Salvatore Bonaccorso pushed to branch master at Debian Security Tracker /
security-tracker
Commits:
d1d29dde by Salvatore Bonaccorso at 2024-05-17T12:14:17+02:00
Process some NFUs
- - - - -
1 changed file:
- data/CVE/list
Changes:
=====================================
data/CVE/list
=====================================
@@ -1,41 +1,41 @@
CVE-2024-4204 (The Bulk Posts Editing For WordPress plugin for WordPress is
vulnerabl ...)
NOT-FOR-US: WordPress plugin
CVE-2024-3609 (The ReviewX \u2013 Multi-criteria Rating & Reviews for
WooCommerce plu ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin
CVE-2024-3580 (The Popup4Phone WordPress plugin through 1.3.2 does not
sanitise and e ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin
CVE-2024-3551 (The Penci Soledad Data Migrator plugin for WordPress is
vulnerable to ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin
CVE-2024-3231 (The Popup4Phone WordPress plugin through 1.3.2 does not
sanitise and e ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin
CVE-2024-3134 (The Master Addons \u2013 Free Widgets, Hover Effects, Toggle,
Conditio ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin
CVE-2024-35110 (A reflected XSS vulnerability has been found in YzmCMS 7.1.
The vulner ...)
- TODO: check
+ NOT-FOR-US: YzmCMS
CVE-2024-34757 (Improper Neutralization of Input During Web Page Generation
(XSS or 'C ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin
CVE-2024-34752 (Improper Neutralization of Input During Web Page Generation
(XSS or 'C ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin
CVE-2024-34575 (Improper Neutralization of Input During Web Page Generation
(XSS or 'C ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin
CVE-2024-34567 (Improper Neutralization of Input During Web Page Generation
(XSS or 'C ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin
CVE-2024-33556 (Unrestricted Upload of File with Dangerous Type vulnerability
in 8them ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin
CVE-2024-32800 (Improper Neutralization of Input During Web Page Generation
(XSS or 'C ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin
CVE-2024-31351 (Unrestricted Upload of File with Dangerous Type vulnerability
in Copym ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin
CVE-2024-30060 (Azure Monitor Agent Elevation of Privilege Vulnerability)
- TODO: check
+ NOT-FOR-US: Microsoft
CVE-2024-2744 (The NextGEN Gallery WordPress plugin before 3.59.1 does not
sanitise ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin
CVE-2024-2697 (The socialdriver-framework WordPress plugin before 2024.0.0
does not v ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin
CVE-2024-2619 (The Elementor Header & Footer Builder for WordPress is
vulnerable to H ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin
CVE-2024-24981 (Improper input validation in PfrSmiUpdateFw driver in UEFI
firmware fo ...)
- TODO: check
+ NOT-FOR-US: Intel
CVE-2024-23980 (Improper buffer restrictions in PlatformPfrDxe driver in UEFI
firmware ...)
TODO: check
CVE-2024-23487 (Improper input validation in UserAuthenticationSmm driver in
UEFI firm ...)
@@ -391,7 +391,7 @@ CVE-2024-4326 (A vulnerability in parisneo/lollms-webui
versions up to 9.3 allow
CVE-2024-4322 (A path traversal vulnerability exists in the
parisneo/lollms-webui app ...)
TODO: check
CVE-2024-4321 (A Local File Inclusion (LFI) vulnerability exists in the
gaizhenbiao/c ...)
- TODO: check
+ NOT-FOR-US: gaizhenbiao/chuanhuchatgpt application
CVE-2024-4318 (The Tutor LMS plugin for WordPress is vulnerable to time-based
SQL Inj ...)
NOT-FOR-US: WordPress plugin
CVE-2024-4288 (The Appointment Booking Calendar \u2014 Simply Schedule
Appointments B ...)
@@ -409,41 +409,41 @@ CVE-2024-4181 (A command injection vulnerability exists
in the RunGptLLM class o
CVE-2024-4078 (A vulnerability in the parisneo/lollms, specifically in the
`/unInstal ...)
TODO: check
CVE-2024-3887 (The Royal Elementor Addons and Templates plugin for WordPress
is vulne ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin
CVE-2024-3851 (A stored Cross-Site Scripting (XSS) vulnerability exists in the
'imart ...)
- TODO: check
+ NOT-FOR-US: imartinez/privategpt
CVE-2024-3848 (A path traversal vulnerability exists in mlflow/mlflow version
2.11.0, ...)
- TODO: check
+ NOT-FOR-US: mlflow
CVE-2024-3750 (The Visualizer: Tables and Charts Manager for WordPress plugin
for Wor ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin
CVE-2024-3644 (The Newsletter Popup WordPress plugin through 1.2 does not
sanitise an ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin
CVE-2024-3643 (The Newsletter Popup WordPress plugin through 1.2 does not have
CSRF c ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin
CVE-2024-3642 (The Newsletter Popup WordPress plugin through 1.2 does not have
CSRF c ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin
CVE-2024-3641 (The Newsletter Popup WordPress plugin through 1.2 does not
sanitise an ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin
CVE-2024-3640 (An unquoted executable path exists in the Rockwell
AutomationFactoryTa ...)
