[Git][security-tracker-team/security-tracker][master] automatic update

Salvatore Bonaccorso (@carnil) carnil at debian.org
Thu Aug 1 09:12:03 BST 2024 


Salvatore Bonaccorso pushed to branch master at Debian Security Tracker / security-tracker


Commits:
5ec2faa1 by security tracker role at 2024-08-01T08:11:43+00:00
automatic update

- - - - -


1 changed file:

- data/CVE/list


Changes:

=====================================
data/CVE/list
=====================================
@@ -1,3 +1,103 @@
+CVE-2024-7343 (A vulnerability was found in Baidu UEditor 1.4.2. It has been declared ...)
+	TODO: check
+CVE-2024-7342 (A vulnerability was found in Baidu UEditor 1.4.3.3. It has been classi ...)
+	TODO: check
+CVE-2024-7339 (A vulnerability has been found in TVT DVR TD-2104TS-CL, DVR TD-2108TS- ...)
+	TODO: check
+CVE-2024-7338 (A vulnerability, which was classified as critical, was found in TOTOLI ...)
+	TODO: check
+CVE-2024-7337 (A vulnerability, which was classified as critical, has been found in T ...)
+	TODO: check
+CVE-2024-7336 (A vulnerability classified as critical was found in TOTOLINK EX200 4.0 ...)
+	TODO: check
+CVE-2024-7335 (A vulnerability classified as critical has been found in TOTOLINK EX20 ...)
+	TODO: check
+CVE-2024-7334 (A vulnerability was found in TOTOLINK EX1200L 9.3.5u.6146_B20201023. I ...)
+	TODO: check
+CVE-2024-7333 (A vulnerability was found in TOTOLINK N350RT 9.3.5u.6139_B20201216. It ...)
+	TODO: check
+CVE-2024-7332 (A vulnerability was found in TOTOLINK CP450 4.1.0cu.747_B20191224. It  ...)
+	TODO: check
+CVE-2024-7331 (A vulnerability was found in TOTOLINK A3300R 17.0.0cu.557_B20221024 an ...)
+	TODO: check
+CVE-2024-7330 (A vulnerability has been found in YouDianCMS 7 and classified as criti ...)
+	TODO: check
+CVE-2024-7329 (A vulnerability, which was classified as critical, was found in YouDia ...)
+	TODO: check
+CVE-2024-7328 (A vulnerability, which was classified as problematic, has been found i ...)
+	TODO: check
+CVE-2024-7327 (A vulnerability classified as critical was found in Xinhu RockOA 2.6.2 ...)
+	TODO: check
+CVE-2024-7326 (A vulnerability classified as critical has been found in IObit DualSaf ...)
+	TODO: check
+CVE-2024-7302 (The Blog2Social: Social Media Auto Post & Scheduler plugin for WordPre ...)
+	TODO: check
+CVE-2024-6698 (The FundEngine plugin for WordPress is vulnerable to privilege escalat ...)
+	TODO: check
+CVE-2024-6687 (The CTT Expresso para WooCommerce plugin for WordPress is vulnerable t ...)
+	TODO: check
+CVE-2024-6529 (The Ultimate Classified Listings WordPress plugin before 1.4 does not  ...)
+	TODO: check
+CVE-2024-6496 (The Light Poll WordPress plugin through 1.0.0 does not have CSRF check ...)
+	TODO: check
+CVE-2024-5678 (Zohocorp ManageEngine Applications Manager versions170900 and below ar ...)
+	TODO: check
+CVE-2024-5331 (The Breakdance plugin for WordPress is vulnerable to unauthorized acce ...)
+	TODO: check
+CVE-2024-5330 (The Breakdance plugin for WordPress is vulnerable to Stored Cross-Site ...)
+	TODO: check
+CVE-2024-4187 (Stored XSS vulnerability has been discovered in OpenText\u2122 Filr pr ...)
+	TODO: check
+CVE-2024-4090 (The Floating Notification Bar, Sticky Menu on Scroll, Announcement Ban ...)
