Salvatore Bonaccorso pushed to branch master at Debian Security Tracker /
security-tracker
Commits:
0e9c20f4 by security tracker role at 2024-04-18T20:11:51+00:00
automatic update
- - - - -
1 changed file:
- data/CVE/list
Changes:
=====================================
data/CVE/list
=====================================
@@ -1,3 +1,193 @@
+CVE-2024-3948 (A vulnerability was found in SourceCodester Home Clean Service
System ...)
+ TODO: check
+CVE-2024-32689 (Missing Authorization vulnerability in GenialSouls WP Social
Comments. ...)
+ TODO: check
+CVE-2024-32686 (Insertion of Sensitive Information into Log File vulnerability
in Inis ...)
+ TODO: check
+CVE-2024-32604 (Authorization Bypass Through User-Controlled Key vulnerability
in Plec ...)
+ TODO: check
+CVE-2024-32603 (Deserialization of Untrusted Data vulnerability in ThemeKraft
WooBuddy ...)
+ TODO: check
+CVE-2024-32602 (Improper Neutralization of Special Elements used in an SQL
Command ('S ...)
+ TODO: check
+CVE-2024-32601 (Missing Authorization vulnerability in WP OnlineSupport,
Essential Plu ...)
+ TODO: check
+CVE-2024-32600 (Deserialization of Untrusted Data vulnerability in Averta
Master Slide ...)
+ TODO: check
+CVE-2024-32599 (Improper Control of Generation of Code ('Code Injection')
vulnerabilit ...)
+ TODO: check
+CVE-2024-32598 (Improper Neutralization of Input During Web Page Generation
('Cross-si ...)
+ TODO: check
+CVE-2024-32597 (Improper Neutralization of Input During Web Page Generation
('Cross-si ...)
+ TODO: check
+CVE-2024-32596 (Improper Neutralization of Input During Web Page Generation
('Cross-si ...)
+ TODO: check
+CVE-2024-32595 (Improper Neutralization of Input During Web Page Generation
('Cross-si ...)
+ TODO: check
+CVE-2024-32594 (Improper Neutralization of Input During Web Page Generation
('Cross-si ...)
+ TODO: check
+CVE-2024-32593 (Improper Neutralization of Input During Web Page Generation
('Cross-si ...)
+ TODO: check
+CVE-2024-32592 (Improper Neutralization of Input During Web Page Generation
('Cross-si ...)
+ TODO: check
+CVE-2024-32591 (Improper Neutralization of Input During Web Page Generation
('Cross-si ...)
+ TODO: check
+CVE-2024-32590 (Improper Neutralization of Input During Web Page Generation
('Cross-si ...)
+ TODO: check
+CVE-2024-32588 (Improper Neutralization of Input During Web Page Generation
('Cross-si ...)
+ TODO: check
+CVE-2024-32587 (Improper Neutralization of Input During Web Page Generation
('Cross-si ...)
+ TODO: check
+CVE-2024-32586 (Improper Neutralization of Input During Web Page Generation
('Cross-si ...)
+ TODO: check
+CVE-2024-32585 (Improper Neutralization of Input During Web Page Generation
('Cross-si ...)
+ TODO: check
+CVE-2024-32584 (Improper Neutralization of Input During Web Page Generation
('Cross-si ...)
+ TODO: check
+CVE-2024-32583 (Improper Neutralization of Input During Web Page Generation
('Cross-si ...)
+ TODO: check
+CVE-2024-32582 (Improper Neutralization of Input During Web Page Generation
('Cross-si ...)
+ TODO: check
+CVE-2024-32581 (Improper Neutralization of Input During Web Page Generation
('Cross-si ...)
+ TODO: check
+CVE-2024-32580 (Improper Neutralization of Input During Web Page Generation
('Cross-si ...)
+ TODO: check
+CVE-2024-32579 (Improper Neutralization of Input During Web Page Generation
('Cross-si ...)
+ TODO: check
+CVE-2024-32578 (Improper Neutralization of Input During Web Page Generation
('Cross-si ...)
+ TODO: check
+CVE-2024-32577 (Improper Neutralization of Input During Web Page Generation
('Cross-si ...)
+ TODO: check
+CVE-2024-32576 (Improper Neutralization of Input During Web Page Generation
('Cross-si ...)
+ TODO: check
+CVE-2024-32575 (Improper Neutralization of Input During Web Page Generation
('Cross-si ...)
+ TODO: check
+CVE-2024-32574 (Improper Neutralization of Input During Web Page Generation
('Cross-si ...)
+ TODO: check
+CVE-2024-32573 (Improper Neutralization of Input During Web Page Generation
('Cross-si ...)
+ TODO: check
+CVE-2024-32572 (Improper Neutralization of Input During Web Page Generation
('Cross-si ...)
+ TODO: check
+CVE-2024-32571 (Improper Neutralization of Input During Web Page Generation
('Cross-si ...)
