Salvatore Bonaccorso pushed to branch master at Debian Security Tracker /
security-tracker
Commits:
bfa62c8e by security tracker role at 2024-03-26T20:12:19+00:00
automatic update
- - - - -
1 changed file:
- data/CVE/list
Changes:
=====================================
data/CVE/list
=====================================
@@ -1,3 +1,175 @@
+CVE-2024-30235 (Missing Authorization vulnerability in Themeisle Multiple Page
Generat ...)
+ TODO: check
+CVE-2024-30234 (Missing Authorization vulnerability in Wholesale Team
WholesaleX.This ...)
+ TODO: check
+CVE-2024-30233 (Exposure of Sensitive Information to an Unauthorized Actor
vulnerabili ...)
+ TODO: check
+CVE-2024-30232 (Improper Neutralization of Input During Web Page Generation
('Cross-si ...)
+ TODO: check
+CVE-2024-30231 (Unrestricted Upload of File with Dangerous Type vulnerability
in WebTo ...)
+ TODO: check
+CVE-2024-2955 (T.38 dissector crash in Wireshark 4.2.0 to 4.0.3 and 4.0.0 to
4.0.13 a ...)
+ TODO: check
+CVE-2024-2951 (Cross-Site Request Forgery (CSRF) vulnerability in Metagauss
Registrat ...)
+ TODO: check
+CVE-2024-2929 (A memory corruption vulnerability in Rockwell Automation Arena
Simulat ...)
+ TODO: check
+CVE-2024-2921 (Improper access control in PAM vault permissions in Devolutions
Server ...)
+ TODO: check
+CVE-2024-2915 (Improper access control in PAM JIT elevation in Devolutions
Server 202 ...)
+ TODO: check
+CVE-2024-2906 (Missing Authorization vulnerability in SoftLab Radio
Player.This issue ...)
+ TODO: check
+CVE-2024-2904 (Cross-Site Request Forgery (CSRF) vulnerability in Extend
Themes Calli ...)
+ TODO: check
+CVE-2024-2902 (A vulnerability was found in Tenda AC7 15.03.06.44 and
classified as c ...)
+ TODO: check
+CVE-2024-2901 (A vulnerability has been found in Tenda AC7 15.03.06.44 and
classified ...)
+ TODO: check
+CVE-2024-2900 (A vulnerability, which was classified as critical, was found in
Tenda ...)
+ TODO: check
+CVE-2024-2899 (A vulnerability, which was classified as critical, has been
found in T ...)
+ TODO: check
+CVE-2024-2898 (A vulnerability classified as critical was found in Tenda AC7
15.03.06 ...)
+ TODO: check
+CVE-2024-2897 (A vulnerability classified as critical has been found in Tenda
AC7 15. ...)
+ TODO: check
+CVE-2024-2896 (A vulnerability was found in Tenda AC7 15.03.06.44. It has been
rated ...)
+ TODO: check
+CVE-2024-2895 (A vulnerability was found in Tenda AC7 15.03.06.44. It has been
declar ...)
+ TODO: check
+CVE-2024-2894 (A vulnerability was found in Tenda AC7 15.03.06.44. It has been
classi ...)
+ TODO: check
+CVE-2024-2893 (A vulnerability was found in Tenda AC7 15.03.06.44 and
classified as c ...)
+ TODO: check
+CVE-2024-2892 (A vulnerability has been found in Tenda AC7 15.03.06.44 and
classified ...)
+ TODO: check
+CVE-2024-2891 (A vulnerability, which was classified as critical, was found in
Tenda ...)
+ TODO: check
+CVE-2024-2802
+ REJECTED
+CVE-2024-2452 (In Eclipse ThreadX NetX Duo before 6.4.0, if an attacker can
control ...)
+ TODO: check
+CVE-2024-2214 (In Eclipse ThreadX before version 6.4.0, the _Mtxinit()
function in th ...)
+ TODO: check
+CVE-2024-2212 (In Eclipse ThreadX before 6.4.0, xQueueCreate() and
xQueueCreateSet() ...)
+ TODO: check
+CVE-2024-29883 (CreateWiki is Miraheze's MediaWiki extension for requesting &
creating ...)
