[Git][security-tracker-team/security-tracker][master] automatic update

Salvatore Bonaccorso (@carnil) carnil at debian.org
Fri Mar 22 08:12:23 GMT 2024 


Salvatore Bonaccorso pushed to branch master at Debian Security Tracker / security-tracker


Commits:
80f3dc92 by security tracker role at 2024-03-22T08:12:12+00:00
automatic update

- - - - -


1 changed file:

- data/CVE/list


Changes:

=====================================
data/CVE/list
=====================================
@@ -1,3 +1,125 @@
+CVE-2024-2817 (A vulnerability, which was classified as problematic, has been found i ...)
+	TODO: check
+CVE-2024-2816 (A vulnerability classified as problematic was found in Tenda AC15 15.0 ...)
+	TODO: check
+CVE-2024-2815 (A vulnerability classified as critical has been found in Tenda AC15 15 ...)
+	TODO: check
+CVE-2024-2814 (A vulnerability was found in Tenda AC15 15.03.20_multi. It has been ra ...)
+	TODO: check
+CVE-2024-2813 (A vulnerability was found in Tenda AC15 15.03.20_multi. It has been de ...)
+	TODO: check
+CVE-2024-2812 (A vulnerability was found in Tenda AC15 15.03.05.18/15.03.20_multi. It ...)
+	TODO: check
+CVE-2024-2811 (A vulnerability was found in Tenda AC15 15.03.20_multi and classified  ...)
+	TODO: check
+CVE-2024-2810 (A vulnerability has been found in Tenda AC15 15.03.05.18/15.03.20_mult ...)
+	TODO: check
+CVE-2024-2809 (A vulnerability, which was classified as critical, was found in Tenda  ...)
+	TODO: check
+CVE-2024-2808 (A vulnerability, which was classified as critical, has been found in T ...)
+	TODO: check
+CVE-2024-2807 (A vulnerability classified as critical was found in Tenda AC15 15.03.0 ...)
+	TODO: check
+CVE-2024-2806 (A vulnerability classified as critical has been found in Tenda AC15 15 ...)
+	TODO: check
+CVE-2024-2805 (A vulnerability was found in Tenda AC15 15.03.05.18/15.03.20_multi. It ...)
+	TODO: check
+CVE-2024-2780 (A vulnerability was found in Campcodes Online Marriage Registration Sy ...)
+	TODO: check
+CVE-2024-2779 (A vulnerability was found in Campcodes Online Marriage Registration Sy ...)
+	TODO: check
+CVE-2024-2778 (A vulnerability was found in Campcodes Online Marriage Registration Sy ...)
+	TODO: check
+CVE-2024-2777 (A vulnerability has been found in Campcodes Online Marriage Registrati ...)
+	TODO: check
+CVE-2024-2776 (A vulnerability, which was classified as critical, was found in Campco ...)
+	TODO: check
+CVE-2024-2775 (A vulnerability, which was classified as problematic, has been found i ...)
+	TODO: check
+CVE-2024-2774 (A vulnerability classified as critical was found in Campcodes Online M ...)
+	TODO: check
+CVE-2024-2773 (A vulnerability classified as problematic has been found in Campcodes  ...)
+	TODO: check
+CVE-2024-2770 (A vulnerability was found in Campcodes Complete Online Beauty Parlor M ...)
+	TODO: check
+CVE-2024-2769 (A vulnerability was found in Campcodes Complete Online Beauty Parlor M ...)
+	TODO: check
+CVE-2024-2768 (A vulnerability was found in Campcodes Complete Online Beauty Parlor M ...)
+	TODO: check
+CVE-2024-2767 (A vulnerability was found in Campcodes Complete Online Beauty Parlor M ...)
+	TODO: check
+CVE-2024-2766 (A vulnerability has been found in Campcodes Complete Online Beauty Par ...)
+	TODO: check
+CVE-2024-2764 (A vulnerability, which was classified as critical, was found in Tenda  ...)
+	TODO: check
+CVE-2024-2763 (A vulnerability, which was classified as critical, has been found in T ...)
+	TODO: check
+CVE-2024-2500 (The ColorMag theme for WordPress is vulnerable to Stored Cross-Site Sc ...)
+	TODO: check
+CVE-2024-2453 (There is an SQL injection vulnerability in Advantech WebAccess/SCADA s ...)
+	TODO: check
+CVE-2024-2392 (The Blocksy Companion plugin for WordPress is vulnerable to Stored Cro ...)
+	TODO: check
+CVE-2024-2080 (The LiquidPoll \u2013 Polls, Surveys, NPS and Feedback Reviews plugin  ...)
+	TODO: check
+CVE-2024-29275 (SQL injection vulnerability in SeaCMS version 12.9, allows remote unau ...)
+	TODO: check
+CVE-2024-29273 (There is Stored Cross-Site Scripting (XSS) in dzzoffice 2.02.1 SC UTF8 ...)
+	TODO: check
+CVE-2024-29272 (Arbitrary File Upload vulnerability in VvvebJs before version 1.7.5, a ...)
+	TODO: check
+CVE-2024-29271 (Reflected Cross-Site Scripting (XSS) vulnerability in VvvebJs before v ...)
+	TODO: check
+CVE-2024-29031 (Meshery is an open source, cloud native manager that enables the desig ...)
+	TODO: check
