[Git][security-tracker-team/security-tracker][master] automatic update

Salvatore Bonaccorso (@carnil) Tue, 24 Sep 2024 13:18:59 -0700


Salvatore Bonaccorso pushed to branch master at Debian Security Tracker / 
security-tracker



Commits:
1aa592dd by security tracker role at 2024-09-24T20:12:48+00:00
automatic update

- - - - -


1 changed file:

- data/CVE/list


Changes:

=====================================
data/CVE/list
=====================================
@@ -1,17 +1,65 @@
+CVE-2024-9148 (Flowise < 2.1.1 suffers from a Stored Cross-Site vulnerability 
due to  ...)
+       TODO: check
+CVE-2024-9142 (External Control of File Name or Path, : Incorrect Permission 
Assignme ...)
+       TODO: check
+CVE-2024-9141 (Cross-Site Scripting (XSS) vulnerability in the Oct8ne system. 
This fl ...)
+       TODO: check
+CVE-2024-9063
+       REJECTED
+CVE-2024-8942 (Vulnerability in Scriptcase version 9.4.019 that consists of a 
Cross-S ...)
+       TODO: check
+CVE-2024-8941 (Path traversal vulnerability in Scriptcase version 9.4.019, in 
/script ...)
+       TODO: check
+CVE-2024-8940 (Vulnerability in the Scriptcase application version 9.4.019, 
which inv ...)
+       TODO: check
+CVE-2024-8878 (The password recovery mechanism for the forgotten password in 
Riello N ...)
+       TODO: check
+CVE-2024-8877 (Improper neutralization of special elements results in a SQL 
Injection ...)
+       TODO: check
+CVE-2024-8801 (The Happy Addons for Elementor plugin for WordPress is 
vulnerable to S ...)
+       TODO: check
+CVE-2024-8067 (In versions of Helix Core prior to 2024.1 Patch 2 
(2024.1/2655224) a W ...)
+       TODO: check
+CVE-2024-47048 (Rocket.Chat 6.12.0, 6.11.2, 6.10.5, 6.9.6, 6.8.6, 6.7.8, and 
earlier a ...)
+       TODO: check
+CVE-2024-46936 (Rocket.Chat 6.12.0, 6.11.2, 6.10.5, 6.9.6, 6.8.6, 6.7.8, and 
before is ...)
+       TODO: check
+CVE-2024-46935 (Rocket.Chat 6.12.0, 6.11.2, 6.10.5, 6.9.6, 6.8.6, 6.7.8, and 
earlier i ...)
+       TODO: check
+CVE-2024-46934 (Rocket.Chat 6.12.0, 6.11.2, 6.10.5, 6.9.6, 6.8.6, 6.7.8, and 
earlier i ...)
+       TODO: check
+CVE-2024-46610 (An access control issue in IceCMS v3.4.7 and before allows 
attackers t ...)
+       TODO: check
+CVE-2024-46609 (An access control issue in the CheckVip function in 
UserController.jav ...)
+       TODO: check
+CVE-2024-46607 (Incorrect access control in IceCMS v3.4.7 and before allows 
attackers  ...)
+       TODO: check
+CVE-2024-45599 (Cursor is an artificial intelligence code editor. Prior to 
version 0.4 ...)
+       TODO: check
+CVE-2024-42797 (An Incorrect Access Control vulnerability was found in 
/music/ajax.php ...)
+       TODO: check
+CVE-2024-42507 (Command injection vulnerabilities in the underlying CLI 
service could  ...)
+       TODO: check
+CVE-2024-42506 (Command injection vulnerabilities in the underlying CLI 
service could  ...)
+       TODO: check
+CVE-2024-42505 (Command injection vulnerabilities in the underlying CLI 
service could  ...)
+       TODO: check
+CVE-2024-38324 (IBM Storage Defender 2.0.0 through 2.0.7 on-prem 
defender-sensor-cmd C ...)
+       TODO: check
 CVE-2024-45817 [x86: Deadlock in vlapic_error()]
        - xen <unfixed>
        [bullseye] - xen <end-of-life> (EOLed in Bullseye)
        NOTE: https://xenbits.xen.org/xsa/advisory-462.html
-CVE-2024-9123
+CVE-2024-9123 (Integer overflow in Skia in Google Chrome prior to 
129.0.6668.70 allow ...)
        - chromium <unfixed>
        [bullseye] - chromium <end-of-life> (see #1061268)
-CVE-2024-9122
+CVE-2024-9122 (Type Confusion in V8 in Google Chrome prior to 129.0.6668.70 
allowed a ...)
        - chromium <unfixed>
