[Git][security-tracker-team/security-tracker][master] automatic update

Salvatore Bonaccorso (@carnil) Mon, 21 Oct 2024 01:12:13 -0700


Salvatore Bonaccorso pushed to branch master at Debian Security Tracker / 
security-tracker



Commits:
0f069165 by security tracker role at 2024-10-21T08:11:56+00:00
automatic update

- - - - -


1 changed file:

- data/CVE/list


Changes:

=====================================
data/CVE/list
=====================================
@@ -1,3 +1,23 @@
+CVE-2024-8625 (The TS Poll  WordPress plugin before 2.4.0 does not sanitize 
and escap ...)
+       TODO: check
+CVE-2024-49215 (An issue was discovered in Sangoma Asterisk through 18.20.0, 
19.x and  ...)
+       TODO: check
+CVE-2024-43689 (Stack-based buffer overflow vulnerability exists in 
WAB-I1750-PS and W ...)
+       TODO: check
+CVE-2024-10202 (Administrative Management System from Wellchoose has an OS 
Command Inj ...)
+       TODO: check
+CVE-2024-10201 (Administrative Management System from Wellchoose does not 
properly val ...)
+       TODO: check
+CVE-2024-10200 (Administrative Management System from Wellchoose has a Path 
Traversal  ...)
+       TODO: check
+CVE-2024-10199 (A vulnerability was found in code-projects Pharmacy Management 
System  ...)
+       TODO: check
+CVE-2024-10198 (A vulnerability was found in code-projects Pharmacy Management 
System  ...)
+       TODO: check
+CVE-2024-10197 (A vulnerability was found in code-projects Pharmacy Management 
System  ...)
+       TODO: check
+CVE-2024-10196 (A vulnerability was found in code-projects Pharmacy Management 
System  ...)
+       TODO: check
 CVE-2024-49629 (Cross-Site Request Forgery (CSRF) vulnerability in Fahad 
Mahmood Endle ...)
        TODO: check
 CVE-2024-49628 (Cross-Site Request Forgery (CSRF) vulnerability in WhileTrue 
Most And  ...)
@@ -347,7 +367,7 @@ CVE-2024-33453 (Buffer Overflow vulnerability in esp-idf 
v.5.1 allows a remote a
 CVE-2024-30875 (Cross Site Scripting vulnerability in JavaScript Library 
jquery-ui v.1 ...)
        - jqueryui <unfixed> (bug #1085379)
        NOTE: https://github.com/Ant1sec-ops/CVE-2024-30875
-CVE-2024-27766 (An issue in MYSQL MariaDB v.11.1 allows a remote attacker to 
execute a ...)
+CVE-2024-27766 (An issue in MariaDB v.11.1 allows a remote attacker to execute 
arbitra ...)
        NOTE: Dubious mysql/mariadb issue, reached out to upstream
 CVE-2024-10119 (The wireless router WRTM326 from SECOM does not properly 
validate a sp ...)
        NOT-FOR-US: SECOM
@@ -379,7 +399,7 @@ CVE-2023-6055 (A vulnerability has been identified in 
Bitdefender Total Security
        NOT-FOR-US: Bitdefender
 CVE-2023-49567 (A vulnerability has been identified in the Bitdefender Total 
Security  ...)
        NOT-FOR-US: Bitdefender
-CVE-2023-39593 (Insecure permissions in the sys_exec function of Oracle MYSQL 
MariaDB  ...)
+CVE-2023-39593 (Insecure permissions in the sys_exec function of MariaDB v10.5 
allows  ...)
        NOTE: Dubious mysql/mariadb issue, reached out to upstream
 CVE-2024-9898 (The Parallax Image plugin for WordPress is vulnerable to Stored 
Cross- ...)
        NOT-FOR-US: WordPress plugin
@@ -9579,6 +9599,7 @@ CVE-2024-44587 (itsourcecode Alton Management System 1.0 
is vulnerable to SQL In
 CVE-2024-42885 (SQL Injection vulnerability in ESAFENET CDG 5.6 and before 
allows an a ...)
        NOT-FOR-US: ESAFENET CDG
 CVE-2024-42491 (Asterisk is an open-source private branch exchange (PBX). 
Prior to ver ...)
+       {DLA-3925-1}
        - asterisk 1:20.9.3~dfsg+~cs6.14.60671435-1
        NOTE: 
https://github.com/asterisk/asterisk/security/advisories/GHSA-v428-g3cw-7hv9
        NOTE: 
https://github.com/asterisk/asterisk/commit/50bf8d4d3064930d28ecf1ce3397b14574d514d2
 (18.24.3)
@@ -16038,6 +16059,7 @@ CVE-2024-42408 (The InfoScan client download page can 
be intercepted with a prox
 CVE-2024-42366 (VRCX is an assistant/companion application for VRChat. In 
versions pri ...)
        NOT-FOR-US: VRCX
 CVE-2024-42365 (Asterisk is an open source private branch exchange (PBX) and 
telephony ...)
+       {DLA-3925-1}
        - asterisk 1:20.9.3~dfsg+~cs6.14.60671435-1 (bug #1078574)
        NOTE: 
https://github.com/asterisk/asterisk/security/advisories/GHSA-c4cg-9275-6w44
        NOTE: 
https://github.com/asterisk/asterisk/commit/b4063bf756272254b160b6d1bd6e9a3f8e16cc71
 (21.4.2)



View it on GitLab: 
https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/0f0691657dd1476252bf3d720a3d303b97f0523d

-- 
View it on GitLab: 
https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/0f0691657dd1476252bf3d720a3d303b97f0523d
You're receiving this email because of your account on salsa.debian.org.

_______________________________________________
debian-security-tracker-commits mailing list
[email protected]
https://alioth-lists.debian.net/cgi-bin/mailman/listinfo/debian-security-tracker-commits

[Git][security-tracker-team/security-tracker][master] automatic update

Reply via email to