Salvatore Bonaccorso pushed to branch master at Debian Security Tracker /
security-tracker
Commits:
786be6a3 by security tracker role at 2024-08-19T20:12:19+00:00
automatic update
- - - - -
1 changed file:
- data/CVE/list
Changes:
=====================================
data/CVE/list
=====================================
@@ -1,3 +1,101 @@
+CVE-2024-7958
+ REJECTED
+CVE-2024-7927 (A vulnerability classified as critical was found in ZZCMS 2023.
Affect ...)
+ TODO: check
+CVE-2024-7926 (A vulnerability classified as critical has been found in ZZCMS
2023. A ...)
+ TODO: check
+CVE-2024-7925 (A vulnerability was found in ZZCMS 2023. It has been rated as
problema ...)
+ TODO: check
+CVE-2024-7924 (A vulnerability was found in ZZCMS 2023. It has been declared
as criti ...)
+ TODO: check
+CVE-2024-7922 (A vulnerability was found in D-Link DNS-120, DNR-202L,
DNS-315L, DNS-3 ...)
+ TODO: check
+CVE-2024-7592 (There is a LOW severity vulnerability affecting CPython,
specifically ...)
+ TODO: check
+CVE-2024-6348 (Predictable seed generation in the security access mechanism of
UDS in ...)
+ TODO: check
+CVE-2024-43401 (XWiki Platform is a generic wiki platform offering runtime
services fo ...)
+ TODO: check
+CVE-2024-43400 (XWiki Platform is a generic wiki platform offering runtime
services fo ...)
+ TODO: check
+CVE-2024-43399 (Mobile Security Framework (MobSF) is a pen-testing, malware
analysis a ...)
+ TODO: check
+CVE-2024-43380 (fugit contains time tools for flor and the floraison group.
The fugit ...)
+ TODO: check
+CVE-2024-43379 (TruffleHog is a secrets scanning tool. Prior to v3.81.9, this
vulnerab ...)
+ TODO: check
+CVE-2024-43372
+ REJECTED
+CVE-2024-43354 (Deserialization of Untrusted Data vulnerability in myCred
allows Objec ...)
+ TODO: check
+CVE-2024-43345 (Improper Limitation of a Pathname to a Restricted Directory
('Path Tra ...)
+ TODO: check
+CVE-2024-43328 (Improper Limitation of a Pathname to a Restricted Directory
('Path Tra ...)
+ TODO: check
+CVE-2024-43326 (Missing Authorization vulnerability in Jamie Bergen Plugin
Notes Plus ...)
+ TODO: check
+CVE-2024-43317 (Improper Neutralization of Input During Web Page Generation
(XSS or 'C ...)
+ TODO: check
+CVE-2024-43311 (Improper Privilege Management vulnerability in Geek Code Lab
Login As ...)
+ TODO: check
+CVE-2024-43281 (Improper Limitation of a Pathname to a Restricted Directory
('Path Tra ...)
+ TODO: check
+CVE-2024-43280 (URL Redirection to Untrusted Site ('Open Redirect')
vulnerability in S ...)
+ TODO: check
+CVE-2024-43272 (Missing Authentication for Critical Function vulnerability in
icegram ...)
+ TODO: check
+CVE-2024-43271 (Improper Limitation of a Pathname to a Restricted Directory
('Path Tra ...)
+ TODO: check
+CVE-2024-43261 (Improper Control of Filename for Include/Require Statement in
PHP Prog ...)
+ TODO: check
+CVE-2024-43256 (Missing Authorization vulnerability in nouthemes Leopard -
WordPress o ...)
+ TODO: check
+CVE-2024-43252 (Deserialization of Untrusted Data vulnerability in Crew HRM
allows Obj ...)
+ TODO: check
+CVE-2024-43250 (Incorrect Authorization vulnerability in Bit Apps Bit Form Pro
bitform ...)
+ TODO: check
+CVE-2024-43249 (Unrestricted Upload of File with Dangerous Type vulnerability
in Bit A ...)
