[Git][security-tracker-team/security-tracker][master] automatic update
Salvatore Bonaccorso (@carnil)
carnil at debian.org
Thu Apr 4 09:12:33 BST 2024
Salvatore Bonaccorso pushed to branch master at Debian Security Tracker / security-tracker
Commits:
a37013ee by security tracker role at 2024-04-04T08:12:17+00:00
automatic update
- - - - -
1 changed file:
- data/CVE/list
Changes:
=====================================
data/CVE/list
=====================================
@@ -1,3 +1,65 @@
+CVE-2024-3274 (** UNSUPPORTED WHEN ASSIGNED ** A vulnerability has been found in D-Li ...)
+ TODO: check
+CVE-2024-3273 (** UNSUPPORTED WHEN ASSIGNED ** A vulnerability, which was classified ...)
+ TODO: check
+CVE-2024-3272 (** UNSUPPORTED WHEN ASSIGNED ** A vulnerability, which was classified ...)
+ TODO: check
+CVE-2024-3270 (A vulnerability classified as problematic was found in ThingsBoard up ...)
+ TODO: check
+CVE-2024-3030 (The Announce from the Dashboard plugin for WordPress is vulnerable to ...)
+ TODO: check
+CVE-2024-3022 (The BookingPress plugin for WordPress is vulnerable to arbitrary file ...)
+ TODO: check
+CVE-2024-31025 (SQL Injection vulnerability in ECshop 4.x allows an attacker to obtain ...)
+ TODO: check
+CVE-2024-30265 (Collabora Online is a collaborative online office suite based on Libre ...)
+ TODO: check
+CVE-2024-2919 (The Gutenberg Blocks by Kadence Blocks \u2013 Page Builder Features pl ...)
+ TODO: check
+CVE-2024-2868 (The ShopLentor \u2013 WooCommerce Builder for Elementor & Gutenberg +1 ...)
+ TODO: check
+CVE-2024-2830 (The WordPress Tag and Category Manager \u2013 AI Autotagger plugin for ...)
+ TODO: check
+CVE-2024-2803 (The ElementsKit Elementor addons plugin for WordPress is vulnerable to ...)
+ TODO: check
+CVE-2024-2692 (SiYuan version 3.0.3 allows executing arbitrary commands on the server ...)
+ TODO: check
+CVE-2024-2689 (Denial of Service in Temporal Server prior to version 1.20.5, 1.21.6, ...)
+ TODO: check
+CVE-2024-2008 (The Modal Popup Box \u2013 Popup Builder, Show Offers And News in Popu ...)
+ TODO: check
+CVE-2024-29413 (Cross Site Scripting vulnerability in Webasyst v.2.9.9 allows a remote ...)
+ TODO: check
+CVE-2024-29375 (CSV Injection vulnerability in Addactis IBNRS v.3.10.3.107 allows a re ...)
+ TODO: check
+CVE-2024-29225 (WRC-X3200GST3-B v1.25 and earlier, and WRC-G01-W v1.24 and earlier all ...)
+ TODO: check
+CVE-2024-29167 (SVR-116 firmware version 1.6.0.30028871 allows a remote authenticated ...)
+ TODO: check
+CVE-2024-29008 (A problem has been identified in the CloudStack additional VM configur ...)
+ TODO: check
+CVE-2024-29007 (The CloudStack management server and secondary storage VM could be tri ...)
+ TODO: check
+CVE-2024-29006 (By default the CloudStack management server honours the x-forwarded-fo ...)
+ TODO: check
+CVE-2024-28870 (Suricata is a network Intrusion Detection System, Intrusion Prevention ...)
+ TODO: check
+CVE-2024-28520 (File Upload vulnerability in Byzoro Networks Smart multi-service secur ...)
+ TODO: check
+CVE-2024-27706 (Cross Site Scripting vulnerability in Huly Platform v.0.6.202 allows a ...)
+ TODO: check
+CVE-2024-27705 (Cross Site Scripting vulnerability in Leantime v3.0.6 allows attackers ...)
+ TODO: check
+CVE-2024-26258 (OS command injection vulnerability in WRC-X3200GST3-B v1.25 and earlie ...)
+ TODO: check
+CVE-2024-25568 (OS command injection vulnerability in WRC-X3200GST3-B v1.25 and earlie ...)
+ TODO: check
+CVE-2024-25503 (Cross Site Scripting (XSS) vulnerability in Advanced REST Client v.17. ...)
+ TODO: check
+CVE-2024-1418 (The CGC Maintenance Mode plugin for WordPress is vulnerable to Sensiti ...)
+ TODO: check
+CVE-2023-52043 (An issue in D-Link COVR 1100, 1102, 1103 AC1200 Dual-Band Whole-Home M ...)
+ TODO: check
CVE-2023-45288
- golang-1.22 1.22.2-1
- golang-1.21 1.21.9-1
@@ -1119,7 +1181,7 @@ CVE-2024-20850 (Use of Implicit Intent for Sensitive Communication in Samsung Pa
NOT-FOR-US: Samsung
CVE-2024-20849 (Out-of-bound Write vulnerability in chunk parsing implementation of li ...)
NOT-FOR-US: Samsung
-CVE-2024-20848 (Out-of-bound Write vulnerability in text parsing implementation of lib ...)
+CVE-2024-20848 (Improper Input Validation vulnerability in text parsing implementation ...)
NOT-FOR-US: Samsung
CVE-2024-20847 (Improper Access Control vulnerability in StorageManagerService prior t ...)
NOT-FOR-US: Samsung
@@ -76513,10 +76575,10 @@ CVE-2023-25202
RESERVED
CVE-2023-25201 (Cross Site Request Forgery (CSRF) vulnerability in MultiTech Conduit A ...)
NOT-FOR-US: MultiTech Conduit AP MTCAP2-L4E1
-CVE-2023-25200
- RESERVED
-CVE-2023-25199
- RESERVED
+CVE-2023-25200 (An HTML injection vulnerability exists in the MT Safeline X-Ray X3310 ...)
+ TODO: check
+CVE-2023-25199 (A reflected cross-site scripting (XSS) vulnerability exists in the MT ...)
+ TODO: check
CVE-2023-0687 (A vulnerability was found in GNU C Library 2.38. It has been declared ...)
NOTE: Not considered a security issue
NOTE: https://sourceware.org/bugzilla/show_bug.cgi?id=29444
@@ -256358,8 +256420,8 @@ CVE-2020-25732
RESERVED
CVE-2020-25731
RESERVED
-CVE-2020-25730
- RESERVED
+CVE-2020-25730 (Cross Site Scripting (XSS) vulnerability in ZoneMinder before version ...)
+ TODO: check
CVE-2020-25729 (ZoneMinder before 1.34.21 has XSS via the connkey parameter to downloa ...)
- zoneminder 1.34.21-1 (unimportant)
NOTE: https://github.com/ZoneMinder/zoneminder/commit/9268db14a79c4ccd444c2bf8d24e62b13207b413
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/a37013ee81e232c2aef6741e7438e9e49a8814da
--
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/a37013ee81e232c2aef6741e7438e9e49a8814da
You're receiving this email because of your account on salsa.debian.org.
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://alioth-lists.debian.net/pipermail/debian-security-tracker-commits/attachments/20240404/de47fb72/attachment.htm>
More information about the debian-security-tracker-commits
mailing list