[Git][security-tracker-team/security-tracker][master] automatic update

[Salvatore Bonaccorso (@carnil)]

Salvatore Bonaccorso pushed to branch master at Debian Security Tracker / 
security-tracker


Commits:
ad12f23c by security tracker role at 2024-04-05T08:11:40+00:00
automatic update

- - - - -


1 changed file:

- data/CVE/list


Changes:

=====================================
data/CVE/list
=====================================
@@ -1,3 +1,63 @@
+CVE-2024-3321 (A vulnerability classified as problematic has been found in 
SourceCode ...)
+       TODO: check
+CVE-2024-3320 (A vulnerability was found in SourceCodester eLearning System 
1.0. It h ...)
+       TODO: check
+CVE-2024-3316 (A vulnerability was found in SourceCodester Computer Laboratory 
Manage ...)
+       TODO: check
+CVE-2024-3315 (A vulnerability was found in SourceCodester Computer Laboratory 
Manage ...)
+       TODO: check
+CVE-2024-3314 (A vulnerability was found in SourceCodester Computer Laboratory 
Manage ...)
+       TODO: check
+CVE-2024-3311 (A vulnerability was found in Dreamer CMS up to 4.1.3.0. It has 
been de ...)
+       TODO: check
+CVE-2024-3217 (The WP Directory Kit plugin for WordPress is vulnerable to SQL 
Injecti ...)
+       TODO: check
+CVE-2024-31498 (ykman-gui (aka YubiKey Manager GUI) before 1.2.6 on Windows, 
when Edge ...)
+       TODO: check
+CVE-2024-31212 (InstantCMS is a free and open source content management 
system. A SQL  ...)
+       TODO: check
+CVE-2024-31211 (WordPress is an open publishing platform for the Web. 
Unserialization  ...)
+       TODO: check
+CVE-2024-31210 (WordPress is an open publishing platform for the Web. It's 
possible fo ...)
+       TODO: check
+CVE-2024-31206 (dectalk-tts is a Node package to interact with the aeiou 
Dectalk web A ...)
+       TODO: check
+CVE-2024-31204 (mailcow: dockerized is an open source groupware/email suite 
based on d ...)
+       TODO: check
+CVE-2024-30891 (A command injection vulnerability exists in /goform/exeCommand 
in Tend ...)
+       TODO: check
+CVE-2024-30849 (Arbitrary file upload vulnerability in Sourcecodester Complete 
E-Comme ...)
+       TODO: check
+CVE-2024-30270 (mailcow: dockerized is an open source groupware/email suite 
based on d ...)
+       TODO: check
+CVE-2024-30264 (Typebot is an open-source chatbot builder. A reflected 
cross-site scri ...)
+       TODO: check
+CVE-2024-2509 (The Gutenberg Blocks by Kadence Blocks  WordPress plugin before 
3.2.26 ...)
+       TODO: check
+CVE-2024-2115 (The LearnPress \u2013 WordPress LMS Plugin plugin for WordPress 
is vul ...)
+       TODO: check
+CVE-2024-29981 (Microsoft Edge (Chromium-based) Spoofing Vulnerability)
+       TODO: check
+CVE-2024-29863 (A race condition in the installer executable in Qlik Qlikview 
before v ...)
+       TODO: check
+CVE-2024-29672 (Directory Traversal vulnerability in zly2006 Reden before 
v.0.2.514 al ...)
+       TODO: check
+CVE-2024-29049 (Microsoft Edge (Chromium-based) Webview2 Spoofing 
Vulnerability)
+       TODO: check
+CVE-2024-27981 (A Command Injection vulnerability found in a Self-Hosted UniFi 
Network ...)
+       TODO: check
+CVE-2024-27448 (MailDev 2 through 2.1.0 allows Remote Code Execution via a 
crafted Con ...)
+       TODO: check
+CVE-2024-26329 (Chilkat before v9.5.0.98, allows attackers to obtain sensitive 
informa ...)
+       TODO: check
+CVE-2024-22363 (SheetJS Community Edition before 0.20.2 is vulnerable.to 
Regular Expre ...)
+       TODO: check
+CVE-2024-21894 (A heap overflow vulnerability in IPSec component of Ivanti 
Connect Sec ...)
+       TODO: check
+CVE-2023-5973 (Brocade  Web Interface in Brocade Fabric OS v9.x and before 
v9.2.0 doe ...)
+       TODO: check
+CVE-2023-52235 (SpaceX Starlink Wi-Fi router GEN 2 before 2023.53.0 and 
Starlink Dish  ...)
+       TODO: check
 CVE-2024-3299 (Out-Of-Bounds Write, Use of Uninitialized Resource and 
Use-After-Free  ...)
        NOT-FOR-US: Solidworks
 CVE-2024-3298 (Out-Of-Bounds Write and Type Confusion vulnerabilities exist in 
the fi ...)
@@ -7,7 +67,7 @@ CVE-2024-3262 (Information exposure vulnerability in RT 
software affecting versi
        - request-tracker5 <unfixed>
        NOTE: 
https://github.com/bestpractical/rt/commit/ea07e767eaef5b202e8883051616d09806b8b48a
        NOTE: 
https://github.com/bestpractical/rt/commit/468f86bd3e82c3b5b5ef7087d416a7509d4b1abe
-CVE-2024-3250 (It was discovered that Pebble's read-file API and the 
associated pebbl ...)
+CVE-2024-3250 (It was discovered that Canonical's Pebble service manager 
read-file AP ...)
        TODO: check
 CVE-2024-3116 (pgAdmin <= 8.4 is affected by a  Remote Code Execution (RCE) 
vulnerabi ...)
        - pgadmin4 <itp> (bug #834129)
@@ -374,7 +434,7 @@ CVE-2024-1418 (The CGC Maintenance Mode plugin for 
WordPress is vulnerable to Se
        NOT-FOR-US: WordPress plugin
 CVE-2023-52043 (An issue in D-Link COVR 1100, 1102, 1103 AC1200 Dual-Band 
Whole-Home M ...)
        NOT-FOR-US: D-Link
-CVE-2023-45288
+CVE-2023-45288 (An attacker may cause an HTTP/2 endpoint to read arbitrary 
amounts of  ...)
        - golang-1.22 1.22.2-1
        - golang-1.21 1.21.9-1
        - golang-1.19 <removed>



View it on GitLab: 
https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/ad12f23c1f7dfe4358ccb29295bf379251903757

-- 
View it on GitLab: 
https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/ad12f23c1f7dfe4358ccb29295bf379251903757
You're receiving this email because of your account on salsa.debian.org.



_______________________________________________
debian-security-tracker-commits mailing list
debian-security-tracker-commits@alioth-lists.debian.net
https://alioth-lists.debian.net/cgi-bin/mailman/listinfo/debian-security-tracker-commits