[Git][security-tracker-team/security-tracker][master] automatic update

Salvatore Bonaccorso (@carnil) carnil at debian.org
Mon Aug 19 21:12:48 BST 2024 


Salvatore Bonaccorso pushed to branch master at Debian Security Tracker / security-tracker


Commits:
786be6a3 by security tracker role at 2024-08-19T20:12:19+00:00
automatic update

- - - - -


1 changed file:

- data/CVE/list


Changes:

=====================================
data/CVE/list
=====================================
@@ -1,3 +1,101 @@
+CVE-2024-7958
+	REJECTED
+CVE-2024-7927 (A vulnerability classified as critical was found in ZZCMS 2023. Affect ...)
+	TODO: check
+CVE-2024-7926 (A vulnerability classified as critical has been found in ZZCMS 2023. A ...)
+	TODO: check
+CVE-2024-7925 (A vulnerability was found in ZZCMS 2023. It has been rated as problema ...)
+	TODO: check
+CVE-2024-7924 (A vulnerability was found in ZZCMS 2023. It has been declared as criti ...)
+	TODO: check
+CVE-2024-7922 (A vulnerability was found in D-Link DNS-120, DNR-202L, DNS-315L, DNS-3 ...)
+	TODO: check
+CVE-2024-7592 (There is a LOW severity vulnerability affecting CPython, specifically  ...)
+	TODO: check
+CVE-2024-6348 (Predictable seed generation in the security access mechanism of UDS in ...)
+	TODO: check
+CVE-2024-43401 (XWiki Platform is a generic wiki platform offering runtime services fo ...)
+	TODO: check
+CVE-2024-43400 (XWiki Platform is a generic wiki platform offering runtime services fo ...)
+	TODO: check
+CVE-2024-43399 (Mobile Security Framework (MobSF) is a pen-testing, malware analysis a ...)
+	TODO: check
+CVE-2024-43380 (fugit contains time tools for flor and the floraison group. The fugit  ...)
+	TODO: check
+CVE-2024-43379 (TruffleHog is a secrets scanning tool. Prior to v3.81.9, this vulnerab ...)
+	TODO: check
+CVE-2024-43372
+	REJECTED
+CVE-2024-43354 (Deserialization of Untrusted Data vulnerability in myCred allows Objec ...)
+	TODO: check
+CVE-2024-43345 (Improper Limitation of a Pathname to a Restricted Directory ('Path Tra ...)
+	TODO: check
+CVE-2024-43328 (Improper Limitation of a Pathname to a Restricted Directory ('Path Tra ...)
+	TODO: check
+CVE-2024-43326 (Missing Authorization vulnerability in Jamie Bergen Plugin Notes Plus  ...)
+	TODO: check
+CVE-2024-43317 (Improper Neutralization of Input During Web Page Generation (XSS or 'C ...)
+	TODO: check
+CVE-2024-43311 (Improper Privilege Management vulnerability in Geek Code Lab Login As  ...)
+	TODO: check
+CVE-2024-43281 (Improper Limitation of a Pathname to a Restricted Directory ('Path Tra ...)
+	TODO: check
+CVE-2024-43280 (URL Redirection to Untrusted Site ('Open Redirect') vulnerability in S ...)
+	TODO: check
+CVE-2024-43272 (Missing Authentication for Critical Function vulnerability in icegram  ...)
+	TODO: check
+CVE-2024-43271 (Improper Limitation of a Pathname to a Restricted Directory ('Path Tra ...)
+	TODO: check
+CVE-2024-43261 (Improper Control of Filename for Include/Require Statement in PHP Prog ...)
+	TODO: check
+CVE-2024-43256 (Missing Authorization vulnerability in nouthemes Leopard - WordPress o ...)
+	TODO: check
+CVE-2024-43252 (Deserialization of Untrusted Data vulnerability in Crew HRM allows Obj ...)
