[Git][security-tracker-team/security-tracker][master] automatic update

Salvatore Bonaccorso (@carnil) Thu, 24 Oct 2024 13:13:06 -0700


Salvatore Bonaccorso pushed to branch master at Debian Security Tracker / 
security-tracker



Commits:
9d2ca2eb by security tracker role at 2024-10-24T20:12:46+00:00
automatic update

- - - - -


1 changed file:

- data/CVE/list


Changes:

=====================================
data/CVE/list
=====================================
@@ -1,4 +1,134 @@
-CVE-2024-10295
+CVE-2024-9692 (VIMESA VHF/FM Transmitter Blue Plus is suffering from a 
Denial-of-Serv ...)
+       TODO: check
+CVE-2024-9650 (The WP Recipe Maker plugin for WordPress is vulnerable to 
Stored Cross ...)
+       TODO: check
+CVE-2024-9214 (The Extra Product Options Builder for WooCommerce plugin for 
WordPress ...)
+       TODO: check
+CVE-2024-8959 (The WP Adminify \u2013 Custom WordPress Dashboard, Login and 
Admin Cus ...)
+       TODO: check
+CVE-2024-8717 (The PDF Flipbook, 3D Flipbook, PDF embed, PDF viewer \u2013 
DearFlip p ...)
+       TODO: check
+CVE-2024-8312 (An issue has been discovered in GitLab CE/EE affecting all 
versions fr ...)
+       TODO: check
+CVE-2024-6826 (An issue has been discovered in GitLab CE/EE affecting all 
versions fr ...)
+       TODO: check
+CVE-2024-5608 (Zohocorp ManageEngine ADAudit Plus versions below 8121 are 
vulnerable  ...)
+       TODO: check
+CVE-2024-49703 (Improper Neutralization of Input During Web Page Generation 
(XSS or 'C ...)
+       TODO: check
+CVE-2024-49702 (Improper Neutralization of Input During Web Page Generation 
(XSS or 'C ...)
+       TODO: check
+CVE-2024-49696 (Improper Neutralization of Input During Web Page Generation 
(XSS or 'C ...)
+       TODO: check
+CVE-2024-49695 (Improper Neutralization of Input During Web Page Generation 
(XSS or 'C ...)
+       TODO: check
+CVE-2024-49693 (Improper Neutralization of Input During Web Page Generation 
(XSS or 'C ...)
+       TODO: check
+CVE-2024-49691 (Improper Neutralization of Special Elements used in an SQL 
Command ('S ...)
+       TODO: check
+CVE-2024-49683 (Missing Authorization vulnerability in Schema & Structured 
Data for WP ...)
+       TODO: check
+CVE-2024-49682 (URL Redirection to Untrusted Site ('Open Redirect') 
vulnerability in s ...)
+       TODO: check
+CVE-2024-49681 (Improper Neutralization of Special Elements used in an SQL 
Command ('S ...)
+       TODO: check
+CVE-2024-48548 (The APK file in Cloud Smart Lock v2.0.1 has a leaked a URL 
that can ca ...)
+       TODO: check
+CVE-2024-48547 (Incorrect access control in the firmware update and download 
processes ...)
+       TODO: check
+CVE-2024-48546 (Incorrect access control in the firmware update and download 
processes ...)
+       TODO: check
+CVE-2024-48545 (Incorrect access control in the firmware update and download 
processes ...)
+       TODO: check
+CVE-2024-48544 (Incorrect access control in the firmware update and download 
processes ...)
+       TODO: check
+CVE-2024-48542 (Incorrect access control in the firmware update and download 
processes ...)
+       TODO: check
+CVE-2024-48541 (Incorrect access control in the firmware update and download 
processes ...)
+       TODO: check
+CVE-2024-48540 (Incorrect access control in XIAO HE Smart 4.3.1 allows 
attackers to ac ...)
+       TODO: check
+CVE-2024-48539 (Neye3C v4.5.2.0 was discovered to contain a hardcoded 
encryption key i ...)
+       TODO: check
+CVE-2024-48538 (Incorrect access control in the firmware update and download 
processes ...)
+       TODO: check
+CVE-2024-48514 (php-heic-to-jpg <= 1.0.5 is vulnerable to remote code 
execution. An at ...)
+       TODO: check
+CVE-2024-48454 (An issue in SourceCodester Purchase Order Management System 
v1.0 allow ...)
+       TODO: check
+CVE-2024-48442 (Incorrect access control in Shenzhen Tuoshi Network 
Communications Co. ...)
+       TODO: check
+CVE-2024-48441 (Wuhan Tianyu Information Industry Co., Ltd Tianyu CPE Router 
CommonCPE ...)
+       TODO: check
+CVE-2024-48440 (Shenzhen Tuoshi Network Communications Co.,Ltd 5G CPE Router 
NR500-EA  ...)
+       TODO: check
+CVE-2024-48427 (A SQL injection vulnerability in Sourcecodester Packers and 
Movers Man ...)
+       TODO: check
+CVE-2024-48145 (A prompt injection vulnerability in the chatbox of Netangular 
Technolo ...)
+       TODO: check
+CVE-2024-48144 (A prompt injection vulnerability in the chatbox of Fusion Chat 
Chat AI ...)
+       TODO: check
+CVE-2024-48143 (A lack of rate limiting in the OTP validation component of 
Digitory Mu ...)
+       TODO: check
+CVE-2024-48142 (A prompt injection vulnerability in the chatbox of Butterfly 
Effect Li ...)
+       TODO: check
+CVE-2024-48141 (A prompt injection vulnerability in the chatbox of Zhipu AI 
