[Git][security-tracker-team/security-tracker][master] automatic update
Salvatore Bonaccorso (@carnil)
carnil at debian.org
Fri Jun 7 21:12:56 BST 2024
Salvatore Bonaccorso pushed to branch master at Debian Security Tracker / security-tracker
Commits:
08f91f7f by security tracker role at 2024-06-07T20:12:37+00:00
automatic update
- - - - -
1 changed file:
- data/CVE/list
Changes:
=====================================
data/CVE/list
=====================================
@@ -1,3 +1,87 @@
+CVE-2024-5761
+ REJECTED
+CVE-2024-5745 (A vulnerability was found in itsourcecode Bakery Online Ordering Syste ...)
+ TODO: check
+CVE-2024-5734 (A vulnerability classified as critical has been found in itsourcecode ...)
+ TODO: check
+CVE-2024-5733 (A vulnerability was found in itsourcecode Online Discussion Forum 1.0. ...)
+ TODO: check
+CVE-2024-5732 (A vulnerability was found in Clash up to 0.20.1 on Windows. It has bee ...)
+ TODO: check
+CVE-2024-5645 (The Envo Extra plugin for WordPress is vulnerable to Stored Cross-Site ...)
+ TODO: check
+CVE-2024-5637 (The Market Exporter plugin for WordPress is vulnerable to unauthorized ...)
+ TODO: check
+CVE-2024-5599 (The FileOrganizer \u2013 Manage WordPress and Website Files plugin for ...)
+ TODO: check
+CVE-2024-5542 (The Master Addons \u2013 Free Widgets, Hover Effects, Toggle, Conditio ...)
+ TODO: check
+CVE-2024-5481 (The Photo Gallery by 10Web \u2013 Mobile-Friendly Image Gallery plugin ...)
+ TODO: check
+CVE-2024-5438 (The Tutor LMS \u2013 eLearning and online course solution plugin for W ...)
+ TODO: check
+CVE-2024-5426 (The Photo Gallery by 10Web \u2013 Mobile-Friendly Image Gallery plugin ...)
+ TODO: check
+CVE-2024-5382 (The Master Addons \u2013 Free Widgets, Hover Effects, Toggle, Conditio ...)
+ TODO: check
+CVE-2024-4610 (Use After Free vulnerability in Arm Ltd Bifrost GPU Kernel Driver, Arm ...)
+ TODO: check
+CVE-2024-4152
+ REJECTED
+CVE-2024-3380
+ REJECTED
+CVE-2024-3133
+ REJECTED
+CVE-2024-37388 (An XML External Entity (XXE) vulnerability in the ebookmeta.get_metada ...)
+ TODO: check
+CVE-2024-37163 (SkyScrape is a GUI Dashboard for AWS Infrastructure and Managing Resou ...)
+ TODO: check
+CVE-2024-37162 (zsa is a library for building typesafe server actions in Next.js. All ...)
+ TODO: check
+CVE-2024-37160 (Formwork is a flat file-based Content Management System (CMS). An atta ...)
+ TODO: check
+CVE-2024-36827 (An XML External Entity (XXE) vulnerability in the ebookmeta.get_metada ...)
+ TODO: check
+CVE-2024-36811 (An arbitrary file upload vulnerability in the image upload function of ...)
+ TODO: check
+CVE-2024-36792 (An issue in the implementation of the WPS in Netgear WNR614 JNR1010V2/ ...)
+ TODO: check
+CVE-2024-36790 (Netgear WNR614 JNR1010V2/N300-V1.1.0.54_1.0.1 was discovered to store ...)
+ TODO: check
+CVE-2024-36789 (An issue in Netgear WNR614 JNR1010V2/N300-V1.1.0.54_1.0.1 allows attac ...)
+ TODO: check
+CVE-2024-36788 (Netgear WNR614 JNR1010V2 N300-V1.1.0.54_1.0.1 does not properly set th ...)
+ TODO: check
+CVE-2024-36787 (An issue in Netgear WNR614 JNR1010V2 N300-V1.1.0.54_1.0.1 allows attac ...)
+ TODO: check
+CVE-2024-36773 (A cross-site scripting (XSS) vulnerability in Monstra CMS v3.0.4 allow ...)
+ TODO: check
+CVE-2024-36673 (Sourcecodester Pharmacy/Medical Store Point of Sale System 1.0 is vuln ...)
+ TODO: check
+CVE-2024-32503 (An issue was discovered in Samsung Mobile Processor and Wearable Proce ...)
+ TODO: check
+CVE-2024-32502 (An issue was discovered in Samsung Mobile Processor and Wearable Proce ...)