- TODO: check
+ NOT-FOR-US: Rockwell Automation
CVE-2024-3435 (A path traversal vulnerability exists in the 'save_settings'
endpoint ...)
TODO: check
CVE-2024-3403 (imartinez/privategpt version 0.2.0 is vulnerable to a local
file inclu ...)
- TODO: check
+ NOT-FOR-US: imartinez/privategpt
CVE-2024-3286 (A buffer overflow vulnerability was identified in some Lenovo
printers ...)
- TODO: check
+ NOT-FOR-US: Lenovo
CVE-2024-3126 (A command injection vulnerability exists in the
'run_xtts_api_server' ...)
TODO: check
CVE-2024-35302 (In JetBrains TeamCity before 2023.11 stored XSS during restore
from ba ...)
- TODO: check
+ NOT-FOR-US: JetBrains TeamCity
CVE-2024-35301 (In JetBrains TeamCity before 2024.03.1 commit status publisher
didn't ...)
- TODO: check
+ NOT-FOR-US: JetBrains TeamCity
CVE-2024-35300 (In JetBrains TeamCity between 2024.03 and 2024.03.1 several
stored XSS ...)
- TODO: check
+ NOT-FOR-US: JetBrains TeamCity
CVE-2024-35299 (In JetBrains YouTrack before 2024.1.29548 the SMTPS protocol
communica ...)
- TODO: check
+ NOT-FOR-US: JetBrains YouTrack
CVE-2024-35187 (Stalwart Mail Server is an open-source mail server. Prior to
version 0 ...)
- TODO: check
+ NOT-FOR-US: Stalwart Mail Server
CVE-2024-35185 (Minder is a software supply chain security platform. Prior to
version ...)
TODO: check
CVE-2024-35184 (Paperless-ngx is a document management system that transforms
physical ...)
@@ -453,71 +453,71 @@ CVE-2024-35183 (wolfictl is a command line tool for
working with Wolfi. A git au
CVE-2024-35176 (REXML is an XML toolkit for Ruby. The REXML gem before 3.2.6
has a den ...)
TODO: check
CVE-2024-35039 (idccms V1.35 was discovered to contain a Cross-Site Request
Forgery (C ...)
- TODO: check
+ NOT-FOR-US: idccms
CVE-2024-34958 (idccms v1.35 was discovered to contain a Cross-Site Request
Forgery (C ...)
- TODO: check
+ NOT-FOR-US: idccms
CVE-2024-34957 (idccms v1.35 was discovered to contain a Cross-Site Request
Forgery (C ...)
- TODO: check
+ NOT-FOR-US: idccms
CVE-2024-34905 (FlyFish v3.0.0 was discovered to contain a buffer overflow via
the pas ...)
- TODO: check
+ NOT-FOR-US: FlyFish
CVE-2024-34808 (Improper Limitation of a Pathname to a Restricted Directory
('Path Tra ...)
- TODO: check
+ NOT-FOR-US: Samuel Marshall JCH Optimize
CVE-2024-34805 (Improper Neutralization of Input During Web Page Generation
(XSS or 'C ...)
TODO: check
CVE-2024-34760 (Improper Neutralization of Input During Web Page Generation
(XSS or 'C ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin
CVE-2024-34751 (Deserialization of Untrusted Data vulnerability in WebToffee
Order Exp ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin
CVE-2024-34582 (Sunhillo SureLine through 8.10.0 on RICI 5000 devices allows
cgi/usrPa ...)
- TODO: check
+ NOT-FOR-US: Sunhillo SureLine
CVE-2024-34273 (njwt up to v0.4.0 was discovered to contain a prototype
pollution in t ...)
TODO: check
CVE-2024-31226 (Sunshine is a self-hosted game stream host for Moonlight.
Users who ra ...)
- TODO: check
+ NOT-FOR-US: Sunshine
CVE-2024-30314 (Dreamweaver Desktop versions 21.3 and earlier are affected by
an Impro ...)
- TODO: check
+ NOT-FOR-US: Adobe
CVE-2024-30309 (Substance3D - Painter versions 9.1.2 and earlier Answer: are
affected ...)
- TODO: check
+ NOT-FOR-US: Substance3D
CVE-2024-30308 (Substance3D - Painter versions 9.1.2 and earlier Answer: are
affected ...)
- TODO: check
+ NOT-FOR-US: Substance3D
CVE-2024-30307 (Substance3D - Painter versions 9.1.2 and earlier are affected
by an ou ...)
