Salvatore Bonaccorso pushed to branch master at Debian Security Tracker /
security-tracker
Commits:
6328760a by security tracker role at 2024-03-28T08:11:37+00:00
automatic update
- - - - -
1 changed file:
- data/CVE/list
Changes:
=====================================
data/CVE/list
=====================================
@@ -1,3 +1,209 @@
+CVE-2024-3024 (A vulnerability was found in appneta tcpreplay up to 4.4.4. It
has bee ...)
+ TODO: check
+CVE-2024-3015 (A vulnerability classified as critical was found in
SourceCodester Sim ...)
+ TODO: check
+CVE-2024-3014 (A vulnerability classified as critical has been found in
SourceCodeste ...)
+ TODO: check
+CVE-2024-3013 (A vulnerability was found in FLIR AX8 up to 1.46.16. It has
been rated ...)
+ TODO: check
+CVE-2024-3012 (A vulnerability was found in Tenda FH1205 2.0.0.7(775). It has
been de ...)
+ TODO: check
+CVE-2024-3011 (A vulnerability was found in Tenda FH1205 2.0.0.7(775). It has
been cl ...)
+ TODO: check
+CVE-2024-3010 (A vulnerability was found in Tenda FH1205 2.0.0.7(775) and
classified ...)
+ TODO: check
+CVE-2024-3009 (A vulnerability has been found in Tenda FH1205 2.0.0.7(775) and
classi ...)
+ TODO: check
+CVE-2024-3008 (A vulnerability, which was classified as critical, was found in
Tenda ...)
+ TODO: check
+CVE-2024-3007 (A vulnerability, which was classified as critical, has been
found in T ...)
+ TODO: check
+CVE-2024-3006 (A vulnerability classified as critical was found in Tenda
FH1205 2.0.0 ...)
+ TODO: check
+CVE-2024-3004 (A vulnerability was found in code-projects Online Book System
1.0 and ...)
+ TODO: check
+CVE-2024-3003 (A vulnerability has been found in code-projects Online Book
System 1.0 ...)
+ TODO: check
+CVE-2024-3002 (A vulnerability, which was classified as critical, was found in
code-p ...)
+ TODO: check
+CVE-2024-3001 (A vulnerability, which was classified as critical, has been
found in c ...)
+ TODO: check
+CVE-2024-3000 (A vulnerability classified as critical was found in
code-projects Onli ...)
+ TODO: check
+CVE-2024-30245 (Improper Neutralization of Special Elements used in an SQL
Command ('S ...)
+ TODO: check
+CVE-2024-30244 (Improper Neutralization of Special Elements used in an SQL
Command ('S ...)
+ TODO: check
+CVE-2024-30243 (Improper Neutralization of Special Elements used in an SQL
Command ('S ...)
+ TODO: check
+CVE-2024-30242 (Improper Neutralization of Special Elements used in an SQL
Command ('S ...)
+ TODO: check
+CVE-2024-30241 (Improper Neutralization of Special Elements used in an SQL
Command ('S ...)
+ TODO: check
+CVE-2024-30240 (Improper Neutralization of Special Elements used in an SQL
Command ('S ...)
+ TODO: check
+CVE-2024-30239 (Improper Neutralization of Special Elements used in an SQL
Command ('S ...)
+ TODO: check
+CVE-2024-30237 (Improper Neutralization of Special Elements used in an SQL
Command ('S ...)
+ TODO: check
+CVE-2024-30236 (Improper Neutralization of Special Elements used in an SQL
Command ('S ...)
+ TODO: check
+CVE-2024-30230 (Deserialization of Untrusted Data vulnerability in Acowebs PDF
Invoice ...)
+ TODO: check
+CVE-2024-30229 (Deserialization of Untrusted Data vulnerability in GiveWP.This
issue a ...)
+ TODO: check
+CVE-2024-30228 (Deserialization of Untrusted Data vulnerability in Hercules
Design Her ...)
+ TODO: check
+CVE-2024-30227 (Deserialization of Untrusted Data vulnerability in INFINITUM
FORM Geo ...)
+ TODO: check
+CVE-2024-30226 (Deserialization of Untrusted Data vulnerability in WPDeveloper
BetterD ...)
+ TODO: check
+CVE-2024-30225 (Deserialization of Untrusted Data vulnerability in WPENGINE,
INC. WP M ...)
+ TODO: check
+CVE-2024-30224 (Deserialization of Untrusted Data vulnerability in Wholesale
Team Whol ...)
+ TODO: check
+CVE-2024-30223 (Deserialization of Untrusted Data vulnerability in Repute
Infosystems ...)
+ TODO: check
+CVE-2024-30222 (Deserialization of Untrusted Data vulnerability in Repute
Infosystems ...)
