Salvatore Bonaccorso pushed to branch master at Debian Security Tracker / security-tracker
Commits: 44c50bee by security tracker role at 2024-04-17T08:12:13+00:00 automatic update - - - - - 1 changed file: - data/CVE/list Changes: ===================================== data/CVE/list ===================================== @@ -1,58 +1,478 @@ +CVE-2024-3882 (A vulnerability was found in Tenda W30E 1.0.1.25(633). It has been cla ...) + TODO: check +CVE-2024-3881 (A vulnerability was found in Tenda W30E 1.0.1.25(633) and classified a ...) + TODO: check +CVE-2024-3880 (A vulnerability has been found in Tenda W30E 1.0.1.25(633) and classif ...) + TODO: check +CVE-2024-3879 (A vulnerability, which was classified as critical, was found in Tenda ...) + TODO: check +CVE-2024-3878 (A vulnerability, which was classified as critical, has been found in T ...) + TODO: check +CVE-2024-3877 (A vulnerability classified as critical was found in Tenda F1202 1.2.0. ...) + TODO: check +CVE-2024-3876 (A vulnerability classified as critical has been found in Tenda F1202 1 ...) + TODO: check +CVE-2024-3875 (A vulnerability was found in Tenda F1202 1.2.0.20(408). It has been ra ...) + TODO: check +CVE-2024-3874 (A vulnerability was found in Tenda W20E 15.11.0.6. It has been declare ...) + TODO: check +CVE-2024-3873 (A vulnerability was found in SMI SMI-EX-5414W up to 1.0.03. It has bee ...) + TODO: check +CVE-2024-3872 (Mattermost Mobile app versions 2.13.0 and earlier use a regular expres ...) + TODO: check +CVE-2024-3871 (The Delta Electronics DVW-W02W2-E2 devices expose a web administration ...) + TODO: check +CVE-2024-3869 (The Customer Reviews for WooCommerce plugin for WordPress is vulnerabl ...) + TODO: check +CVE-2024-3867 (The archive-tainacan-collection theme for WordPress is vulnerable to R ...) + TODO: check +CVE-2024-3672 (The BA Book Everything plugin for WordPress is vulnerable to Stored Cr ...) + TODO: check +CVE-2024-3660 (A arbitrary code injection vulnerability in TensorFlow's Keras framewo ...) + TODO: check +CVE-2024-3367 (Argument injection in websphere_mq agent plugin in Checkmk 2.0.0, 2.1. ...) + TODO: check +CVE-2024-3243 (The Customer Reviews for WooCommerce plugin for WordPress is vulnerabl ...) + TODO: check +CVE-2024-3067 (The WooCommerce Google Feed Manager plugin for WordPress is vulnerable ...) + TODO: check +CVE-2024-32634 (In huge memory get unmapped area check, code can never be reached beca ...) + TODO: check +CVE-2024-32633 (An unsigned value can never be negative, so eMMC full disk test will a ...) + TODO: check +CVE-2024-32632 (A value in ATCMD will be misinterpreted by printf, causing incorrect o ...) + TODO: check +CVE-2024-32631 (Out-of-Bounds read in ciCCIOTOPT in ASR180X will cause incorrect compu ...) + TODO: check +CVE-2024-32625 (In OffloadAMRWriter, a scalar field is not initialized so will contain ...) + TODO: check +CVE-2024-32532 (Missing Authorization vulnerability in SiteGround Speed Optimizer.This ...) + TODO: check +CVE-2024-32525 (Missing Authorization vulnerability in Theme My Login.This issue affec ...) + TODO: check +CVE-2024-32524 (Missing Authorization vulnerability in Nuggethon Custom Order Statuses ...) + TODO: check +CVE-2024-32522 (Missing Authorization vulnerability in Jaed Mosharraf & Pluginbazar Te ...) + TODO: check +CVE-2024-32520 (Missing Authorization vulnerability in WPClever WPC Grouped Product fo ...) + TODO: check +CVE-2024-32519 (Missing Authorization vulnerability in GutenGeek GG Woo Feed for WooCo ...) + TODO: check +CVE-2024-32518 (Missing Authorization vulnerability in Pepro Dev. Group PeproDev Ultim ...) + TODO: check +CVE-2024-32517 (Missing Authorization vulnerability in WooCommerce & WordPress Tutoria ...) + TODO: check +CVE-2024-32516 (Missing Authorization vulnerability in Palscode Multi Currency For Woo ...) + TODO: check +CVE-2024-32515 (Missing Authorization vulnerability in Qamar Sheeraz, Nasir Ahmad Mega ...) + TODO: check +CVE-2024-32514 (Unrestricted Upload of File with Dangerous Type vulnerability in Poll ...) + TODO: check +CVE-2024-32513 (Insertion of Sensitive Information into Log File vulnerability in AdTr ...) + TODO: check +CVE-2024-32509 (Missing Authorization vulnerability in Loopus WP Cost Estimation & Pay ...) + TODO: check +CVE-2024-32455 (Missing Authorization vulnerability in Very Good Plugins Fatal Error N ...) + TODO: check +CVE-2024-32256 (Phpgurukul Tourism Management System v2.0 is vulnerable to Unrestricte ...) + TODO: check +CVE-2024-32254 (Phpgurukul Tourism Management System v2.0 is vulnerable to Unrestricte ...) + TODO: check +CVE-2024-32086 (Exposure of Sensitive Information to an Unauthorized Actor vulnerabili ...) + TODO: check +CVE-2024-32027 (Kohya_ss is a GUI for Kohya's Stable Diffusion trainers. Kohya_ss v22. ...) + TODO: check +CVE-2024-32026 (Kohya_ss is a GUI for Kohya's Stable Diffusion trainers. Kohya_ss is v ...) + TODO: check +CVE-2024-32025 (Kohya_ss is a GUI for Kohya's Stable Diffusion trainers. Kohya_ss is v ...) + TODO: check +CVE-2024-32024 (Kohya_ss is a GUI for Kohya's Stable Diffusion trainers. Kohya_ss is v ...) + TODO: check +CVE-2024-32023 (Kohya_ss is a GUI for Kohya's Stable Diffusion trainers. Kohya_ss is v ...) + TODO: check +CVE-2024-32022 (Kohya_ss is a GUI for Kohya's Stable Diffusion trainers. Kohya_ss is ...) + TODO: check +CVE-2024-31887 (IBM Security Verify Privilege 11.6.25 could allow an unauthenticated a ...) + TODO: check +CVE-2024-31760 (An issue in sanluan flipped-aurora gin-vue-admin 2.4.x allows an attac ...) + TODO: check +CVE-2024-31759 (An issue in sanluan PublicCMS v.4.0.202302.e allows an attacker to esc ...) + TODO: check +CVE-2024-31680 (File Upload vulnerability in Shibang