[Git][security-tracker-team/security-tracker][master] automatic update

Salvatore Bonaccorso (@carnil) carnil at debian.org
Thu Oct 17 23:32:38 BST 2024 


Salvatore Bonaccorso pushed to branch master at Debian Security Tracker / security-tracker


Commits:
f87b39ac by security tracker role at 2024-10-17T08:11:54+00:00
automatic update

- - - - -


1 changed file:

- data/CVE/list


Changes:

=====================================
data/CVE/list
=====================================
@@ -1,3 +1,67 @@
+CVE-2024-9951 (The WP Photo Album Plus plugin for WordPress is vulnerable to Reflecte ...)
+	TODO: check
+CVE-2024-9940 (The Calculated Fields Form plugin for WordPress is vulnerable to HTML  ...)
+	TODO: check
+CVE-2024-9863 (The UserPro plugin for WordPress is vulnerable to privilege escalation ...)
+	TODO: check
+CVE-2024-9862 (The Miniorange OTP Verification with Firebase plugin for WordPress is  ...)
+	TODO: check
+CVE-2024-9861 (The Miniorange OTP Verification with Firebase plugin for WordPress is  ...)
+	TODO: check
+CVE-2024-9352 (The Forminator Forms \u2013 Contact Form, Payment Form & Custom Form B ...)
+	TODO: check
+CVE-2024-9351 (The Forminator Forms \u2013 Contact Form, Payment Form & Custom Form B ...)
+	TODO: check
+CVE-2024-9347 (The The Ultimate WordPress Toolkit \u2013 WP Extended plugin for WordP ...)
+	TODO: check
+CVE-2024-9263 (The WP Timetics- AI-powered Appointment Booking Calendar and Online Sc ...)
+	TODO: check
+CVE-2024-9240 (The ReDi Restaurant Reservation plugin for WordPress is vulnerable to  ...)
+	TODO: check
+CVE-2024-9215 (The Co-Authors, Multiple Authors and Guest Authors in an Author Box wi ...)
+	TODO: check
+CVE-2024-9213 (The \u0627\u0641\u0632\u0648\u0646\u0647 \u067e\u06cc\u0627\u0645\u06a ...)
+	TODO: check
+CVE-2024-8719 (The Flexmls\xae IDX Plugin plugin for WordPress is vulnerable to Refle ...)
+	TODO: check
+CVE-2024-7994 (A maliciously crafted RFA file, when parsed through Autodesk Revit, ca ...)
+	TODO: check
+CVE-2024-7993 (A maliciously crafted PDF file, when parsed through Autodesk Revit, ca ...)
+	TODO: check
+CVE-2024-7417 (The Royal Elementor Addons and Templates plugin for WordPress is vulne ...)
+	TODO: check
+CVE-2024-5429 (The Logo Slider  WordPress plugin before 4.1.0 does not validate and e ...)
+	TODO: check
+CVE-2024-49593 (In Advanced Custom Fields (ACF) before 6.3.9 and Secure Custom Fields  ...)
+	TODO: check
+CVE-2024-48918 (RDS Light is a simplified version of the Reflective Dialogue System (R ...)
+	TODO: check
+CVE-2024-48758 (dingfanzu CMS V1.0 was discovered to contain a Cross-Site Request Forg ...)
+	TODO: check
+CVE-2024-48180 (ClassCMS <=4.8 is vulnerable to file inclusion in the nowView method i ...)
+	TODO: check
+CVE-2024-47889 (Action Mailer is a framework for designing email service layers. Start ...)
+	TODO: check
+CVE-2024-47888 (Action Text brings rich text content and editing to Rails. Starting in ...)
+	TODO: check
+CVE-2024-47887 (Action Pack is a framework for handling and responding to web requests ...)
+	TODO: check
+CVE-2024-46213 (REDAXO CMS v2.11.0 was discovered to contain a remote code execution ( ...)
+	TODO: check
+CVE-2024-46212 (An issue in the component /index.php?page=backup/export of REDAXO CMS  ...)
+	TODO: check
+CVE-2024-45767 (Dell OpenManage Enterprise, version(s) OME 4.1 and prior, contain(s) a ...)
+	TODO: check
+CVE-2024-45766 (Dell OpenManage Enterprise, version(s) OME 4.1 and prior, contain(s) a ...)
+	TODO: check
+CVE-2024-44762 (A discrepancy in error messages for invalid login attempts in Webmin U ...)
+	TODO: check
+CVE-2024-3187 (This issue tracks two CWE-416 Use After Free (UAF) and one CWE-415 Dou ...)
+	TODO: check
+CVE-2024-3186 (CWE-476 NULL Pointer Dereference vulnerability in the evalExpr() funct ...)
+	TODO: check
+CVE-2024-3184 (Multiple CWE-476 NULL Pointer Dereference vulnerabilities were found i ...)
+	TODO: check
 CVE-2024-9893 (The Nextend Social Login Pro plugin for WordPress is vulnerable to aut ...)
 	NOT-FOR-US: WordPress plugin
 CVE-2024-9858 (There exists an insecure default user permission in Google Cloud Migra ...)
@@ -84061,6 +84125,7 @@ CVE-2023-49090 (CarrierWave is a solution for file uploads for Rails, Sinatra an
 	NOTE: Fixing this issue incompletely opens up CVE-2024-29034 and so apply complete set
 	NOTE: of fixes.
 CVE-2023-49083 (cryptography is a package designed to expose cryptographic primitives  ...)
+	{DLA-3922-1}
 	- python-cryptography 41.0.7-1 (bug #1057108)
 	[bookworm] - python-cryptography <no-dsa> (Minor issue)
 	[buster] - python-cryptography <not-affected> (Vulnerable code introduced later)
@@ -135653,7 +135718,7 @@ CVE-2023-23933 (OpenSearch Anomaly Detection identifies atypical data and receiv
 CVE-2023-23932 (OpenDDS is an open source C++ implementation of the Object Management  ...)
 	NOT-FOR-US: OpenDDS
 CVE-2023-23931 (cryptography is a package designed to expose cryptographic primitives  ...)
-	{DLA-3331-2 DLA-3331-1}
+	{DLA-3922-1 DLA-3331-2 DLA-3331-1}
 	- python-cryptography 38.0.4-3 (bug #1031049)
 	NOTE: https://github.com/pyca/cryptography/security/advisories/GHSA-w7pp-m8wf-vj6r
 	NOTE: https://github.com/pyca/cryptography/commit/9fbf84efc861668755ab645530ec7be9cf3c6696



View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/f87b39acf3c3a46acd5b881b5c8f9affbb6e0a65

-- 
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/f87b39acf3c3a46acd5b881b5c8f9affbb6e0a65
You're receiving this email because of your account on salsa.debian.org.


-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://alioth-lists.debian.net/pipermail/debian-security-tracker-commits/attachments/20241017/d8727bd3/attachment.htm>

More information about the debian-security-tracker-commits mailing list