Salvatore Bonaccorso pushed to branch master at Debian Security Tracker /
security-tracker
Commits:
2dec98e8 by security tracker role at 2024-12-21T20:12:12+00:00
automatic update
- - - - -
1 changed file:
- data/CVE/list
Changes:
=====================================
data/CVE/list
=====================================
@@ -1,3 +1,33 @@
+CVE-2024-9545 (The Shortcodes and extra features for Phlox theme plugin for
WordPress ...)
+ TODO: check
+CVE-2024-51464 (IBM i 7.3, 7.4, and 7.5 is vulnerable to bypassing Navigator
for i int ...)
+ TODO: check
+CVE-2024-51463 (IBM i 7.3, 7.4, and 7.5 is vulnerable to server-side request
forgery ...)
+ TODO: check
+CVE-2024-12884 (A vulnerability was found in Codezips E-Commerce Website 1.0.
It has b ...)
+ TODO: check
+CVE-2024-12883 (A vulnerability was found in code-projects Job Recruitment
1.0. It has ...)
+ TODO: check
+CVE-2024-12875 (The Easy Digital Downloads \u2013 eCommerce Payments and
Subscriptions ...)
+ TODO: check
+CVE-2024-12591 (The MagicPost plugin for WordPress is vulnerable to Stored
Cross-Site ...)
+ TODO: check
+CVE-2024-12588 (The Shortcodes and extra features for Phlox theme plugin for
WordPress ...)
+ TODO: check
+CVE-2024-12558 (The WP BASE Booking of Appointments, Services and Events
plugin for Wo ...)
+ TODO: check
+CVE-2024-12408 (The WP on AWS plugin for WordPress is vulnerable to Reflected
Cross-Si ...)
+ TODO: check
+CVE-2024-11808 (The Pingmeter Uptime Monitoring plugin for WordPress is
vulnerable to ...)
+ TODO: check
+CVE-2024-11722 (The Frontend Admin by DynamiApps plugin for WordPress is
vulnerable to ...)
+ TODO: check
+CVE-2024-11688 (The LaTeX2HTML plugin for WordPress is vulnerable to Reflected
Cross-S ...)
+ TODO: check
+CVE-2024-10797 (The Full Screen Menu for Elementor plugin for WordPress is
vulnerable ...)
+ TODO: check
+CVE-2024-10453 (The Elementor Website Builder \u2013 More than Just a Page
Builder plu ...)
+ TODO: check
CVE-2024-12582
NOT-FOR-US: Skupper
CVE-2024-56359 (grist-core is a spreadsheet hosting server. A user visiting a
maliciou ...)
@@ -2411,7 +2441,7 @@ CVE-2024-48912 (GLPI is a free asset and IT management
software package. Startin
- glpi <removed>
NOTE:
https://github.com/glpi-project/glpi/security/advisories/GHSA-vjmw-j32j-ph4f
CVE-2024-47835 (GStreamer is a library for constructing graphs of
media-handling compo ...)
- {DSA-5831-1}
+ {DSA-5831-1 DLA-3999-1}
- gst-plugins-base1.0 1.24.10-1
- gst-plugins-base0.10 <removed>
NOTE: https://securitylab.github.com/advisories/GHSL-2024-263_Gstreamer/
@@ -2481,7 +2511,7 @@ CVE-2024-47758 (GLPI is a free asset and IT management
software package. Startin
- glpi <removed>
NOTE:
https://github.com/glpi-project/glpi/security/advisories/GHSA-3r4x-6pmx-phwr
CVE-2024-47615 (GStreamer is a library for constructing graphs of
media-handling compo ...)
- {DSA-5831-1}
+ {DSA-5831-1 DLA-3999-1}
- gst-plugins-base1.0 1.24.10-1
- gst-plugins-base0.10 <removed>
NOTE:
https://securitylab.github.com/advisories/GHSL-2024-115_GHSL-2024-118_Gstreamer/
@@ -2499,7 +2529,7 @@ CVE-2024-47613 (GStreamer is a library for constructing
graphs of media-handling
NOTE: Fixed by:
https://gitlab.freedesktop.org/gstreamer/gstreamer/-/commit/1d1c9d63be51d85f9b80f0c227d4b3469fee2534
NOTE: Fixed by:
https://gitlab.freedesktop.org/gstreamer/gstreamer/-/commit/5106dc94fb9b2d8bd0db547e2c325244b7c1f32c
(1.24.10)
CVE-2024-47607 (GStreamer is a library for constructing graphs of
media-handling compo ...)