+ TODO: check
+CVE-2024-31959 (An issue was discovered in Samsung Mobile Processor Exynos 2200, Exyno ...)
+ TODO: check
+CVE-2024-31958 (An issue was discovered in Samsung Mobile Processor EExynos 2200, Exyn ...)
+ TODO: check
+CVE-2024-31878 (IBM i 7.2, 7.3, 7.4, and 7.5 Service Tools Server (SST) is vulnerable ...)
+ TODO: check
+CVE-2024-30163 (Invision Community before 4.7.16 allow SQL injection via the applicati ...)
+ TODO: check
+CVE-2024-30162 (Invision Community through 4.7.16 allows remote code execution via the ...)
+ TODO: check
+CVE-2024-23595
+ REJECTED
+CVE-2023-6997
+ REJECTED
+CVE-2023-5424 (The WS Form LITE plugin for WordPress is vulnerable to CSV Injection i ...)
+ TODO: check
+CVE-2023-49222 (Precor touchscreen console P82 contains a private SSH key that corresp ...)
+ TODO: check
+CVE-2023-49221 (Precor touchscreen console P62, P80, and P82 could allow a remote atta ...)
+ TODO: check
CVE-2024-23445
- elasticsearch <removed>
CVE-2024-37279
@@ -193,7 +277,8 @@ CVE-2024-5186 (A Server-Side Request Forgery (SSRF) vulnerability exists in the
NOT-FOR-US: privategpt
CVE-2024-5133 (In lunary-ai/lunary version 1.2.4, an account takeover vulnerability e ...)
NOT-FOR-US: lunary-ai/lunary
-CVE-2024-5132 (In lunary-ai/lunary version 1.2.2, a business logic error allows users ...)
+CVE-2024-5132
+ REJECTED
NOT-FOR-US: lunary-ai/lunary
CVE-2024-5131 (An Improper Access Control vulnerability exists in the lunary-ai/lunar ...)
NOT-FOR-US: lunary-ai/lunary
@@ -3501,7 +3586,8 @@ CVE-2024-4262 (The Piotnet Addons For Elementor plugin for WordPress is vulnerab
NOT-FOR-US: WordPress plugin
CVE-2024-4261 (The Responsive Contact Form Builder & Lead Generation Plugin plugin fo ...)
NOT-FOR-US: WordPress plugin
-CVE-2024-4153 (A vulnerability in lunary-ai/lunary version 1.2.2 allows attackers to ...)
+CVE-2024-4153
+ REJECTED
NOT-FOR-US: lunary-ai/lunary
CVE-2024-3926 (The Element Pack Elementor Addons (Header Footer, Template Library, Dy ...)
NOT-FOR-US: WordPress plugin
@@ -19035,7 +19121,8 @@ CVE-2024-1738 (An incorrect authorization vulnerability exists in the lunary-ai/
NOT-FOR-US: lunary-ai/lunary
CVE-2024-1666 (In lunary-ai/lunary version 1.0.0, an authorization flaw exists that a ...)
NOT-FOR-US: lunary-ai/lunary
-CVE-2024-1665 (lunary-ai/lunary version 1.0.0 is vulnerable to unauthorized evaluatio ...)
+CVE-2024-1665
+ REJECTED
NOT-FOR-US: lunary-ai/lunary
CVE-2024-1646 (parisneo/lollms-webui is vulnerable to authentication bypass due to in ...)
NOT-FOR-US: lollms-webui
@@ -20364,7 +20451,8 @@ CVE-2024-1602 (parisneo/lollms-webui is vulnerable to stored Cross-Site Scriptin
NOT-FOR-US: parisneo/lollms-webui
CVE-2024-1600 (A Local File Inclusion (LFI) vulnerability exists in the parisneo/loll ...)
NOT-FOR-US: parisneo/lollms-webui
-CVE-2024-1599 (lunary-ai/lunary version 0.3.0 is vulnerable to unauthorized project c ...)
+CVE-2024-1599
+ REJECTED
NOT-FOR-US: lunary-ai/lunary
CVE-2024-1520 (An OS Command Injection vulnerability exists in the '/open_code_folder ...)
NOT-FOR-US: parisneo/lollms-webui
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/08f91f7f61c93fb36b1557b7cedc2270dc4fd674
--
This project does not include diff previews in email notifications.
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/08f91f7f61c93fb36b1557b7cedc2270dc4fd674
You're receiving this email because of your account on salsa.debian.org.
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://alioth-lists.debian.net/pipermail/debian-security-tracker-commits/attachments/20240607/3777a4f4/attachment.htm>
More information about the debian-security-tracker-commits
mailing list