[Git][security-tracker-team/security-tracker][master] automatic update

Salvatore Bonaccorso (@carnil) carnil at debian.org
Thu Oct 24 21:12:54 BST 2024 


Salvatore Bonaccorso pushed to branch master at Debian Security Tracker / security-tracker


Commits:
9d2ca2eb by security tracker role at 2024-10-24T20:12:46+00:00
automatic update

- - - - -


1 changed file:

- data/CVE/list


Changes:

=====================================
data/CVE/list
=====================================
@@ -1,4 +1,134 @@
-CVE-2024-10295
+CVE-2024-9692 (VIMESA VHF/FM Transmitter Blue Plus is suffering from a Denial-of-Serv ...)
+	TODO: check
+CVE-2024-9650 (The WP Recipe Maker plugin for WordPress is vulnerable to Stored Cross ...)
+	TODO: check
+CVE-2024-9214 (The Extra Product Options Builder for WooCommerce plugin for WordPress ...)
+	TODO: check
+CVE-2024-8959 (The WP Adminify \u2013 Custom WordPress Dashboard, Login and Admin Cus ...)
+	TODO: check
+CVE-2024-8717 (The PDF Flipbook, 3D Flipbook, PDF embed, PDF viewer \u2013 DearFlip p ...)
+	TODO: check
+CVE-2024-8312 (An issue has been discovered in GitLab CE/EE affecting all versions fr ...)
+	TODO: check
+CVE-2024-6826 (An issue has been discovered in GitLab CE/EE affecting all versions fr ...)
+	TODO: check
+CVE-2024-5608 (Zohocorp ManageEngine ADAudit Plus versions below 8121 are vulnerable  ...)
+	TODO: check
+CVE-2024-49703 (Improper Neutralization of Input During Web Page Generation (XSS or 'C ...)
+	TODO: check
+CVE-2024-49702 (Improper Neutralization of Input During Web Page Generation (XSS or 'C ...)
+	TODO: check
+CVE-2024-49696 (Improper Neutralization of Input During Web Page Generation (XSS or 'C ...)
+	TODO: check
+CVE-2024-49695 (Improper Neutralization of Input During Web Page Generation (XSS or 'C ...)
+	TODO: check
+CVE-2024-49693 (Improper Neutralization of Input During Web Page Generation (XSS or 'C ...)
+	TODO: check
+CVE-2024-49691 (Improper Neutralization of Special Elements used in an SQL Command ('S ...)
+	TODO: check
+CVE-2024-49683 (Missing Authorization vulnerability in Schema & Structured Data for WP ...)
+	TODO: check
+CVE-2024-49682 (URL Redirection to Untrusted Site ('Open Redirect') vulnerability in s ...)
+	TODO: check
+CVE-2024-49681 (Improper Neutralization of Special Elements used in an SQL Command ('S ...)
+	TODO: check
+CVE-2024-48548 (The APK file in Cloud Smart Lock v2.0.1 has a leaked a URL that can ca ...)
+	TODO: check
+CVE-2024-48547 (Incorrect access control in the firmware update and download processes ...)
+	TODO: check
+CVE-2024-48546 (Incorrect access control in the firmware update and download processes ...)
+	TODO: check
+CVE-2024-48545 (Incorrect access control in the firmware update and download processes ...)
+	TODO: check
+CVE-2024-48544 (Incorrect access control in the firmware update and download processes ...)
+	TODO: check
+CVE-2024-48542 (Incorrect access control in the firmware update and download processes ...)
+	TODO: check
+CVE-2024-48541 (Incorrect access control in the firmware update and download processes ...)
+	TODO: check
+CVE-2024-48540 (Incorrect access control in XIAO HE Smart 4.3.1 allows attackers to ac ...)
+	TODO: check
+CVE-2024-48539 (Neye3C v4.5.2.0 was discovered to contain a hardcoded encryption key i ...)
+	TODO: check
+CVE-2024-48538 (Incorrect access control in the firmware update and download processes ...)
+	TODO: check
+CVE-2024-48514 (php-heic-to-jpg <= 1.0.5 is vulnerable to remote code execution. An at ...)
+	TODO: check
+CVE-2024-48454 (An issue in SourceCodester Purchase Order Management System v1.0 allow ...)
+	TODO: check
+CVE-2024-48442 (Incorrect access control in Shenzhen Tuoshi Network Communications Co. ...)
+	TODO: check
+CVE-2024-48441 (Wuhan Tianyu Information Industry Co., Ltd Tianyu CPE Router CommonCPE ...)
+	TODO: check
+CVE-2024-48440 (Shenzhen Tuoshi Network Communications Co.,Ltd 5G CPE Router NR500-EA  ...)
+	TODO: check
+CVE-2024-48427 (A SQL injection vulnerability in Sourcecodester Packers and Movers Man ...)
+	TODO: check
+CVE-2024-48145 (A prompt injection vulnerability in the chatbox of Netangular Technolo ...)
+	TODO: check
+CVE-2024-48144 (A prompt injection vulnerability in the chatbox of Fusion Chat Chat AI ...)
+	TODO: check
+CVE-2024-48143 (A lack of rate limiting in the OTP validation component of Digitory Mu ...)
+	TODO: check
+CVE-2024-48142 (A prompt injection vulnerability in the chatbox of Butterfly Effect Li ...)
+	TODO: check
