[Git][security-tracker-team/security-tracker][master] automatic update

[Salvatore Bonaccorso (@carnil)]

Salvatore Bonaccorso pushed to branch master at Debian Security Tracker / security-tracker


Commits:
79b2658e by security tracker role at 2024-03-08T08:11:40+00:00
automatic update

- - - - -


1 changed file:

- data/CVE/list


Changes:

=====================================
data/CVE/list
=====================================
@@ -1,3 +1,221 @@
+CVE-2024-2298 (The affiliate-toolkit \u2013 WordPress Affiliate Plugin plugin for Wor ...)
+	TODO: check
+CVE-2024-2285 (A vulnerability, which was classified as problematic, has been found i ...)
+	TODO: check
+CVE-2024-2284 (A vulnerability classified as problematic was found in boyiddha Automa ...)
+	TODO: check
+CVE-2024-2283 (A vulnerability classified as critical has been found in boyiddha Auto ...)
+	TODO: check
+CVE-2024-2282 (A vulnerability was found in boyiddha Automated-Mess-Management-System ...)
+	TODO: check
+CVE-2024-2281 (A vulnerability was found in boyiddha Automated-Mess-Management-System ...)
+	TODO: check
+CVE-2024-2277 (A vulnerability was found in Bdtask G-Prescription Gynaecology & OBS C ...)
+	TODO: check
+CVE-2024-2276 (A vulnerability has been found in Bdtask G-Prescription Gynaecology &  ...)
+	TODO: check
+CVE-2024-2275 (A vulnerability, which was classified as problematic, was found in Bdt ...)
+	TODO: check
+CVE-2024-2274 (A vulnerability, which was classified as problematic, has been found i ...)
+	TODO: check
+CVE-2024-2272 (A vulnerability classified as critical was found in keerti1924 Online- ...)
+	TODO: check
+CVE-2024-2271 (A vulnerability classified as critical has been found in keerti1924 On ...)
+	TODO: check
+CVE-2024-2270 (A vulnerability was found in keerti1924 Online-Book-Store-Website 1.0. ...)
+	TODO: check
+CVE-2024-2269 (A vulnerability was found in keerti1924 Online-Book-Store-Website 1.0. ...)
+	TODO: check
+CVE-2024-2268 (A vulnerability was found in keerti1924 Online-Book-Store-Website 1.0. ...)
+	TODO: check
+CVE-2024-2267 (A vulnerability was found in keerti1924 Online-Book-Store-Website 1.0  ...)
+	TODO: check
+CVE-2024-2266 (A vulnerability has been found in keerti1924 Secret-Coder-PHP-Project  ...)
+	TODO: check
+CVE-2024-2265 (A vulnerability, which was classified as problematic, was found in kee ...)
+	TODO: check
+CVE-2024-2264 (A vulnerability, which was classified as critical, has been found in k ...)
+	TODO: check
+CVE-2024-2044 (pgAdmin 4 uses a file-based session management approach. The session f ...)
+	TODO: check
+CVE-2024-28115 (FreeRTOS is a real-time operating system for microcontrollers. FreeRTO ...)
+	TODO: check
+CVE-2024-27707 (Server Side Request Forgery (SSRF) vulnerability in hcengineering Huly ...)
+	TODO: check
+CVE-2024-27613 (Numbas editor before 7.3 mishandles reading of themes and extensions.)
+	TODO: check
+CVE-2024-27612 (Numbas editor before 7.3 mishandles editing of themes and extensions.)
+	TODO: check
+CVE-2024-26492 (An issue in Online Diagnostic Lab Management System 1.0 allows a remot ...)
+	TODO: check
+CVE-2024-26313 (Archer Platform 6.x before 6.14 P2 HF2 (6.14.0.2.2) contains a stored  ...)
+	TODO: check
+CVE-2024-26309 (Archer Platform 6.x before 6.14 P2 HF2 (6.14.0.2.2) contains a sensiti ...)
+	TODO: check
+CVE-2024-26167 (Microsoft Edge for Android Spoofing Vulnerability)
+	TODO: check
+CVE-2024-25849 (In the module "Make an offer" (makeanoffer) <= 1.7.1 from PrestaToolKi ...)
+	TODO: check
+CVE-2024-25848 (In the module "Ever Ultimate SEO" (everpsseo) <= 8.1.2 from Team Ever  ...)
+	TODO: check
+CVE-2024-25845 (In the module "CD Custom Fields 4 Orders" (cdcustomfields4orders) <= 1 ...)
+	TODO: check
+CVE-2024-25729 (Arris SBG6580 devices have predictable default WPA2 security passwords ...)
+	TODO: check
+CVE-2024-25327 (Cross Site Scripting (XSS) vulnerability in Justice Systems FullCourt  ...)
