Salvatore Bonaccorso pushed to branch master at Debian Security Tracker /
security-tracker
Commits:
21838b5e by security tracker role at 2024-03-14T08:12:09+00:00
automatic update
- - - - -
1 changed file:
- data/CVE/list
Changes:
=====================================
data/CVE/list
=====================================
@@ -1,3 +1,81 @@
+CVE-2024-2242 (The Contact Form 7 plugin for WordPress is vulnerable to
Reflected Cro ...)
+ TODO: check
+CVE-2024-2079 (The WPBakery Page Builder Addons by Livemesh plugin for
WordPress is v ...)
+ TODO: check
+CVE-2024-28662 (A Cross Site Scripting vulnerability exists in Piwigo before
14.3.0 sc ...)
+ TODO: check
+CVE-2024-28391 (SQL injection vulnerability in FME Modules quickproducttable
module fo ...)
+ TODO: check
+CVE-2024-28390 (An issue in Advanced Plugins ultimateimagetool module for
PrestaShop b ...)
+ TODO: check
+CVE-2024-28388 (SQL injection vulnerability in SunnyToo stproductcomments
module for P ...)
+ TODO: check
+CVE-2024-28251 (Querybook is a Big Data Querying UI, combining collocated
table metada ...)
+ TODO: check
+CVE-2024-28193 (your_spotify is an open source, self hosted Spotify tracking
dashboard ...)
+ TODO: check
+CVE-2024-28192 (your_spotify is an open source, self hosted Spotify tracking
dashboard ...)
+ TODO: check
+CVE-2024-28175 (Argo CD is a declarative, GitOps continuous delivery tool for
Kubernet ...)
+ TODO: check
+CVE-2024-27703 (Cross Site Scripting vulnerability in Leantime 3.0.6 allows a
remote a ...)
+ TODO: check
+CVE-2024-27102 (Wings is the server control plane for Pterodactyl Panel. This
vulnerab ...)
+ TODO: check
+CVE-2024-27097 (A user endpoint didn't perform filtering on an incoming
parameter, whi ...)
+ TODO: check
+CVE-2024-25653 (Broken Access Control in the Report functionality of Delinea
PAM Secre ...)
+ TODO: check
+CVE-2024-25652 (In Delinea PAM Secret Server 11.4, it is possible for a user
(with acc ...)
+ TODO: check
+CVE-2024-25651 (User enumeration can occur in the Authentication REST API in
Delinea P ...)
+ TODO: check
+CVE-2024-25650 (Insecure key exchange between Delinea PAM Secret Server 11.4
and the D ...)
+ TODO: check
+CVE-2024-25649 (In Delinea PAM Secret Server 11.4, it is possible for an
attacker (wit ...)
+ TODO: check
+CVE-2024-25250 (SQL Injection vulnerability in code-projects Agro-School
Management Sy ...)
+ TODO: check
+CVE-2024-25228 (Vinchin Backup and Recovery 7.2 and Earlier is vulnerable to
Authentic ...)
+ TODO: check
+CVE-2024-24105 (SQL Injection vulnerability in Code-projects Computer Science
Time Tab ...)
+ TODO: check
+CVE-2024-22398 (An improper Limitation of a Pathname to a Restricted Directory
(Path T ...)
+ TODO: check
+CVE-2024-22397 (Improper Neutralization of Input During Web Page Generation
('Cross-si ...)
+ TODO: check
+CVE-2024-22396 (An Integer-based buffer overflow vulnerability in the SonicOS
via IPSe ...)
+ TODO: check
+CVE-2024-22167 (A potential DLL hijacking vulnerability in the SanDisk
PrivateAccess a ...)
+ TODO: check
+CVE-2024-1884 (This is a Server-Side Request Forgery (SSRF) vulnerability in
the Pape ...)
+ TODO: check
+CVE-2024-1883 (This is a reflected cross site scripting vulnerability in the
PaperCut ...)
+ TODO: check
+CVE-2024-1882 (This vulnerability allows an already authenticated admin user
to creat ...)
+ TODO: check
+CVE-2024-1654 (This vulnerability potentially allows unauthorized write
operations wh ...)
+ TODO: check
+CVE-2024-1223 (This vulnerability potentially allows unauthorized enumeration
of info ...)
+ TODO: check
+CVE-2024-1222 (This allows attackers to use a maliciously formed API request
to gain ...)
+ TODO: check
+CVE-2024-1221 (This vulnerability potentially allows files on a PaperCut NG/MF
server ...)
+ TODO: check
+CVE-2023-50726 (Argo CD is a declarative, GitOps continuous delivery tool for
Kubernet ...)
+ TODO: check
+CVE-2023-41505 (An arbitrary file upload vulnerability in the Add Student's
Profile Pi ...)
+ TODO: check
+CVE-2023-41504 (SQL Injection vulnerability in Student Enrollment In PHP 1.0
allows at ...)
+ TODO: check
+CVE-2023-38536 (HTML injection inOpenText\u2122Exceed Turbo X affecting
version 12.5.1 ...)
+ TODO: check
+CVE-2023-38535 (Use of Hard-coded Cryptographic Key vulnerability
inOpenText\u2122Exce ...)
+ TODO: check
+CVE-2023-38534 (Improper authentication vulnerability inOpenText\u2122Exceed
Turbo X a ...)
+ TODO: check
+CVE-2023-36238 (Insecure Direct Object Reference (IDOR) in Bagisto v.1.5.1
allows an a ...)
+ TODO: check
CVE-2024-2433 (An improper authorization vulnerability in Palo Alto Networks
Panorama ...)
NOT-FOR-US: Palo Alto Networks
CVE-2024-2432 (A privilege escalation (PE) vulnerability in the Palo Alto
Networks Gl ...)
@@ -283744,8 +283822,8 @@ CVE-2019-20770 (An issue was discovered on LG mobile
devices with Android OS 9.0
NOT-FOR-US: LG mobile devices
CVE-2019-20769 (An issue was discovered in LG PC Suite for LG G3 and earlier
(aka LG P ...)
NOT-FOR-US: LG PC Suite
-CVE-2020-11862
- RESERVED
+CVE-2020-11862 (Allocation of Resources Without Limits or Throttling
vulnerability in ...)
+ TODO: check
CVE-2020-11861 (Unauthorized escalation of local privileges vulnerability on
Micro Foc ...)
NOT-FOR-US: Micro Focus
CVE-2020-11860 (Cross-Site Scripting vulnerability on Micro Focus ArcSight
Logger prod ...)
View it on GitLab:
https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/21838b5ea505251a62c353afa4a521cb43e68dff
--
View it on GitLab:
https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/21838b5ea505251a62c353afa4a521cb43e68dff
You're receiving this email because of your account on salsa.debian.org.
_______________________________________________
debian-security-tracker-commits mailing list
[email protected]
https://alioth-lists.debian.net/cgi-bin/mailman/listinfo/debian-security-tracker-commits
