[Git][security-tracker-team/security-tracker][master] automatic update

Sat Oct 19 21:12:16 BST 2024


Salvatore Bonaccorso pushed to branch master at Debian Security Tracker / security-tracker


Commits:
c119cdc0 by security tracker role at 2024-10-19T20:12:10+00:00
automatic update

- - - - -


1 changed file:

- data/CVE/list


Changes:

=====================================
data/CVE/list
=====================================
@@ -1,3 +1,29 @@
+CVE-2024-9897 (The StreamWeasels Twitch Integration plugin for WordPress is vulnerabl ...)
+	TODO: check
+CVE-2024-10154 (A vulnerability was found in PHPGurukul Boat Booking System 1.0 and cl ...)
+	TODO: check
+CVE-2024-10153 (A vulnerability has been found in PHPGurukul Boat Booking System 1.0 a ...)
+	TODO: check
+CVE-2024-10142 (A vulnerability has been found in code-projects Blood Bank System 1.0  ...)
+	TODO: check
+CVE-2024-10141 (A vulnerability, which was classified as problematic, was found in jsb ...)
+	TODO: check
+CVE-2024-10140 (A vulnerability, which was classified as critical, has been found in c ...)
+	TODO: check
+CVE-2024-10139 (A vulnerability classified as critical was found in code-projects Phar ...)
+	TODO: check
+CVE-2024-10138 (A vulnerability classified as critical has been found in code-projects ...)
+	TODO: check
+CVE-2024-10137 (A vulnerability was found in code-projects Pharmacy Management System  ...)
+	TODO: check
+CVE-2024-10136 (A vulnerability was found in code-projects Pharmacy Management System  ...)
+	TODO: check
+CVE-2024-10135 (A vulnerability was found in ESAFENET CDG 5. It has been classified as ...)
+	TODO: check
+CVE-2024-10134 (A vulnerability was found in ESAFENET CDG 5 and classified as critical ...)
+	TODO: check
+CVE-2024-10133 (A vulnerability has been found in ESAFENET CDG 5 and classified as cri ...)
+	TODO: check
 CVE-2024-9774
 	- python-sql 1.5.2-1
 	NOTE: https://discuss.tryton.org/t/security-release-for-issue-93
@@ -196939,7 +196965,7 @@ CVE-2022-30289 (A stored Cross-site Scripting (XSS) vulnerability was identified
 CVE-2022-30288 (Agoo before 2.14.3 does not reject GraphQL fragment spreads that form  ...)
 	NOT-FOR-US: Ruby gem agoo
 CVE-2022-30287 (Horde Groupware Webmail Edition through 5.2.22 allows a reflection inj ...)
-	{DLA-3090-1}
+	{DLA-3923-1 DLA-3090-1}
 	- php-horde-turba 4.2.25-6 (bug #1012279)
 	NOTE: https://blog.sonarsource.com/horde-webmail-rce-via-email/
 	NOTE: https://lists.horde.org/archives/horde/Week-of-Mon-20220530/059225.html
@@ -210321,7 +210347,7 @@ CVE-2022-0732 (The backend infrastructure shared by multiple mobile device monit
 CVE-2022-0731 (Improper Access Control (IDOR) in GitHub repository dolibarr/dolibarr  ...)
 	- dolibarr <removed>
 CVE-2022-26874 (lib/Horde/Mime/Viewer/Ooo.php in Horde Mime_Viewer before 2.2.4 allows ...)
-	{DLA-3089-1 DLA-3045-1}
+	{DLA-3924-1 DLA-3089-1 DLA-3045-1}
 	- php-horde-mime-viewer 2.2.4+debian0-1
 	NOTE: https://blog.sonarsource.com/horde-webmail-account-takeover-via-email/
 	NOTE: Introduced by: https://github.com/horde/Mime_Viewer/commit/325a7ae2663dd9c50e85fe515033454669f16f28



View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/c119cdc0d728713f8f21ed8608b5aaf09e52371e

-- 
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/c119cdc0d728713f8f21ed8608b5aaf09e52371e
You're receiving this email because of your account on salsa.debian.org.


-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://alioth-lists.debian.net/pipermail/debian-security-tracker-commits/attachments/20241019/28265d92/attachment.htm>
