Salvatore Bonaccorso pushed to branch master at Debian Security Tracker /
security-tracker
Commits:
79b2658e by security tracker role at 2024-03-08T08:11:40+00:00
automatic update
- - - - -
1 changed file:
- data/CVE/list
Changes:
=====================================
data/CVE/list
=====================================
@@ -1,3 +1,221 @@
+CVE-2024-2298 (The affiliate-toolkit \u2013 WordPress Affiliate Plugin plugin
for Wor ...)
+ TODO: check
+CVE-2024-2285 (A vulnerability, which was classified as problematic, has been
found i ...)
+ TODO: check
+CVE-2024-2284 (A vulnerability classified as problematic was found in boyiddha
Automa ...)
+ TODO: check
+CVE-2024-2283 (A vulnerability classified as critical has been found in
boyiddha Auto ...)
+ TODO: check
+CVE-2024-2282 (A vulnerability was found in boyiddha
Automated-Mess-Management-System ...)
+ TODO: check
+CVE-2024-2281 (A vulnerability was found in boyiddha
Automated-Mess-Management-System ...)
+ TODO: check
+CVE-2024-2277 (A vulnerability was found in Bdtask G-Prescription Gynaecology
& OBS C ...)
+ TODO: check
+CVE-2024-2276 (A vulnerability has been found in Bdtask G-Prescription
Gynaecology & ...)
+ TODO: check
+CVE-2024-2275 (A vulnerability, which was classified as problematic, was found
in Bdt ...)
+ TODO: check
+CVE-2024-2274 (A vulnerability, which was classified as problematic, has been
found i ...)
+ TODO: check
+CVE-2024-2272 (A vulnerability classified as critical was found in keerti1924
Online- ...)
+ TODO: check
+CVE-2024-2271 (A vulnerability classified as critical has been found in
keerti1924 On ...)
+ TODO: check
+CVE-2024-2270 (A vulnerability was found in keerti1924
Online-Book-Store-Website 1.0. ...)
+ TODO: check
+CVE-2024-2269 (A vulnerability was found in keerti1924
Online-Book-Store-Website 1.0. ...)
+ TODO: check
+CVE-2024-2268 (A vulnerability was found in keerti1924
Online-Book-Store-Website 1.0. ...)
+ TODO: check
+CVE-2024-2267 (A vulnerability was found in keerti1924
Online-Book-Store-Website 1.0 ...)
+ TODO: check
+CVE-2024-2266 (A vulnerability has been found in keerti1924
Secret-Coder-PHP-Project ...)
+ TODO: check
+CVE-2024-2265 (A vulnerability, which was classified as problematic, was found
in kee ...)
+ TODO: check
+CVE-2024-2264 (A vulnerability, which was classified as critical, has been
found in k ...)
+ TODO: check
+CVE-2024-2044 (pgAdmin 4 uses a file-based session management approach. The
session f ...)
+ TODO: check
+CVE-2024-28115 (FreeRTOS is a real-time operating system for microcontrollers.
FreeRTO ...)
+ TODO: check
+CVE-2024-27707 (Server Side Request Forgery (SSRF) vulnerability in
hcengineering Huly ...)
+ TODO: check
+CVE-2024-27613 (Numbas editor before 7.3 mishandles reading of themes and
extensions.)
+ TODO: check
+CVE-2024-27612 (Numbas editor before 7.3 mishandles editing of themes and
extensions.)
+ TODO: check
+CVE-2024-26492 (An issue in Online Diagnostic Lab Management System 1.0 allows
a remot ...)
+ TODO: check
+CVE-2024-26313 (Archer Platform 6.x before 6.14 P2 HF2 (6.14.0.2.2) contains a
stored ...)
+ TODO: check
+CVE-2024-26309 (Archer Platform 6.x before 6.14 P2 HF2 (6.14.0.2.2) contains a
sensiti ...)
+ TODO: check
+CVE-2024-26167 (Microsoft Edge for Android Spoofing Vulnerability)
+ TODO: check
+CVE-2024-25849 (In the module "Make an offer" (makeanoffer) <= 1.7.1 from
PrestaToolKi ...)
+ TODO: check
+CVE-2024-25848 (In the module "Ever Ultimate SEO" (everpsseo) <= 8.1.2 from
Team Ever ...)
+ TODO: check
+CVE-2024-25845 (In the module "CD Custom Fields 4 Orders"
(cdcustomfields4orders) <= 1 ...)
+ TODO: check
+CVE-2024-25729 (Arris SBG6580 devices have predictable default WPA2 security
passwords ...)