+	TODO: check
+CVE-2024-43250 (Incorrect Authorization vulnerability in Bit Apps Bit Form Pro bitform ...)
+	TODO: check
+CVE-2024-43249 (Unrestricted Upload of File with Dangerous Type vulnerability in Bit A ...)
+	TODO: check
+CVE-2024-43248 (Improper Limitation of a Pathname to a Restricted Directory ('Path Tra ...)
+	TODO: check
+CVE-2024-43247 (Missing Authorization vulnerability in creativeon WHMpress allows Acce ...)
+	TODO: check
+CVE-2024-43245 (Improper Privilege Management vulnerability in eyecix JobSearch allows ...)
+	TODO: check
+CVE-2024-43242 (Deserialization of Untrusted Data vulnerability in azzaroco Ultimate M ...)
+	TODO: check
+CVE-2024-43240 (Improper Privilege Management vulnerability in azzaroco Ultimate Membe ...)
+	TODO: check
+CVE-2024-43236 (URL Redirection to Untrusted Site ('Open Redirect') vulnerability in S ...)
+	TODO: check
+CVE-2024-43232 (Improper Limitation of a Pathname to a Restricted Directory ('Path Tra ...)
+	TODO: check
+CVE-2024-43221 (Improper Limitation of a Pathname to a Restricted Directory ('Path Tra ...)
+	TODO: check
+CVE-2024-42815 (In the TP-Link RE365 V1_180213, there is a buffer overflow vulnerabili ...)
+	TODO: check
+CVE-2024-42813 (In TRENDnet TEW-752DRU FW1.03B01, there is a buffer overflow vulnerabi ...)
+	TODO: check
+CVE-2024-42812 (In D-Link DIR-860L v2.03, there is a buffer overflow vulnerability due ...)
+	TODO: check
+CVE-2024-42675
+	REJECTED
+CVE-2024-42658 (An issue in wishnet Nepstech Wifi Router NTPL-XPON1GFEVN v1.0 allows a ...)
+	TODO: check
+CVE-2024-42657 (An issue in wishnet Nepstech Wifi Router NTPL-XPON1GFEVN v1.0 allows a ...)
+	TODO: check
+CVE-2024-42633 (A Command Injection vulnerability exists in the do_upgrade_post functi ...)
+	TODO: check
+CVE-2024-39306
+	REJECTED
+CVE-2024-37099 (Deserialization of Untrusted Data vulnerability in Liquid Web GiveWP a ...)
+	TODO: check
+CVE-2024-32928 (The libcurl CURLOPT_SSL_VERIFYPEER option was disabled on a subset of  ...)
+	TODO: check
+CVE-2024-32927 (In sendDeviceState_1_6 of RadioExt.cpp, there is a possible use after  ...)
+	TODO: check
+CVE-2024-23729 (The ColorOS Internet Browser com.heytap.browser application 45.10.3.4. ...)
+	TODO: check
 CVE-2024-7921 (A vulnerability has been found in Anhui Deshun Intelligent Technology  ...)
 	NOT-FOR-US: Anhui Deshun Intelligent Technology Jieshun JieLink+ JSOTC2016
 CVE-2024-7920 (A vulnerability, which was classified as problematic, was found in Anh ...)
@@ -942,7 +1040,7 @@ CVE-2024-27729 (Cross Site Scripting vulnerability in Friendica v.2023.12 allows
 	NOT-FOR-US: Friendica
 CVE-2024-27728 (Cross Site Scripting vulnerability in Friendica v.2023.12 allows a rem ...)
 	NOT-FOR-US: Friendica
-CVE-2024-25633 (eLabFTW is an open source electronic lab notebook for research labs.   ...)
+CVE-2024-25633 (eLabFTW is an open source electronic lab notebook for research labs. I ...)
 	NOT-FOR-US: eLabFTW
 CVE-2024-23168 (Vulnerability in Xiexe XSOverlay before build 647 allows non-local web ...)
 	NOT-FOR-US: Xiexe XSOverlay
@@ -4198,7 +4296,7 @@ CVE-2024-7306 (A vulnerability, which was classified as critical, was found in S
