[Git][security-tracker-team/security-tracker][master] automatic update

Salvatore Bonaccorso (@carnil) carnil at debian.org
Tue Apr 2 21:12:13 BST 2024 


Salvatore Bonaccorso pushed to branch master at Debian Security Tracker / security-tracker


Commits:
edaa68cc by security tracker role at 2024-04-02T20:11:54+00:00
automatic update

- - - - -


1 changed file:

- data/CVE/list


Changes:

=====================================
data/CVE/list
=====================================
@@ -1,3 +1,89 @@
+CVE-2024-3151 (A vulnerability, which was classified as problematic, was found in Bdt ...)
+	TODO: check
+CVE-2024-31109 (Cross-Site Request Forgery (CSRF) vulnerability in Toastie Studio Wooc ...)
+	TODO: check
+CVE-2024-31105 (Cross-Site Request Forgery (CSRF) vulnerability in Adam Bowen Tax Rate ...)
+	TODO: check
+CVE-2024-30965 (DedeCMS v5.7 was discovered to contain a Cross-Site Request Forgery (C ...)
+	TODO: check
+CVE-2024-30946 (DedeCMS v5.7 was discovered to contain a Cross-Site Request Forgery (C ...)
+	TODO: check
+CVE-2024-30809 (An issue was discovered in Bento4 v1.6.0-641-2-g1529b83. There is a he ...)
+	TODO: check
+CVE-2024-30808 (An issue was discovered in Bento4 v1.6.0-641-2-g1529b83. There is a he ...)
+	TODO: check
+CVE-2024-30807 (An issue was discovered in Bento4 v1.6.0-641-2-g1529b83. There is a he ...)
+	TODO: check
+CVE-2024-30806 (An issue was discovered in Bento4 v1.6.0-641-2-g1529b83. There is a he ...)
+	TODO: check
+CVE-2024-30621 (Tenda AX1803 v1.0.0.1 contains a stack overflow via the serverName par ...)
+	TODO: check
+CVE-2024-30620 (Tenda AX1803 v1.0.0.1 contains a stack overflow via the serviceName pa ...)
+	TODO: check
+CVE-2024-30532 (Server-Side Request Forgery (SSRF) vulnerability in Builderall Team Bu ...)
+	TODO: check
+CVE-2024-30531 (Server-Side Request Forgery (SSRF) vulnerability in Nelio Software Nel ...)
+	TODO: check
+CVE-2024-30335 (Foxit PDF Reader AcroForm Annotation Out-Of-Bounds Read Information Di ...)
+	TODO: check
+CVE-2024-30248 (Piccolo Admin is an admin interface/content management system for Pyth ...)
+	TODO: check
+CVE-2024-2931 (The WPFront User Role Editor plugin for WordPress is vulnerable to Sen ...)
+	TODO: check
+CVE-2024-2745 (Rapid7's InsightVM maintenance mode login page suffers from a sensitiv ...)
+	TODO: check
+CVE-2024-2435 (For an attacker with pre-existing access to send a signal to a workflo ...)
+	TODO: check
+CVE-2024-2389 (In Flowmon versions prior to 11.1.14 and 12.3.5, an operating system c ...)
+	TODO: check
+CVE-2024-29949 (There is a command injection vulnerability in some Hikvision NVRs. Thi ...)
+	TODO: check
+CVE-2024-29948 (There is an out-of-bounds read vulnerability in some Hikvision NVRs. A ...)
+	TODO: check
+CVE-2024-29947 (There is a NULL dereference pointer vulnerability in some Hikvision NV ...)
+	TODO: check
+CVE-2024-29834 (This vulnerability allows authenticated users with produce or consume  ...)
+	TODO: check
+CVE-2024-29514 (File Upload vulnerability in lepton v.7.1.0 allows a remote authentica ...)
+	TODO: check
+CVE-2024-28287 (A DOM-based open redirection in the returnUrl parameter of INSTINCT UI ...)
+	TODO: check
+CVE-2024-24888 (Server-Side Request Forgery (SSRF) vulnerability in Kadence WP Gutenbe ...)
+	TODO: check
+CVE-2024-22780 (Cross Site Scripting vulnerability in CA17 TeamsACS v.1.0.1 allows a r ...)
+	TODO: check
