[Git][security-tracker-team/security-tracker][master] automatic update

Salvatore Bonaccorso (@carnil) Tue, 02 Apr 2024 13:12:23 -0700


Salvatore Bonaccorso pushed to branch master at Debian Security Tracker / 
security-tracker



Commits:
edaa68cc by security tracker role at 2024-04-02T20:11:54+00:00
automatic update

- - - - -


1 changed file:

- data/CVE/list


Changes:

=====================================
data/CVE/list
=====================================
@@ -1,3 +1,89 @@
+CVE-2024-3151 (A vulnerability, which was classified as problematic, was found 
in Bdt ...)
+       TODO: check
+CVE-2024-31109 (Cross-Site Request Forgery (CSRF) vulnerability in Toastie 
Studio Wooc ...)
+       TODO: check
+CVE-2024-31105 (Cross-Site Request Forgery (CSRF) vulnerability in Adam Bowen 
Tax Rate ...)
+       TODO: check
+CVE-2024-30965 (DedeCMS v5.7 was discovered to contain a Cross-Site Request 
Forgery (C ...)
+       TODO: check
+CVE-2024-30946 (DedeCMS v5.7 was discovered to contain a Cross-Site Request 
Forgery (C ...)
+       TODO: check
+CVE-2024-30809 (An issue was discovered in Bento4 v1.6.0-641-2-g1529b83. There 
is a he ...)
+       TODO: check
+CVE-2024-30808 (An issue was discovered in Bento4 v1.6.0-641-2-g1529b83. There 
is a he ...)
+       TODO: check
+CVE-2024-30807 (An issue was discovered in Bento4 v1.6.0-641-2-g1529b83. There 
is a he ...)
+       TODO: check
+CVE-2024-30806 (An issue was discovered in Bento4 v1.6.0-641-2-g1529b83. There 
is a he ...)
+       TODO: check
+CVE-2024-30621 (Tenda AX1803 v1.0.0.1 contains a stack overflow via the 
serverName par ...)
+       TODO: check
+CVE-2024-30620 (Tenda AX1803 v1.0.0.1 contains a stack overflow via the 
serviceName pa ...)
+       TODO: check
+CVE-2024-30532 (Server-Side Request Forgery (SSRF) vulnerability in Builderall 
Team Bu ...)
+       TODO: check
+CVE-2024-30531 (Server-Side Request Forgery (SSRF) vulnerability in Nelio 
Software Nel ...)
+       TODO: check
+CVE-2024-30335 (Foxit PDF Reader AcroForm Annotation Out-Of-Bounds Read 
Information Di ...)
+       TODO: check
+CVE-2024-30248 (Piccolo Admin is an admin interface/content management system 
for Pyth ...)
+       TODO: check
+CVE-2024-2931 (The WPFront User Role Editor plugin for WordPress is vulnerable 
to Sen ...)
+       TODO: check
+CVE-2024-2745 (Rapid7's InsightVM maintenance mode login page suffers from a 
sensitiv ...)
+       TODO: check
+CVE-2024-2435 (For an attacker with pre-existing access to send a signal to a 
workflo ...)
+       TODO: check
+CVE-2024-2389 (In Flowmon versions prior to 11.1.14 and 12.3.5, an operating 
system c ...)
+       TODO: check
+CVE-2024-29949 (There is a command injection vulnerability in some Hikvision 
NVRs. Thi ...)
+       TODO: check
+CVE-2024-29948 (There is an out-of-bounds read vulnerability in some Hikvision 
NVRs. A ...)
+       TODO: check
+CVE-2024-29947 (There is a NULL dereference pointer vulnerability in some 
Hikvision NV ...)
+       TODO: check
+CVE-2024-29834 (This vulnerability allows authenticated users with produce or 
consume  ...)
+       TODO: check
+CVE-2024-29514 (File Upload vulnerability in lepton v.7.1.0 allows a remote 
authentica ...)
+       TODO: check
+CVE-2024-28287 (A DOM-based open redirection in the returnUrl parameter of 
INSTINCT UI ...)
+       TODO: check
+CVE-2024-24888 (Server-Side Request Forgery (SSRF) vulnerability in Kadence WP 
Gutenbe ...)
+       TODO: check
+CVE-2024-22780 (Cross Site Scripting vulnerability in CA17 TeamsACS v.1.0.1 
allows a r ...)
+       TODO: check
+CVE-2024-22248 (VMware SD-WAN Orchestrator contains an open redirect 
