Salvatore Bonaccorso pushed to branch master at Debian Security Tracker /
security-tracker
Commits:
4ccccfdb by security tracker role at 2024-02-02T20:12:32+00:00
automatic update
- - - - -
1 changed file:
- data/CVE/list
Changes:
=====================================
data/CVE/list
=====================================
@@ -1,3 +1,165 @@
+CVE-2024-25006 (XenForo before 2.2.14 allows Directory Traversal (with write
access) b ...)
+ TODO: check
+CVE-2024-25001
+ REJECTED
+CVE-2024-24760 (mailcow is a dockerized email package, with multiple
containers linked ...)
+ TODO: check
+CVE-2024-24757 (open-irs is an issue response robot that reponds to issues in
the inst ...)
+ TODO: check
+CVE-2024-24560 (Vyper is a Pythonic Smart Contract Language for the Ethereum
Virtual M ...)
+ TODO: check
+CVE-2024-24470 (Cross Site Request Forgery vulnerability in flusity-CMS v.2.33
allows ...)
+ TODO: check
+CVE-2024-24388 (Cross-site scripting (XSS) vulnerability in XunRuiCMS versions
v4.6.2 ...)
+ TODO: check
+CVE-2024-24161 (MRCMS 3.0 contains an Arbitrary File Read vulnerability in
/admin/file ...)
+ TODO: check
+CVE-2024-24160 (MRCMS 3.0 contains a Cross-Site Scripting (XSS) vulnerability
via /adm ...)
+ TODO: check
+CVE-2024-24029 (JFinalCMS 5.0.0 is vulnerable to SQL injection via
/admin/content/data ...)
+ TODO: check
+CVE-2024-23895 (A vulnerability has been reported in Cups Easy (Purchase &
Inventory), ...)
+ TODO: check
+CVE-2024-23831 (LedgerSMB is a free web-based double-entry accounting system.
When a L ...)
+ TODO: check
+CVE-2024-23824 (mailcow is a dockerized email package, with multiple
containers linked ...)
+ TODO: check
+CVE-2024-23635 (AntiSamy is a library for performing fast, configurable
cleansing of H ...)
+ TODO: check
+CVE-2024-22851 (Directory Traversal Vulnerability in LiveConfig before v.2.5.2
allows ...)
+ TODO: check
+CVE-2024-22108 (An issue was discovered in GTB Central Console
15.17.1-30814.NG. The m ...)
+ TODO: check
+CVE-2024-22107 (An issue was discovered in GTB Central Console
15.17.1-30814.NG. The m ...)
+ TODO: check
+CVE-2024-1201 (Search path or unquoted item vulnerability in HDD Health
affecting ver ...)
+ TODO: check
+CVE-2024-1192 (A vulnerability was found in South River WebDrive 18.00.5057.
It has b ...)
+ TODO: check
+CVE-2024-1191 (A vulnerability was found in Hyper CdCatalog 2.3.1. It has been
classi ...)
+ TODO: check
+CVE-2024-1190 (A vulnerability was found in Global Scape CuteFTP 9.3.0.3 and
classifi ...)
+ TODO: check
+CVE-2024-1189 (A vulnerability has been found in AMPPS 2.7 and classified as
problema ...)
+ TODO: check
+CVE-2024-1188 (A vulnerability, which was classified as problematic, was found
in Riz ...)
+ TODO: check
+CVE-2024-1187 (A vulnerability, which was classified as problematic, has been
found i ...)
+ TODO: check
+CVE-2024-1186 (A vulnerability classified as problematic was found in Munsoft
Easy Ar ...)
+ TODO: check
+CVE-2024-1185 (A vulnerability classified as problematic has been found in
Nsasoft NB ...)
+ TODO: check
+CVE-2024-1184 (A vulnerability was found in Nsasoft Network Sleuth 3.0.0.0. It
has be ...)
+ TODO: check
+CVE-2024-0963 (The Calculated Fields Form plugin for WordPress is vulnerable
to Store ...)
+ TODO: check
+CVE-2024-0844 (The Popup More Popups, Lightboxes, and more popup modules
plugin for W ...)
+ TODO: check
+CVE-2024-0338 (A buffer overflow vulnerability has been found in XAMPP
affecting vers ...)
+ TODO: check
+CVE-2024-0269 (ManageEngine ADAudit Plus versions7270and below are vulnerable
to the ...)
+ TODO: check
+CVE-2024-0253 (ManageEngine ADAudit Plus versions7270and below are vulnerable
to the ...)
+ TODO: check
+CVE-2023-6676 (Cross-Site Request Forgery (CSRF) vulnerability in National
Keep Cyber ...)
+ TODO: check
+CVE-2023-6675 (Unrestricted Upload of File with Dangerous Type vulnerability
in Natio ...)
+ TODO: check
+CVE-2023-6673 (Improper Neutralization of Input During Web Page Generation
('Cross-si ...)
