[Git][security-tracker-team/security-tracker][master] automatic update

Salvatore Bonaccorso (@carnil) carnil at debian.org
Thu Feb 22 08:11:47 GMT 2024



Salvatore Bonaccorso pushed to branch master at Debian Security Tracker / security-tracker


Commits:
04ac12b5 by security tracker role at 2024-02-22T08:11:36+00:00
automatic update

- - - - -


1 changed file:

- data/CVE/list


Changes:

=====================================
data/CVE/list
=====================================
@@ -1,4 +1,86 @@
-CVE-2024-26147
+CVE-2024-27283 (A vulnerability was discovered in Veritas eDiscovery Platform before 1 ...)
+	TODO: check
+CVE-2024-26491 (A cross-site scripting (XSS) vulnerability in the Addon JD Flusity 'Me ...)
+	TODO: check
+CVE-2024-26490 (A cross-site scripting (XSS) vulnerability in the Addon JD Simple modu ...)
+	TODO: check
+CVE-2024-26489 (A cross-site scripting (XSS) vulnerability in the Addon JD Flusity 'So ...)
+	TODO: check
+CVE-2024-26484 (A stored cross-site scripting (XSS) vulnerability in the Edit Content  ...)
+	TODO: check
+CVE-2024-26483 (An arbitrary file upload vulnerability in the Profile Image module of  ...)
+	TODO: check
+CVE-2024-26482 (An HTML injection vulnerability in the Edit Content Layout module of K ...)
+	TODO: check
+CVE-2024-26481 (Kirby CMS v4.1.0 was discovered to contain a reflected cross-site scri ...)
+	TODO: check
+CVE-2024-26148 (Querybook is a user interface for querying big data. Prior to version  ...)
+	TODO: check
+CVE-2024-25801 (An arbitrary file upload vulnerability in the Add Media function of SK ...)
+	TODO: check
+CVE-2024-25423 (An issue in MAXON CINEMA 4D R2024.2.0 allows a local attacker to execu ...)
+	TODO: check
+CVE-2024-25251 (code-projects Agro-School Management System 1.0 is suffers from Incorr ...)
+	TODO: check
+CVE-2024-25124 (Fiber is a web framework written in go. Prior to version 2.52.1, the C ...)
+	TODO: check
+CVE-2024-23654 (discourse-ai is the AI plugin for the open-source discussion platform  ...)
+	TODO: check
+CVE-2024-23137 (A maliciously crafted STP or SLDPRT file when ODXSW_DLL.dll parsed thr ...)
+	TODO: check
+CVE-2024-23136 (A maliciously crafted STP file when ASMKERN228A.dll parsed through Aut ...)
+	TODO: check
+CVE-2024-23135 (A maliciously crafted SLDPRT file when ASMkern228A.dll parsed through  ...)
+	TODO: check
+CVE-2024-23134 (A maliciously crafted IGS file when tbb.dll parsed through Autodesk Au ...)
+	TODO: check
+CVE-2024-23133 (A maliciously crafted STP file inASMDATAX228A.dll when parsed through  ...)
+	TODO: check
+CVE-2024-23132 (A maliciously crafted STP file in atf_dwg_consumer.dll when parsed thr ...)
+	TODO: check
+CVE-2024-23131 (A maliciously crafted STP file in ASMKERN228A.dll or ASMDATAX228A.dllw ...)
+	TODO: check
+CVE-2024-23130 (A maliciously crafted SLDASM, or SLDPRT files in ODXSW_DLL.dllwhen par ...)
+	TODO: check
+CVE-2024-23129 (A maliciously crafted MODEL 3DM, STP or SLDASMfiles in opennurbs.dll w ...)
+	TODO: check
+CVE-2024-23128 (A maliciously crafted MODEL file in libodxdll.dll when parsed through  ...)
+	TODO: check
+CVE-2024-23127 (A maliciously crafted MODEL, SLDPRTor SLDASM file when parsed VCRUNTIM ...)
+	TODO: check
+CVE-2024-23126 (A maliciously crafted CATPART file when parsed CC5Dll.dll through Auto ...)
+	TODO: check
+CVE-2024-23125 (A maliciously crafted SLDPRT file when parsed ODXSW_DLL.dll through Au ...)
+	TODO: check
+CVE-2024-23124 (A maliciously crafted STP file when parsed in ASMIMPORT228A.dll throug ...)
+	TODO: check
+CVE-2024-23123 (A maliciously crafted CATPART file when parsed in CC5Dll.dll and ASMBA ...)
+	TODO: check
+CVE-2024-23122 (A maliciously crafted 3DM file when parsed in opennurbs.dll through Au ...)
+	TODO: check
+CVE-2024-23121 (A maliciously crafted MODEL file when parsed in libodxdll.dll through  ...)
+	TODO: check
+CVE-2024-23120 (A maliciously crafted STP file when parsed in ASMIMPORT228A.dll throug ...)
+	TODO: check
+CVE-2024-1053 (The Event Tickets and Registration plugin for WordPress is vulnerable  ...)
+	TODO: check
+CVE-2024-0903 (The User Feedback \u2013 Create Interactive Feedback Form, User Survey ...)
+	TODO: check
