[Git][security-tracker-team/security-tracker][master] automatic update

Salvatore Bonaccorso (@carnil) carnil at debian.org
Thu Mar 28 08:11:51 GMT 2024 


Salvatore Bonaccorso pushed to branch master at Debian Security Tracker / security-tracker


Commits:
6328760a by security tracker role at 2024-03-28T08:11:37+00:00
automatic update

- - - - -


1 changed file:

- data/CVE/list


Changes:

=====================================
data/CVE/list
=====================================
@@ -1,3 +1,209 @@
+CVE-2024-3024 (A vulnerability was found in appneta tcpreplay up to 4.4.4. It has bee ...)
+	TODO: check
+CVE-2024-3015 (A vulnerability classified as critical was found in SourceCodester Sim ...)
+	TODO: check
+CVE-2024-3014 (A vulnerability classified as critical has been found in SourceCodeste ...)
+	TODO: check
+CVE-2024-3013 (A vulnerability was found in FLIR AX8 up to 1.46.16. It has been rated ...)
+	TODO: check
+CVE-2024-3012 (A vulnerability was found in Tenda FH1205 2.0.0.7(775). It has been de ...)
+	TODO: check
+CVE-2024-3011 (A vulnerability was found in Tenda FH1205 2.0.0.7(775). It has been cl ...)
+	TODO: check
+CVE-2024-3010 (A vulnerability was found in Tenda FH1205 2.0.0.7(775) and classified  ...)
+	TODO: check
+CVE-2024-3009 (A vulnerability has been found in Tenda FH1205 2.0.0.7(775) and classi ...)
+	TODO: check
+CVE-2024-3008 (A vulnerability, which was classified as critical, was found in Tenda  ...)
+	TODO: check
+CVE-2024-3007 (A vulnerability, which was classified as critical, has been found in T ...)
+	TODO: check
+CVE-2024-3006 (A vulnerability classified as critical was found in Tenda FH1205 2.0.0 ...)
+	TODO: check
+CVE-2024-3004 (A vulnerability was found in code-projects Online Book System 1.0 and  ...)
+	TODO: check
+CVE-2024-3003 (A vulnerability has been found in code-projects Online Book System 1.0 ...)
+	TODO: check
+CVE-2024-3002 (A vulnerability, which was classified as critical, was found in code-p ...)
+	TODO: check
+CVE-2024-3001 (A vulnerability, which was classified as critical, has been found in c ...)
+	TODO: check
+CVE-2024-3000 (A vulnerability classified as critical was found in code-projects Onli ...)
+	TODO: check
+CVE-2024-30245 (Improper Neutralization of Special Elements used in an SQL Command ('S ...)
+	TODO: check
+CVE-2024-30244 (Improper Neutralization of Special Elements used in an SQL Command ('S ...)
+	TODO: check
+CVE-2024-30243 (Improper Neutralization of Special Elements used in an SQL Command ('S ...)
+	TODO: check
+CVE-2024-30242 (Improper Neutralization of Special Elements used in an SQL Command ('S ...)
+	TODO: check
+CVE-2024-30241 (Improper Neutralization of Special Elements used in an SQL Command ('S ...)
+	TODO: check
+CVE-2024-30240 (Improper Neutralization of Special Elements used in an SQL Command ('S ...)
+	TODO: check
+CVE-2024-30239 (Improper Neutralization of Special Elements used in an SQL Command ('S ...)
+	TODO: check
+CVE-2024-30237 (Improper Neutralization of Special Elements used in an SQL Command ('S ...)
+	TODO: check
+CVE-2024-30236 (Improper Neutralization of Special Elements used in an SQL Command ('S ...)
+	TODO: check
+CVE-2024-30230 (Deserialization of Untrusted Data vulnerability in Acowebs PDF Invoice ...)
+	TODO: check
+CVE-2024-30229 (Deserialization of Untrusted Data vulnerability in GiveWP.This issue a ...)
+	TODO: check
+CVE-2024-30228 (Deserialization of Untrusted Data vulnerability in Hercules Design Her ...)
+	TODO: check
+CVE-2024-30227 (Deserialization of Untrusted Data vulnerability in INFINITUM FORM Geo  ...)
+	TODO: check
+CVE-2024-30226 (Deserialization of Untrusted Data vulnerability in WPDeveloper BetterD ...)
+	TODO: check
+CVE-2024-30225 (Deserialization of Untrusted Data vulnerability in WPENGINE, INC. WP M ...)
+	TODO: check
+CVE-2024-30224 (Deserialization of Untrusted Data vulnerability in Wholesale Team Whol ...)
