Salvatore Bonaccorso pushed to branch master at Debian Security Tracker /
security-tracker
Commits:
5ec2faa1 by security tracker role at 2024-08-01T08:11:43+00:00
automatic update
- - - - -
1 changed file:
- data/CVE/list
Changes:
=====================================
data/CVE/list
=====================================
@@ -1,3 +1,103 @@
+CVE-2024-7343 (A vulnerability was found in Baidu UEditor 1.4.2. It has been
declared ...)
+ TODO: check
+CVE-2024-7342 (A vulnerability was found in Baidu UEditor 1.4.3.3. It has been
classi ...)
+ TODO: check
+CVE-2024-7339 (A vulnerability has been found in TVT DVR TD-2104TS-CL, DVR
TD-2108TS- ...)
+ TODO: check
+CVE-2024-7338 (A vulnerability, which was classified as critical, was found in
TOTOLI ...)
+ TODO: check
+CVE-2024-7337 (A vulnerability, which was classified as critical, has been
found in T ...)
+ TODO: check
+CVE-2024-7336 (A vulnerability classified as critical was found in TOTOLINK
EX200 4.0 ...)
+ TODO: check
+CVE-2024-7335 (A vulnerability classified as critical has been found in
TOTOLINK EX20 ...)
+ TODO: check
+CVE-2024-7334 (A vulnerability was found in TOTOLINK EX1200L
9.3.5u.6146_B20201023. I ...)
+ TODO: check
+CVE-2024-7333 (A vulnerability was found in TOTOLINK N350RT
9.3.5u.6139_B20201216. It ...)
+ TODO: check
+CVE-2024-7332 (A vulnerability was found in TOTOLINK CP450
4.1.0cu.747_B20191224. It ...)
+ TODO: check
+CVE-2024-7331 (A vulnerability was found in TOTOLINK A3300R
17.0.0cu.557_B20221024 an ...)
+ TODO: check
+CVE-2024-7330 (A vulnerability has been found in YouDianCMS 7 and classified
as criti ...)
+ TODO: check
+CVE-2024-7329 (A vulnerability, which was classified as critical, was found in
YouDia ...)
+ TODO: check
+CVE-2024-7328 (A vulnerability, which was classified as problematic, has been
found i ...)
+ TODO: check
+CVE-2024-7327 (A vulnerability classified as critical was found in Xinhu
RockOA 2.6.2 ...)
+ TODO: check
+CVE-2024-7326 (A vulnerability classified as critical has been found in IObit
DualSaf ...)
+ TODO: check
+CVE-2024-7302 (The Blog2Social: Social Media Auto Post & Scheduler plugin for
WordPre ...)
+ TODO: check
+CVE-2024-6698 (The FundEngine plugin for WordPress is vulnerable to privilege
escalat ...)
+ TODO: check
+CVE-2024-6687 (The CTT Expresso para WooCommerce plugin for WordPress is
vulnerable t ...)
+ TODO: check
+CVE-2024-6529 (The Ultimate Classified Listings WordPress plugin before 1.4
does not ...)
+ TODO: check
+CVE-2024-6496 (The Light Poll WordPress plugin through 1.0.0 does not have
CSRF check ...)
+ TODO: check
+CVE-2024-5678 (Zohocorp ManageEngine Applications Manager versions170900 and
below ar ...)
+ TODO: check
+CVE-2024-5331 (The Breakdance plugin for WordPress is vulnerable to
unauthorized acce ...)
+ TODO: check
+CVE-2024-5330 (The Breakdance plugin for WordPress is vulnerable to Stored
Cross-Site ...)
+ TODO: check
+CVE-2024-4187 (Stored XSS vulnerability has been discovered in OpenText\u2122
Filr pr ...)
+ TODO: check
+CVE-2024-4090 (The Floating Notification Bar, Sticky Menu on Scroll,
Announcement Ban ...)
+ TODO: check
+CVE-2024-41262 (mmudb v1.9.3 was discovered to use the HTTP protocol in the
ShowMetric ...)
