Salvatore Bonaccorso pushed to branch master at Debian Security Tracker /
security-tracker
Commits:
44c50bee by security tracker role at 2024-04-17T08:12:13+00:00
automatic update
- - - - -
1 changed file:
- data/CVE/list
Changes:
=====================================
data/CVE/list
=====================================
@@ -1,58 +1,478 @@
+CVE-2024-3882 (A vulnerability was found in Tenda W30E 1.0.1.25(633). It has
been cla ...)
+ TODO: check
+CVE-2024-3881 (A vulnerability was found in Tenda W30E 1.0.1.25(633) and
classified a ...)
+ TODO: check
+CVE-2024-3880 (A vulnerability has been found in Tenda W30E 1.0.1.25(633) and
classif ...)
+ TODO: check
+CVE-2024-3879 (A vulnerability, which was classified as critical, was found in
Tenda ...)
+ TODO: check
+CVE-2024-3878 (A vulnerability, which was classified as critical, has been
found in T ...)
+ TODO: check
+CVE-2024-3877 (A vulnerability classified as critical was found in Tenda F1202
1.2.0. ...)
+ TODO: check
+CVE-2024-3876 (A vulnerability classified as critical has been found in Tenda
F1202 1 ...)
+ TODO: check
+CVE-2024-3875 (A vulnerability was found in Tenda F1202 1.2.0.20(408). It has
been ra ...)
+ TODO: check
+CVE-2024-3874 (A vulnerability was found in Tenda W20E 15.11.0.6. It has been
declare ...)
+ TODO: check
+CVE-2024-3873 (A vulnerability was found in SMI SMI-EX-5414W up to 1.0.03. It
has bee ...)
+ TODO: check
+CVE-2024-3872 (Mattermost Mobile app versions 2.13.0 and earlier use a regular
expres ...)
+ TODO: check
+CVE-2024-3871 (The Delta Electronics DVW-W02W2-E2 devices expose a web
administration ...)
+ TODO: check
+CVE-2024-3869 (The Customer Reviews for WooCommerce plugin for WordPress is
vulnerabl ...)
+ TODO: check
+CVE-2024-3867 (The archive-tainacan-collection theme for WordPress is
vulnerable to R ...)
+ TODO: check
+CVE-2024-3672 (The BA Book Everything plugin for WordPress is vulnerable to
Stored Cr ...)
+ TODO: check
+CVE-2024-3660 (A arbitrary code injection vulnerability in TensorFlow's Keras
framewo ...)
+ TODO: check
+CVE-2024-3367 (Argument injection in websphere_mq agent plugin in Checkmk
2.0.0, 2.1. ...)
+ TODO: check
+CVE-2024-3243 (The Customer Reviews for WooCommerce plugin for WordPress is
vulnerabl ...)
+ TODO: check
+CVE-2024-3067 (The WooCommerce Google Feed Manager plugin for WordPress is
vulnerable ...)
+ TODO: check
+CVE-2024-32634 (In huge memory get unmapped area check, code can never be
reached beca ...)
+ TODO: check
+CVE-2024-32633 (An unsigned value can never be negative, so eMMC full disk
test will a ...)
+ TODO: check
+CVE-2024-32632 (A value in ATCMD will be misinterpreted by printf, causing
incorrect o ...)
+ TODO: check
+CVE-2024-32631 (Out-of-Bounds read in ciCCIOTOPT in ASR180X will cause
incorrect compu ...)
+ TODO: check
+CVE-2024-32625 (In OffloadAMRWriter, a scalar field is not initialized so will
contain ...)
+ TODO: check
+CVE-2024-32532 (Missing Authorization vulnerability in SiteGround Speed
Optimizer.This ...)
+ TODO: check
+CVE-2024-32525 (Missing Authorization vulnerability in Theme My Login.This
issue affec ...)
+ TODO: check
+CVE-2024-32524 (Missing Authorization vulnerability in Nuggethon Custom Order
Statuses ...)
+ TODO: check
+CVE-2024-32522 (Missing Authorization vulnerability in Jaed Mosharraf &
Pluginbazar Te ...)
+ TODO: check
+CVE-2024-32520 (Missing Authorization vulnerability in WPClever WPC Grouped
Product fo ...)
+ TODO: check
+CVE-2024-32519 (Missing Authorization vulnerability in GutenGeek GG Woo Feed
for WooCo ...)
+ TODO: check
+CVE-2024-32518 (Missing Authorization vulnerability in Pepro Dev. Group
PeproDev Ultim ...)
+ TODO: check
+CVE-2024-32517 (Missing Authorization vulnerability in WooCommerce & WordPress
Tutoria ...)
+ TODO: check
+CVE-2024-32516 (Missing Authorization vulnerability in Palscode Multi Currency
For Woo ...)
+ TODO: check
+CVE-2024-32515 (Missing Authorization vulnerability in Qamar Sheeraz, Nasir
Ahmad Mega ...)
+ TODO: check
+CVE-2024-32514 (Unrestricted Upload of File with Dangerous Type vulnerability
in Poll ...)
+ TODO: check
+CVE-2024-32513 (Insertion of Sensitive Information into Log File vulnerability
in AdTr ...)
+ TODO: check
+CVE-2024-32509 (Missing Authorization vulnerability in Loopus WP Cost
Estimation & Pay ...)
+ TODO: check
+CVE-2024-32455 (Missing Authorization vulnerability in Very Good Plugins Fatal
Error N ...)
+ TODO: check
+CVE-2024-32256 (Phpgurukul Tourism Management System v2.0 is vulnerable to
Unrestricte ...)
+ TODO: check
+CVE-2024-32254 (Phpgurukul Tourism Management System v2.0 is vulnerable to
Unrestricte ...)
+ TODO: check
+CVE-2024-32086 (Exposure of Sensitive Information to an Unauthorized Actor
vulnerabili ...)
+ TODO: check
+CVE-2024-32027 (Kohya_ss is a GUI for Kohya's Stable Diffusion trainers.
Kohya_ss v22. ...)
+ TODO: check
+CVE-2024-32026 (Kohya_ss is a GUI for Kohya's Stable Diffusion trainers.
Kohya_ss is v ...)
+ TODO: check
+CVE-2024-32025 (Kohya_ss is a GUI for Kohya's Stable Diffusion trainers.
Kohya_ss is v ...)
+ TODO: check
+CVE-2024-32024 (Kohya_ss is a GUI for Kohya's Stable Diffusion trainers.
Kohya_ss is v ...)
+ TODO: check
+CVE-2024-32023 (Kohya_ss is a GUI for Kohya's Stable Diffusion trainers.
Kohya_ss is v ...)
+ TODO: check
+CVE-2024-32022 (Kohya_ss is a GUI for Kohya's Stable Diffusion trainers.
Kohya_ss is ...)
+ TODO: check
+CVE-2024-31887 (IBM Security Verify Privilege 11.6.25 could allow an
unauthenticated a ...)
+ TODO: check
+CVE-2024-31760 (An issue in sanluan flipped-aurora gin-vue-admin 2.4.x allows
an attac ...)
+ TODO: check
+CVE-2024-31759 (An issue in sanluan PublicCMS v.4.0.202302.e allows an
attacker to esc ...)
+ TODO: check
+CVE-2024-31680 (File Upload vulnerability in Shibang Communications Co., Ltd.
IP netwo ...)
+ TODO: check
+CVE-2024-31503 (Incorrect access control in Dolibarr ERP CRM versions 19.0.0
and befor ...)
