[Git][security-tracker-team/security-tracker][master] automatic update

Salvatore Bonaccorso (@carnil) carnil at debian.org
Thu Oct 31 08:12:01 GMT 2024 


Salvatore Bonaccorso pushed to branch master at Debian Security Tracker / security-tracker


Commits:
cc83ef3c by security tracker role at 2024-10-31T08:11:54+00:00
automatic update

- - - - -


1 changed file:

- data/CVE/list


Changes:

=====================================
data/CVE/list
=====================================
@@ -1,3 +1,71 @@
+CVE-2024-9708 (The Easy SVG Upload plugin for WordPress is vulnerable to Stored Cross ...)
+	TODO: check
+CVE-2024-9700 (The Forminator Forms \u2013 Contact Form, Payment Form & Custom Form B ...)
+	TODO: check
+CVE-2024-9446 (The WP Simple Anchors Links plugin for WordPress is vulnerable to Stor ...)
+	TODO: check
+CVE-2024-9434 (The WPGlobus Translate Options plugin for WordPress is vulnerable to C ...)
+	TODO: check
+CVE-2024-9430 (The Get Quote For Woocommerce \u2013 Request A Quote For Woocommerce p ...)
+	TODO: check
+CVE-2024-9165 (The Gift Cards (Gift Vouchers and Packages) (WooCommerce Supported) pl ...)
+	TODO: check
+CVE-2024-51427 (An issue in Ethereum v.1.12.2 allows remote attacker to execute arbitr ...)
+	TODO: check
+CVE-2024-51426 (Insecure Permissions vulnerability in Ethereum v.1.12.2 allows a remot ...)
+	TODO: check
+CVE-2024-51425 (Insecure Permissions vulnerability in Ethereum v.1.12.2 allows a remot ...)
+	TODO: check
+CVE-2024-51424 (An issue in Ethereum v.1.12.2 allows remote attacker to execute arbitr ...)
+	TODO: check
+CVE-2024-51419 (Cross Site Scripting vulnerability in Shenzhen Interconnection Harbor  ...)
+	TODO: check
+CVE-2024-51243 (The eladmin v2.7 and before contains a remote code execution (RCE) vul ...)
+	TODO: check
+CVE-2024-51242 (A Server-Side Request Forgery (SSRF) vulnerability has been identified ...)
+	TODO: check
+CVE-2024-48807 (Cross Site Scripting vulnerability in PHPGurukul Doctor Appointment Ma ...)
+	TODO: check
+CVE-2024-48735 (Directory Traversal in /SASStudio/sasexec/sessions/{sessionID}/workspa ...)
+	TODO: check
+CVE-2024-48734 (*Unrestricted file upload in /SASStudio/SASStudio/sasexec/{sessionID}/ ...)
+	TODO: check
+CVE-2024-48733 (SQL injection vulnerability in /SASStudio/sasexec/sessions/{sessionID} ...)
+	TODO: check
+CVE-2024-48346 (xtreme1 <= v0.9.1 contains a Server-Side Request Forgery (SSRF) vulner ...)
+	TODO: check
+CVE-2024-48311 (Piwigo v14.5.0 was discovered to contain a Cross-Site Request Forgery  ...)
+	TODO: check
+CVE-2024-48307 (JeecgBoot v3.7.1 was discovered to contain a SQL injection vulnerabili ...)
+	TODO: check
+CVE-2024-48112 (A deserialization vulnerability in the component \controller\Index.php ...)
+	TODO: check
+CVE-2024-48093 (Unrestricted File Upload in the Discussions tab in Operately v.0.1.0 a ...)
+	TODO: check
+CVE-2024-43382 (Snowflake JDBC driver versions >= 3.2.6 and <= 3.19.1 have an Incorrec ...)
+	TODO: check
+CVE-2024-21537 (Versions of the package lilconfig from 3.1.0 and before 3.1.1 are vuln ...)