+	TODO: check
+CVE-2024-30223 (Deserialization of Untrusted Data vulnerability in Repute Infosystems  ...)
+	TODO: check
+CVE-2024-30222 (Deserialization of Untrusted Data vulnerability in Repute Infosystems  ...)
+	TODO: check
+CVE-2024-30221 (Deserialization of Untrusted Data vulnerability in WP Sunshine Sunshin ...)
+	TODO: check
+CVE-2024-30200 (Improper Neutralization of Input During Web Page Generation ('Cross-si ...)
+	TODO: check
+CVE-2024-2999 (A vulnerability classified as critical has been found in Campcodes Onl ...)
+	TODO: check
+CVE-2024-2998 (A vulnerability was found in Bdtask Multi-Store Inventory Management S ...)
+	TODO: check
+CVE-2024-2997 (A vulnerability was found in Bdtask Multi-Store Inventory Management S ...)
+	TODO: check
+CVE-2024-2890 (Unrestricted Upload of File with Dangerous Type vulnerability in Tumul ...)
+	TODO: check
+CVE-2024-2818 (An issue has been discovered in GitLab CE/EE affecting all versions be ...)
+	TODO: check
+CVE-2024-2111 (The Events Manager \u2013 Calendar, Bookings, Tickets, and more! plugi ...)
+	TODO: check
+CVE-2024-2110 (The Events Manager \u2013 Calendar, Bookings, Tickets, and more! plugi ...)
+	TODO: check
+CVE-2024-2091 (The Elementor Addon Elements plugin for WordPress is vulnerable to Sto ...)
+	TODO: check
+CVE-2024-29241 (Missing authorization vulnerability in System webapi component in Syno ...)
+	TODO: check
+CVE-2024-29240 (Missing authorization vulnerability in LayoutSave webapi component in  ...)
+	TODO: check
+CVE-2024-29239 (Improper neutralization of special elements used in an SQL command ('S ...)
+	TODO: check
+CVE-2024-29238 (Improper neutralization of special elements used in an SQL command ('S ...)
+	TODO: check
+CVE-2024-29237 (Improper neutralization of special elements used in an SQL command ('S ...)
+	TODO: check
+CVE-2024-29236 (Improper neutralization of special elements used in an SQL command ('S ...)
+	TODO: check
+CVE-2024-29235 (Improper neutralization of special elements used in an SQL command ('S ...)
+	TODO: check
+CVE-2024-29234 (Improper neutralization of special elements used in an SQL command ('S ...)
+	TODO: check
+CVE-2024-29233 (Improper neutralization of special elements used in an SQL command ('S ...)
+	TODO: check
+CVE-2024-29232 (Improper neutralization of special elements used in an SQL command ('S ...)
+	TODO: check
+CVE-2024-29231 (Improper validation of array index vulnerability in UserPrivilege.Enum ...)
+	TODO: check
+CVE-2024-29230 (Improper neutralization of special elements used in an SQL command ('S ...)
+	TODO: check
+CVE-2024-29229 (Missing authorization vulnerability in GetLiveViewPath webapi componen ...)
+	TODO: check
+CVE-2024-29228 (Missing authorization vulnerability in GetStmUrlPath webapi component  ...)
+	TODO: check
+CVE-2024-29227 (Improper neutralization of special elements used in an SQL command ('S ...)
+	TODO: check
+CVE-2024-29100 (Unrestricted Upload of File with Dangerous Type vulnerability in Jordy ...)
+	TODO: check
+CVE-2024-29090 (Server-Side Request Forgery (SSRF) vulnerability in Jordy Meow AI Engi ...)
+	TODO: check
+CVE-2024-28016 (Improper Access Controlvulnerability in NEC Corporation Aterm WG1800HP ...)
+	TODO: check
+CVE-2024-28015 (Improper Neutralization of Special Elements used in an OS Command vuln ...)
+	TODO: check
+CVE-2024-28014 (Stack-based Buffer Overflow vulnerability in NEC Corporation Aterm WG1 ...)
+	TODO: check
+CVE-2024-28013 (Use of Insufficiently Random Values vulnerability in NEC Corporation A ...)
+	TODO: check
+CVE-2024-28012 (Improper authentication vulnerability in NEC Corporation Aterm WG1800H ...)
+	TODO: check
+CVE-2024-28011 (Hidden Functionality vulnerability in NEC Corporation Aterm WG1800HP4, ...)
+	TODO: check
+CVE-2024-28010 (Use of Hard-coded Password in NEC Corporation Aterm WG1800HP4, WG1200H ...)
+	TODO: check