 	NOT-FOR-US: SourceCodester Establishment Billing Management System
 CVE-2024-7303 (A vulnerability was found in itsourcecode Online Blood Bank Management ...)
 	NOT-FOR-US: itsourcecode Online Blood Bank Management System
-CVE-2024-7300 (** UNSUPPORTED WHEN ASSIGNED ** A vulnerability classified as problema ...)
+CVE-2024-7300 (A vulnerability classified as problematic has been found in Bolt CMS 3 ...)
 	NOT-FOR-US: Bolt CMS
 CVE-2024-7299 (** UNSUPPORTED WHEN ASSIGNED ** A vulnerability was found in Bolt CMS  ...)
 	NOT-FOR-US: Bolt CMS
@@ -12773,6 +12871,7 @@ CVE-2024-38952 (PX4-Autopilot v1.14.3 was discovered to contain a buffer overflo
 CVE-2024-38951 (A buffer overflow in PX4-Autopilot v1.12.3 allows attackers to cause a ...)
 	NOT-FOR-US: PX4-Autopilot
 CVE-2024-37894 (Squid is a caching proxy for the Web supporting HTTP, HTTPS, FTP, and  ...)
+	{DSA-5751-1}
 	- squid 6.10-1 (bug #1074284)
 	NOTE: https://github.com/squid-cache/squid/commit/920563e7a080155fae3ced73d6198781e8b0ff04 (master)
 	NOTE: https://github.com/squid-cache/squid/commit/67f5496f7b72e698ad0f5aa3512c83089424f27f (v6)
@@ -133198,7 +133297,7 @@ CVE-2022-4427 (Improper Input Validation vulnerability in OTRS AG OTRS, OTRS AG
 CVE-2022-4426 (The Mautic Integration for WooCommerce WordPress plugin before 1.0.3 d ...)
 	NOT-FOR-US: WordPress plugin
 CVE-2022-4425
-	RESERVED
+	REJECTED
 CVE-2022-4424
 	RESERVED
 CVE-2022-4423
@@ -133259,7 +133358,7 @@ CVE-2022-4413 (Cross-site Scripting (XSS) - Reflected in GitHub repository nuxt/
 CVE-2022-4412
 	RESERVED
 CVE-2022-4411
-	RESERVED
+	REJECTED
 CVE-2022-4410 (The Permalink Manager Lite plugin for WordPress is vulnerable to Store ...)
 	NOT-FOR-US: Permalink Manager Lite plugin for WordPress
 CVE-2022-4409 (Sensitive Cookie in HTTPS Session Without 'Secure' Attribute in GitHub ...)
@@ -133273,7 +133372,7 @@ CVE-2022-4406
 CVE-2022-4405
 	REJECTED
 CVE-2022-4404
-	RESERVED
+	REJECTED
 CVE-2022-4403 (A vulnerability classified as critical was found in SourceCodester Can ...)
 	NOT-FOR-US: SourceCodester Canteen Management System
 CVE-2022-4402 (A vulnerability classified as critical has been found in RainyGao DocS ...)
@@ -185193,7 +185292,7 @@ CVE-2022-1444 (heap-use-after-free in GitHub repository radareorg/radare2 prior
 	NOTE: https://huntr.dev/bounties/b438a940-f8a4-4872-b030-59bdd1ab72aa
 	NOTE: https://github.com/radareorg/radare2/commit/14189710859c27981adb4c2c2aed2863c1859ec5
 CVE-2022-1443
-	RESERVED
+	REJECTED
 CVE-2022-1442 (The Metform WordPress plugin is vulnerable to sensitive information di ...)
 	NOT-FOR-US: WordPress plugin
 CVE-2022-29598 (Solutions Atlantic Regulatory Reporting System (RRS) v500 is vulnerabl ...)



View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/786be6a3fc5f42e4899fb9a4eaf17604bd1c539f

-- 
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/786be6a3fc5f42e4899fb9a4eaf17604bd1c539f
You're receiving this email because of your account on salsa.debian.org.


-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://alioth-lists.debian.net/pipermail/debian-security-tracker-commits/attachments/20240819/8a72e136/attachment.htm>

More information about the debian-security-tracker-commits mailing list