Moritz Muehlenhoff pushed to branch master at Debian Security Tracker / security-tracker
Commits: 619e7ca5 by Moritz Muehlenhoff at 2024-05-22T10:39:49+02:00 NFUs - - - - - 1 changed file: - data/CVE/list Changes: ===================================== data/CVE/list ===================================== @@ -287,7 +287,7 @@ CVE-2024-5157 [bullseye] - chromium <end-of-life> (see #1061268) [buster] - chromium <end-of-life> (see DSA 5046) CVE-2024-4988 (The mobile application (com.transsion.videocallenhancer) interface has ...) - TODO: check + NOT-FOR-US: com.transsion.videocallenhancer CVE-2024-4876 (The HT Mega \u2013 Absolute Addons For Elementor plugin for WordPress ...) NOT-FOR-US: WordPress plugin CVE-2024-4875 (The HT Mega \u2013 Absolute Addons For Elementor plugin for WordPress ...) @@ -305,107 +305,107 @@ CVE-2024-4553 (The WP Shortcodes Plugin \u2014 Shortcodes Ultimate plugin for Wo CVE-2024-4452 (The ElementsKit Pro plugin for WordPress is vulnerable to Stored Cross ...) NOT-FOR-US: WordPress plugin CVE-2024-4435 (When storing unbounded types in a BTreeMap, a node is represented as a ...) - TODO: check + NOT-FOR-US: ic-stable-structures CVE-2024-4420 (There exists a Denial of service vulnerability in Tink-cc in versions ...) - TODO: check + NOT-FOR-US: Tink-cc CVE-2024-4361 (The Page Builder by SiteOrigin plugin for WordPress is vulnerable to S ...) NOT-FOR-US: WordPress plugin CVE-2024-4154 (In lunary-ai/lunary version 1.2.2, an incorrect synchronization vulner ...) NOT-FOR-US: lunary-ai/lunary CVE-2024-3345 (The ShopLentor plugin for WordPress is vulnerable to Stored Cross-Site ...) - TODO: check + NOT-FOR-US: WordPress plugin CVE-2024-3268 (The YouTube Video Gallery by YouTube Showcase \u2013 Video Gallery Plu ...) - TODO: check + NOT-FOR-US: WordPress plugin CVE-2024-36052 (RARLAB WinRAR before 7.00, on Windows, allows attackers to spoof the s ...) TODO: check CVE-2024-36039 (PyMySQL through 1.1.0 allows SQL injection if used with untrusted JSON ...) TODO: check CVE-2024-35386 (An issue in Cesanta mjs 2.20.0 allows a remote attacker to cause a den ...) - TODO: check + NOT-FOR-US: Cesenta MJS CVE-2024-35385 (An issue in Cesanta mjs 2.20.0 allows a remote attacker to cause a den ...) - TODO: check + NOT-FOR-US: Cesenta MJS CVE-2024-35384 (An issue in Cesanta mjs 2.20.0 allows a remote attacker to cause a den ...) - TODO: check + NOT-FOR-US: Cesenta MJS CVE-2024-35361 (MTab Bookmark v1.9.5 has an SQL injection vulnerability in /LinkStore/ ...) - TODO: check + NOT-FOR-US: MTab Bookmark CVE-2024-35218 (Umbraco CMS is an ASP.NET CMS used by more than 730.000 websites. Stor ...) NOT-FOR-US: Umbraco CMS CVE-2024-35180 (OMERO.web provides a web based client and plugin infrastructure. There ...) - TODO: check + NOT-FOR-US: OMERO.web CVE-2024-35061 (NASA AIT-Core v2.5.2 was discovered to use unencrypted channels to exc ...) - TODO: check + NOT-FOR-US: NASA AIT-Core CVE-2024-35060 (An issue in the YAML Python library of NASA AIT-Core v2.5.2 allows att ...) - TODO: check + NOT-FOR-US: NASA AIT-Core CVE-2024-35059 (An issue in the Pickle Python library of NASA AIT-Core v2.5.2 allows a ...) - TODO: check + NOT-FOR-US: NASA AIT-Core CVE-2024-35058 (An issue in the API wait function of NASA AIT-Core v2.5.2 allows attac ...) - TODO: check + NOT-FOR-US: NASA AIT-Core CVE-2024-35057 (An issue in NASA AIT-Core v2.5.2 allows attackers to execute arbitrary ...) - TODO: check + NOT-FOR-US: NASA AIT-Core CVE-2024-35056 (NASA AIT-Core v2.5.2 was discovered to contain multiple SQL injection ...) - TODO: check + NOT-FOR-US: NASA AIT-Core CVE-2024-34274 (OpenBD 20210306203917-6cbe797 is vulnerable to Deserialization of Untr ...) - TODO: check + NOT-FOR-US: OpenBD CVE-2024-34240 (QDOCS Smart School 7.0.0 is vulnerable to Cross Site Scripting (XSS) r ...) - TODO: check + NOT-FOR-US: QDOCS Smart School CVE-2024-34071 (Umbraco is an ASP.NET CMS used by more than 730.000 websites. Umbraco ...) - TODO: check + NOT-FOR-US: Umbraco CVE-2024-33529 (ILIAS 7 before 7.30 and ILIAS 8 before 8.11 as well as ILIAS 9.0 allow ...) - TODO: check + NOT-FOR-US: ILIAS CVE-2024-33528 (A Stored Cross-site Scripting (XSS) vulnerability in ILIAS 7 before 7. ...) - TODO: check + NOT-FOR-US: ILIAS CVE-2024-33527 (A Stored Cross-site Scripting (XSS) vulnerability in the "Import of Us ...) - TODO: check + NOT-FOR-US: ILIAS CVE-2024-33526 (A Stored Cross-site Scripting (XSS) vulnerability in the "Import of us ...) - TODO: check + NOT-FOR-US: ILIAS CVE-2024-33525 (A Stored Cross-site Scripting (XSS) vulnerability in the "Import of or ...) - TODO: check + NOT-FOR-US: ILIAS CVE-2024-31989 (Argo CD is a declarative, GitOps continuous delivery tool for Kubernet ...) NOT-FOR-US: Argo CD CVE-2024-31847 (An issue was discovered in Italtel Embrace 1.6.4. A stored cross-site ...) - TODO: check + NOT-FOR-US: Italtel Embrace CVE-2024-31845 (An issue was discovered in Italtel Embrace 1.6.4. The product does not ...) - TODO: check + NOT-FOR-US: Italtel Embrace CVE-2024-31844 (An issue was discovered in Italtel Embrace 1.6.4. The server does not ...) - TODO: check + NOT-FOR-US: Italtel Embrace CVE-2024-31840 (An issue was discovered in Italtel Embrace 1.6.4. The web application ...) - TODO: check + NOT-FOR-US: Italtel Embrace CVE-2024-31757 (An issue in TeraByte Unlimited Image for Windows v.3.64.0.0 and before ...) - TODO: check + NOT-FOR-US: TeraByte Unlimited Image for Windows CVE-2024-31756 (An issue in MarvinTest Solutions Hardware Access Driver v.5.0.3.0 and ...) - TODO: check + NOT-FOR-US: MarvinTest Solutions Hardware Access Driver# CVE-2024-27130 (A buffer copy without checking size of input vulnerability has been re ...) - TODO: check + NOT-FOR-US: Qnap CVE-2024-27129 (A buffer copy without checking size of input vulnerability has been re ...) - TODO: check + NOT-FOR-US: Qnap CVE-2024-27128 (A buffer copy without checking size of input vulnerability has been re ...) - TODO: check + NOT-FOR-US: Qnap CVE-2024-27127 (Adouble free vulnerabilityhas been reported to affect several QNAP ope ...) - TODO: check + NOT-FOR-US: Qnap CVE-2024-25724 (In RTI Connext Professional 5.3.1 through 6.1.0 before 6.1.1, a buffer ...) - TODO: check + NOT-FOR-US: RTI Connext Professional CVE-2024-22275 (The vCenter Server contains a partial file read vulnerability.A malici ...) - TODO: check + NOT-FOR-US: VMware CVE-2024-22274 (The vCenter Server contains an authenticated remote code execution vul ...) - TODO: check + NOT-FOR-US: VMware CVE-2024-22273 (The storage controllers on VMware ESXi, Workstation, and Fusion have o ...) - TODO: check + NOT-FOR-US: VMware CVE-2024-21902 (An incorrect permission assignment for critical resource vulnerability ...) - TODO: check + NOT-FOR-US: Qnap CVE-2024-1721 (Improper Verification of Cryptographic Signature vulnerability in HYPR ...) - TODO: check + NOT-FOR-US: HYPR Passwordless CVE-2023-3943 (Stack-based Buffer Overflow vulnerability in ZkTeco-based OEM devices ...) - TODO: check + NOT-FOR-US: ZkTeco CVE-2023-3942 (An 'SQL Injection' vulnerability, due to improper neutralization of sp ...) - TODO: check + NOT-FOR-US: ZkTeco CVE-2023-3941 (Relative Path Traversal vulnerability in ZkTeco-based OEM devices allo ...) - TODO: check + NOT-FOR-US: ZkTeco CVE-2023-3940 (Relative Path Traversal vulnerability in ZkTeco-based OEM devices allo ...) - TODO: check + NOT-FOR-US: ZkTeco CVE-2023-3939 (Improper Neutralization of Special Elements used in an OS Command ('OS ...) - TODO: check + NOT-FOR-US: ZkTeco CVE-2023-3938 (Improper Neutralization of Special Elements used in an SQL Command ('S ...) - TODO: check + NOT-FOR-US: ZkTeco CVE-2023-52879 (In the Linux kernel, the following vulnerability has been resolved: t ...) - linux 6.6.8-1 [bookworm] - linux 6.1.64-1 @@ -2230,7 +2230,7 @@ CVE-2024-2189 (The Social Icons Widget & Block by WPZOOM WordPress plugin before CVE-2024-0816 (The buffer overflow vulnerability in the DX3300-T1 firmware version V5 ...) NOT-FOR-US: Zyxel CVE-2023-37929 (The buffer overflow vulnerability in the CGI program of the VMG3625-T5 ...) - TODO: check + NOT-FOR-US: Zyxel CVE-2024-5137 (A vulnerability classified as problematic was found in PHPGurukul Dire ...) NOT-FOR-US: PHPGurukul Directory Management System CVE-2024-5136 (A vulnerability classified as problematic has been found in PHPGurukul ...) @@ -2246,7 +2246,7 @@ CVE-2024-4151 (An Improper Access Control vulnerability exists in lunary-ai/luna CVE-2024-3761 (In lunary-ai/lunary version 1.2.2, the DELETE endpoint located at `pac ...) NOT-FOR-US: lunary-ai/lunary CVE-2024-3482 (A Stored Cross-Site Scripting (XSS) vulnerability has been identified ...) - TODO: check + NOT-FOR-US: ArcSight Enterprise Security Manager CVE-2024-35580 (Tenda AX1806 v1.0.0.1 contains a stack overflow via the adv.iptv.stbpv ...) NOT-FOR-US: Tenda CVE-2024-35579 (Tenda AX1806 v1.0.0.1 contains a stack overflow via the iptv.city.vlan ...) View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/619e7ca57fa7a94cc6bfd4038d0a09592c513762 -- This project does not include diff previews in email notifications. View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/619e7ca57fa7a94cc6bfd4038d0a09592c513762 You're receiving this email because of your account on salsa.debian.org.
_______________________________________________ debian-security-tracker-commits mailing list debian-security-tracker-commits@alioth-lists.debian.net https://alioth-lists.debian.net/cgi-bin/mailman/listinfo/debian-security-tracker-commits