[Git][security-tracker-team/security-tracker][master] automatic update

[Salvatore Bonaccorso (@carnil)]

Salvatore Bonaccorso pushed to branch master at Debian Security Tracker / security-tracker


Commits:
ee4d351b by security tracker role at 2024-03-07T20:12:27+00:00
automatic update

- - - - -


1 changed file:

- data/CVE/list


Changes:

=====================================
data/CVE/list
=====================================
@@ -1,3 +1,67 @@
+CVE-2024-2245 (Cross-Site Scripting vulnerability in moziloCMS version 2.0. By sendin ...)
+	TODO: check
+CVE-2024-2241 (Improper access control in the user interface in Devolutions Workspace ...)
+	TODO: check
+CVE-2024-2136 (The WPKoi Templates for Elementor plugin for WordPress is vulnerable t ...)
+	TODO: check
+CVE-2024-2128 (The EmbedPress \u2013 Embed PDF, Google Docs, Vimeo, Wistia, Embed You ...)
+	TODO: check
+CVE-2024-2127 (The Page Builder: Pagelayer \u2013 Drag and Drop website builder plugi ...)
+	TODO: check
+CVE-2024-28230 (In JetBrains YouTrack before 2024.1.25893 attaching/detaching workflow ...)
+	TODO: check
+CVE-2024-28229 (In JetBrains YouTrack before 2024.1.25893 user without appropriate per ...)
+	TODO: check
+CVE-2024-28228 (In JetBrains YouTrack before 2024.1.25893 creation comments on behalf  ...)
+	TODO: check
+CVE-2024-27733 (File Upload vulnerability in Byzro Network Smart s42 Management Platfo ...)
+	TODO: check
+CVE-2024-22752 (Insecure permissions issue in EaseUS MobiMover 6.0.5 Build 21620 allow ...)
+	TODO: check
+CVE-2024-22256 (VMware Cloud Director contains a partial information disclosure vulner ...)
+	TODO: check
+CVE-2024-1931 (NLnet Labs Unbound version 1.18.0 up to and including version 1.19.1 c ...)
+	TODO: check
+CVE-2024-1773 (The PDF Invoices and Packing Slips For WooCommerce plugin for WordPres ...)
+	TODO: check
+CVE-2024-1725 (A flaw was found in the kubevirt-csi component of OpenShift Virtualiza ...)
+	TODO: check
+CVE-2024-1534 (The Booster for WooCommerce plugin for WordPress is vulnerable to Stor ...)
+	TODO: check
+CVE-2024-1442 (A user with the permissions to create a data source can use Grafana AP ...)
+	TODO: check
+CVE-2024-1382 (The Restaurant Reservations plugin for WordPress is vulnerable to Loca ...)
+	TODO: check
+CVE-2024-1351 (Under certain configurations of --tlsCAFile and tls.CAFile, MongoDB Se ...)
+	TODO: check
+CVE-2024-1170 (The Post Form \u2013 Registration Form \u2013 Profile Form for User Pr ...)
+	TODO: check
+CVE-2024-1169 (The Post Form \u2013 Registration Form \u2013 Profile Form for User Pr ...)
+	TODO: check
+CVE-2024-0917 (remote code execution in paddlepaddle/paddle 2.6.0)
+	TODO: check
+CVE-2024-0818 (Arbitrary File Overwrite Via Path Traversal in paddlepaddle/paddle bef ...)
+	TODO: check
+CVE-2024-0203 (The Digits plugin for WordPress is vulnerable to Cross-Site Request Fo ...)
+	TODO: check
+CVE-2023-48725 (A stack-based buffer overflow vulnerability exists in the JSON Parsing ...)
+	TODO: check
+CVE-2023-47691 (Missing Authorization vulnerability in Podlove Podlove Web Player.This ...)
+	TODO: check
+CVE-2023-42662 (JFrog Artifactory versions 7.59 and above, but below 7.59.18, 7.63.18, ...)