+CVE-2024-28891 (SQL injection vulnerability exists in the script Handler_CFG.ashx.)
+	TODO: check
+CVE-2024-28863 (node-tar is a Tar for Node.js. node-tar prior to version 6.2.1 has no  ...)
+	TODO: check
+CVE-2024-28756 (The SolarEdge mySolarEdge application before 2.20.1 for Android has a  ...)
+	TODO: check
+CVE-2024-28521 (SQL Injection vulnerability in Netcome NS-ASG Application Security Gat ...)
+	TODO: check
+CVE-2024-28441 (File Upload vulnerability in magicflue v.7.0 and before allows a remot ...)
+	TODO: check
+CVE-2024-28171 (It is possible to perform a path traversal attack and write outside of ...)
+	TODO: check
+CVE-2024-28119 (Grav is an open-source, flat-file content management system. Prior to  ...)
+	TODO: check
+CVE-2024-28118 (Grav is an open-source, flat-file content management system. Prior to  ...)
+	TODO: check
+CVE-2024-28117 (Grav is an open-source, flat-file content management system. Prior to  ...)
+	TODO: check
+CVE-2024-28116 (Grav is an open-source, flat-file content management system. Grav CMS  ...)
+	TODO: check
+CVE-2024-28045 (Improper neutralization of input within the affected product could lea ...)
+	TODO: check
+CVE-2024-28040 (SQL injection vulnerability exists in GetDIAE_astListParameters.)
+	TODO: check
+CVE-2024-28029 (Privileges are not fully verified server-side, which can be abused by  ...)
+	TODO: check
+CVE-2024-27921 (Grav is an open-source, flat-file content management system. A file up ...)
+	TODO: check
+CVE-2024-26557 (Codiad v2.8.4 allows reflected XSS via the components/market/dialog.ph ...)
+	TODO: check
+CVE-2024-25937 (SQL injection vulnerability exists in the script DIAE_tagHandler.ashx.)
+	TODO: check
+CVE-2024-25808 (Cross-site Request Forgery (CSRF) vulnerability in Lychee version 3.1. ...)
+	TODO: check
+CVE-2024-25807 (Cross Site Scripting (XSS) vulnerability in Lychee 3.1.6, allows remot ...)
+	TODO: check
+CVE-2024-25567 (Path traversal attack is possible and write outside of the intended di ...)
+	TODO: check
+CVE-2024-24272 (An issue in iTop DualSafe Password Manager & Digital Vault before 1.4. ...)
+	TODO: check
+CVE-2024-23975 (SQL injection vulnerability exists in GetDIAE_slogListParameters.)
+	TODO: check
+CVE-2024-23494 (SQL injection vulnerability exists in GetDIAE_unListParameters.)
+	TODO: check
+CVE-2024-0957 (The WooCommerce PDF Invoices, Packing Slips, Delivery Notes and Shippi ...)
+	TODO: check
+CVE-2023-42954 (A privilege escalation issue existed in FileMaker Server, potentially  ...)
+	TODO: check
 CVE-2024-2742 (Operating system command injection vulnerability in Planet IGS-4215-16 ...)
 	NOT-FOR-US: Planet IGS-4215-16T2S
 CVE-2024-2741 (Cross-Site Request Forgery (CSRF) vulnerability in Planet IGS-4215-16T ...)
@@ -1560,7 +1682,7 @@ CVE-2023-51474 (Cross-Site Request Forgery (CSRF) vulnerability in Pixelemu Terr
 	NOT-FOR-US: WordPress plugin
 CVE-2023-51407 (Cross-Site Request Forgery (CSRF) vulnerability in Rocket Elements Spl ...)
 	NOT-FOR-US: WordPress plugin
-CVE-2023-36483 (An authorization bypass was discovered in the Carrier MASmobile Classi ...)
+CVE-2023-36483 (Authorization bypass can be achieved by session ID prediction in MASmo ...)
 	NOT-FOR-US: Carrier applications
 CVE-2021-47135 (In the Linux kernel, the following vulnerability has been resolved:  m ...)
 	- linux <not-affected> (Vulnerable code not present)
@@ -5800,7 +5922,7 @@ CVE-2024-27948 (Cross-Site Request Forgery (CSRF) vulnerability in bytesforall A
 	NOT-FOR-US: bytesforall Atahualpa
 CVE-2024-27517 (Webasyst 2.9.9 has a Cross-Site Scripting (XSS) vulnerability, Attacke ...)
 	NOT-FOR-US: Webasyst
-CVE-2024-27516 (livehelperchat 4.28v is vulnerable to Server-Side Template Injection ( ...)
+CVE-2024-27516 (Server-Side Template Injection (SSTI) vulnerability in livehelperchat  ...)
 	NOT-FOR-US: livehelperchat
 CVE-2024-27515 (Osclass 5.1.2 is vulnerable to SQL Injection.)
 	NOT-FOR-US: Osclass



View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/80f3dc92b3c66098e69d053cef5bb0852c3d8a99

-- 
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/80f3dc92b3c66098e69d053cef5bb0852c3d8a99
You're receiving this email because of your account on salsa.debian.org.


-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://alioth-lists.debian.net/pipermail/debian-security-tracker-commits/attachments/20240322/39b6dac4/attachment-0001.htm>

More information about the debian-security-tracker-commits mailing list