[Git][security-tracker-team/security-tracker][master] automatic update
Salvatore Bonaccorso (@carnil)
carnil at debian.org
Wed Oct 23 09:12:48 BST 2024
Salvatore Bonaccorso pushed to branch master at Debian Security Tracker / security-tracker
Commits:
acb1dfe9 by security tracker role at 2024-10-23T08:12:41+00:00
automatic update
- - - - -
1 changed file:
- data/CVE/list
Changes:
=====================================
data/CVE/list
=====================================
@@ -1,4 +1,68 @@
-CVE-2024-50066 [mm/mremap: fix move_normal_pmd/retract_page_tables race]
+CVE-2024-9947 (The ProfilePress Pro plugin for WordPress is vulnerable to authenticat ...)
+ TODO: check
+CVE-2024-9927 (The WooCommerce Order Proposal plugin for WordPress is vulnerable to p ...)
+ TODO: check
+CVE-2024-9829 (The Download Plugin plugin for WordPress is vulnerable to unauthorized ...)
+ TODO: check
+CVE-2024-9583 (The RSS Aggregator \u2013 RSS Import, News Feeds, Feed to Post, and Au ...)
+ TODO: check
+CVE-2024-9530 (The Qi Addons For Elementor plugin for WordPress is vulnerable to Sens ...)
+ TODO: check
+CVE-2024-7587 (Incorrect Default Permissions vulnerability in GenBroker32, which is i ...)
+ TODO: check
+CVE-2024-48919 (Cursor is a code editor built for programming with AI. Prior to Sep 27 ...)
+ TODO: check
+CVE-2024-48657 (SQL Injection vulnerability in hospital management system in php with ...)
+ TODO: check
+CVE-2024-48656 (Cross Site Scripting vulnerability in student management system in php ...)
+ TODO: check
+CVE-2024-48652 (Cross Site Scripting vulnerability in camaleon-cms v.2.7.5 allows remo ...)
+ TODO: check
+CVE-2024-48644 (Accounts enumeration vulnerability in the Login Component of Reolink D ...)
+ TODO: check
+CVE-2024-48415 (itsourcecode Loan Management System v1.0 is vulnerable to Cross Site S ...)
+ TODO: check
+CVE-2024-46914
+ REJECTED
+CVE-2024-46483 (Xlight FTP Server <3.9.4.3 has an integer overflow vulnerability in th ...)
+ TODO: check
+CVE-2024-46482 (An arbitrary file upload vulnerability in the Ticket Generation functi ...)
+ TODO: check
+CVE-2024-45526 (An issue was discovered in OPC Foundation OPCFoundation/UA-.NETStandar ...)
+ TODO: check
+CVE-2024-44812 (SQL Injection vulnerability in Online Complaint Site v.1.0 allows a re ...)
+ TODO: check
+CVE-2024-44331 (Incorrect Access Control in GStreamer RTSP server 1.25.0 in gst-rtsp-s ...)
+ TODO: check
+CVE-2024-43924 (Missing Authorization vulnerability in dFactory Responsive Lightbox al ...)
+ TODO: check
+CVE-2024-43812 (Kieback & Peter's DDC4000 serieshas an insufficiently protected creden ...)
+ TODO: check
+CVE-2024-43698 (Kieback & Peter's DDC4000 seriesuses weak credentials, which may allow ...)
+ TODO: check
+CVE-2024-42643 (Integer Overflow in fast_ping.c in SmartDNS Release46 allows remote at ...)
+ TODO: check
+CVE-2024-41717 (Kieback & Peter's DDC4000 seriesis vulnerable to a path traversal vuln ...)
+ TODO: check
+CVE-2024-40494 (Buffer Overflow in coap_msg.c in FreeCoAP allows remote attackers to e ...)
+ TODO: check
+CVE-2024-40493 (Null Pointer Dereference in `coap_client_exchange_blockwise2` function ...)
+ TODO: check
+CVE-2024-31880 (IBM Db2 for Linux, UNIX and Windows (includes Db2 Connect Server) 10.5 ...)
+ TODO: check
+CVE-2024-31029 (An issue in the server_handle_regular function of the test_coap_server ...)
+ TODO: check
+CVE-2024-26519 (An issue in Casa Systems NTC-221 version 2.0.99.0 and before allows a ...)
+ TODO: check
+CVE-2024-10231 (Type Confusion in V8 in Google Chrome prior to 130.0.6723.69 allowed a ...)
+ TODO: check
+CVE-2024-10230 (Type Confusion in V8 in Google Chrome prior to 130.0.6723.69 allowed a ...)
+ TODO: check
+CVE-2024-10229 (Inappropriate implementation in Extensions in Google Chrome prior to 1 ...)
+ TODO: check
+CVE-2024-10045 (The Transients Manager plugin for WordPress is vulnerable to Cross-Sit ...)
+ TODO: check
+CVE-2024-50066 (In the Linux kernel, the following vulnerability has been resolved: m ...)
- linux <unfixed>
[bookworm] - linux <not-affected> (Vulnerable code not present)
[bullseye] - linux <not-affected> (Vulnerable code not present)
@@ -1309,7 +1373,8 @@ CVE-2024-47757 (In the Linux kernel, the following vulnerability has been resolv
CVE-2024-47756 (In the Linux kernel, the following vulnerability has been resolved: P ...)
- linux 6.11.2-1
NOTE: https://git.kernel.org/linus/6188a1c762eb9bbd444f47696eda77a5eae6207a (6.12-rc1)
-CVE-2024-47755 (In the Linux kernel, the following vulnerability has been resolved: n ...)
