[Git][security-tracker-team/security-tracker][master] automatic update

Salvatore Bonaccorso (@carnil) carnil at debian.org
Wed Oct 30 20:12:45 GMT 2024 


Salvatore Bonaccorso pushed to branch master at Debian Security Tracker / security-tracker


Commits:
d9fec77d by security tracker role at 2024-10-30T20:12:38+00:00
automatic update

- - - - -


1 changed file:

- data/CVE/list


Changes:

=====================================
data/CVE/list
=====================================
@@ -1,3 +1,97 @@
+CVE-2024-9419 (Client / Server PCs with the HP Smart Universal Printing Driver instal ...)
+	TODO: check
+CVE-2024-9388 (The Black Widgets For Elementor plugin for WordPress is vulnerable to  ...)
+	TODO: check
+CVE-2024-9110 (A medium severity vulnerability has been identified within Privileged  ...)
+	TODO: check
+CVE-2024-8512 (The W3SPEEDSTER plugin for WordPress is vulnerable to Remote Code Exec ...)
+	TODO: check
+CVE-2024-51304 (In Draytek Vigor3900 1.5.1.3, attackers can inject malicious commands  ...)
+	TODO: check
+CVE-2024-51301 (In Draytek Vigor3900 1.5.1.3, attackers can inject malicious commands  ...)
+	TODO: check
+CVE-2024-51300 (In Draytek Vigor3900 1.5.1.3, attackers can inject malicious commands  ...)
+	TODO: check
+CVE-2024-51299 (In Draytek Vigor3900 1.5.1.3, attackers can inject malicious commands  ...)
+	TODO: check
+CVE-2024-51298 (In Draytek Vigor3900 1.5.1.3, attackers can inject malicious commands  ...)
+	TODO: check
+CVE-2024-51296 (In Draytek Vigor3900 1.5.1.3, attackers can inject malicious commands  ...)
+	TODO: check
+CVE-2024-51258 (DrayTek Vigor3900 1.5.1.3 allows attackers to inject malicious command ...)
+	TODO: check
+CVE-2024-51257 (DrayTek Vigor3900 1.5.1.3 allows attackers to inject malicious command ...)
+	TODO: check
+CVE-2024-50419 (Incorrect Authorization vulnerability in Wpsoul Greenshift \u2013 anim ...)
+	TODO: check
+CVE-2024-50353 (ICG.AspNetCore.Utilities.CloudStorage is a collection of cloud storage ...)
+	TODO: check
+CVE-2024-50344 (I, Librarian is an open-source version of a PDF managing SaaS. Supplem ...)
+	TODO: check
+CVE-2024-48648 (A Reflected Cross-Site Scripting (XSS) vulnerability exists in the Sag ...)
+	TODO: check
+CVE-2024-48647 (A file disclosure vulnerability exists in Sage 1000 v7.0.0. This vulne ...)
+	TODO: check
+CVE-2024-48646 (An Unrestricted File Upload vulnerability exists in Sage 1000 v7.0.0,  ...)
+	TODO: check
+CVE-2024-48569 (Proactive Risk Manager version 9.1.1.0 is affected by multiple Cross-S ...)
+	TODO: check
+CVE-2024-48272 (D-Link DSL6740C v6.TR069.20211230 was discovered to use an insecure de ...)
+	TODO: check
+CVE-2024-48271 (D-Link DSL6740C v6.TR069.20211230 was discovered to use insecure defau ...)
+	TODO: check
+CVE-2024-48241 (An issue in radare2 v5.8.0 through v5.9.4 allows a local attacker to c ...)
+	TODO: check
+CVE-2024-48214 (KERUI HD 3MP 1080P Tuya Camera 1.0.4 has a command injection vulnerabi ...)
+	TODO: check
+CVE-2024-48202 (icecms <=3.4.7 has a File Upload vulnerability in FileUtils.java,uploa ...)
+	TODO: check
+CVE-2024-46531 (phpgurukul Vehicle Record Management System v1.0 was discovered to con ...)
+	TODO: check
+CVE-2024-42041 (The com.videodownload.browser.videodownloader (aka AppTool-Browser-Vid ...)
+	TODO: check
+CVE-2024-3935 (In Eclipse Mosquito, versions from 2.0.0 through 2.0.18, if a Mosquitt ...)
+	TODO: check
+CVE-2024-37573 (The Talkatone com.talkatone.android application 8.4.6 for Android enab ...)
+	TODO: check
+CVE-2024-36060 (EnGenius EnStation5-AC A8J-ENS500AC 1.0.0 devices allow blind OS comma ...)
+	TODO: check
+CVE-2024-33700 (The LevelOne WBR-6012 router firmware R0.40e6 suffers from an input va ...)
