Salvatore Bonaccorso pushed to branch master at Debian Security Tracker /
security-tracker
Commits:
07d5002e by Salvatore Bonaccorso at 2024-03-27T21:34:55+01:00
Process several NFUs
- - - - -
1 changed file:
- data/CVE/list
Changes:
=====================================
data/CVE/list
=====================================
@@ -1,195 +1,195 @@
CVE-2024-30238 (Improper Neutralization of Special Elements used in an SQL
Command ('S ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin
CVE-2024-30186 (Improper Neutralization of Input During Web Page Generation
('Cross-si ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin
CVE-2024-30185 (Improper Neutralization of Input During Web Page Generation
('Cross-si ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin
CVE-2024-30184 (Improper Neutralization of Input During Web Page Generation
('Cross-si ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin
CVE-2024-30183 (Improper Neutralization of Input During Web Page Generation
('Cross-si ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin
CVE-2024-30182 (Improper Neutralization of Input During Web Page Generation
('Cross-si ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin
CVE-2024-30181 (Improper Neutralization of Input During Web Page Generation
('Cross-si ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin
CVE-2024-30180 (Improper Neutralization of Input During Web Page Generation
('Cross-si ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin
CVE-2024-30179 (Improper Neutralization of Input During Web Page Generation
('Cross-si ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin
CVE-2024-30178 (Improper Neutralization of Input During Web Page Generation
('Cross-si ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin
CVE-2024-30177 (Improper Neutralization of Input During Web Page Generation
('Cross-si ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin
CVE-2024-2996 (A vulnerability was found in Bdtask Multi-Store Inventory
Management S ...)
- TODO: check
+ NOT-FOR-US: Bdtask Multi-Store Inventory Management System
CVE-2024-2995 (A vulnerability was found in NUUO Camera up to 20240319 and
classified ...)
- TODO: check
+ NOT-FOR-US: NUUO Camera
CVE-2024-2994 (A vulnerability was found in Tenda FH1203 2.0.1.6. It has been
declare ...)
- TODO: check
+ NOT-FOR-US: Tenda
CVE-2024-2993 (A vulnerability was found in Tenda FH1203 2.0.1.6. It has been
classif ...)
- TODO: check
+ NOT-FOR-US: Tenda
CVE-2024-2992 (A vulnerability was found in Tenda FH1203 2.0.1.6 and
classified as cr ...)
- TODO: check
+ NOT-FOR-US: Tenda
CVE-2024-2991 (A vulnerability has been found in Tenda FH1203 2.0.1.6 and
classified ...)
- TODO: check
+ NOT-FOR-US: Tenda
CVE-2024-2990 (A vulnerability, which was classified as critical, was found in
Tenda ...)
- TODO: check
+ NOT-FOR-US: Tenda
CVE-2024-2989 (A vulnerability, which was classified as critical, has been
found in T ...)
- TODO: check
+ NOT-FOR-US: Tenda
CVE-2024-2988 (A vulnerability classified as critical was found in Tenda
FH1203 2.0.1 ...)
- TODO: check
+ NOT-FOR-US: Tenda
CVE-2024-2987 (A vulnerability classified as critical has been found in Tenda
FH1202 ...)
- TODO: check
+ NOT-FOR-US: Tenda
CVE-2024-2986 (A vulnerability was found in Tenda FH1202 1.2.0.14(408). It has
been r ...)
- TODO: check
+ NOT-FOR-US: Tenda
CVE-2024-2985 (A vulnerability was found in Tenda FH1202 1.2.0.14(408). It has
been d ...)
- TODO: check
+ NOT-FOR-US: Tenda
CVE-2024-2984 (A vulnerability was found in Tenda FH1202 1.2.0.14(408). It has
been c ...)
- TODO: check
+ NOT-FOR-US: Tenda
CVE-2024-2983 (A vulnerability was found in Tenda FH1202 1.2.0.14(408) and
classified ...)
- TODO: check
+ NOT-FOR-US: Tenda
CVE-2024-2982 (A vulnerability has been found in Tenda FH1202 1.2.0.14(408)
and class ...)
- TODO: check
+ NOT-FOR-US: Tenda
CVE-2024-2981 (A vulnerability, which was classified as critical, was found in
Tenda ...)
- TODO: check
+ NOT-FOR-US: Tenda
CVE-2024-2980 (A vulnerability, which was classified as critical, has been
found in T ...)
