[Git][security-tracker-team/security-tracker][master] automatic update

[Salvatore Bonaccorso (@carnil)]

Salvatore Bonaccorso pushed to branch master at Debian Security Tracker / security-tracker


Commits:
98d6f9df by security tracker role at 2024-06-24T08:12:29+00:00
automatic update

- - - - -


1 changed file:

- data/CVE/list


Changes:

=====================================
data/CVE/list
=====================================
@@ -1,6 +1,46 @@
+CVE-2024-6280 (A vulnerability was found in SourceCodester Simple Online Bidding Syst ...)
+	TODO: check
+CVE-2024-6279 (A vulnerability was found in lahirudanushka School Management System 1 ...)
+	TODO: check
+CVE-2024-6278 (A vulnerability has been found in lahirudanushka School Management Sys ...)
+	TODO: check
+CVE-2024-6277 (A vulnerability, which was classified as critical, was found in lahiru ...)
+	TODO: check
+CVE-2024-6276 (A vulnerability, which was classified as critical, has been found in l ...)
+	TODO: check
+CVE-2024-6275 (A vulnerability classified as critical was found in lahirudanushka Sch ...)
+	TODO: check
+CVE-2024-6274 (A vulnerability classified as critical has been found in lahirudanushk ...)
+	TODO: check
+CVE-2024-6273 (A vulnerability was found in SourceCodester Clinic Queuing System 1.0. ...)
+	TODO: check
+CVE-2024-4900 (The SEOPress  WordPress plugin before 7.8 does not validate and escape ...)
+	TODO: check
+CVE-2024-4899 (The SEOPress  WordPress plugin before 7.8 does not sanitise and escape ...)
+	TODO: check
+CVE-2024-4499 (A Cross-Site Request Forgery (CSRF) vulnerability exists in the XTTS s ...)
+	TODO: check
+CVE-2024-4460 (A denial of service (DoS) vulnerability exists in zenml-io/zenml versi ...)
+	TODO: check
+CVE-2024-3121 (A remote code execution vulnerability exists in the create_conda_env f ...)
+	TODO: check
+CVE-2024-39337 (Click Studios Passwordstate Core before 9.8 build 9858 allows Authenti ...)
+	TODO: check
+CVE-2024-39334 (MENDELSON AS4 before 2024 B376 has a client-side vulnerability when a  ...)
+	TODO: check
+CVE-2024-24554 (Bludit uses predictable methods in combination with the MD5 hashing al ...)
+	TODO: check
+CVE-2024-24553 (Bludit uses the SHA-1 hashing algorithm to compute password hashes. Th ...)
+	TODO: check
+CVE-2024-24552 (A session fixation vulnerability in Bludit allows an attacker to bypas ...)
+	TODO: check
+CVE-2024-24551 (A security vulnerability has been identified in Bludit, allowing authe ...)
+	TODO: check
+CVE-2024-24550 (A security vulnerability has been identified in Bludit, allowing attac ...)
+	TODO: check
 CVE-2024-29868
 	NOT-FOR-US: Apache StreamPipes
-CVE-2024-27136
+CVE-2024-27136 (XSS in Upload page in Apache JSPWiki 2.12.1 and priors allows the atta ...)
 	- jspwiki <removed>
 CVE-2024-28882
 	- openvpn <unfixed>
@@ -16,7 +56,7 @@ CVE-2024-6268 (A vulnerability, which was classified as critical, has been found
 	NOT-FOR-US: lahirudanushka School Management System
 CVE-2024-4841 (A Path Traversal vulnerability exists in the parisneo/lollms-webui, sp ...)
 	NOT-FOR-US: parisneo/lollms-webui
-CVE-2024-39331 [org-link-expand-abbrev: Do not evaluate arbitrary unsafe Elisp code]
+CVE-2024-39331 (In Emacs before 29.4, org-link-expand-abbrev in lisp/ol.el expands a % ...)
 	- emacs <unfixed> (bug #1074137)
 	- org-mode <unfixed> (bug #1074136)
 	[bookworm] - org-mode <ignored> (Produces only a dependency binary package)



View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/98d6f9df74414a5a4f8790e47cf77ec5c2ad884f

-- 
This project does not include diff previews in email notifications.
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/98d6f9df74414a5a4f8790e47cf77ec5c2ad884f
You're receiving this email because of your account on salsa.debian.org.


-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://alioth-lists.debian.net/pipermail/debian-security-tracker-commits/attachments/20240624/8fc563da/attachment.htm>