+	TODO: check
+CVE-2024-10561 (A vulnerability was found in Codezips Pet Shop Management System 1.0.  ...)
+	TODO: check
+CVE-2024-10559 (A vulnerability was found in SourceCodester Airport Booking Management ...)
+	TODO: check
+CVE-2024-10557 (A vulnerability has been found in code-projects Blood Bank Management  ...)
+	TODO: check
+CVE-2024-10556 (A vulnerability, which was classified as critical, was found in Codezi ...)
+	TODO: check
+CVE-2024-10544 (The Woo Manage Fraud Orders plugin for WordPress is vulnerable to Sens ...)
+	TODO: check
+CVE-2024-10392 (The AI Power: Complete AI Pack plugin for WordPress is vulnerable to a ...)
+	TODO: check
+CVE-2024-10086 (A vulnerability was identified in Consul and Consul Enterprise such th ...)
+	TODO: check
+CVE-2024-10006 (A vulnerability was identified in Consul and Consul Enterprise (\u201c ...)
+	TODO: check
+CVE-2024-10005 (A vulnerability was identified in Consul and Consul Enterprise (\u201c ...)
+	TODO: check
+CVE-2023-52066 (http.zig commit 76cf5 was discovered to contain a CRLF injection vulne ...)
+	TODO: check
 CVE-2024-9419 (Client / Server PCs with the HP Smart Universal Printing Driver instal ...)
 	NOT-FOR-US: HP
 CVE-2024-9388 (The Black Widgets For Elementor plugin for WordPress is vulnerable to  ...)
@@ -4456,6 +4524,7 @@ CVE-2024-9444 (The ElementsReady Addons for Elementor plugin for WordPress is vu
 CVE-2024-9348 (Docker Desktop before v4.34.3 allows RCE via unsanitized GitHub source ...)
 	NOT-FOR-US: Docker Desktop
 CVE-2024-9143 (Issue summary: Use of the low-level GF(2^m) elliptic curve APIs with u ...)
+	{DLA-3942-1}
 	[experimental] - openssl 3.4.0-1
 	- openssl 3.3.2-2 (bug #1085378)
 	[bookworm] - openssl <postponed> (Minor issue, fix along in next update)
@@ -10887,7 +10956,8 @@ CVE-2024-22303 (Incorrect Privilege Assignment vulnerability in favethemes Houze
 	NOT-FOR-US: WordPress plugin
 CVE-2024-21743 (Privilege Escalation vulnerability in favethemes Houzez Login Register ...)
 	NOT-FOR-US: WordPress plugin
-CVE-2024-8421 (This CVE has been rejected.)
+CVE-2024-8421
+	REJECTED
 	NOT-FOR-US: Red Hat specific golang.org/x/net/http2 CVE relating to CVE-2023-39325
 	NOTE: https://bugzilla.redhat.com/show_bug.cgi?id=2309710#c7
 CVE-2024-XXXX [RUSTSEC-2023-0086]
@@ -30024,6 +30094,7 @@ CVE-2024-37370 (In MIT Kerberos 5 (aka krb5) before 1.21.3, an attacker can modi
 	- krb5 1.21.3-1
 	NOTE: https://github.com/krb5/krb5/commit/55fbf435edbe2e92dd8101669b1ce7144bc96fef (krb5-1.21.3-final)
 CVE-2024-5535 (Issue summary: Calling the OpenSSL API function SSL_select_next_proto  ...)
+	{DLA-3942-1}
 	- openssl 3.3.2-1 (bug #1074487)
 	[bookworm] - openssl <postponed> (Minor issue, fix along with next update round)
 	NOTE: https://www.openssl.org/news/secadv/20240627.txt
@@ -38561,6 +38632,7 @@ CVE-2023-35949 (Multiple stack-based buffer overflow vulnerabilities exist in th
 	NOTE: https://talosintelligence.com/vulnerability_reports/TALOS-2023-1784
 	NOTE: https://github.com/libigl/libigl/issues/2387
