[Git][security-tracker-team/security-tracker][master] automatic update

Salvatore Bonaccorso (@carnil) carnil at debian.org
Fri Sep 27 09:12:29 BST 2024 


Salvatore Bonaccorso pushed to branch master at Debian Security Tracker / security-tracker


Commits:
1f055053 by security tracker role at 2024-09-27T08:12:23+00:00
automatic update

- - - - -


1 changed file:

- data/CVE/list


Changes:

=====================================
data/CVE/list
=====================================
@@ -1,3 +1,51 @@
+CVE-2024-9130 (The GiveWP \u2013 Donation Plugin and Fundraising Platform plugin for  ...)
+	TODO: check
+CVE-2024-9049 (The Beaver Builder \u2013 WordPress Page Builder plugin for WordPress  ...)
+	TODO: check
+CVE-2024-9029 (A flaw was found in freeimage library. Processing a crafted image can  ...)
+	TODO: check
+CVE-2024-8991 (The OSM \u2013 OpenStreetMap plugin for WordPress is vulnerable to Sto ...)
+	TODO: check
+CVE-2024-8974 (Information disclosure in Gitlab EE/CE affecting all versions from 15. ...)
+	TODO: check
+CVE-2024-8965 (The Absolute Reviews plugin for WordPress is vulnerable to Stored Cros ...)
+	TODO: check
+CVE-2024-8922 (The Product Enquiry for WooCommerce, WooCommerce product catalog plugi ...)
+	TODO: check
+CVE-2024-8681 (The Premium Addons for Elementor plugin for WordPress is vulnerable to ...)
+	TODO: check
+CVE-2024-7714 (The AI ChatBot with ChatGPT and Content Generator by AYS WordPress plu ...)
+	TODO: check
+CVE-2024-7713 (The AI ChatBot with ChatGPT and Content Generator by AYS WordPress plu ...)
+	TODO: check
+CVE-2024-7400 (The vulnerability potentially allowed an attacker to misuse ESET\u2019 ...)
+	TODO: check
+CVE-2024-7011 (Sharp NEC Projectors (NP-CB4500UL, NP-CB4500WL, NP-CB4700UL, NP-P525UL ...)
+	TODO: check
+CVE-2024-6769 (A DLL Hijacking caused by drive remapping combined with a poisoning of ...)
+	TODO: check
+CVE-2024-4099 (An issue has been discovered in GitLab EE affecting all versions start ...)
+	TODO: check
+CVE-2024-46628 (Tenda G3 Router firmware v15.03.05.05 was discovered to contain a remo ...)
+	TODO: check
+CVE-2024-45986 (A stored Cross-Site Scripting (XSS) vulnerability was identified in Pr ...)
+	TODO: check
+CVE-2024-40508 (Cross Site Scripting vulnerability in openPetra v.2023.02 allows a rem ...)
+	TODO: check
+CVE-2024-40507 (Cross Site Scripting vulnerability in openPetra v.2023.02 allows a rem ...)
+	TODO: check
+CVE-2024-40506 (Cross Site Scripting vulnerability in openPetra v.2023.02 allows a rem ...)
+	TODO: check
+CVE-2024-39435 (In Logmanager service, there is a possible missing verification incorr ...)
+	TODO: check
+CVE-2024-39434 (In drm service, there is a possible out of bounds read due to a missin ...)
+	TODO: check
+CVE-2024-39433 (In drm service, there is a possible out of bounds write due to a missi ...)
+	TODO: check
+CVE-2024-39432 (In UMTS RLC driver, there is a possible out of bounds read due to a mi ...)
+	TODO: check
+CVE-2024-39431 (In UMTS RLC driver, there is a possible out of bounds write due to a m ...)
+	TODO: check
 CVE-2024-9203 (A vulnerability, which was classified as problematic, has been found i ...)
 	NOT-FOR-US: Enpass Password Manager
 CVE-2024-9199 (Rate limit vulnerability in Clibo Manager v1.1.9.2 that could allow an ...)
@@ -161,22 +209,22 @@ CVE-2024-30134 (The HCL Traveler for Microsoft Outlook executable (HTMO.exe) is
 	NOT-FOR-US: HCL