+ TODO: check
+CVE-2024-30221 (Deserialization of Untrusted Data vulnerability in WP Sunshine
Sunshin ...)
+ TODO: check
+CVE-2024-30200 (Improper Neutralization of Input During Web Page Generation
('Cross-si ...)
+ TODO: check
+CVE-2024-2999 (A vulnerability classified as critical has been found in
Campcodes Onl ...)
+ TODO: check
+CVE-2024-2998 (A vulnerability was found in Bdtask Multi-Store Inventory
Management S ...)
+ TODO: check
+CVE-2024-2997 (A vulnerability was found in Bdtask Multi-Store Inventory
Management S ...)
+ TODO: check
+CVE-2024-2890 (Unrestricted Upload of File with Dangerous Type vulnerability
in Tumul ...)
+ TODO: check
+CVE-2024-2818 (An issue has been discovered in GitLab CE/EE affecting all
versions be ...)
+ TODO: check
+CVE-2024-2111 (The Events Manager \u2013 Calendar, Bookings, Tickets, and
more! plugi ...)
+ TODO: check
+CVE-2024-2110 (The Events Manager \u2013 Calendar, Bookings, Tickets, and
more! plugi ...)
+ TODO: check
+CVE-2024-2091 (The Elementor Addon Elements plugin for WordPress is vulnerable
to Sto ...)
+ TODO: check
+CVE-2024-29241 (Missing authorization vulnerability in System webapi component
in Syno ...)
+ TODO: check
+CVE-2024-29240 (Missing authorization vulnerability in LayoutSave webapi
component in ...)
+ TODO: check
+CVE-2024-29239 (Improper neutralization of special elements used in an SQL
command ('S ...)
+ TODO: check
+CVE-2024-29238 (Improper neutralization of special elements used in an SQL
command ('S ...)
+ TODO: check
+CVE-2024-29237 (Improper neutralization of special elements used in an SQL
command ('S ...)
+ TODO: check
+CVE-2024-29236 (Improper neutralization of special elements used in an SQL
command ('S ...)
+ TODO: check
+CVE-2024-29235 (Improper neutralization of special elements used in an SQL
command ('S ...)
+ TODO: check
+CVE-2024-29234 (Improper neutralization of special elements used in an SQL
command ('S ...)
+ TODO: check
+CVE-2024-29233 (Improper neutralization of special elements used in an SQL
command ('S ...)
+ TODO: check
+CVE-2024-29232 (Improper neutralization of special elements used in an SQL
command ('S ...)
+ TODO: check
+CVE-2024-29231 (Improper validation of array index vulnerability in
UserPrivilege.Enum ...)
+ TODO: check
+CVE-2024-29230 (Improper neutralization of special elements used in an SQL
command ('S ...)
+ TODO: check
+CVE-2024-29229 (Missing authorization vulnerability in GetLiveViewPath webapi
componen ...)
+ TODO: check
+CVE-2024-29228 (Missing authorization vulnerability in GetStmUrlPath webapi
component ...)
+ TODO: check
+CVE-2024-29227 (Improper neutralization of special elements used in an SQL
command ('S ...)
+ TODO: check
+CVE-2024-29100 (Unrestricted Upload of File with Dangerous Type vulnerability
in Jordy ...)
+ TODO: check
+CVE-2024-29090 (Server-Side Request Forgery (SSRF) vulnerability in Jordy Meow
AI Engi ...)
+ TODO: check
+CVE-2024-28016 (Improper Access Controlvulnerability in NEC Corporation Aterm
WG1800HP ...)
+ TODO: check
+CVE-2024-28015 (Improper Neutralization of Special Elements used in an OS
Command vuln ...)
+ TODO: check
+CVE-2024-28014 (Stack-based Buffer Overflow vulnerability in NEC Corporation
Aterm WG1 ...)
+ TODO: check
+CVE-2024-28013 (Use of Insufficiently Random Values vulnerability in NEC
Corporation A ...)
+ TODO: check
+CVE-2024-28012 (Improper authentication vulnerability in NEC Corporation Aterm
WG1800H ...)
+ TODO: check
+CVE-2024-28011 (Hidden Functionality vulnerability in NEC Corporation Aterm
WG1800HP4, ...)
+ TODO: check
+CVE-2024-28010 (Use of Hard-coded Password in NEC Corporation Aterm WG1800HP4,
WG1200H ...)
+ TODO: check
+CVE-2024-28009 (Improper authentication vulnerability in NEC Corporation Aterm
WG1800H ...)
+ TODO: check
+CVE-2024-28008 (Active Debug Code in NEC Corporation Aterm WG1800HP4,
WG1200HS3, WG190 ...)
+ TODO: check
+CVE-2024-28007 (Improper authentication vulnerability in NEC Corporation Aterm
WG1800H ...)