+ TODO: check
+CVE-2024-31452 (OpenFGA is a high-performance and flexible
authorization/permission en ...)
+ TODO: check
+CVE-2024-31451 (DocsGPT is a GPT-powered chat for documentation. DocsGPT is
vulnerable ...)
+ TODO: check
+CVE-2024-31446 (OpenComputers is a Minecraft mod that adds programmable
computers and ...)
+ TODO: check
+CVE-2024-30380 (An Improper Handling of Exceptional Conditions vulnerability
in Junipe ...)
+ TODO: check
+CVE-2024-30378 (A Use After Free vulnerability in command processing of
Juniper Networ ...)
+ TODO: check
+CVE-2024-30256 (Open WebUI is a user-friendly WebUI for LLMs. Open-webui is
vulnerable ...)
+ TODO: check
+CVE-2024-2309 (The WP STAGING WordPress Backup Plugin WordPress plugin before
3.4.0, ...)
+ TODO: check
+CVE-2024-2118 (The Social Media Share Buttons & Social Sharing Icons WordPress
plugin ...)
+ TODO: check
+CVE-2024-2102 (The Salon booking system WordPress plugin before 9.6.3 does not
proper ...)
+ TODO: check
+CVE-2024-2101 (The Salon booking system WordPress plugin before 9.6.3 does not
proper ...)
+ TODO: check
+CVE-2024-29402 (cskefu v7 suffers from Insufficient Session Expiration, which
allows a ...)
+ TODO: check
+CVE-2024-29291 (An issue in Laravel Framework 8 through 11 might allow a
remote attack ...)
+ TODO: check
+CVE-2024-27086 (The MSAL library enabled acquisition of security tokens to
call protec ...)
+ TODO: check
+CVE-2024-25911 (Missing Authorization vulnerability in Skymoon Labs
MoveTo.This issue ...)
+ TODO: check
+CVE-2024-22440 (A potential security vulnerability has been identified in HPE
Compute ...)
+ TODO: check
+CVE-2024-22354 (IBM WebSphere Application Server 8.5, 9.0 and IBM WebSphere
Applicatio ...)
+ TODO: check
+CVE-2024-22329 (IBM WebSphere Application Server 8.5, 9.0 and IBM WebSphere
Applicatio ...)
+ TODO: check
+CVE-2024-21676 (This High severity Injection vulnerability was introduced in
versions ...)
+ TODO: check
+CVE-2024-21121 (Vulnerability in the Oracle VM VirtualBox product of Oracle
Virtualiza ...)
+ TODO: check
+CVE-2024-21120 (Vulnerability in the Oracle Outside In Technology product of
Oracle Fu ...)
+ TODO: check
+CVE-2024-21119 (Vulnerability in the Oracle Outside In Technology product of
Oracle Fu ...)
+ TODO: check
+CVE-2024-21118 (Vulnerability in the Oracle Outside In Technology product of
Oracle Fu ...)
+ TODO: check
+CVE-2024-21117 (Vulnerability in the Oracle Outside In Technology product of
Oracle Fu ...)
+ TODO: check
+CVE-2024-21116 (Vulnerability in the Oracle VM VirtualBox product of Oracle
Virtualiza ...)
+ TODO: check
+CVE-2024-21115 (Vulnerability in the Oracle VM VirtualBox product of Oracle
Virtualiza ...)
+ TODO: check
+CVE-2024-21114 (Vulnerability in the Oracle VM VirtualBox product of Oracle
Virtualiza ...)
+ TODO: check
+CVE-2024-21113 (Vulnerability in the Oracle VM VirtualBox product of Oracle
Virtualiza ...)
+ TODO: check
+CVE-2024-21112 (Vulnerability in the Oracle VM VirtualBox product of Oracle
Virtualiza ...)
+ TODO: check
+CVE-2024-21111 (Vulnerability in the Oracle VM VirtualBox product of Oracle
Virtualiza ...)
+ TODO: check
+CVE-2024-21110 (Vulnerability in the Oracle VM VirtualBox product of Oracle
Virtualiza ...)
+ TODO: check
+CVE-2024-21109 (Vulnerability in the Oracle VM VirtualBox product of Oracle
Virtualiza ...)
+ TODO: check
+CVE-2024-21108 (Vulnerability in the Oracle VM VirtualBox product of Oracle
Virtualiza ...)
+ TODO: check
+CVE-2024-21107 (Vulnerability in the Oracle VM VirtualBox product of Oracle
Virtualiza ...)
+ TODO: check
+CVE-2024-21106 (Vulnerability in the Oracle VM VirtualBox product of Oracle
Virtualiza ...)
+ TODO: check
+CVE-2024-21105 (Vulnerability in the Oracle Solaris product of Oracle Systems
(compone ...)
+ TODO: check
+CVE-2024-21104 (Vulnerability in the Oracle ZFS Storage Appliance Kit product
of Oracl ...)
+ TODO: check
+CVE-2024-21103 (Vulnerability in the Oracle VM VirtualBox product of Oracle
Virtualiza ...)
+ TODO: check
+CVE-2024-21102 (Vulnerability in the MySQL Server product of Oracle MySQL
(component: ...)
+ TODO: check
+CVE-2024-21101 (Vulnerability in the MySQL Cluster product of Oracle MySQL
(component: ...)
+ TODO: check
+CVE-2024-21100 (Vulnerability in the Oracle Commerce Platform product of
Oracle Commer ...)
+ TODO: check
+CVE-2024-21099 (Vulnerability in the Oracle Business Intelligence Enterprise
Edition p ...)
+ TODO: check
+CVE-2024-21098 (Vulnerability in the Oracle GraalVM for JDK, Oracle GraalVM
Enterprise ...)
+ TODO: check
+CVE-2024-21097 (Vulnerability in the PeopleSoft Enterprise PeopleTools product
of Orac ...)
+ TODO: check
+CVE-2024-21096 (Vulnerability in the MySQL Server product of Oracle MySQL
(component: ...)
+ TODO: check
+CVE-2024-21095 (Vulnerability in the Primavera P6 Enterprise Project Portfolio
Managem ...)
+ TODO: check
+CVE-2024-21094 (Vulnerability in the Oracle Java SE, Oracle GraalVM for JDK,
Oracle Gr ...)
+ TODO: check
+CVE-2024-21093 (Vulnerability in the Java VM component of Oracle Database
Server. Sup ...)
+ TODO: check
+CVE-2024-21092 (Vulnerability in the Oracle Agile Product Lifecycle Management
for Pro ...)
+ TODO: check
+CVE-2024-21091 (Vulnerability in the Oracle Agile Product Lifecycle Management
for Pro ...)
+ TODO: check
+CVE-2024-21090 (Vulnerability in the MySQL Connectors product of Oracle MySQL
(compone ...)
+ TODO: check
+CVE-2024-21089 (Vulnerability in the Oracle Concurrent Processing product of
Oracle E- ...)
+ TODO: check
+CVE-2024-21088 (Vulnerability in the Oracle Production Scheduling product of
Oracle E- ...)
+ TODO: check
+CVE-2024-21087 (Vulnerability in the MySQL Server product of Oracle MySQL
(component: ...)
+ TODO: check
+CVE-2024-21086 (Vulnerability in the Oracle CRM Technical Foundation product
of Oracle ...)
+ TODO: check
+CVE-2024-21085 (Vulnerability in the Oracle Java SE, Oracle GraalVM Enterprise
Edition ...)
