FOR-US: sidekiq-unique-jobs
@@ -132171,6 +132236,7 @@ CVE-2023-0589 (The WP Image Carousel WordPress plugin through 1.0.2 does not san
CVE-2023-0588 (The Catalyst Connect Zoho CRM Client Portal WordPress plugin before 2. ...)
NOT-FOR-US: WordPress plugin
CVE-2022-4900 (A vulnerability was found in PHP where setting the environment variabl ...)
+ {DLA-3920-1}
- php8.2 <not-affected> (Fixed before initial upload)
- php7.4 <removed>
- php7.3 <not-affected> (Vulnerable code not present)
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/4b17a39d5651f62b66dd0a4a041fbab5ed2c814c
--
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/4b17a39d5651f62b66dd0a4a041fbab5ed2c814c
You're receiving this email because of your account on salsa.debian.org.
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://alioth-lists.debian.net/pipermail/debian-security-tracker-commits/attachments/20241015/5c828df2/attachment.htm>
More information about the debian-security-tracker-commits
mailing list