+CVE-2024-28009 (Improper authentication vulnerability in NEC Corporation Aterm WG1800H ...)
+	TODO: check
+CVE-2024-28008 (Active Debug Code in NEC Corporation Aterm WG1800HP4, WG1200HS3, WG190 ...)
+	TODO: check
+CVE-2024-28007 (Improper authentication vulnerability in NEC Corporation Aterm WG1800H ...)
+	TODO: check
+CVE-2024-28006 (Improper authentication vulnerability in NEC Corporation Aterm WG1800H ...)
+	TODO: check
+CVE-2024-28005 (Aterm WG1800HP4, WG1200HS3, WG1900HP2, WG1200HP3, WG1800HP3, WG1200HS2 ...)
+	TODO: check
+CVE-2024-28004 (Missing Authorization vulnerability in ExtendThemes Colibri Page Build ...)
+	TODO: check
+CVE-2024-28003 (Missing Authorization vulnerability in Megamenu Max Mega Menu.This iss ...)
+	TODO: check
+CVE-2024-28002 (Improper Neutralization of Input During Web Page Generation ('Cross-si ...)
+	TODO: check
+CVE-2024-28001 (Improper Neutralization of Input During Web Page Generation ('Cross-si ...)
+	TODO: check
+CVE-2024-27999 (Improper Neutralization of Input During Web Page Generation ('Cross-si ...)
+	TODO: check
+CVE-2024-25924 (Improper Neutralization of Special Elements used in an SQL Command ('S ...)
+	TODO: check
+CVE-2024-25923 (Insertion of Sensitive Information into Log File vulnerability in Peep ...)
+	TODO: check
+CVE-2024-25599 (Improper Neutralization of Input During Web Page Generation ('Cross-si ...)
+	TODO: check
+CVE-2024-25354 (RegEx Denial of Service in domain-suffix 1.0.8 allows attackers to cra ...)
+	TODO: check
+CVE-2024-23500 (Server-Side Request Forgery (SSRF) vulnerability in Kadence WP Gutenbe ...)
+	TODO: check
+CVE-2024-22138 (Insertion of Sensitive Information into Log File vulnerability in Sera ...)
+	TODO: check
+CVE-2024-1770 (The Meta Tag Manager plugin for WordPress is vulnerable to PHP Object  ...)
+	TODO: check
+CVE-2024-0980 (The Auto-update service for Okta Verify for Windows is vulnerable to t ...)
+	TODO: check
+CVE-2024-0677 (The Pz-LinkCard WordPress plugin through 2.5.1 does not prevent users  ...)
+	TODO: check
+CVE-2024-0673 (The Pz-LinkCard WordPress plugin through 2.5.1 does not sanitise and e ...)
+	TODO: check
+CVE-2024-0672 (The Pz-LinkCard WordPress plugin through 2.5.1 does not sanitise and e ...)
+	TODO: check
+CVE-2024-0079 (NVIDIA GPU Display Driver for Windows and Linux contains a vulnerabili ...)
+	TODO: check
+CVE-2024-0077 (NVIDIA Virtual GPU Manager contains a vulnerability in the vGPU plugin ...)
+	TODO: check
+CVE-2024-0073 (NVIDIA GPU Display Driver for Windows contains a vulnerability in the  ...)
+	TODO: check
+CVE-2024-0071 (NVIDIA GPU Display Driver for Windows contains a vulnerability in the  ...)
+	TODO: check
+CVE-2023-6371 (An issue has been discovered in GitLab CE/EE affecting all versions be ...)
+	TODO: check
+CVE-2023-52628 (In the Linux kernel, the following vulnerability has been resolved:  n ...)
+	TODO: check
+CVE-2023-52234 (Exposure of Sensitive Information to an Unauthorized Actor vulnerabili ...)
+	TODO: check
+CVE-2023-52231 (Exposure of Sensitive Information to an Unauthorized Actor vulnerabili ...)
+	TODO: check
+CVE-2023-50374 (Server-Side Request Forgery (SSRF) vulnerability in NiteoThemes CMP \u ...)
+	TODO: check
+CVE-2023-47438 (SQL Injection vulnerability in Reportico Till 8.1.0 allows attackers t ...)
+	TODO: check
+CVE-2023-39313 (Server-Side Request Forgery (SSRF) vulnerability in ThemeFusion Avada. ...)
+	TODO: check
+CVE-2023-39309 (Improper Neutralization of Special Elements used in an SQL Command ('S ...)
+	TODO: check
+CVE-2023-36679 (Server-Side Request Forgery (SSRF) vulnerability in Brainstorm Force S ...)
+	TODO: check
+CVE-2023-34370 (Server-Side Request Forgery (SSRF) vulnerability in Brainstorm Force S ...)
+	TODO: check
 CVE-2024-30238 (Improper Neutralization of Special Elements used in an SQL Command ('S ...)
 	NOT-FOR-US: WordPress plugin
 CVE-2024-30186 (Improper Neutralization of Input During Web Page Generation ('Cross-si ...)