- TODO: check
+ NOT-FOR-US: Tenda
CVE-2024-2979 (A vulnerability classified as critical was found in Tenda F1203
2.0.1. ...)
- TODO: check
+ NOT-FOR-US: Tenda
CVE-2024-2978 (A vulnerability classified as critical has been found in Tenda
F1203 2 ...)
- TODO: check
+ NOT-FOR-US: Tenda
CVE-2024-2977 (A vulnerability was found in Tenda F1203 2.0.1.6. It has been
rated as ...)
- TODO: check
+ NOT-FOR-US: Tenda
CVE-2024-2976 (A vulnerability was found in Tenda F1203 2.0.1.6. It has been
declared ...)
- TODO: check
+ NOT-FOR-US: Tenda
CVE-2024-2962 (The Networker - Tech News WordPress Theme with Dark Mode theme
for Wor ...)
- TODO: check
+ NOT-FOR-US: WordPress theme
CVE-2024-29946 (In Splunk Enterprise versions below 9.2.1, 9.1.4, and 9.0.9,
the Dashb ...)
- TODO: check
+ NOT-FOR-US: Splunk
CVE-2024-29945 (In Splunk Enterprise versions below 9.2.1, 9.1.4, and 9.0.9,
the softw ...)
- TODO: check
+ NOT-FOR-US: Splunk
CVE-2024-29936 (Improper Neutralization of Input During Web Page Generation
('Cross-si ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin
CVE-2024-29935 (Improper Neutralization of Input During Web Page Generation
('Cross-si ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin
CVE-2024-29934 (Improper Neutralization of Input During Web Page Generation
('Cross-si ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin
CVE-2024-29933 (Improper Neutralization of Input During Web Page Generation
('Cross-si ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin
CVE-2024-29932 (Improper Neutralization of Input During Web Page Generation
('Cross-si ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin
CVE-2024-29931 (Improper Neutralization of Input During Web Page Generation
('Cross-si ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin
CVE-2024-29930 (Improper Neutralization of Input During Web Page Generation
('Cross-si ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin
CVE-2024-29929 (Improper Neutralization of Input During Web Page Generation
('Cross-si ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin
CVE-2024-29892 (ZITADEL, open source authentication management software, uses
Go templ ...)
- TODO: check
+ NOT-FOR-US: Zitadel
CVE-2024-29891 (ZITADEL users can upload their own avatar image and various
image type ...)
- TODO: check
+ NOT-FOR-US: Zitadel
CVE-2024-29888 (Saleor is an e-commerce platform that serves high-volume
companies. Wh ...)
- TODO: check
+ NOT-FOR-US: Saleor
CVE-2024-29887 (Serverpod is an app and web server, built for the Flutter and
Dart eco ...)
TODO: check
CVE-2024-29886 (Serverpod is an app and web server, built for the Flutter and
Dart eco ...)
TODO: check
CVE-2024-29819 (Improper Neutralization of Input During Web Page Generation
('Cross-si ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin
CVE-2024-29818 (Improper Neutralization of Input During Web Page Generation
('Cross-si ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin
CVE-2024-29817 (Improper Neutralization of Input During Web Page Generation
('Cross-si ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin
CVE-2024-29816 (Improper Neutralization of Input During Web Page Generation
('Cross-si ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin
CVE-2024-29815 (Improper Neutralization of Input During Web Page Generation
('Cross-si ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin
CVE-2024-29814 (Improper Neutralization of Input During Web Page Generation
('Cross-si ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin
CVE-2024-29813 (Improper Neutralization of Input During Web Page Generation
('Cross-si ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin
CVE-2024-29812 (Improper Neutralization of Input During Web Page Generation
('Cross-si ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin
CVE-2024-29811 (Improper Neutralization of Input During Web Page Generation
('Cross-si ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin
CVE-2024-29807 (Improper Neutralization of Input During Web Page Generation
('Cross-si ...)
- TODO: check
+ NOT-FOR-US: DearHive DearFlip
CVE-2024-29806 (Improper Neutralization of Input During Web Page Generation
('Cross-si ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin
CVE-2024-29805 (Improper Neutralization of Input During Web Page Generation
('Cross-si ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin
CVE-2024-29804 (Improper Neutralization of Input During Web Page Generation
('Cross-si ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin
CVE-2024-29803 (Improper Neutralization of Input During Web Page Generation
('Cross-si ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin
CVE-2024-29802 (Improper Neutralization of Input During Web Page Generation
('Cross-si ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin
CVE-2024-29801 (Improper Neutralization of Input During Web Page Generation
('Cross-si ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin
CVE-2024-29799 (Improper Neutralization of Input During Web Page Generation
('Cross-si ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin
CVE-2024-29798 (Improper Neutralization of Input During Web Page Generation
('Cross-si ...)
