Salvatore Bonaccorso pushed to branch master at Debian Security Tracker /
security-tracker
Commits:
0b5d0e50 by security tracker role at 2024-05-16T20:12:17+00:00
automatic update
- - - - -
1 changed file:
- data/CVE/list
Changes:
=====================================
data/CVE/list
=====================================
@@ -1,3 +1,299 @@
+CVE-2024-5023 (Improper Neutralization of Special Elements used in a Command
('Comman ...)
+ TODO: check
+CVE-2024-4999 (A vulnerability in the web-based management interface of
multiple Ligo ...)
+ TODO: check
+CVE-2024-4993 (Vulnerability in SiAdmin 1.1 that allows XSS via the /show.php
query p ...)
+ TODO: check
+CVE-2024-4992 (Vulnerability in SiAdmin 1.1 that allows SQL injection via the
/modul/ ...)
+ TODO: check
+CVE-2024-4991 (Vulnerability in SiAdmin 1.1 that allows SQL injection via the
/modul/ ...)
+ TODO: check
+CVE-2024-4984 (The Yoast SEO plugin for WordPress is vulnerable to Stored
Cross-Site ...)
+ TODO: check
+CVE-2024-4976 (Out-of-bounds array write in Xpdf 4.05 and earlier, due to
missing obj ...)
+ TODO: check
+CVE-2024-4975 (A vulnerability, which was classified as problematic, has been
found i ...)
+ TODO: check
+CVE-2024-4974 (A vulnerability, which was classified as problematic, was found
in cod ...)
+ TODO: check
+CVE-2024-4973 (A vulnerability classified as critical was found in
code-projects Simp ...)
+ TODO: check
+CVE-2024-4972 (A vulnerability classified as critical has been found in
code-projects ...)
+ TODO: check
+CVE-2024-4968 (A vulnerability was found in SourceCodester Interactive Map
with Marke ...)
+ TODO: check
+CVE-2024-4967 (A vulnerability was found in SourceCodester Interactive Map
with Marke ...)
+ TODO: check
+CVE-2024-4966 (A vulnerability was found in SourceCodester SchoolWebTech 1.0.
It has ...)
+ TODO: check
+CVE-2024-4965 (** UNSUPPORTED WHEN ASSIGNED ** A vulnerability was found in
D-Link DA ...)
+ TODO: check
+CVE-2024-4964 (** UNSUPPORTED WHEN ASSIGNED ** A vulnerability has been found
in D-Li ...)
+ TODO: check
+CVE-2024-4963 (** UNSUPPORTED WHEN ASSIGNED ** A vulnerability, which was
classified ...)
+ TODO: check
+CVE-2024-4962 (** UNSUPPORTED WHEN ASSIGNED ** A vulnerability, which was
classified ...)
+ TODO: check
+CVE-2024-4961 (** UNSUPPORTED WHEN ASSIGNED ** A vulnerability classified as
critical ...)
+ TODO: check
+CVE-2024-4960 (** UNSUPPORTED WHEN ASSIGNED ** A vulnerability classified as
critical ...)
+ TODO: check
+CVE-2024-4956 (Path Traversal in Sonatype Nexus Repository 3 allows an
unauthenticate ...)
+ TODO: check
+CVE-2024-4950 (Inappropriate implementation in Downloads in Google Chrome
prior to 12 ...)
+ TODO: check
+CVE-2024-4949 (Use after free in V8 in Google Chrome prior to 125.0.6422.60
allowed a ...)
+ TODO: check
+CVE-2024-4948 (Use after free in Dawn in Google Chrome prior to 125.0.6422.60
allowed ...)
+ TODO: check
+CVE-2024-4947 (Type Confusion in V8 in Google Chrome prior to 125.0.6422.60
allowed a ...)
+ TODO: check
+CVE-2024-4946 (A vulnerability was found in SourceCodester Online Art Gallery
Managem ...)
+ TODO: check
+CVE-2024-4945 (A vulnerability was found in SourceCodester Best Courier
Management Sy ...)
+ TODO: check
+CVE-2024-4933 (A vulnerability has been found in SourceCodester Simple Online
Bidding ...)
+ TODO: check
+CVE-2024-4932 (A vulnerability, which was classified as critical, was found in
Source ...)