@@ -7148,7 +7354,7 @@ CVE-2023-52486 (In the Linux kernel, the following vulnerability has been resolv
 CVE-2023-52485 (In the Linux kernel, the following vulnerability has been resolved:  d ...)
 	- linux 6.7.7-1
 	NOTE: https://git.kernel.org/linus/8892780834ae294bc3697c7d0e056d7743900b39 (6.8-rc1)
-CVE-2024-0074
+CVE-2024-0074 (NVIDIA GPU Display Driver for Linux contains a vulnerability where an  ...)
 	[experimental] - nvidia-graphics-drivers 535.161.07-1
 	- nvidia-graphics-drivers <unfixed> (bug #1064983)
 	[bookworm] - nvidia-graphics-drivers <no-dsa> (Non-free not supported)
@@ -7193,7 +7399,7 @@ CVE-2024-42265
 	[bookworm] - nvidia-graphics-drivers-tesla-470 <no-dsa> (Non-free not supported)
 	[bullseye] - nvidia-graphics-drivers-tesla-470 <no-dsa> (Non-free not supported)
 	NOTE: https://nvidia.custhelp.com/app/answers/detail/a_id/5520
-CVE-2024-0078
+CVE-2024-0078 (NVIDIA GPU Display Driver for Windows and Linux contains a vulnerabili ...)
 	[experimental] - nvidia-graphics-drivers 535.161.07-1
 	- nvidia-graphics-drivers <unfixed> (bug #1064983)
 	[bookworm] - nvidia-graphics-drivers <no-dsa> (Non-free not supported)
@@ -7218,7 +7424,7 @@ CVE-2024-0078
 	- nvidia-open-gpu-kernel-modules <unfixed> (bug #1064991)
 	[bookworm] - nvidia-open-gpu-kernel-modules <no-dsa> (Contrib not supported)
 	NOTE: https://nvidia.custhelp.com/app/answers/detail/a_id/5520
-CVE-2024-0075
+CVE-2024-0075 (NVIDIA GPU Display Driver for Windows and Linux contains a vulnerabili ...)
 	[experimental] - nvidia-graphics-drivers 535.161.07-1
 	- nvidia-graphics-drivers <unfixed> (bug #1064983)
 	[bookworm] - nvidia-graphics-drivers <no-dsa> (Non-free not supported)
@@ -8862,7 +9068,7 @@ CVE-2024-25730 (Hitron CODA-4582 and CODA-4589 devices have default PSKs that ar
 	NOT-FOR-US: Hitron CODA-4582 and CODA-4589 devices
 CVE-2024-25469 (SQL Injection vulnerability in CRMEB crmeb_java v.1.3.4 and before all ...)
 	NOT-FOR-US: CRMEB crmeb_java
-CVE-2024-24681 (Insecure AES key in Yealink Configuration Encrypt Tool below verrsion  ...)
+CVE-2024-24681 (An issue was discovered in Yealink Configuration Encrypt Tool (AES ver ...)
 	NOT-FOR-US: Yealink
 CVE-2024-24310 (In the module "Generate barcode on invoice / delivery slip" (ecgenerat ...)
 	NOT-FOR-US: PrestaShop module
@@ -78662,8 +78868,8 @@ CVE-2023-23651 (Auth. (subscriber+) SQL Injection (SQLi) vulnerability in MainWP
 	NOT-FOR-US: WordPress plugin
 CVE-2023-23650 (Auth. (subscriber+) Stored Cross-Site Scripting (XSS) vulnerability in ...)
 	NOT-FOR-US: WordPress plugin
-CVE-2023-23649
-	RESERVED
+CVE-2023-23649 (Deserialization of Untrusted Data vulnerability in MainWP MainWP Links ...)
+	TODO: check
 CVE-2023-23648
 	RESERVED
 CVE-2023-23647 (Auth. (author+) Stored Cross-Site Scripting (XSS) vulnerability in Sk. ...)
@@ -92036,8 +92242,8 @@ CVE-2022-45852
 	RESERVED
 CVE-2022-45851 (Missing Authorization vulnerability in ShareThis ShareThis Dashboard f ...)
 	NOT-FOR-US: WordPress plugin
-CVE-2022-45850
-	RESERVED
+CVE-2022-45850 (Cross-Site Request Forgery (CSRF) vulnerability in Nickys Image Map Pr ...)
+	TODO: check
 CVE-2022-45849 (Auth. (subscriber+) Reflected Cross-Site Scripting (XSS) vulnerability ...)
 	NOT-FOR-US: WordPress plugin
 CVE-2022-45848 (Unauth. Stored Cross-Site Scripting (XSS) vulnerability inContest Gall ...)



View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/6328760a5b3cc06611e91474b4e70d89c39c1e33

-- 
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/6328760a5b3cc06611e91474b4e70d89c39c1e33
You're receiving this email because of your account on salsa.debian.org.


-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://alioth-lists.debian.net/pipermail/debian-security-tracker-commits/attachments/20240328/db9af066/attachment-0001.htm>

More information about the debian-security-tracker-commits mailing list