+	TODO: check
+CVE-2023-42661 (JFrog Artifactory prior to version 7.76.2 is vulnerable to Arbitrary F ...)
+	TODO: check
+CVE-2023-42509 (JFrog Artifactory later than version 7.17.4 but prior to version 7.77. ...)
+	TODO: check
+CVE-2023-41503 (Student Enrollment In PHP v1.0 was discovered to contain a SQL injecti ...)
+	TODO: check
+CVE-2023-41015 (code-projects.org Online Job Portal 1.0 is vulnerable to SQL Injection ...)
+	TODO: check
+CVE-2023-41014 (code-projects.org Online Job Portal 1.0 is vulnerable to SQL Injection ...)
+	TODO: check
+CVE-2023-33676 (Sourcecodester Lost and Found Information System's Version 1.0 is vuln ...)
+	TODO: check
 CVE-2024-XXXX [RUSTSEC-2024-0021]
 	- rust-eyre <unfixed>
 	NOTE: https://rustsec.org/advisories/RUSTSEC-2024-0021.html
@@ -36330,7 +36394,7 @@ CVE-2023-40798 (In Tenda AC23 v16.03.07.45_cn, the formSetIPv6status and formGet
 	NOT-FOR-US: Tenda
 CVE-2023-40797 (In Tenda AC23 v16.03.07.45_cn, the sub_4781A4 function does not valida ...)
 	NOT-FOR-US: Tenda
-CVE-2023-40796 (Phicomm k2 v22.6.529.216 is vulnerable to command injection.)
+CVE-2023-40796 (Phicomm k2 v22.6.529.216 was discovered to contain a command injection ...)
 	NOT-FOR-US: Phicomm
 CVE-2023-40599 (Regular expression Denial-of-Service (ReDoS) exists in multiple add-on ...)
 	NOT-FOR-US: multiple addons for Mailform Pro CGI
@@ -45226,7 +45290,7 @@ CVE-2023-35844 (packages/backend/src/routers in Lightdash before 0.510.3 has ins
 	NOT-FOR-US: Lightdash
 CVE-2023-35840 (_joinPath in elFinderVolumeLocalFileSystem.class.php in elFinder befor ...)
 	NOT-FOR-US: elFinder
-CVE-2023-35839 (Solon before 2.3.3 allows Deserialization of Untrusted Data.)
+CVE-2023-35839 (A bypass in the component sofa-hessian of Solon before v2.3.3 allows a ...)
 	NOT-FOR-US: Solon
 CVE-2023-35829 (An issue was discovered in the Linux kernel before 6.3.2. A use-after- ...)
 	- linux 6.3.7-1 (unimportant)
@@ -45631,7 +45695,7 @@ CVE-2023-34609 (An issue was discovered flexjson thru 3.3 allows attackers to ca
 	NOT-FOR-US: flexjson
 CVE-2023-34585
 	REJECTED
-CVE-2023-34540 (An issue discovered in Langchain before 0.0.225 allows attacker to run ...)
+CVE-2023-34540 (Langchain before v0.0.225 was discovered to contain a remote code exec ...)
 	NOT-FOR-US: Langchain
 CVE-2023-34367 (Windows 7 is vulnerable to a full blind TCP/IP hijacking attack. The v ...)
 	NOT-FOR-US: Microsoft
@@ -48104,7 +48168,7 @@ CVE-2023-31518 (A heap use-after-free in the component CDataFileReader::GetItem
 	[buster] - teeworlds <no-dsa> (Minor issue)
 	NOTE: https://gist.github.com/manba-bryant/9ca95d69c65f4d2c55946932c946fb9b
 	NOTE: https://github.com/teeworlds/teeworlds/issues/2970
-CVE-2023-31517 (Teeworlds v0.7.5 was discovered to contain memory leaks.)
+CVE-2023-31517 (A memory leak in the component CConsole::Chain of Teeworlds v0.7.5 all ...)
 	- teeworlds <unfixed> (bug #1036703)
 	[bookworm] - teeworlds <ignored> (Minor issue)
 	[bullseye] - teeworlds <ignored> (Minor issue)
@@ -48370,7 +48434,7 @@ CVE-2023-32096 (Compiler removal of buffer clearing in       sli_crypto_transpar
 	NOT-FOR-US: Silicon Labs Gecko Platform SDK