- TODO: check
+ NOT-FOR-US: Substance3D
CVE-2024-30298 (Animate versions 24.0.2, 23.0.5 and earlier Answer: are
affected by an ...)
- TODO: check
+ NOT-FOR-US: Adobe
CVE-2024-30297 (Animate versions 24.0.2, 23.0.5 and earlier are affected by an
out-of- ...)
- TODO: check
+ NOT-FOR-US: Adobe
CVE-2024-30296 (Animate versions 24.0.2, 23.0.5 and earlier are affected by an
out-of- ...)
- TODO: check
+ NOT-FOR-US: Adobe
CVE-2024-30295 (Animate versions 24.0.2, 23.0.5 and earlier are affected by a
NULL Poi ...)
- TODO: check
+ NOT-FOR-US: Adobe
CVE-2024-30294 (Animate versions 24.0.2, 23.0.5 and earlier are affected by a
Heap-bas ...)
- TODO: check
+ NOT-FOR-US: Adobe
CVE-2024-30293 (Animate versions 24.0.2, 23.0.5 and earlier are affected by a
Stack-ba ...)
- TODO: check
+ NOT-FOR-US: Adobe
CVE-2024-30292 (Adobe Framemaker versions 2020.5, 2022.3 and earlier are
affected by a ...)
- TODO: check
+ NOT-FOR-US: Adobe
CVE-2024-30291 (Adobe Framemaker versions 2020.5, 2022.3 and earlier are
affected by a ...)
- TODO: check
+ NOT-FOR-US: Adobe
CVE-2024-30290 (Adobe Framemaker versions 2020.5, 2022.3 and earlier are
affected by a ...)
- TODO: check
+ NOT-FOR-US: Adobe
CVE-2024-30289 (Adobe Framemaker versions 2020.5, 2022.3 and earlier are
affected by a ...)
- TODO: check
+ NOT-FOR-US: Adobe
CVE-2024-30288 (Adobe Framemaker versions 2020.5, 2022.3 and earlier are
affected by a ...)
- TODO: check
+ NOT-FOR-US: Adobe
CVE-2024-30287 (Adobe Framemaker versions 2020.5, 2022.3 and earlier Answer:
are affec ...)
- TODO: check
+ NOT-FOR-US: Adobe
CVE-2024-30286 (Adobe Framemaker versions 2020.5, 2022.3 and earlier Answer:
are affec ...)
- TODO: check
+ NOT-FOR-US: Adobe
CVE-2024-30283 (Adobe Framemaker versions 2020.5, 2022.3 and earlier Answer:
are affec ...)
- TODO: check
+ NOT-FOR-US: Adobe
CVE-2024-30282 (Animate versions 24.0.2, 23.0.5 and earlier are affected by an
out-of- ...)
- TODO: check
+ NOT-FOR-US: Adobe
CVE-2024-30281 (Substance3D - Designer versions 13.1.1 and earlier Answer: are
affecte ...)
- TODO: check
+ NOT-FOR-US: Adobe
CVE-2024-30275 (Adobe Aero Desktop versions 23.4 and earlier are affected by a
Use Aft ...)
- TODO: check
+ NOT-FOR-US: Adobe
CVE-2024-30274 (Substance3D - Painter versions 9.1.2 and earlier are affected
by an ou ...)
- TODO: check
+ NOT-FOR-US: Adobe
CVE-2024-2366 (A remote code execution vulnerability exists in the
parisneo/lollms-we ...)
TODO: check
CVE-2024-2361 (A vulnerability in the parisneo/lollms-webui allows for
arbitrary file ...)
@@ -525,11 +525,11 @@ CVE-2024-2361 (A vulnerability in the
parisneo/lollms-webui allows for arbitrary
CVE-2024-2358 (A path traversal vulnerability in the '/apply_settings'
endpoint of pa ...)
TODO: check
CVE-2024-27260 (IBM AIX could 7.2, 7.3, VIOS 3.1, and VIOS 4.1 allow a
non-privileged ...)
- TODO: check
+ NOT-FOR-US: IBM
CVE-2024-27244 (Insufficient verification of data authenticity in the
installer for Zo ...)
- TODO: check
+ NOT-FOR-US: Zoom
CVE-2024-27243 (Buffer overflow in some Zoom Workplace Apps and SDK\u2019s may
allow a ...)
- TODO: check
+ NOT-FOR-US: Zoom
CVE-2024-20793 (Illustrator versions 28.4, 27.9.3 and earlier are affected by
an out-o ...)
TODO: check
CVE-2024-20792 (Illustrator versions 28.4, 27.9.3 and earlier are affected by
a Use Af ...)
@@ -579,25 +579,25 @@ CVE-2024-4200 (In Progress\xae Telerik\xae Reporting
versions prior to 2024 Q2 (
CVE-2024-4010 (The Email Subscribers by Icegram Express plugin for WordPress
is vulne ...)