+ TODO: check
+CVE-2024-29881 (TinyMCE is an open source rich text editor. A cross-site
scripting (X ...)
+ TODO: check
+CVE-2024-29833 (The image upload component allows SVG files and the regular
expression ...)
+ TODO: check
+CVE-2024-29832 (The current_url parameter of the AJAX call to the GalleryBox
action of ...)
+ TODO: check
+CVE-2024-29810 (The thumb_url parameter of the AJAX call to the editimage_bwg
action o ...)
+ TODO: check
+CVE-2024-29809 (The image_url parameter of the AJAX call to the editimage_bwg
action o ...)
+ TODO: check
+CVE-2024-29808 (The image_id parameter of the AJAX call to the editimage_bwg
action of ...)
+ TODO: check
+CVE-2024-29684 (DedeCMS v5.7 was discovered to contain a Cross-Site Request
Forgery (C ...)
+ TODO: check
+CVE-2024-29644 (Cross Site Scripting vulnerability in dcat-admin v.2.1.3 and
before al ...)
+ TODO: check
+CVE-2024-29401 (xzs-mysql 3.8 is vulnerable to Insufficient Session
Expiration, which ...)
+ TODO: check
+CVE-2024-29203 (TinyMCE is an open source rich text editor. Across-site
scripting (XSS ...)
+ TODO: check
+CVE-2024-29197 (Pimcore is an Open Source Data & Experience Management
Platform. Any c ...)
+ TODO: check
+CVE-2024-28442 (Directory Traversal vulnerability in Yealink VP59
v.91.15.0.118 allows ...)
+ TODO: check
+CVE-2024-28131 (EasyRange Ver 1.41 contains an issue with the executable file
search p ...)
+ TODO: check
+CVE-2024-28126 (Cross-site scripting vulnerability exists in 0ch BBS Script
ver.4.00. ...)
+ TODO: check
+CVE-2024-28093 (The TELNET service of AdTran NetVanta 3120 18.01.01.00.E
devices is en ...)
+ TODO: check
+CVE-2024-28048 (OS command injection vulnerability exists in ffBull ver.4.11,
which ma ...)
+ TODO: check
+CVE-2024-28034 (Cross-site scripting vulnerability exists in Mini Thread
Version 3.33\ ...)
+ TODO: check
+CVE-2024-28033 (OS command injection vulnerability exists in WebProxy 1.7.8
and 1.7.9, ...)
+ TODO: check
+CVE-2024-26018 (Cross-site scripting vulnerability exists in TvRock 0.9t8a. An
arbitra ...)
+ TODO: check
+CVE-2024-25958 (Dell Grab for Windows, versions up to and including 5.0.4,
contain Wea ...)
+ TODO: check
+CVE-2024-25957 (Dell Grab for Windows, versions 5.0.4 and below, contains a
cleartext ...)
+ TODO: check
+CVE-2024-25956 (Dell Grab for Windows, versions 5.0.4 and below, contains an
improper ...)
+ TODO: check
+CVE-2024-24805 (Missing Authorization vulnerability in Deepak anand WP Dummy
Content G ...)
+ TODO: check
+CVE-2024-24799 (Missing Authorization vulnerability in WooCommerce WooCommerce
Box Off ...)
+ TODO: check
+CVE-2024-24719 (Missing Authorization vulnerability in Uriahs Victor Location
Picker a ...)
+ TODO: check
+CVE-2024-24718 (Missing Authorization vulnerability in PropertyHive.This issue
affects ...)
+ TODO: check
+CVE-2024-24711 (Missing Authorization vulnerability in weDevs WooCommerce
Conversion T ...)
+ TODO: check
+CVE-2024-23722 (In Fluent Bit 2.1.8 through 2.2.1, a NULL pointer dereference
can be c ...)
+ TODO: check
+CVE-2024-23520 (Missing Authorization vulnerability in AccessAlly
PopupAlly.This issue ...)
+ TODO: check
+CVE-2024-23482 (The ZScaler service is susceptible to a local privilege
escalation vul ...)
+ TODO: check
+CVE-2024-22436 (A security vulnerability in HPE IceWall Agent products could
be exploi ...)