Communications Co., Ltd. IP netwo ...) + TODO: check +CVE-2024-31503 (Incorrect access control in Dolibarr ERP CRM versions 19.0.0 and befor ...) + TODO: check +CVE-2024-31452 (OpenFGA is a high-performance and flexible authorization/permission en ...) + TODO: check +CVE-2024-31451 (DocsGPT is a GPT-powered chat for documentation. DocsGPT is vulnerable ...) + TODO: check +CVE-2024-31446 (OpenComputers is a Minecraft mod that adds programmable computers and ...) + TODO: check +CVE-2024-30380 (An Improper Handling of Exceptional Conditions vulnerability in Junipe ...) + TODO: check +CVE-2024-30378 (A Use After Free vulnerability in command processing of Juniper Networ ...) + TODO: check +CVE-2024-30256 (Open WebUI is a user-friendly WebUI for LLMs. Open-webui is vulnerable ...) + TODO: check +CVE-2024-2309 (The WP STAGING WordPress Backup Plugin WordPress plugin before 3.4.0, ...) + TODO: check +CVE-2024-2118 (The Social Media Share Buttons & Social Sharing Icons WordPress plugin ...) + TODO: check +CVE-2024-2102 (The Salon booking system WordPress plugin before 9.6.3 does not proper ...) + TODO: check +CVE-2024-2101 (The Salon booking system WordPress plugin before 9.6.3 does not proper ...) + TODO: check +CVE-2024-29402 (cskefu v7 suffers from Insufficient Session Expiration, which allows a ...) + TODO: check +CVE-2024-29291 (An issue in Laravel Framework 8 through 11 might allow a remote attack ...) + TODO: check +CVE-2024-27086 (The MSAL library enabled acquisition of security tokens to call protec ...) + TODO: check +CVE-2024-25911 (Missing Authorization vulnerability in Skymoon Labs MoveTo.This issue ...) + TODO: check +CVE-2024-22440 (A potential security vulnerability has been identified in HPE Compute ...) + TODO: check +CVE-2024-22354 (IBM WebSphere Application Server 8.5, 9.0 and IBM WebSphere Applicatio ...) + TODO: check +CVE-2024-22329 (IBM WebSphere Application Server 8.5, 9.0 and IBM WebSphere Applicatio ...) + TODO: check +CVE-2024-21676 (This High severity Injection vulnerability was introduced in versions ...) + TODO: check +CVE-2024-21121 (Vulnerability in the Oracle VM VirtualBox product of Oracle Virtualiza ...) + TODO: check +CVE-2024-21120 (Vulnerability in the Oracle Outside In Technology product of Oracle Fu ...) + TODO: check +CVE-2024-21119 (Vulnerability in the Oracle Outside In Technology product of Oracle Fu ...) + TODO: check +CVE-2024-21118 (Vulnerability in the Oracle Outside In Technology product of Oracle Fu ...) + TODO: check +CVE-2024-21117 (Vulnerability in the Oracle Outside In Technology product of Oracle Fu ...) + TODO: check +CVE-2024-21116 (Vulnerability in the Oracle VM VirtualBox product of Oracle Virtualiza ...) + TODO: check +CVE-2024-21115 (Vulnerability in the Oracle VM VirtualBox product of Oracle Virtualiza ...) + TODO: check +CVE-2024-21114 (Vulnerability in the Oracle VM VirtualBox product of Oracle Virtualiza ...) + TODO: check +CVE-2024-21113 (Vulnerability in the Oracle VM VirtualBox product of Oracle Virtualiza ...) + TODO: check +CVE-2024-21112 (Vulnerability in the Oracle VM VirtualBox product of Oracle Virtualiza ...) + TODO: check +CVE-2024-21111 (Vulnerability in the Oracle VM VirtualBox product of Oracle Virtualiza ...) + TODO: check +CVE-2024-21110 (Vulnerability in the Oracle VM VirtualBox product of Oracle Virtualiza ...) + TODO: check +CVE-2024-21109 (Vulnerability in the Oracle VM VirtualBox product of Oracle Virtualiza ...) + TODO: check +CVE-2024-21108 (Vulnerability in the Oracle VM VirtualBox product of Oracle Virtualiza ...) + TODO: check +CVE-2024-21107 (Vulnerability in the Oracle VM VirtualBox product of Oracle Virtualiza ...) + TODO: check +CVE-2024-21106 (Vulnerability in the Oracle VM VirtualBox product of Oracle Virtualiza ...) + TODO: check +CVE-2024-21105 (Vulnerability in the Oracle Solaris product of Oracle Systems (compone ...) + TODO: check +CVE-2024-21104 (Vulnerability in the Oracle ZFS Storage Appliance Kit product of Oracl ...) + TODO: check +CVE-2024-21103 (Vulnerability in the Oracle VM VirtualBox product of Oracle Virtualiza ...) + TODO: check +CVE-2024-21102 (Vulnerability in the MySQL Server product of Oracle MySQL (component: ...) + TODO: check +CVE-2024-21101 (Vulnerability in the MySQL Cluster product of Oracle MySQL (component: ...) + TODO: check +CVE-2024-21100 (Vulnerability in the Oracle Commerce Platform product of Oracle Commer ...) + TODO: check +CVE-2024-21099 (Vulnerability in the Oracle Business Intelligence Enterprise Edition p ...) + TODO: check +CVE-2024-21098 (Vulnerability in the Oracle GraalVM for JDK, Oracle GraalVM Enterprise ...) + TODO: check +CVE-2024-21097 (Vulnerability in the PeopleSoft Enterprise PeopleTools product of Orac ...) + TODO: check +CVE-2024-21096 (Vulnerability in the MySQL Server product of Oracle MySQL (component: ...) + TODO: check +CVE-2024-21095 (Vulnerability in the Primavera P6 Enterprise Project Portfolio Managem ...) + TODO: check +CVE-2024-21094 (Vulnerability in the Oracle Java SE, Oracle GraalVM for JDK, Oracle Gr ...) + TODO: check +CVE-2024-21093 (Vulnerability in the Java VM component of Oracle Database Server. Sup ...) + TODO: check +CVE-2024-21092 (Vulnerability in the Oracle Agile Product Lifecycle Management for Pro ...) + TODO: check +CVE-2024-21091 (Vulnerability in the Oracle Agile Product Lifecycle Management for Pro ...) + TODO: check +CVE-2024-21090 (Vulnerability in the MySQL Connectors product of Oracle MySQL (compone ...) + TODO: check +CVE-2024-21089 (Vulnerability in the Oracle Concurrent Processing product of Oracle E- ...) + TODO: check +CVE-2024-21088 (Vulnerability in the Oracle Production Scheduling product of Oracle E- ...) + TODO: check +CVE-2024-21087 (Vulnerability in the MySQL Server product of Oracle MySQL (component: ...) + TODO: check +CVE-2024-21086 (Vulnerability in the Oracle CRM Technical Foundation product of Oracle ...) + TODO: check +CVE-2024-21085 (Vulnerability in the Oracle Java SE, Oracle GraalVM Enterprise Edition ...) + TODO: check +CVE-2024-21084 (Vulnerability in the Oracle BI Publisher product of Oracle Analytics ( ...) + TODO: check +CVE-2024-21083 (Vulnerability in the Oracle BI Publisher product of Oracle Analytics ( ...) + TODO: check +CVE-2024-21082 (Vulnerability in the Oracle BI Publisher product of Oracle Analytics ( ...) + TODO: check +CVE-2024-21081 (Vulnerability in the Oracle Partner Management product of Oracle E-Bus ...) + TODO: check +CVE-2024-21080 (Vulnerability in the Oracle Applications Framework product of Oracle E ...) + TODO: check +CVE-2024-21079 (Vulnerability in the Oracle Marketing product of Oracle E-Business Sui ...) + TODO: check +CVE-2024-21078 (Vulnerability in the Oracle Marketing product of Oracle E-Business Sui ...) + TODO: check +CVE-2024-21077 (Vulnerability in the Oracle Trade Management product of Oracle E-Busin ...) + TODO: check +CVE-2024-21076 (Vulnerability in the Oracle Trade Management product of Oracle E-Busin ...) + TODO: check +CVE-2024-21075 (Vulnerability in the Oracle Trade Management product of Oracle E-Busin ...) + TODO: check +CVE-2024-21074 (Vulnerability in the Oracle Trade Management product of Oracle E-Busin ...) + TODO: check +CVE-2024-21073 (Vulnerability in the Oracle Trade Management product of Oracle E-Busin ...) + TODO: check +CVE-2024-21072 (Vulnerability in the Oracle Installed Base product of Oracle E-Busines ...) + TODO: check +CVE-2024-21071 (Vulnerability in the Oracle Workflow product of Oracle E-Business Suit ...) + TODO: check +CVE-2024-21070 (Vulnerability in the PeopleSoft Enterprise PeopleTools product of Orac ...) + TODO: check +CVE-2024-21069 (Vulnerability in the MySQL Server product of Oracle MySQL (component: ...) + TODO: check +CVE-2024-21068 (Vulnerability in the Oracle Java SE, Oracle GraalVM for JDK, Oracle Gr ...) + TODO: check +CVE-2024-21067 (Vulnerability in the Oracle Enterprise Manager Base Platform product o ...) + TODO: check +CVE-2024-21066 (Vulnerability in the RDBMS component of Oracle Database Server. Suppo ...) + TODO: check +CVE-2024-21065 (Vulnerability in the PeopleSoft Enterprise PeopleTools product of Orac ...) + TODO: check +CVE-2024-21064 (Vulnerability in the Oracle Business Intelligence Enterprise Edition p ...) + TODO: check +CVE-2024-21063 (Vulnerability in the PeopleSoft Enterprise HCM Benefits Administration ...) + TODO: check +CVE-2024-21062 (Vulnerability in the MySQL Server product of Oracle MySQL (component: ...) + TODO: check +CVE-2024-21061 (Vulnerability in the MySQL Server product of Oracle MySQL (component: ...) + TODO: check +CVE-2024-21060 (Vulnerability in the MySQL Server product of Oracle MySQL (component: ...) + TODO: check +CVE-2024-21059 (Vulnerability in the Oracle Solaris product of Oracle Systems (compone ...) + TODO: check +CVE-2024-21058 (Vulnerability in the Unified Audit component of Oracle Database Server ...) + TODO: check +CVE-2024-21057 (Vulnerability in the MySQL Server product of Oracle MySQL (component: ...) + TODO: check +CVE-2024-21056 (Vulnerability in the MySQL Server product of Oracle MySQL (component: ...) + TODO: check +CVE-2024-21055 (Vulnerability in the MySQL Server product of Oracle MySQL (component: ...) + TODO: check +CVE-2024-21054 (Vulnerability in the MySQL Server product of Oracle MySQL (component: ...) + TODO: check +CVE-2024-21053 (Vulnerability in the MySQL Server product of Oracle MySQL (component: ...) + TODO: check +CVE-2024-21052 (Vulnerability in the MySQL Server product of Oracle MySQL (component: ...) + TODO: check +CVE-2024-21051 (Vulnerability in the MySQL Server product of Oracle MySQL (component: ...) + TODO: check +CVE-2024-21050 (Vulnerability in the MySQL Server product of Oracle MySQL (component: ...) + TODO: check +CVE-2024-21049 (Vulnerability in the MySQL Server product of Oracle MySQL (component: ...) + TODO: check +CVE-2024-21048 (Vulnerability in the Oracle Web Applications Desktop Integrator produc ...) + TODO: check +CVE-2024-21047 (Vulnerability in the MySQL Server product of Oracle MySQL (component: ...) + TODO: check +CVE-2024-21046 (Vulnerability in the Oracle Complex Maintenance, Repair, and Overhaul ...) + TODO: check +CVE-2024-21045 (Vulnerability in the Oracle Complex Maintenance, Repair, and Overhaul ...) + TODO: check +CVE-2024-21044 (Vulnerability in the Oracle Complex Maintenance, Repair, and Overhaul ...) + TODO: check +CVE-2024-21043 (Vulnerability in the Oracle Complex Maintenance, Repair, and Overhaul ...) + TODO: check +CVE-2024-21042 (Vulnerability in the Oracle Complex Maintenance, Repair, and Overhaul ...) + TODO: check +CVE-2024-21041 (Vulnerability in the Oracle Complex Maintenance, Repair, and Overhaul ...) + TODO: check +CVE-2024-21040 (Vulnerability in the Oracle Complex Maintenance, Repair, and Overhaul ...) + TODO: check +CVE-2024-21039 (Vulnerability in the Oracle Complex Maintenance, Repair, and Overhaul ...) + TODO: check +CVE-2024-21038 (Vulnerability in the Oracle Complex Maintenance, Repair, and Overhaul ...) + TODO: check +CVE-2024-21037 (Vulnerability in the Oracle Complex Maintenance, Repair, and Overhaul ...) + TODO: check +CVE-2024-21036 (Vulnerability in the Oracle Complex Maintenance, Repair, and Overhaul ...) + TODO: check +CVE-2024-21035 (Vulnerability in the Oracle Complex Maintenance, Repair, and Overhaul ...) + TODO: check +CVE-2024-21034 (Vulnerability in the Oracle Complex Maintenance, Repair, and Overhaul ...) + TODO: check +CVE-2024-21033 (Vulnerability in the Oracle Complex Maintenance, Repair, and Overhaul ...) + TODO: check +CVE-2024-21032 (Vulnerability in the Oracle Complex Maintenance, Repair, and Overhaul ...) + TODO: check +CVE-2024-21031 (Vulnerability in the Oracle Complex Maintenance, Repair, and Overhaul ...) + TODO: check +CVE-2024-21030 (Vulnerability in the Oracle Complex Maintenance, Repair, and Overhaul ...) + TODO: check +CVE-2024-21029 (Vulnerability in the Oracle Complex Maintenance, Repair, and Overhaul ...) + TODO: check +CVE-2024-21028 (Vulnerability in the Oracle Complex Maintenance, Repair, and Overhaul ...) + TODO: check +CVE-2024-21027 (Vulnerability in the Oracle Complex Maintenance, Repair, and Overhaul ...) + TODO: check +CVE-2024-21026 (Vulnerability in the Oracle Complex Maintenance, Repair, and Overhaul ...) + TODO: check +CVE-2024-21025 (Vulnerability in the Oracle Complex Maintenance, Repair, and Overhaul ...) + TODO: check +CVE-2024-21024 (Vulnerability in the Oracle Complex Maintenance, Repair, and Overhaul ...) + TODO: check +CVE-2024-21023 (Vulnerability in the Oracle Complex Maintenance, Repair, and Overhaul ...) + TODO: check +CVE-2024-21022 (Vulnerability in the Oracle Complex Maintenance, Repair, and Overhaul ...) + TODO: check +CVE-2024-21021 (Vulnerability in the Oracle Complex Maintenance, Repair, and Overhaul ...) + TODO: check +CVE-2024-21020 (Vulnerability in the Oracle Complex Maintenance, Repair, and Overhaul ...) + TODO: check +CVE-2024-21019 (Vulnerability in the Oracle Complex Maintenance, Repair, and Overhaul ...) + TODO: check +CVE-2024-21018 (Vulnerability in the Oracle Complex Maintenance, Repair, and Overhaul ...) + TODO: check +CVE-2024-21017 (Vulnerability in the Oracle Complex Maintenance, Repair, and Overhaul ...) + TODO: check +CVE-2024-21016 (Vulnerability in the Oracle Complex Maintenance, Repair, and Overhaul ...) + TODO: check +CVE-2024-21015 (Vulnerability in the MySQL Server product of Oracle MySQL (component: ...) + TODO: check +CVE-2024-21014 (Vulnerability in the Oracle Hospitality Simphony product of Oracle Foo ...) + TODO: check +CVE-2024-21013 (Vulnerability in the MySQL Server product of Oracle MySQL (component: ...) + TODO: check +CVE-2024-21012 (Vulnerability in the Oracle Java SE, Oracle GraalVM for JDK, Oracle Gr ...) + TODO: check +CVE-2024-21011 (Vulnerability in the Oracle Java SE, Oracle GraalVM for JDK, Oracle Gr ...) + TODO: check +CVE-2024-21010 (Vulnerability in the Oracle Hospitality Simphony product of Oracle Foo ...) + TODO: check +CVE-2024-21009 (Vulnerability in the MySQL Server product of Oracle MySQL (component: ...) + TODO: check +CVE-2024-21008 (Vulnerability in the MySQL Server product of Oracle MySQL (component: ...) + TODO: check +CVE-2024-21007 (Vulnerability in the Oracle WebLogic Server product of Oracle Fusion M ...) + TODO: check +CVE-2024-21006 (Vulnerability in the Oracle WebLogic Server product of Oracle Fusion M ...) + TODO: check +CVE-2024-21005 (Vulnerability in the Oracle Java SE, Oracle GraalVM Enterprise Edition ...) + TODO: check +CVE-2024-21004 (Vulnerability in the Oracle Java SE, Oracle GraalVM Enterprise Edition ...) + TODO: check +CVE-2024-21003 (Vulnerability in the Oracle Java SE, Oracle GraalVM Enterprise Edition ...) + TODO: check +CVE-2024-21002 (Vulnerability in the Oracle Java SE, Oracle GraalVM Enterprise Edition ...) + TODO: check +CVE-2024-21001 (Vulnerability in the Oracle Business Intelligence Enterprise Edition p ...) + TODO: check +CVE-2024-21000 (Vulnerability in the MySQL Server product of Oracle MySQL (component: ...) + TODO: check +CVE-2024-20999 (Vulnerability in the Oracle Solaris product of Oracle Systems (compone ...) + TODO: check +CVE-2024-20998 (Vulnerability in the MySQL Server product of Oracle MySQL (component: ...) + TODO: check +CVE-2024-20997 (Vulnerability in the Oracle Hospitality Simphony product of Oracle Foo ...) + TODO: check +CVE-2024-20995 (Vulnerability in the Oracle Database Sharding component of Oracle Data ...) + TODO: check +CVE-2024-20994 (Vulnerability in the MySQL Server product of Oracle MySQL (component: ...) + TODO: check +CVE-2024-20993 (Vulnerability in the MySQL Server product of Oracle MySQL (component: ...) + TODO: check +CVE-2024-20992 (Vulnerability in the Oracle WebCenter Portal product of Oracle Fusion ...) + TODO: check +CVE-2024-20991 (Vulnerability in the Oracle HTTP Server product of Oracle Fusion Middl ...) + TODO: check +CVE-2024-20990 (Vulnerability in the Oracle Applications Technology product of Oracle ...) + TODO: check +CVE-2024-20989 (Vulnerability in the Oracle Hospitality Simphony product of Oracle Foo ...) + TODO: check +CVE-2024-20954 (Vulnerability in the Oracle GraalVM for JDK, Oracle GraalVM Enterprise ...) + TODO: check +CVE-2024-1357 (The Shortcodes and extra features for Phlox theme plugin for WordPress ...) + TODO: check +CVE-2024-1219 (The Easy Social Feed WordPress plugin before 6.5.6 does not validate ...) + TODO: check +CVE-2024-0868 (The coreActivity: Activity Logging plugin for WordPress plugin before ...) + TODO: check +CVE-2023-51391 (A bug in Micrium OS Network HTTP Server permits an invalid pointer der ...) + TODO: check +CVE-2023-50872 (The API in Accredible Credential.net December 6th, 2023 allows an Inse ...) + TODO: check +CVE-2023-45000 (Missing Authorization vulnerability in LiteSpeed Technologies LiteSpee ...) + TODO: check +CVE-2023-40000 (Improper Neutralization of Input During Web Page Generation ('Cross-si ...) + TODO: check CVE-2024-XXXX [gix-transport indirect code execution via malicious username] - rust-gix-transport 0.42.0-1 NOTE: https://github.com/advisories/GHSA-98p4-xjmm-8mfh NOTE: https://rustsec.org/advisories/RUSTSEC-2024-0335.html CVE-2024-27980 - nodejs <not-affected> (Only affects Windows) -CVE-2024-3847 +CVE-2024-3847 (Insufficient policy enforcement in WebUI in Google Chrome prior to 124 ...) - chromium <unfixed> [bullseye] - chromium <end-of-life> (see #1061268) [buster] - chromium <end-of-life> (see DSA 5046) -CVE-2024-3846 +CVE-2024-3846 (Inappropriate implementation in Prompts in Google Chrome prior to 124. ...) - chromium <unfixed> [bullseye] - chromium <end-of-life> (see #1061268) [buster] - chromium <end-of-life> (see DSA 5046) -CVE-2024-3845 +CVE-2024-3845 (Inappropriate implementation in Networks in Google Chrome prior to 124 ...) - chromium <unfixed> [bullseye] - chromium <end-of-life> (see #1061268) [buster] - chromium <end-of-life> (see DSA 5046) -CVE-2024-3844 +CVE-2024-3844 (Inappropriate implementation in Extensions in Google Chrome prior to 1 ...) - chromium <unfixed> [bullseye] - chromium <end-of-life> (see #1061268) [buster] - chromium <end-of-life> (see DSA 5046) -CVE-2024-3843 +CVE-2024-3843 (Insufficient data validation in Downloads in Google Chrome prior to 12 ...) - chromium <unfixed> [bullseye] - chromium <end-of-life> (see #1061268) [buster] - chromium <end-of-life> (see DSA 5046) -CVE-2024-3841 +CVE-2024-3841 (Insufficient data validation in Browser Switcher in Google Chrome prio ...) - chromium <unfixed> [bullseye] - chromium <end-of-life> (see #1061268) [buster] - chromium <end-of-life> (see DSA 5046) -CVE-2024-3840 +CVE-2024-3840 (Insufficient policy enforcement in Site Isolation in Google Chrome pri ...) - chromium <unfixed> [bullseye] - chromium <end-of-life> (see #1061268) [buster] - chromium <end-of-life> (see DSA 5046) -CVE-2024-3839 +CVE-2024-3839 (Out of bounds read in Fonts in Google Chrome prior to 124.0.6367.60 al ...) - chromium <unfixed> [bullseye] - chromium <end-of-life> (see #1061268) [buster] - chromium <end-of-life> (see DSA 5046) -CVE-2024-3838 +CVE-2024-3838 (Inappropriate implementation in Autofill in Google Chrome prior to 124 ...) - chromium <unfixed> [bullseye] - chromium <end-of-life> (see #1061268) [buster] - chromium <end-of-life> (see DSA 5046) -CVE-2024-3837 +CVE-2024-3837 (Use after free in QUIC in Google Chrome prior to 124.0.6367.60 allowed ...) - chromium <unfixed> [bullseye] - chromium <end-of-life> (see #1061268) [buster] - chromium <end-of-life> (see DSA 5046) -CVE-2024-3834 +CVE-2024-3834 (Use after free in Downloads in Google Chrome prior to 124.0.6367.60 al ...) - chromium <unfixed> [bullseye] - chromium <end-of-life> (see #1061268) [buster] - chromium <end-of-life> (see DSA 5046) -CVE-2024-3833 +CVE-2024-3833 (Object corruption in WebAssembly in Google Chrome prior to 124.0.6367. ...) - chromium <unfixed> [bullseye] - chromium <end-of-life> (see #1061268) [buster] - chromium <end-of-life> (see DSA 5046) -CVE-2024-3832 +CVE-2024-3832 (Object corruption in V8 in Google Chrome prior to 124.0.6367.60 allowe ...) - chromium <unfixed> [bullseye] - chromium <end-of-life> (see #1061268) [buster] - chromium <end-of-life> (see DSA 5046) @@ -60,63 +480,63 @@ CVE-2024-XXXX [Stored XSS in Avatar block] - wordpress 6.5.2+dfsg1-1 (bug #1069091) NOTE: https://wpscan.com/blog/unauthenticated-stored-xss-fixed-in-wordpress-core/ NOTE: https://wordpress.org/news/2024/04/wordpress-6-5-2-maintenance-and-security-release/ -CVE-2024-3302 +CVE-2024-3302 (There was no limit to the number of HTTP/2 CONTINUATION frames that wo ...) - firefox 125.0.1-1 - firefox-esr 115.10.0esr-1 NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2024-18/#CVE-2024-3302 NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2024-19/#CVE-2024-3302 -CVE-2024-3865 +CVE-2024-3865 (Memory safety bugs present in Firefox 124. Some of these bugs showed e ...) - firefox 125.0.1-1 NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2024-18/#CVE-2024-3865 -CVE-2024-3864 +CVE-2024-3864 (Memory safety bug present in Firefox 124, Firefox ESR 115.9, and Thund ...) - firefox 125.0.1-1 - firefox-esr 115.10.0esr-1 NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2024-18/#CVE-2024-3864 NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2024-19/#CVE-2024-3864 -CVE-2024-3863 +CVE-2024-3863 (The executable file warning was not presented when downloading .xrm-ms ...) - firefox <not-affected> (Windows-specific) - firefox-esr <not-affected> (Windows-specific) NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2024-18/#CVE-2024-3863 NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2024-19/#CVE-2024-3863 -CVE-2024-3862 +CVE-2024-3862 (The MarkStack assignment operator, part of the JavaScript engine, coul ...) - firefox 125.0.1-1 NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2024-18/#CVE-2024-3862 -CVE-2024-3861 +CVE-2024-3861 (If an AlignedBuffer were assigned to itself, the subsequent self-move ...) - firefox 125.0.1-1 - firefox-esr 115.10.0esr-1 NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2024-18/#CVE-2024-3861 NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2024-19/#CVE-2024-3861 -CVE-2024-3860 +CVE-2024-3860 (An out-of-memory condition during object initialization could result i ...) - firefox 125.0.1-1 NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2024-18/#CVE-2024-3860 -CVE-2024-3859 +CVE-2024-3859 (On 32-bit versions there were integer-overflows that led to an out-of- ...) - firefox 125.0.1-1 - firefox-esr 115.10.0esr-1 NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2024-18/#CVE-2024-3859 NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2024-19/#CVE-2024-3859 -CVE-2024-3858 +CVE-2024-3858 (It was possible to mutate a JavaScript object so that the JIT could cr ...) - firefox 125.0.1-1 NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2024-18/#CVE-2024-3858 -CVE-2024-3857 +CVE-2024-3857 (The JIT created incorrect code for arguments in certain cases. This le ...) - firefox 125.0.1-1 - firefox-esr 115.10.0esr-1 NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2024-18/#CVE-2024-3857 NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2024-19/#CVE-2024-3857 -CVE-2024-3856 +CVE-2024-3856 (A use-after-free could occur during WASM execution if garbage collecti ...) - firefox 125.0.1-1 NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2024-18/#CVE-2024-3856 -CVE-2024-3855 +CVE-2024-3855 (In certain cases the JIT incorrectly optimized MSubstr operations, whi ...) - firefox 125.0.1-1 NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2024-18/#CVE-2024-3855 -CVE-2024-3854 +CVE-2024-3854 (In some code patterns the JIT incorrectly optimized switch statements ...) - firefox 125.0.1-1 - firefox-esr 115.10.0esr-1 NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2024-18/#CVE-2024-3854 NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2024-19/#CVE-2024-3854 -CVE-2024-3853 +CVE-2024-3853 (A use-after-free could result if a JavaScript realm was in the process ...) - firefox 125.0.1-1 NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2024-18/#CVE-2024-3853 -CVE-2024-3852 +CVE-2024-3852 (GetBoundName could return the wrong version of an object when JIT opti ...) - firefox 125.0.1-1 - firefox-esr 115.10.0esr-1 NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2024-18/#CVE-2024-3852 @@ -147,7 +567,7 @@ CVE-2024-3028 (mintplex-labs/anything-llm is vulnerable to improper input valida NOT-FOR-US: anything-llm CVE-2024-32557 (Improper Neutralization of Input During Web Page Generation ('Cross-si ...) NOT-FOR-US: WordPress plugin -CVE-2024-32036 (ImageSharp is a 2D graphics API. A heap-use-after-free flaw was found ...) +CVE-2024-32036 (ImageSharp is a 2D graphics API. A data leakage flaw was found in Imag ...) NOT-FOR-US: ImageSharp CVE-2024-31784 (An issue in Typora v.1.8.10 and before, allows a local attacker to obt ...) NOT-FOR-US: Typora @@ -3067,7 +3487,8 @@ CVE-2023-52714 (Vulnerability of defects introduced in the design process in the NOT-FOR-US: Huawei CVE-2023-52713 (Vulnerability of improper permission control in the window management ...) NOT-FOR-US: Huawei -CVE-2023-52382 (Vulnerability of improper control over foreground service notification ...) +CVE-2023-52382 + REJECTED NOT-FOR-US: Huawei CVE-2021-4438 (A vulnerability, which was classified as critical, has been found in k ...) NOT-FOR-US: react-native-sms-user-consent @@ -3720,14 +4141,17 @@ CVE-2024-26745 (In the Linux kernel, the following vulnerability has been resolv [buster] - linux <not-affected> (Vulnerable code not present) NOTE: https://git.kernel.org/linus/09a3c1e46142199adcee372a420b024b4fc61051 (6.8-rc7) CVE-2024-24795 (HTTP Response splitting in multiple modules in Apache HTTP Server allo ...) + {DSA-5662-1} - apache2 2.4.59-1 (bug #1068412) NOTE: https://www.openwall.com/lists/oss-security/2024/04/04/5 NOTE: https://httpd.apache.org/security/vulnerabilities_24.html#CVE-2024-24795 CVE-2023-38709 (Faulty input validation in the core of Apache allows malicious or expl ...) + {DSA-5662-1} - apache2 2.4.59-1 (bug #1068412) NOTE: https://www.openwall.com/lists/oss-security/2024/04/04/3 NOTE: https://httpd.apache.org/security/vulnerabilities_24.html#CVE-2023-38709 CVE-2024-27316 (HTTP/2 incoming headers exceeding the limit are temporarily buffered i ...) + {DSA-5662-1} - apache2 2.4.59-1 (bug #1068412) NOTE: https://www.kb.cert.org/vuls/id/421644 NOTE: https://www.openwall.com/lists/oss-security/2024/04/04/4 @@ -5121,7 +5545,7 @@ CVE-2024-28219 (In _imagingcms.c in Pillow before 10.3.0, a buffer overflow exis - pillow 10.3.0-1 NOTE: https://pillow.readthedocs.io/en/stable/releasenotes/10.3.0.html#security NOTE: https://github.com/python-pillow/Pillow/commit/2a93aba5cfcf6e241ab4f9392c13e3b74032c061 (10.3.0) -CVE-2024-3135 (The web server lacked CSRF tokens allowing an attacker to host malicio ...) +CVE-2024-3135 (A Cross-Site Request Forgery (CSRF) vulnerability exists in the mudler ...) NOT-FOR-US: LocalAI CVE-2024-3131 (A vulnerability was found in SourceCodester Computer Laboratory Manage ...) NOT-FOR-US: SourceCodester Computer Laboratory Management System @@ -5440,7 +5864,7 @@ CVE-2024-3018 (The Essential Addons for Elementor plugin for WordPress is vulner NOT-FOR-US: WordPress plugin CVE-2024-2491 (The PowerPack Addons for Elementor plugin for WordPress is vulnerable ...) NOT-FOR-US: WordPress plugin -CVE-2024-1522 (The parisneo/lollms-webui does not have CSRF protections. As a result, ...) +CVE-2024-1522 (A Cross-Site Request Forgery (CSRF) vulnerability in the parisneo/loll ...) NOT-FOR-US: lollms-webui CVE-2024-3084 (A vulnerability was found in PHPGurukul Emergency Ambulance Hiring Por ...) NOT-FOR-US: PHPGurukul Emergency Ambulance Hiring Portal @@ -5779,7 +6203,7 @@ CVE-2024-1872 (The Button plugin for WordPress is vulnerable to PHP Object Injec NOT-FOR-US: WordPress plugin CVE-2024-1858 (The Lightbox slider \u2013 Responsive Lightbox Gallery plugin for Word ...) NOT-FOR-US: WordPress plugin -CVE-2024-1729 (Th password check condition is vulnerable to timing attack to guess th ...) +CVE-2024-1729 (A timing attack vulnerability exists in the gradio-app/gradio reposito ...) NOT-FOR-US: Gradio CVE-2024-0956 (The WP ERP | Complete HR solution with recruitment & job listings | Wo ...) NOT-FOR-US: WordPress plugin @@ -6458,7 +6882,7 @@ CVE-2024-20265 (A vulnerability in the boot process of Cisco Access Point (AP) S NOT-FOR-US: Cisco CVE-2024-20259 (A vulnerability in the DHCP snooping feature of Cisco IOS XE Software ...) NOT-FOR-US: Cisco -CVE-2024-1540 (Previously, it