[Git][security-tracker-team/security-tracker][master] automatic update

Salvatore Bonaccorso (@carnil) carnil at debian.org
Thu Sep 26 09:12:08 BST 2024 


Salvatore Bonaccorso pushed to branch master at Debian Security Tracker / security-tracker


Commits:
d3aac7e4 by security tracker role at 2024-09-26T08:12:02+00:00
automatic update

- - - - -


1 changed file:

- data/CVE/list


Changes:

=====================================
data/CVE/list
=====================================
@@ -1,3 +1,57 @@
+CVE-2024-8861 (The ProfileGrid \u2013 User Profiles, Groups and Communities plugin fo ...)
+	TODO: check
+CVE-2024-8803 (The Bulk NoIndex & NoFollow Toolkit plugin for WordPress is vulnerable ...)
+	TODO: check
+CVE-2024-8723 (The 012 Ps Multi Languages plugin for WordPress is vulnerable to Store ...)
+	TODO: check
+CVE-2024-8552 (The Download Monitor plugin for WordPress is vulnerable to unauthorize ...)
+	TODO: check
+CVE-2024-8405 (An arbitrary file creation vulnerability exists in PaperCut NG/MF that ...)
+	TODO: check
+CVE-2024-8404 (An arbitrary file deletion vulnerability exists in PaperCut NG/MF, spe ...)
+	TODO: check
+CVE-2024-7781 (The Jupiter X Core plugin for WordPress is vulnerable to authenticatio ...)
+	TODO: check
+CVE-2024-7772 (The Jupiter X Core plugin for WordPress is vulnerable to arbitrary fil ...)
+	TODO: check
+CVE-2024-6517 (The Contact Form 7 Math Captcha WordPress plugin through 2.0.1 does no ...)
+	TODO: check
+CVE-2024-4278 (An information disclosure issue has been discovered in GitLab EE affec ...)
+	TODO: check
+CVE-2024-47330 (Missing Authorization vulnerability in Supsystic Slider by Supsystic,  ...)
+	TODO: check
+CVE-2024-47083 (Power Platform Terraform Provider allows managing environments and oth ...)
+	TODO: check
+CVE-2024-47045 (Privilege chaining issue exists in the installer of e-Tax software(com ...)
+	TODO: check
+CVE-2024-45836 (Cross-site scripting vulnerability exists in the web management page o ...)
+	TODO: check
+CVE-2024-45372 (MZK-DP300N firmware versions 1.04 and earlier contains a cross-site re ...)
+	TODO: check
+CVE-2024-0133 (NVIDIA Container Toolkit 1.16.1 or earlier contains a vulnerability in ...)
+	TODO: check
+CVE-2024-0132 (NVIDIA Container Toolkit 1.16.1 or earlier contains a Time-of-check Ti ...)
+	TODO: check
+CVE-2023-52950 (Missing encryption of sensitive data vulnerability in login component  ...)
+	TODO: check
+CVE-2023-52949 (Missing authentication for critical function vulnerability in proxy se ...)
+	TODO: check
+CVE-2023-52948 (Missing encryption of sensitive data vulnerability in settings functio ...)
+	TODO: check
+CVE-2023-52947 (Missing authentication for critical function vulnerability in logout f ...)
+	TODO: check
+CVE-2023-52946 (Buffer copy without checking size of input ('Classic Buffer Overflow') ...)
+	TODO: check
+CVE-2022-49041 (Buffer copy without checking size of input ('Classic Buffer Overflow') ...)
+	TODO: check
+CVE-2022-49040 (Buffer copy without checking size of input ('Classic Buffer Overflow') ...)
+	TODO: check
+CVE-2022-49039 (Out-of-bounds write vulnerability in backup task management functional ...)
+	TODO: check
+CVE-2022-49038 (Inclusion of functionality from untrusted control sphere vulnerability ...)
+	TODO: check
+CVE-2022-49037 (Insertion of sensitive information into log file vulnerability in prox ...)
+	TODO: check