+ TODO: check
+CVE-2024-22356 (IBM App Connect Enterprise 11.0.0.1 through 11.0.0.23,
12.0.1.0 throug ...)
+ TODO: check
+CVE-2024-22156 (Missing Authorization vulnerability in SNP Digital
SalesKing.This issu ...)
+ TODO: check
+CVE-2024-21920 (A memory buffer vulnerability in Rockwell Automation Arena
Simulation ...)
+ TODO: check
+CVE-2024-21919 (An uninitialized pointer in Rockwell Automation Arena
Simulation softw ...)
+ TODO: check
+CVE-2024-21918 (A memory buffer vulnerability in Rockwell Automation Arena
Simulation ...)
+ TODO: check
+CVE-2024-21913 (A heap-based memory buffer overflow vulnerability in Rockwell
Automati ...)
+ TODO: check
+CVE-2024-21912 (An arbitrary code execution vulnerability in Rockwell
Automation Arena ...)
+ TODO: check
+CVE-2024-1933 (Insecure UNIX Symbolic Link (Symlink) Following in TeamViewer
Remote C ...)
+ TODO: check
+CVE-2024-1455 (The XMLOutputParser in LangChain uses the etree module from the
XML pa ...)
+ TODO: check
+CVE-2024-1313 (It is possible for a user in a different organization from the
owner o ...)
+ TODO: check
+CVE-2023-7251 (Improper Neutralization of Input During Web Page Generation
('Cross-si ...)
+ TODO: check
+CVE-2023-6091 (Unrestricted Upload of File with Dangerous Type vulnerability
in mndps ...)
+ TODO: check
+CVE-2023-52214 (Missing Authorization vulnerability in voidCoders Void Contact
Form 7 ...)
+ TODO: check
+CVE-2023-50895 (In Janitza GridVis through 9.0.66, exposed dangerous methods
in the de ...)
+ TODO: check
+CVE-2023-50894 (In Janitza GridVis through 9.0.66, use of hard-coded
credentials in th ...)
+ TODO: check
+CVE-2023-49838 (Cross-Site Request Forgery (CSRF) vulnerability in KlbTheme
Clotya the ...)
+ TODO: check
+CVE-2023-47150 (IBM Common Cryptographic Architecture (CCA) 7.0.0 through
7.5.36 could ...)
+ TODO: check
+CVE-2023-45771 (Improper Neutralization of Input During Web Page Generation
('Cross-si ...)
+ TODO: check
+CVE-2023-44989 (Insertion of Sensitive Information into Log File vulnerability
in GShe ...)
+ TODO: check
+CVE-2023-41973 (ZSATray passes the previousInstallerName as a config parameter
to Tray ...)
+ TODO: check
+CVE-2023-41972 (In some rare cases, there is a password type validation
missing in Rev ...)
+ TODO: check
+CVE-2023-41969 (An arbitrary file deletion in ZSATrayManager where it protects
the tem ...)
+ TODO: check
+CVE-2023-41696
+ REJECTED
+CVE-2023-33855 (Under certain conditions, RSA operations performed by IBM
Common Crypt ...)
+ TODO: check
+CVE-2023-33322 (Improper Neutralization of Input During Web Page Generation
('Cross-si ...)
+ TODO: check
+CVE-2023-32237 (Improper Neutralization of Input During Web Page Generation
('Cross-si ...)
+ TODO: check
CVE-2024-2887
- chromium <unfixed>
[bullseye] - chromium <end-of-life> (see #1061268)
@@ -14,63 +186,63 @@ CVE-2024-2883
- chromium <unfixed>
[bullseye] - chromium <end-of-life> (see #1061268)
[buster] - chromium <end-of-life> (see DSA 5046)
-CVE-2024-26650 [platform/x86: p2sb: Allow p2sb_bar() calls during PCI device
probe]
+CVE-2024-26650 (In the Linux kernel, the following vulnerability has been
resolved: p ...)
- linux 6.6.15-1
[bookworm] - linux 6.1.76-1
[bullseye] - linux <not-affected> (Vulnerable code not present)
[buster] - linux <not-affected> (Vulnerable code not present)
NOTE:
https://git.kernel.org/linus/5913320eb0b3ec88158cfcb0fa5e996bf4ef681b (6.8-rc2)
-CVE-2024-26649 [drm/amdgpu: Fix the null pointer when load rlc firmware]
+CVE-2024-26649 (In the Linux kernel, the following vulnerability has been
resolved: d ...)