+ TODO: check
+CVE-2024-43248 (Improper Limitation of a Pathname to a Restricted Directory
('Path Tra ...)
+ TODO: check
+CVE-2024-43247 (Missing Authorization vulnerability in creativeon WHMpress
allows Acce ...)
+ TODO: check
+CVE-2024-43245 (Improper Privilege Management vulnerability in eyecix
JobSearch allows ...)
+ TODO: check
+CVE-2024-43242 (Deserialization of Untrusted Data vulnerability in azzaroco
Ultimate M ...)
+ TODO: check
+CVE-2024-43240 (Improper Privilege Management vulnerability in azzaroco
Ultimate Membe ...)
+ TODO: check
+CVE-2024-43236 (URL Redirection to Untrusted Site ('Open Redirect')
vulnerability in S ...)
+ TODO: check
+CVE-2024-43232 (Improper Limitation of a Pathname to a Restricted Directory
('Path Tra ...)
+ TODO: check
+CVE-2024-43221 (Improper Limitation of a Pathname to a Restricted Directory
('Path Tra ...)
+ TODO: check
+CVE-2024-42815 (In the TP-Link RE365 V1_180213, there is a buffer overflow
vulnerabili ...)
+ TODO: check
+CVE-2024-42813 (In TRENDnet TEW-752DRU FW1.03B01, there is a buffer overflow
vulnerabi ...)
+ TODO: check
+CVE-2024-42812 (In D-Link DIR-860L v2.03, there is a buffer overflow
vulnerability due ...)
+ TODO: check
+CVE-2024-42675
+ REJECTED
+CVE-2024-42658 (An issue in wishnet Nepstech Wifi Router NTPL-XPON1GFEVN v1.0
allows a ...)
+ TODO: check
+CVE-2024-42657 (An issue in wishnet Nepstech Wifi Router NTPL-XPON1GFEVN v1.0
allows a ...)
+ TODO: check
+CVE-2024-42633 (A Command Injection vulnerability exists in the
do_upgrade_post functi ...)
+ TODO: check
+CVE-2024-39306
+ REJECTED
+CVE-2024-37099 (Deserialization of Untrusted Data vulnerability in Liquid Web
GiveWP a ...)
+ TODO: check
+CVE-2024-32928 (The libcurl CURLOPT_SSL_VERIFYPEER option was disabled on a
subset of ...)
+ TODO: check
+CVE-2024-32927 (In sendDeviceState_1_6 of RadioExt.cpp, there is a possible
use after ...)
+ TODO: check
+CVE-2024-23729 (The ColorOS Internet Browser com.heytap.browser application
45.10.3.4. ...)
+ TODO: check
CVE-2024-7921 (A vulnerability has been found in Anhui Deshun Intelligent
Technology ...)
NOT-FOR-US: Anhui Deshun Intelligent Technology Jieshun JieLink+
JSOTC2016
CVE-2024-7920 (A vulnerability, which was classified as problematic, was found
in Anh ...)
@@ -942,7 +1040,7 @@ CVE-2024-27729 (Cross Site Scripting vulnerability in
Friendica v.2023.12 allows
NOT-FOR-US: Friendica
CVE-2024-27728 (Cross Site Scripting vulnerability in Friendica v.2023.12
allows a rem ...)
NOT-FOR-US: Friendica
-CVE-2024-25633 (eLabFTW is an open source electronic lab notebook for research
labs. ...)
+CVE-2024-25633 (eLabFTW is an open source electronic lab notebook for research
labs. I ...)
NOT-FOR-US: eLabFTW
CVE-2024-23168 (Vulnerability in Xiexe XSOverlay before build 647 allows
non-local web ...)
NOT-FOR-US: Xiexe XSOverlay
@@ -4198,7 +4296,7 @@ CVE-2024-7306 (A vulnerability, which was classified as
critical, was found in S
NOT-FOR-US: SourceCodester Establishment Billing Management System
CVE-2024-7303 (A vulnerability was found in itsourcecode Online Blood Bank
Management ...)