+ TODO: check
+CVE-2024-25327 (Cross Site Scripting (XSS) vulnerability in Justice Systems
FullCourt ...)
+ TODO: check
+CVE-2024-24035 (Cross Site Scripting (XSS) vulnerability in Setor Informatica
SIL 3.1 ...)
+ TODO: check
+CVE-2024-23297 (The issue was addressed with improved checks. This issue is
fixed in t ...)
+ TODO: check
+CVE-2024-23295 (A permissions issue was addressed to help ensure Personas are
always p ...)
+ TODO: check
+CVE-2024-23294 (This issue was addressed by removing the vulnerable code. This
issue i ...)
+ TODO: check
+CVE-2024-23293 (This issue was addressed through improved state management.
This issue ...)
+ TODO: check
+CVE-2024-23292 (This issue was addressed with improved data protection. This
issue is ...)
+ TODO: check
+CVE-2024-23291 (A privacy issue was addressed with improved private data
redaction for ...)
+ TODO: check
+CVE-2024-23290 (A logic issue was addressed with improved restrictions. This
issue is ...)
+ TODO: check
+CVE-2024-23289 (A lock screen issue was addressed with improved state
management. This ...)
+ TODO: check
+CVE-2024-23288 (This issue was addressed by removing the vulnerable code. This
issue i ...)
+ TODO: check
+CVE-2024-23287 (A privacy issue was addressed with improved handling of
temporary file ...)
+ TODO: check
+CVE-2024-23286 (A buffer overflow issue was addressed with improved memory
handling. T ...)
+ TODO: check
+CVE-2024-23285 (This issue was addressed with improved handling of symlinks.
This issu ...)
+ TODO: check
+CVE-2024-23284 (A logic issue was addressed with improved state management.
This issue ...)
+ TODO: check
+CVE-2024-23283 (A privacy issue was addressed with improved private data
redaction for ...)
+ TODO: check
+CVE-2024-23281 (This issue was addressed with improved state management. This
issue is ...)
+ TODO: check
+CVE-2024-23280 (An injection issue was addressed with improved validation.
This issue ...)
+ TODO: check
+CVE-2024-23279 (A privacy issue was addressed with improved private data
redaction for ...)
+ TODO: check
+CVE-2024-23278 (The issue was addressed with improved checks. This issue is
fixed in m ...)
+ TODO: check
+CVE-2024-23277 (The issue was addressed with improved checks. This issue is
fixed in m ...)
+ TODO: check
+CVE-2024-23276 (A logic issue was addressed with improved checks. This issue
is fixed ...)
+ TODO: check
+CVE-2024-23275 (A race condition was addressed with additional validation.
This issue ...)
+ TODO: check
+CVE-2024-23274 (An injection issue was addressed with improved input
validation. This ...)
+ TODO: check
+CVE-2024-23273 (This issue was addressed through improved state management.
This issue ...)
+ TODO: check
+CVE-2024-23272 (A logic issue was addressed with improved checks. This issue
is fixed ...)
+ TODO: check
+CVE-2024-23270 (The issue was addressed with improved memory handling. This
issue is f ...)
+ TODO: check
+CVE-2024-23269 (A downgrade issue affecting Intel-based Mac computers was
addressed wi ...)
+ TODO: check
+CVE-2024-23268 (An injection issue was addressed with improved input
validation. This ...)
+ TODO: check
+CVE-2024-23267 (The issue was addressed with improved checks. This issue is
fixed in m ...)
+ TODO: check
+CVE-2024-23266 (The issue was addressed with improved checks. This issue is
fixed in m ...)
+ TODO: check
+CVE-2024-23265 (A memory corruption vulnerability was addressed with improved
locking. ...)
+ TODO: check
+CVE-2024-23264 (A validation issue was addressed with improved input
sanitization. Thi ...)
+ TODO: check
+CVE-2024-23263 (A logic issue was addressed with improved validation. This
issue is fi ...)
+ TODO: check
+CVE-2024-23262 (This issue was addressed with additional entitlement checks.
This issu ...)
+ TODO: check
+CVE-2024-23260 (This issue was addressed by removing additional entitlements.
This iss ...)
+ TODO: check
+CVE-2024-23259 (The issue was addressed with improved checks. This issue is
fixed in i ...)
+ TODO: check
+CVE-2024-23258 (An out-of-bounds read was addressed with improved input
validation. Th ...)
+ TODO: check
+CVE-2024-23257 (The issue was addressed with improved memory handling. This
issue is f ...)
+ TODO: check
+CVE-2024-23255 (An authentication issue was addressed with improved state
management. ...)