- linux 6.6.15-1
[bookworm] - linux <not-affected> (Vulnerable code not present)
[bullseye] - linux <not-affected> (Vulnerable code not present)
[buster] - linux <not-affected> (Vulnerable code not present)
NOTE:
https://git.kernel.org/linus/bc03c02cc1991a066b23e69bbcc0f66e8f1f7453 (6.8-rc1)
-CVE-2024-26648 [drm/amd/display: Fix variable deferencing before NULL check in
edp_setup_replay()]
+CVE-2024-26648 (In the Linux kernel, the following vulnerability has been
resolved: d ...)
- linux 6.6.15-1
NOTE:
https://git.kernel.org/linus/7073934f5d73f8b53308963cee36f0d389ea857c (6.8-rc1)
-CVE-2024-26647 [drm/amd/display: Fix late derefrence 'dsc' check in
'link_set_dsc_pps_packet()']
+CVE-2024-26647 (In the Linux kernel, the following vulnerability has been
resolved: d ...)
- linux 6.6.15-1
NOTE:
https://git.kernel.org/linus/3bb9b1f958c3d986ed90a3ff009f1e77e9553207 (6.8-rc1)
-CVE-2024-26646 [thermal: intel: hfi: Add syscore callbacks for system-wide PM]
+CVE-2024-26646 (In the Linux kernel, the following vulnerability has been
resolved: t ...)
- linux 6.6.15-1
[bookworm] - linux 6.1.76-1
NOTE:
https://git.kernel.org/linus/97566d09fd02d2ab329774bb89a2cdf2267e86d9 (6.8-rc1)
-CVE-2024-26645 [tracing: Ensure visibility when inserting an element into
tracing_map]
+CVE-2024-26645 (In the Linux kernel, the following vulnerability has been
resolved: t ...)
- linux 6.6.15-1
[bookworm] - linux 6.1.76-1
NOTE:
https://git.kernel.org/linus/2b44760609e9eaafc9d234a6883d042fc21132a7 (6.8-rc2)
-CVE-2024-26644 [btrfs: don't abort filesystem when attempting to snapshot
deleted subvolume]
+CVE-2024-26644 (In the Linux kernel, the following vulnerability has been
resolved: b ...)
- linux 6.6.15-1
[bookworm] - linux 6.1.76-1
NOTE:
https://git.kernel.org/linus/7081929ab2572920e94d70be3d332e5c9f97095a (6.8-rc2)
-CVE-2023-52627 [iio: adc: ad7091r: Allow users to configure device events]
+CVE-2023-52627 (In the Linux kernel, the following vulnerability has been
resolved: i ...)
- linux 6.6.15-1
[bookworm] - linux 6.1.76-1
[buster] - linux <not-affected> (Vulnerable code not present)
NOTE:
https://git.kernel.org/linus/020e71c7ffc25dfe29ed9be6c2d39af7bd7f661f (6.8-rc1)
-CVE-2023-52626 [net/mlx5e: Fix operation precedence bug in port timestamping
napi_poll context]
+CVE-2023-52626 (In the Linux kernel, the following vulnerability has been
resolved: n ...)
- linux 6.6.15-1
[bookworm] - linux <not-affected> (Vulnerable code not present)
[bullseye] - linux <not-affected> (Vulnerable code not present)
[buster] - linux <not-affected> (Vulnerable code not present)
NOTE:
https://git.kernel.org/linus/3876638b2c7ebb2c9d181de1191db0de8cac143a (6.8-rc2)
-CVE-2023-52625 [drm/amd/display: Refactor DMCUB enter/exit idle interface]
+CVE-2023-52625 (In the Linux kernel, the following vulnerability has been
resolved: d ...)
- linux 6.7.7-1
NOTE:
https://git.kernel.org/linus/8e57c06bf4b0f51a4d6958e15e1a99c9520d00fa (6.8-rc1)
-CVE-2023-52624 [drm/amd/display: Wake DMCUB before executing GPINT commands]
+CVE-2023-52624 (In the Linux kernel, the following vulnerability has been
resolved: d ...)