+ TODO: check
+CVE-2024-4931 (A vulnerability, which was classified as critical, has been
found in S ...)
+ TODO: check
+CVE-2024-4930 (A vulnerability classified as critical was found in
SourceCodester Sim ...)
+ TODO: check
+CVE-2024-4929 (A vulnerability classified as problematic has been found in
SourceCode ...)
+ TODO: check
+CVE-2024-4928 (A vulnerability was found in SourceCodester Simple Online
Bidding Syst ...)
+ TODO: check
+CVE-2024-4927 (A vulnerability was found in SourceCodester Simple Online
Bidding Syst ...)
+ TODO: check
+CVE-2024-4926 (A vulnerability was found in SourceCodester School Intramurals
Student ...)
+ TODO: check
+CVE-2024-4925 (A vulnerability was found in SourceCodester School Intramurals
Student ...)
+ TODO: check
+CVE-2024-4923 (A vulnerability has been found in Codezips E-Commerce Site 1.0
and cla ...)
+ TODO: check
+CVE-2024-4922 (A vulnerability, which was classified as problematic, was found
in Sou ...)
+ TODO: check
+CVE-2024-4921 (A vulnerability classified as critical has been found in
SourceCodeste ...)
+ TODO: check
+CVE-2024-4920 (A vulnerability was found in SourceCodester Online Discussion
Forum Si ...)
+ TODO: check
+CVE-2024-4919 (A vulnerability was found in Campcodes Online Examination
System 1.0. ...)
+ TODO: check
+CVE-2024-4918 (A vulnerability was found in Campcodes Online Examination
System 1.0. ...)
+ TODO: check
+CVE-2024-4917 (A vulnerability was found in Campcodes Online Examination
System 1.0 a ...)
+ TODO: check
+CVE-2024-4916 (A vulnerability has been found in Campcodes Online Examination
System ...)
+ TODO: check
+CVE-2024-4915 (A vulnerability, which was classified as critical, was found in
Campco ...)
+ TODO: check
+CVE-2024-4914 (A vulnerability, which was classified as critical, has been
found in C ...)
+ TODO: check
+CVE-2024-4913 (A vulnerability classified as critical was found in Campcodes
Online E ...)
+ TODO: check
+CVE-2024-4912 (A vulnerability classified as critical has been found in
Campcodes Onl ...)
+ TODO: check
+CVE-2024-4911 (A vulnerability was found in Campcodes Complete Web-Based
School Manag ...)
+ TODO: check
+CVE-2024-4844 (Hardcoded credentials vulnerability in Trellix ePolicy
Orchestrator (e ...)
+ TODO: check
+CVE-2024-4843 (ePO doesn't allow a regular privileged user to delete tasks or
assignm ...)
+ TODO: check
+CVE-2024-4838 (The ConvertPlus plugin for WordPress is vulnerable to PHP
Object Injec ...)
+ TODO: check
+CVE-2024-4826 (SQL injection vulnerability in Simple PHP Shopping Cart
affecting vers ...)
+ TODO: check
+CVE-2024-4760 (A voltage glitch during the startup of EEFC NVM controllers on
Microch ...)
+ TODO: check
+CVE-2024-4733 (The ShiftController Employee Shift Scheduling plugin is
vulnerable to ...)
+ TODO: check
+CVE-2024-4642 (A Server-Side Request Forgery (SSRF) vulnerability exists in
the wandb ...)
+ TODO: check
+CVE-2024-4635 (The Menu Icons by ThemeIsle plugin for WordPress is vulnerable
to Stor ...)
+ TODO: check
+CVE-2024-4634 (The Elementor Header & Footer Builder plugin for WordPress is
vulnerab ...)
+ TODO: check
+CVE-2024-4617 (The Rank Math SEO with AI Best SEO Tools plugin for WordPress
is vulne ...)
+ TODO: check
+CVE-2024-4609 (A vulnerability exists in the Rockwell Automation
FactoryTalk\xae View ...)
+ TODO: check
+CVE-2024-4580 (The Master Addons \u2013 Free Widgets, Hover Effects, Toggle,
Conditio ...)
+ TODO: check
+CVE-2024-4546 (The Custom Post Type Attachment plugin for WordPress is
vulnerable to ...)
+ TODO: check
+CVE-2024-4478 (The Happy Addons for Elementor plugin for WordPress is
vulnerable to S ...)
