Salvatore Bonaccorso pushed to branch master at Debian Security Tracker / security-tracker
Commits: 0348c0d2 by Salvatore Bonaccorso at 2024-02-07T10:18:42+01:00 Process some NFUs - - - - - 1 changed file: - data/CVE/list Changes: ===================================== data/CVE/list ===================================== @@ -35,103 +35,103 @@ CVE-2024-24255 (A Race Condition discovered in geofence.cpp and mission_feasibil CVE-2024-24254 (PX4 Autopilot 1.14 and earlier, due to the lack of synchronization mec ...) NOT-FOR-US: PX4 Autopilot CVE-2024-24019 (A SQL injection vulnerability exists in Novel-Plus v4.3.0-RC1 and prio ...) - TODO: check + NOT-FOR-US: Novel-Plus CVE-2024-24015 (A SQL injection vulnerability exists in Novel-Plus v4.3.0-RC1 and prio ...) - TODO: check + NOT-FOR-US: Novel-Plus CVE-2024-24013 (A SQL injection vulnerability exists in Novel-Plus v4.3.0-RC1 and prio ...) - TODO: check + NOT-FOR-US: Novel-Plus CVE-2024-24004 (jshERP v3.3 is vulnerable to SQL Injection. The com.jsh.erp.controller ...) - TODO: check + NOT-FOR-US: jshERP CVE-2024-24002 (jshERP v3.3 is vulnerable to SQL Injection. The com.jsh.erp.controller ...) - TODO: check + NOT-FOR-US: jshERP CVE-2024-24001 (jshERP v3.3 is vulnerable to SQL Injection. via the com.jsh.erp.contro ...) - TODO: check + NOT-FOR-US: jshERP CVE-2024-24000 (jshERP v3.3 is vulnerable to Arbitrary File Upload. The jshERP-boot/sy ...) - TODO: check + NOT-FOR-US: jshERP CVE-2024-23917 (In JetBrains TeamCity before 2023.11.3 authentication bypass leading t ...) - TODO: check + NOT-FOR-US: JetBrains TeamCity CVE-2024-23673 (Malicious code execution via path traversal in Apache Software Foundat ...) - TODO: check + NOT-FOR-US: Apache Sling Servlets Resolver CVE-2024-23447 (An issue was discovered in the Windows Network Drive Connector when us ...) TODO: check CVE-2024-23446 (An issue was discovered by Elastic, whereby the Detection Engine Searc ...) TODO: check CVE-2024-23344 (Tuleap is an Open Source Suite to improve management of software devel ...) - TODO: check + NOT-FOR-US: Tuleap CVE-2024-22520 (An issue discovered in Dronetag Drone Scanner 1.5.2 allows attackers t ...) TODO: check CVE-2024-22519 (An issue discovered in OpenDroneID OSM 3.5.1 allows attackers to imper ...) TODO: check CVE-2024-22515 (Unrestricted File Upload vulnerability in iSpyConnect.com Agent DVR 5. ...) - TODO: check + NOT-FOR-US: iSpyConnect.com Agent DVR CVE-2024-22514 (An issue discovered in iSpyConnect.com Agent DVR 5.1.6.0 allows attack ...) - TODO: check + NOT-FOR-US: iSpyConnect.com Agent DVR CVE-2024-22388 (Certain configuration available in the communication channel for encod ...) TODO: check CVE-2024-22331 (IBM UrbanCode Deploy (UCD) 7.0 through 7.0.5.19, 7.1 through 7.1.2.15, ...) NOT-FOR-US: IBM CVE-2024-22241 (Aria Operations for Networks contains a cross site scripting vulnerabi ...) - TODO: check + NOT-FOR-US: VMware CVE-2024-22240 (Aria Operations for Networks contains a local file read vulnerability. ...) - TODO: check + NOT-FOR-US: VMware CVE-2024-22239 (Aria Operations for Networks contains a local privilege escalation vul ...) - TODO: check + NOT-FOR-US: VMware CVE-2024-22238 (Aria Operations for Networks contains a cross site scripting vulnerabi ...) - TODO: check + NOT-FOR-US: VMware CVE-2024-22237 (Aria Operations for Networks contains a local privilege escalation vul ...) - TODO: check + NOT-FOR-US: VMware CVE-2024-22022 (Vulnerability CVE-2024-22022 allows a Veeam Recovery Orchestrator user ...) - TODO: check + NOT-FOR-US: Veeam CVE-2024-22021 (VulnerabilityCVE-2024-22021 allowsaVeeam Recovery Orchestrator user wi ...) - TODO: check + NOT-FOR-US: Veeam CVE-2024-1269 (A vulnerability has been found in SourceCodester Product Management Sy ...) - TODO: check + NOT-FOR-US: SourceCodester Product Management System CVE-2024-1268 (A vulnerability, which was classified as critical, was found in CodeAs ...) - TODO: check + NOT-FOR-US: CodeAstro Restaurant POS System CVE-2024-1267 (A vulnerability, which was classified as problematic, has been found i ...) - TODO: check + NOT-FOR-US: CodeAstro Restaurant POS System CVE-2024-1266 (A vulnerability classified as problematic was found in CodeAstro Unive ...) - TODO: check + NOT-FOR-US: CodeAstro University Management System CVE-2024-1265 (A vulnerability classified as problematic has been found in CodeAstro ...) - TODO: check + NOT-FOR-US: CodeAstro University Management System CVE-2024-1264 (A vulnerability has been found in Juanpao JPShop up to 1.5.02 and clas ...) - TODO: check + NOT-FOR-US: Juanpao JPShop CVE-2024-1263 (A vulnerability, which was classified as critical, was found in Juanpa ...) - TODO: check + NOT-FOR-US: Juanpao JPShop CVE-2024-1262 (A vulnerability, which was classified as critical, has been found in J ...) - TODO: check + NOT-FOR-US: Juanpao JPShop CVE-2024-1261 (A vulnerability classified as critical was found in Juanpao JPShop up ...) - TODO: check + NOT-FOR-US: Juanpao JPShop CVE-2024-1260 (A vulnerability classified as critical has been found in Juanpao JPSho ...) - TODO: check + NOT-FOR-US: Juanpao JPShop CVE-2024-1259 (A vulnerability was found in Juanpao JPShop up to 1.5.02. It has been ...) - TODO: check + NOT-FOR-US: Juanpao JPShop CVE-2024-1258 (A vulnerability was found in Juanpao JPShop up to 1.5.02. It has been ...) - TODO: check + NOT-FOR-US: Juanpao JPShop CVE-2024-1257 (A vulnerability was found in Jspxcms 10.2.0. It has been classified as ...) - TODO: check + NOT-FOR-US: Jspxcms CVE-2024-1256 (A vulnerability was found in Jspxcms 10.2.0 and classified as problema ...) - TODO: check + NOT-FOR-US: Jspxcms CVE-2024-1255 (A vulnerability has been found in sepidz SepidzDigitalMenu up to 7.1.0 ...) - TODO: check + NOT-FOR-US: SepidzDigitalMenu CVE-2024-1254 (A vulnerability, which was classified as critical, was found in Beijin ...) - TODO: check + NOT-FOR-US: Beijing Baichuo Smart S20 Management Platform CVE-2024-1253 (A vulnerability, which was classified as critical, has been found in B ...) - TODO: check + NOT-FOR-US: Beijing Baichuo Smart S40 Management Platform CVE-2024-1252 (A vulnerability classified as critical was found in Tongda OA 2017 up ...) - TODO: check + NOT-FOR-US: Tongda CVE-2024-1251 (A vulnerability classified as critical has been found in Tongda OA 201 ...) - TODO: check + NOT-FOR-US: Tongda CVE-2024-1079 (The Quiz Maker plugin for WordPress is vulnerable to unauthorized acce ...) - TODO: check + NOT-FOR-US: WordPress plugin CVE-2024-1078 (The Quiz Maker plugin for WordPress is vulnerable to unauthorized modi ...) - TODO: check + NOT-FOR-US: WordPress plugin CVE-2024-1055 (The PowerPack Addons for Elementor (Free Widgets, Extensions and Templ ...) - TODO: check + NOT-FOR-US: WordPress plugin CVE-2024-1037 (The All-In-One Security (AIOS) \u2013 Security and Firewall plugin for ...) - TODO: check + NOT-FOR-US: WordPress plugin CVE-2024-0977 (The Timeline Widget For Elementor (Elementor Timeline, Vertical & Hori ...) - TODO: check + NOT-FOR-US: WordPress plugin CVE-2024-0971 (A SQL injection vulnerability exists where an authenticated, low-privi ...) TODO: check CVE-2024-0955 (A stored XSS vulnerability exists where an authenticated, remote attac ...) @@ -139,25 +139,25 @@ CVE-2024-0955 (A stored XSS vulnerability exists where an authenticated, remote CVE-2024-0849 (Leanote version 2.7.0 allows obtaining arbitrary local files. This is ...) TODO: check CVE-2024-0628 (The WP RSS Aggregator plugin for WordPress is vulnerable to Server-Sid ...) - TODO: check + NOT-FOR-US: WordPress plugin CVE-2024-0256 (The Starbox plugin for WordPress is vulnerable to Stored Cross-Site Sc ...) - TODO: check + NOT-FOR-US: WordPress plugin CVE-2023-6388 (Suite CRM version 7.14.2 allows making arbitrary HTTP requests through ...) - TODO: check + NOT-FOR-US: Suite CRM CVE-2023-5584 REJECTED CVE-2023-50395 (SQL Injection