+ TODO: check
+CVE-2024-32570 (Improper Neutralization of Input During Web Page Generation
('Cross-si ...)
+ TODO: check
+CVE-2024-32569 (Improper Neutralization of Input During Web Page Generation
('Cross-si ...)
+ TODO: check
+CVE-2024-32568 (Improper Neutralization of Input During Web Page Generation
('Cross-si ...)
+ TODO: check
+CVE-2024-32567 (Improper Neutralization of Input During Web Page Generation
('Cross-si ...)
+ TODO: check
+CVE-2024-32566 (Improper Neutralization of Input During Web Page Generation
('Cross-si ...)
+ TODO: check
+CVE-2024-32565 (Improper Neutralization of Input During Web Page Generation
('Cross-si ...)
+ TODO: check
+CVE-2024-32564 (Improper Neutralization of Input During Web Page Generation
('Cross-si ...)
+ TODO: check
+CVE-2024-32563 (Improper Neutralization of Input During Web Page Generation
('Cross-si ...)
+ TODO: check
+CVE-2024-32562 (Improper Neutralization of Input During Web Page Generation
('Cross-si ...)
+ TODO: check
+CVE-2024-32561 (Improper Neutralization of Input During Web Page Generation
('Cross-si ...)
+ TODO: check
+CVE-2024-32560 (Improper Neutralization of Input During Web Page Generation
('Cross-si ...)
+ TODO: check
+CVE-2024-32559 (Improper Neutralization of Input During Web Page Generation
('Cross-si ...)
+ TODO: check
+CVE-2024-32558 (Improper Neutralization of Input During Web Page Generation
('Cross-si ...)
+ TODO: check
+CVE-2024-32556 (Improper Neutralization of Input During Web Page Generation
('Cross-si ...)
+ TODO: check
+CVE-2024-32554 (Improper Neutralization of Input During Web Page Generation
('Cross-si ...)
+ TODO: check
+CVE-2024-32553 (Improper Neutralization of Input During Web Page Generation
('Cross-si ...)
+ TODO: check
+CVE-2024-32552 (Improper Neutralization of Input During Web Page Generation
('Cross-si ...)
+ TODO: check
+CVE-2024-32551 (Improper Neutralization of Special Elements used in an SQL
Command ('S ...)
+ TODO: check
+CVE-2024-32477 (Deno is a JavaScript, TypeScript, and WebAssembly runtime with
secure ...)
+ TODO: check
+CVE-2024-32475 (Envoy is a cloud-native, open source edge and service proxy.
When an u ...)
+ TODO: check
+CVE-2024-32474 (Sentry is an error tracking and performance monitoring
platform. Prior ...)
+ TODO: check
+CVE-2024-32470 (Tolgee is an open-source localization platform. When API key
created b ...)
+ TODO: check
+CVE-2024-32466 (Tolgee is an open-source localization platform. For the
`/v2/projects/ ...)
+ TODO: check
+CVE-2024-32462 (Flatpak is a system for building, distributing, and running
sandboxed ...)
+ TODO: check
+CVE-2024-32335 (TOTOLINK N300RT V2.1.8-B20201030.1539 contains a Store
Cross-site scri ...)
+ TODO: check
+CVE-2024-32334 (TOTOLINK N300RT V2.1.8-B20201030.1539 contains a Store
Cross-site scri ...)
+ TODO: check
+CVE-2024-32333 (TOTOLINK N300RT V2.1.8-B20201030.1539 contains a Store
Cross-site scri ...)
+ TODO: check
+CVE-2024-32332 (TOTOLINK N300RT V2.1.8-B20201030.1539 contains a Store
Cross-site scri ...)
+ TODO: check
+CVE-2024-32327 (TOTOLINK N300RT V2.1.8-B20201030.1539 contains a Store
Cross-site scri ...)
+ TODO: check
+CVE-2024-32326 (TOTOLINK EX200 V4.0.3c.7646_B20201211 contains a Cross-site
scripting ...)
+ TODO: check
+CVE-2024-32325 (TOTOLINK EX200 V4.0.3c.7646_B20201211 contains a Cross-site
scripting ...)
+ TODO: check
+CVE-2024-32142 (Missing Authorization vulnerability in Ovic Team Ovic
Responsive WPBak ...)
+ TODO: check
+CVE-2024-32126 (Improper Neutralization of Input During Web Page Generation
('Cross-si ...)
+ TODO: check
+CVE-2024-31229 (Server-Side Request Forgery (SSRF) vulnerability in Really
Simple Plug ...)
+ TODO: check
+CVE-2024-30564 (An issue inandrei-tatar nora-firebase-common between v.1.0.41
and v.1. ...)
+ TODO: check
+CVE-2024-30257 (1Panel is an open source Linux server operation and
maintenance manage ...)
+ TODO: check
+CVE-2024-2833 (The Jobs for WordPress plugin for WordPress is vulnerable to
Reflected ...)