- linux 6.7.7-1
NOTE:
https://git.kernel.org/linus/e5ffd1263dd5b44929c676171802e7b6af483f21 (6.8-rc1)
-CVE-2023-52623 [SUNRPC: Fix a suspicious RCU usage warning]
+CVE-2023-52623 (In the Linux kernel, the following vulnerability has been
resolved: S ...)
- linux 6.7.7-1
NOTE:
https://git.kernel.org/linus/31b62908693c90d4d07db597e685d9f25a120073 (6.8-rc1)
-CVE-2023-52622 [ext4: avoid online resizing failures due to oversized flex bg]
+CVE-2023-52622 (In the Linux kernel, the following vulnerability has been
resolved: e ...)
- linux 6.7.7-1
NOTE:
https://git.kernel.org/linus/5d1935ac02ca5aee364a449a35e2977ea84509b0 (6.8-rc1)
-CVE-2023-52621 [bpf: Check rcu_read_lock_trace_held() before calling bpf map
helpers]
+CVE-2023-52621 (In the Linux kernel, the following vulnerability has been
resolved: b ...)
- linux 6.7.7-1
NOTE:
https://git.kernel.org/linus/169410eba271afc9f0fb476d996795aa26770c6d (6.8-rc1)
-CVE-2024-29735
+CVE-2024-29735 (Improper Preservation of Permissions vulnerability in Apache
Airflow.T ...)
- airflow <itp> (bug #819700)
CVE-2024-2889 (Improper Neutralization of Input During Web Page Generation
('Cross-si ...)
NOT-FOR-US: WordPress plugin
@@ -2649,7 +2821,7 @@ CVE-2024-28354 (There is a command injection
vulnerability in the TRENDnet TEW-8
NOT-FOR-US: TRENDnet
CVE-2024-28353 (There is a command injection vulnerability in the TRENDnet
TEW-827DRU ...)
NOT-FOR-US: TRENDnet
-CVE-2024-27756 (An issue in GLPI v.10.0.12 and before allows a remote attacker
to exec ...)
+CVE-2024-27756 (GLPI through 10.0.12 allows CSV injection by an attacker who
is able t ...)
- glpi <removed>
NOTE:
https://medium.com/%40cristiansindile/formula-injection-in-glpi-cve-2024-27756-3649c7cca092
CVE-2024-26540 (A heap-based buffer overflow in Clmg before 3.3.3 can occur
via a craf ...)
@@ -4225,7 +4397,8 @@ CVE-2024-23254 (The issue was addressed with improved UI
handling. This issue is
NOT-FOR-US: Apple
CVE-2024-23253 (A permissions issue was addressed with additional
restrictions. This i ...)
NOT-FOR-US: Apple
-CVE-2024-23252 (The issue was addressed with improved memory handling. This
issue is f ...)
+CVE-2024-23252
+ REJECTED
NOT-FOR-US: Apple
CVE-2024-23250 (An access issue was addressed with improved access
restrictions. This ...)
NOT-FOR-US: Apple
@@ -66126,8 +66299,8 @@ CVE-2023-27632 (Cross-Site Request Forgery (CSRF)
vulnerability in mmrs151 Daily
NOT-FOR-US: WordPress plugin
CVE-2023-27631 (Auth. (contributor+) Stored Cross-Site Scripting (XSS)
vulnerability i ...)
NOT-FOR-US: WordPress plugin
-CVE-2023-27630
- RESERVED
+CVE-2023-27630 (Exposure of Sensitive Information to an Unauthorized Actor
vulnerabili ...)
+ TODO: check
CVE-2023-27629 (Auth. (contributor+) Stored Cross-Site Scripting (XSS)
vulnerability i ...)
NOT-FOR-US: WordPress plugin
CVE-2023-27628 (Auth. (contributor+) Stored Cross-Site Scripting (XSS)
vulnerability i ...)
@@ -66710,8 +66883,8 @@ CVE-2023-27461 (Cross-Site Request Forgery (CSRF)
vulnerability in Yoohoo Plugin
NOT-FOR-US: WordPress plugin
CVE-2023-27460
RESERVED
-CVE-2023-27459
- RESERVED
+CVE-2023-27459 (Deserialization of Untrusted Data vulnerability in WPEverest
User Regi ...)