+	TODO: check
+CVE-2024-24035 (Cross Site Scripting (XSS) vulnerability in Setor Informatica SIL 3.1  ...)
+	TODO: check
+CVE-2024-23297 (The issue was addressed with improved checks. This issue is fixed in t ...)
+	TODO: check
+CVE-2024-23295 (A permissions issue was addressed to help ensure Personas are always p ...)
+	TODO: check
+CVE-2024-23294 (This issue was addressed by removing the vulnerable code. This issue i ...)
+	TODO: check
+CVE-2024-23293 (This issue was addressed through improved state management. This issue ...)
+	TODO: check
+CVE-2024-23292 (This issue was addressed with improved data protection. This issue is  ...)
+	TODO: check
+CVE-2024-23291 (A privacy issue was addressed with improved private data redaction for ...)
+	TODO: check
+CVE-2024-23290 (A logic issue was addressed with improved restrictions. This issue is  ...)
+	TODO: check
+CVE-2024-23289 (A lock screen issue was addressed with improved state management. This ...)
+	TODO: check
+CVE-2024-23288 (This issue was addressed by removing the vulnerable code. This issue i ...)
+	TODO: check
+CVE-2024-23287 (A privacy issue was addressed with improved handling of temporary file ...)
+	TODO: check
+CVE-2024-23286 (A buffer overflow issue was addressed with improved memory handling. T ...)
+	TODO: check
+CVE-2024-23285 (This issue was addressed with improved handling of symlinks. This issu ...)
+	TODO: check
+CVE-2024-23284 (A logic issue was addressed with improved state management. This issue ...)
+	TODO: check
+CVE-2024-23283 (A privacy issue was addressed with improved private data redaction for ...)
+	TODO: check
+CVE-2024-23281 (This issue was addressed with improved state management. This issue is ...)
+	TODO: check
+CVE-2024-23280 (An injection issue was addressed with improved validation. This issue  ...)
+	TODO: check
+CVE-2024-23279 (A privacy issue was addressed with improved private data redaction for ...)
+	TODO: check
+CVE-2024-23278 (The issue was addressed with improved checks. This issue is fixed in m ...)
+	TODO: check
+CVE-2024-23277 (The issue was addressed with improved checks. This issue is fixed in m ...)
+	TODO: check
+CVE-2024-23276 (A logic issue was addressed with improved checks. This issue is fixed  ...)
+	TODO: check
+CVE-2024-23275 (A race condition was addressed with additional validation. This issue  ...)
+	TODO: check
+CVE-2024-23274 (An injection issue was addressed with improved input validation. This  ...)
+	TODO: check
+CVE-2024-23273 (This issue was addressed through improved state management. This issue ...)
+	TODO: check
+CVE-2024-23272 (A logic issue was addressed with improved checks. This issue is fixed  ...)
+	TODO: check
+CVE-2024-23270 (The issue was addressed with improved memory handling. This issue is f ...)
+	TODO: check
+CVE-2024-23269 (A downgrade issue affecting Intel-based Mac computers was addressed wi ...)
+	TODO: check
+CVE-2024-23268 (An injection issue was addressed with improved input validation. This  ...)
+	TODO: check
+CVE-2024-23267 (The issue was addressed with improved checks. This issue is fixed in m ...)
+	TODO: check
+CVE-2024-23266 (The issue was addressed with improved checks. This issue is fixed in m ...)
+	TODO: check
+CVE-2024-23265 (A memory corruption vulnerability was addressed with improved locking. ...)
+	TODO: check
+CVE-2024-23264 (A validation issue was addressed with improved input sanitization. Thi ...)
+	TODO: check
+CVE-2024-23263 (A logic issue was addressed with improved validation. This issue is fi ...)
+	TODO: check
+CVE-2024-23262 (This issue was addressed with additional entitlement checks. This issu ...)
+	TODO: check
+CVE-2024-23260 (This issue was addressed by removing additional entitlements. This iss ...)
+	TODO: check
+CVE-2024-23259 (The issue was addressed with improved checks. This issue is fixed in i ...)