+ TODO: check
+CVE-2024-4400 (The Post and Page Builder by BoldGrid \u2013 Visual Drag and
Drop Edit ...)
+ TODO: check
+CVE-2024-4391 (The Happy Addons for Elementor plugin for WordPress is
vulnerable to S ...)
+ TODO: check
+CVE-2024-4385 (The Envo Extra plugin for WordPress is vulnerable to Stored
Cross-Site ...)
+ TODO: check
+CVE-2024-4352 (The Tutor LMS Pro plugin for WordPress is vulnerable to
unauthorized a ...)
+ TODO: check
+CVE-2024-4351 (The Tutor LMS Pro plugin for WordPress is vulnerable to
unauthorized a ...)
+ TODO: check
+CVE-2024-4326 (A vulnerability in parisneo/lollms-webui versions up to 9.3
allows rem ...)
+ TODO: check
+CVE-2024-4322 (A path traversal vulnerability exists in the
parisneo/lollms-webui app ...)
+ TODO: check
+CVE-2024-4321 (A Local File Inclusion (LFI) vulnerability exists in the
gaizhenbiao/c ...)
+ TODO: check
+CVE-2024-4318 (The Tutor LMS plugin for WordPress is vulnerable to time-based
SQL Inj ...)
+ TODO: check
+CVE-2024-4288 (The Appointment Booking Calendar \u2014 Simply Schedule
Appointments B ...)
+ TODO: check
+CVE-2024-4279 (The Tutor LMS \u2013 eLearning and online course solution
plugin for W ...)
+ TODO: check
+CVE-2024-4263 (A broken access control vulnerability exists in mlflow/mlflow
versions ...)
+ TODO: check
+CVE-2024-4223 (The Tutor LMS plugin for WordPress is vulnerable to
unauthorized acces ...)
+ TODO: check
+CVE-2024-4222 (The Tutor LMS Pro plugin for WordPress is vulnerable to
unauthorized a ...)
+ TODO: check
+CVE-2024-4181 (A command injection vulnerability exists in the RunGptLLM class
of the ...)
+ TODO: check
+CVE-2024-4078 (A vulnerability in the parisneo/lollms, specifically in the
`/unInstal ...)
+ TODO: check
+CVE-2024-3887 (The Royal Elementor Addons and Templates plugin for WordPress
is vulne ...)
+ TODO: check
+CVE-2024-3851 (A stored Cross-Site Scripting (XSS) vulnerability exists in the
'imart ...)
+ TODO: check
+CVE-2024-3848 (A path traversal vulnerability exists in mlflow/mlflow version
2.11.0, ...)
+ TODO: check
+CVE-2024-3750 (The Visualizer: Tables and Charts Manager for WordPress plugin
for Wor ...)
+ TODO: check
+CVE-2024-3644 (The Newsletter Popup WordPress plugin through 1.2 does not
sanitise an ...)
+ TODO: check
+CVE-2024-3643 (The Newsletter Popup WordPress plugin through 1.2 does not have
CSRF c ...)
+ TODO: check
+CVE-2024-3642 (The Newsletter Popup WordPress plugin through 1.2 does not have
CSRF c ...)
+ TODO: check
+CVE-2024-3641 (The Newsletter Popup WordPress plugin through 1.2 does not
sanitise an ...)
+ TODO: check
+CVE-2024-3640 (An unquoted executable path exists in the Rockwell
AutomationFactoryTa ...)
+ TODO: check
+CVE-2024-3435 (A path traversal vulnerability exists in the 'save_settings'
endpoint ...)
+ TODO: check
+CVE-2024-3403 (imartinez/privategpt version 0.2.0 is vulnerable to a local
file inclu ...)
+ TODO: check
+CVE-2024-3286 (A buffer overflow vulnerability was identified in some Lenovo
printers ...)
+ TODO: check
+CVE-2024-3126 (A command injection vulnerability exists in the
'run_xtts_api_server' ...)
+ TODO: check
+CVE-2024-35302 (In JetBrains TeamCity before 2023.11 stored XSS during restore
from ba ...)
+ TODO: check
+CVE-2024-35301 (In JetBrains TeamCity before 2024.03.1 commit status publisher
didn't ...)
+ TODO: check
+CVE-2024-35300 (In JetBrains TeamCity between 2024.03 and 2024.03.1 several
stored XSS ...)