- TODO: check
+ NOT-FOR-US: ppsmav Gratisfaction
CVE-2024-29797 (Improper Neutralization of Input During Web Page Generation
('Cross-si ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin
CVE-2024-29796 (Improper Neutralization of Input During Web Page Generation
('Cross-si ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin
CVE-2024-29795 (Improper Neutralization of Input During Web Page Generation
('Cross-si ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin
CVE-2024-29794 (Improper Neutralization of Input During Web Page Generation
('Cross-si ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin
CVE-2024-29793 (Improper Neutralization of Input During Web Page Generation
('Cross-si ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin
CVE-2024-29792 (Improper Neutralization of Input During Web Page Generation
('Cross-si ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin
CVE-2024-29791 (Improper Neutralization of Input During Web Page Generation
('Cross-si ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin
CVE-2024-29790 (Improper Neutralization of Input During Web Page Generation
('Cross-si ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin
CVE-2024-29789 (Improper Neutralization of Input During Web Page Generation
('Cross-si ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin
CVE-2024-29788 (Improper Neutralization of Input During Web Page Generation
('Cross-si ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin
CVE-2024-29777 (Improper Neutralization of Input During Web Page Generation
('Cross-si ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin
CVE-2024-29776 (Cross Site Scripting (XSS) vulnerability in Metagauss
EventPrime.This ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin
CVE-2024-29775 (Improper Neutralization of Input During Web Page Generation
('Cross-si ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin
CVE-2024-29774 (Improper Neutralization of Input During Web Page Generation
('Cross-si ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin
CVE-2024-29773 (Cross-Site Request Forgery (CSRF) vulnerability in BizSwoop a
CPF Conc ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin
CVE-2024-29772 (Improper Neutralization of Input During Web Page Generation
('Cross-si ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin
CVE-2024-29771 (Improper Neutralization of Input During Web Page Generation
('Cross-si ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin
CVE-2024-29770 (Improper Neutralization of Input During Web Page Generation
('Cross-si ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin
CVE-2024-29769 (Improper Neutralization of Input During Web Page Generation
('Cross-si ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin
CVE-2024-29768 (Improper Neutralization of Input During Web Page Generation
('Cross-si ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin
CVE-2024-29767 (Improper Neutralization of Input During Web Page Generation
('Cross-si ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin
CVE-2024-29766 (Improper Neutralization of Input During Web Page Generation
('Cross-si ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin
CVE-2024-29765 (Improper Neutralization of Input During Web Page Generation
('Cross-si ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin
CVE-2024-29764 (Improper Neutralization of Input During Web Page Generation
('Cross-si ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin
CVE-2024-29763 (Improper Neutralization of Input During Web Page Generation
('Cross-si ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin
CVE-2024-29762 (Improper Neutralization of Input During Web Page Generation
('Cross-si ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin
CVE-2024-29761 (Improper Neutralization of Input During Web Page Generation
('Cross-si ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin
CVE-2024-29760 (Improper Neutralization of Input During Web Page Generation
('Cross-si ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin
CVE-2024-29759 (Improper Neutralization of Input During Web Page Generation
('Cross-si ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin
CVE-2024-29758 (Improper Neutralization of Input During Web Page Generation
('Cross-si ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin
CVE-2024-28860 (Cilium is a networking, observability, and security solution
with an e ...)
TODO: check
CVE-2024-28853 (Ampache is a web based audio/video streaming application and
file mana ...)
@@ -197,21 +197,21 @@ CVE-2024-28853 (Ampache is a web based audio/video
streaming application and fil
CVE-2024-28852 (Ampache is a web based audio/video streaming application and
file mana ...)
TODO: check
CVE-2024-28784 (IBM QRadar SIEM 7.5 is vulnerable to cross-site scripting.
This vulner ...)
- TODO: check
+ NOT-FOR-US: IBM
CVE-2024-28247 (The Pi-hole is a DNS sinkhole that protects your devices from
unwanted ...)
- TODO: check
+ NOT-FOR-US: Pi-Hole
CVE-2024-28233 (JupyterHub is an open source multi-user server for Jupyter
notebooks. ...)