 CVE-2023-46175 (IBM Cloud Pak for Multicloud Management 2.3 through 2.3 FP8 stores use ...)
 	NOT-FOR-US: IBM
-CVE-2024-47177
+CVE-2024-47177 (CUPS is a standards-based, open-source printing system, and cups-filte ...)
 	- cups-filters <unfixed> (bug #1082822)
 	NOTE: https://github.com/OpenPrinting/cups-filters/security/advisories/GHSA-p9rh-jxmq-gq47
 	NOTE: https://www.evilsocket.net/2024/09/26/Attacking-UNIX-systems-via-CUPS-Part-I/
-CVE-2024-47175
+CVE-2024-47175 (CUPS is a standards-based, open-source printing system, and `libppd` c ...)
 	- libppd <removed>
 	NOTE: https://github.com/OpenPrinting/libppd/security/advisories/GHSA-7xfx-47qg-grp6
 	NOTE: https://www.evilsocket.net/2024/09/26/Attacking-UNIX-systems-via-CUPS-Part-I/
 	NOTE: Fixed by: https://github.com/OpenPrinting/libppd/commit/d681747ebf12602cb426725eb8ce2753211e2477
-CVE-2024-47076
+CVE-2024-47076 (CUPS is a standards-based, open-source printing system, and `libcupsfi ...)
 	- libcupsfilters <unfixed> (bug #1082821)
 	- cups-filters <unfixed> (bug #1082827)
 	NOTE: https://github.com/OpenPrinting/libcupsfilters/security/advisories/GHSA-w63j-6g73-wmg5
 	NOTE: https://www.evilsocket.net/2024/09/26/Attacking-UNIX-systems-via-CUPS-Part-I/
 	NOTE: Fixed by: https://github.com/OpenPrinting/libcupsfilters/commit/95576ec3d20c109332d14672a807353cdc551018
-CVE-2024-47176
+CVE-2024-47176 (CUPS is a standards-based, open-source printing system, and `cups-brow ...)
 	- cups-filters <unfixed> (bug #1082820)
 	NOTE: https://github.com/OpenPrinting/cups-browsed/security/advisories/GHSA-rj88-6mr5-rcw8
 	NOTE: https://www.evilsocket.net/2024/09/26/Attacking-UNIX-systems-via-CUPS-Part-I/
@@ -14238,17 +14286,17 @@ CVE-2024-24622 (Softaculous Webuzo contains a command injection in the password
 CVE-2024-24621 (Softaculous Webuzo contains an authentication bypass vulnerability thr ...)
 	NOT-FOR-US: Softaculous Webuzo
 CVE-2024-35296 (Invalid Accept-Encoding header can cause Apache Traffic Server to fail ...)
-	{DSA-5758-1}
+	{DSA-5758-1 DLA-3897-1}
 	- trafficserver 9.2.5+ds-1 (bug #1077141)
 	NOTE: https://www.openwall.com/lists/oss-security/2024/07/25/1
 	NOTE: https://github.com/apache/trafficserver/commit/4122abd9272d49cb4ed87d479e1febb0f1c7c1da
 CVE-2024-35161 (Apache Traffic Server forwards malformed HTTP chunked trailer section  ...)
-	{DSA-5758-1}
+	{DSA-5758-1 DLA-3897-1}
 	- trafficserver 9.2.5+ds-1 (bug #1077141)
 	NOTE: https://www.openwall.com/lists/oss-security/2024/07/25/1
 	NOTE: https://github.com/apache/trafficserver/commit/3ba1e2685f89bcd631b66748f70f69a5eecf741b
 CVE-2023-38522 (Apache Traffic Server accepts characters that are not allowed for HTTP ...)
-	{DSA-5758-1}
+	{DSA-5758-1 DLA-3897-1}
 	- trafficserver 9.2.5+ds-1 (bug #1077141)
 	NOTE: https://www.openwall.com/lists/oss-security/2024/07/25/1
 	NOTE: https://github.com/apache/trafficserver/commit/b104992e2315969688a697cbf7d5007a7dca396f



View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/1f0550533f61843e58930cbc83ae333d29d73a01

-- 
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/1f0550533f61843e58930cbc83ae333d29d73a01
You're receiving this email because of your account on salsa.debian.org.


-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://alioth-lists.debian.net/pipermail/debian-security-tracker-commits/attachments/20240927/cc64c495/attachment.htm>

More information about the debian-security-tracker-commits mailing list