+ TODO: check
+CVE-2024-35299 (In JetBrains YouTrack before 2024.1.29548 the SMTPS protocol
communica ...)
+ TODO: check
+CVE-2024-35187 (Stalwart Mail Server is an open-source mail server. Prior to
version 0 ...)
+ TODO: check
+CVE-2024-35185 (Minder is a software supply chain security platform. Prior to
version ...)
+ TODO: check
+CVE-2024-35184 (Paperless-ngx is a document management system that transforms
physical ...)
+ TODO: check
+CVE-2024-35183 (wolfictl is a command line tool for working with Wolfi. A git
authenti ...)
+ TODO: check
+CVE-2024-35176 (REXML is an XML toolkit for Ruby. The REXML gem before 3.2.6
has a den ...)
+ TODO: check
+CVE-2024-35039 (idccms V1.35 was discovered to contain a Cross-Site Request
Forgery (C ...)
+ TODO: check
+CVE-2024-34958 (idccms v1.35 was discovered to contain a Cross-Site Request
Forgery (C ...)
+ TODO: check
+CVE-2024-34957 (idccms v1.35 was discovered to contain a Cross-Site Request
Forgery (C ...)
+ TODO: check
+CVE-2024-34905 (FlyFish v3.0.0 was discovered to contain a buffer overflow via
the pas ...)
+ TODO: check
+CVE-2024-34808 (Improper Limitation of a Pathname to a Restricted Directory
('Path Tra ...)
+ TODO: check
+CVE-2024-34805 (Improper Neutralization of Input During Web Page Generation
(XSS or 'C ...)
+ TODO: check
+CVE-2024-34760 (Improper Neutralization of Input During Web Page Generation
(XSS or 'C ...)
+ TODO: check
+CVE-2024-34751 (Deserialization of Untrusted Data vulnerability in WebToffee
Order Exp ...)
+ TODO: check
+CVE-2024-34582 (Sunhillo SureLine through 8.10.0 on RICI 5000 devices allows
cgi/usrPa ...)
+ TODO: check
+CVE-2024-34273 (njwt up to v0.4.0 was discovered to contain a prototype
pollution in t ...)
+ TODO: check
+CVE-2024-31226 (Sunshine is a self-hosted game stream host for Moonlight.
Users who ra ...)
+ TODO: check
+CVE-2024-30314 (Dreamweaver Desktop versions 21.3 and earlier are affected by
an Impro ...)
+ TODO: check
+CVE-2024-30309 (Substance3D - Painter versions 9.1.2 and earlier Answer: are
affected ...)
+ TODO: check
+CVE-2024-30308 (Substance3D - Painter versions 9.1.2 and earlier Answer: are
affected ...)
+ TODO: check
+CVE-2024-30307 (Substance3D - Painter versions 9.1.2 and earlier are affected
by an ou ...)
+ TODO: check
+CVE-2024-30298 (Animate versions 24.0.2, 23.0.5 and earlier Answer: are
affected by an ...)
+ TODO: check
+CVE-2024-30297 (Animate versions 24.0.2, 23.0.5 and earlier are affected by an
out-of- ...)
+ TODO: check
+CVE-2024-30296 (Animate versions 24.0.2, 23.0.5 and earlier are affected by an
out-of- ...)
+ TODO: check
+CVE-2024-30295 (Animate versions 24.0.2, 23.0.5 and earlier are affected by a
NULL Poi ...)
+ TODO: check
+CVE-2024-30294 (Animate versions 24.0.2, 23.0.5 and earlier are affected by a
Heap-bas ...)
+ TODO: check
+CVE-2024-30293 (Animate versions 24.0.2, 23.0.5 and earlier are affected by a
Stack-ba ...)
+ TODO: check
+CVE-2024-30292 (Adobe Framemaker versions 2020.5, 2022.3 and earlier are
affected by a ...)
+ TODO: check
+CVE-2024-30291 (Adobe Framemaker versions 2020.5, 2022.3 and earlier are
affected by a ...)
+ TODO: check
+CVE-2024-30290 (Adobe Framemaker versions 2020.5, 2022.3 and earlier are
affected by a ...)
+ TODO: check
+CVE-2024-30289 (Adobe Framemaker versions 2020.5, 2022.3 and earlier are
affected by a ...)