+ TODO: check
+CVE-2024-2796 (A server-side request forgery (SSRF) was discovered in the
Akana Commu ...)
+ TODO: check
+CVE-2024-29987 (Microsoft Edge (Chromium-based) Information Disclosure
Vulnerability)
+ TODO: check
+CVE-2024-29986 (Microsoft Edge for Android (Chromium-based) Information
Disclosure Vul ...)
+ TODO: check
+CVE-2024-29021 (Judge0 is an open-source online code execution system. The
default con ...)
+ TODO: check
+CVE-2024-29003 (The SolarWinds Platform was susceptible to a XSS vulnerability
that af ...)
+ TODO: check
+CVE-2024-29001 (A SolarWinds Platform SWQL Injection Vulnerability was
identified in t ...)
+ TODO: check
+CVE-2024-28189 (Judge0 is an open-source online code execution system. The
application ...)
+ TODO: check
+CVE-2024-28185 (Judge0 is an open-source online code execution system. The
application ...)
+ TODO: check
+CVE-2024-28076 (The SolarWinds Platform was susceptible to a Arbitrary Open
Redirectio ...)
+ TODO: check
+CVE-2024-27306 (aiohttp is an asynchronous HTTP client/server framework for
asyncio an ...)
+ TODO: check
+CVE-2024-24910 (A local attacker can escalate privileges on affected Check
Point ZoneA ...)
+ TODO: check
+CVE-2024-23557 (HCL Connections contains a user enumeration vulnerability.
Certain act ...)
+ TODO: check
+CVE-2024-20380 (A vulnerability in the HTML parser of ClamAV could allow an
unauthenti ...)
+ TODO: check
+CVE-2023-6897 (The EAN for WooCommerce plugin for WordPress is vulnerable to
Insecure ...)
+ TODO: check
+CVE-2023-6892 (The EAN for WooCommerce plugin for WordPress is vulnerable to
Stored C ...)
+ TODO: check
+CVE-2023-50885 (Improper Limitation of a Pathname to a Restricted Directory
('Path Tra ...)
+ TODO: check
+CVE-2023-49768 (Improper Neutralization of Input During Web Page Generation
('Cross-si ...)
+ TODO: check
+CVE-2023-49742 (Missing Authorization vulnerability in Support Genix.This
issue affect ...)
+ TODO: check
+CVE-2023-47843 (Improper Limitation of a Pathname to a Restricted Directory
('Path Tra ...)
+ TODO: check
+CVE-2023-41864 (Cross-Site Request Forgery (CSRF) vulnerability in Pepro Dev.
Group Pe ...)
+ TODO: check
+CVE-2023-3758 (A race condition flaw was found in sssd where the GPO policy is
not co ...)
+ TODO: check
+CVE-2023-3675 (Improper Limitation of a Pathname to a Restricted Directory
('Path Tra ...)
+ TODO: check
CVE-2024-XXXX [tryton zipbomb DoS]
- tryton-server 6.0.45-1
[bookworm] - tryton-server <no-dsa> (Minor issue)
@@ -8,7 +198,7 @@ CVE-2024-3246
- flatpak <unfixed>
NOTE: https://www.openwall.com/lists/oss-security/2024/04/18/5
NOTE:
https://github.com/flatpak/flatpak/security/advisories/GHSA-phv6-cpc2-2fgj
-CVE-2024-26921 [inet: inet_defrag: prevent sk release while still in use]
+CVE-2024-26921 (In the Linux kernel, the following vulnerability has been
resolved: i ...)
- linux <unfixed>
[bookworm] - linux 6.1.85-1
NOTE:
https://git.kernel.org/linus/18685451fc4e546fc0e718580d32df3c0e5c8272 (6.9-rc2)
@@ -1023,7 +1213,8 @@ CVE-2024-22354 (IBM WebSphere Application Server 8.5, 9.0
and IBM WebSphere Appl
NOT-FOR-US: IBM
CVE-2024-22329 (IBM WebSphere Application Server 8.5, 9.0 and IBM WebSphere
Applicatio ...)
NOT-FOR-US: IBM
-CVE-2024-21676 (This High severity Injection vulnerability was introduced in
versions ...)
+CVE-2024-21676
+ REJECTED
NOT-FOR-US: Atlassian
CVE-2024-21121 (Vulnerability in the Oracle VM VirtualBox product of Oracle
Virtualiza ...)
- virtualbox 7.0.16-dfsg-1
View it on GitLab:
https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/0e9c20f42a8634f063d8ed502e4de1cd236c52f3
--
View it on GitLab:
https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/0e9c20f42a8634f063d8ed502e4de1cd236c52f3
You're receiving this email because of your account on salsa.debian.org.
_______________________________________________
debian-security-tracker-commits mailing list
[email protected]
https://alioth-lists.debian.net/cgi-bin/mailman/listinfo/debian-security-tracker-commits