- {DSA-5831-1}
+ {DSA-5831-1 DLA-3999-1}
- gst-plugins-base1.0 1.24.10-1
- gst-plugins-base0.10 <removed>
NOTE:
https://securitylab.github.com/advisories/GHSL-2024-115_GHSL-2024-118_Gstreamer/
@@ -2545,7 +2575,7 @@ CVE-2024-47601 (GStreamer is a library for constructing
graphs of media-handling
NOTE: Fixed by:
https://gitlab.freedesktop.org/gstreamer/gstreamer/-/merge_requests/8057
NOTE: Fixed by:
https://gitlab.freedesktop.org/gstreamer/gstreamer/-/merge_requests/8058
(1.24.10)
CVE-2024-47600 (GStreamer is a library for constructing graphs of
media-handling compo ...)
- {DSA-5831-1}
+ {DSA-5831-1 DLA-3999-1}
- gst-plugins-base1.0 1.24.10-1
- gst-plugins-base0.10 <removed>
NOTE: https://securitylab.github.com/advisories/GHSL-2024-248_Gstreamer/
@@ -2618,6 +2648,7 @@ CVE-2024-47543 (GStreamer is a library for constructing
graphs of media-handling
NOTE: Fixed by:
https://gitlab.freedesktop.org/gstreamer/gstreamer/-/merge_requests/8059
NOTE: Fixed by:
https://gitlab.freedesktop.org/gstreamer/gstreamer/-/merge_requests/8060
(1.24.10)
CVE-2024-47542 (GStreamer is a library for constructing graphs of
media-handling compo ...)
+ {DLA-3999-1}
- gst-plugins-base1.0 1.24.10-1
[bookworm] - gst-plugins-base1.0 <no-dsa> (Minor issue)
- gst-plugins-base0.10 <removed>
@@ -2627,7 +2658,7 @@ CVE-2024-47542 (GStreamer is a library for constructing
graphs of media-handling
NOTE: Fixed by:
https://gitlab.freedesktop.org/gstreamer/gstreamer/-/commit/537161868f36048571f400648ac7909f26c73d53
NOTE: Fixed by:
https://gitlab.freedesktop.org/gstreamer/gstreamer/-/commit/921d8daa00c329932616dd5d197b601a7e271e79
(1.24.10)
CVE-2024-47541 (GStreamer is a library for constructing graphs of
media-handling compo ...)
- {DSA-5831-1}
+ {DSA-5831-1 DLA-3999-1}
- gst-plugins-base1.0 1.24.10-1
- gst-plugins-base0.10 <removed>
NOTE: https://securitylab.github.com/advisories/GHSL-2024-228_GStreamer/
@@ -2654,7 +2685,7 @@ CVE-2024-47539 (GStreamer is a library for constructing
graphs of media-handling
NOTE: Fixed by:
https://gitlab.freedesktop.org/gstreamer/gstreamer/-/merge_requests/8059
NOTE: Fixed by:
https://gitlab.freedesktop.org/gstreamer/gstreamer/-/merge_requests/8060
(1.24.10)
CVE-2024-47538 (GStreamer is a library for constructing graphs of
media-handling compo ...)
- {DSA-5831-1}
+ {DSA-5831-1 DLA-3999-1}
- gst-plugins-base1.0 1.24.10-1
- gst-plugins-base0.10 <removed>
NOTE:
https://securitylab.github.com/advisories/GHSL-2024-115_GHSL-2024-118_Gstreamer/
@@ -10883,6 +10914,7 @@ CVE-2024-7571 (Incorrect permissions in Ivanti Secure
Access Client before 22.7R
CVE-2024-7516 (A vulnerability in Brocade Fabric OS versions before 9.2.2
could allow ...)
NOT-FOR-US: Brocade Fabric OS
CVE-2024-52301 (Laravel is a web application framework. When the
register_argc_argv ph ...)
+ {DLA-3997-1}
- php-laravel-framework <unfixed> (bug #1088189)
NOTE:
https://github.com/laravel/framework/security/advisories/GHSA-gv7v-rgg6-548h
NOTE: Fixed by:
https://github.com/laravel/framework/commit/eded6bdfc05af9b5437d107b4d092558fe46292c
(v8.83.28)
@@ -48147,6 +48179,7 @@ CVE-2024-37895 (Lobe Chat is an open-source LLMs/AI
chat framework. In affected
CVE-2024-37893 (Firefly III is a free and open source personal finance
manager. In aff ...)
NOT-FOR-US: Firefly
CVE-2024-37891 (urllib3 is a user-friendly HTTP client library for Python.
