Salvatore Bonaccorso pushed to branch master at Debian Security Tracker / security-tracker
Commits: 2c915f71 by Salvatore Bonaccorso at 2024-05-18T11:48:25+02:00 Process some NFUs - - - - - 1 changed file: - data/CVE/list Changes: ===================================== data/CVE/list ===================================== @@ -23,15 +23,15 @@ CVE-2024-3810 (The Salient Shortcodes plugin for WordPress is vulnerable to Loca CVE-2024-3714 (The GiveWP \u2013 Donation Plugin and Fundraising Platform plugin for ...) NOT-FOR-US: WordPress plugin CVE-2024-35313 (In Tor Arti before 1.2.3, circuits sometimes incorrectly have a length ...) - TODO: check + NOT-FOR-US: Tor Arti CVE-2024-35312 (In Tor Arti before 1.2.3, STUB circuits incorrectly have a length of 2 ...) - TODO: check + NOT-FOR-US: Tor Arti CVE-2024-2782 (The Contact Form Plugin by Fluent Forms for Quiz, Survey, and Drag & D ...) - TODO: check + NOT-FOR-US: WordPress plugin CVE-2024-2772 (The Contact Form Plugin by Fluent Forms for Quiz, Survey, and Drag & D ...) - TODO: check + NOT-FOR-US: WordPress plugin CVE-2024-2771 (The Contact Form Plugin by Fluent Forms for Quiz, Survey, and Drag & D ...) - TODO: check + NOT-FOR-US: WordPress plugin CVE-2024-23583 (An attacker could potentially intercept credentials via the task manag ...) TODO: check CVE-2024-23556 (SSL/TLS Renegotiation functionality potentially leading to DoS attack ...) @@ -498,121 +498,121 @@ CVE-2024-35173 (Missing Authorization vulnerability in PluginEver Serial Numbers CVE-2024-34997 (joblib v1.4.2 was discovered to contain a deserialization vulnerabilit ...) TODO: check CVE-2024-34982 (An arbitrary file upload vulnerability in the component /include/file. ...) - TODO: check + NOT-FOR-US: lylme_spage CVE-2024-34959 (DedeCMS V5.7.113 is vulnerable to Cross Site Scripting (XSS) via sys_d ...) - TODO: check + NOT-FOR-US: DedeCMS CVE-2024-34919 (An arbitrary file upload vulnerability in the component \modstudent\co ...) - TODO: check + NOT-FOR-US: Pisay Online E-Learning System CVE-2024-34809 (Cross-Site Request Forgery (CSRF) vulnerability in Extend Themes Empow ...) - TODO: check + NOT-FOR-US: WordPress theme CVE-2024-34807 (Cross-Site Request Forgery (CSRF) vulnerability in CodeBard Fast Custo ...) - TODO: check + NOT-FOR-US: WordPress plugin CVE-2024-34806 (Cross-Site Request Forgery (CSRF) vulnerability in Creative Motion Cle ...) - TODO: check + NOT-FOR-US: WordPress plugin CVE-2024-34756 (Cross-Site Request Forgery (CSRF) vulnerability in CRM Perks Integrati ...) - TODO: check + NOT-FOR-US: WordPress plugin CVE-2024-34755 (Cross-Site Request Forgery (CSRF) vulnerability in CRM Perks Integrati ...) - TODO: check + NOT-FOR-US: WordPress plugin CVE-2024-34434 (Incorrect Authorization vulnerability in realmag777 WordPress Meta Dat ...) - TODO: check + NOT-FOR-US: WordPress plugin CVE-2024-34370 (Improper Privilege Management vulnerability in WPFactory EAN for WooCo ...) - TODO: check + NOT-FOR-US: WordPress plugin CVE-2024-34241 (A cross-site scripting (XSS) vulnerability in Rocketsoft Rocket LMS 1. ...) - TODO: check + NOT-FOR-US: Rocketsoft Rocket LMS CVE-2024-34058 (The WebTop package for NethServer 7 and 8 allows stored XSS (for examp ...) TODO: check CVE-2024-33917 (Authentication Bypass by Spoofing vulnerability in webtechideas WTI Li ...) - TODO: check + NOT-FOR-US: WordPress plugin CVE-2024-33644 (Improper Control of Generation of Code ('Code Injection') vulnerabilit ...) - TODO: check + NOT-FOR-US: WordPress plugin CVE-2024-33569 (Improper Privilege Management vulnerability in Darren Cooney Instant I ...) - TODO: check + NOT-FOR-US: WordPress plugin CVE-2024-33567 (Improper Privilege Management vulnerability in UkrSolution Barcode Sca ...) - TODO: check + NOT-FOR-US: WordPress plugin CVE-2024-33552 (Improper Privilege Management vulnerability in 8theme XStore Core allo ...) - TODO: check + NOT-FOR-US: WordPress plugin CVE-2024-33550 (Improper Privilege Management vulnerability in JR King/Eran Schoellhor ...) - TODO: check + NOT-FOR-US: WordPress plugin CVE-2024-33549 (Improper Privilege Management vulnerability in AA-Team WZone allows Pr ...) - TODO: check + NOT-FOR-US: WordPress plugin CVE-2024-32960 (Improper Privilege Management vulnerability in Booking Ultra Pro allow ...) - TODO: check + NOT-FOR-US: WordPress plugin CVE-2024-32959 (Improper Privilege Management vulnerability in Sirv allows Privilege E ...) - TODO: check + NOT-FOR-US: WordPress plugin CVE-2024-32830 (Improper Limitation of a Pathname to a Restricted Directory ('Path Tra ...) - TODO: check + NOT-FOR-US: WordPress plugin CVE-2024-32827 (Authentication Bypass by Spoofing vulnerability in RafflePress Giveawa ...) - TODO: check + NOT-FOR-US: WordPress plugin CVE-2024-32809 (Unrestricted Upload of File with Dangerous Type vulnerability in JumpD ...) - TODO: check + NOT-FOR-US: WordPress plugin CVE-2024-32802 (Missing Authorization vulnerability in WordPlus BP Better Messages all ...) - TODO: check + NOT-FOR-US: WordPress plugin CVE-2024-32790 (Improper Neutralization of Script-Related HTML Tags in a Web Page (Bas ...) - TODO: check + NOT-FOR-US: WordPress plugin CVE-2024-32786 (Authentication Bypass by Spoofing vulnerability in WP Royal Royal Elem ...) - TODO: check + NOT-FOR-US: WordPress plugin CVE-2024-32774 (Improper Restriction of Excessive Authentication Attempts vulnerabilit ...) - TODO: check + NOT-FOR-US: WordPress plugin CVE-2024-32720 (Improper Restriction of Excessive Authentication Attempts vulnerabilit ...) - TODO: check + NOT-FOR-US: WordPress plugin CVE-2024-32708 (Authentication Bypass by Spoofing vulnerability in helderk Maintenance ...) - TODO: check + NOT-FOR-US: WordPress plugin CVE-2024-32692 (Missing Authorization vulnerability in QuanticaLabs Chauffeur Taxi Boo ...) - TODO: check + NOT-FOR-US: WordPress plugin CVE-2024-32685 (Client-Side Enforcement of Server-Side Security vulnerability in Wpmet ...) - TODO: check + NOT-FOR-US: WordPress plugin CVE-2024-32680 (Improper Limitation of a Pathname to a Restricted Directory ('Path Tra ...) - TODO: check + NOT-FOR-US: WordPress plugin CVE-2024-32523 (Improper Limitation of a Pathname to a Restricted Directory ('Path Tra ...) - TODO: check + NOT-FOR-US: WordPress plugin CVE-2024-32521 (Client-Side Enforcement of Server-Side Security vulnerability in Highf ...) - TODO: check + NOT-FOR-US: WordPress plugin CVE-2024-32512 (Client-Side Enforcement of Server-Side Security vulnerability in weFor ...) - TODO: check + NOT-FOR-US: WordPress plugin CVE-2024-32511 (Improper Privilege Management vulnerability in Astoundify Simple Regis ...) - TODO: check + NOT-FOR-US: WordPress plugin CVE-2024-32507 (Improper Privilege Management vulnerability in Hamid Alinia \u2013 ide ...) - TODO: check + NOT-FOR-US: WordPress plugin CVE-2024-32131 (Exposure of Sensitive Information to an Unauthorized Actor vulnerabili ...) - TODO: check + NOT-FOR-US: WordPress plugin CVE-2024-31974 (The com.solarized.firedown (aka Solarized FireDown Browser & Downloade ...) - TODO: check + NOT-FOR-US: com.solarized.firedown (aka Solarized FireDown Browser & Downloader) application for Android CVE-2024-31341 (Insufficient Verification of Data Authenticity vulnerability in Cozmos ...) - TODO: check + NOT-FOR-US: WordPress plugin CVE-2024-31300 (Improper Limitation of a Pathname to a Restricted Directory ('Path Tra ...) - TODO: check + NOT-FOR-US: WordPress plugin CVE-2024-31295 (Guessable CAPTCHA vulnerability in BestWebSoft Captcha by BestWebSoft ...) - TODO: check + NOT-FOR-US: WordPress plugin CVE-2024-31290 (Improper Privilege Management vulnerability in CodeRevolution Demo My ...) - TODO: check + NOT-FOR-US: WordPress plugin CVE-2024-31281 (Missing Authorization vulnerability in Andy Moyle Church Admin church- ...) - TODO: check + NOT-FOR-US: WordPress plugin CVE-2024-31237 (Improper Privilege Management vulnerability in WP Sharks s2Member Pro ...) - TODO: check + NOT-FOR-US: WordPress plugin CVE-2024-31232 (Improper Limitation of a Pathname to a Restricted Directory ('Path Tra ...) - TODO: check + NOT-FOR-US: WordPress plugin CVE-2024-31231 (Improper Limitation of a Pathname to a Restricted Directory ('Path Tra ...) - TODO: check + NOT-FOR-US: WordPress plugin CVE-2024-30542 (Improper Privilege Management vulnerability in Wholesale WholesaleX al ...) - TODO: check + NOT-FOR-US: WordPress plugin CVE-2024-30540 (Guessable CAPTCHA vulnerability in Guido VS Contact Form allows Functi ...) - TODO: check + NOT-FOR-US: WordPress plugin CVE-2024-30527 (Improper Validation of Specified Quantity in Input vulnerability in Ti ...) - TODO: check + NOT-FOR-US: WordPress plugin CVE-2024-30522 (Authentication Bypass by Spoofing vulnerability in Stefano Lissa & The ...) - TODO: check + NOT-FOR-US: WordPress plugin CVE-2024-30509 (Improper Limitation of a Pathname to a Restricted Directory ('Path Tra ...) - TODO: check + NOT-FOR-US: WordPress plugin CVE-2024-30480 (Authentication Bypass by Spoofing vulnerability in Pippin Williamson C ...) - TODO: check + NOT-FOR-US: WordPress plugin CVE-2024-30479 (Authentication Bypass by Spoofing vulnerability in LionScripts IP Bloc ...) - TODO: check + NOT-FOR-US: WordPress plugin CVE-2024-27971 (Improper Limitation of a Pathname to a Restricted Directory ('Path Tra ...) - TODO: check + NOT-FOR-US: WordPress plugin CVE-2024-27955 (Cross-Site Request Forgery (CSRF) vulnerability in WP Automatic Automa ...) - TODO: check + NOT-FOR-US: WordPress plugin CVE-2024-27954 (Improper Limitation of a Pathname to a Restricted Directory ('Path Tra ...) - TODO: check + NOT-FOR-US: WordPress plugin CVE-2024-27436 (In the Linux kernel, the following vulnerability has been resolved: A ...) - linux 6.7.12-1 [bookworm] - linux 