[Git][security-tracker-team/security-tracker][master] automatic update

Sun Nov 17 08:12:09 GMT 2024


Salvatore Bonaccorso pushed to branch master at Debian Security Tracker / security-tracker


Commits:
29ae162b by security tracker role at 2024-11-17T08:12:02+00:00
automatic update

- - - - -


1 changed file:

- data/CVE/list


Changes:

=====================================
data/CVE/list
=====================================
@@ -1,3 +1,47 @@
+CVE-2024-52876 (Holy Stone Remote ID Module HSRID01, firmware distributed with the Dro ...)
+	TODO: check
+CVE-2024-52872 (In Flagsmith before 2.134.1, the get_document endpoint is not correctl ...)
+	TODO: check
+CVE-2024-52871 (In Flagsmith before 2.134.1, it is possible to bypass the ALLOW_REGIST ...)
+	TODO: check
+CVE-2024-52416 (Missing Authorization vulnerability in Eugen Bobrowski Debug Tool allo ...)
+	TODO: check
+CVE-2024-52415 (Cross-Site Request Forgery (CSRF) vulnerability in Skpstorm SK WP Sett ...)
+	TODO: check
+CVE-2024-52414 (Deserialization of Untrusted Data vulnerability in Anthony Carbon WDES ...)
+	TODO: check
+CVE-2024-52413 (Deserialization of Untrusted Data vulnerability in DMC Airin Blog allo ...)
+	TODO: check
+CVE-2024-52412 (Deserialization of Untrusted Data vulnerability in Stephen Cui Xin all ...)
+	TODO: check
+CVE-2024-52411 (Deserialization of Untrusted Data vulnerability in Flowcraft UX Design ...)
+	TODO: check
+CVE-2024-52410 (Deserialization of Untrusted Data vulnerability in Phoenixheart Referr ...)
+	TODO: check
+CVE-2024-52409 (Deserialization of Untrusted Data vulnerability in Phan An AJAX Random ...)
+	TODO: check
+CVE-2024-52408 (Unrestricted Upload of File with Dangerous Type vulnerability in Team  ...)
+	TODO: check
+CVE-2024-52407 (Unrestricted Upload of File with Dangerous Type vulnerability in codeS ...)
+	TODO: check
+CVE-2024-52406 (Unrestricted Upload of File with Dangerous Type vulnerability in Wiber ...)
+	TODO: check
+CVE-2024-52405 (Unrestricted Upload of File with Dangerous Type vulnerability in Bikra ...)
+	TODO: check
+CVE-2024-52404 (Unrestricted Upload of File with Dangerous Type vulnerability in Bigfi ...)
+	TODO: check
+CVE-2024-52403 (Unrestricted Upload of File with Dangerous Type vulnerability in WPExp ...)
+	TODO: check
+CVE-2024-52400 (Unrestricted Upload of File with Dangerous Type vulnerability in Subha ...)
+	TODO: check
+CVE-2024-52399 (Unrestricted Upload of File with Dangerous Type vulnerability in Clari ...)
+	TODO: check
+CVE-2024-52398 (Unrestricted Upload of File with Dangerous Type vulnerability in Halyr ...)
+	TODO: check
+CVE-2024-52397 (Unrestricted Upload of File with Dangerous Type vulnerability in Davor ...)
+	TODO: check
+CVE-2024-52386 (Improper Control of Filename for Include/Require Statement in PHP Prog ...)
+	TODO: check
 CVE-2024-9938 (The Bounce Handler MailPoet 3 plugin for WordPress is vulnerable to Re ...)
 	NOT-FOR-US: WordPress plugin
 CVE-2024-9935 (The PDF Generator Addon for Elementor Page Builder plugin for WordPres ...)
@@ -4507,7 +4551,8 @@ CVE-2024-10731 (A vulnerability, which was classified as critical, was found in
 	NOT-FOR-US: Tongda OA
 CVE-2024-10730 (A vulnerability, which was classified as critical, has been found in T ...)
 	NOT-FOR-US: Tongda OA
-CVE-2024-52867 [Guix build user takeover vulnerability]
+CVE-2024-52867 (guix-daemon in GNU Guix before 5ab3c4c allows privilege escalation bec ...)
+	{DSA-5805-1}
 	- guix 1.4.0-8
 	NOTE: https://guix.gnu.org/en/blog/2024/build-user-takeover-vulnerability/
 	NOTE: Fixed by: https://git.savannah.gnu.org/cgit/guix.git/commit/?id=558224140dab669cabdaebabff18504a066c48d4
@@ -5621,6 +5666,7 @@ CVE-2024-50334 (Scoold is a Q&A and a knowledge sharing platform for teams. A se
 CVE-2024-50052 (Mattermost versions 9.10.x <= 9.10.2, 9.11.x <= 9.11.1, 9.5.x <= 9.5.9 ...)
 	- mattermost-server <itp> (bug #823556)
 CVE-2024-49769 (Waitress is a Web Server Gateway Interface server for Python 2 and 3.  ...)
+	{DLA-3955-1}
 	- waitress 3.0.1-1 (bug #1086468)
 	NOTE: https://github.com/Pylons/waitress/security/advisories/GHSA-3f84-rpwh-47g6
 	NOTE: https://github.com/Pylons/waitress/issues/418



View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/29ae162bd969432520479233e07788eeaf3e87c7

-- 
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/29ae162bd969432520479233e07788eeaf3e87c7
You're receiving this email because of your account on salsa.debian.org.


-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://alioth-lists.debian.net/pipermail/debian-security-tracker-commits/attachments/20241117/9fa1b119/attachment.htm>