When using ...)
+ {DLA-3998-1}
[experimental] - python-urllib3 2.2.3-1
- python-urllib3 2.2.3-3 (bug #1074149)
[bookworm] - python-urllib3 <no-dsa> (Minor issue)
@@ -66487,6 +66520,7 @@ CVE-2023-52647 (In the Linux kernel, the following
vulnerability has been resolv
[buster] - linux <not-affected> (Vulnerable code not present)
NOTE:
https://git.kernel.org/linus/eb2f932100288dbb881eadfed02e1459c6b9504c (6.9-rc1)
CVE-2024-4340 (Passing a heavily nested list to sqlparse.parse() leads to a
Denial of ...)
+ {DLA-4000-1}
- sqlparse 0.5.0-1 (bug #1070148)
[bookworm] - sqlparse <no-dsa> (Minor issue)
[buster] - sqlparse <postponed> (Minor issue)
@@ -110872,7 +110906,7 @@ CVE-2023-45902 (Dreamer CMS v4.1.3 was discovered to
contain a Cross-Site Reques
CVE-2023-45901 (Dreamer CMS v4.1.3 was discovered to contain a Cross-Site
Request Forg ...)
NOT-FOR-US: Dreamer CMS
CVE-2023-45803 (urllib3 is a user-friendly HTTP client library for Python.
urllib3 pre ...)
- {DLA-3649-1}
+ {DLA-3998-1 DLA-3649-1}
- python-urllib3 1.26.18-1 (bug #1054226)
[bookworm] - python-urllib3 <no-dsa> (Minor issue)
NOTE:
https://github.com/urllib3/urllib3/security/advisories/GHSA-g4mx-q9vg-27p4
@@ -113271,7 +113305,7 @@ CVE-2023-44075 (Cross Site Scripting vulnerability in
Small CRM in PHP v.3.0 all
CVE-2023-43838 (An arbitrary file upload vulnerability in Personal Management
System v ...)
NOT-FOR-US: Personal Management System
CVE-2023-43804 (urllib3 is a user-friendly HTTP client library for Python.
urllib3 doe ...)
- {DLA-3610-1}
+ {DLA-3998-1 DLA-3610-1}
- python-urllib3 1.26.17-1 (bug #1053626)
[bookworm] - python-urllib3 <no-dsa> (Minor issue)
NOTE:
https://github.com/urllib3/urllib3/security/advisories/GHSA-v845-jxx5-vc9f
@@ -134935,7 +134969,7 @@ CVE-2023-30609 (matrix-react-sdk is a react-based SDK
for inserting a Matrix cha
NOT-FOR-US: Node matrix-react-sdk
NOTE:
https://github.com/matrix-org/matrix-react-sdk/security/advisories/GHSA-xv83-x443-7rmw
CVE-2023-30608 (sqlparse is a non-validating SQL parser module for Python. In
affected ...)
- {DLA-3425-1}
+ {DLA-4000-1 DLA-3425-1}
- sqlparse 0.4.4-1 (bug #1034615)
[bookworm] - sqlparse <no-dsa> (Minor issue)
NOTE:
https://github.com/andialbrecht/sqlparse/security/advisories/GHSA-rrm6-wvj7-cwh2
@@ -281328,6 +281362,7 @@ CVE-2021-32840 (SharpZipLib (or #ziplib) is a Zip,
GZip, Tar and BZip2 library.
NOTE:
https://github.com/icsharpcode/SharpZipLib/commit/a0e96de70b5264f4c919b09253b1522bc7a221cc
NOTE: Introduced by
https://github.com/icsharpcode/SharpZipLib/commit/0cbdef20f1d5654ab5b93a6ce1ff8a917d3b905b
CVE-2021-32839 (sqlparse is a non-validating SQL parser module for Python. In
sqlparse ...)
+ {DLA-4000-1}
- sqlparse 0.4.2-1 (bug #994841)
[buster] - sqlparse <not-affected> (Vulnerable code introduced later)
[stretch] - sqlparse <not-affected> (Vulnerable code introduced later)
View it on GitLab:
https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/2dec98e83298882b57722f436229db98cc2b7588
--
View it on GitLab:
https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/2dec98e83298882b57722f436229db98cc2b7588
You're receiving this email because of your account on salsa.debian.org.
_______________________________________________
debian-security-tracker-commits mailing list
debian-security-tracker-commits@alioth-lists.debian.net
https://alioth-lists.debian.net/cgi-bin/mailman/listinfo/debian-security-tracker-commits