NOT-FOR-US: WordPress plugin
CVE-2024-3970 (Server Side Request Forgery vulnerabilityhas been discovered in
OpenTe ...)
- TODO: check
+ NOT-FOR-US: OpenText
CVE-2024-3968 (Remote Code Execution has been discovered in OpenText\u2122
iManager 3 ...)
- TODO: check
+ NOT-FOR-US: OpenText
CVE-2024-3967 (Remote Code Execution has been discovered in OpenText\u2122
iManager 3 ...)
- TODO: check
+ NOT-FOR-US: OpenText
CVE-2024-3892 (A local code execution vulnerability is possible in Telerik UI
for Win ...)
NOT-FOR-US: Telerik
CVE-2024-3488 (File Upload vulnerability in unauthenticated session found in
OpenText ...)
- TODO: check
+ NOT-FOR-US: OpenText
CVE-2024-3487 (Broken Authentication vulnerability discovered in
OpenText\u2122 iMana ...)
- TODO: check
+ NOT-FOR-US: OpenText
CVE-2024-3486 (XML External Entity injection vulnerability foundin
OpenText\u2122 iMa ...)
- TODO: check
+ NOT-FOR-US: OpenText
CVE-2024-3485 (Server Side Request Forgery vulnerabilityhas been discovered in
OpenTe ...)
- TODO: check
+ NOT-FOR-US: OpenText
CVE-2024-3484 (Path Traversal foundin OpenText\u2122 iManager 3.2.6.0200. This
can le ...)
- TODO: check
+ NOT-FOR-US: OpenText
CVE-2024-3483 (Remote Code Execution has been discovered in OpenText\u2122
iManager 3 ...)
- TODO: check
+ NOT-FOR-US: OpenText
CVE-2024-3319 (An issue was identified in the Identity Security Cloud (ISC)
Transform ...)
NOT-FOR-US: Identity Security Cloud (ISC) Transform preview and
IdentityProfile preview API endpoints
CVE-2024-3318 (A file path traversal vulnerability was identified in the
DelimitedFil ...)
@@ -605,7 +605,7 @@ CVE-2024-3318 (A file path traversal vulnerability was
identified in the Delimit
CVE-2024-3317 (An improper access control was identified in the Identity
Security Clo ...)
NOT-FOR-US: Identity Security Cloud (ISC) message server API
CVE-2024-3182 (Install-type password disclosure vulnerability inUniversal
Installer i ...)
- TODO: check
+ NOT-FOR-US: TIBCO Hawk
CVE-2024-35179 (Stalwart Mail Server is an open-source mail server. Prior to
version 0 ...)
NOT-FOR-US: Stalwart Mail Server
CVE-2024-35102 (Insecure Permissions vulnerability in VITEC AvediaServer
(Model avsrv- ...)
@@ -651,7 +651,7 @@ CVE-2024-32047 (Hard-coded credentials for the CyberPower
PowerPanel test serve
CVE-2024-32042 (The key used to encrypt passwords stored in the database can
be found ...)
NOT-FOR-US: CyberPower PowerPanel
CVE-2024-31856 (An attacker with certain MQTT permissions can create malicious
message ...)
- TODO: check
+ NOT-FOR-US: CyberPower PowerPanel
CVE-2024-31410 (The devices which CyberPower PowerPanel manages use identical
certific ...)
NOT-FOR-US: CyberPower PowerPanel
CVE-2024-31409 (Certain MQTT wildcards are not blocked on the CyberPower
PowerPanel ...)
@@ -673,7 +673,7 @@ CVE-2024-28087 (In Bonitasoft runtime Community edition,
the lack of dynamic per
CVE-2024-28042 (SUBNET Solutions Inc. has identified vulnerabilities in
third-party co ...)
TODO: check
CVE-2024-27593 (A stored cross-site scripting (XSS) vulnerability in the
Filter functi ...)
- TODO: check
+ NOT-FOR-US: Eramba
CVE-2024-27353 (A memory corruption vulnerability in SdHost and SdMmcDevice in
Insyde ...)
NOT-FOR-US: Insyde
CVE-2024-25079 (A memory corruption vulnerability in HddPassword in Insyde
InsydeH2O k ...)
View it on GitLab:
https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/d1d29dde547bdbb70e866b9d8ea4ca6ec9623d6e
--
This project does not include diff previews in email notifications.
View it on GitLab:
https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/d1d29dde547bdbb70e866b9d8ea4ca6ec9623d6e
You're receiving this email because of your account on salsa.debian.org.
_______________________________________________
debian-security-tracker-commits mailing list
[email protected]
https://alioth-lists.debian.net/cgi-bin/mailman/listinfo/debian-security-tracker-commits