+ TODO: check
+CVE-2024-21084 (Vulnerability in the Oracle BI Publisher product of Oracle
Analytics ( ...)
+ TODO: check
+CVE-2024-21083 (Vulnerability in the Oracle BI Publisher product of Oracle
Analytics ( ...)
+ TODO: check
+CVE-2024-21082 (Vulnerability in the Oracle BI Publisher product of Oracle
Analytics ( ...)
+ TODO: check
+CVE-2024-21081 (Vulnerability in the Oracle Partner Management product of
Oracle E-Bus ...)
+ TODO: check
+CVE-2024-21080 (Vulnerability in the Oracle Applications Framework product of
Oracle E ...)
+ TODO: check
+CVE-2024-21079 (Vulnerability in the Oracle Marketing product of Oracle
E-Business Sui ...)
+ TODO: check
+CVE-2024-21078 (Vulnerability in the Oracle Marketing product of Oracle
E-Business Sui ...)
+ TODO: check
+CVE-2024-21077 (Vulnerability in the Oracle Trade Management product of Oracle
E-Busin ...)
+ TODO: check
+CVE-2024-21076 (Vulnerability in the Oracle Trade Management product of Oracle
E-Busin ...)
+ TODO: check
+CVE-2024-21075 (Vulnerability in the Oracle Trade Management product of Oracle
E-Busin ...)
+ TODO: check
+CVE-2024-21074 (Vulnerability in the Oracle Trade Management product of Oracle
E-Busin ...)
+ TODO: check
+CVE-2024-21073 (Vulnerability in the Oracle Trade Management product of Oracle
E-Busin ...)
+ TODO: check
+CVE-2024-21072 (Vulnerability in the Oracle Installed Base product of Oracle
E-Busines ...)
+ TODO: check
+CVE-2024-21071 (Vulnerability in the Oracle Workflow product of Oracle
E-Business Suit ...)
+ TODO: check
+CVE-2024-21070 (Vulnerability in the PeopleSoft Enterprise PeopleTools product
of Orac ...)
+ TODO: check
+CVE-2024-21069 (Vulnerability in the MySQL Server product of Oracle MySQL
(component: ...)
+ TODO: check
+CVE-2024-21068 (Vulnerability in the Oracle Java SE, Oracle GraalVM for JDK,
Oracle Gr ...)
+ TODO: check
+CVE-2024-21067 (Vulnerability in the Oracle Enterprise Manager Base Platform
product o ...)
+ TODO: check
+CVE-2024-21066 (Vulnerability in the RDBMS component of Oracle Database
Server. Suppo ...)
+ TODO: check
+CVE-2024-21065 (Vulnerability in the PeopleSoft Enterprise PeopleTools product
of Orac ...)
+ TODO: check
+CVE-2024-21064 (Vulnerability in the Oracle Business Intelligence Enterprise
Edition p ...)
+ TODO: check
+CVE-2024-21063 (Vulnerability in the PeopleSoft Enterprise HCM Benefits
Administration ...)
+ TODO: check
+CVE-2024-21062 (Vulnerability in the MySQL Server product of Oracle MySQL
(component: ...)
+ TODO: check
+CVE-2024-21061 (Vulnerability in the MySQL Server product of Oracle MySQL
(component: ...)
+ TODO: check
+CVE-2024-21060 (Vulnerability in the MySQL Server product of Oracle MySQL
(component: ...)
+ TODO: check
+CVE-2024-21059 (Vulnerability in the Oracle Solaris product of Oracle Systems
(compone ...)
+ TODO: check
+CVE-2024-21058 (Vulnerability in the Unified Audit component of Oracle
Database Server ...)
+ TODO: check
+CVE-2024-21057 (Vulnerability in the MySQL Server product of Oracle MySQL
(component: ...)
+ TODO: check
+CVE-2024-21056 (Vulnerability in the MySQL Server product of Oracle MySQL
(component: ...)
+ TODO: check
+CVE-2024-21055 (Vulnerability in the MySQL Server product of Oracle MySQL
(component: ...)
+ TODO: check
+CVE-2024-21054 (Vulnerability in the MySQL Server product of Oracle MySQL
(component: ...)
+ TODO: check
+CVE-2024-21053 (Vulnerability in the MySQL Server product of Oracle MySQL
(component: ...)
+ TODO: check
+CVE-2024-21052 (Vulnerability in the MySQL Server product of Oracle MySQL
(component: ...)
+ TODO: check
+CVE-2024-21051 (Vulnerability in the MySQL Server product of Oracle MySQL
(component: ...)
+ TODO: check
+CVE-2024-21050 (Vulnerability in the MySQL Server product of Oracle MySQL
(component: ...)
+ TODO: check
+CVE-2024-21049 (Vulnerability in the MySQL Server product of Oracle MySQL
(component: ...)
+ TODO: check
+CVE-2024-21048 (Vulnerability in the Oracle Web Applications Desktop
Integrator produc ...)
+ TODO: check
+CVE-2024-21047 (Vulnerability in the MySQL Server product of Oracle MySQL
(component: ...)
+ TODO: check
+CVE-2024-21046 (Vulnerability in the Oracle Complex Maintenance, Repair, and
Overhaul ...)
+ TODO: check
+CVE-2024-21045 (Vulnerability in the Oracle Complex Maintenance, Repair, and
Overhaul ...)
+ TODO: check
+CVE-2024-21044 (Vulnerability in the Oracle Complex Maintenance, Repair, and
Overhaul ...)
+ TODO: check
+CVE-2024-21043 (Vulnerability in the Oracle Complex Maintenance, Repair, and
Overhaul ...)
+ TODO: check
+CVE-2024-21042 (Vulnerability in the Oracle Complex Maintenance, Repair, and
Overhaul ...)
+ TODO: check
+CVE-2024-21041 (Vulnerability in the Oracle Complex Maintenance, Repair, and
Overhaul ...)
+ TODO: check
+CVE-2024-21040 (Vulnerability in the Oracle Complex Maintenance, Repair, and
Overhaul ...)
+ TODO: check
+CVE-2024-21039 (Vulnerability in the Oracle Complex Maintenance, Repair, and
Overhaul ...)
+ TODO: check
+CVE-2024-21038 (Vulnerability in the Oracle Complex Maintenance, Repair, and
Overhaul ...)
+ TODO: check
+CVE-2024-21037 (Vulnerability in the Oracle Complex Maintenance, Repair, and
Overhaul ...)
+ TODO: check
+CVE-2024-21036 (Vulnerability in the Oracle Complex Maintenance, Repair, and
Overhaul ...)
+ TODO: check
+CVE-2024-21035 (Vulnerability in the Oracle Complex Maintenance, Repair, and
Overhaul ...)
+ TODO: check
+CVE-2024-21034 (Vulnerability in the Oracle Complex Maintenance, Repair, and
Overhaul ...)
+ TODO: check
+CVE-2024-21033 (Vulnerability in the Oracle Complex Maintenance, Repair, and
Overhaul ...)
+ TODO: check
+CVE-2024-21032 (Vulnerability in the Oracle Complex Maintenance, Repair, and
Overhaul ...)
+ TODO: check
+CVE-2024-21031 (Vulnerability in the Oracle Complex Maintenance, Repair, and
Overhaul ...)
+ TODO: check
+CVE-2024-21030 (Vulnerability in the Oracle Complex Maintenance, Repair, and
Overhaul ...)
