[Git][security-tracker-team/security-tracker][master] automatic update
Salvatore Bonaccorso (@carnil)
carnil at debian.org
Wed Oct 16 18:44:11 BST 2024
Salvatore Bonaccorso pushed to branch master at Debian Security Tracker / security-tracker
Commits:
9423eea9 by security tracker role at 2024-10-16T08:12:53+00:00
automatic update
- - - - -
1 changed file:
- data/CVE/list
Changes:
=====================================
data/CVE/list
=====================================
@@ -1,10 +1,228 @@
-CVE-2024-45693
+CVE-2024-9966 (Inappropriate implementation in Navigations in Google Chrome prior to ...)
+ TODO: check
+CVE-2024-9965 (Insufficient data validation in DevTools in Google Chrome on Windows p ...)
+ TODO: check
+CVE-2024-9964 (Inappropriate implementation in Payments in Google Chrome prior to 130 ...)
+ TODO: check
+CVE-2024-9963 (Insufficient data validation in Downloads in Google Chrome prior to 13 ...)
+ TODO: check
+CVE-2024-9962 (Inappropriate implementation in Permissions in Google Chrome prior to ...)
+ TODO: check
+CVE-2024-9961 (Use after free in ParcelTracking in Google Chrome on iOS prior to 130. ...)
+ TODO: check
+CVE-2024-9960 (Use after free in Dawn in Google Chrome prior to 130.0.6723.58 allowed ...)
+ TODO: check
+CVE-2024-9959 (Use after free in DevTools in Google Chrome prior to 130.0.6723.58 all ...)
+ TODO: check
+CVE-2024-9958 (Inappropriate implementation in PictureInPicture in Google Chrome prio ...)
+ TODO: check
+CVE-2024-9957 (Use after free in UI in Google Chrome on iOS prior to 130.0.6723.58 al ...)
+ TODO: check
+CVE-2024-9956 (Inappropriate implementation in WebAuthentication in Google Chrome on ...)
+ TODO: check
+CVE-2024-9955 (Use after free in WebAuthentication in Google Chrome prior to 130.0.67 ...)
+ TODO: check
+CVE-2024-9954 (Use after free in AI in Google Chrome prior to 130.0.6723.58 allowed a ...)
+ TODO: check
+CVE-2024-9937 (The Woo Manage Fraud Orders plugin for WordPress is vulnerable to Refl ...)
+ TODO: check
+CVE-2024-9891 (The Multiline files upload for contact form 7 plugin for WordPress is ...)
+ TODO: check
+CVE-2024-9888 (The ElementInvader Addons for Elementor plugin for WordPress is vulner ...)
+ TODO: check
+CVE-2024-9873 (The Community by PeepSo \u2013 Social Network, Membership, Registratio ...)
+ TODO: check
+CVE-2024-9652 (The Locatoraid Store Locator plugin for WordPress is vulnerable to Ref ...)
+ TODO: check
+CVE-2024-9649 (The WP ULike \u2013 The Ultimate Engagement Toolkit for Websites plugi ...)
+ TODO: check
+CVE-2024-9647 (The Kama SpamBlock plugin for WordPress is vulnerable to Reflected Cro ...)
+ TODO: check
+CVE-2024-9634 (The GiveWP \u2013 Donation Plugin and Fundraising Platform plugin for ...)
+ TODO: check
+CVE-2024-9594 (A security issue was discovered in the Kubernetes Image Builder versio ...)
+ TODO: check
+CVE-2024-9582 (The Accordion Slider plugin for WordPress is vulnerable to Stored Cros ...)
+ TODO: check
+CVE-2024-9540 (The Sina Extension for Elementor plugin for WordPress is vulnerable to ...)
+ TODO: check
+CVE-2024-9521 (The SEO Manager plugin for WordPress is vulnerable to Stored Cross-Sit ...)
+ TODO: check
+CVE-2024-9486 (A security issue was discovered in the Kubernetes Image Builder versio ...)
+ TODO: check
+CVE-2024-9305 (The AppPresser \u2013 Mobile App Framework plugin for WordPress is vul ...)
+ TODO: check
+CVE-2024-9105 (The UltimateAI plugin for WordPress is vulnerable to authentication by ...)