was possible to exfiltrate secrets in Gradio's CI, but ...) +CVE-2024-1540 (A command injection vulnerability exists in the deploy+test-visual.yml ...) NOT-FOR-US: Gradio CVE-2023-6400 (Incorrect Authorization vulnerability in OpenText\u2122 ZENworks Confi ...) NOT-FOR-US: OpenText @@ -6591,7 +7015,7 @@ CVE-2024-2210 (The The Plus Addons for Elementor plugin for WordPress is vulnera NOT-FOR-US: WordPress plugin CVE-2024-2209 (A user with administrative privileges can create a compromised dll fil ...) NOT-FOR-US: HP -CVE-2024-2206 (The /proxy route allows a user to proxy arbitrary urls including poten ...) +CVE-2024-2206 (An SSRF vulnerability exists in the gradio-app/gradio due to insuffici ...) NOT-FOR-US: Gradio CVE-2024-2203 (The The Plus Addons for Elementor plugin for WordPress is vulnerable t ...) NOT-FOR-US: WordPress plugin @@ -6979,7 +7403,7 @@ CVE-2024-21912 (An arbitrary code execution vulnerability in Rockwell Automation NOT-FOR-US: Rockwell Automation CVE-2024-1933 (Insecure UNIX Symbolic Link (Symlink) Following in TeamViewer Remote C ...) NOT-FOR-US: TeamViewer -CVE-2024-1455 (The XMLOutputParser in LangChain uses the etree module from the XML pa ...) +CVE-2024-1455 (A vulnerability in the langchain-ai/langchain repository allows for a ...) NOT-FOR-US: LangChain CVE-2024-1313 (It is possible for a user in a different organization from the owner o ...) - grafana <removed> @@ -7995,7 +8419,7 @@ CVE-2024-24883 (Missing Authorization vulnerability in BdThemes Prime Slider \u2 NOT-FOR-US: WordPress plugin CVE-2024-24850 (Missing Authorization vulnerability in Mark Stockton Quicksand Post Fi ...) NOT-FOR-US: WordPress plugin -CVE-2024-1727 (To prevent malicious 3rd party websites from making requests to Gradio ...) +CVE-2024-1727 (A Cross-Site Request Forgery (CSRF) vulnerability in gradio-app/gradio ...) NOT-FOR-US: Gradio CVE-2023-51672 (Missing Authorization vulnerability in FunnelKit FunnelKit Checkout.Th ...) NOT-FOR-US: FunnelKit @@ -8814,7 +9238,7 @@ CVE-2024-2610 (Using a markup injection an attacker could have stolen nonce valu NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2024-12/#CVE-2024-2610 NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2024-13/#CVE-2024-2610 NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2024-14/#CVE-2024-2610 -CVE-2024-2609 (The permission prompt input delay could have expired while the window ...) +CVE-2024-2609 (The permission prompt input delay could expire while the window is not ...) - firefox 124.0-1 - firefox-esr 115.10.0esr-1 NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2024-12/#CVE-2024-2609 @@ -14402,7 +14826,7 @@ CVE-2024-1943 (The Yuki theme for WordPress is vulnerable to Cross-Site Request NOT-FOR-US: WordPress theme CVE-2024-1932 (Unrestricted Upload of File with Dangerous Type in freescout-helpdesk/ ...) NOT-FOR-US: freescout-helpdesk -CVE-2024-1892 (Parts of the Scrapy API were found to be vulnerable to a ReDoS attack. ...) +CVE-2024-1892 (A Regular Expression Denial of Service (ReDoS) vulnerability exists in ...) - python-scrapy 2.11.1-1 (bug #1065111) [bookworm] - python-scrapy <no-dsa> (Minor issue) [bullseye] - python-scrapy <no-dsa> (Minor issue) @@ -15177,7 +15601,7 @@ CVE-2024-1875 (A vulnerability was found in SourceCodester Complaint Management NOT-FOR-US: SourceCodester CVE-2024-1735 (A vulnerability has been identified in armeria-saml versions less than ...) NOT-FOR-US: armeria-saml -CVE-2024-0798 (A user with a `default` role given to them by the admin can sent `DELE ...) +CVE-2024-0798 (A privilege escalation vulnerability exists in mintplex-labs/anything- ...) NOT-FOR-US: mintplex-labs/anything-llm CVE-2024-0455 (The inclusion of the web scraper for AnythingLLM means that any user w ...) NOT-FOR-US: mintplex-labs/anything-llm @@ -20352,7 +20776,8 @@ CVE-2023-51446 (GLPI is a Free Asset and IT Management Software package. When au - glpi <removed> NOTE: https://github.com/glpi-project/glpi/security/advisories/GHSA-p995-jmfv-c7r8 NOTE: https://github.com/glpi-project/glpi/commit/58c67d78f2e3ad08264213e9aaf56eab3c9ded35 -CVE-2023-37621 (An issue in Fronius Datalogger Web v.2.0.5-4, allows remote attackers ...) +CVE-2023-37621 + REJECTED NOT-FOR-US: Fronius Datalogger Web CVE-2024-24747 (MinIO is a High Performance Object Storage. When someone creates an ac ...) - minio <itp> (bug #859207) @@ -21087,7 +21512,7 @@ CVE-2024-22147 (Improper Neutralization of Special Elements used in an SQL Comma NOT-FOR-US: WordPress plugin CVE-2024-0958 (A vulnerability was found in CodeAstro Stock Management System 1.0 and ...) NOT-FOR-US: CodeAstro Stock Management System -CVE-2024-0948 (A vulnerability, which was classified as problematic, has been found i ...) +CVE-2024-0948 (** DISPUTED ** A vulnerability, which was classified as problematic, h ...) - netbox <itp> (bug #1017079) CVE-2024-0946 (A vulnerability classified as critical was found in 60IndexPage up to ...) NOT-FOR-US: 60IndexPage @@ -31234,7 +31659,7 @@ CVE-2023-33412 (The web interface in the Intelligent Platform Management Interfa NOT-FOR-US: Supermicro CVE-2023-33411 (A web server in the Intelligent Platform Management Interface (IPMI) b ...) NOT-FOR-US: Supermicro -CVE-2023-6568 (Cross-site Scripting (XSS) - Reflected in GitHub repository mlflow/mlf ...) +CVE-2023-6568 (A reflected Cross-Site Scripting (XSS) vulnerability exists in the mlf ...) NOT-FOR-US: mlflow CVE-2023-6566 (Business Logic Errors in GitHub repository microweber/microweber prior ...) NOT-FOR-US: microweber @@ -34381,7 +34806,7 @@ CVE-2023-6121 (An out-of-bounds read vulnerability was found in the NVMe-oF/TCP NOTE: https://git.kernel.org/linus/1c22e0295a5eb571c27b53c7371f95699ef705ff (6.7-rc3) CVE-2023-6119 (An Improper Privilege Management vulnerability in Trellix GetSusp prio ...) NOT-FOR-US: Trellix -CVE-2023-6038 (An attacker is able to read any file on the server hosting the H2O das ...) +CVE-2023-6038 (A Local File Inclusion (LFI) vulnerability exists in the h2o-3 REST AP ...) NOT-FOR-US: H2O (h2ai) (not the same as src:h2o) CVE-2023-6023 (An attacker can read any file on the filesystem on the server hosting ...) NOT-FOR-US: ModelDB @@ -39420,12 +39845,14 @@ CVE-2020-36706 (The Simple:Press \u2013 WordPress Forum Plugin for WordPress is CVE-2020-36698 (The Security & Malware scan by CleanTalk plugin for WordPress is vulne ...) NOT-FOR-US: WordPress plugin CVE-2023-45802 (When a HTTP/2 stream was reset (RST frame) by a client, there was a ti ...) + {DSA-5662-1} - apache2 2.4.58-1 [buster] - apache2 <no-dsa> (Minor issue) NOTE: https://www.openwall.com/lists/oss-security/2023/10/19/6 NOTE: https://httpd.apache.org/security/vulnerabilities_24.html#CVE-2023-45802 NOTE: https://github.com/icing/blog/blob/main/h2-rapid-reset.md#cve-2023-45802 CVE-2023-43622 (An attacker, opening a HTTP/2 connection with an initial window size o ...) + {DSA-5662-1} - apache2 2.4.58-1 [buster] - apache2 <not-affected> (Vulnerable code introduced later) NOTE: https://www.openwall.com/lists/oss-security/2023/10/19/5 @@ -62242,6 +62669,7 @@ CVE-2023-2259 (Improper Neutralization of Special Elements Used in a Template En CVE-2023-2258 (Improper Neutralization of Formula Elements in a CSV File in GitHub re ...) NOT-FOR-US: Alf.io CVE-2023-31122 (Out-of-bounds Read vulnerability in mod_macro of Apache HTTP Server.Th ...) + {DSA-5662-1} - apache2 2.4.58-1 [buster] - apache2 <no-dsa> (Minor issue) NOTE: https://www.openwall.com/lists/oss-security/2023/10/19/4 @@ -161080,43 +161508,37 @@ CVE-2022-24812 (Grafana is an open-source platform for monitoring and observabil - grafana <not-affected> (Only affects Grafana Enterprise) CVE-2022-24811 (Combodi iTop is a web based IT Service Management tool. Prior to versi ...) NOT-FOR-US: Combodi -CVE-2022-24810 [A malformed OID in a SET to the nsVacmAccessTable can cause a NULL pointer dereference] - RESERVED +CVE-2022-24810 (net-snmp provides various tools relating to the Simple Network Managem ...) {DSA-5209-1 DLA-3088-1} - net-snmp 5.9.3+dfsg-1 (bug #1016139) NOTE: https://fossies.org/linux/net-snmp/CHANGES (fixed in 5.9.3) NOTE: https://github.com/net-snmp/net-snmp/commit/67ebb43e9038b2dae6e74ae8838b36fcc10fc937 (v5.9.2.pre1) NOTE: https://github.com/net-snmp/net-snmp/commit/9a0cd7c00947d5e1c6ceb54558d454f87c3b8341 (v5.9.2.pre1) -CVE-2022-24809 [A malformed OID in a GET-NEXT to the nsVacmAccessTable can cause a NULL pointer dereference] - RESERVED +CVE-2022-24809 (net-snmp provides various tools relating to the Simple Network Managem ...) {DSA-5209-1 DLA-3088-1} - net-snmp 5.9.3+dfsg-1 (bug #1016139) NOTE: https://fossies.org/linux/net-snmp/CHANGES (fixed in 5.9.3) NOTE: https://github.com/net-snmp/net-snmp/commit/67ebb43e9038b2dae6e74ae8838b36fcc10fc937 (v5.9.2.pre1) NOTE: https://github.com/net-snmp/net-snmp/commit/9a0cd7c00947d5e1c6ceb54558d454f87c3b8341 (v5.9.2.pre1) -CVE-2022-24808 [A malformed OID in a SET request to NET-SNMP-AGENT-MIB::nsLogTable can cause a NULL pointer dereference] - RESERVED +CVE-2022-24808 (net-snmp provides various tools relating to the Simple Network Managem ...) {DSA-5209-1 DLA-3088-1} - net-snmp 5.9.3+dfsg-1 (bug #1016139) NOTE: https://fossies.org/linux/net-snmp/CHANGES (fixed in 5.9.3) NOTE: https://github.com/net-snmp/net-snmp/commit/67ebb43e9038b2dae6e74ae8838b36fcc10fc937 (v5.9.2.pre1) NOTE: https://github.com/net-snmp/net-snmp/commit/9a0cd7c00947d5e1c6ceb54558d454f87c3b8341 (v5.9.2.pre1) -CVE-2022-24807 [A malformed OID in a SET request to SNMP-VIEW-BASED-ACM-MIB::vacmAccessTable can cause an out-of-bounds memory access] - RESERVED +CVE-2022-24807 (net-snmp provides various tools relating to the Simple Network Managem ...) {DSA-5209-1 DLA-3088-1} - net-snmp 5.9.3+dfsg-1 (bug #1016139) NOTE: https://fossies.org/linux/net-snmp/CHANGES (fixed in 5.9.3) NOTE: https://github.com/net-snmp/net-snmp/commit/67ebb43e9038b2dae6e74ae8838b36fcc10fc937 (v5.9.2.pre1) NOTE: https://github.com/net-snmp/net-snmp/commit/9a0cd7c00947d5e1c6ceb54558d454f87c3b8341 (v5.9.2.pre1) -CVE-2022-24806 [Improper Input Validation when SETing malformed OIDs in master agent and subagent simultaneously] - RESERVED +CVE-2022-24806 (net-snmp provides various tools relating to the Simple Network Managem ...) {DSA-5209-1 DLA-3088-1} - net-snmp 5.9.3+dfsg-1 (bug #1016139) NOTE: https://fossies.org/linux/net-snmp/CHANGES (fixed in 5.9.3) NOTE: https://github.com/net-snmp/net-snmp/commit/67ebb43e9038b2dae6e74ae8838b36fcc10fc937 (v5.9.2.pre1) NOTE: https://github.com/net-snmp/net-snmp/commit/9a0cd7c00947d5e1c6ceb54558d454f87c3b8341 (v5.9.2.pre1) -CVE-2022-24805 [A buffer overflow in the handling of the INDEX of NET-SNMP-VACM-MIB can cause an out-of-bounds memory access] - RESERVED +CVE-2022-24805 (net-snmp provides various tools relating to the Simple Network Managem ...) {DSA-5209-1 DLA-3088-1} - net-snmp 5.9.3+dfsg-1 (bug #1016139) NOTE: https://fossies.org/linux/net-snmp/CHANGES (fixed in 5.9.3) View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/44c50beebc54f57f2db4bae255f22485d6076172 -- View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/44c50beebc54f57f2db4bae255f22485d6076172 You're receiving this email because of your account on salsa.debian.org.
_______________________________________________ debian-security-tracker-commits mailing list debian-security-tracker-commits@alioth-lists.debian.net https://alioth-lists.debian.net/cgi-bin/mailman/listinfo/debian-security-tracker-commits