 CVE-2024-4741 [Use After Free with SSL_free_buffers]
+	{DLA-3942-1}
 	- openssl 3.2.2-1 (bug #1072113)
 	[bookworm] - openssl 3.0.14-1~deb12u1
 	[buster] - openssl <postponed> (Minor issue, fix along with next update round)
@@ -58230,6 +58302,7 @@ CVE-2024-26811 (In the Linux kernel, the following vulnerability has been resolv
 	- linux 6.8.9-1
 	NOTE: https://git.kernel.org/linus/a677ebd8ca2f2632ccdecbad7b87641274e15aac (6.9-rc3)
 CVE-2024-2511 (Issue summary: Some non-default TLS server configurations can cause un ...)
+	{DLA-3942-1}
 	[experimental] - openssl 3.3.0-1
 	- openssl 3.2.2-1 (bug #1068658)
 	[bookworm] - openssl 3.0.14-1~deb12u1
@@ -77247,6 +77320,7 @@ CVE-2023-33757 (A lack of SSL certificate validation in Splicecom iPCS (iOS App)
 CVE-2024-0822 (An authentication bypass vulnerability was found in overt-engine. This ...)
 	NOT-FOR-US: ovirt-engine
 CVE-2024-0727 (Issue summary: Processing a maliciously formatted PKCS12 file may lead ...)
+	{DLA-3942-1}
 	- openssl 3.1.5-1 (bug #1061582)
 	[bookworm] - openssl 3.0.13-1~deb12u1
 	[buster] - openssl <postponed> (Minor issue, DoS, Low severity)
@@ -81885,9 +81959,9 @@ CVE-2023-38675 (FPE in paddle.linalg.matrix_rank in PaddlePaddle before 2.6.0. T
 	NOT-FOR-US: PaddlePaddle
 CVE-2023-38674 (FPE in paddle.nanmedian in PaddlePaddle before 2.6.0. This flaw can ca ...)
 	NOT-FOR-US: PaddlePaddle
-CVE-2023-37608 (An issue in Automatic Systems SOC FL9600 FastLine v.lego_T04E00 allows ...)
+CVE-2023-37608 (An issue in Automatic Systems SOC FL9600 FirstLane V06 lego_T04E00 all ...)
 	NOT-FOR-US: Automatic Systems SOC FL9600 FastLine v.lego_T04E00
-CVE-2023-37607 (Directory Traversal in Automatic-Systems SOC FL9600 FastLine lego_T04E ...)
+CVE-2023-37607 (Directory Traversal in Automatic Systems SOC FL9600 FirstLane V06 lego ...)
 	NOT-FOR-US: Automatic-Systems SOC FL9600 FastLine lego_T04E00
 CVE-2023-51785 (Deserialization of Untrusted Data vulnerability in Apache InLong.This  ...)
 	NOT-FOR-US: Apache InLong
@@ -93881,6 +93955,7 @@ CVE-2023-5717 (A heap out-of-bounds write vulnerability in the Linux kernel's Li
 	[bookworm] - linux 6.1.64-1
 	NOTE: https://git.kernel.org/linus/32671e3799ca2e4590773fd0e63aaa4229e50c06 (6.6-rc7)
 CVE-2023-5678 (Issue summary: Generating excessively long X9.42 DH keys or checking e ...)
+	{DLA-3942-1}
 	- openssl 3.0.12-2 (bug #1055473)
 	[bookworm] - openssl 3.0.13-1~deb12u1
 	[buster] - openssl <postponed> (Minor issue; can be fixed along with future update)



View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/cc83ef3ce4b5e0f7503fa1f27d63177fd2362ec6

-- 
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/cc83ef3ce4b5e0f7503fa1f27d63177fd2362ec6
You're receiving this email because of your account on salsa.debian.org.


-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://alioth-lists.debian.net/pipermail/debian-security-tracker-commits/attachments/20241031/df7591a0/attachment-0001.htm>

More information about the debian-security-tracker-commits mailing list