+ TODO: check
+CVE-2024-28006 (Improper authentication vulnerability in NEC Corporation Aterm
WG1800H ...)
+ TODO: check
+CVE-2024-28005 (Aterm WG1800HP4, WG1200HS3, WG1900HP2, WG1200HP3, WG1800HP3,
WG1200HS2 ...)
+ TODO: check
+CVE-2024-28004 (Missing Authorization vulnerability in ExtendThemes Colibri
Page Build ...)
+ TODO: check
+CVE-2024-28003 (Missing Authorization vulnerability in Megamenu Max Mega
Menu.This iss ...)
+ TODO: check
+CVE-2024-28002 (Improper Neutralization of Input During Web Page Generation
('Cross-si ...)
+ TODO: check
+CVE-2024-28001 (Improper Neutralization of Input During Web Page Generation
('Cross-si ...)
+ TODO: check
+CVE-2024-27999 (Improper Neutralization of Input During Web Page Generation
('Cross-si ...)
+ TODO: check
+CVE-2024-25924 (Improper Neutralization of Special Elements used in an SQL
Command ('S ...)
+ TODO: check
+CVE-2024-25923 (Insertion of Sensitive Information into Log File vulnerability
in Peep ...)
+ TODO: check
+CVE-2024-25599 (Improper Neutralization of Input During Web Page Generation
('Cross-si ...)
+ TODO: check
+CVE-2024-25354 (RegEx Denial of Service in domain-suffix 1.0.8 allows
attackers to cra ...)
+ TODO: check
+CVE-2024-23500 (Server-Side Request Forgery (SSRF) vulnerability in Kadence WP
Gutenbe ...)
+ TODO: check
+CVE-2024-22138 (Insertion of Sensitive Information into Log File vulnerability
in Sera ...)
+ TODO: check
+CVE-2024-1770 (The Meta Tag Manager plugin for WordPress is vulnerable to PHP
Object ...)
+ TODO: check
+CVE-2024-0980 (The Auto-update service for Okta Verify for Windows is
vulnerable to t ...)
+ TODO: check
+CVE-2024-0677 (The Pz-LinkCard WordPress plugin through 2.5.1 does not prevent
users ...)
+ TODO: check
+CVE-2024-0673 (The Pz-LinkCard WordPress plugin through 2.5.1 does not
sanitise and e ...)
+ TODO: check
+CVE-2024-0672 (The Pz-LinkCard WordPress plugin through 2.5.1 does not
sanitise and e ...)
+ TODO: check
+CVE-2024-0079 (NVIDIA GPU Display Driver for Windows and Linux contains a
vulnerabili ...)
+ TODO: check
+CVE-2024-0077 (NVIDIA Virtual GPU Manager contains a vulnerability in the vGPU
plugin ...)
+ TODO: check
+CVE-2024-0073 (NVIDIA GPU Display Driver for Windows contains a vulnerability
in the ...)
+ TODO: check
+CVE-2024-0071 (NVIDIA GPU Display Driver for Windows contains a vulnerability
in the ...)
+ TODO: check
+CVE-2023-6371 (An issue has been discovered in GitLab CE/EE affecting all
versions be ...)
+ TODO: check
+CVE-2023-52628 (In the Linux kernel, the following vulnerability has been
resolved: n ...)
+ TODO: check
+CVE-2023-52234 (Exposure of Sensitive Information to an Unauthorized Actor
vulnerabili ...)
+ TODO: check
+CVE-2023-52231 (Exposure of Sensitive Information to an Unauthorized Actor
vulnerabili ...)
+ TODO: check
+CVE-2023-50374 (Server-Side Request Forgery (SSRF) vulnerability in
NiteoThemes CMP \u ...)
+ TODO: check
+CVE-2023-47438 (SQL Injection vulnerability in Reportico Till 8.1.0 allows
attackers t ...)
+ TODO: check
+CVE-2023-39313 (Server-Side Request Forgery (SSRF) vulnerability in
ThemeFusion Avada. ...)
+ TODO: check
+CVE-2023-39309 (Improper Neutralization of Special Elements used in an SQL
Command ('S ...)
+ TODO: check
+CVE-2023-36679 (Server-Side Request Forgery (SSRF) vulnerability in Brainstorm
Force S ...)
+ TODO: check
+CVE-2023-34370 (Server-Side Request Forgery (SSRF) vulnerability in Brainstorm
Force S ...)
+ TODO: check
CVE-2024-30238 (Improper Neutralization of Special Elements used in an SQL
Command ('S ...)
NOT-FOR-US: WordPress plugin
CVE-2024-30186 (Improper Neutralization of Input During Web Page Generation
('Cross-si ...)
@@ -7148,7 +7354,7 @@ CVE-2023-52486 (In the Linux kernel, the following
vulnerability has been resolv
CVE-2023-52485 (In the Linux kernel, the following vulnerability has been
resolved: d ...)
