[Git][security-tracker-team/security-tracker][master] automatic update

Salvatore Bonaccorso (@carnil) carnil at debian.org
Fri Apr 5 09:11:52 BST 2024 


Salvatore Bonaccorso pushed to branch master at Debian Security Tracker / security-tracker


Commits:
ad12f23c by security tracker role at 2024-04-05T08:11:40+00:00
automatic update

- - - - -


1 changed file:

- data/CVE/list


Changes:

=====================================
data/CVE/list
=====================================
@@ -1,3 +1,63 @@
+CVE-2024-3321 (A vulnerability classified as problematic has been found in SourceCode ...)
+	TODO: check
+CVE-2024-3320 (A vulnerability was found in SourceCodester eLearning System 1.0. It h ...)
+	TODO: check
+CVE-2024-3316 (A vulnerability was found in SourceCodester Computer Laboratory Manage ...)
+	TODO: check
+CVE-2024-3315 (A vulnerability was found in SourceCodester Computer Laboratory Manage ...)
+	TODO: check
+CVE-2024-3314 (A vulnerability was found in SourceCodester Computer Laboratory Manage ...)
+	TODO: check
+CVE-2024-3311 (A vulnerability was found in Dreamer CMS up to 4.1.3.0. It has been de ...)
+	TODO: check
+CVE-2024-3217 (The WP Directory Kit plugin for WordPress is vulnerable to SQL Injecti ...)
+	TODO: check
+CVE-2024-31498 (ykman-gui (aka YubiKey Manager GUI) before 1.2.6 on Windows, when Edge ...)
+	TODO: check
+CVE-2024-31212 (InstantCMS is a free and open source content management system. A SQL  ...)
+	TODO: check
+CVE-2024-31211 (WordPress is an open publishing platform for the Web. Unserialization  ...)
+	TODO: check
+CVE-2024-31210 (WordPress is an open publishing platform for the Web. It's possible fo ...)
+	TODO: check
+CVE-2024-31206 (dectalk-tts is a Node package to interact with the aeiou Dectalk web A ...)
+	TODO: check
+CVE-2024-31204 (mailcow: dockerized is an open source groupware/email suite based on d ...)
+	TODO: check
+CVE-2024-30891 (A command injection vulnerability exists in /goform/exeCommand in Tend ...)
+	TODO: check
+CVE-2024-30849 (Arbitrary file upload vulnerability in Sourcecodester Complete E-Comme ...)
+	TODO: check
+CVE-2024-30270 (mailcow: dockerized is an open source groupware/email suite based on d ...)
+	TODO: check
+CVE-2024-30264 (Typebot is an open-source chatbot builder. A reflected cross-site scri ...)
+	TODO: check
+CVE-2024-2509 (The Gutenberg Blocks by Kadence Blocks  WordPress plugin before 3.2.26 ...)
+	TODO: check
+CVE-2024-2115 (The LearnPress \u2013 WordPress LMS Plugin plugin for WordPress is vul ...)
+	TODO: check
+CVE-2024-29981 (Microsoft Edge (Chromium-based) Spoofing Vulnerability)
+	TODO: check
+CVE-2024-29863 (A race condition in the installer executable in Qlik Qlikview before v ...)
+	TODO: check
+CVE-2024-29672 (Directory Traversal vulnerability in zly2006 Reden before v.0.2.514 al ...)
+	TODO: check
+CVE-2024-29049 (Microsoft Edge (Chromium-based) Webview2 Spoofing Vulnerability)
+	TODO: check
+CVE-2024-27981 (A Command Injection vulnerability found in a Self-Hosted UniFi Network ...)
+	TODO: check
+CVE-2024-27448 (MailDev 2 through 2.1.0 allows Remote Code Execution via a crafted Con ...)
+	TODO: check
+CVE-2024-26329 (Chilkat before v9.5.0.98, allows attackers to obtain sensitive informa ...)
+	TODO: check
+CVE-2024-22363 (SheetJS Community Edition before 0.20.2 is vulnerable.to Regular Expre ...)
+	TODO: check
+CVE-2024-21894 (A heap overflow vulnerability in IPSec component of Ivanti Connect Sec ...)
+	TODO: check
+CVE-2023-5973 (Brocade  Web Interface in Brocade Fabric OS v9.x and before v9.2.0 doe ...)
+	TODO: check
+CVE-2023-52235 (SpaceX Starlink Wi-Fi router GEN 2 before 2023.53.0 and Starlink Dish  ...)
+	TODO: check
 CVE-2024-3299 (Out-Of-Bounds Write, Use of Uninitialized Resource and Use-After-Free  ...)
 	NOT-FOR-US: Solidworks
 CVE-2024-3298 (Out-Of-Bounds Write and Type Confusion vulnerabilities exist in the fi ...)
@@ -7,7 +67,7 @@ CVE-2024-3262 (Information exposure vulnerability in RT software affecting versi
 	- request-tracker5 <unfixed>
 	NOTE: https://github.com/bestpractical/rt/commit/ea07e767eaef5b202e8883051616d09806b8b48a
 	NOTE: https://github.com/bestpractical/rt/commit/468f86bd3e82c3b5b5ef7087d416a7509d4b1abe
-CVE-2024-3250 (It was discovered that Pebble's read-file API and the associated pebbl ...)
+CVE-2024-3250 (It was discovered that Canonical's Pebble service manager read-file AP ...)
 	TODO: check
 CVE-2024-3116 (pgAdmin <= 8.4 is affected by a  Remote Code Execution (RCE) vulnerabi ...)
 	- pgadmin4 <itp> (bug #834129)
@@ -374,7 +434,7 @@ CVE-2024-1418 (The CGC Maintenance Mode plugin for WordPress is vulnerable to Se
 	NOT-FOR-US: WordPress plugin
 CVE-2023-52043 (An issue in D-Link COVR 1100, 1102, 1103 AC1200 Dual-Band Whole-Home M ...)
 	NOT-FOR-US: D-Link
-CVE-2023-45288
+CVE-2023-45288 (An attacker may cause an HTTP/2 endpoint to read arbitrary amounts of  ...)
 	- golang-1.22 1.22.2-1
 	- golang-1.21 1.21.9-1
 	- golang-1.19 <removed>



View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/ad12f23c1f7dfe4358ccb29295bf379251903757

-- 
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/ad12f23c1f7dfe4358ccb29295bf379251903757
You're receiving this email because of your account on salsa.debian.org.


-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://alioth-lists.debian.net/pipermail/debian-security-tracker-commits/attachments/20240405/f78da965/attachment-0001.htm>

More information about the debian-security-tracker-commits mailing list