TODO: check
CVE-2024-27270 (IBM WebSphere Application Server Liberty 23.0.0.3 through
24.0.0.3 is ...)
- TODO: check
+ NOT-FOR-US: IBM
CVE-2024-27091 (GeoNode is a geospatial content management system, a platform
for the ...)
TODO: check
CVE-2024-25962 (Dell InsightIQ, version 5.0, contains an improper access
control vulne ...)
- TODO: check
+ NOT-FOR-US: Dell
CVE-2024-23515 (Cross-Site Request Forgery (CSRF) vulnerability in Cincopa
Post Video ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin
CVE-2024-23510 (Cross-Site Request Forgery (CSRF) vulnerability in Martyn
Chamberlin D ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin
CVE-2024-23451 (Incorrect Authorization issue exists in the API key based
security mod ...)
TODO: check
CVE-2024-23450 (A flaw was discovered in Elasticsearch, where processing a
document in ...)
@@ -219,55 +219,55 @@ CVE-2024-23450 (A flaw was discovered in Elasticsearch,
where processing a docum
CVE-2024-22413
REJECTED
CVE-2024-20354 (A vulnerability in the handling of encrypted wireless frames
of Cisco ...)
- TODO: check
+ NOT-FOR-US: Cisco
CVE-2024-20333 (A vulnerability in the web-based management interface of Cisco
Catalys ...)
- TODO: check
+ NOT-FOR-US: Cisco
CVE-2024-20324 (A vulnerability in the CLI of Cisco IOS XE Software could
allow an aut ...)
- TODO: check
+ NOT-FOR-US: Cisco
CVE-2024-20316 (A vulnerability in the data model interface (DMI) services of
Cisco IO ...)
- TODO: check
+ NOT-FOR-US: Cisco
CVE-2024-20314 (A vulnerability in the IPv4 Software-Defined Access
(SD-Access) fabric ...)
- TODO: check
+ NOT-FOR-US: Cisco
CVE-2024-20312 (A vulnerability in the Intermediate System-to-Intermediate
System (IS- ...)
- TODO: check
+ NOT-FOR-US: Cisco
CVE-2024-20311 (A vulnerability in the Locator ID Separation Protocol (LISP)
feature o ...)
- TODO: check
+ NOT-FOR-US: Cisco
CVE-2024-20309 (A vulnerability in auxiliary asynchronous port (AUX) functions
of Cisc ...)
- TODO: check
+ NOT-FOR-US: Cisco
CVE-2024-20308 (A vulnerability in the IKEv1 fragmentation code of Cisco IOS
Software ...)
- TODO: check
+ NOT-FOR-US: Cisco
CVE-2024-20307 (A vulnerability in the IKEv1 fragmentation code of Cisco IOS
Software ...)
- TODO: check
+ NOT-FOR-US: Cisco
CVE-2024-20306 (A vulnerability in the Unified Threat Defense (UTD)
configuration CLI ...)
- TODO: check
+ NOT-FOR-US: Cisco
CVE-2024-20303 (A vulnerability in the multicast DNS (mDNS) gateway feature of
Cisco I ...)
- TODO: check
+ NOT-FOR-US: Cisco
CVE-2024-20278 (A vulnerability in the NETCONF feature of Cisco IOS XE
Software could ...)
- TODO: check
+ NOT-FOR-US: Cisco
CVE-2024-20276 (A vulnerability in Cisco IOS Software for Cisco Catalyst 6000
Series S ...)
- TODO: check
+ NOT-FOR-US: Cisco
CVE-2024-20271 (A vulnerability in the IP packet processing of Cisco Access
Point (AP) ...)
- TODO: check
+ NOT-FOR-US: Cisco
CVE-2024-20265 (A vulnerability in the boot process of Cisco Access Point (AP)
Softwar ...)
- TODO: check
+ NOT-FOR-US: Cisco
CVE-2024-20259 (A vulnerability in the DHCP snooping feature of Cisco IOS XE
Software ...)
- TODO: check
+ NOT-FOR-US: Cisco
CVE-2024-1540 (Previously, it was possible to exfiltrate secrets in Gradio's
CI, but ...)
TODO: check
CVE-2023-6400 (Incorrect Authorization vulnerability in OpenText\u2122
ZENworks Confi ...)
- TODO: check
+ NOT-FOR-US: OpenText
CVE-2023-6173 (Improper Neutralization of Special Elements used in an SQL
Command ('S ...)
