[Git][security-tracker-team/security-tracker][master] automatic update

Salvatore Bonaccorso (@carnil) Sun, 17 Nov 2024 00:12:20 -0800


Salvatore Bonaccorso pushed to branch master at Debian Security Tracker / 
security-tracker



Commits:
29ae162b by security tracker role at 2024-11-17T08:12:02+00:00
automatic update

- - - - -


1 changed file:

- data/CVE/list


Changes:

=====================================
data/CVE/list
=====================================
@@ -1,3 +1,47 @@
+CVE-2024-52876 (Holy Stone Remote ID Module HSRID01, firmware distributed with 
the Dro ...)
+       TODO: check
+CVE-2024-52872 (In Flagsmith before 2.134.1, the get_document endpoint is not 
correctl ...)
+       TODO: check
+CVE-2024-52871 (In Flagsmith before 2.134.1, it is possible to bypass the 
ALLOW_REGIST ...)
+       TODO: check
+CVE-2024-52416 (Missing Authorization vulnerability in Eugen Bobrowski Debug 
Tool allo ...)
+       TODO: check
+CVE-2024-52415 (Cross-Site Request Forgery (CSRF) vulnerability in Skpstorm SK 
WP Sett ...)
+       TODO: check
+CVE-2024-52414 (Deserialization of Untrusted Data vulnerability in Anthony 
Carbon WDES ...)
+       TODO: check
+CVE-2024-52413 (Deserialization of Untrusted Data vulnerability in DMC Airin 
Blog allo ...)
+       TODO: check
+CVE-2024-52412 (Deserialization of Untrusted Data vulnerability in Stephen Cui 
Xin all ...)
+       TODO: check
+CVE-2024-52411 (Deserialization of Untrusted Data vulnerability in Flowcraft 
UX Design ...)
+       TODO: check
+CVE-2024-52410 (Deserialization of Untrusted Data vulnerability in 
Phoenixheart Referr ...)
+       TODO: check
+CVE-2024-52409 (Deserialization of Untrusted Data vulnerability in Phan An 
AJAX Random ...)
+       TODO: check
+CVE-2024-52408 (Unrestricted Upload of File with Dangerous Type vulnerability 
in Team  ...)
+       TODO: check
+CVE-2024-52407 (Unrestricted Upload of File with Dangerous Type vulnerability 
in codeS ...)
+       TODO: check
+CVE-2024-52406 (Unrestricted Upload of File with Dangerous Type vulnerability 
in Wiber ...)
+       TODO: check
+CVE-2024-52405 (Unrestricted Upload of File with Dangerous Type vulnerability 
in Bikra ...)
+       TODO: check
+CVE-2024-52404 (Unrestricted Upload of File with Dangerous Type vulnerability 
in Bigfi ...)
+       TODO: check
+CVE-2024-52403 (Unrestricted Upload of File with Dangerous Type vulnerability 
in WPExp ...)
+       TODO: check
+CVE-2024-52400 (Unrestricted Upload of File with Dangerous Type vulnerability 
in Subha ...)
+       TODO: check
+CVE-2024-52399 (Unrestricted Upload of File with Dangerous Type vulnerability 
in Clari ...)
+       TODO: check
+CVE-2024-52398 (Unrestricted Upload of File with Dangerous Type vulnerability 
in Halyr ...)
+       TODO: check
+CVE-2024-52397 (Unrestricted Upload of File with Dangerous Type vulnerability 
in Davor ...)
+       TODO: check
+CVE-2024-52386 (Improper Control of Filename for Include/Require Statement in 
PHP Prog ...)
+       TODO: check
 CVE-2024-9938 (The Bounce Handler MailPoet 3 plugin for WordPress is 
vulnerable to Re ...)
        NOT-FOR-US: WordPress plugin
 CVE-2024-9935 (The PDF Generator Addon for Elementor Page Builder plugin for 
WordPres ...)
@@ -4507,7 +4551,8 @@ CVE-2024-10731 (A vulnerability, which was classified as 
critical, was found in
        NOT-FOR-US: Tongda OA
 CVE-2024-10730 (A vulnerability, which was classified as critical, has been 
found in T ...)
        NOT-FOR-US: Tongda OA
-CVE-2024-52867 [Guix build user takeover vulnerability]
+CVE-2024-52867 (guix-daemon in GNU Guix before 5ab3c4c allows privilege 
escalation bec ...)
+       {DSA-5805-1}
        - guix 1.4.0-8
        NOTE: 
https://guix.gnu.org/en/blog/2024/build-user-takeover-vulnerability/
        NOTE: Fixed by: 
https://git.savannah.gnu.org/cgit/guix.git/commit/?id=558224140dab669cabdaebabff18504a066c48d4
@@ -5621,6 +5666,7 @@ CVE-2024-50334 (Scoold is a Q&A and a knowledge sharing 
platform for teams. A se
 CVE-2024-50052 (Mattermost versions 9.10.x <= 9.10.2, 9.11.x <= 9.11.1, 9.5.x 
<= 9.5.9 ...)
        - mattermost-server <itp> (bug #823556)
 CVE-2024-49769 (Waitress is a Web Server Gateway Interface server for Python 2 
and 3.  ...)
+       {DLA-3955-1}
        - waitress 3.0.1-1 (bug #1086468)
        NOTE: 
https://github.com/Pylons/waitress/security/advisories/GHSA-3f84-rpwh-47g6
        NOTE: https://github.com/Pylons/waitress/issues/418



View it on GitLab: 
https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/29ae162bd969432520479233e07788eeaf3e87c7

-- 
View it on GitLab: 
https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/29ae162bd969432520479233e07788eeaf3e87c7
You're receiving this email because of your account on salsa.debian.org.

_______________________________________________
debian-security-tracker-commits mailing list
[email protected]
https://alioth-lists.debian.net/cgi-bin/mailman/listinfo/debian-security-tracker-commits

[Git][security-tracker-team/security-tracker][master] automatic update

Reply via email to