+	TODO: check
+CVE-2024-23258 (An out-of-bounds read was addressed with improved input validation. Th ...)
+	TODO: check
+CVE-2024-23257 (The issue was addressed with improved memory handling. This issue is f ...)
+	TODO: check
+CVE-2024-23255 (An authentication issue was addressed with improved state management.  ...)
+	TODO: check
+CVE-2024-23254 (The issue was addressed with improved UI handling. This issue is fixed ...)
+	TODO: check
+CVE-2024-23253 (A permissions issue was addressed with additional restrictions. This i ...)
+	TODO: check
+CVE-2024-23252 (The issue was addressed with improved memory handling. This issue is f ...)
+	TODO: check
+CVE-2024-23250 (An access issue was addressed with improved access restrictions. This  ...)
+	TODO: check
+CVE-2024-23249 (The issue was addressed with improved memory handling. This issue is f ...)
+	TODO: check
+CVE-2024-23248 (The issue was addressed with improved memory handling. This issue is f ...)
+	TODO: check
+CVE-2024-23247 (The issue was addressed with improved memory handling. This issue is f ...)
+	TODO: check
+CVE-2024-23246 (This issue was addressed by removing the vulnerable code. This issue i ...)
+	TODO: check
+CVE-2024-23245 (This issue was addressed by adding an additional prompt for user conse ...)
+	TODO: check
+CVE-2024-23244 (A logic issue was addressed with improved restrictions. This issue is  ...)
+	TODO: check
+CVE-2024-23242 (A privacy issue was addressed by not logging contents of text fields.  ...)
+	TODO: check
+CVE-2024-23241 (This issue was addressed through improved state management. This issue ...)
+	TODO: check
+CVE-2024-23240 (The issue was addressed with improved checks. This issue is fixed in i ...)
+	TODO: check
+CVE-2024-23239 (A race condition was addressed with improved state handling. This issu ...)
+	TODO: check
+CVE-2024-23238 (An access issue was addressed with improved access restrictions. This  ...)
+	TODO: check
+CVE-2024-23235 (A race condition was addressed with additional validation. This issue  ...)
+	TODO: check
+CVE-2024-23234 (An out-of-bounds write issue was addressed with improved input validat ...)
+	TODO: check
+CVE-2024-23233 (This issue was addressed with improved checks. This issue is fixed in  ...)
+	TODO: check
+CVE-2024-23232 (A privacy issue was addressed with improved handling of temporary file ...)
+	TODO: check
+CVE-2024-23231 (A privacy issue was addressed with improved private data redaction for ...)
+	TODO: check
+CVE-2024-23230 (This issue was addressed with improved file handling. This issue is fi ...)
+	TODO: check
+CVE-2024-23227 (This issue was addressed with improved redaction of sensitive informat ...)
+	TODO: check
+CVE-2024-23226 (The issue was addressed with improved memory handling. This issue is f ...)
+	TODO: check
+CVE-2024-23220 (The issue was addressed with improved handling of caches. This issue i ...)
+	TODO: check
+CVE-2024-23216 (A path handling issue was addressed with improved validation. This iss ...)
+	TODO: check
+CVE-2024-23205 (A privacy issue was addressed with improved private data redaction for ...)
+	TODO: check
+CVE-2024-23201 (A permissions issue was addressed with additional restrictions. This i ...)
+	TODO: check
+CVE-2024-1987 (The WP-Members Membership Plugin plugin for WordPress is vulnerable to ...)
+	TODO: check
+CVE-2024-1986 (The Booster Elite for WooCommerce plugin for WordPress is vulnerable t ...)
+	TODO: check
+CVE-2024-1851 (The affiliate-toolkit \u2013 WordPress Affiliate Plugin plugin for Wor ...)
+	TODO: check
+CVE-2024-1802 (The EmbedPress \u2013 Embed PDF, Google Docs, Vimeo, Wistia, Embed You ...)
+	TODO: check
+CVE-2024-0258 (The issue was addressed with improved memory handling. This issue is f ...)
+	TODO: check
+CVE-2023-46172 (IBM DS8900F HMC 89.21.19.0, 89.21.31.0, 89.30.68.0, 89.32.40.0, and 89 ...)