6.1.85-1 @@ -795,19 +795,19 @@ CVE-2024-27402 (In the Linux kernel, the following vulnerability has been resolv [bookworm] - linux 6.1.82-1 NOTE: https://git.kernel.org/linus/7d2a894d7f487dcb894df023e9d3014cf5b93fe5 (6.8-rc6) CVE-2024-25906 (Authentication Bypass by Spoofing vulnerability in WP Happy Coders Com ...) - TODO: check + NOT-FOR-US: WordPress plugin CVE-2024-25595 (Authentication Bypass by Spoofing vulnerability in WPMU DEV Defender S ...) - TODO: check + NOT-FOR-US: WordPress plugin CVE-2024-24934 (Improper Limitation of a Pathname to a Restricted Directory ('Path Tra ...) - TODO: check + NOT-FOR-US: WordPress plugin CVE-2024-24882 (Improper Privilege Management vulnerability in Masteriyo LMS allows Pr ...) - TODO: check + NOT-FOR-US: WordPress plugin CVE-2024-24874 (Improper Neutralization of Script-Related HTML Tags in a Web Page (Bas ...) - TODO: check + NOT-FOR-US: WordPress plugin CVE-2024-24873 (: Improper Control of Interaction Frequency vulnerability in CodePeopl ...) - TODO: check + NOT-FOR-US: WordPress plugin CVE-2024-24869 (Improper Limitation of a Pathname to a Restricted Directory ('Path Tra ...) - TODO: check + NOT-FOR-US: WordPress plugin CVE-2024-24715 (Improper Validation of Specified Quantity in Input vulnerability in Th ...) TODO: check CVE-2024-23522 (Improper Neutralization of Script-Related HTML Tags in a Web Page (Bas ...) @@ -1549,9 +1549,9 @@ CVE-2024-35299 (In JetBrains YouTrack before 2024.1.29548 the SMTPS protocol com CVE-2024-35187 (Stalwart Mail Server is an open-source mail server. Prior to version 0 ...) NOT-FOR-US: Stalwart Mail Server CVE-2024-35185 (Minder is a software supply chain security platform. Prior to version ...) - TODO: check + NOT-FOR-US: Minder by Stacklok CVE-2024-35184 (Paperless-ngx is a document management system that transforms physical ...) - TODO: check + NOT-FOR-US: Paperless-ngx CVE-2024-35183 (wolfictl is a command line tool for working with Wolfi. A git authenti ...) TODO: check CVE-2024-35176 (REXML is an XML toolkit for Ruby. The REXML gem before 3.2.6 has a den ...) @@ -1567,7 +1567,7 @@ CVE-2024-34905 (FlyFish v3.0.0 was discovered to contain a buffer overflow via t CVE-2024-34808 (Improper Limitation of a Pathname to a Restricted Directory ('Path Tra ...) NOT-FOR-US: Samuel Marshall JCH Optimize CVE-2024-34805 (Improper Neutralization of Input During Web Page Generation (XSS or 'C ...) - TODO: check + NOT-FOR-US: WordPress plugin CVE-2024-34760 (Improper Neutralization of Input During Web Page Generation (XSS or 'C ...) NOT-FOR-US: WordPress plugin CVE-2024-34751 (Deserialization of Untrusted Data vulnerability in WebToffee Order Exp ...) View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/2c915f71ef34dddb2e2a77c5cf83797a9441451e -- This project does not include diff previews in email notifications. View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/2c915f71ef34dddb2e2a77c5cf83797a9441451e You're receiving this email because of your account on salsa.debian.org.
_______________________________________________ debian-security-tracker-commits mailing list debian-security-tracker-commits@alioth-lists.debian.net https://alioth-lists.debian.net/cgi-bin/mailman/listinfo/debian-security-tracker-commits