[Git][security-tracker-team/security-tracker][master] automatic update

Salvatore Bonaccorso (@carnil) carnil at debian.org
Sat Oct 26 09:12:43 BST 2024 


Salvatore Bonaccorso pushed to branch master at Debian Security Tracker / security-tracker


Commits:
5d0d1a8d by security tracker role at 2024-10-26T08:12:36+00:00
automatic update

- - - - -


1 changed file:

- data/CVE/list


Changes:

=====================================
data/CVE/list
=====================================
@@ -1,3 +1,81 @@
+CVE-2024-9933 (The WatchTowerHQ plugin for WordPress is vulnerable to authentication  ...)
+	TODO: check
+CVE-2024-9932 (The Wux Blog Editor plugin for WordPress is vulnerable to arbitrary fi ...)
+	TODO: check
+CVE-2024-9931 (The Wux Blog Editor plugin for WordPress is vulnerable to authenticati ...)
+	TODO: check
+CVE-2024-9930 (The Extensions by HocWP Team plugin for WordPress is vulnerable to aut ...)
+	TODO: check
+CVE-2024-9890 (The User Toolkit plugin for WordPress is vulnerable to authentication  ...)
+	TODO: check
+CVE-2024-9626 (The Editorial Assistant by Sovrn plugin for WordPress is vulnerable to ...)
+	TODO: check
+CVE-2024-9613 (The FormFacade \u2013 WordPress plugin for Google Forms plugin for Wor ...)
+	TODO: check
+CVE-2024-9475 (The Poll Maker \u2013 Versus Polls, Anonymous Polls, Image Polls plugi ...)
+	TODO: check
+CVE-2024-9462 (The Poll Maker \u2013 Versus Polls, Anonymous Polls, Image Polls plugi ...)
+	TODO: check
+CVE-2024-9456 (The WP Awesome Login plugin for WordPress is vulnerable to Stored Cros ...)
+	TODO: check
+CVE-2024-9454 (The PriPre plugin for WordPress is vulnerable to Stored Cross-Site Scr ...)
+	TODO: check
+CVE-2024-8870 (The Forms for Mailchimp by Optin Cat \u2013 Grow Your MailChimp List p ...)
+	TODO: check
+CVE-2024-48396 (AIML Chatbot 1.0 (fixed in 2.0) is vulnerable to Cross Site Scripting  ...)
+	TODO: check
+CVE-2024-48239 (An issue was discovered in WTCMS 1.0. In the plupload method in \Asset ...)
+	TODO: check
+CVE-2024-48238 (WTCMS 1.0 is vulnerable to SQL Injection in the edit_post method of /A ...)
+	TODO: check
+CVE-2024-48237 (WTCMS 1.0 is vulnerable to Incorrect Access Control in \Common\Control ...)
+	TODO: check
+CVE-2024-48236 (An issue in ofcms 1.1.2 allows a remote attacker to execute arbitrary  ...)
+	TODO: check
+CVE-2024-48235 (An issue in ofcms 1.1.2 allows a remote attacker to execute arbitrary  ...)
+	TODO: check
+CVE-2024-48234 (An issue was discovered in mipjz 5.0.5. In the push method of app\tag\ ...)
+	TODO: check
+CVE-2024-48233 (mipjz 5.0.5 is vulnerable to Cross Site Scripting (XSS) in \app\settin ...)
+	TODO: check
+CVE-2024-48232 (An issue was found in mipjz 5.0.5. In the mipPost method of \app\setti ...)
+	TODO: check
+CVE-2024-48230 (funadmin 5.0.2 is vulnerable to SQL Injection via the parentField para ...)
+	TODO: check
+CVE-2024-48229 (funadmin 5.0.2 has a SQL injection vulnerability in the Curd one click ...)
+	TODO: check
+CVE-2024-48228 (An issue was found in funadmin 5.0.2. The selectfiles method in \backe ...)
+	TODO: check
+CVE-2024-48227 (Funadmin 5.0.2 has a logical flaw in the Curd one click command deleti ...)
+	TODO: check
+CVE-2024-48226 (Funadmin 5.0.2 is vulnerable to SQL Injection in curd/table/savefield.)
+	TODO: check
+CVE-2024-48225 (Funadmin v5.0.2 has an arbitrary file deletion vulnerability in /curd/ ...)
+	TODO: check
+CVE-2024-48224 (Funadmin v5.0.2 has an arbitrary file read vulnerability in /curd/inde ...)
+	TODO: check
+CVE-2024-48223 (Funadmin v5.0.2 has a SQL injection vulnerability in /curd/table/field ...)
+	TODO: check
+CVE-2024-48222 (Funadmin v5.0.2 has a SQL injection vulnerability in /curd/table/edit.)
+	TODO: check
+CVE-2024-48218 (Funadmin v5.0.2 has a SQL injection vulnerability in /curd/table/list.)
+	TODO: check
+CVE-2024-47821 (pyLoad is a free and open-source Download Manager. The folder `/.pyloa ...)
+	TODO: check
+CVE-2024-10092 (The Download Monitor plugin for WordPress is vulnerable to unauthorize ...)
+	TODO: check
+CVE-2024-10091 (The ElementsKit Elementor addons plugin for WordPress is vulnerable to ...)
+	TODO: check
+CVE-2024-0121 (NVIDIA GPU Display Driver for Windows contains a vulnerability in the  ...)
+	TODO: check
+CVE-2024-0120 (NVIDIA GPU Display Driver for Windows contains a vulnerability in the  ...)
+	TODO: check
+CVE-2024-0119 (NVIDIA GPU Display Driver for Windows contains a vulnerability in the  ...)
+	TODO: check
+CVE-2024-0118 (NVIDIA GPU Display Driver for Windows contains a vulnerability in the  ...)
+	TODO: check
+CVE-2024-0117 (NVIDIA GPU Display Driver for Windows contains a vulnerability in the  ...)
+	TODO: check
 CVE-2024-9991 (This vulnerability exists in Philips lighting devices due to storage o ...)
 	NOT-FOR-US: Philips lighting devices
 CVE-2024-9585 (The Image Map Pro plugin for WordPress is vulnerable to Stored Cross-S ...)
@@ -469,7 +547,7 @@ CVE-2024-40431 (A lack of input validation in Realtek SD card reader driver befo
 	NOT-FOR-US: Realtek
 CVE-2023-50355 (HCL Sametime is impacted by the error messages containing sensitive in ...)
 	NOT-FOR-US: HCL
-CVE-2024-0126
+CVE-2024-0126 (NVIDIA GPU Display Driver for Windows and Linux contains a vulnerabili ...)
 	- nvidia-graphics-drivers <unfixed> (bug #1085968)
 	[bookworm] - nvidia-graphics-drivers <no-dsa> (Non-free not supported)
 	[bullseye] - nvidia-graphics-drivers <ignored> (Non-free not supported)



View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/5d0d1a8d43075bba093a5d38293037516ee8a95c

-- 
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/5d0d1a8d43075bba093a5d38293037516ee8a95c
You're receiving this email because of your account on salsa.debian.org.


-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://alioth-lists.debian.net/pipermail/debian-security-tracker-commits/attachments/20241026/155ddc4e/attachment.htm>

More information about the debian-security-tracker-commits mailing list