+ TODO: check
+CVE-2023-6672 (Improper Neutralization of Input During Web Page Generation
('Cross-si ...)
+ TODO: check
+CVE-2023-6387 (A potential buffer overflow exists in the Bluetooth LE HCI CPC
sample ...)
+ TODO: check
+CVE-2023-51838 (Ylianst MeshCentral 1.1.16 suffers from Use of a Broken or
Risky Crypt ...)
+ TODO: check
+CVE-2023-51820 (An issue in Blurams Lumi Security Camera (A31C) v.2.3.38.12558
allows ...)
+ TODO: check
+CVE-2023-51072 (A stored cross-site scripting (XSS) vulnerability in the NOC
component ...)
+ TODO: check
+CVE-2023-50488 (An issue in Blurams Lumi Security Camera (A31C)
v23.0406.435.4120 allo ...)
+ TODO: check
+CVE-2023-50359 (An unchecked return value vulnerability has been reported to
affect se ...)
+ TODO: check
+CVE-2023-48645 (An issue was discovered in the Archibus app 4.0.3 for iOS. It
uses a l ...)
+ TODO: check
+CVE-2023-47568 (A SQL injection vulnerability has been reported to affect
several QNAP ...)
+ TODO: check
+CVE-2023-47567 (An OS command injection vulnerability has been reported to
affect seve ...)
+ TODO: check
+CVE-2023-47566 (An OS command injection vulnerability has been reported to
affect seve ...)
+ TODO: check
+CVE-2023-47564 (An incorrect permission assignment for critical resource
vulnerability ...)
+ TODO: check
+CVE-2023-47562 (An OS command injection vulnerability has been reported to
affect Phot ...)
+ TODO: check
+CVE-2023-47561 (A cross-site scripting (XSS) vulnerability has been reported
to affect ...)
+ TODO: check
+CVE-2023-47148 (IBM Storage Protect Plus Server 10.1.0 through 10.1.15.2 Admin
Console ...)
+ TODO: check
+CVE-2023-47144 (IBM Tivoli Application Dependency Discovery Manager 7.3.0.0
through 7. ...)
+ TODO: check
+CVE-2023-47143 (IBM Tivoli Application Dependency Discovery Manager 7.3.0.0
through 7. ...)
+ TODO: check
+CVE-2023-47142 (IBM Tivoli Application Dependency Discovery Manager 7.3.0.0
through 7. ...)
+ TODO: check
+CVE-2023-45037 (A buffer copy without checking size of input vulnerability has
been re ...)
+ TODO: check
+CVE-2023-45036 (A buffer copy without checking size of input vulnerability has
been re ...)
+ TODO: check
+CVE-2023-45035 (A buffer copy without checking size of input vulnerability has
been re ...)
+ TODO: check
+CVE-2023-45028 (An uncontrolled resource consumption vulnerability has been
reported t ...)
+ TODO: check
+CVE-2023-45027 (A path traversal vulnerability has been reported to affect
several QNA ...)
+ TODO: check
+CVE-2023-45026 (A path traversal vulnerability has been reported to affect
several QNA ...)
+ TODO: check
+CVE-2023-45025 (An OS command injection vulnerability has been reported to
affect seve ...)
+ TODO: check
+CVE-2023-41292 (A buffer copy without checking size of input vulnerability has
been re ...)
+ TODO: check
+CVE-2023-41283 (An OS command injection vulnerability has been reported to
affect seve ...)
+ TODO: check
+CVE-2023-41282 (An OS command injection vulnerability has been reported to
affect seve ...)
+ TODO: check
+CVE-2023-41281 (An OS command injection vulnerability has been reported to
affect seve ...)
+ TODO: check
+CVE-2023-41280 (A buffer copy without checking size of input vulnerability has
been re ...)
+ TODO: check
+CVE-2023-41279 (A buffer copy without checking size of input vulnerability has
been re ...)
+ TODO: check
+CVE-2023-41278 (A buffer copy without checking size of input vulnerability has
been re ...)
+ TODO: check
+CVE-2023-41277 (A buffer copy without checking size of input vulnerability has
been re ...)
+ TODO: check
+CVE-2023-41276 (A buffer copy without checking size of input vulnerability has
been re ...)
+ TODO: check
+CVE-2023-41275 (A buffer copy without checking size of input vulnerability has
been re ...)
+ TODO: check
+CVE-2023-41274 (A NULL pointer dereference vulnerability has been reported to
affect s ...)
+ TODO: check
+CVE-2023-41273 (A heap-based buffer overflow vulnerability has been reported
to affect ...)
+ TODO: check
+CVE-2023-39611 (An issue in Software FX Chart FX 7 version 7.0.4962.20829
allows attac ...)
+ TODO: check
+CVE-2023-39303 (An improper authentication vulnerability has been reported to
affect s ...)