+ TODO: check
+CVE-2024-30288 (Adobe Framemaker versions 2020.5, 2022.3 and earlier are
affected by a ...)
+ TODO: check
+CVE-2024-30287 (Adobe Framemaker versions 2020.5, 2022.3 and earlier Answer:
are affec ...)
+ TODO: check
+CVE-2024-30286 (Adobe Framemaker versions 2020.5, 2022.3 and earlier Answer:
are affec ...)
+ TODO: check
+CVE-2024-30283 (Adobe Framemaker versions 2020.5, 2022.3 and earlier Answer:
are affec ...)
+ TODO: check
+CVE-2024-30282 (Animate versions 24.0.2, 23.0.5 and earlier are affected by an
out-of- ...)
+ TODO: check
+CVE-2024-30281 (Substance3D - Designer versions 13.1.1 and earlier Answer: are
affecte ...)
+ TODO: check
+CVE-2024-30275 (Adobe Aero Desktop versions 23.4 and earlier are affected by a
Use Aft ...)
+ TODO: check
+CVE-2024-30274 (Substance3D - Painter versions 9.1.2 and earlier are affected
by an ou ...)
+ TODO: check
+CVE-2024-2366 (A remote code execution vulnerability exists in the
parisneo/lollms-we ...)
+ TODO: check
+CVE-2024-2361 (A vulnerability in the parisneo/lollms-webui allows for
arbitrary file ...)
+ TODO: check
+CVE-2024-2358 (A path traversal vulnerability in the '/apply_settings'
endpoint of pa ...)
+ TODO: check
+CVE-2024-27260 (IBM AIX could 7.2, 7.3, VIOS 3.1, and VIOS 4.1 allow a
non-privileged ...)
+ TODO: check
+CVE-2024-27244 (Insufficient verification of data authenticity in the
installer for Zo ...)
+ TODO: check
+CVE-2024-27243 (Buffer overflow in some Zoom Workplace Apps and SDK\u2019s may
allow a ...)
+ TODO: check
+CVE-2024-20793 (Illustrator versions 28.4, 27.9.3 and earlier are affected by
an out-o ...)
+ TODO: check
+CVE-2024-20792 (Illustrator versions 28.4, 27.9.3 and earlier are affected by
a Use Af ...)
+ TODO: check
+CVE-2024-20791 (Illustrator versions 28.4, 27.9.3 and earlier are affected by
an out-o ...)
+ TODO: check
+CVE-2024-20389 (A vulnerability in the ConfD CLI and the Cisco Crosswork
Network Serv ...)
+ TODO: check
+CVE-2024-20326 (A vulnerability in the ConfD CLI and the Cisco Crosswork
Network Serv ...)
+ TODO: check
+CVE-2024-1417 (Improper Neutralization of Special Elements used in a Command
('Comman ...)
+ TODO: check
+CVE-2023-48643 (Shrubbery tac_plus 2.x, 3.x. and 4.x through F4.0.4.28 allows
unauthen ...)
+ TODO: check
+CVE-2023-47717 (IBM Security Guardium 12.0 could allow a privileged user to
perform un ...)
+ TODO: check
CVE-2024-4910 (A vulnerability was found in Campcodes Complete Web-Based
School Manag ...)
NOT-FOR-US: Campcodes Complete Web-Based School Management System
CVE-2024-4909 (A vulnerability was found in Campcodes Complete Web-Based
School Manag ...)
@@ -700,7 +996,7 @@ CVE-2024-4778 (Memory safety bugs present in Firefox 125.
Some of these bugs sho
- firefox 126.0-1
NOTE:
https://www.mozilla.org/en-US/security/advisories/mfsa2024-21/#CVE-2024-4778
CVE-2024-4777 (Memory safety bugs present in Firefox 125, Firefox ESR 115.10,
and Thu ...)
- {DSA-5691-1}
+ {DSA-5691-1 DLA-3815-1}
- firefox 126.0-1
- firefox-esr 115.11.0esr-1
- thunderbird 1:115.11.0-1
@@ -726,7 +1022,7 @@ CVE-2024-4771 (A memory allocation check was missing which
would lead to a use-a
- firefox 126.0-1
NOTE:
https://www.mozilla.org/en-US/security/advisories/mfsa2024-21/#CVE-2024-4771
CVE-2024-4770 (When saving a page to PDF, certain font styles could have led
to a pot ...)