+CVE-2024-22248 (VMware SD-WAN Orchestrator contains an open redirect vulnerability.  A ...)
+	TODO: check
+CVE-2024-22247 (VMware SD-WAN Edge contains a missing authentication and protection me ...)
+	TODO: check
+CVE-2024-22246 (VMware SD-WAN Edge contains an unauthenticated command injection vulne ...)
+	TODO: check
+CVE-2024-1946 (The Genesis Blocks plugin for WordPress is vulnerable to Stored Cross- ...)
+	TODO: check
+CVE-2024-1807 (The Product Sort and Display for WooCommerce plugin for WordPress is v ...)
+	TODO: check
+CVE-2024-1732 (The Sharkdropship for AliExpress Dropshipping and Affiliate plugin for ...)
+	TODO: check
+CVE-2023-6951 (A Use of Weak Credentials vulnerability affecting the Wi-Fi network ge ...)
+	TODO: check
+CVE-2023-6950 (An Improper Input Validation vulnerability affecting the FTP service r ...)
+	TODO: check
+CVE-2023-6949 (A Missing Authentication for Critical Function issue affecting the HTT ...)
+	TODO: check
+CVE-2023-6948 (A Buffer Copy without Checking Size of Input issue affecting the v2_sd ...)
+	TODO: check
+CVE-2023-51456 (A Improper Input Validation issue affecting the v2_sdk_service running ...)
+	TODO: check
+CVE-2023-51455 (A Improper Validation of Array Index issue affecting the v2_sdk_servic ...)
+	TODO: check
+CVE-2023-51454 (A Out-of-bounds Write issue affecting the v2_sdk_service running on a  ...)
+	TODO: check
+CVE-2023-51453 (A Improper Input Validation issue affecting the v2_sdk_service running ...)
+	TODO: check
+CVE-2023-51452 (A Improper Input Validation issue affecting the v2_sdk_service running ...)
+	TODO: check
+CVE-2023-50313 (IBM WebSphere Application Server 8.5 and 9.0 could provide weaker than ...)
+	TODO: check
 CVE-2024-3165 (System->Maintenance-> Log Files in dotCMS dashboard is providing the u ...)
 	NOT-FOR-US: dotCMS
 CVE-2024-3164 (In dotCMS dashboard, the Tools and Log Files tabs under System \u2192  ...)
@@ -621,7 +707,7 @@ CVE-2024-3018 (The Essential Addons for Elementor plugin for WordPress is vulner
 	NOT-FOR-US: WordPress plugin
 CVE-2024-2491 (The PowerPack Addons for Elementor plugin for WordPress is vulnerable  ...)
 	NOT-FOR-US: WordPress plugin
-CVE-2024-1522 (I have activated the CORS because I had a development ui that uses ano ...)
+CVE-2024-1522 (The parisneo/lollms-webui does not have CSRF protections. As a result, ...)
 	NOT-FOR-US: lollms-webui
 CVE-2024-3084 (A vulnerability was found in PHPGurukul Emergency Ambulance Hiring Por ...)
 	NOT-FOR-US: PHPGurukul Emergency Ambulance Hiring Portal
@@ -96466,6 +96552,7 @@ CVE-2022-44902
 CVE-2022-44901
 	RESERVED
 CVE-2022-44900 (A directory traversal vulnerability in the SevenZipFile.extractall() f ...)
+	{DSA-5652-1}
 	- py7zr 0.11.3+dfsg-5 (bug #1032091)
 	NOTE: https://github.com/miurahr/py7zr/commit/1bb43f17515c7f69673a1c88ab9cc72a7bbef406 (v0.20.1)
 	NOTE: https://lessonsec.com/cve/cve-2022-44900/



View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/edaa68cc0dee9a48514fbce6b445b79da34ea97c

-- 
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/edaa68cc0dee9a48514fbce6b445b79da34ea97c
You're receiving this email because of your account on salsa.debian.org.


-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://alioth-lists.debian.net/pipermail/debian-security-tracker-commits/attachments/20240402/cf1e175f/attachment.htm>

More information about the debian-security-tracker-commits mailing list