        [bullseye] - chromium <end-of-life> (see #1061268)
-CVE-2024-9121
+CVE-2024-9121 (Inappropriate implementation in V8 in Google Chrome prior to 
129.0.666 ...)
        - chromium <unfixed>
        [bullseye] - chromium <end-of-life> (see #1061268)
-CVE-2024-9120
+CVE-2024-9120 (Use after free in Dawn in Google Chrome on Windows prior to 
129.0.6668 ...)
        - chromium <unfixed>
        [bullseye] - chromium <end-of-life> (see #1061268)
 CVE-2024-8919 (The Confetti Fall Animation plugin for WordPress is vulnerable 
to Stor ...)
@@ -26546,6 +26594,7 @@ CVE-2024-4194 (The The Album and Image Gallery plus 
Lightbox plugin for WordPres
 CVE-2024-4177 (A host whitelist parser issue in the proxy service implemented 
in the  ...)
        NOT-FOR-US: GravityZone Update Server
 CVE-2024-3049 (A flaw was found in Booth, a cluster ticket manager. If a 
specially-cr ...)
+       {DLA-3894-1}
        - booth 1.1-2 (bug #1073249)
        NOTE: https://bugzilla.redhat.com/show_bug.cgi?id=2272082
        NOTE: https://github.com/ClusterLabs/booth/pull/142
@@ -121936,18 +121985,18 @@ CVE-2023-26693
        RESERVED
 CVE-2023-26692 (ZCBS Zijper Collectie Beheer Systeem (ZCBS), Zijper 
Publication Manage ...)
        NOT-FOR-US: ZCBS Zijper Collectie Beheer Systeem
-CVE-2023-26691
-       RESERVED
-CVE-2023-26690
-       RESERVED
-CVE-2023-26689
-       RESERVED
-CVE-2023-26688
-       RESERVED
-CVE-2023-26687
-       RESERVED
-CVE-2023-26686
-       RESERVED
+CVE-2023-26691 (Directory Traversal vulnerability in CS-Cart MultiVendor 
4.16.1 allows ...)
+       TODO: check
+CVE-2023-26690 (File Upload vulnerability in CS-Cart MultiVendor 4.16.1 allows 
remote  ...)
+       TODO: check
+CVE-2023-26689 (An issue discovered in CS-Cart MultiVendor 4.16.1 allows 
attackers to  ...)
+       TODO: check
+CVE-2023-26688 (Cross Site Scripting (XSS) vulnerability in CS-Cart 
MultiVendor 4.16.1 ...)
+       TODO: check
+CVE-2023-26687 (Directory Traversal vulnerability in CS-Cart MultiVendor 
4.16.1 allows ...)
+       TODO: check
+CVE-2023-26686 (File Upload vulnerability in CS-Cart MultiVendor 4.16.1 allows 
remote  ...)
+       TODO: check
 CVE-2023-26685
        RESERVED
 CVE-2023-26684
@@ -153122,8 +153171,8 @@ CVE-2022-43847
        RESERVED
 CVE-2022-43846
        RESERVED
-CVE-2022-43845
-       RESERVED
+CVE-2022-43845 (IBM Aspera Console 3.4.0 through 3.4.4 could allow a remote 
attacker t ...)
+       TODO: check
 CVE-2022-43844 (IBM Robotic Process Automation for Cloud Pak 20.12 through 
21.0.3 is v ...)
        NOT-FOR-US: IBM
 CVE-2022-43843 (IBM Spectrum Scale 5.1.5.0 through 5.1.5.1 uses weaker than 
expected c ...)
@@ -240884,8 +240933,8 @@ CVE-2021-38965 (IBM FileNet Content Manager 5.5.4, 
5.5.6, and 5.5.7 could allow
        NOT-FOR-US: IBM
 CVE-2021-38964
        RESERVED
-CVE-2021-38963
-       RESERVED
+CVE-2021-38963 (IBM Aspera Console 3.4.0 through 3.4.4 could allow a remote 
authentica ...)
+       TODO: check
 CVE-2021-38962
        RESERVED
 CVE-2021-38961 (IBM OPENBMC OP910 is vulnerable to cross-site scripting. This 
vulnerab ...)



View it on GitLab: 
https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/1aa592dd713fcf6f4d5eece7bf95da7187aa9a79

-- 
View it on GitLab: 
https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/1aa592dd713fcf6f4d5eece7bf95da7187aa9a79
You're receiving this email because of your account on salsa.debian.org.

_______________________________________________
debian-security-tracker-commits mailing list
[email protected]
https://alioth-lists.debian.net/cgi-bin/mailman/listinfo/debian-security-tracker-commits

[Git][security-tracker-team/security-tracker][master] automatic update

Reply via email to