+ TODO: check
+CVE-2024-23254 (The issue was addressed with improved UI handling. This issue
is fixed ...)
+ TODO: check
+CVE-2024-23253 (A permissions issue was addressed with additional
restrictions. This i ...)
+ TODO: check
+CVE-2024-23252 (The issue was addressed with improved memory handling. This
issue is f ...)
+ TODO: check
+CVE-2024-23250 (An access issue was addressed with improved access
restrictions. This ...)
+ TODO: check
+CVE-2024-23249 (The issue was addressed with improved memory handling. This
issue is f ...)
+ TODO: check
+CVE-2024-23248 (The issue was addressed with improved memory handling. This
issue is f ...)
+ TODO: check
+CVE-2024-23247 (The issue was addressed with improved memory handling. This
issue is f ...)
+ TODO: check
+CVE-2024-23246 (This issue was addressed by removing the vulnerable code. This
issue i ...)
+ TODO: check
+CVE-2024-23245 (This issue was addressed by adding an additional prompt for
user conse ...)
+ TODO: check
+CVE-2024-23244 (A logic issue was addressed with improved restrictions. This
issue is ...)
+ TODO: check
+CVE-2024-23242 (A privacy issue was addressed by not logging contents of text
fields. ...)
+ TODO: check
+CVE-2024-23241 (This issue was addressed through improved state management.
This issue ...)
+ TODO: check
+CVE-2024-23240 (The issue was addressed with improved checks. This issue is
fixed in i ...)
+ TODO: check
+CVE-2024-23239 (A race condition was addressed with improved state handling.
This issu ...)
+ TODO: check
+CVE-2024-23238 (An access issue was addressed with improved access
restrictions. This ...)
+ TODO: check
+CVE-2024-23235 (A race condition was addressed with additional validation.
This issue ...)
+ TODO: check
+CVE-2024-23234 (An out-of-bounds write issue was addressed with improved input
validat ...)
+ TODO: check
+CVE-2024-23233 (This issue was addressed with improved checks. This issue is
fixed in ...)
+ TODO: check
+CVE-2024-23232 (A privacy issue was addressed with improved handling of
temporary file ...)
+ TODO: check
+CVE-2024-23231 (A privacy issue was addressed with improved private data
redaction for ...)
+ TODO: check
+CVE-2024-23230 (This issue was addressed with improved file handling. This
issue is fi ...)
+ TODO: check
+CVE-2024-23227 (This issue was addressed with improved redaction of sensitive
informat ...)
+ TODO: check
+CVE-2024-23226 (The issue was addressed with improved memory handling. This
issue is f ...)
+ TODO: check
+CVE-2024-23220 (The issue was addressed with improved handling of caches. This
issue i ...)
+ TODO: check
+CVE-2024-23216 (A path handling issue was addressed with improved validation.
This iss ...)
+ TODO: check
+CVE-2024-23205 (A privacy issue was addressed with improved private data
redaction for ...)
+ TODO: check
+CVE-2024-23201 (A permissions issue was addressed with additional
restrictions. This i ...)
+ TODO: check
+CVE-2024-1987 (The WP-Members Membership Plugin plugin for WordPress is
vulnerable to ...)
+ TODO: check
+CVE-2024-1986 (The Booster Elite for WooCommerce plugin for WordPress is
vulnerable t ...)
+ TODO: check
+CVE-2024-1851 (The affiliate-toolkit \u2013 WordPress Affiliate Plugin plugin
for Wor ...)
+ TODO: check
+CVE-2024-1802 (The EmbedPress \u2013 Embed PDF, Google Docs, Vimeo, Wistia,
Embed You ...)
+ TODO: check
+CVE-2024-0258 (The issue was addressed with improved memory handling. This
issue is f ...)
+ TODO: check
+CVE-2023-46172 (IBM DS8900F HMC 89.21.19.0, 89.21.31.0, 89.30.68.0,
89.32.40.0, and 89 ...)
+ TODO: check
+CVE-2023-46171 (IBM DS8900F HMC 89.21.19.0, 89.21.31.0, 89.30.68.0,
89.32.40.0, and 89 ...)
+ TODO: check
+CVE-2023-46170 (IBM DS8900F HMC 89.21.19.0, 89.21.31.0, 89.30.68.0,
89.32.40.0, and 89 ...)
+ TODO: check
+CVE-2023-46169 (IBM DS8900F HMC 89.21.19.0, 89.21.31.0, 89.30.68.0,
89.32.40.0, and 89 ...)
+ TODO: check
+CVE-2023-28826 (This issue was addressed with improved redaction of sensitive
informat ...)