- TODO: check
+ NOT-FOR-US: TeoSOFT Software TeoBASE
CVE-2023-6153 (Authentication Bypass by Primary Weakness vulnerability in
TeoSOFT Sof ...)
- TODO: check
+ NOT-FOR-US: TeoSOFT Software TeoBASE
CVE-2023-50961 (IBM QRadar SIEM 7.5 is vulnerable to stored cross-site
scripting. This ...)
- TODO: check
+ NOT-FOR-US: IBM
CVE-2023-44999 (Cross-Site Request Forgery (CSRF) vulnerability in WooCommerce
WooComm ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin
CVE-2023-39311 (Cross-Site Request Forgery (CSRF) vulnerability in ThemeFusion
Fusion ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin
CVE-2023-34020 (URL Redirection to Untrusted Site ('Open Redirect')
vulnerability in U ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin
CVE-2024-28085 (wall in util-linux through 2.40, often installed with setgid
tty permi ...)
- util-linux 2.39.3-11 (bug #1067849)
NOTE: https://www.openwall.com/lists/oss-security/2024/03/27/5
@@ -376,23 +376,23 @@ CVE-2024-2903 (A vulnerability was found in Tenda AC7
15.03.06.44. It has been c
CVE-2024-2781 (The Elementor Website Builder Pro plugin for WordPress is
vulnerable t ...)
NOT-FOR-US: WordPress plugin
CVE-2024-2244 (REST service authentication anomaly with \u201cvalid
username/no passw ...)
- TODO: check
+ NOT-FOR-US: Hitachi
CVE-2024-2210 (The The Plus Addons for Elementor plugin for WordPress is
vulnerable t ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin
CVE-2024-2209 (A user with administrative privileges can create a compromised
dll fil ...)
- TODO: check
+ NOT-FOR-US: HP
CVE-2024-2206 (The /proxy route allows a user to proxy arbitrary urls
including poten ...)
TODO: check
CVE-2024-2203 (The The Plus Addons for Elementor plugin for WordPress is
vulnerable t ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin
CVE-2024-2139 (The Master Addons for Elementor plugin for WordPress is
vulnerable to ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin
CVE-2024-2121 (The Elementor Website Builder Pro plugin for WordPress is
vulnerable t ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin
CVE-2024-2120 (The Elementor Website Builder \u2013 More than Just a Page
Builder plu ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin
CVE-2024-2097 (Authenticated List control client can execute the LINQ query in
SCM Se ...)
- TODO: check
+ NOT-FOR-US: Hitachi
CVE-2024-29928 (Improper Neutralization of Input During Web Page Generation
('Cross-si ...)
NOT-FOR-US: WordPress plugin
CVE-2024-29927 (Improper Neutralization of Input During Web Page Generation
('Cross-si ...)
@@ -466,9 +466,9 @@ CVE-2024-25735 (An issue was discovered on WyreStorm Apollo
VX20 devices before
CVE-2024-25734 (An issue was discovered on WyreStorm Apollo VX20 devices
before 1.3.58 ...)
NOT-FOR-US: WyreStorm Apollo VX20 devices
CVE-2024-25421 (An issue in Ignite Realtime Openfire v.4.9.0 and before allows
a remot ...)
- TODO: check
+ NOT-FOR-US: Ignite Realtime Openfire
CVE-2024-25420 (An issue in Ignite Realtime Openfire v.4.9.0 and before allows
a remot ...)
- TODO: check
+ NOT-FOR-US: Ignite Realtime Openfire
CVE-2024-25138 (In AutomationDirect C-MORE EA9 HMI, credentials used by the
platform ...)
NOT-FOR-US: AutomationDirect C-MORE EA9 HMI
CVE-2024-25137 (In AutomationDirect C-MORE EA9 HMI there is a program that
copies a bu ...)
@@ -482,47 +482,47 @@ CVE-2024-24800 (Improper Neutralization of Input During
Web Page Generation ('Cr
CVE-2024-24700 (Improper Neutralization of Input During Web Page Generation
('Cross-si ...)
NOT-FOR-US: WordPress plugin
CVE-2024-22311 (Improper Neutralization of Input During Web Page Generation
('Cross-si ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin
CVE-2024-22300 (Improper Neutralization of Input During Web Page Generation
('Cross-si ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin
CVE-2024-22299 (Improper Neutralization of Input During Web Page Generation
('Cross-si ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin
CVE-2024-22288 (Improper Neutralization of Input During Web Page Generation
('Cross-si ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin
CVE-2024-22149 (Improper Neutralization of Input During Web Page Generation
('Cross-si ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin
CVE-2024-1532 (A vulnerability exists in the stb-language file handling that
affects ...)