CodeGeeX v ...)
+       TODO: check
+CVE-2024-48140 (A prompt injection vulnerability in the chatbox of Butterfly 
Effect Li ...)
+       TODO: check
+CVE-2024-48139 (A prompt injection vulnerability in the chatbox of Blackbox AI 
v1.3.95 ...)
+       TODO: check
+CVE-2024-47173 (Aimeos is an e-commerce framework. All SaaS and marketplace 
setups usi ...)
+       TODO: check
+CVE-2024-46998 (baserCMS is a website development framework. Versions prior to 
5.1.2 h ...)
+       TODO: check
+CVE-2024-46996 (baserCMS is a website development framework. Versions prior to 
5.1.2 h ...)
+       TODO: check
+CVE-2024-46995 (baserCMS is a website development framework. Versions prior to 
5.1.2 h ...)
+       TODO: check
+CVE-2024-46994 (baserCMS is a website development framework. Versions prior to 
5.1.2 h ...)
+       TODO: check
+CVE-2024-46478 (HTMLDOC v1.9.18 contains a buffer overflow in parse_pre 
function,ps-pd ...)
+       TODO: check
+CVE-2024-45259 (An issue was discovered on certain GL-iNet devices, including 
MT6000,  ...)
+       TODO: check
+CVE-2024-45242 (EnGenius ENH1350EXT A8J-ENH1350EXT devices through 
3.9.3.2_c1.9.51 all ...)
+       TODO: check
+CVE-2024-45031 (When editing objects in the Syncope Console, incomplete HTML 
tags coul ...)
+       TODO: check
+CVE-2024-44206 (An issue in the handling of URL protocols was addressed with 
improved  ...)
+       TODO: check
+CVE-2024-44205 (A privacy issue was addressed with improved private data 
redaction for ...)
+       TODO: check
+CVE-2024-44185 (The issue was addressed with improved checks. This issue is 
fixed in t ...)
+       TODO: check
+CVE-2024-44141 (The issue was addressed with improved checks. This issue is 
fixed in m ...)
+       TODO: check
+CVE-2024-40810 (An out-of-bounds write issue was addressed with improved input 
validat ...)
+       TODO: check
+CVE-2024-38314 (IBM Maximo Application Suite - Monitor Component 8.10, 8.11, 
and 9.0 c ...)
+       TODO: check
+CVE-2024-10338 (A vulnerability classified as critical was found in 
SourceCodeHero Clo ...)
+       TODO: check
+CVE-2024-10337 (A vulnerability classified as critical has been found in 
SourceCodeHer ...)
+       TODO: check
+CVE-2024-10336 (A vulnerability was found in SourceCodeHero Clothes 
Recommendation Sys ...)
+       TODO: check
+CVE-2024-10335 (A vulnerability was found in SourceCodester Garbage Collection 
Managem ...)
+       TODO: check
+CVE-2024-10332 (A Cross-Site Scripting vulnerability has been found in Janto 
v4.3r11 f ...)
+       TODO: check
+CVE-2024-10331 (A vulnerability, which was classified as critical, has been 
found in P ...)
+       TODO: check
+CVE-2024-10313 (iniNet Solutions SpiderControl SCADA PC HMI Editor has a path 
traversa ...)
+       TODO: check
+CVE-2024-10180 (The Contact Form 7 \u2013 Repeatable Fields plugin for 
WordPress is vu ...)
+       TODO: check
+CVE-2024-10176 (The Compact WP Audio Player plugin for WordPress is vulnerable 
to Stor ...)
+       TODO: check
+CVE-2024-10050 (The Elementor Header & Footer Builder plugin for WordPress is 
vulnerab ...)
+       TODO: check
+CVE-2024-10295 (A flaw was found in Gateway. Sending a non-base64 'basic' auth 
with sp ...)
        NOT-FOR-US: 3scale API Gateway
 CVE-2024-9943 (The MultiVendorX \u2013 The Ultimate WooCommerce Multivendor 
Marketpla ...)
        NOT-FOR-US: WordPress plugin
@@ -92970,7 +93100,7 @@ CVE-2023-46847 (Squid is vulnerable to a Denial of 
Service,  where a remote atta
        NOTE: 
https://github.com/squid-cache/squid/security/advisories/GHSA-phqj-m8gv-cq4g
        NOTE: 
https://github.com/squid-cache/squid/commit/052cf082b0faaef4eaaa4e94119d7a1437aac4a3
        NOTE: 
https://megamansec.github.io/Squid-Security-Audit/digest-overflow.html
-CVE-2023-5824 (Squid is vulnerable to Denial of Service attack against HTTP 
and HTTPS ...)
+CVE-2023-5824 (A flaw was found in Squid. The limits applied for validation of 
HTTP r ...)
        - squid 6.5-1 (bug #1055249)
        [bookworm] - squid <ignored> (Minor impact, too intrusive to backport 
to 5.x)
        [bullseye] - squid <ignored> (Minor impact, too intrusive to backport 
to 5.x)



View it on GitLab: 
https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/9d2ca2eb0f99cc24fd5ac056f4170e2bff13f852

-- 
View it on GitLab: 
https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/9d2ca2eb0f99cc24fd5ac056f4170e2bff13f852
You're receiving this email because of your account on salsa.debian.org.

_______________________________________________
debian-security-tracker-commits mailing list
[email protected]
https://alioth-lists.debian.net/cgi-bin/mailman/listinfo/debian-security-tracker-commits

[Git][security-tracker-team/security-tracker][master] automatic update

Reply via email to