[Git][security-tracker-team/security-tracker][master] automatic update

Salvatore Bonaccorso (@carnil) carnil at debian.org
Sat Mar 9 08:12:23 GMT 2024 


Salvatore Bonaccorso pushed to branch master at Debian Security Tracker / security-tracker


Commits:
7410c41d by security tracker role at 2024-03-09T08:12:09+00:00
automatic update

- - - - -


1 changed file:

- data/CVE/list


Changes:

=====================================
data/CVE/list
=====================================
@@ -1,3 +1,47 @@
+CVE-2024-2329 (A vulnerability was found in Netentsec NS-ASG Application Security Gat ...)
+	TODO: check
+CVE-2024-28754 (RaspAP (aka raspap-webgui) through 3.0.9 allows remote attackers to ca ...)
+	TODO: check
+CVE-2024-28753 (RaspAP (aka raspap-webgui) through 3.0.9 allows remote attackers to re ...)
+	TODO: check
+CVE-2024-28184 (WeasyPrint helps web developers to create PDF documents. Since version ...)
+	TODO: check
+CVE-2024-28180 (Package jose aims to provide an implementation of the Javascript Objec ...)
+	TODO: check
+CVE-2024-28176 (jose is JavaScript module for JSON Object Signing and Encryption, prov ...)
+	TODO: check
+CVE-2024-28123 (Wasmi is an efficient and lightweight WebAssembly interpreter with a f ...)
+	TODO: check
+CVE-2024-28122 (JWX is Go module implementing various JWx (JWA/JWE/JWK/JWS/JWT, otherw ...)
+	TODO: check
+CVE-2024-28089 (Hitron CODA-4582 2AHKM-CODA4589 7.2.4.5.1b8 devices allow a remote att ...)
+	TODO: check
+CVE-2024-25951 (A command injection vulnerability exists in local RACADM. A malicious  ...)
+	TODO: check
+CVE-2024-25501 (An issue WinMail v.7.1 and v.5.1 and before allows a remote attacker t ...)
+	TODO: check
+CVE-2024-1767 (The Blocksy theme for WordPress is vulnerable to Stored Cross-Site Scr ...)
+	TODO: check
+CVE-2024-1320 (The EventPrime \u2013 Events Calendar, Bookings and Tickets plugin for ...)
+	TODO: check
+CVE-2024-1125 (The EventPrime \u2013 Events Calendar, Bookings and Tickets plugin for ...)
+	TODO: check
+CVE-2024-1124 (The EventPrime \u2013 Events Calendar, Bookings and Tickets plugin for ...)
+	TODO: check
+CVE-2024-1123 (The EventPrime \u2013 Events Calendar, Bookings and Tickets plugin for ...)
+	TODO: check
+CVE-2023-50015 (An issue was discovered in Grandstream GXP14XX 1.0.8.9 and GXP16XX 1.0 ...)
+	TODO: check
+CVE-2023-49341 (An issue was discovered in Newland Nquire 1000 Interactive Kiosk versi ...)
+	TODO: check
+CVE-2023-49340 (An issue was discovered in Newland Nquire 1000 Interactive Kiosk versi ...)
+	TODO: check
+CVE-2023-46427 (An issue was discovered in gpac version 2.3-DEV-rev588-g7edc40fee-mast ...)
+	TODO: check
+CVE-2023-46426 (Heap-based Buffer Overflow vulnerability in gpac version 2.3-DEV-rev58 ...)
+	TODO: check
+CVE-2023-32264 (CWE-1385 vulnerability in OpenText Documentum D2 affecting versions16. ...)
+	TODO: check
 CVE-2024-2339 (PostgreSQL Anonymizer v1.2 contains a vulnerability  that allows a use ...)
 	NOT-FOR-US: PostgreSQL Anonymizer
 CVE-2024-2338 (PostgreSQL Anonymizer v1.2 contains a SQL injection vulnerability that ...)
@@ -2369,7 +2413,7 @@ CVE-2024-26559 (An issue in uverif v.2.0 allows a remote attacker to obtain sens
 	NOT-FOR-US: uverif
 CVE-2024-26476 (An issue in open-emr before v.7.0.2 allows a remote attacker to escala ...)
 	NOT-FOR-US: OpenEMR
-CVE-2024-26450 (Cross Site Scripting vulnerability in Piwigo before v.14.2.0 allows a  ...)
+CVE-2024-26450 (An issue exists within Piwigo before v.14.2.0 allowing a malicious use ...)
 	- piwigo <removed>
 CVE-2024-25869 (An Unrestricted File Upload vulnerability in CodeAstro Membership Mana ...)
 	NOT-FOR-US: CodeAstro
@@ -3287,7 +3331,7 @@ CVE-2024-27099 (The uAMQP is a C library for AMQP 1.0 communication to Azure Clo
 	NOTE: https://github.com/Azure/azure-uamqp-c/commit/2ca42b6e4e098af2d17e487814a91d05f6ae4987
 CVE-2024-26473 (A reflected cross-site scripting (XSS) vulnerability in SocialMediaWeb ...)
 	NOT-FOR-US: SocialMediaWebsite
-CVE-2024-26472 (A reflected cross-site scripting (XSS) vulnerability in SocialMediaWeb ...)
+CVE-2024-26472 (KLiK SocialMediaWebsite version 1.0.1 from msaad1999 has a reflected c ...)
 	NOT-FOR-US: SocialMediaWebsite
 CVE-2024-26471 (A reflected cross-site scripting (XSS) vulnerability in zhimengzhe iBa ...)
 	NOT-FOR-US: zhimengzhe iBarn
@@ -6589,7 +6633,8 @@ CVE-2024-1354 (A command injection vulnerability was identified in GitHub Enterp
 	NOT-FOR-US: GitHub Enterprise Server
 CVE-2024-1309 (Uncontrolled Resource Consumption vulnerability in Honeywell Niagara F ...)
 	NOT-FOR-US: Honeywell
-CVE-2024-1216 (Twister Antivirus v8.17 is vulnerable to a Denial of Service vulnerabi ...)
+CVE-2024-1216
+	REJECTED
 	NOT-FOR-US: Twister Antivirus
 CVE-2024-1163 (Uncontrolled Resource Consumption in GitHub repository mbloch/mapshape ...)
 	NOT-FOR-US: mapshaper
@@ -6601,7 +6646,7 @@ CVE-2024-1157 (The Bold Page Builder plugin for WordPress is vulnerable to Store
 	NOT-FOR-US: WordPress plugin
 CVE-2024-1140 (Twister Antivirus v8.17 is vulnerable to an Out-of-bounds Read vulnera ...)
 	NOT-FOR-US: Twister Antivirus
-CVE-2024-1096 (Twister Antivirus v8.17 allows Elevation of Privileges on the computer ...)
+CVE-2024-1096 (Twister Antivirus v8.17 is vulnerable to a Denial of Service vulnerabi ...)
 	NOT-FOR-US: Twister Antivirus
 CVE-2024-1084 (Cross-site Scripting in thetag name pattern field in the tag protectio ...)
 	NOT-FOR-US: GitHub Enterprise Server



View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/7410c41d1800b5a3b57fe11bc6f5e6aae1ad8736

-- 
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/7410c41d1800b5a3b57fe11bc6f5e6aae1ad8736
You're receiving this email because of your account on salsa.debian.org.


-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://alioth-lists.debian.net/pipermail/debian-security-tracker-commits/attachments/20240309/2c206731/attachment.htm>

More information about the debian-security-tracker-commits mailing list