[Git][security-tracker-team/security-tracker][master] automatic update

[Salvatore Bonaccorso (@carnil)]

Salvatore Bonaccorso pushed to branch master at Debian Security Tracker / security-tracker


Commits:
c348e186 by security tracker role at 2024-03-24T08:11:41+00:00
automatic update

- - - - -


1 changed file:

- data/CVE/list


Changes:

=====================================
data/CVE/list
=====================================
@@ -1,3 +1,29 @@
+CVE-2024-30161 (In Qt before 6.5.6 and 6.6.x before 6.6.3, the wasm component may acce ...)
+	TODO: check
+CVE-2024-30156 (Varnish Cache before 7.3.2 and 7.4.x before 7.4.3 (and before 6.0.13 L ...)
+	TODO: check
+CVE-2024-2856 (A vulnerability, which was classified as critical, has been found in T ...)
+	TODO: check
+CVE-2024-2855 (A vulnerability classified as critical was found in Tenda AC15 15.03.0 ...)
+	TODO: check
+CVE-2024-2854 (A vulnerability classified as critical has been found in Tenda AC18 15 ...)
+	TODO: check
+CVE-2024-2853 (A vulnerability was found in Tenda AC10U 15.03.06.48/15.03.06.49. It h ...)
+	TODO: check
+CVE-2024-2852 (A vulnerability was found in Tenda AC15 15.03.20_multi. It has been de ...)
+	TODO: check
+CVE-2024-2851 (A vulnerability was found in Tenda AC15 15.03.05.18/15.03.20_multi. It ...)
+	TODO: check
+CVE-2024-2850 (A vulnerability was found in Tenda AC15 15.03.05.18 and classified as  ...)
+	TODO: check
+CVE-2024-24725 (Gibbon through 26.0.00 allows remote authenticated users to conduct PH ...)
+	TODO: check
+CVE-2024-23755 (ClickUp Desktop before 3.3.77 on macOS and Windows allows code injecti ...)
+	TODO: check
+CVE-2020-36827 (The XAO::Web module before 1.84 for Perl mishandles < and > characters ...)
+	TODO: check
+CVE-2018-25100 (The Mojolicious module before 7.66 for Perl may leak cookies in certai ...)
+	TODO: check
 CVE-2024-XXXX [possibility to reset password for suspended accounts]
 	- anope 2.0.15-1
 	NOTE: https://github.com/anope/anope/commit/2b7872139c40ea5b0ca96c1d6595b7d5f9fa60a5 (2.0.15)
@@ -9,7 +35,7 @@ CVE-2024-24835 (Missing Authorization vulnerability in realmag777 BEAR.This issu
 	NOT-FOR-US: WordPress plugin
 CVE-2024-24832 (Missing Authorization vulnerability in Metagauss EventPrime.This issue ...)
 	NOT-FOR-US: WordPress plugin
-CVE-2024-1603 (confirmed)
+CVE-2024-1603 (paddlepaddle/paddle 2.6.0 allows arbitrary file read via paddle.vision ...)
 	TODO: check
 CVE-2024-2832 (A vulnerability classified as problematic was found in Campcodes Onlin ...)
 	NOT-FOR-US: Campcodes Online Shopping System



View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/c348e186a10afd1123d022f2450bdf99a8741b2e

-- 
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/c348e186a10afd1123d022f2450bdf99a8741b2e
You're receiving this email because of your account on salsa.debian.org.


-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://alioth-lists.debian.net/pipermail/debian-security-tracker-commits/attachments/20240324/e1083f72/attachment-0001.htm>