Remote Code Execution Vulnerability was found using an u ...) - TODO: check + NOT-FOR-US: SolarWinds CVE-2023-47618 (A post authentication command execution vulnerability exists in the we ...) - TODO: check + NOT-FOR-US: Tp-Link CVE-2023-47617 (A post authentication command injection vulnerability exists when conf ...) - TODO: check + NOT-FOR-US: Tp-Link CVE-2023-47209 (A post authentication command injection vulnerability exists in the ip ...) - TODO: check + NOT-FOR-US: Tp-Link CVE-2023-47167 (A post authentication command injection vulnerability exists in the GR ...) - TODO: check + NOT-FOR-US: Tp-Link CVE-2023-46683 (A post authentication command injection vulnerability exists when con ...) - TODO: check + NOT-FOR-US: Tp-Link CVE-2023-46183 (IBM PowerVM Hypervisor FW950.00 through FW950.90, FW1020.00 through FW ...) NOT-FOR-US: IBM CVE-2023-45735 (A potential attacker with access to the Westermo Lynx device may be ab ...) @@ -169,25 +169,25 @@ CVE-2023-45222 (An attacker with access to the web application that has the vuln CVE-2023-45213 (A potential attacker with access to the Westermo Lynx device would be ...) TODO: check CVE-2023-43482 (A command execution vulnerability exists in the guest resource functio ...) - TODO: check + NOT-FOR-US: Tp-Link CVE-2023-42765 (An attacker with access to the vulnerable software could introduce arb ...) TODO: check CVE-2023-42664 (A post authentication command injection vulnerability exists when sett ...) - TODO: check + NOT-FOR-US: Tp-Link CVE-2023-40545 (Authenticationbypass when an OAuth2 Client is using client_secret_jwt ...) TODO: check CVE-2023-40544 (An attacker with access to the network where the affected devices are ...) TODO: check CVE-2023-40355 (Cross Site Scripting (XSS) vulnerability in Axigen versions 10.3.3.0 b ...) - TODO: check + NOT-FOR-US: Axigen CVE-2023-40143 (An attacker with access to the Westermo Lynx web application that has ...) TODO: check CVE-2023-38579 (The cross-site request forgery token in the request may be predictable ...) TODO: check CVE-2023-36498 (A post-authentication command injection vulnerability exists in the PP ...) - TODO: check + NOT-FOR-US: Tp-Link CVE-2023-35188 (SQL Injection Remote Code Execution Vulnerability was found using a cr ...) - TODO: check + NOT-FOR-US: SolarWinds CVE-2024-1271 [privileges escalation from root to domain admin] - freeipa <undetermined> NOTE: https://bugzilla.redhat.com/show_bug.cgi?id=2262978 @@ -461,13 +461,13 @@ CVE-2023-51951 (SQL Injection vulnerability in Stock Management System 1.0 allow CVE-2023-4637 (The WPvivid plugin for WordPress is vulnerable to unauthorized access ...) NOT-FOR-US: WordPress plugin CVE-2023-47889 (The Android application BINHDRM26 com.bdrm.superreboot 1.0.3, exposes ...) - TODO: check + NOT-FOR-US: Android application BINHDRM26 com.bdrm.superreboot CVE-2023-47354 (An issue in the PowerOffWidgetReceiver function of Super Reboot (Root) ...) TODO: check CVE-2023-47353 (An issue in the com.oneed.dvr.service.DownloadFirmwareService componen ...) TODO: check CVE-2023-47022 (An issue in NCR Terminal Handler v.1.5.1 allows a remote attacker to e ...) - TODO: check + NOT-FOR-US: NCR Terminal Handler CVE-2023-46360 (Hardy Barth cPH2 eCharge Ladestation v1.87.0 and earlier is vulnerable ...) NOT-FOR-US: Hardy Barth cPH2 eCharge Ladestation CVE-2023-46359 (An OS command injection vulnerability in Hardy Barth cPH2 eCharge Lade ...) View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/0348c0d2584dea5bf3153392a16cf6212e1cabb2 -- View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/0348c0d2584dea5bf3153392a16cf6212e1cabb2 You're receiving this email because of your account on salsa.debian.org.
_______________________________________________ debian-security-tracker-commits mailing list debian-security-tracker-commits@alioth-lists.debian.net https://alioth-lists.debian.net/cgi-bin/mailman/listinfo/debian-security-tracker-commits