+ TODO: check
+CVE-2024-21029 (Vulnerability in the Oracle Complex Maintenance, Repair, and
Overhaul ...)
+ TODO: check
+CVE-2024-21028 (Vulnerability in the Oracle Complex Maintenance, Repair, and
Overhaul ...)
+ TODO: check
+CVE-2024-21027 (Vulnerability in the Oracle Complex Maintenance, Repair, and
Overhaul ...)
+ TODO: check
+CVE-2024-21026 (Vulnerability in the Oracle Complex Maintenance, Repair, and
Overhaul ...)
+ TODO: check
+CVE-2024-21025 (Vulnerability in the Oracle Complex Maintenance, Repair, and
Overhaul ...)
+ TODO: check
+CVE-2024-21024 (Vulnerability in the Oracle Complex Maintenance, Repair, and
Overhaul ...)
+ TODO: check
+CVE-2024-21023 (Vulnerability in the Oracle Complex Maintenance, Repair, and
Overhaul ...)
+ TODO: check
+CVE-2024-21022 (Vulnerability in the Oracle Complex Maintenance, Repair, and
Overhaul ...)
+ TODO: check
+CVE-2024-21021 (Vulnerability in the Oracle Complex Maintenance, Repair, and
Overhaul ...)
+ TODO: check
+CVE-2024-21020 (Vulnerability in the Oracle Complex Maintenance, Repair, and
Overhaul ...)
+ TODO: check
+CVE-2024-21019 (Vulnerability in the Oracle Complex Maintenance, Repair, and
Overhaul ...)
+ TODO: check
+CVE-2024-21018 (Vulnerability in the Oracle Complex Maintenance, Repair, and
Overhaul ...)
+ TODO: check
+CVE-2024-21017 (Vulnerability in the Oracle Complex Maintenance, Repair, and
Overhaul ...)
+ TODO: check
+CVE-2024-21016 (Vulnerability in the Oracle Complex Maintenance, Repair, and
Overhaul ...)
+ TODO: check
+CVE-2024-21015 (Vulnerability in the MySQL Server product of Oracle MySQL
(component: ...)
+ TODO: check
+CVE-2024-21014 (Vulnerability in the Oracle Hospitality Simphony product of
Oracle Foo ...)
+ TODO: check
+CVE-2024-21013 (Vulnerability in the MySQL Server product of Oracle MySQL
(component: ...)
+ TODO: check
+CVE-2024-21012 (Vulnerability in the Oracle Java SE, Oracle GraalVM for JDK,
Oracle Gr ...)
+ TODO: check
+CVE-2024-21011 (Vulnerability in the Oracle Java SE, Oracle GraalVM for JDK,
Oracle Gr ...)
+ TODO: check
+CVE-2024-21010 (Vulnerability in the Oracle Hospitality Simphony product of
Oracle Foo ...)
+ TODO: check
+CVE-2024-21009 (Vulnerability in the MySQL Server product of Oracle MySQL
(component: ...)
+ TODO: check
+CVE-2024-21008 (Vulnerability in the MySQL Server product of Oracle MySQL
(component: ...)
+ TODO: check
+CVE-2024-21007 (Vulnerability in the Oracle WebLogic Server product of Oracle
Fusion M ...)
+ TODO: check
+CVE-2024-21006 (Vulnerability in the Oracle WebLogic Server product of Oracle
Fusion M ...)
+ TODO: check
+CVE-2024-21005 (Vulnerability in the Oracle Java SE, Oracle GraalVM Enterprise
Edition ...)
+ TODO: check
+CVE-2024-21004 (Vulnerability in the Oracle Java SE, Oracle GraalVM Enterprise
Edition ...)
+ TODO: check
+CVE-2024-21003 (Vulnerability in the Oracle Java SE, Oracle GraalVM Enterprise
Edition ...)
+ TODO: check
+CVE-2024-21002 (Vulnerability in the Oracle Java SE, Oracle GraalVM Enterprise
Edition ...)
+ TODO: check
+CVE-2024-21001 (Vulnerability in the Oracle Business Intelligence Enterprise
Edition p ...)
+ TODO: check
+CVE-2024-21000 (Vulnerability in the MySQL Server product of Oracle MySQL
(component: ...)
+ TODO: check
+CVE-2024-20999 (Vulnerability in the Oracle Solaris product of Oracle Systems
(compone ...)
+ TODO: check
+CVE-2024-20998 (Vulnerability in the MySQL Server product of Oracle MySQL
(component: ...)
+ TODO: check
+CVE-2024-20997 (Vulnerability in the Oracle Hospitality Simphony product of
Oracle Foo ...)
+ TODO: check
+CVE-2024-20995 (Vulnerability in the Oracle Database Sharding component of
Oracle Data ...)
+ TODO: check
+CVE-2024-20994 (Vulnerability in the MySQL Server product of Oracle MySQL
(component: ...)
+ TODO: check
+CVE-2024-20993 (Vulnerability in the MySQL Server product of Oracle MySQL
(component: ...)
+ TODO: check
+CVE-2024-20992 (Vulnerability in the Oracle WebCenter Portal product of Oracle
Fusion ...)
+ TODO: check
+CVE-2024-20991 (Vulnerability in the Oracle HTTP Server product of Oracle
Fusion Middl ...)
+ TODO: check
+CVE-2024-20990 (Vulnerability in the Oracle Applications Technology product of
Oracle ...)
+ TODO: check
+CVE-2024-20989 (Vulnerability in the Oracle Hospitality Simphony product of
Oracle Foo ...)
+ TODO: check
+CVE-2024-20954 (Vulnerability in the Oracle GraalVM for JDK, Oracle GraalVM
Enterprise ...)
+ TODO: check
+CVE-2024-1357 (The Shortcodes and extra features for Phlox theme plugin for
WordPress ...)
+ TODO: check
+CVE-2024-1219 (The Easy Social Feed WordPress plugin before 6.5.6 does not
validate ...)
+ TODO: check
+CVE-2024-0868 (The coreActivity: Activity Logging plugin for WordPress plugin
before ...)
+ TODO: check
+CVE-2023-51391 (A bug in Micrium OS Network HTTP Server permits an invalid
pointer der ...)
+ TODO: check
+CVE-2023-50872 (The API in Accredible Credential.net December 6th, 2023 allows
an Inse ...)
+ TODO: check
+CVE-2023-45000 (Missing Authorization vulnerability in LiteSpeed Technologies
LiteSpee ...)
+ TODO: check
+CVE-2023-40000 (Improper Neutralization of Input During Web Page Generation
('Cross-si ...)
+ TODO: check
CVE-2024-XXXX [gix-transport indirect code execution via malicious username]
- rust-gix-transport 0.42.0-1
NOTE: https://github.com/advisories/GHSA-98p4-xjmm-8mfh
NOTE: https://rustsec.org/advisories/RUSTSEC-2024-0335.html
CVE-2024-27980
- nodejs <not-affected> (Only affects Windows)
-CVE-2024-3847
+CVE-2024-3847 (Insufficient policy enforcement in WebUI in Google Chrome prior
to 124 ...)
- chromium <unfixed>
[bullseye] - chromium <end-of-life> (see #1061268)
[buster] - chromium <end-of-life> (see DSA 5046)
-CVE-2024-3846
+CVE-2024-3846 (Inappropriate implementation in Prompts in Google Chrome prior
to 124. ...)