+	TODO: check
+CVE-2024-33699 (The LevelOne WBR-6012 router's web application has a vulnerability in  ...)
+	TODO: check
+CVE-2024-33626 (The LevelOne WBR-6012 router contains a vulnerability within its web a ...)
+	TODO: check
+CVE-2024-33623 (A denial of service vulnerability exists in the Web Application functi ...)
+	TODO: check
+CVE-2024-33603 (The LevelOne WBR-6012 router has an information disclosure vulnerabili ...)
+	TODO: check
+CVE-2024-32946 (A vulnerability in the LevelOne WBR-6012 router's firmware version R0. ...)
+	TODO: check
+CVE-2024-31975 (EnGenius ESR580 devices through 1.1.30 allow a remote attacker to cond ...)
+	TODO: check
+CVE-2024-31973 (Hitron CODA-4582 2AHKM-CODA4589 7.2.4.5.1b8 devices allow a remote att ...)
+	TODO: check
+CVE-2024-31972 (EnGenius ESR580 A8J-EMR5000 devices allow a remote attacker to conduct ...)
+	TODO: check
+CVE-2024-31152 (The LevelOne WBR-6012 router with firmware R0.40e6 is vulnerable to im ...)
+	TODO: check
+CVE-2024-31151 (A security flaw involving hard-coded credentials in LevelOne WBR-6012' ...)
+	TODO: check
+CVE-2024-28875 (A security flaw involving hard-coded credentials in LevelOne WBR-6012' ...)
+	TODO: check
+CVE-2024-28052 (The WBR-6012 is a wireless SOHO router. It is a low-cost device which  ...)
+	TODO: check
+CVE-2024-24777 (A cross-site request forgery (CSRF) vulnerability exists in the Web Ap ...)
+	TODO: check
+CVE-2024-23309 (The LevelOne WBR-6012 router with firmware R0.40e6 has an authenticati ...)
+	TODO: check
+CVE-2024-10546 (A vulnerability classified as critical was found in open-scratch Teach ...)
+	TODO: check
+CVE-2024-10525 (In Eclipse Mosquitto, from version 1.3.2 through 2.0.18, if a maliciou ...)
+	TODO: check
+CVE-2024-10456 (Delta Electronics InfraSuite Device Master versions prior to 1.0.12 ar ...)
+	TODO: check
 CVE-2024-XXXX [buffer overflow involving "Frankenstein streams"]
 	- mpg123 1.32.8-1 (bug #1086443)
 	NOTE: https://www.openwall.com/lists/oss-security/2024/10/30/2
@@ -30176,7 +30270,7 @@ CVE-2024-29953 (A vulnerability in the web interface in Brocade Fabric OS before
 	NOT-FOR-US: Brocade
 CVE-2024-29177 (Dell PowerProtect DD, versions prior to 8.0, LTS 7.13.1.0, LTS 7.10.1. ...)
 	NOT-FOR-US: Dell
-CVE-2024-29176 (Dell PowerProtect DD, versions prior to 8.0, LTS 7.13.1.0, LTS 7.10.1. ...)
+CVE-2024-29176 (Dell PowerProtect DD, version(s) 8.0, 7.13.1.0, 7.10.1.30, 7.7.5.40, c ...)
 	NOT-FOR-US: Dell
 CVE-2024-29175 (Dell PowerProtect Data Domain, versions prior to 7.13.0.0, LTS 7.7.5.4 ...)
 	NOT-FOR-US: Dell
@@ -73268,7 +73362,7 @@ CVE-2024-24690 (Improper input validation in some Zoom clients may allow an auth
 	NOT-FOR-US: Zoom
 CVE-2024-24142 (Sourcecodester School Task Manager 1.0 allows SQL Injection via the 's ...)
 	NOT-FOR-US: Sourcecodester School Task Manager
-CVE-2024-22455 (Dell E-Lab Navigator, [3.1.9, 3.2.0], contains an Insecure Direct Obje ...)
+CVE-2024-22455 (Dell Mobility - E-Lab Navigator, version(s) 3.1.9, 3.2.0, contain(s) a ...)
 	NOT-FOR-US: Dell
 CVE-2024-1485 (A flaw was found in the decompression function of registry-support. Th ...)
 	NOT-FOR-US: OpenShift



View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/d9fec77d10a3daa2de1e612bc85c535c189f9f7e

-- 
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/d9fec77d10a3daa2de1e612bc85c535c189f9f7e
You're receiving this email because of your account on salsa.debian.org.


-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://alioth-lists.debian.net/pipermail/debian-security-tracker-commits/attachments/20241030/54de2943/attachment.htm>

More information about the debian-security-tracker-commits mailing list