+ TODO: check
+CVE-2024-41258 (An issue was discovered in filestash v0.4. The usage of the
ssh.Insecu ...)
+ TODO: check
+CVE-2024-41256 (Default configurations in the ShareProofVerifier function of
filestash ...)
+ TODO: check
+CVE-2024-41255 (filestash v0.4 is configured to skip TLS certificate
verification when ...)
+ TODO: check
+CVE-2024-41254 (An issue was discovered in litestream v0.3.13. The usage of
the ssh.In ...)
+ TODO: check
+CVE-2024-41253 (goframe v2.7.2 is configured to skip TLS certificate
verification, pos ...)
+ TODO: check
+CVE-2024-40883 (Cross-site request forgery vulnerability exists in ELECOM
wireless LAN ...)
+ TODO: check
+CVE-2024-40465 (An issue in beego v.2.2.0 and before allows a remote attacker
to escal ...)
+ TODO: check
+CVE-2024-40464 (An issue in beego v.2.2.0 and before allows a remote attacker
to escal ...)
+ TODO: check
+CVE-2024-3983 (The WooCommerce Customers Manager WordPress plugin before 30.1
does no ...)
+ TODO: check
+CVE-2024-39607 (OS command injection vulnerability exists in ELECOM wireless
LAN route ...)
+ TODO: check
+CVE-2024-38490 (Dell iDRAC Service Module version 5.3.0.0 and prior, contain a
Out of ...)
+ TODO: check
+CVE-2024-38489 (Dell iDRAC Service Module version 5.3.0.0 and prior contains
Out of bo ...)
+ TODO: check
+CVE-2024-38481 (Dell iDRAC Service Module version 5.3.0.0 and prior, contain a
Out of ...)
+ TODO: check
+CVE-2024-38182 (Weak authentication in Microsoft Dynamics 365 allows an
unauthenticate ...)
+ TODO: check
+CVE-2024-34021 (Unrestricted upload of file with dangerous type vulnerability
exists i ...)
+ TODO: check
+CVE-2024-2872 (The socialdriver-framework WordPress plugin before 2024.04.30
does not ...)
+ TODO: check
+CVE-2024-2843 (The WooCommerce Customers Manager WordPress plugin before 30.1
does no ...)
+ TODO: check
+CVE-2024-2090 (The Remote Content Shortcode plugin for WordPress is vulnerable
to Ser ...)
+ TODO: check
+CVE-2024-28972 (Dell InsightIQ, Verion 5.0.0, contains a use of a broken or
risky cryp ...)
+ TODO: check
+CVE-2024-25948 (Dell iDRAC Service Module version 5.3.0.0 and prior, contain a
Out of ...)
+ TODO: check
+CVE-2024-25947 (Dell iDRAC Service Module version 5.3.0.0 and prior, contain
an Out of ...)
+ TODO: check
+CVE-2024-1747 (The WooCommerce Customers Manager WordPress plugin before 30.2
does no ...)
+ TODO: check
+CVE-2024-1715 (The AdFoxly \u2013 Ad Manager, AdSense Ads & Ads.txt plugin for
WordPr ...)
+ TODO: check
CVE-2024-7340 (The Weave server API allows remote users to fetch files from a
specifi ...)
NOT-FOR-US: Weave server
CVE-2024-7325 (A vulnerability was found in IObit Driver Booster 11.0.0.0. It
has bee ...)
@@ -77590,7 +77690,8 @@ CVE-2023-5115 (An absolute path traversal attack exists
in the Ansible automatio
NOTE: ansible-core was split off from src:ansible with 4.6.0-1 in
experimental/5.4.0-1 in sid
CVE-2023-4264 (Potential buffer overflow vulnerabilities n the Zephyr
Bluetooth subsy ...)
NOT-FOR-US: Zephyr RTOS (unrelated to src:zephyr)
-CVE-2023-4262 (Possible buffer overflow in Zephyr mgmt subsystem when asserts
are dis ...)