+ TODO: check
+CVE-2024-9104 (The UltimateAI plugin for WordPress is vulnerable to authentication by ...)
+ TODO: check
+CVE-2024-9061 (The The WP Popup Builder \u2013 Popup Forms and Marketing Lead Generat ...)
+ TODO: check
+CVE-2024-8918 (The File Manager Pro plugin for WordPress is vulnerable to Limited Jav ...)
+ TODO: check
+CVE-2024-8787 (The Smart Online Order for Clover plugin for WordPress is vulnerable t ...)
+ TODO: check
+CVE-2024-8746 (The File Manager Pro plugin for WordPress is vulnerable to arbitrary b ...)
+ TODO: check
+CVE-2024-8541 (The Discount Rules for WooCommerce \u2013 Create Smart WooCommerce Cou ...)
+ TODO: check
+CVE-2024-8507 (The File Manager Pro plugin for WordPress is vulnerable to Cross-Site ...)
+ TODO: check
+CVE-2024-49340 (IBM Watson Studio Local 1.2.3 is vulnerable to cross-site request forg ...)
+ TODO: check
+CVE-2024-48783 (An issue in Ruijie NBR3000D-E Gateway allows a remote attacker to obta ...)
+ TODO: check
+CVE-2024-48782 (File Upload vulnerability in DYCMS Open-Source Version v2.0.9.41 allow ...)
+ TODO: check
+CVE-2024-48781 (An issue in Wanxing Technology Yitu Project Management Kirin Edition 2 ...)
+ TODO: check
+CVE-2024-48779 (An issue in Wanxing Technology's Yitu project Management Software 3.2. ...)
+ TODO: check
+CVE-2024-48714 (In TP-Link TL-WDR7660 v1.0, the guestRuleJsonToBin function handles th ...)
+ TODO: check
+CVE-2024-48713 (In TP-Link TL-WDR7660 1.0, the wacWhitelistJsonToBin function handles ...)
+ TODO: check
+CVE-2024-48712 (In TP-Link TL-WDR7660 1.0, the rtRuleJsonToBin function handles the pa ...)
+ TODO: check
+CVE-2024-48710 (In TP-Link TL-WDR7660 1.0, the wlanTimerRuleJsonToBin function handles ...)
+ TODO: check
+CVE-2024-48411 (itsourcecode Online Tours and Travels Management System v1.0 is vulner ...)
+ TODO: check
+CVE-2024-45715 (The SolarWinds Platform was susceptible to a Cross-Site Scripting vuln ...)
+ TODO: check
+CVE-2024-45714 (Application is vulnerable to Cross Site Scripting (XSS) an authenticat ...)
+ TODO: check
+CVE-2024-45711 (SolarWinds Serv-U is vulnerable to a directory traversal vulnerabili ...)
+ TODO: check
+CVE-2024-45710 (SolarWinds Platform is susceptible to an Uncontrolled Search Path Elem ...)
+ TODO: check
+CVE-2024-45217 (Insecure Default Initialization of Resource vulnerability in Apache So ...)
+ TODO: check
+CVE-2024-45216 (Improper Authentication vulnerability in Apache Solr. Solr instances ...)
+ TODO: check
+CVE-2024-45085 (IBM WebSphere Application Server 8.5 is vulnerable to a denial of serv ...)
+ TODO: check
+CVE-2024-44775 (An issue in kmqtt v0.2.7 allows attackers to cause a Denial of Service ...)
+ TODO: check
+CVE-2024-41311 (In Libheif 1.17.6, insufficient checks in ImageOverlay::parse() decodi ...)
+ TODO: check
+CVE-2024-38204 (Improper Access Control in Imagine Cup allows an authorized attacker t ...)
+ TODO: check
+CVE-2024-38190 (Missing authorization in Power Platform allows an unauthenticated atta ...)
+ TODO: check
+CVE-2024-38139 (Improper authentication in Microsoft Dataverse allows an authorized at ...)
+ TODO: check
+CVE-2024-31955 (An issue was discovered in Samsung eMMC with KLMAG2GE4A and KLM8G1WEMB ...)
+ TODO: check
+CVE-2024-10018 (Improper permission control in the mobile application (com.transsion.a ...)