+CVE-2024-0446 (A maliciously crafted STP, CATPART or MODEL file when parsed in ASMKER ...)
+	TODO: check
+CVE-2023-52155 (A SQL Injection vulnerability in /admin/sauvegarde/run.php in PMB 7.4. ...)
+	TODO: check
+CVE-2023-52154 (File Upload vulnerability in pmb/camera_upload.php in PMB 7.4.7 and ea ...)
+	TODO: check
+CVE-2023-52153 (A SQL Injection vulnerability in /pmb/opac_css/includes/sessions.inc.p ...)
+	TODO: check
+CVE-2023-51828 (A SQL Injection vulnerability in /admin/convert/export.class.php in PM ...)
+	TODO: check
+CVE-2023-38844 (SQL injection vulnerability in PMB v.7.4.7 and earlier allows a remote ...)
+	TODO: check
+CVE-2023-37177 (SQL Injection vulnerability in PMB Services PMB v.7.4.7 and before all ...)
+	TODO: check
+CVE-2024-26147 (Helm is a package manager for Charts for Kubernetes. Versions prior to ...)
 	- helm-kubernetes <itp> (bug #910799)
 CVE-2024-1726
 	NOT-FOR-US: Quarkus
@@ -113,19 +195,19 @@ CVE-2023-46241 (`discourse-microsoft-auth` is a plugin that enables authenticati
 	TODO: check
 CVE-2023-33843 (IBM InfoSphere Information Server 11.7 is vulnerable to cross-site scr ...)
 	NOT-FOR-US: IBM
-CVE-2024-0410
+CVE-2024-0410 (An authorization bypass vulnerability was discovered in GitLab affecti ...)
 	- gitlab <unfixed>
-CVE-2023-3509
+CVE-2023-3509 (An issue has been discovered in GitLab affecting all versions before 1 ...)
 	- gitlab <unfixed>
-CVE-2024-0861
+CVE-2024-0861 (An issue has been discovered in GitLab EE affecting all versions start ...)
 	- gitlab <not-affected> (Specific to EE)
-CVE-2023-4895
+CVE-2023-4895 (An issue has been discovered in GitLab EE affecting all versions start ...)
 	- gitlab <not-affected> (Specific to EE)
-CVE-2024-1525
+CVE-2024-1525 (An issue has been discovered in GitLab CE/EE affecting all versions st ...)
 	- gitlab <unfixed>
-CVE-2023-6477
+CVE-2023-6477 (An issue has been discovered in GitLab EE affecting all versions start ...)
 	- gitlab <not-affected> (Specific to EE)
-CVE-2024-1451
+CVE-2024-1451 (An issue has been discovered in GitLab CE/EE affecting all versions st ...)
 	- gitlab <not-affected> (Only affects 16.9)
 CVE-2024-26585 (In the Linux kernel, the following vulnerability has been resolved:  t ...)
 	- linux <unfixed>
@@ -5941,7 +6023,7 @@ CVE-2024-22204 (Whoogle Search is a self-hosted metasearch engine. Versions 0.8.
 	NOT-FOR-US: Whoogle Search
 CVE-2024-22203 (Whoogle Search is a self-hosted metasearch engine. In versions prior t ...)
 	NOT-FOR-US: Whoogle Search
-CVE-2024-22076 (MyQ Print Server before 8.2 patch 43 allows Unauthenticated Remote Cod ...)
+CVE-2024-22076 (MyQ Print Server before 8.2 patch 43 allows remote authenticated admin ...)
 	NOT-FOR-US: MyQ Print Server
 CVE-2024-0703 (The Sticky Buttons \u2013 floating buttons builder plugin for WordPres ...)
 	NOT-FOR-US: WordPress plugin
@@ -67075,16 +67157,16 @@ CVE-2023-24336
 	RESERVED
 CVE-2023-24335
 	RESERVED
-CVE-2023-24334
-	RESERVED
-CVE-2023-24333
-	RESERVED
-CVE-2023-24332
-	RESERVED
-CVE-2023-24331
-	RESERVED
-CVE-2023-24330
-	RESERVED
+CVE-2023-24334 (A stack overflow vulnerability in Tenda AC23 with firmware version US_ ...)
+	TODO: check
+CVE-2023-24333 (A stack overflow vulnerability in Tenda AC21 with firmware version US_ ...)
+	TODO: check
+CVE-2023-24332 (A stack overflow vulnerability in Tenda AC6 with firmware version US_A ...)
+	TODO: check
+CVE-2023-24331 (Command Injection vulnerability in D-Link Dir 816 with firmware versio ...)
+	TODO: check
+CVE-2023-24330 (Command Injection vulnerability in D-Link Dir 882 with firmware versio ...)
+	TODO: check
 CVE-2023-24329 (An issue in the urllib.parse component of Python before 3.11.4 allows  ...)
 	{DLA-3575-1}
 	- python3.11 3.11.4-1



View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/04ac12b53a313fc3b8c0d2a7b833a43ddda222ef

-- 
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/04ac12b53a313fc3b8c0d2a7b833a43ddda222ef
You're receiving this email because of your account on salsa.debian.org.


-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://alioth-lists.debian.net/pipermail/debian-security-tracker-commits/attachments/20240222/a0ccca4b/attachment.htm>


More information about the debian-security-tracker-commits mailing list