+	TODO: check
+CVE-2024-41262 (mmudb v1.9.3 was discovered to use the HTTP protocol in the ShowMetric ...)
+	TODO: check
+CVE-2024-41258 (An issue was discovered in filestash v0.4. The usage of the ssh.Insecu ...)
+	TODO: check
+CVE-2024-41256 (Default configurations in the ShareProofVerifier function of filestash ...)
+	TODO: check
+CVE-2024-41255 (filestash v0.4 is configured to skip TLS certificate verification when ...)
+	TODO: check
+CVE-2024-41254 (An issue was discovered in litestream v0.3.13. The usage of the ssh.In ...)
+	TODO: check
+CVE-2024-41253 (goframe v2.7.2 is configured to skip TLS certificate verification, pos ...)
+	TODO: check
+CVE-2024-40883 (Cross-site request forgery vulnerability exists in ELECOM wireless LAN ...)
+	TODO: check
+CVE-2024-40465 (An issue in beego v.2.2.0 and before allows a remote attacker to escal ...)
+	TODO: check
+CVE-2024-40464 (An issue in beego v.2.2.0 and before allows a remote attacker to escal ...)
+	TODO: check
+CVE-2024-3983 (The WooCommerce Customers Manager WordPress plugin before 30.1 does no ...)
+	TODO: check
+CVE-2024-39607 (OS command injection vulnerability exists in ELECOM wireless LAN route ...)
+	TODO: check
+CVE-2024-38490 (Dell iDRAC Service Module version 5.3.0.0 and prior, contain a Out of  ...)
+	TODO: check
+CVE-2024-38489 (Dell iDRAC Service Module version 5.3.0.0 and prior contains Out of bo ...)
+	TODO: check
+CVE-2024-38481 (Dell iDRAC Service Module version 5.3.0.0 and prior, contain a Out of  ...)
+	TODO: check
+CVE-2024-38182 (Weak authentication in Microsoft Dynamics 365 allows an unauthenticate ...)
+	TODO: check
+CVE-2024-34021 (Unrestricted upload of file with dangerous type vulnerability exists i ...)
+	TODO: check
+CVE-2024-2872 (The socialdriver-framework WordPress plugin before 2024.04.30 does not ...)
+	TODO: check
+CVE-2024-2843 (The WooCommerce Customers Manager WordPress plugin before 30.1 does no ...)
+	TODO: check
+CVE-2024-2090 (The Remote Content Shortcode plugin for WordPress is vulnerable to Ser ...)
+	TODO: check
+CVE-2024-28972 (Dell InsightIQ, Verion 5.0.0, contains a use of a broken or risky cryp ...)
+	TODO: check
+CVE-2024-25948 (Dell iDRAC Service Module version 5.3.0.0 and prior, contain a Out of  ...)
+	TODO: check
+CVE-2024-25947 (Dell iDRAC Service Module version 5.3.0.0 and prior, contain an Out of ...)
+	TODO: check
+CVE-2024-1747 (The WooCommerce Customers Manager WordPress plugin before 30.2 does no ...)
+	TODO: check
+CVE-2024-1715 (The AdFoxly \u2013 Ad Manager, AdSense Ads & Ads.txt plugin for WordPr ...)
+	TODO: check
 CVE-2024-7340 (The Weave server API allows remote users to fetch files from a specifi ...)
 	NOT-FOR-US: Weave server
 CVE-2024-7325 (A vulnerability was found in IObit Driver Booster 11.0.0.0. It has bee ...)
@@ -77590,7 +77690,8 @@ CVE-2023-5115 (An absolute path traversal attack exists in the Ansible automatio
 	NOTE: ansible-core was split off from src:ansible with 4.6.0-1 in experimental/5.4.0-1 in sid
 CVE-2023-4264 (Potential buffer overflow vulnerabilities n the Zephyr Bluetooth subsy ...)
 	NOT-FOR-US: Zephyr RTOS (unrelated to src:zephyr)