- TODO: check
+ NOT-FOR-US: Hitachi
CVE-2024-1531 (A vulnerability exists in the stb-language file handling that
affects ...)
- TODO: check
+ NOT-FOR-US: Hitachi
CVE-2024-1521 (The Elementor Website Builder Pro plugin for WordPress is
vulnerable t ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin
CVE-2024-1364 (The Elementor Website Builder Pro plugin for WordPress is
vulnerable t ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin
CVE-2024-0400 (SCM Software is a client and server application. An
Authenticated Syst ...)
- TODO: check
+ NOT-FOR-US: Hitachi
CVE-2023-52228 (Improper Neutralization of Input During Web Page Generation
('Cross-si ...)
- TODO: check
+ NOT-FOR-US: Mark Kinchin Beds24 Online Booking
CVE-2023-51148 (An issue in TRENDnet Trendnet AC1200 Dual Band PoE Indoor
Wireless Acc ...)
- TODO: check
+ NOT-FOR-US: TRENDnet
CVE-2023-51147 (Buffer Overflow vulnerability in TRENDnet Trendnet AC1200
TEW-821DAP w ...)
- TODO: check
+ NOT-FOR-US: TRENDnet
CVE-2023-51146 (Buffer Overflow vulnerability in TRENDnet AC1200 TEW-821DAP
with firmw ...)
- TODO: check
+ NOT-FOR-US: TRENDnet
CVE-2023-50702 (Sikka SSCWindowsService 5 2023-09-14 executes a program as
LocalSystem ...)
- TODO: check
+ NOT-FOR-US: Sikka SSCWindowsService
CVE-2023-49815 (Unrestricted Upload of File with Dangerous Type vulnerability
in WappP ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin
CVE-2023-48777 (Unrestricted Upload of File with Dangerous Type vulnerability
in Eleme ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin
CVE-2023-48275 (Unrestricted Upload of File with Dangerous Type vulnerability
in Trust ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin
CVE-2023-47873 (Unrestricted Upload of File with Dangerous Type vulnerability
in WEN S ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin
CVE-2023-47846 (Unrestricted Upload of File with Dangerous Type vulnerability
in Terry ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin
CVE-2023-47842 (Unrestricted Upload of File with Dangerous Type vulnerability
in Zacha ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin
CVE-2023-46052 (Sane 1.2.1 heap bounds overwrite in init_options() from
backend/test.c ...)
TODO: check
CVE-2023-46051 (TeX Live 944e257 allows a NULL pointer dereference in
texk/web2c/pdfte ...)
@@ -556,31 +556,31 @@ CVE-2023-45919 (Mesa 23.0.4 was discovered to contain a
buffer over-read in glXQ
CVE-2023-45913 (Mesa v23.0.4 was discovered to contain a NULL pointer
dereference via ...)
TODO: check
CVE-2023-43768 (An issue was discovered in Couchbase Server 6.6.x through
7.2.0, befor ...)
- TODO: check
+ NOT-FOR-US: Couchbase Server
CVE-2023-40290 (An issue was discovered on Supermicro X11SSM-F, X11SAE-F, and
X11SSE-F ...)
- TODO: check
+ NOT-FOR-US: Supermicro
CVE-2023-40289 (A command injection issue was discovered on Supermicro
X11SSM-F, X11SA ...)
- TODO: check
+ NOT-FOR-US: Supermicro
CVE-2023-40288 (An issue was discovered on Supermicro X11SSM-F, X11SAE-F, and
X11SSE-F ...)
- TODO: check
+ NOT-FOR-US: Supermicro
CVE-2023-40287 (An issue was discovered on Supermicro X11SSM-F, X11SAE-F, and
X11SSE-F ...)
- TODO: check
+ NOT-FOR-US: Supermicro
CVE-2023-40286 (An issue was discovered on Supermicro X11SSM-F, X11SAE-F, and
X11SSE-F ...)
- TODO: check
+ NOT-FOR-US: Supermicro
CVE-2023-40285 (An issue was discovered on Supermicro X11SSM-F, X11SAE-F, and
X11SSE-F ...)