+CVE-2023-4262
+ REJECTED
NOT-FOR-US: Zephyr RTOS (unrelated to src:zephyr)
CVE-2023-4261
NOT-FOR-US: Zephyr RTOS (unrelated to src:zephyr)
@@ -103433,8 +103534,8 @@ CVE-2023-1579 (Heap based buffer overflow in
binutils-gdb/bfd/libbfd.c in bfd_ge
NOTE: binutils not covered by security support
CVE-2023-1578 (SQL Injection in GitHub repository pimcore/pimcore prior to
10.5.19.)
NOT-FOR-US: pimcore
-CVE-2023-1577
- RESERVED
+CVE-2023-1577 (A path hijacking vulnerability was reported in Lenovo Driver
Manager p ...)
+ TODO: check
CVE-2023-1576
REJECTED
CVE-2023-1575 (The Mega Main Menu plugin for WordPress is vulnerable to Stored
Cross- ...)
@@ -133562,12 +133663,12 @@ CVE-2022-45437 (Improper Neutralization of Input
During Web Page Generation ('Cr
NOT-FOR-US: Pandora FMS
CVE-2022-45436 (Improper Neutralization of Input During Web Page Generation
('Cross-si ...)
NOT-FOR-US: Pandora FMS
-CVE-2022-4003
- RESERVED
-CVE-2022-4002
- RESERVED
-CVE-2022-4001
- RESERVED
+CVE-2022-4003 (A denial-of-service vulnerability could allow an authenticated
user to ...)
+ TODO: check
+CVE-2022-4002 (A command injection vulnerability could allow an authenticated
user to ...)
+ TODO: check
+CVE-2022-4001 (An authentication bypass vulnerability could allow an attacker
to acce ...)
+ TODO: check
CVE-2022-4000 (The WooCommerce Shipping WordPress plugin through 1.2.11 does
not sani ...)
NOT-FOR-US: WordPress plugin
CVE-2022-3999 (The DPD Baltic Shipping WordPress plugin before 1.2.57 does not
have a ...)
@@ -399258,10 +399359,10 @@ CVE-2019-6200 (An out-of-bounds read was addressed
with improved input validatio
NOT-FOR-US: Apple
CVE-2019-6199
RESERVED
-CVE-2019-6198
- RESERVED
-CVE-2019-6197
- RESERVED
+CVE-2019-6198 (A vulnerability was reported in Lenovo PC Manager prior to
version2.8. ...)
+ TODO: check
+CVE-2019-6197 (A vulnerability was reported in Lenovo PC Manager prior to
version 2.8 ...)
+ TODO: check
CVE-2019-6196 (A symbolic link vulnerability in some Lenovo installation
packages, pr ...)
NOT-FOR-US: Lenovo
CVE-2019-6195 (An authorization bypass exists in Lenovo XClarity Controller
(XCC) ver ...)
@@ -512193,8 +512294,8 @@ CVE-2017-3774 (A stack overflow vulnerability was
discovered within the web admi
NOT-FOR-US: IBM
CVE-2017-3773
REJECTED
-CVE-2017-3772
- RESERVED
+CVE-2017-3772 (A vulnerability was reported in Lenovo PC Manager versions
prior to 2. ...)
+ TODO: check
CVE-2017-3771 (System boot process is not adequately secured In Lenovo E95 and
ThinkC ...)
NOT-FOR-US: Lenovo
CVE-2017-3770 (Privilege escalation vulnerability in LXCA versions earlier
than 1.3.2 ...)
View it on GitLab:
https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/5ec2faa134c8c71e57c88b4f54c10fb936a75cfb
--
View it on GitLab:
https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/5ec2faa134c8c71e57c88b4f54c10fb936a75cfb
You're receiving this email because of your account on salsa.debian.org.
_______________________________________________
debian-security-tracker-commits mailing list
[email protected]
https://alioth-lists.debian.net/cgi-bin/mailman/listinfo/debian-security-tracker-commits