+	TODO: check
+CVE-2023-46171 (IBM DS8900F HMC 89.21.19.0, 89.21.31.0, 89.30.68.0, 89.32.40.0, and 89 ...)
+	TODO: check
+CVE-2023-46170 (IBM DS8900F HMC 89.21.19.0, 89.21.31.0, 89.30.68.0, 89.32.40.0, and 89 ...)
+	TODO: check
+CVE-2023-46169 (IBM DS8900F HMC 89.21.19.0, 89.21.31.0, 89.30.68.0, 89.32.40.0, and 89 ...)
+	TODO: check
+CVE-2023-28826 (This issue was addressed with improved redaction of sensitive informat ...)
+	TODO: check
 CVE-2024-2245 (Cross-Site Scripting vulnerability in moziloCMS version 2.0. By sendin ...)
 	NOT-FOR-US: moziloCMS
 CVE-2024-2241 (Improper access control in the user interface in Devolutions Workspace ...)
@@ -3472,10 +3690,12 @@ CVE-2024-25410 (flusity-CMS 2.33 is vulnerable to Unrestricted Upload of File wi
 CVE-2024-25344 (Cross Site Scripting vulnerability in ITFlow.org before commit v.43248 ...)
 	NOT-FOR-US: ITFlow.org
 CVE-2024-25082 (Splinefont in FontForge through 20230101 allows command injection via  ...)
+	{DLA-3754-1}
 	- fontforge <unfixed> (bug #1064967)
 	NOTE: https://github.com/fontforge/fontforge/pull/5367
 	NOTE: https://github.com/fontforge/fontforge/commit/216eb14b558df344b206bf82e2bdaf03a1f2f429
 CVE-2024-25081 (Splinefont in FontForge through 20230101 allows command injection via  ...)
+	{DLA-3754-1}
 	- fontforge <unfixed> (bug #1064967)
 	NOTE: https://github.com/fontforge/fontforge/pull/5367
 	NOTE: https://github.com/fontforge/fontforge/commit/216eb14b558df344b206bf82e2bdaf03a1f2f429
@@ -8454,7 +8674,7 @@ CVE-2024-24041 (A stored cross-site scripting (XSS) vulnerability in Travel Jour
 	NOT-FOR-US: Travel Journal Using PHP and MySQL
 CVE-2024-23978 (Heap-based buffer overflow vulnerability exists in HOME SPOT CUBE2 V10 ...)
 	NOT-FOR-US: HOME SPOT CUBE2
-CVE-2024-23746 (Miro Desktop 0.8.18 on macOS allows Electron code injection.)
+CVE-2024-23746 (Miro Desktop 0.8.18 on macOS allows code injection via a complex serie ...)
 	NOT-FOR-US: Miro Desktop
 CVE-2024-23052 (An issue in WuKongOpenSource WukongCRM v.72crm_9.0.1_20191202 allows a ...)
 	NOT-FOR-US: WuKongOpenSource WukongCRM
@@ -299330,6 +299550,7 @@ CVE-2020-5498
 CVE-2020-5497 (The OpenID Connect reference implementation for MITREid Connect throug ...)
 	NOT-FOR-US: MITREid Connect
 CVE-2020-5496 (FontForge 20190801 has a heap-based buffer overflow in the Type2NotDef ...)
+	{DLA-3754-1}
 	- fontforge 1:20201107~dfsg-1 (bug #948231)
 	[stretch] - fontforge <no-dsa> (Minor issue)
 	[jessie] - fontforge <no-dsa> (Minor issue)
@@ -299547,6 +299768,7 @@ CVE-2020-5397 (Spring Framework, versions 5.2.x prior to 5.2.3 are vulnerable to
 CVE-2020-5396 (VMware GemFire versions prior to 9.10.0, 9.9.2, 9.8.7, and 9.7.6, and  ...)
 	NOT-FOR-US: VMware
 CVE-2020-5395 (FontForge 20190801 has a use-after-free in SFD_GetFontMetaData in sfd. ...)
+	{DLA-3754-1}
 	- fontforge 1:20201107~dfsg-1 (bug #948231)
 	[stretch] - fontforge <no-dsa> (Minor issue)
 	[jessie] - fontforge <no-dsa> (Minor issue)
@@ -353306,8 +353528,8 @@ CVE-2019-6270
 	RESERVED
 CVE-2019-6269
 	RESERVED
-CVE-2019-6268
-	RESERVED
+CVE-2019-6268 (RAD SecFlow-2 devices with Hardware 0202, Firmware 4.1.01.63, and U-Bo ...)
+	TODO: check
 CVE-2019-6267 (The Premium WP Suite Easy Redirect Manager plugin 28.07-17 for WordPre ...)
 	NOT-FOR-US: Premium WP Suite Easy Redirect Manager plugin for WordPress
 CVE-2019-6266 (Cordaware bestinformed Microsoft Windows client before 6.2.1.0 is affe ...)



View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/79b2658e6301c44d8647cc799aae765a18fa648c

-- 
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/79b2658e6301c44d8647cc799aae765a18fa648c
You're receiving this email because of your account on salsa.debian.org.


-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://alioth-lists.debian.net/pipermail/debian-security-tracker-commits/attachments/20240308/879674dc/attachment.htm>