-CVE-2023-4262 (Possible buffer overflow in Zephyr mgmt subsystem when asserts are dis ...)
+CVE-2023-4262
+	REJECTED
 	NOT-FOR-US: Zephyr RTOS (unrelated to src:zephyr)
 CVE-2023-4261
 	NOT-FOR-US: Zephyr RTOS (unrelated to src:zephyr)
@@ -103433,8 +103534,8 @@ CVE-2023-1579 (Heap based buffer overflow in binutils-gdb/bfd/libbfd.c in bfd_ge
 	NOTE: binutils not covered by security support
 CVE-2023-1578 (SQL Injection in GitHub repository pimcore/pimcore prior to 10.5.19.)
 	NOT-FOR-US: pimcore
-CVE-2023-1577
-	RESERVED
+CVE-2023-1577 (A path hijacking vulnerability was reported in Lenovo Driver Manager p ...)
+	TODO: check
 CVE-2023-1576
 	REJECTED
 CVE-2023-1575 (The Mega Main Menu plugin for WordPress is vulnerable to Stored Cross- ...)
@@ -133562,12 +133663,12 @@ CVE-2022-45437 (Improper Neutralization of Input During Web Page Generation ('Cr
 	NOT-FOR-US: Pandora FMS
 CVE-2022-45436 (Improper Neutralization of Input During Web Page Generation ('Cross-si ...)
 	NOT-FOR-US: Pandora FMS
-CVE-2022-4003
-	RESERVED
-CVE-2022-4002
-	RESERVED
-CVE-2022-4001
-	RESERVED
+CVE-2022-4003 (A denial-of-service vulnerability could allow an authenticated user to ...)
+	TODO: check
+CVE-2022-4002 (A command injection vulnerability could allow an authenticated user to ...)
+	TODO: check
+CVE-2022-4001 (An authentication bypass vulnerability could allow an attacker to acce ...)
+	TODO: check
 CVE-2022-4000 (The WooCommerce Shipping WordPress plugin through 1.2.11 does not sani ...)
 	NOT-FOR-US: WordPress plugin
 CVE-2022-3999 (The DPD Baltic Shipping WordPress plugin before 1.2.57 does not have a ...)
@@ -399258,10 +399359,10 @@ CVE-2019-6200 (An out-of-bounds read was addressed with improved input validatio
 	NOT-FOR-US: Apple
 CVE-2019-6199
 	RESERVED
-CVE-2019-6198
-	RESERVED
-CVE-2019-6197
-	RESERVED
+CVE-2019-6198 (A vulnerability was reported in Lenovo PC Manager prior to version2.8. ...)
+	TODO: check
+CVE-2019-6197 (A vulnerability was reported in Lenovo PC Manager prior to version 2.8 ...)
+	TODO: check
 CVE-2019-6196 (A symbolic link vulnerability in some Lenovo installation packages, pr ...)
 	NOT-FOR-US: Lenovo
 CVE-2019-6195 (An authorization bypass exists in Lenovo XClarity Controller (XCC) ver ...)
@@ -512193,8 +512294,8 @@ CVE-2017-3774 (A stack overflow vulnerability was discovered within the web admi
 	NOT-FOR-US: IBM
 CVE-2017-3773
 	REJECTED
-CVE-2017-3772
-	RESERVED
+CVE-2017-3772 (A vulnerability was reported in Lenovo PC Manager versions prior to 2. ...)
+	TODO: check
 CVE-2017-3771 (System boot process is not adequately secured In Lenovo E95 and ThinkC ...)
 	NOT-FOR-US: Lenovo
 CVE-2017-3770 (Privilege escalation vulnerability in LXCA versions earlier than 1.3.2 ...)



View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/5ec2faa134c8c71e57c88b4f54c10fb936a75cfb

-- 
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/5ec2faa134c8c71e57c88b4f54c10fb936a75cfb
You're receiving this email because of your account on salsa.debian.org.


-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://alioth-lists.debian.net/pipermail/debian-security-tracker-commits/attachments/20240801/5e1bc0e9/attachment.htm>

More information about the debian-security-tracker-commits mailing list