 CVE-2023-31871 (OpenText Documentum Content Server before 23.2 has a flaw that allows  ...)
 	NOT-FOR-US: OpenText Documentum Content Server
-CVE-2023-31655 (redis-7.0.10 was discovered to contain a segmentation violation.)
+CVE-2023-31655 (redis v7.0.10 was discovered to contain a segmentation violation. This ...)
 	NOTE: Bogus issue, see https://github.com/RedisLabs/redisraft/issues/608
 CVE-2023-31597 (An issue in Zammad v5.4.0 allows attackers to bypass e-mail verificati ...)
 	- zammad <itp> (bug #841355)
@@ -48408,7 +48472,7 @@ CVE-2023-33201 (Bouncy Castle For Java before 1.74 is affected by an LDAP inject
 	[bullseye] - bouncycastle <no-dsa> (Minor issue)
 	NOTE: https://github.com/bcgit/bc-java/wiki/CVE-2023-33201
 	NOTE: https://github.com/bcgit/bc-java/commit/e8c409a8389c815ea3fda5e8b94c92fdfe583bcc
-CVE-2023-31729 (TOTOLINK A3300R v17.0.0cu.557 is vulnerable to Command Injection.)
+CVE-2023-31729 (TOTOLINK A3300R v17.0.0cu.557 is vulnerable to Command Injection via / ...)
 	NOT-FOR-US: TOTOLINK
 CVE-2023-2780 (Path Traversal: '\..\filename' in GitHub repository mlflow/mlflow prio ...)
 	NOT-FOR-US: mlflow
@@ -84492,12 +84556,12 @@ CVE-2022-46501 (Accruent LLC Maintenance Connection 2021 (all) & 2022.2 was disc
 	NOT-FOR-US: Accruent LLC Maintenance Connection
 CVE-2022-46500
 	RESERVED
-CVE-2022-46499
-	RESERVED
-CVE-2022-46498
-	RESERVED
-CVE-2022-46497
-	RESERVED
+CVE-2022-46499 (Hospital Management System 1.0 was discovered to contain a SQL injecti ...)
+	TODO: check
+CVE-2022-46498 (Hospital Management System 1.0 was discovered to contain a SQL injecti ...)
+	TODO: check
+CVE-2022-46497 (Hospital Management System 1.0 was discovered to contain a SQL injecti ...)
+	TODO: check
 CVE-2022-46496 (BTicino Door Entry HOMETOUCH for iOS 1.4.2 was discovered to be missin ...)
 	NOT-FOR-US: BTicino Door Entry HOMETOUCH
 CVE-2022-46495
@@ -86072,8 +86136,8 @@ CVE-2022-46093 (Hospital Management System v1.0 is vulnerable to SQL Injection.
 	NOT-FOR-US: Hospital Management System
 CVE-2022-46092
 	RESERVED
-CVE-2022-46091
-	RESERVED
+CVE-2022-46091 (Cross Site Scripting (XSS) vulnerability in the feedback form of Onlin ...)
+	TODO: check
 CVE-2022-46090
 	RESERVED
 CVE-2022-46089 (Cross Site Scripting (XSS) vulnerability in the add-airline form of On ...)
@@ -184541,7 +184605,7 @@ CVE-2021-38245
 	RESERVED
 CVE-2021-38244 (A regular expression denial of service (ReDoS) vulnerability exits in  ...)
 	NOT-FOR-US: cbioportal
-CVE-2021-38243 (xunruicms <=4.5.1 is vulnerable to Remote Code Execution.)
+CVE-2021-38243 (xunruicms up to v4.5.1 was discovered to contain a remote code executi ...)
 	NOT-FOR-US: xunruicms
 CVE-2021-38242
 	RESERVED



View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/ee4d351bf80ede0a30dac63153d817ebc38cf2c3

-- 
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/ee4d351bf80ede0a30dac63153d817ebc38cf2c3
You're receiving this email because of your account on salsa.debian.org.


-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://alioth-lists.debian.net/pipermail/debian-security-tracker-commits/attachments/20240307/920169ed/attachment-0001.htm>