+ TODO: check
CVE-2023-27458 (Cross-Site Request Forgery (CSRF) vulnerability in wpstream
WpStream p ...)
NOT-FOR-US: WordPress plugin
CVE-2023-27457 (Cross-Site Request Forgery (CSRF) vulnerability in Passionate
Brains A ...)
@@ -66748,8 +66921,8 @@ CVE-2023-27442 (Cross-Site Request Forgery (CSRF)
vulnerability in Teplitsa of s
NOT-FOR-US: WordPress plugin
CVE-2023-27441 (Cross-Site Request Forgery (CSRF) vulnerability in gl_SPICE
New Adman ...)
NOT-FOR-US: WordPress plugin
-CVE-2023-27440
- RESERVED
+CVE-2023-27440 (Unrestricted Upload of File with Dangerous Type vulnerability
in OnThe ...)
+ TODO: check
CVE-2023-27439 (Auth. (admin+) Stored Cross-Site Scripting (XSS) vulnerability
in gl_S ...)
NOT-FOR-US: WordPress plugin
CVE-2023-27438 (Cross-Site Request Forgery (CSRF) vulnerability in Evgen
Yurchenko WP ...)
@@ -70708,8 +70881,8 @@ CVE-2023-25967 (Cross-Site Request Forgery (CSRF)
vulnerability in PeepSo Commun
NOT-FOR-US: WordPress plugin
CVE-2023-25966
RESERVED
-CVE-2023-25965
- RESERVED
+CVE-2023-25965 (Exposure of Sensitive Information to an Unauthorized Actor
vulnerabili ...)
+ TODO: check
CVE-2023-25964 (Auth. (admin+) Stored Cross-Site Scripting (XSS) vulnerability
in Noah ...)
NOT-FOR-US: WordPress plugin
CVE-2023-25963 (Auth. (admin+) Stored Cross-Site Scripting (XSS) vulnerability
in Joom ...)
@@ -76796,8 +76969,8 @@ CVE-2023-23993 (Cross-Site Request Forgery (CSRF)
vulnerability in LionScripts.C
NOT-FOR-US: WordPress plugin
CVE-2023-23992 (Cross-Site Request Forgery (CSRF) vulnerability in AutomatorWP
plugin ...)
NOT-FOR-US: WordPress plugin
-CVE-2023-23991
- RESERVED
+CVE-2023-23991 (Improper Neutralization of Special Elements used in an SQL
Command ('S ...)
+ TODO: check
CVE-2023-23990
RESERVED
CVE-2023-23989
@@ -77837,8 +78010,8 @@ CVE-2023-23658
RESERVED
CVE-2023-23657 (Auth. (contributor+) Stored Cross-Site Scripting (XSS)
vulnerability i ...)
NOT-FOR-US: WordPress plugin
-CVE-2023-23656
- RESERVED
+CVE-2023-23656 (Unrestricted Upload of File with Dangerous Type vulnerability
in MainW ...)
+ TODO: check
CVE-2023-23655
RESERVED
CVE-2023-23654 (Auth. (admin+) Stored Cross-Site Scripting (XSS) vulnerability
in Spar ...)
@@ -193023,7 +193196,7 @@ CVE-2021-36761 (The GeoAnalytics feature in Qlik
Sense April 2020 patch 4 allows
CVE-2021-36760 (In accountrecoveryendpoint/recoverpassword.do in WSO2 Identity
Server ...)
NOT-FOR-US: WSO2
CVE-2021-36759
- RESERVED
+ REJECTED
CVE-2021-3651
REJECTED
CVE-2021-36758 (1Password Connect server before 1.2 is missing validation
checks, perm ...)
View it on GitLab:
https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/bfa62c8eeb13030cfdf86a7cb344c6e505462dcb
--
View it on GitLab:
https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/bfa62c8eeb13030cfdf86a7cb344c6e505462dcb
You're receiving this email because of your account on salsa.debian.org.
_______________________________________________
debian-security-tracker-commits mailing list
[email protected]
https://alioth-lists.debian.net/cgi-bin/mailman/listinfo/debian-security-tracker-commits