+ TODO: check
CVE-2024-2245 (Cross-Site Scripting vulnerability in moziloCMS version 2.0. By
sendin ...)
NOT-FOR-US: moziloCMS
CVE-2024-2241 (Improper access control in the user interface in Devolutions
Workspace ...)
@@ -3472,10 +3690,12 @@ CVE-2024-25410 (flusity-CMS 2.33 is vulnerable to
Unrestricted Upload of File wi
CVE-2024-25344 (Cross Site Scripting vulnerability in ITFlow.org before commit
v.43248 ...)
NOT-FOR-US: ITFlow.org
CVE-2024-25082 (Splinefont in FontForge through 20230101 allows command
injection via ...)
+ {DLA-3754-1}
- fontforge <unfixed> (bug #1064967)
NOTE: https://github.com/fontforge/fontforge/pull/5367
NOTE:
https://github.com/fontforge/fontforge/commit/216eb14b558df344b206bf82e2bdaf03a1f2f429
CVE-2024-25081 (Splinefont in FontForge through 20230101 allows command
injection via ...)
+ {DLA-3754-1}
- fontforge <unfixed> (bug #1064967)
NOTE: https://github.com/fontforge/fontforge/pull/5367
NOTE:
https://github.com/fontforge/fontforge/commit/216eb14b558df344b206bf82e2bdaf03a1f2f429
@@ -8454,7 +8674,7 @@ CVE-2024-24041 (A stored cross-site scripting (XSS)
vulnerability in Travel Jour
NOT-FOR-US: Travel Journal Using PHP and MySQL
CVE-2024-23978 (Heap-based buffer overflow vulnerability exists in HOME SPOT
CUBE2 V10 ...)
NOT-FOR-US: HOME SPOT CUBE2
-CVE-2024-23746 (Miro Desktop 0.8.18 on macOS allows Electron code injection.)
+CVE-2024-23746 (Miro Desktop 0.8.18 on macOS allows code injection via a
complex serie ...)
NOT-FOR-US: Miro Desktop
CVE-2024-23052 (An issue in WuKongOpenSource WukongCRM v.72crm_9.0.1_20191202
allows a ...)
NOT-FOR-US: WuKongOpenSource WukongCRM
@@ -299330,6 +299550,7 @@ CVE-2020-5498
CVE-2020-5497 (The OpenID Connect reference implementation for MITREid Connect
throug ...)
NOT-FOR-US: MITREid Connect
CVE-2020-5496 (FontForge 20190801 has a heap-based buffer overflow in the
Type2NotDef ...)
+ {DLA-3754-1}
- fontforge 1:20201107~dfsg-1 (bug #948231)
[stretch] - fontforge <no-dsa> (Minor issue)
[jessie] - fontforge <no-dsa> (Minor issue)
@@ -299547,6 +299768,7 @@ CVE-2020-5397 (Spring Framework, versions 5.2.x prior
to 5.2.3 are vulnerable to
CVE-2020-5396 (VMware GemFire versions prior to 9.10.0, 9.9.2, 9.8.7, and
9.7.6, and ...)
NOT-FOR-US: VMware
CVE-2020-5395 (FontForge 20190801 has a use-after-free in SFD_GetFontMetaData
in sfd. ...)
+ {DLA-3754-1}
- fontforge 1:20201107~dfsg-1 (bug #948231)
[stretch] - fontforge <no-dsa> (Minor issue)
[jessie] - fontforge <no-dsa> (Minor issue)
@@ -353306,8 +353528,8 @@ CVE-2019-6270
RESERVED
CVE-2019-6269
RESERVED
-CVE-2019-6268
- RESERVED
+CVE-2019-6268 (RAD SecFlow-2 devices with Hardware 0202, Firmware 4.1.01.63,
and U-Bo ...)
+ TODO: check
CVE-2019-6267 (The Premium WP Suite Easy Redirect Manager plugin 28.07-17 for
WordPre ...)
NOT-FOR-US: Premium WP Suite Easy Redirect Manager plugin for WordPress
CVE-2019-6266 (Cordaware bestinformed Microsoft Windows client before 6.2.1.0
is affe ...)
View it on GitLab:
https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/79b2658e6301c44d8647cc799aae765a18fa648c
--
View it on GitLab:
https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/79b2658e6301c44d8647cc799aae765a18fa648c
You're receiving this email because of your account on salsa.debian.org.
_______________________________________________
debian-security-tracker-commits mailing list
[email protected]
https://alioth-lists.debian.net/cgi-bin/mailman/listinfo/debian-security-tracker-commits