+CVE-2024-48141 (A prompt injection vulnerability in the chatbox of Zhipu AI CodeGeeX v ...)
+	TODO: check
+CVE-2024-48140 (A prompt injection vulnerability in the chatbox of Butterfly Effect Li ...)
+	TODO: check
+CVE-2024-48139 (A prompt injection vulnerability in the chatbox of Blackbox AI v1.3.95 ...)
+	TODO: check
+CVE-2024-47173 (Aimeos is an e-commerce framework. All SaaS and marketplace setups usi ...)
+	TODO: check
+CVE-2024-46998 (baserCMS is a website development framework. Versions prior to 5.1.2 h ...)
+	TODO: check
+CVE-2024-46996 (baserCMS is a website development framework. Versions prior to 5.1.2 h ...)
+	TODO: check
+CVE-2024-46995 (baserCMS is a website development framework. Versions prior to 5.1.2 h ...)
+	TODO: check
+CVE-2024-46994 (baserCMS is a website development framework. Versions prior to 5.1.2 h ...)
+	TODO: check
+CVE-2024-46478 (HTMLDOC v1.9.18 contains a buffer overflow in parse_pre function,ps-pd ...)
+	TODO: check
+CVE-2024-45259 (An issue was discovered on certain GL-iNet devices, including MT6000,  ...)
+	TODO: check
+CVE-2024-45242 (EnGenius ENH1350EXT A8J-ENH1350EXT devices through 3.9.3.2_c1.9.51 all ...)
+	TODO: check
+CVE-2024-45031 (When editing objects in the Syncope Console, incomplete HTML tags coul ...)
+	TODO: check
+CVE-2024-44206 (An issue in the handling of URL protocols was addressed with improved  ...)
+	TODO: check
+CVE-2024-44205 (A privacy issue was addressed with improved private data redaction for ...)
+	TODO: check
+CVE-2024-44185 (The issue was addressed with improved checks. This issue is fixed in t ...)
+	TODO: check
+CVE-2024-44141 (The issue was addressed with improved checks. This issue is fixed in m ...)
+	TODO: check
+CVE-2024-40810 (An out-of-bounds write issue was addressed with improved input validat ...)
+	TODO: check
+CVE-2024-38314 (IBM Maximo Application Suite - Monitor Component 8.10, 8.11, and 9.0 c ...)
+	TODO: check
+CVE-2024-10338 (A vulnerability classified as critical was found in SourceCodeHero Clo ...)
+	TODO: check
+CVE-2024-10337 (A vulnerability classified as critical has been found in SourceCodeHer ...)
+	TODO: check
+CVE-2024-10336 (A vulnerability was found in SourceCodeHero Clothes Recommendation Sys ...)
+	TODO: check
+CVE-2024-10335 (A vulnerability was found in SourceCodester Garbage Collection Managem ...)
+	TODO: check
+CVE-2024-10332 (A Cross-Site Scripting vulnerability has been found in Janto v4.3r11 f ...)
+	TODO: check
+CVE-2024-10331 (A vulnerability, which was classified as critical, has been found in P ...)
+	TODO: check
+CVE-2024-10313 (iniNet Solutions SpiderControl SCADA PC HMI Editor has a path traversa ...)
+	TODO: check
+CVE-2024-10180 (The Contact Form 7 \u2013 Repeatable Fields plugin for WordPress is vu ...)
+	TODO: check
+CVE-2024-10176 (The Compact WP Audio Player plugin for WordPress is vulnerable to Stor ...)
+	TODO: check
+CVE-2024-10050 (The Elementor Header & Footer Builder plugin for WordPress is vulnerab ...)
+	TODO: check
+CVE-2024-10295 (A flaw was found in Gateway. Sending a non-base64 'basic' auth with sp ...)
 	NOT-FOR-US: 3scale API Gateway
 CVE-2024-9943 (The MultiVendorX \u2013 The Ultimate WooCommerce Multivendor Marketpla ...)
 	NOT-FOR-US: WordPress plugin
@@ -92970,7 +93100,7 @@ CVE-2023-46847 (Squid is vulnerable to a Denial of Service,  where a remote atta
 	NOTE: https://github.com/squid-cache/squid/security/advisories/GHSA-phqj-m8gv-cq4g
 	NOTE: https://github.com/squid-cache/squid/commit/052cf082b0faaef4eaaa4e94119d7a1437aac4a3
 	NOTE: https://megamansec.github.io/Squid-Security-Audit/digest-overflow.html
-CVE-2023-5824 (Squid is vulnerable to Denial of Service attack against HTTP and HTTPS ...)
+CVE-2023-5824 (A flaw was found in Squid. The limits applied for validation of HTTP r ...)
 	- squid 6.5-1 (bug #1055249)
 	[bookworm] - squid <ignored> (Minor impact, too intrusive to backport to 5.x)
 	[bullseye] - squid <ignored> (Minor impact, too intrusive to backport to 5.x)



View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/9d2ca2eb0f99cc24fd5ac056f4170e2bff13f852

-- 
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/9d2ca2eb0f99cc24fd5ac056f4170e2bff13f852
You're receiving this email because of your account on salsa.debian.org.


-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://alioth-lists.debian.net/pipermail/debian-security-tracker-commits/attachments/20241024/75d3edc1/attachment.htm>

More information about the debian-security-tracker-commits mailing list