- {DSA-5691-1}
+ {DSA-5691-1 DLA-3815-1}
- firefox 126.0-1
- firefox-esr 115.11.0esr-1
- thunderbird 1:115.11.0-1
@@ -734,7 +1030,7 @@ CVE-2024-4770 (When saving a page to PDF, certain font
styles could have led to
NOTE:
https://www.mozilla.org/en-US/security/advisories/mfsa2024-22/#CVE-2024-4770
NOTE:
https://www.mozilla.org/en-US/security/advisories/mfsa2024-23/#CVE-2024-4769
CVE-2024-4769 (When importing resources using Web Workers, error messages
would disti ...)
- {DSA-5691-1}
+ {DSA-5691-1 DLA-3815-1}
- firefox 126.0-1
- firefox-esr 115.11.0esr-1
- thunderbird 1:115.11.0-1
@@ -742,7 +1038,7 @@ CVE-2024-4769 (When importing resources using Web Workers,
error messages would
NOTE:
https://www.mozilla.org/en-US/security/advisories/mfsa2024-22/#CVE-2024-4769
NOTE:
https://www.mozilla.org/en-US/security/advisories/mfsa2024-23/#CVE-2024-4769
CVE-2024-4768 (A bug in popup notifications' interaction with WebAuthn made it
easier ...)
- {DSA-5691-1}
+ {DSA-5691-1 DLA-3815-1}
- firefox 126.0-1
- firefox-esr 115.11.0esr-1
- thunderbird 1:115.11.0-1
@@ -750,7 +1046,7 @@ CVE-2024-4768 (A bug in popup notifications' interaction
with WebAuthn made it e
NOTE:
https://www.mozilla.org/en-US/security/advisories/mfsa2024-22/#CVE-2024-4768
NOTE:
https://www.mozilla.org/en-US/security/advisories/mfsa2024-23/#CVE-2024-4768
CVE-2024-4767 (If the `browser.privatebrowsing.autostart` preference is
enabled, Inde ...)
- {DSA-5691-1}
+ {DSA-5691-1 DLA-3815-1}
- firefox 126.0-1
- firefox-esr 115.11.0esr-1
- thunderbird 1:115.11.0-1
@@ -764,7 +1060,7 @@ CVE-2024-4765 (Web application manifests were stored by
using an insecure MD5 ha
- firefox <not-affected> (Android-specific)
NOTE:
https://www.mozilla.org/en-US/security/advisories/mfsa2024-21/#CVE-2024-4765
CVE-2024-4367 (A type check was missing when handling fonts in PDF.js, which
would al ...)
- {DSA-5691-1}
+ {DSA-5691-1 DLA-3815-1}
- firefox 126.0-1
- firefox-esr 115.11.0esr-1
- thunderbird 1:115.11.0-1
@@ -1041,7 +1337,8 @@ CVE-2024-34077 (MantisBT (Mantis Bug Tracker) is an open
source issue tracker. I
- mantis <removed>
CVE-2024-33433 (Cross Site Scripting vulnerability in TOTOLINK X2000R before
v1.0.0-B2 ...)
NOT-FOR-US: TOTOLINK
-CVE-2024-33386 (An issue in SoundCloud Prometheu v.2.5.1 and before allows a
remote at ...)
+CVE-2024-33386
+ REJECTED
NOT-FOR-US: SoundCloud Prometheu
CVE-2024-33250 (An issue in Open-Source Technology Committee SRS real-time
video serve ...)
NOT-FOR-US: Open-Source Technology Committee SRS real-time video server
@@ -1529,7 +1826,7 @@ CVE-2024-4606 (Deserialization of Untrusted Data
vulnerability in BdThemes Ultim
NOT-FOR-US: WordPress plugin
CVE-2024-4605 (The Breakdance plugin for WordPress is vulnerable to Remote
Code Execu ...)
NOT-FOR-US: WordPress plugin
-CVE-2024-4603 [Excessive time spent checking DSA keys and parameters]
+CVE-2024-4603 (Issue summary: Checking excessively long DSA keys or parameters
may be ...)