- linux 6.7.7-1
NOTE:
https://git.kernel.org/linus/8892780834ae294bc3697c7d0e056d7743900b39 (6.8-rc1)
-CVE-2024-0074
+CVE-2024-0074 (NVIDIA GPU Display Driver for Linux contains a vulnerability
where an ...)
[experimental] - nvidia-graphics-drivers 535.161.07-1
- nvidia-graphics-drivers <unfixed> (bug #1064983)
[bookworm] - nvidia-graphics-drivers <no-dsa> (Non-free not supported)
@@ -7193,7 +7399,7 @@ CVE-2024-42265
[bookworm] - nvidia-graphics-drivers-tesla-470 <no-dsa> (Non-free not
supported)
[bullseye] - nvidia-graphics-drivers-tesla-470 <no-dsa> (Non-free not
supported)
NOTE: https://nvidia.custhelp.com/app/answers/detail/a_id/5520
-CVE-2024-0078
+CVE-2024-0078 (NVIDIA GPU Display Driver for Windows and Linux contains a
vulnerabili ...)
[experimental] - nvidia-graphics-drivers 535.161.07-1
- nvidia-graphics-drivers <unfixed> (bug #1064983)
[bookworm] - nvidia-graphics-drivers <no-dsa> (Non-free not supported)
@@ -7218,7 +7424,7 @@ CVE-2024-0078
- nvidia-open-gpu-kernel-modules <unfixed> (bug #1064991)
[bookworm] - nvidia-open-gpu-kernel-modules <no-dsa> (Contrib not
supported)
NOTE: https://nvidia.custhelp.com/app/answers/detail/a_id/5520
-CVE-2024-0075
+CVE-2024-0075 (NVIDIA GPU Display Driver for Windows and Linux contains a
vulnerabili ...)
[experimental] - nvidia-graphics-drivers 535.161.07-1
- nvidia-graphics-drivers <unfixed> (bug #1064983)
[bookworm] - nvidia-graphics-drivers <no-dsa> (Non-free not supported)
@@ -8862,7 +9068,7 @@ CVE-2024-25730 (Hitron CODA-4582 and CODA-4589 devices
have default PSKs that ar
NOT-FOR-US: Hitron CODA-4582 and CODA-4589 devices
CVE-2024-25469 (SQL Injection vulnerability in CRMEB crmeb_java v.1.3.4 and
before all ...)
NOT-FOR-US: CRMEB crmeb_java
-CVE-2024-24681 (Insecure AES key in Yealink Configuration Encrypt Tool below
verrsion ...)
+CVE-2024-24681 (An issue was discovered in Yealink Configuration Encrypt Tool
(AES ver ...)
NOT-FOR-US: Yealink
CVE-2024-24310 (In the module "Generate barcode on invoice / delivery slip"
(ecgenerat ...)
NOT-FOR-US: PrestaShop module
@@ -78662,8 +78868,8 @@ CVE-2023-23651 (Auth. (subscriber+) SQL Injection
(SQLi) vulnerability in MainWP
NOT-FOR-US: WordPress plugin
CVE-2023-23650 (Auth. (subscriber+) Stored Cross-Site Scripting (XSS)
vulnerability in ...)
NOT-FOR-US: WordPress plugin
-CVE-2023-23649
- RESERVED
+CVE-2023-23649 (Deserialization of Untrusted Data vulnerability in MainWP
MainWP Links ...)
+ TODO: check
CVE-2023-23648
RESERVED
CVE-2023-23647 (Auth. (author+) Stored Cross-Site Scripting (XSS)
vulnerability in Sk. ...)
@@ -92036,8 +92242,8 @@ CVE-2022-45852
RESERVED
CVE-2022-45851 (Missing Authorization vulnerability in ShareThis ShareThis
Dashboard f ...)
NOT-FOR-US: WordPress plugin
-CVE-2022-45850
- RESERVED
+CVE-2022-45850 (Cross-Site Request Forgery (CSRF) vulnerability in Nickys
Image Map Pr ...)
+ TODO: check
CVE-2022-45849 (Auth. (subscriber+) Reflected Cross-Site Scripting (XSS)
vulnerability ...)
NOT-FOR-US: WordPress plugin
CVE-2022-45848 (Unauth. Stored Cross-Site Scripting (XSS) vulnerability
inContest Gall ...)
View it on GitLab:
https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/6328760a5b3cc06611e91474b4e70d89c39c1e33
--
View it on GitLab:
https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/6328760a5b3cc06611e91474b4e70d89c39c1e33
You're receiving this email because of your account on salsa.debian.org.
_______________________________________________
debian-security-tracker-commits mailing list
[email protected]
https://alioth-lists.debian.net/cgi-bin/mailman/listinfo/debian-security-tracker-commits