+ TODO: check
+CVE-2024-10004 (Opening an external link to an HTTP website when Firefox iOS was previ ...)
+ TODO: check
+CVE-2023-7296 (The BigBlueButton plugin for WordPress is vulnerable to Stored Cross-S ...)
+ TODO: check
+CVE-2023-7295 (The Video Grid plugin for WordPress is vulnerable to Reflected Cross-S ...)
+ TODO: check
+CVE-2023-7294 (The Paytium: Mollie payment forms & donations plugin for WordPress is ...)
+ TODO: check
+CVE-2023-7293 (The Paytium: Mollie payment forms & donations plugin for WordPress is ...)
+ TODO: check
+CVE-2023-7292 (The Paytium: Mollie payment forms & donations plugin for WordPress is ...)
+ TODO: check
+CVE-2023-7291 (The Paytium: Mollie payment forms & donations plugin for WordPress is ...)
+ TODO: check
+CVE-2023-7290 (The Paytium: Mollie payment forms & donations plugin for WordPress is ...)
+ TODO: check
+CVE-2023-7289 (The Paytium: Mollie payment forms & donations plugin for WordPress is ...)
+ TODO: check
+CVE-2023-7288 (The Paytium: Mollie payment forms & donations plugin for WordPress is ...)
+ TODO: check
+CVE-2023-7287 (The Paytium: Mollie payment forms & donations plugin for WordPress is ...)
+ TODO: check
+CVE-2023-7286 (The plugin ACF Quick Edit Fields for WordPress is vulnerable to Insecu ...)
+ TODO: check
+CVE-2022-4974 (The Freemius SDK, as used by hundreds of WordPress plugin and theme de ...)
+ TODO: check
+CVE-2022-4973 (WordPress Core, in versions up to 6.0.2, is vulnerable to Authenticate ...)
+ TODO: check
+CVE-2022-4972 (The Download Monitor plugin for WordPress is vulnerable to authorizati ...)
+ TODO: check
+CVE-2022-4971 (The Sassy Social Share plugin for WordPress is vulnerable to Reflected ...)
+ TODO: check
+CVE-2021-4452 (The Google Language Translator plugin for WordPress is vulnerable to R ...)
+ TODO: check
+CVE-2021-4451 (The NinjaFirewall plugin for WordPress is vulnerable to Authenticated ...)
+ TODO: check
+CVE-2021-4450 (The Post Grid plugin for WordPress is vulnerable to blind SQL Injectio ...)
+ TODO: check
+CVE-2021-4449 (The ZoomSounds plugin for WordPress is vulnerable to arbitrary file up ...)
+ TODO: check
+CVE-2021-4448 (The Kaswara Modern VC Addons plugin for WordPress is vulnerable to aut ...)
+ TODO: check
+CVE-2021-4447 (The Essential Addons for Elementor plugin for WordPress is vulnerable ...)
+ TODO: check
+CVE-2021-4446 (The Essential Addons for Elementor plugin for WordPress is vulnerable ...)
+ TODO: check
+CVE-2021-4445 (The Premium Addons for Elementor plugin for WordPress is vulnerable to ...)
+ TODO: check
+CVE-2021-4444 (The Product Filter by WooBeWoo plugin for WordPress is vulnerable to a ...)
+ TODO: check
+CVE-2021-4443 (The WordPress Mega Menu plugin for WordPress is vulnerable to Arbitrar ...)
+ TODO: check
+CVE-2020-36842 (The Migration, Backup, Staging \u2013 WPvivid plugin for WordPress is ...)
+ TODO: check
+CVE-2020-36840 (The Timetable and Event Schedule by MotoPress plugin for WordPress is ...)
+ TODO: check
+CVE-2020-36839 (The WP Lead Plus X plugin for WordPress is vulnerable to Cross-Site Re ...)
+ TODO: check
+CVE-2020-36838 (The Facebook Chat Plugin for WordPress is vulnerable to authorization ...)
+ TODO: check
+CVE-2020-36837 (The ThemeGrill Demo Importer plugin for WordPress is vulnerable to aut ...)
+ TODO: check
+CVE-2020-36836 (The WP Fastest Cache plugin for WordPress is vulnerable to unauthorize ...)