- TODO: check
+ NOT-FOR-US: Supermicro
CVE-2023-40284 (An issue was discovered on Supermicro X11SSM-F, X11SAE-F, and
X11SSE-F ...)
- TODO: check
+ NOT-FOR-US: Supermicro
CVE-2023-39307 (Unrestricted Upload of File with Dangerous Type vulnerability
in Theme ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin
CVE-2023-39306 (Improper Neutralization of Input During Web Page Generation
('Cross-si ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin
CVE-2023-38388 (Unrestricted Upload of File with Dangerous Type vulnerability
in Artbe ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin
CVE-2023-31854 (std::bad_alloc is mishandled in Precomp 0.4.8. NOTE: this is
disputed ...)
TODO: check
CVE-2023-31634 (In TeslaMate before 1.27.2, there is unauthorized access to
port 4000 ...)
- TODO: check
+ NOT-FOR-US: TeslaMate
CVE-2017-20190 (Some Microsoft technologies as used in Windows 8 through 11
allow a te ...)
TODO: check
CVE-2024-22029
@@ -702,9 +702,9 @@ CVE-2024-24718 (Missing Authorization vulnerability in
PropertyHive.This issue a
CVE-2024-24711 (Missing Authorization vulnerability in weDevs WooCommerce
Conversion T ...)
NOT-FOR-US: WordPress plugin
CVE-2024-23722 (In Fluent Bit 2.1.8 through 2.2.1, a NULL pointer dereference
can be c ...)
- TODO: check
+ NOT-FOR-US: Fluent Bit
CVE-2024-23520 (Missing Authorization vulnerability in AccessAlly
PopupAlly.This issue ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin
CVE-2024-23482 (The ZScaler service is susceptible to a local privilege
escalation vul ...)
TODO: check
CVE-2024-22436 (A security vulnerability in HPE IceWall Agent products could
be exploi ...)
@@ -724,7 +724,7 @@ CVE-2024-21913 (A heap-based memory buffer overflow
vulnerability in Rockwell Au
CVE-2024-21912 (An arbitrary code execution vulnerability in Rockwell
Automation Arena ...)
NOT-FOR-US: Rockwell Automation
CVE-2024-1933 (Insecure UNIX Symbolic Link (Symlink) Following in TeamViewer
Remote C ...)
- TODO: check
+ NOT-FOR-US: TeamViewer
CVE-2024-1455 (The XMLOutputParser in LangChain uses the etree module from the
XML pa ...)
NOT-FOR-US: LangChain
CVE-2024-1313 (It is possible for a user in a different organization from the
owner o ...)
@@ -3534,9 +3534,9 @@ CVE-2024-27986 (Improper Neutralization of Input During
Web Page Generation ('Cr
CVE-2024-27301 (Support App is an opensource application specialized in
managing Apple ...)
NOT-FOR-US: Support App
CVE-2024-27266 (IBM Maximo Application Suite 7.6.1.3 is vulnerable to an XML
External ...)
- NOT-FOR-US: IBM X-Force ID:
+ NOT-FOR-US: IBM
CVE-2024-27265 (IBM Integration Bus for z/OS 10.1 through 10.1.0.3 is
vulnerable to cr ...)
- NOT-FOR-US: IBM X-Force ID:
+ NOT-FOR-US: IBM
CVE-2024-25156 (A path traversal vulnerability exists in GoAnywhere MFT prior
to 7.4.2 ...)
NOT-FOR-US: GoAnywhere MFT
CVE-2024-25139 (In TP-Link Omada er605 1.0.1 through (v2.6) 2.2.3, a cloud-brd
binary ...)
@@ -3548,7 +3548,7 @@ CVE-2024-24562 (vantage6-UI is the official user
interface for the vantage6 serv
CVE-2024-23823 (vantage6 is an open source framework built to enable, manage
and deplo ...)
NOT-FOR-US: vantage6
CVE-2024-22346 (Db2 for IBM i 7.2, 7.3, 7.4, and 7.5 infrastructure could
allow a loca ...)
- NOT-FOR-US: IBM X-Force ID:
+ NOT-FOR-US: IBM
CVE-2024-1998
REJECTED
CVE-2024-1623 (Insufficient session timeout vulnerability in the FAST3686 V2
Vodafone ...)
@@ -6244,7 +6244,7 @@ CVE-2024-25844 (An issue was discovered in
Common-Services "So Flexibilite" (sof
CVE-2024-25551 (Cross Site Scripting (XSS) vulnerability in sourcecodester
Simple Stud ...)