+ TODO: check
+CVE-2023-39302 (An OS command injection vulnerability has been reported to
affect seve ...)
+ TODO: check
+CVE-2023-39297 (An OS command injection vulnerability has been reported to
affect seve ...)
+ TODO: check
+CVE-2023-38273 (IBM Cloud Pak System 2.3.1.1, 2.3.2.0, and 2.3.3.7 uses an
inadequate ...)
+ TODO: check
+CVE-2023-37530 (A cross-site scripting (XSS) vulnerability in the Web Reports
componen ...)
+ TODO: check
+CVE-2023-37529 (A cross-site scripting (XSS) vulnerability in the Web Reports
componen ...)
+ TODO: check
+CVE-2023-37527 (A reflected cross-site scripting (XSS) vulnerability in the
Web Report ...)
+ TODO: check
+CVE-2023-32967 (An incorrect authorization vulnerability has been reported to
affect s ...)
+ TODO: check
CVE-2024-XXXX [GHSA-7g9j-g5jg-3vv3: Unauthenticated Nonce Increment in snow]
- rust-snow <unfixed> (bug #1062663)
NOTE:
https://github.com/mcginty/snow/security/advisories/GHSA-7g9j-g5jg-3vv3
@@ -112953,8 +113115,8 @@ CVE-2022-34383 (Dell Edge Gateway 5200 (EGW) versions
before 1.03.10 contain an
NOT-FOR-US: Dell
CVE-2022-34382 (Dell Command Update, Dell Update and Alienware Update versions
prior t ...)
NOT-FOR-US: Dell
-CVE-2022-34381
- RESERVED
+CVE-2022-34381 (Dell BSAFE SSL-J version 7.0 and all versions prior to 6.5,
and Dell B ...)
+ TODO: check
CVE-2022-34380 (Dell CloudLink 7.1.3 and all earlier versions contain an
Authenticatio ...)
NOT-FOR-US: Dell
CVE-2022-34379 (Dell EMC CloudLink 7.1.2 and all prior versions contain an
Authenticat ...)
@@ -216386,7 +216548,7 @@ CVE-2021-22284 (Incorrect Permission Assignment for
Critical Resource vulnerabil
NOT-FOR-US: ABB
CVE-2021-22283 (Improper Initialization vulnerability in ABB Relion protection
relays ...)
NOT-FOR-US: ABB
-CVE-2021-22282 (Improper copy algorithm in the project extraction component in
B&R Aut ...)
+CVE-2021-22282 (Improper Control of Generation of Code ('Code Injection')
vulnerabilit ...)
NOT-FOR-US: B&R Industrial Automation Automation Studio
CVE-2021-22281 (: Relative Path Traversal vulnerability in B&R Industrial
Automation A ...)
NOT-FOR-US: B&R Industrial Automation Automation Studio
@@ -218173,8 +218335,8 @@ CVE-2021-21577 (Dell EMC iDRAC9 versions prior to
4.40.40.00 contain a DOM-based
NOT-FOR-US: EMC
CVE-2021-21576 (Dell EMC iDRAC9 versions prior to 4.40.40.00 contain a
DOM-based cross ...)
NOT-FOR-US: EMC
-CVE-2021-21575
- RESERVED
+CVE-2021-21575 (Dell BSAFE Micro Edition Suite,versions before 4.5.2, contain
an Obser ...)
+ TODO: check
CVE-2021-21574 (Dell BIOSConnect feature contains a buffer overflow
vulnerability. An ...)
NOT-FOR-US: Dell
CVE-2021-21573 (Dell BIOSConnect feature contains a buffer overflow
vulnerability. An ...)
@@ -227040,8 +227202,8 @@ CVE-2020-29506 (Dell BSAFE Crypto-C Micro Edition,
versions before 4.1.5, and De
NOT-FOR-US: Dell
CVE-2020-29505 (Dell BSAFE Crypto-C Micro Edition, versions before 4.1.5, and
Dell BSA ...)
NOT-FOR-US: Dell
-CVE-2020-29504
- RESERVED
+CVE-2020-29504 (Dell BSAFE Crypto-C Micro Edition, versions before 4.1.5, and
Dell BSA ...)
+ TODO: check
CVE-2020-29503 (Dell EMC PowerStore versions prior to 1.0.3.0.5.xxx contain a
file per ...)
NOT-FOR-US: EMC PowerStore
CVE-2020-29502 (Dell EMC PowerStore versions prior to 1.0.3.0.5.007 contain a
Plain-Te ...)
View it on GitLab:
https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/4ccccfdb69b5dc1284a87401df633346df6f9399
--
View it on GitLab:
https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/4ccccfdb69b5dc1284a87401df633346df6f9399
You're receiving this email because of your account on salsa.debian.org.
_______________________________________________
debian-security-tracker-commits mailing list
[email protected]
https://alioth-lists.debian.net/cgi-bin/mailman/listinfo/debian-security-tracker-commits