+CVE-2024-47755
+ REJECTED
- linux 6.11.2-1
NOTE: https://git.kernel.org/linus/62c2aa6b1f565d2fc1ec11a6e9e8336ce37a6426 (6.12-rc1)
CVE-2024-47754 (In the Linux kernel, the following vulnerability has been resolved: m ...)
@@ -1421,7 +1486,8 @@ CVE-2024-47727 (In the Linux kernel, the following vulnerability has been resolv
CVE-2024-47726 (In the Linux kernel, the following vulnerability has been resolved: f ...)
- linux 6.11.2-1
NOTE: https://git.kernel.org/linus/96cfeb0389530ae32ade8a48ae3ae1ac3b6c009d (6.12-rc1)
-CVE-2024-47725 (In the Linux kernel, the following vulnerability has been resolved: d ...)
+CVE-2024-47725
+ REJECTED
- linux 6.11.2-1
NOTE: https://git.kernel.org/linus/e6a3531dd542cb127c8de32ab1e54a48ae19962b (6.12-rc1)
CVE-2024-47724 (In the Linux kernel, the following vulnerability has been resolved: w ...)
@@ -2662,6 +2728,7 @@ CVE-2024-45085 (IBM WebSphere Application Server 8.5 is vulnerable to a denial o
CVE-2024-44775 (An issue in kmqtt v0.2.7 allows attackers to cause a Denial of Service ...)
NOT-FOR-US: kmqtt
CVE-2024-41311 (In Libheif 1.17.6, insufficient checks in ImageOverlay::parse() decodi ...)
+ {DLA-3934-1}
- libheif 1.18.1-1
NOTE: https://github.com/strukturag/libheif/issues/1226
NOTE: https://github.com/strukturag/libheif/pull/1227
@@ -4628,15 +4695,20 @@ CVE-2024-25885 (An issue in the getcolor function in utils.py of xhtml2pdf v0.2.
NOTE: https://gist.github.com/salvatore-abello/c88dd0027496774023ef36c7b576d206
CVE-2024-25825 (FydeOS for PC 17.1 R114, FydeOS for VMware 17.0 R114, FydeOS for You 1 ...)
NOT-FOR-US: FydeOS
-CVE-2024-25286 (3DSecure 2.0 allows CSRF in the Authorization Method via modified Orig ...)
+CVE-2024-25286
+ REJECTED
NOT-FOR-US: 3DSecure
-CVE-2024-25285 (3DSecure 2.0 allows form action hijacking via threeDsMethod.jsp?threeD ...)
+CVE-2024-25285
+ REJECTED
NOT-FOR-US: 3DSecure
-CVE-2024-25284 (3DSecure 2.0 allows reflected XSS in the 3DS Authorization Method via ...)
+CVE-2024-25284
+ REJECTED
NOT-FOR-US: 3DSecure
-CVE-2024-25283 (3DSecure 2.0 allows reflected XSS in the 3DS Authorization Challenge v ...)
+CVE-2024-25283
+ REJECTED
NOT-FOR-US: 3DSecure
-CVE-2024-25282 (3DSecure 2.0 allows XSS in its 3DSMethod Authentication via a modified ...)
+CVE-2024-25282
+ REJECTED
NOT-FOR-US: 3DSecure
CVE-2024-20787 (Substance3D - Painter versions 10.0.1 and earlier are affected by an o ...)
NOT-FOR-US: Adobe
@@ -49294,6 +49366,7 @@ CVE-2024-33401 (Cross Site Scripting vulnerability in DedeCMS v.5.7.113 allows a
CVE-2024-33350 (Directory Traversal vulnerability in TaoCMS v.3.0.2 allows a remote at ...)
NOT-FOR-US: TaoCMS
CVE-2024-31837 (DMitry (Deepmagic Information Gathering Tool) 1.3a has a format-string ...)
+ {DLA-3933-1}
- dmitry 1.3a-5 (bug #1070370)
[bookworm] - dmitry 1.3a-1.2+deb12u1
[buster] - dmitry <postponed> (Minor issue, crash in CLI tool, requires malicious parameter)
@@ -338867,6 +338940,7 @@ CVE-2020-14932 (compose.php in SquirrelMail 1.4.22 calls unserialize for the $ma
- squirrelmail <removed>
NOTE: https://www.openwall.com/lists/oss-security/2020/06/20/1
CVE-2020-14931 (A stack-based buffer overflow in DMitry (Deepmagic Information Gatheri ...)
+ {DLA-3933-1}
- dmitry 1.3a-5 (bug #1070370)
[bookworm] - dmitry 1.3a-1.2+deb12u1
[buster] - dmitry <postponed> (Minor issue, requires hostile whois server)
@@ -519023,6 +519097,7 @@ CVE-2017-7940 (The iw_read_gif_file function in imagew-gif.c in libimageworsener
CVE-2017-7939 (The read_next_pam_token function in imagew-pnm.c in libimageworsener.a ...)
NOT-FOR-US: ImageWorsener
CVE-2017-7938 (Stack-based buffer overflow in DMitry (Deepmagic Information Gathering ...)
+ {DLA-3933-1}
- dmitry 1.3a-5 (bug #1070370)
[bookworm] - dmitry 1.3a-1.2+deb12u1
[buster] - dmitry <postponed> (Minor issue, crash in CLI tool, requires malicious parameter)
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/acb1dfe98b5c9764aca2c72aa67f845971263378
--
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/acb1dfe98b5c9764aca2c72aa67f845971263378
You're receiving this email because of your account on salsa.debian.org.
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://alioth-lists.debian.net/pipermail/debian-security-tracker-commits/attachments/20241023/8b3e4a7e/attachment-0001.htm>
More information about the debian-security-tracker-commits
mailing list