+ TODO: check
+CVE-2020-36835 (The Migration, Backup, Staging \u2013 WPvivid plugin for WordPress is ...)
+ TODO: check
+CVE-2020-36834 (The Discount Rules for WooCommerce plugin for WordPress is vulnerable ...)
+ TODO: check
+CVE-2020-36833 (The Indeed Membership Pro plugin for WordPress is vulnerable to author ...)
+ TODO: check
+CVE-2020-36832 (The Ultimate Membership Pro plugin for WordPress is vulnerable to Auth ...)
+ TODO: check
+CVE-2020-36831 (The NextScripts: Social Networks Auto-Poster plugin for WordPress is v ...)
+ TODO: check
+CVE-2019-25217 (The SiteGround Optimizer plugin for WordPress is vulnerable to authori ...)
+ TODO: check
+CVE-2019-25216 (The Rich Review plugin for WordPress is vulnerable to Stored Cross-Sit ...)
+ TODO: check
+CVE-2019-25215 (The ARI-Adminer plugin for WordPress is vulnerable to authorization by ...)
+ TODO: check
+CVE-2019-25214 (The ShopWP plugin for WordPress is vulnerable to authorization bypass ...)
+ TODO: check
+CVE-2019-25213 (The Advanced Access Manager plugin for WordPress is vulnerable to Unau ...)
+ TODO: check
+CVE-2018-25105 (The File Manager plugin for WordPress is vulnerable to authorization ...)
+ TODO: check
+CVE-2017-20194 (The Formidable Form Builder plugin for WordPress is vulnerable to Sens ...)
+ TODO: check
+CVE-2017-20193 (The Product Vendors is vulnerable to Reflected Cross-Site Scripting vi ...)
+ TODO: check
+CVE-2017-20192 (The Formidable Form Builder plugin for WordPress is vulnerable to Stor ...)
+ TODO: check
+CVE-2016-15042 (The Frontend File Manager (versions < 4.0), N-Media Post Front-end For ...)
+ TODO: check
+CVE-2016-15041 (The MainWP Dashboard \u2013 The Private WordPress Manager for Multiple ...)
+ TODO: check
+CVE-2016-15040 (The Kento Post View Counter plugin for WordPress is vulnerable to SQL ...)
+ TODO: check
+CVE-2012-10018 (The Mapplic and Mapplic Lite plugins for WordPress are vulnerable to S ...)
+ TODO: check
+CVE-2024-45693 (Users logged into the Apache CloudStack's web interface can be tricked ...)
NOT-FOR-US: Apache CloudStack
-CVE-2024-45462
+CVE-2024-45462 (The logout operation in the CloudStack web interface does not expire t ...)
NOT-FOR-US: Apache CloudStack
-CVE-2024-45461
+CVE-2024-45461 (The CloudStack Quota feature allows cloud administrators to implement ...)
NOT-FOR-US: Apache CloudStack
-CVE-2024-45219
+CVE-2024-45219 (Account users in Apache CloudStack by default are allowed to upload an ...)
NOT-FOR-US: Apache CloudStack
CVE-2024-9986 (A vulnerability was found in code-projects Blood Bank Management Syste ...)
NOT-FOR-US: code-projects Blood Bank Management System
@@ -139540,8 +139758,8 @@ CVE-2023-22651 (Improper Privilege Management vulnerability in SUSE Rancher allo
NOT-FOR-US: Rancher
CVE-2023-22650
RESERVED
-CVE-2023-22649
- RESERVED
+CVE-2023-22649 (A vulnerability has been identified which may lead to sensitive data b ...)
+ TODO: check
CVE-2023-22648 (A Improper Privilege Management vulnerability in SUSE Rancher causes p ...)
NOT-FOR-US: Rancher
CVE-2023-22647 (An Improper Privilege Management vulnerability in SUSE Rancher allowed ...)
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/9423eea9f6b1fa30ade3c21d72a75e9e5aa19c46
--
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/9423eea9f6b1fa30ade3c21d72a75e9e5aa19c46
You're receiving this email because of your account on salsa.debian.org.
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://alioth-lists.debian.net/pipermail/debian-security-tracker-commits/attachments/20241016/a54c3cfe/attachment-0001.htm>
More information about the debian-security-tracker-commits
mailing list