NOT-FOR-US: itsourcecode Online Blood Bank Management System
-CVE-2024-7300 (** UNSUPPORTED WHEN ASSIGNED ** A vulnerability classified as
problema ...)
+CVE-2024-7300 (A vulnerability classified as problematic has been found in
Bolt CMS 3 ...)
NOT-FOR-US: Bolt CMS
CVE-2024-7299 (** UNSUPPORTED WHEN ASSIGNED ** A vulnerability was found in
Bolt CMS ...)
NOT-FOR-US: Bolt CMS
@@ -12773,6 +12871,7 @@ CVE-2024-38952 (PX4-Autopilot v1.14.3 was discovered to
contain a buffer overflo
CVE-2024-38951 (A buffer overflow in PX4-Autopilot v1.12.3 allows attackers to
cause a ...)
NOT-FOR-US: PX4-Autopilot
CVE-2024-37894 (Squid is a caching proxy for the Web supporting HTTP, HTTPS,
FTP, and ...)
+ {DSA-5751-1}
- squid 6.10-1 (bug #1074284)
NOTE:
https://github.com/squid-cache/squid/commit/920563e7a080155fae3ced73d6198781e8b0ff04
(master)
NOTE:
https://github.com/squid-cache/squid/commit/67f5496f7b72e698ad0f5aa3512c83089424f27f
(v6)
@@ -133198,7 +133297,7 @@ CVE-2022-4427 (Improper Input Validation
vulnerability in OTRS AG OTRS, OTRS AG
CVE-2022-4426 (The Mautic Integration for WooCommerce WordPress plugin before
1.0.3 d ...)
NOT-FOR-US: WordPress plugin
CVE-2022-4425
- RESERVED
+ REJECTED
CVE-2022-4424
RESERVED
CVE-2022-4423
@@ -133259,7 +133358,7 @@ CVE-2022-4413 (Cross-site Scripting (XSS) - Reflected
in GitHub repository nuxt/
CVE-2022-4412
RESERVED
CVE-2022-4411
- RESERVED
+ REJECTED
CVE-2022-4410 (The Permalink Manager Lite plugin for WordPress is vulnerable
to Store ...)
NOT-FOR-US: Permalink Manager Lite plugin for WordPress
CVE-2022-4409 (Sensitive Cookie in HTTPS Session Without 'Secure' Attribute in
GitHub ...)
@@ -133273,7 +133372,7 @@ CVE-2022-4406
CVE-2022-4405
REJECTED
CVE-2022-4404
- RESERVED
+ REJECTED
CVE-2022-4403 (A vulnerability classified as critical was found in
SourceCodester Can ...)
NOT-FOR-US: SourceCodester Canteen Management System
CVE-2022-4402 (A vulnerability classified as critical has been found in
RainyGao DocS ...)
@@ -185193,7 +185292,7 @@ CVE-2022-1444 (heap-use-after-free in GitHub
repository radareorg/radare2 prior
NOTE: https://huntr.dev/bounties/b438a940-f8a4-4872-b030-59bdd1ab72aa
NOTE:
https://github.com/radareorg/radare2/commit/14189710859c27981adb4c2c2aed2863c1859ec5
CVE-2022-1443
- RESERVED
+ REJECTED
CVE-2022-1442 (The Metform WordPress plugin is vulnerable to sensitive
information di ...)
NOT-FOR-US: WordPress plugin
CVE-2022-29598 (Solutions Atlantic Regulatory Reporting System (RRS) v500 is
vulnerabl ...)
View it on GitLab:
https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/786be6a3fc5f42e4899fb9a4eaf17604bd1c539f
--
View it on GitLab:
https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/786be6a3fc5f42e4899fb9a4eaf17604bd1c539f
You're receiving this email because of your account on salsa.debian.org.
_______________________________________________
debian-security-tracker-commits mailing list
[email protected]
https://alioth-lists.debian.net/cgi-bin/mailman/listinfo/debian-security-tracker-commits