NOT-FOR-US: sourcecodester Simple Student Attendance System
CVE-2024-25016 (IBM MQ and IBM MQ Appliance 9.0, 9.1, 9.2, 9.3 LTS and 9.3 CD
could al ...)
- NOT-FOR-US: IBM X-Force ID:
+ NOT-FOR-US: IBM
CVE-2024-24307 (Path Traversal vulnerability in Tunis Soft "Product Designer"
(product ...)
NOT-FOR-US: PrestaShop module
CVE-2024-0968 (Cross-site Scripting (XSS) - DOM in GitHub repository
langchain-ai/cha ...)
@@ -60840,7 +60840,7 @@ CVE-2023-29388 (Unauth. Reflected Cross-Site Scripting
(XSS) vulnerability in im
CVE-2023-29387 (Auth. (contributor+) Stored Cross-Site Scripting (XSS)
vulnerability i ...)
NOT-FOR-US: WordPress plugin
CVE-2023-29386 (Unrestricted Upload of File with Dangerous Type vulnerability
in Julie ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin
CVE-2023-29385 (Unauth. Reflected Cross-Site Scripting (XSS) vulnerability in
Kevon Ad ...)
NOT-FOR-US: WordPress plugin
CVE-2023-29384 (Unrestricted Upload of File with Dangerous Type vulnerability
in HM Pl ...)
@@ -62906,7 +62906,7 @@ CVE-2023-28789 (Unauth. Reflected Cross-Site Scripting
(XSS) vulnerability in Ci
CVE-2023-28788 (Improper Neutralization of Special Elements used in an SQL
Command ('S ...)
NOT-FOR-US: WordPress plugin
CVE-2023-28787 (Improper Neutralization of Special Elements used in an SQL
Command ('S ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin
CVE-2023-28786 (URL Redirection to Untrusted Site ('Open Redirect')
vulnerability in S ...)
NOT-FOR-US: WordPress plugin
CVE-2023-28785 (Auth. (contributor+) Stored Cross-Site Scripting (XSS)
vulnerability i ...)
@@ -63289,7 +63289,7 @@ CVE-2023-28689
CVE-2023-28688
RESERVED
CVE-2023-28687 (Improper Neutralization of Input During Web Page Generation
('Cross-si ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin
CVE-2023-1551
RESERVED
CVE-2023-1550 (Insertion of Sensitive Information into log file vulnerability
in NGIN ...)
@@ -73694,7 +73694,7 @@ CVE-2023-25366 (In Siglent SDS 1104X-E
SDS1xx4X-E_V6.1.37R9.ADS, insecure SCPI i
CVE-2023-25365 (Cross Site Scripting vulnerability found in October CMS
v.3.2.0 allows ...)
NOT-FOR-US: October CMS
CVE-2023-25364 (Opswat Metadefender Core before 5.2.1 does not properly defend
against ...)
- TODO: check
+ NOT-FOR-US: Opswat Metadefender Core
CVE-2023-25363 (A use-after-free vulnerability in
WebCore::RenderLayer::updateDescenda ...)
{DSA-5241-1 DSA-5240-1 DLA-3124-1}
- webkit2gtk 2.38.0-1
@@ -92043,7 +92043,7 @@ CVE-2022-45849 (Auth. (subscriber+) Reflected
Cross-Site Scripting (XSS) vulnera
CVE-2022-45848 (Unauth. Stored Cross-Site Scripting (XSS) vulnerability
inContest Gall ...)
NOT-FOR-US: WordPress plugin
CVE-2022-45847 (Cross-Site Request Forgery (CSRF) vulnerability in WPAssist.Me
WordPre ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin
CVE-2022-45846 (Cross-Site Request Forgery (CSRF) vulnerability in Nickys
Image Map Pr ...)
NOT-FOR-US: WordPress plugin
CVE-2022-45845 (Deserialization of Untrusted Data vulnerability in Nextend
Smart Slide ...)
View it on GitLab:
https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/07d5002e266973144ef7531fc84ee8731bd23a38
--
View it on GitLab:
https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/07d5002e266973144ef7531fc84ee8731bd23a38
You're receiving this email because of your account on salsa.debian.org.
_______________________________________________
debian-security-tracker-commits mailing list
[email protected]
https://alioth-lists.debian.net/cgi-bin/mailman/listinfo/debian-security-tracker-commits