 CVE-2024-8805 [BlueZ HID over GATT Profile Improper Access Control Remote Code Execution Vulnerability]
 	- bluez <unfixed>
 	NOTE: https://www.zerodayinitiative.com/advisories/ZDI-24-1229/
@@ -56,6 +110,7 @@ CVE-2024-46488 (sqlite-vec v0.1.1 was discovered to contain a heap buffer overfl
 CVE-2024-46485 (dingfanzu CMS 1.0 was discovered to contain a Cross-Site Request Forge ...)
 	NOT-FOR-US: dingfanzu CMS
 CVE-2024-46461 (VLC media player 3.0.20 and earlier is vulnerable to denial of service ...)
+	{DSA-5707-1}
 	- vlc 3.0.21-1
 	NOTE: https://www.videolan.org/security/sb-vlc3021.html
 CVE-2024-45750 (An issue in TheGreenBow Windows Standard VPN Client 6.87.108 (and olde ...)
@@ -611,6 +666,7 @@ CVE-2024-42346 (Galaxy is a free, open-source system for analyzing data, authori
 CVE-2024-37879 (Improper input validation in /admin/config/save in User-friendly SVN ( ...)
 	NOT-FOR-US: User-friendly SVN (USVN)
 CVE-2023-47480 (An issue in Pure Data 0.54-0 and fixed in 0.54-1 allows a local attack ...)
+	{DLA-3895-1}
 	- puredata 0.54.1+ds-1
 	[bookworm] - puredata <no-dsa> (Minor issue)
 	NOTE: https://github.com/pure-data/pure-data/issues/2063
@@ -1571,7 +1627,7 @@ CVE-2024-38380 (This vulnerability occurs when user-supplied input is improperly
 	NOT-FOR-US: Proroute H685t-w
 CVE-2024-38183 (An improper access control vulnerability in GroupMe allows an a unauth ...)
 	NOT-FOR-US: Microsoft
-CVE-2024-22303 (Incorrect Privilege Assignment vulnerability in favethemes Houzez houz ...)
+CVE-2024-22303 (Incorrect Privilege Assignment vulnerability in favethemes Houzez allo ...)
 	NOT-FOR-US: WordPress plugin
 CVE-2024-21743 (Privilege Escalation vulnerability in favethemes Houzez Login Register ...)
 	NOT-FOR-US: WordPress plugin
@@ -36072,7 +36128,7 @@ CVE-2024-4138 (Manage Bank Statement ReProcessing Rules does not perform necessa
 	NOT-FOR-US: SAP
 CVE-2024-3241 (The Ultimate Blocks  WordPress plugin before 3.1.7 does not validate a ...)
 	NOT-FOR-US: WordPress plugin
-CVE-2024-3037 (An arbitrary file deletion vulnerability exists in PaperCut NG/MF that ...)
+CVE-2024-3037 (An arbitrary file deletion vulnerability exists in PaperCut NG/MF, spe ...)
 	NOT-FOR-US: PaperCut NG/MF
 CVE-2024-34687 (SAP NetWeaver Application Server for ABAP and ABAP Platform do not suf ...)
 	NOT-FOR-US: SAP
@@ -46354,7 +46410,7 @@ CVE-2024-2836 (The Social Share, Social Login and Social Comments Plugin  WordPr
 	NOT-FOR-US: WordPress plugin
 CVE-2024-2739 (The Advanced Search WordPress plugin through 1.1.6 does not have CSRF  ...)
 	NOT-FOR-US: WordPress plugin
-CVE-2024-29844 (Default credentials on the Web Interface of Evolution Controller 2.x ( ...)
+CVE-2024-29844 (Default credentials on the Web Interface of Evolution Controller 2.x a ...)
 	NOT-FOR-US: Evolution Controller
 CVE-2024-29843 (The Web interface of Evolution Controller Versions 2.04.560.31.03.2024 ...)
 	NOT-FOR-US: Evolution Controller



View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/d3aac7e48db620a728fc44b4a6fa50a1516aec1f

-- 
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/d3aac7e48db620a728fc44b4a6fa50a1516aec1f
You're receiving this email because of your account on salsa.debian.org.


-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://alioth-lists.debian.net/pipermail/debian-security-tracker-commits/attachments/20240926/eb5dd127/attachment-0001.htm>

More information about the debian-security-tracker-commits mailing list