- chromium <unfixed>
[bullseye] - chromium <end-of-life> (see #1061268)
[buster] - chromium <end-of-life> (see DSA 5046)
-CVE-2024-3845
+CVE-2024-3845 (Inappropriate implementation in Networks in Google Chrome prior
to 124 ...)
- chromium <unfixed>
[bullseye] - chromium <end-of-life> (see #1061268)
[buster] - chromium <end-of-life> (see DSA 5046)
-CVE-2024-3844
+CVE-2024-3844 (Inappropriate implementation in Extensions in Google Chrome
prior to 1 ...)
- chromium <unfixed>
[bullseye] - chromium <end-of-life> (see #1061268)
[buster] - chromium <end-of-life> (see DSA 5046)
-CVE-2024-3843
+CVE-2024-3843 (Insufficient data validation in Downloads in Google Chrome
prior to 12 ...)
- chromium <unfixed>
[bullseye] - chromium <end-of-life> (see #1061268)
[buster] - chromium <end-of-life> (see DSA 5046)
-CVE-2024-3841
+CVE-2024-3841 (Insufficient data validation in Browser Switcher in Google
Chrome prio ...)
- chromium <unfixed>
[bullseye] - chromium <end-of-life> (see #1061268)
[buster] - chromium <end-of-life> (see DSA 5046)
-CVE-2024-3840
+CVE-2024-3840 (Insufficient policy enforcement in Site Isolation in Google
Chrome pri ...)
- chromium <unfixed>
[bullseye] - chromium <end-of-life> (see #1061268)
[buster] - chromium <end-of-life> (see DSA 5046)
-CVE-2024-3839
+CVE-2024-3839 (Out of bounds read in Fonts in Google Chrome prior to
124.0.6367.60 al ...)
- chromium <unfixed>
[bullseye] - chromium <end-of-life> (see #1061268)
[buster] - chromium <end-of-life> (see DSA 5046)
-CVE-2024-3838
+CVE-2024-3838 (Inappropriate implementation in Autofill in Google Chrome prior
to 124 ...)
- chromium <unfixed>
[bullseye] - chromium <end-of-life> (see #1061268)
[buster] - chromium <end-of-life> (see DSA 5046)
-CVE-2024-3837
+CVE-2024-3837 (Use after free in QUIC in Google Chrome prior to 124.0.6367.60
allowed ...)
- chromium <unfixed>
[bullseye] - chromium <end-of-life> (see #1061268)
[buster] - chromium <end-of-life> (see DSA 5046)
-CVE-2024-3834
+CVE-2024-3834 (Use after free in Downloads in Google Chrome prior to
124.0.6367.60 al ...)
- chromium <unfixed>
[bullseye] - chromium <end-of-life> (see #1061268)
[buster] - chromium <end-of-life> (see DSA 5046)
-CVE-2024-3833
+CVE-2024-3833 (Object corruption in WebAssembly in Google Chrome prior to
124.0.6367. ...)
- chromium <unfixed>
[bullseye] - chromium <end-of-life> (see #1061268)
[buster] - chromium <end-of-life> (see DSA 5046)
-CVE-2024-3832
+CVE-2024-3832 (Object corruption in V8 in Google Chrome prior to 124.0.6367.60
allowe ...)
- chromium <unfixed>
[bullseye] - chromium <end-of-life> (see #1061268)
[buster] - chromium <end-of-life> (see DSA 5046)
@@ -60,63 +480,63 @@ CVE-2024-XXXX [Stored XSS in Avatar block]
- wordpress 6.5.2+dfsg1-1 (bug #1069091)
NOTE:
https://wpscan.com/blog/unauthenticated-stored-xss-fixed-in-wordpress-core/
NOTE:
https://wordpress.org/news/2024/04/wordpress-6-5-2-maintenance-and-security-release/
-CVE-2024-3302
+CVE-2024-3302 (There was no limit to the number of HTTP/2 CONTINUATION frames
that wo ...)
- firefox 125.0.1-1
- firefox-esr 115.10.0esr-1
NOTE:
https://www.mozilla.org/en-US/security/advisories/mfsa2024-18/#CVE-2024-3302
NOTE:
https://www.mozilla.org/en-US/security/advisories/mfsa2024-19/#CVE-2024-3302
-CVE-2024-3865
+CVE-2024-3865 (Memory safety bugs present in Firefox 124. Some of these bugs
showed e ...)
- firefox 125.0.1-1
NOTE:
https://www.mozilla.org/en-US/security/advisories/mfsa2024-18/#CVE-2024-3865
-CVE-2024-3864
+CVE-2024-3864 (Memory safety bug present in Firefox 124, Firefox ESR 115.9,
and Thund ...)
- firefox 125.0.1-1
- firefox-esr 115.10.0esr-1
NOTE:
https://www.mozilla.org/en-US/security/advisories/mfsa2024-18/#CVE-2024-3864
NOTE:
https://www.mozilla.org/en-US/security/advisories/mfsa2024-19/#CVE-2024-3864
-CVE-2024-3863
+CVE-2024-3863 (The executable file warning was not presented when downloading
.xrm-ms ...)
- firefox <not-affected> (Windows-specific)
- firefox-esr <not-affected> (Windows-specific)
NOTE:
https://www.mozilla.org/en-US/security/advisories/mfsa2024-18/#CVE-2024-3863
NOTE:
https://www.mozilla.org/en-US/security/advisories/mfsa2024-19/#CVE-2024-3863
-CVE-2024-3862
+CVE-2024-3862 (The MarkStack assignment operator, part of the JavaScript
engine, coul ...)
- firefox 125.0.1-1
NOTE:
https://www.mozilla.org/en-US/security/advisories/mfsa2024-18/#CVE-2024-3862
-CVE-2024-3861
+CVE-2024-3861 (If an AlignedBuffer were assigned to itself, the subsequent
self-move ...)
- firefox 125.0.1-1
- firefox-esr 115.10.0esr-1
NOTE:
https://www.mozilla.org/en-US/security/advisories/mfsa2024-18/#CVE-2024-3861
NOTE:
https://www.mozilla.org/en-US/security/advisories/mfsa2024-19/#CVE-2024-3861
-CVE-2024-3860
+CVE-2024-3860 (An out-of-memory condition during object initialization could
result i ...)
- firefox 125.0.1-1
NOTE:
https://www.mozilla.org/en-US/security/advisories/mfsa2024-18/#CVE-2024-3860
-CVE-2024-3859
+CVE-2024-3859 (On 32-bit versions there were integer-overflows that led to an
out-of- ...)
- firefox 125.0.1-1
- firefox-esr 115.10.0esr-1
NOTE:
https://www.mozilla.org/en-US/security/advisories/mfsa2024-18/#CVE-2024-3859
NOTE:
https://www.mozilla.org/en-US/security/advisories/mfsa2024-19/#CVE-2024-3859
-CVE-2024-3858
+CVE-2024-3858 (It was possible to mutate a JavaScript object so that the JIT
could cr ...)
- firefox 125.0.1-1
NOTE:
https://www.mozilla.org/en-US/security/advisories/mfsa2024-18/#CVE-2024-3858
-CVE-2024-3857
+CVE-2024-3857 (The JIT created incorrect code for arguments in certain cases.
This le ...)
- firefox 125.0.1-1
- firefox-esr 115.10.0esr-1
NOTE:
https://www.mozilla.org/en-US/security/advisories/mfsa2024-18/#CVE-2024-3857
NOTE:
https://www.mozilla.org/en-US/security/advisories/mfsa2024-19/#CVE-2024-3857
-CVE-2024-3856
+CVE-2024-3856 (A use-after-free could occur during WASM execution if garbage
collecti ...)