vulnerability.  A ...)
+       TODO: check
+CVE-2024-22247 (VMware SD-WAN Edge contains a missing authentication and 
protection me ...)
+       TODO: check
+CVE-2024-22246 (VMware SD-WAN Edge contains an unauthenticated command 
injection vulne ...)
+       TODO: check
+CVE-2024-1946 (The Genesis Blocks plugin for WordPress is vulnerable to Stored 
Cross- ...)
+       TODO: check
+CVE-2024-1807 (The Product Sort and Display for WooCommerce plugin for 
WordPress is v ...)
+       TODO: check
+CVE-2024-1732 (The Sharkdropship for AliExpress Dropshipping and Affiliate 
plugin for ...)
+       TODO: check
+CVE-2023-6951 (A Use of Weak Credentials vulnerability affecting the Wi-Fi 
network ge ...)
+       TODO: check
+CVE-2023-6950 (An Improper Input Validation vulnerability affecting the FTP 
service r ...)
+       TODO: check
+CVE-2023-6949 (A Missing Authentication for Critical Function issue affecting 
the HTT ...)
+       TODO: check
+CVE-2023-6948 (A Buffer Copy without Checking Size of Input issue affecting 
the v2_sd ...)
+       TODO: check
+CVE-2023-51456 (A Improper Input Validation issue affecting the v2_sdk_service 
running ...)
+       TODO: check
+CVE-2023-51455 (A Improper Validation of Array Index issue affecting the 
v2_sdk_servic ...)
+       TODO: check
+CVE-2023-51454 (A Out-of-bounds Write issue affecting the v2_sdk_service 
running on a  ...)
+       TODO: check
+CVE-2023-51453 (A Improper Input Validation issue affecting the v2_sdk_service 
running ...)
+       TODO: check
+CVE-2023-51452 (A Improper Input Validation issue affecting the v2_sdk_service 
running ...)
+       TODO: check
+CVE-2023-50313 (IBM WebSphere Application Server 8.5 and 9.0 could provide 
weaker than ...)
+       TODO: check
 CVE-2024-3165 (System->Maintenance-> Log Files in dotCMS dashboard is 
providing the u ...)
        NOT-FOR-US: dotCMS
 CVE-2024-3164 (In dotCMS dashboard, the Tools and Log Files tabs under System 
\u2192  ...)
@@ -621,7 +707,7 @@ CVE-2024-3018 (The Essential Addons for Elementor plugin 
for WordPress is vulner
        NOT-FOR-US: WordPress plugin
 CVE-2024-2491 (The PowerPack Addons for Elementor plugin for WordPress is 
vulnerable  ...)
        NOT-FOR-US: WordPress plugin
-CVE-2024-1522 (I have activated the CORS because I had a development ui that 
uses ano ...)
+CVE-2024-1522 (The parisneo/lollms-webui does not have CSRF protections. As a 
result, ...)
        NOT-FOR-US: lollms-webui
 CVE-2024-3084 (A vulnerability was found in PHPGurukul Emergency Ambulance 
Hiring Por ...)
        NOT-FOR-US: PHPGurukul Emergency Ambulance Hiring Portal
@@ -96466,6 +96552,7 @@ CVE-2022-44902
 CVE-2022-44901
        RESERVED
 CVE-2022-44900 (A directory traversal vulnerability in the 
SevenZipFile.extractall() f ...)
+       {DSA-5652-1}
        - py7zr 0.11.3+dfsg-5 (bug #1032091)
        NOTE: 
https://github.com/miurahr/py7zr/commit/1bb43f17515c7f69673a1c88ab9cc72a7bbef406
 (v0.20.1)
        NOTE: https://lessonsec.com/cve/cve-2022-44900/



View it on GitLab: 
https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/edaa68cc0dee9a48514fbce6b445b79da34ea97c

-- 
View it on GitLab: 
https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/edaa68cc0dee9a48514fbce6b445b79da34ea97c
You're receiving this email because of your account on salsa.debian.org.

_______________________________________________
debian-security-tracker-commits mailing list
[email protected]
https://alioth-lists.debian.net/cgi-bin/mailman/listinfo/debian-security-tracker-commits

[Git][security-tracker-team/security-tracker][master] automatic update

Reply via email to