[Git][security-tracker-team/security-tracker][master] automatic update

Salvatore Bonaccorso (@carnil) carnil at debian.org
Mon Oct 21 09:12:03 BST 2024 


Salvatore Bonaccorso pushed to branch master at Debian Security Tracker / security-tracker


Commits:
0f069165 by security tracker role at 2024-10-21T08:11:56+00:00
automatic update

- - - - -


1 changed file:

- data/CVE/list


Changes:

=====================================
data/CVE/list
=====================================
@@ -1,3 +1,23 @@
+CVE-2024-8625 (The TS Poll  WordPress plugin before 2.4.0 does not sanitize and escap ...)
+	TODO: check
+CVE-2024-49215 (An issue was discovered in Sangoma Asterisk through 18.20.0, 19.x and  ...)
+	TODO: check
+CVE-2024-43689 (Stack-based buffer overflow vulnerability exists in WAB-I1750-PS and W ...)
+	TODO: check
+CVE-2024-10202 (Administrative Management System from Wellchoose has an OS Command Inj ...)
+	TODO: check
+CVE-2024-10201 (Administrative Management System from Wellchoose does not properly val ...)
+	TODO: check
+CVE-2024-10200 (Administrative Management System from Wellchoose has a Path Traversal  ...)
+	TODO: check
+CVE-2024-10199 (A vulnerability was found in code-projects Pharmacy Management System  ...)
+	TODO: check
+CVE-2024-10198 (A vulnerability was found in code-projects Pharmacy Management System  ...)
+	TODO: check
+CVE-2024-10197 (A vulnerability was found in code-projects Pharmacy Management System  ...)
+	TODO: check
+CVE-2024-10196 (A vulnerability was found in code-projects Pharmacy Management System  ...)
+	TODO: check
 CVE-2024-49629 (Cross-Site Request Forgery (CSRF) vulnerability in Fahad Mahmood Endle ...)
 	TODO: check
 CVE-2024-49628 (Cross-Site Request Forgery (CSRF) vulnerability in WhileTrue Most And  ...)
@@ -347,7 +367,7 @@ CVE-2024-33453 (Buffer Overflow vulnerability in esp-idf v.5.1 allows a remote a
 CVE-2024-30875 (Cross Site Scripting vulnerability in JavaScript Library jquery-ui v.1 ...)
 	- jqueryui <unfixed> (bug #1085379)
 	NOTE: https://github.com/Ant1sec-ops/CVE-2024-30875
-CVE-2024-27766 (An issue in MYSQL MariaDB v.11.1 allows a remote attacker to execute a ...)
+CVE-2024-27766 (An issue in MariaDB v.11.1 allows a remote attacker to execute arbitra ...)
 	NOTE: Dubious mysql/mariadb issue, reached out to upstream
 CVE-2024-10119 (The wireless router WRTM326 from SECOM does not properly validate a sp ...)
 	NOT-FOR-US: SECOM
@@ -379,7 +399,7 @@ CVE-2023-6055 (A vulnerability has been identified in Bitdefender Total Security
 	NOT-FOR-US: Bitdefender
 CVE-2023-49567 (A vulnerability has been identified in the Bitdefender Total Security  ...)
 	NOT-FOR-US: Bitdefender
-CVE-2023-39593 (Insecure permissions in the sys_exec function of Oracle MYSQL MariaDB  ...)
+CVE-2023-39593 (Insecure permissions in the sys_exec function of MariaDB v10.5 allows  ...)
 	NOTE: Dubious mysql/mariadb issue, reached out to upstream
 CVE-2024-9898 (The Parallax Image plugin for WordPress is vulnerable to Stored Cross- ...)
 	NOT-FOR-US: WordPress plugin
@@ -9579,6 +9599,7 @@ CVE-2024-44587 (itsourcecode Alton Management System 1.0 is vulnerable to SQL In
 CVE-2024-42885 (SQL Injection vulnerability in ESAFENET CDG 5.6 and before allows an a ...)
 	NOT-FOR-US: ESAFENET CDG
 CVE-2024-42491 (Asterisk is an open-source private branch exchange (PBX). Prior to ver ...)
+	{DLA-3925-1}
 	- asterisk 1:20.9.3~dfsg+~cs6.14.60671435-1
 	NOTE: https://github.com/asterisk/asterisk/security/advisories/GHSA-v428-g3cw-7hv9
 	NOTE: https://github.com/asterisk/asterisk/commit/50bf8d4d3064930d28ecf1ce3397b14574d514d2 (18.24.3)
@@ -16038,6 +16059,7 @@ CVE-2024-42408 (The InfoScan client download page can be intercepted with a prox
 CVE-2024-42366 (VRCX is an assistant/companion application for VRChat. In versions pri ...)
 	NOT-FOR-US: VRCX
 CVE-2024-42365 (Asterisk is an open source private branch exchange (PBX) and telephony ...)
+	{DLA-3925-1}
 	- asterisk 1:20.9.3~dfsg+~cs6.14.60671435-1 (bug #1078574)
 	NOTE: https://github.com/asterisk/asterisk/security/advisories/GHSA-c4cg-9275-6w44
 	NOTE: https://github.com/asterisk/asterisk/commit/b4063bf756272254b160b6d1bd6e9a3f8e16cc71 (21.4.2)



View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/0f0691657dd1476252bf3d720a3d303b97f0523d

-- 
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/0f0691657dd1476252bf3d720a3d303b97f0523d
You're receiving this email because of your account on salsa.debian.org.


-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://alioth-lists.debian.net/pipermail/debian-security-tracker-commits/attachments/20241021/58731c06/attachment.htm>

More information about the debian-security-tracker-commits mailing list