- firefox 125.0.1-1
NOTE:
https://www.mozilla.org/en-US/security/advisories/mfsa2024-18/#CVE-2024-3856
-CVE-2024-3855
+CVE-2024-3855 (In certain cases the JIT incorrectly optimized MSubstr
operations, whi ...)
- firefox 125.0.1-1
NOTE:
https://www.mozilla.org/en-US/security/advisories/mfsa2024-18/#CVE-2024-3855
-CVE-2024-3854
+CVE-2024-3854 (In some code patterns the JIT incorrectly optimized switch
statements ...)
- firefox 125.0.1-1
- firefox-esr 115.10.0esr-1
NOTE:
https://www.mozilla.org/en-US/security/advisories/mfsa2024-18/#CVE-2024-3854
NOTE:
https://www.mozilla.org/en-US/security/advisories/mfsa2024-19/#CVE-2024-3854
-CVE-2024-3853
+CVE-2024-3853 (A use-after-free could result if a JavaScript realm was in the
process ...)
- firefox 125.0.1-1
NOTE:
https://www.mozilla.org/en-US/security/advisories/mfsa2024-18/#CVE-2024-3853
-CVE-2024-3852
+CVE-2024-3852 (GetBoundName could return the wrong version of an object when
JIT opti ...)
- firefox 125.0.1-1
- firefox-esr 115.10.0esr-1
NOTE:
https://www.mozilla.org/en-US/security/advisories/mfsa2024-18/#CVE-2024-3852
@@ -147,7 +567,7 @@ CVE-2024-3028 (mintplex-labs/anything-llm is vulnerable to
improper input valida
NOT-FOR-US: anything-llm
CVE-2024-32557 (Improper Neutralization of Input During Web Page Generation
('Cross-si ...)
NOT-FOR-US: WordPress plugin
-CVE-2024-32036 (ImageSharp is a 2D graphics API. A heap-use-after-free flaw
was found ...)
+CVE-2024-32036 (ImageSharp is a 2D graphics API. A data leakage flaw was found
in Imag ...)
NOT-FOR-US: ImageSharp
CVE-2024-31784 (An issue in Typora v.1.8.10 and before, allows a local
attacker to obt ...)
NOT-FOR-US: Typora
@@ -3067,7 +3487,8 @@ CVE-2023-52714 (Vulnerability of defects introduced in
the design process in the
NOT-FOR-US: Huawei
CVE-2023-52713 (Vulnerability of improper permission control in the window
management ...)
NOT-FOR-US: Huawei
-CVE-2023-52382 (Vulnerability of improper control over foreground service
notification ...)
+CVE-2023-52382
+ REJECTED
NOT-FOR-US: Huawei
CVE-2021-4438 (A vulnerability, which was classified as critical, has been
found in k ...)
NOT-FOR-US: react-native-sms-user-consent
@@ -3720,14 +4141,17 @@ CVE-2024-26745 (In the Linux kernel, the following
vulnerability has been resolv
[buster] - linux <not-affected> (Vulnerable code not present)
NOTE:
https://git.kernel.org/linus/09a3c1e46142199adcee372a420b024b4fc61051 (6.8-rc7)
CVE-2024-24795 (HTTP Response splitting in multiple modules in Apache HTTP
Server allo ...)
+ {DSA-5662-1}
- apache2 2.4.59-1 (bug #1068412)
NOTE: https://www.openwall.com/lists/oss-security/2024/04/04/5
NOTE:
https://httpd.apache.org/security/vulnerabilities_24.html#CVE-2024-24795
CVE-2023-38709 (Faulty input validation in the core of Apache allows malicious
or expl ...)
+ {DSA-5662-1}
- apache2 2.4.59-1 (bug #1068412)
NOTE: https://www.openwall.com/lists/oss-security/2024/04/04/3
NOTE:
https://httpd.apache.org/security/vulnerabilities_24.html#CVE-2023-38709
CVE-2024-27316 (HTTP/2 incoming headers exceeding the limit are temporarily
buffered i ...)
+ {DSA-5662-1}
- apache2 2.4.59-1 (bug #1068412)
NOTE: https://www.kb.cert.org/vuls/id/421644
NOTE: https://www.openwall.com/lists/oss-security/2024/04/04/4
@@ -5121,7 +5545,7 @@ CVE-2024-28219 (In _imagingcms.c in Pillow before 10.3.0,
a buffer overflow exis
- pillow 10.3.0-1
NOTE:
https://pillow.readthedocs.io/en/stable/releasenotes/10.3.0.html#security
NOTE:
https://github.com/python-pillow/Pillow/commit/2a93aba5cfcf6e241ab4f9392c13e3b74032c061
(10.3.0)
-CVE-2024-3135 (The web server lacked CSRF tokens allowing an attacker to host
malicio ...)
+CVE-2024-3135 (A Cross-Site Request Forgery (CSRF) vulnerability exists in the
mudler ...)
NOT-FOR-US: LocalAI
CVE-2024-3131 (A vulnerability was found in SourceCodester Computer Laboratory
Manage ...)
NOT-FOR-US: SourceCodester Computer Laboratory Management System
@@ -5440,7 +5864,7 @@ CVE-2024-3018 (The Essential Addons for Elementor plugin
for WordPress is vulner
NOT-FOR-US: WordPress plugin
CVE-2024-2491 (The PowerPack Addons for Elementor plugin for WordPress is
vulnerable ...)
NOT-FOR-US: WordPress plugin
-CVE-2024-1522 (The parisneo/lollms-webui does not have CSRF protections. As a
result, ...)
+CVE-2024-1522 (A Cross-Site Request Forgery (CSRF) vulnerability in the
parisneo/loll ...)
NOT-FOR-US: lollms-webui
CVE-2024-3084 (A vulnerability was found in PHPGurukul Emergency Ambulance
Hiring Por ...)
NOT-FOR-US: PHPGurukul Emergency Ambulance Hiring Portal
@@ -5779,7 +6203,7 @@ CVE-2024-1872 (The Button plugin for WordPress is
vulnerable to PHP Object Injec
NOT-FOR-US: WordPress plugin
CVE-2024-1858 (The Lightbox slider \u2013 Responsive Lightbox Gallery plugin
for Word ...)
NOT-FOR-US: WordPress plugin
-CVE-2024-1729 (Th password check condition is vulnerable to timing attack to
guess th ...)
+CVE-2024-1729 (A timing attack vulnerability exists in the gradio-app/gradio
reposito ...)
NOT-FOR-US: Gradio
CVE-2024-0956 (The WP ERP | Complete HR solution with recruitment & job
listings | Wo ...)
NOT-FOR-US: WordPress plugin
@@ -6458,7 +6882,7 @@ CVE-2024-20265 (A vulnerability in the boot process of
Cisco Access Point (AP) S
NOT-FOR-US: Cisco
CVE-2024-20259 (A vulnerability in the DHCP snooping feature of Cisco IOS XE
Software ...)
NOT-FOR-US: Cisco
-CVE-2024-1540 (Previously, it was possible to exfiltrate secrets in Gradio's
CI, but ...)
+CVE-2024-1540 (A command injection vulnerability exists in the
deploy+test-visual.yml ...)
NOT-FOR-US: Gradio
CVE-2023-6400 (Incorrect Authorization vulnerability in OpenText\u2122
ZENworks Confi ...)
