[Git][security-tracker-team/security-tracker][master] automatic update

[Salvatore Bonaccorso (@carnil)]

Salvatore Bonaccorso pushed to branch master at Debian Security Tracker / security-tracker


Commits:
21838b5e by security tracker role at 2024-03-14T08:12:09+00:00
automatic update

- - - - -


1 changed file:

- data/CVE/list


Changes:

=====================================
data/CVE/list
=====================================
@@ -1,3 +1,81 @@
+CVE-2024-2242 (The Contact Form 7 plugin for WordPress is vulnerable to Reflected Cro ...)
+	TODO: check
+CVE-2024-2079 (The WPBakery Page Builder Addons by Livemesh plugin for WordPress is v ...)
+	TODO: check
+CVE-2024-28662 (A Cross Site Scripting vulnerability exists in Piwigo before 14.3.0 sc ...)
+	TODO: check
+CVE-2024-28391 (SQL injection vulnerability in FME Modules quickproducttable module fo ...)
+	TODO: check
+CVE-2024-28390 (An issue in Advanced Plugins ultimateimagetool module for PrestaShop b ...)
+	TODO: check
+CVE-2024-28388 (SQL injection vulnerability in SunnyToo stproductcomments module for P ...)
+	TODO: check
+CVE-2024-28251 (Querybook is a Big Data Querying UI, combining collocated table metada ...)
+	TODO: check
+CVE-2024-28193 (your_spotify is an open source, self hosted Spotify tracking dashboard ...)
+	TODO: check
+CVE-2024-28192 (your_spotify is an open source, self hosted Spotify tracking dashboard ...)
+	TODO: check
+CVE-2024-28175 (Argo CD is a declarative, GitOps continuous delivery tool for Kubernet ...)
+	TODO: check
+CVE-2024-27703 (Cross Site Scripting vulnerability in Leantime 3.0.6 allows a remote a ...)
+	TODO: check
+CVE-2024-27102 (Wings is the server control plane for Pterodactyl Panel. This vulnerab ...)
+	TODO: check
+CVE-2024-27097 (A user endpoint didn't perform filtering on an incoming parameter, whi ...)
+	TODO: check
+CVE-2024-25653 (Broken Access Control in the Report functionality of Delinea PAM Secre ...)
+	TODO: check
+CVE-2024-25652 (In Delinea PAM Secret Server 11.4, it is possible for a user (with acc ...)
+	TODO: check
+CVE-2024-25651 (User enumeration can occur in the Authentication REST API in Delinea P ...)
+	TODO: check
+CVE-2024-25650 (Insecure key exchange between Delinea PAM Secret Server 11.4 and the D ...)
+	TODO: check
+CVE-2024-25649 (In Delinea PAM Secret Server 11.4, it is possible for an attacker (wit ...)
+	TODO: check
+CVE-2024-25250 (SQL Injection vulnerability in code-projects Agro-School Management Sy ...)
+	TODO: check
+CVE-2024-25228 (Vinchin Backup and Recovery 7.2 and Earlier is vulnerable to Authentic ...)
+	TODO: check
+CVE-2024-24105 (SQL Injection vulnerability in Code-projects Computer Science Time Tab ...)
+	TODO: check
+CVE-2024-22398 (An improper Limitation of a Pathname to a Restricted Directory (Path T ...)
+	TODO: check
+CVE-2024-22397 (Improper Neutralization of Input During Web Page Generation ('Cross-si ...)
+	TODO: check
+CVE-2024-22396 (An Integer-based buffer overflow vulnerability in the SonicOS via IPSe ...)
+	TODO: check
+CVE-2024-22167 (A potential DLL hijacking vulnerability in the SanDisk PrivateAccess a ...)
+	TODO: check
+CVE-2024-1884 (This is a Server-Side Request Forgery (SSRF) vulnerability in the Pape ...)
+	TODO: check
+CVE-2024-1883 (This is a reflected cross site scripting vulnerability in the PaperCut ...)
+	TODO: check
+CVE-2024-1882 (This vulnerability allows an already authenticated admin user to creat ...)
+	TODO: check
+CVE-2024-1654 (This vulnerability potentially allows unauthorized write operations wh ...)
+	TODO: check
+CVE-2024-1223 (This vulnerability potentially allows unauthorized enumeration of info ...)
+	TODO: check
+CVE-2024-1222 (This allows attackers to use a maliciously formed API request to gain  ...)
+	TODO: check
+CVE-2024-1221 (This vulnerability potentially allows files on a PaperCut NG/MF server ...)
+	TODO: check
+CVE-2023-50726 (Argo CD is a declarative, GitOps continuous delivery tool for Kubernet ...)
+	TODO: check
+CVE-2023-41505 (An arbitrary file upload vulnerability in the Add Student's Profile Pi ...)
+	TODO: check
+CVE-2023-41504 (SQL Injection vulnerability in Student Enrollment In PHP 1.0 allows at ...)
+	TODO: check
+CVE-2023-38536 (HTML injection inOpenText\u2122Exceed Turbo X affecting version 12.5.1 ...)
+	TODO: check
+CVE-2023-38535 (Use of Hard-coded Cryptographic Key vulnerability inOpenText\u2122Exce ...)
+	TODO: check
+CVE-2023-38534 (Improper authentication vulnerability inOpenText\u2122Exceed Turbo X a ...)
+	TODO: check
+CVE-2023-36238 (Insecure Direct Object Reference (IDOR) in Bagisto v.1.5.1 allows an a ...)
+	TODO: check
 CVE-2024-2433 (An improper authorization vulnerability in Palo Alto Networks Panorama ...)
 	NOT-FOR-US: Palo Alto Networks
 CVE-2024-2432 (A privilege escalation (PE) vulnerability in the Palo Alto Networks Gl ...)
@@ -283744,8 +283822,8 @@ CVE-2019-20770 (An issue was discovered on LG mobile devices with Android OS 9.0
 	NOT-FOR-US: LG mobile devices
 CVE-2019-20769 (An issue was discovered in LG PC Suite for LG G3 and earlier (aka LG P ...)
 	NOT-FOR-US: LG PC Suite
-CVE-2020-11862
-	RESERVED
+CVE-2020-11862 (Allocation of Resources Without Limits or Throttling vulnerability in  ...)
+	TODO: check
 CVE-2020-11861 (Unauthorized escalation of local privileges vulnerability on Micro Foc ...)
 	NOT-FOR-US: Micro Focus
 CVE-2020-11860 (Cross-Site Scripting vulnerability on Micro Focus ArcSight Logger prod ...)



View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/21838b5ea505251a62c353afa4a521cb43e68dff

-- 
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/21838b5ea505251a62c353afa4a521cb43e68dff
You're receiving this email because of your account on salsa.debian.org.


-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://alioth-lists.debian.net/pipermail/debian-security-tracker-commits/attachments/20240314/1c8a268c/attachment-0001.htm>