- openssl <unfixed>
[bullseye] - openssl <not-affected> (Vulnerable code not present)
[buster] - openssl <not-affected> (Vulnerable code not present)
@@ -1547,7 +1844,8 @@ CVE-2024-4567 (The Themify Shortcodes plugin for
WordPress is vulnerable to Stor
NOT-FOR-US: WordPress plugin
CVE-2024-4545 (All versions of EnterpriseDB Postgres Advanced Server (EPAS)
from 15.0 ...)
NOT-FOR-US: EnterpriseDB
-CVE-2024-4542 (The WP Shortcodes Plugin \u2014 Shortcodes Ultimate plugin for
WordPre ...)
+CVE-2024-4542
+ REJECTED
NOT-FOR-US: WordPress plugin
CVE-2024-4463 (The Squelch Tabs and Accordions Shortcodes plugin for WordPress
is vul ...)
NOT-FOR-US: WordPress plugin
@@ -12825,7 +13123,7 @@ CVE-2024-2201 [Native Branch History Injection]
NOTE: https://vusec.net/projects/native-bhi
NOTE: https://download.vusec.net/papers/inspectre_sec24.pdf
NOTE: https://xenbits.xen.org/xsa/advisory-456.html
-CVE-2024-31142 [x86: Incorrect logic for BTC/SRSO mitigations]
+CVE-2024-31142 (Because of a logical error in XSA-407 (Branch Type Confusion),
the mit ...)
- xen <unfixed>
[bookworm] - xen <postponed> (Minor issue, fix along in next DSA)
[bullseye] - xen <end-of-life> (EOLed in Bullseye)
@@ -13737,7 +14035,7 @@ CVE-2024-28787 (IBM Security Verify Access 10.0.0
through 10.0.7 and IBM Applica
NOT-FOR-US: IBM
CVE-2024-27575 (INOTEC Sicherheitstechnik WebServer CPS220/64 3.3.19 allows a
remote a ...)
NOT-FOR-US: INOTEC
-CVE-2024-27268 (IBM WebSphere Application Server Liberty 18.0.0.2 through
24.0.0.3 is ...)
+CVE-2024-27268 (IBM WebSphere Application Server Liberty 18.0.0.2 through
24.0.0.4 is ...)
NOT-FOR-US: IBM
CVE-2024-25709
REJECTED
@@ -15713,7 +16011,7 @@ CVE-2024-30489 (Improper Neutralization of Special
Elements used in an SQL Comma
NOT-FOR-US: WordPress plugin
CVE-2024-25027 (IBM Security Verify Access 10.0.6 could disclose sensitive
snapshot in ...)
NOT-FOR-US: IBM
-CVE-2024-22353 (IBM WebSphere Application Server Liberty 17.0.0.3 through
24.0.0.3 is ...)
+CVE-2024-22353 (IBM WebSphere Application Server Liberty 17.0.0.3 through
24.0.0.4 is ...)
NOT-FOR-US: IBM
CVE-2023-50959 (IBM Cloud Pak for Business Automation 18.0.0, 18.0.1,
18.0.2,19.0.1, 1 ...)
NOT-FOR-US: IBM
@@ -32772,7 +33070,7 @@ CVE-2020-36772 (CloudLinux CageFS 7.0.8-2 or below
insufficiently restricts file
NOT-FOR-US: CloudLinux CageFS
CVE-2020-36771 (CloudLinux CageFS 7.1.1-1 or below passes the authentication
token as ...)
NOT-FOR-US: CloudLinux CageFS
-CVE-2023-46842 [x86 HVM hypercalls may trigger Xen bug check]
+CVE-2023-46842 (Unlike 32-bit PV guests, HVM guests may switch freely between
64-bit a ...)
- xen <unfixed>
[bookworm] - xen <postponed> (Minor issue, fix along in next DSA)
[bullseye] - xen <end-of-life> (EOLed in Bullseye)
View it on GitLab:
https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/0b5d0e50752c6fa8009a72e18ddd0ff3fc8e6a2e
--
View it on GitLab:
https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/0b5d0e50752c6fa8009a72e18ddd0ff3fc8e6a2e
You're receiving this email because of your account on salsa.debian.org.
_______________________________________________
debian-security-tracker-commits mailing list
debian-security-tracker-commits@alioth-lists.debian.net
https://alioth-lists.debian.net/cgi-bin/mailman/listinfo/debian-security-tracker-commits