NOT-FOR-US: OpenText
@@ -6591,7 +7015,7 @@ CVE-2024-2210 (The The Plus Addons for Elementor plugin
for WordPress is vulnera
NOT-FOR-US: WordPress plugin
CVE-2024-2209 (A user with administrative privileges can create a compromised
dll fil ...)
NOT-FOR-US: HP
-CVE-2024-2206 (The /proxy route allows a user to proxy arbitrary urls
including poten ...)
+CVE-2024-2206 (An SSRF vulnerability exists in the gradio-app/gradio due to
insuffici ...)
NOT-FOR-US: Gradio
CVE-2024-2203 (The The Plus Addons for Elementor plugin for WordPress is
vulnerable t ...)
NOT-FOR-US: WordPress plugin
@@ -6979,7 +7403,7 @@ CVE-2024-21912 (An arbitrary code execution vulnerability
in Rockwell Automation
NOT-FOR-US: Rockwell Automation
CVE-2024-1933 (Insecure UNIX Symbolic Link (Symlink) Following in TeamViewer
Remote C ...)
NOT-FOR-US: TeamViewer
-CVE-2024-1455 (The XMLOutputParser in LangChain uses the etree module from the
XML pa ...)
+CVE-2024-1455 (A vulnerability in the langchain-ai/langchain repository allows
for a ...)
NOT-FOR-US: LangChain
CVE-2024-1313 (It is possible for a user in a different organization from the
owner o ...)
- grafana <removed>
@@ -7995,7 +8419,7 @@ CVE-2024-24883 (Missing Authorization vulnerability in
BdThemes Prime Slider \u2
NOT-FOR-US: WordPress plugin
CVE-2024-24850 (Missing Authorization vulnerability in Mark Stockton Quicksand
Post Fi ...)
NOT-FOR-US: WordPress plugin
-CVE-2024-1727 (To prevent malicious 3rd party websites from making requests to
Gradio ...)
+CVE-2024-1727 (A Cross-Site Request Forgery (CSRF) vulnerability in
gradio-app/gradio ...)
NOT-FOR-US: Gradio
CVE-2023-51672 (Missing Authorization vulnerability in FunnelKit FunnelKit
Checkout.Th ...)
NOT-FOR-US: FunnelKit
@@ -8814,7 +9238,7 @@ CVE-2024-2610 (Using a markup injection an attacker could
have stolen nonce valu
NOTE:
https://www.mozilla.org/en-US/security/advisories/mfsa2024-12/#CVE-2024-2610
NOTE:
https://www.mozilla.org/en-US/security/advisories/mfsa2024-13/#CVE-2024-2610
NOTE:
https://www.mozilla.org/en-US/security/advisories/mfsa2024-14/#CVE-2024-2610
-CVE-2024-2609 (The permission prompt input delay could have expired while the
window ...)
+CVE-2024-2609 (The permission prompt input delay could expire while the window
is not ...)
- firefox 124.0-1
- firefox-esr 115.10.0esr-1
NOTE:
https://www.mozilla.org/en-US/security/advisories/mfsa2024-12/#CVE-2024-2609
@@ -14402,7 +14826,7 @@ CVE-2024-1943 (The Yuki theme for WordPress is
vulnerable to Cross-Site Request
NOT-FOR-US: WordPress theme
CVE-2024-1932 (Unrestricted Upload of File with Dangerous Type in
freescout-helpdesk/ ...)
NOT-FOR-US: freescout-helpdesk
-CVE-2024-1892 (Parts of the Scrapy API were found to be vulnerable to a ReDoS
attack. ...)
+CVE-2024-1892 (A Regular Expression Denial of Service (ReDoS) vulnerability
exists in ...)
- python-scrapy 2.11.1-1 (bug #1065111)
[bookworm] - python-scrapy <no-dsa> (Minor issue)
[bullseye] - python-scrapy <no-dsa> (Minor issue)
@@ -15177,7 +15601,7 @@ CVE-2024-1875 (A vulnerability was found in
SourceCodester Complaint Management
NOT-FOR-US: SourceCodester
CVE-2024-1735 (A vulnerability has been identified in armeria-saml versions
less than ...)
NOT-FOR-US: armeria-saml
-CVE-2024-0798 (A user with a `default` role given to them by the admin can
sent `DELE ...)
+CVE-2024-0798 (A privilege escalation vulnerability exists in
mintplex-labs/anything- ...)
NOT-FOR-US: mintplex-labs/anything-llm
CVE-2024-0455 (The inclusion of the web scraper for AnythingLLM means that any
user w ...)
NOT-FOR-US: mintplex-labs/anything-llm
@@ -20352,7 +20776,8 @@ CVE-2023-51446 (GLPI is a Free Asset and IT Management
Software package. When au
- glpi <removed>
NOTE:
https://github.com/glpi-project/glpi/security/advisories/GHSA-p995-jmfv-c7r8
NOTE:
https://github.com/glpi-project/glpi/commit/58c67d78f2e3ad08264213e9aaf56eab3c9ded35
-CVE-2023-37621 (An issue in Fronius Datalogger Web v.2.0.5-4, allows remote
attackers ...)
+CVE-2023-37621
+ REJECTED
NOT-FOR-US: Fronius Datalogger Web
CVE-2024-24747 (MinIO is a High Performance Object Storage. When someone
creates an ac ...)
- minio <itp> (bug #859207)
@@ -21087,7 +21512,7 @@ CVE-2024-22147 (Improper Neutralization of Special
Elements used in an SQL Comma
NOT-FOR-US: WordPress plugin
CVE-2024-0958 (A vulnerability was found in CodeAstro Stock Management System
1.0 and ...)
NOT-FOR-US: CodeAstro Stock Management System
-CVE-2024-0948 (A vulnerability, which was classified as problematic, has been
found i ...)
+CVE-2024-0948 (** DISPUTED ** A vulnerability, which was classified as
problematic, h ...)
- netbox <itp> (bug #1017079)
CVE-2024-0946 (A vulnerability classified as critical was found in 60IndexPage
up to ...)
NOT-FOR-US: 60IndexPage
@@ -31234,7 +31659,7 @@ CVE-2023-33412 (The web interface in the Intelligent
Platform Management Interfa
NOT-FOR-US: Supermicro
CVE-2023-33411 (A web server in the Intelligent Platform Management Interface
(IPMI) b ...)
NOT-FOR-US: Supermicro
-CVE-2023-6568 (Cross-site Scripting (XSS) - Reflected in GitHub repository
mlflow/mlf ...)
+CVE-2023-6568 (A reflected Cross-Site Scripting (XSS) vulnerability exists in
the mlf ...)
NOT-FOR-US: mlflow
CVE-2023-6566 (Business Logic Errors in GitHub repository
microweber/microweber prior ...)
NOT-FOR-US: microweber
@@ -34381,7 +34806,7 @@ CVE-2023-6121 (An out-of-bounds read vulnerability was
found in the NVMe-oF/TCP
NOTE:
https://git.kernel.org/linus/1c22e0295a5eb571c27b53c7371f95699ef705ff (6.7-rc3)
CVE-2023-6119 (An Improper Privilege Management vulnerability in Trellix
GetSusp prio ...)
NOT-FOR-US: Trellix
-CVE-2023-6038 (An attacker is able to read any file on the server hosting the
H2O das ...)
+CVE-2023-6038 (A Local File Inclusion (LFI) vulnerability exists in the h2o-3
REST AP ...)
NOT-FOR-US: H2O (h2ai) (not the same as src:h2o)
CVE-2023-6023 (An attacker can read any file on the filesystem on the server
hosting ...)
NOT-FOR-US: ModelDB
@@ -39420,12 +39845,14 @@ CVE-2020-36706 (The Simple:Press \u2013 WordPress
Forum Plugin for WordPress is
CVE-2020-36698 (The Security & Malware scan by CleanTalk plugin for WordPress
is vulne ...)
NOT-FOR-US: WordPress plugin
CVE-2023-45802 (When a HTTP/2 stream was reset (RST frame) by a client, there
was a ti ...)
+ {DSA-5662-1}
- apache2 2.4.58-1
[buster] - apache2 <no-dsa> (Minor issue)
NOTE: https://www.openwall.com/lists/oss-security/2023/10/19/6
NOTE:
https://httpd.apache.org/security/vulnerabilities_24.html#CVE-2023-45802
NOTE:
https://github.com/icing/blog/blob/main/h2-rapid-reset.md#cve-2023-45802
CVE-2023-43622 (An attacker, opening a HTTP/2 connection with an initial
window size o ...)
+ {DSA-5662-1}
- apache2 2.4.58-1
[buster] - apache2 <not-affected> (Vulnerable code introduced later)
NOTE: https://www.openwall.com/lists/oss-security/2023/10/19/5
@@ -62242,6 +62669,7 @@ CVE-2023-2259 (Improper Neutralization of Special
Elements Used in a Template En
CVE-2023-2258 (Improper Neutralization of Formula Elements in a CSV File in
GitHub re ...)
NOT-FOR-US: Alf.io
CVE-2023-31122 (Out-of-bounds Read vulnerability in mod_macro of Apache HTTP
Server.Th ...)
+ {DSA-5662-1}
- apache2 2.4.58-1
[buster] - apache2 <no-dsa> (Minor issue)
NOTE: https://www.openwall.com/lists/oss-security/2023/10/19/4
@@ -161080,43 +161508,37 @@ CVE-2022-24812 (Grafana is an open-source platform
for monitoring and observabil
- grafana <not-affected> (Only affects Grafana Enterprise)
CVE-2022-24811 (Combodi iTop is a web based IT Service Management tool. Prior
to versi ...)
NOT-FOR-US: Combodi
-CVE-2022-24810 [A malformed OID in a SET to the nsVacmAccessTable can cause a
NULL pointer dereference]
- RESERVED
+CVE-2022-24810 (net-snmp provides various tools relating to the Simple Network
Managem ...)
{DSA-5209-1 DLA-3088-1}
- net-snmp 5.9.3+dfsg-1 (bug #1016139)
NOTE: https://fossies.org/linux/net-snmp/CHANGES (fixed in 5.9.3)
NOTE:
https://github.com/net-snmp/net-snmp/commit/67ebb43e9038b2dae6e74ae8838b36fcc10fc937
(v5.9.2.pre1)
NOTE:
https://github.com/net-snmp/net-snmp/commit/9a0cd7c00947d5e1c6ceb54558d454f87c3b8341
(v5.9.2.pre1)
-CVE-2022-24809 [A malformed OID in a GET-NEXT to the nsVacmAccessTable can
cause a NULL pointer dereference]
- RESERVED
+CVE-2022-24809 (net-snmp provides various tools relating to the Simple Network
Managem ...)
{DSA-5209-1 DLA-3088-1}
- net-snmp 5.9.3+dfsg-1 (bug #1016139)
NOTE: https://fossies.org/linux/net-snmp/CHANGES (fixed in 5.9.3)
NOTE:
https://github.com/net-snmp/net-snmp/commit/67ebb43e9038b2dae6e74ae8838b36fcc10fc937
(v5.9.2.pre1)
NOTE:
https://github.com/net-snmp/net-snmp/commit/9a0cd7c00947d5e1c6ceb54558d454f87c3b8341
(v5.9.2.pre1)
-CVE-2022-24808 [A malformed OID in a SET request to
NET-SNMP-AGENT-MIB::nsLogTable can cause a NULL pointer dereference]
- RESERVED
+CVE-2022-24808 (net-snmp provides various tools relating to the Simple Network
Managem ...)
{DSA-5209-1 DLA-3088-1}
- net-snmp 5.9.3+dfsg-1 (bug #1016139)
NOTE: https://fossies.org/linux/net-snmp/CHANGES (fixed in 5.9.3)
NOTE:
https://github.com/net-snmp/net-snmp/commit/67ebb43e9038b2dae6e74ae8838b36fcc10fc937
(v5.9.2.pre1)
NOTE:
https://github.com/net-snmp/net-snmp/commit/9a0cd7c00947d5e1c6ceb54558d454f87c3b8341
(v5.9.2.pre1)
-CVE-2022-24807 [A malformed OID in a SET request to
SNMP-VIEW-BASED-ACM-MIB::vacmAccessTable can cause an out-of-bounds memory
access]
- RESERVED
+CVE-2022-24807 (net-snmp provides various tools relating to the Simple Network
Managem ...)
{DSA-5209-1 DLA-3088-1}
- net-snmp 5.9.3+dfsg-1 (bug #1016139)
NOTE: https://fossies.org/linux/net-snmp/CHANGES (fixed in 5.9.3)
NOTE:
https://github.com/net-snmp/net-snmp/commit/67ebb43e9038b2dae6e74ae8838b36fcc10fc937
(v5.9.2.pre1)
NOTE:
https://github.com/net-snmp/net-snmp/commit/9a0cd7c00947d5e1c6ceb54558d454f87c3b8341
(v5.9.2.pre1)
-CVE-2022-24806 [Improper Input Validation when SETing malformed OIDs in master
agent and subagent simultaneously]
- RESERVED
+CVE-2022-24806 (net-snmp provides various tools relating to the Simple Network
Managem ...)
{DSA-5209-1 DLA-3088-1}
- net-snmp 5.9.3+dfsg-1 (bug #1016139)
NOTE: https://fossies.org/linux/net-snmp/CHANGES (fixed in 5.9.3)
NOTE:
https://github.com/net-snmp/net-snmp/commit/67ebb43e9038b2dae6e74ae8838b36fcc10fc937
(v5.9.2.pre1)
NOTE:
https://github.com/net-snmp/net-snmp/commit/9a0cd7c00947d5e1c6ceb54558d454f87c3b8341
(v5.9.2.pre1)
-CVE-2022-24805 [A buffer overflow in the handling of the INDEX of
NET-SNMP-VACM-MIB can cause an out-of-bounds memory access]
- RESERVED
+CVE-2022-24805 (net-snmp provides various tools relating to the Simple Network
Managem ...)
{DSA-5209-1 DLA-3088-1}
- net-snmp 5.9.3+dfsg-1 (bug #1016139)
NOTE: https://fossies.org/linux/net-snmp/CHANGES (fixed in 5.9.3)
View it on GitLab:
https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/44c50beebc54f57f2db4bae255f22485d6076172
--
View it on GitLab:
https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/44c50beebc54f57f2db4bae255f22485d6076172
You're receiving this email because of your account on salsa.debian.org.
_______________________________________________
debian-security-tracker-commits mailing list
debian-security-tracker-commits@alioth-lists.debian.net
https://alioth-lists.debian.net/cgi-bin/mailman/listinfo/debian-security-tracker-commits
